Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
CISCO sur FNAC.COM
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
Click the links on the left to view the individual chapters in HTML format.
Voir ιgalement d'autres Guide CISCO :
Cisco-Security-Appliance-Command-Line-ASA-5500-version-7-2
Cisco-Introduction-to-the-Security-Appliance
Cisco-ASR-9000-Series-Aggregation-Configuration-Guide-Release-4-2-x
Cisco-IOS-XR-Carrier-Grade-NAT-Configuration-Guide-for-the-Cisco-CRS-Router-Release-4-2-x
Cisco-ASR-9000-Series-Aggregation-Services-Router-Interface-and-Hardware-Component-Configuration-Guide-Release-4-2-x
Cisco-ASR-9000-Series-Aggregation-Services-Router-IP-Addresses-and-Services-Configuration-Guide-Release-4-2-x
Cisco-ASR-9000-Series-Aggregation-Services-Router-L2VPN-et-services-Ethernet-Configuration-Guide-version-4-2-x
Cisco ASR 9000 Series Aggregation Services Router Routing
Configuration Guide, Release 4.2.x
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-26048-02THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown
for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2012 Cisco Systems, Inc. All rights reserved.C O N T E N T S
P r e f a c e Preface xxi
Changes to This Document xxi
Obtaining Documentation and Submitting a Service Request xxi
C H A P T E R 1 Implementing BGP on Cisco ASR 9000 Series Router 1
Prerequisites for Implementing BGP 2
Information About Implementing BGP 3
BGP Functional Overview 3
BGP Router Identifier 3
BGP Default Limits 4
BGP Next Hop Tracking 4
Scoped IPv4/VPNv4 Table Walk 6
Reordered Address Family Processing 6
New Thread for Next-Hop Processing 6
show, clear, and debug Commands 6
Autonomous System Number Formats in BGP 7
2-byte Autonomous System Number Format 7
4-byte Autonomous System Number Format 7
as-format Command 7
BGP Configuration 7
Configuration Modes 7
Router Configuration Mode 8
Router Address Family Configuration Mode 8
Neighbor Configuration Mode 8
Neighbor Address Family Configuration Mode 8
VRF Configuration Mode 8
VRF Address Family Configuration Mode 8
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 iiiVRF Neighbor Configuration Mode 9
VRF Neighbor Address Family Configuration Mode 9
VPNv4 Address Family Configuration Mode 9
L2VPN Address Family Configuration Mode 9
Neighbor Submode 9
Configuration Templates 10
Template Inheritance Rules 12
Viewing Inherited Configurations 15
show bgp neighbors 15
show bgp af-group 16
show bgp session-group 18
show bgp neighbor-group 18
No Default Address Family 20
Routing Policy Enforcement 20
Table Policy 22
Update Groups 22
BGP Update Generation and Update Groups 23
BGP Update Group 23
BGP Cost Community 23
How BGP Cost Community Influences the Best Path Selection Process 23
Cost Community Support for Aggregate Routes and Multipaths 24
Influencing Route Preference in a Multiexit IGP Network 26
BGP Cost Community Support for EIGRP MPLS VPN PE-CE with Back-door
Links 26
Adding Routes to the Routing Information Base 27
BGP Best Path Algorithm 28
Comparing Pairs of Paths 28
Order of Comparisons 30
Best Path Change Suppression 31
Administrative Distance 31
Multiprotocol BGP 33
Route Dampening 35
Minimizing Flapping 36
BGP Routing Domain Confederation 36
BGP Route Reflectors 36
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
iv OL-26048-02
ContentsDefault Address Family for show Commands 40
Distributed BGP 40
MPLS VPN Carrier Supporting Carrier 41
BGP Keychains 42
BGP Nonstop Routing 42
BGP Prefix Independent Convergence Unipath Primary/Backup 43
BGP Local Label Retention 44
Command Line Interface (CLI) Consistency for BGP Commands 44
BGP Additional Paths 44
iBGP Multipath Load Sharing 45
Accumulated Interior Gateway Protocol Attribute 45
Per VRF and Per CE Label for IPv6 Provider Edge 46
IPv4 BGP-Policy Accounting on Cisco ASR 9000's A9K-SIP-700 46
IPv6 Unicast Routing on Cisco ASR 9000's A9K-SIP-700 46
IPv6 uRPF Support on Cisco ASR 9000's A9K-SIP-700 47
Remove and Replace Private AS Numbers from AS Path in BGP 47
Selective VRF Download 48
Line Card Roles and Filters 48
BGP DMZ Link Bandwidth for Unequal Cost Recursive Load Balancing 49
BFD Multihop Support for BGP 49
BGP Multi-Instance/Multi-AS Support 49
BGP Prefix Origin Validation Based on RPKI 49
BGP 3107 PIC Updates for Global Prefixes 50
BGP Prefix Independent Convergence for RIB and FIB 51
How to Implement BGP on Cisco IOS XR Software 51
Enabling BGP Routing 51
Configuring a Routing Domain Confederation for BGP 55
Resetting an eBGP Session Immediately Upon Link Failure 57
Logging Neighbor Changes 57
Adjusting BGP Timers 57
Changing the BGP Default Local Preference Value 59
Configuring the MED Metric for BGP 60
Configuring BGP Weights 62
Tuning the BGP Best-Path Calculation 64
Indicating BGP Back-door Routes 66
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 v
ContentsConfiguring Aggregate Addresses 67
Redistributing iBGP Routes into IGP 69
Redistributing Prefixes into Multiprotocol BGP 71
Configuring BGP Route Dampening 73
Applying Policy When Updating the Routing Table 78
Setting BGP Administrative Distance 80
Configuring a BGP Neighbor Group and Neighbors 82
Configuring a Route Reflector for BGP 85
Configuring BGP Route Filtering by Route Policy 87
Configuring BGP Next-Hop Trigger Delay 89
Disabling Next-Hop Processing on BGP Updates 91
Configuring BGP Community and Extended-Community Advertisements 93
Configuring the BGP Cost Community 95
Configuring Software to Store Updates from a Neighbor 99
Configuring Distributed BGP 101
Configuring a VPN Routing and Forwarding Instance in BGP 104
Defining the Virtual Routing and Forwarding Tables in Provider Edge Routers 104
Configuring the Route Distinguisher 106
Configuring PE-PE or PE-RR Interior BGP Sessions 108
Configuring Route Reflector to Hold Routes That Have a Defined Set of RT
Communities 111
Configuring BGP as a PE-CE Protocol 113
Redistribution of IGPs to BGP 118
Configuring Keychains for BGP 121
Disabling a BGP Neighbor 123
Resetting Neighbors Using BGP Inbound Soft Reset 124
Resetting Neighbors Using BGP Outbound Soft Reset 125
Resetting Neighbors Using BGP Hard Reset 126
Clearing Caches, Tables, and Databases 127
Displaying System and Network Statistics 128
Displaying BGP Process Information 129
Monitoring BGP Update Groups 131
Configuring BGP Nonstop Routing 132
Installing Primary Backup Path for Prefix Independent Convergence (PIC) 133
Retaining Allocated Local Label for Primary Path 135
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
vi OL-26048-02
ContentsConfiguring BGP Additional Paths 137
Configuring iBGP Multipath Load Sharing 139
Originating Prefixes with AiGP 141
Enabling BGP Unequal Cost Recursive Load Balancing 143
Configuring RPKI Cache 146
Configuring RPKI Prefix Validation 149
Configuring RPKI Bestpath Computation 150
Configuration Examples for Implementing BGP 152
Enabling BGP: Example 152
Displaying BGP Update Groups: Example 153
BGP Neighbor Configuration: Example 154
BGP Confederation: Example 155
BGP Route Reflector: Example 157
BGP Nonstop Routing Configuration: Example 157
Primary Backup Path Installation: Example 157
Allocated Local Label Retention: Example 157
iBGP Multipath Loadsharing Configuration: Example 158
Configuring BGP Additional Paths: Example 158
Originating Prefixes With AiGP: Example 158
BGP Unequal Cost Recursive Load Balancing: Example 159
Where to Go Next 161
Additional References 161
C H A P T E R 2 Implementing EIGRP on Cisco ASR 9000 Series Router 165
Prerequisites for Implementing EIGRP 166
Restrictions for Implementing EIGRP 166
Information About Implementing EIGRP 166
EIGRP Functional Overview 166
EIGRP Features 167
EIGRP Components 167
EIGRP Configuration Grouping 168
EIGRP Configuration Modes 168
EIGRP Interfaces 169
Redistribution for an EIGRP Process 169
Metric Weights for EIGRP Routing 170
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 vii
ContentsMismatched K Values 170
Goodbye Message 171
Percentage of Link Bandwidth Used for EIGRP Packets 171
Floating Summary Routes for an EIGRP Process 171
Split Horizon for an EIGRP Process 173
Adjustment of Hello Interval and Hold Time for an EIGRP Process 174
Stub Routing for an EIGRP Process 174
Route Policy Options for an EIGRP Process 175
EIGRP Layer 3 VPN PE-CE Site-of-Origin 176
Router Interoperation with the Site-of-Origin Extended Community 176
EIGRP v4/v6 Authentication Using Keychain 177
How to Implement EIGRP 177
Enabling EIGRP Routing 177
Configuring Route Summarization for an EIGRP Process 180
Redistributing Routes for EIGRP 182
Creating a Route Policy and Attaching It to an EIGRP Process 184
Configuring Stub Routing for an EIGRP Process 187
Configuring EIGRP as a PE-CE Protocol 189
Redistributing BGP Routes into EIGRP 192
Monitoring EIGRP Routing 194
Configuring an EIGRP Authentication Keychain 197
Configuring an Authentication Keychain for an IPv4/IPv6 Interface on a Default
VRF 198
Configuring an Authentication Keychain for an IPv4/IPv6 Interface on a Nondefault
VRF 199
Configuration Examples for Implementing EIGRP 201
Configuring a Basic EIGRP Configuration: Example 201
Configuring an EIGRP Stub Operation: Example 202
Configuring an EIGRP PE-CE Configuration with Prefix-Limits: Example 202
Configuring an EIGRP Authentication Keychain: Example 203
Additional References 203
C H A P T E R 3 Implementing IS-IS on Cisco ASR 9000 Series Router 205
Prerequisites for Implementing IS-IS 206
Restrictions for Implementing IS-IS 206
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
viii OL-26048-02
ContentsInformation About Implementing IS-IS 206
IS-IS Functional Overview 206
Key Features Supported in the Cisco IOS XR IS-IS Implementation 207
IS-IS Configuration Grouping 207
IS-IS Configuration Modes 207
Router Configuration Mode 207
Router Address Family Configuration Mode 208
Interface Configuration Mode 208
Interface Address Family Configuration Mode 208
IS-IS Interfaces 208
Multitopology Configuration 209
IPv6 Routing and Configuring IPv6 Addressing 209
Limit LSP Flooding 209
Flood Blocking on Specific Interfaces 209
Mesh Group Configuration 210
Maximum LSP Lifetime and Refresh Interval 210
Single-Topology IPv6 Support 210
Multitopology IPv6 Support 210
IS-IS Authentication 210
Nonstop Forwarding 211
Multi-Instance IS-IS 212
Multiprotocol Label Switching Traffic Engineering 212
Overload Bit on Router 212
Overload Bit Configuration During Multitopology Operation 213
IS-IS Overload Bit Avoidance 213
Default Routes 213
Attached Bit on an IS-IS Instance 214
IS-IS Support for Route Tags 214
Multicast-Intact Feature 214
Multicast Topology Support Using IS-IS 215
MPLS Label Distribution Protocol IGP Synchronization 215
MPLS LDP-IGP Synchronization Compatibility with LDP Graceful Restart 215
MPLS LDP-IGP Synchronization Compatibility with IGP Nonstop Forwarding 216
Label Distribution Protocol IGP Auto-configuration 216
MPLS TE Forwarding Adjacency 216
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 ix
ContentsMPLS TE Interarea Tunnels 216
IP Fast Reroute 217
How to Implement IS-IS 217
Enabling IS-IS and Configuring Level 1 or Level 2 Routing 217
Configuring Single Topology for IS-IS 219
Configuring Multitopology Routing 225
Restrictions for Configuring Multitopology Routing 225
Information About Multitopology Routing 225
Configuring a Global Topology and Associating It with an Interface 225
Enabling an IS-IS Topology 227
Placing an Interface in a Topology in IS-IS 229
Configuring a Routing Policy 230
Configuring Multitopology for IS-IS 232
Controlling LSP Flooding for IS-IS 232
Configuring Nonstop Forwarding for IS-IS 236
Configuring Authentication for IS-IS 239
Configuring Keychains for IS-IS 241
Configuring MPLS Traffic Engineering for IS-IS 243
Tuning Adjacencies for IS-IS 246
Setting SPF Interval for a Single-Topology IPv4 and IPv6 Configuration 249
Customizing Routes for IS-IS 252
Configuring MPLS LDP IS-IS Synchronization 255
Enabling Multicast-Intact 256
Tagging IS-IS Interface Routes 258
Setting the Priority for Adding Prefixes to the RIB 260
Configuring IP/LDP Fast Reroute 262
Configuring IS-IS Overload Bit Avoidance 266
Configuration Examples for Implementing IS-IS 266
Configuring Single-Topology IS-IS for IPv6: Example 267
Configuring Multitopology IS-IS for IPv6: Example 267
Redistributing IS-IS Routes Between Multiple Instances: Example 267
Tagging Routes: Example 268
Configuring IS-IS Overload Bit Avoidance: Example 268
Where to Go Next 269
Additional References 269
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
x OL-26048-02
ContentsC H A P T E R 4 Implementing OSPF on Cisco ASR 9000 Series Router 273
Prerequisites for Implementing OSPF 274
Information About Implementing OSPF 274
OSPF Functional Overview 275
Key Features Supported in the Cisco IOS XR Software OSPF Implementation 276
Comparison of Cisco IOS XR Software OSPFv3 and OSPFv2 276
OSPF Hierarchical CLI and CLI Inheritance 277
OSPF Routing Components 277
Autonomous Systems 278
Areas 278
Backbone Area 279
Stub Area 279
Not-so-Stubby Area 279
Routers 279
Area Border Routers 279
Autonomous System Boundary Routers (ASBR) 280
Interior Routers 280
OSPF Process and Router ID 280
Supported OSPF Network Types 281
Route Authentication Methods for OSPF 281
Plain Text Authentication 281
MD5 Authentication 281
Authentication Strategies 281
Key Rollover 282
Neighbors and Adjacency for OSPF 282
Designated Router (DR) for OSPF 282
Default Route for OSPF 282
Link-State Advertisement Types for OSPF Version 2 283
Link-State Advertisement Types for OSPFv3 283
Virtual Link and Transit Area for OSPF 285
OSPFv2 Sham Link Support for MPLS VPN 285
OSPF SPF Prefix Prioritization 287
Route Redistribution for OSPF 289
OSPF Shortest Path First Throttling 289
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 xi
ContentsNonstop Forwarding for OSPF Version 2 290
Graceful Restart for OSPFv3 290
Modes of Graceful Restart Operation 291
Restart Mode 291
Helper Mode 291
Graceful Restart Requirements and Restrictions 292
Warm Standby and Nonstop Routing for OSPF Version 2 293
Warm Standby for OSPF Version 3 293
Multicast-Intact Support for OSPF 293
Load Balancing in OSPF Version 2 and OSPFv3 294
Multi-Area Adjacency for OSPF Version 2 294
Label Distribution Protocol IGP Auto-configuration for OSPF 295
OSPF Authentication Message Digest Management 295
GTSM TTL Security Mechanism for OSPF 296
Path Computation Element for OSPFv2 296
OSPF IP Fast Reroute Loop Free Alternate 296
Management Information Base (MIB) for OSPFv3 297
How to Implement OSPF 297
Enabling OSPF 297
Configuring Stub and Not-So-Stubby Area Types 300
Configuring Neighbors for Nonbroadcast Networks 303
Configuring Authentication at Different Hierarchical Levels for OSPF Version 2 308
Controlling the Frequency That the Same LSA Is Originated or Accepted for OSPF 312
Creating a Virtual Link with MD5 Authentication to Area 0 for OSPF 314
Examples 318
Summarizing Subnetwork LSAs on an OSPF ABR 319
Redistributing Routes from One IGP into OSPF 321
Configuring OSPF Shortest Path First Throttling 324
Examples 327
Configuring Nonstop Forwarding Specific to Cisco for OSPF Version 2 327
Configuring OSPF Version 2 for MPLS Traffic Engineering 330
Examples 333
Configuring OSPFv3 Graceful Restart 334
Displaying Information About Graceful Restart 336
Configuring an OSPFv2 Sham Link 337
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
xii OL-26048-02
ContentsEnabling Nonstop Routing for OSPFv2 341
Enabling Nonstop Routing for OSPFv3 342
Configuring OSPF SPF Prefix Prioritization 343
Enabling Multicast-intact for OSPFv2 346
Associating Interfaces to a VRF 347
Configuring OSPF as a Provider Edge to Customer Edge (PE-CE) Protocol 349
Creating Multiple OSPF Instances (OSPF Process and a VRF) 352
Configuring Multi-area Adjacency 354
Configuring Label Distribution Protocol IGP Auto-configuration for OSPF 356
Configuring LDP IGP Synchronization: OSPF 358
Configuring Authentication Message Digest Management for OSPF 359
Examples 361
Configuring Generalized TTL Security Mechanism (GTSM) for OSPF 363
Examples 365
Verifying OSPF Configuration and Operation 366
Configuring IP Fast Reroute Loop-free Alternate 368
Enabling IPFRR LFA 368
Excluding an Interface From IP Fast Reroute Per-link Computation 370
Configuration Examples for Implementing OSPF 371
Cisco IOS XR Software for OSPF Version 2 Configuration: Example 371
CLI Inheritance and Precedence for OSPF Version 2: Example 372
MPLS TE for OSPF Version 2: Example 373
ABR with Summarization for OSPFv3: Example 374
ABR Stub Area for OSPFv3: Example 374
ABR Totally Stub Area for OSPFv3: Example 374
Configuring OSPF SPF Prefix Prioritization: Example 374
Route Redistribution for OSPFv3: Example 375
Virtual Link Configured Through Area 1 for OSPFv3: Example 376
Virtual Link Configured with MD5 Authentication for OSPF Version 2: Example 376
VPN Backbone and Sham Link Configured for OSPF Version 2: Example 377
Where to Go Next 378
Additional References 378
C H A P T E R 5 Implementing and Monitoring RIB on Cisco ASR 9000 Series Router 381
Prerequisites for Implementing RIB 382
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 xiii
ContentsInformation About RIB Configuration 382
Overview of RIB 382
RIB Data Structures in BGP and Other Protocols 382
RIB Administrative Distance 383
RIB Support for IPv4 and IPv6 383
RIB Statistics 384
IPv6 Provider Edge IPv6 and IPv6 VPN Provider Edge Transport over MPLS 384
RIB Quarantining 384
Route and Label Consistency Checker (RCC and LCC) 385
System-wide Route Prioritization for IOS XR Software 386
How to Deploy and Monitor RIB 386
Verifying RIB Configuration Using the Routing Table 386
Verifying Networking and Routing Problems 387
Disabling RIB Next-hop Dampening 389
Configuring RCC and LCC 390
Enabling RCC and LCC On-demand Scan 390
Enabling RCC and LCC Background Scan 391
Configuration Examples for RIB Monitoring 393
Output of show route Command: Example 394
Output of show route backup Command: Example 394
Output of show route best-local Command: Example 394
Output of show route connected Command: Example 395
Output of show route local Command: Example 395
Output of show route longer-prefixes Command: Example 395
Output of show route next-hop Command: Example 395
Enabling RCC and LCC: Example 396
Where to Go Next 396
Additional References 397
C H A P T E R 6 Implementing RIP on Cisco ASR 9000 Series Router 399
Prerequisites for Implementing RIP 400
Information About Implementing RIP 400
RIP Functional Overview 400
Split Horizon for RIP 401
Route Timers for RIP 401
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
xiv OL-26048-02
ContentsRoute Redistribution for RIP 401
Default Administrative Distances for RIP 402
Routing Policy Options for RIP 403
Authentication Using Keychain in RIP 403
In-bound RIP Traffic on an Interface 404
Out-bound RIP Traffic on an Interface 405
How to Implement RIP 405
Enabling RIP 405
Customizing RIP 407
Control Routing Information 410
Creating a Route Policy for RIP 413
Configuring RIP Authentication Keychain 415
Configuring RIP Authentication Keychain for IPv4 Interface on a Non-default VRF 415
Configuring RIP Authentication Keychain for IPv4 Interface on Default VRF 417
Configuration Examples for Implementing RIP 419
Configuring a Basic RIP Configuration: Example 419
Configuring RIP on the Provider Edge: Example 420
Adjusting RIP Timers for each VRF Instance: Example 420
Configuring Redistribution for RIP: Example 421
Configuring Route Policies for RIP: Example 421
Configuring Passive Interfaces and Explicit Neighbors for RIP: Example 422
Controlling RIP Routes: Example 422
Configuring RIP Authentication Keychain: Example 422
Additional References 423
C H A P T E R 7 Implementing Routing Policy on Cisco ASR 9000 Series Router 425
Prerequisites for Implementing Routing Policy 426
Restrictions for Implementing Routing Policy 426
Information About Implementing Routing Policy 427
Routing Policy Language 427
Routing Policy Language Overview 427
Routing Policy Language Structure 427
Names 428
Sets 428
as-path-set 429
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 xv
Contentscommunity-set 430
extcommunity-set 431
prefix-set 434
Enhanced Prefix-length Manipulation 435
rd-set 435
Routing Policy Language Components 436
Routing Policy Language Usage 436
Routing Policy Configuration Basics 438
Policy Definitions 438
Parameterization 439
Parameterization at Attach Points 440
Global Parameterization 441
Semantics of Policy Application 441
Boolean Operator Precedence 441
Multiple Modifications of the Same Attribute 442
When Attributes Are Modified 443
Default Drop Disposition 443
Control Flow 443
Policy Verification 444
Range Checking 444
Incomplete Policy and Set References 444
Attached Policy Modification 445
Verification of Attribute Comparisons and Actions 445
Policy Statements 445
Remark 446
Disposition 446
Action 448
If 448
Boolean Conditions 449
apply 450
Attach Points 450
BGP Policy Attach Points 451
Aggregation 451
Dampening 452
Default Originate 453
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
xvi OL-26048-02
ContentsNeighbor Export 453
Neighbor Import 454
Network 454
Redistribute 454
Show BGP 455
Table Policy 456
Import 457
Export 457
Retain Route-Target 458
Allocate-Label 459
Neighbor-ORF 459
Next-hop 460
Clear-Policy 460
Debug 460
BGP Attributes and Operators 461
OSPF Policy Attach Points 475
Default-Information Originate 475
Redistribute 475
Area-in 476
Area-out 476
OSPF Attributes and Operators 477
OSPFv3 Policy Attach Points 478
Default-Information Originate 478
Redistribute 478
OSPFv3 Attributes and Operators 479
IS-IS Policy Attach Points 479
Redistribute 479
Default-Information Originate 480
Inter-area-propagate 480
IS-IS Attributes and Operators 480
EIGRP Policy Attach Points 481
Default-Accept-In 481
Default-Accept-Out 482
Policy-In 482
Policy-Out 482
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 xvii
ContentsIf-Policy-In 483
If-Policy-Out 483
Redistribute 483
EIGRP Attributes and Operators 483
RIP Policy Attach Points 485
Default-Information Originate 485
Redistribute 485
Global-Inbound 486
Global-Outbound 486
Interface-Inbound 486
Interface-Outbound 486
RIP Attributes and Operators 486
PIM Policy Attach Points 488
Attached Policy Modification 488
Nonattached Policy Modification 488
Editing Routing Policy Configuration Elements 488
Editing Routing Policy Configuration Elements Using the Nano Editor 489
Editing Routing Policy Configuration Elements Using the Emacs Editor 489
Editing Routing Policy Configuration Elements Using the Vim Editor 490
Editing Routing Policy Configuration Elements Using the CLI 490
Editing Routing Policy Language set elements Using XML 490
Hierarchical Conditions 491
Apply Condition Policies 491
Nested Wildcard Apply Policy 492
How to Implement Routing Policy 492
Defining a Route Policy 492
Attaching a Routing Policy to a BGP Neighbor 494
Modifying a Routing Policy Using a Text Editor 496
Configuration Examples for Implementing Routing Policy 497
Routing Policy Definition: Example 497
Simple Inbound Policy: Example 497
Modular Inbound Policy: Example 498
Additional References 499
C H A P T E R 8 Implementing Static Routes on Cisco ASR 9000 Series Router 501
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
xviii OL-26048-02
ContentsPrerequisites for Implementing Static Routes 502
Information About Implementing Static Routes 502
Static Route Functional Overview 502
Default Administrative Distance 502
Directly Connected Routes 503
Recursive Static Routes 503
Fully Specified Static Routes 504
Floating Static Routes 504
Default VRF 504
IPv4 and IPv6 Static VRF Routes 504
Dynamic ECMP Support for IGP Prefixes 505
How to Implement Static Routes 505
Configuring a Static Route 505
Configuring a Floating Static Route 507
Configuring Static Routes Between PE-CE Routers 508
Changing the Maximum Number of Allowable Static Routes 510
Associating a VRF with a Static Route 512
Enabling Object Tracking for Static Routes 514
Configuration Examples 516
Configuring Traffic Discard: Example 516
Configuring a Fixed Default Route: Example 516
Configuring a Floating Static Route: Example 516
Configuring a Static Route Between PE-CE Routers: Example 516
Additional References 517
C H A P T E R 9 Implementing RCMD on Cisco ASR 9000 Series Router 519
Route Convergence Monitoring and Diagnostics 519
Configuring Route Convergence Monitoring and Diagnostics 520
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 xix
Contents Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
xx OL-26048-02
ContentsPreface
The Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide preface contains
these sections:
Changes to This Document, page xxi
Obtaining Documentation and Submitting a Service Request, page xxi
Changes to This Document
This table lists the technical changes made to this document since it was first printed.
Table 1: Changes to This Document
Revision Date Change Summary
Republished with documentation
updates for Cisco IOS XR Release
4.2.1 features.
OL-26048-02 June, 2012
OL-26048-01 December, 2011 Initial release of this document.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation,submitting a service request, and gathering additional information,
see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco
technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 xxi Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
xxii OL-26048-02
Preface
Obtaining Documentation and Submitting a Service RequestC H A P T E R 1
Implementing BGP on Cisco ASR 9000 Series
Router
Border Gateway Protocol (BGP) is an Exterior Gateway Protocol (EGP) that allows you to create loop-free
interdomain routing between autonomous systems. An autonomous system is a set of routers under a single
technical administration. Routers in an autonomous system can use multiple Interior Gateway Protocols
(IGPs) to exchange routing information inside the autonomous system and an EGP to route packets outside
the autonomous system.
This module provides the conceptual and configuration information for BGP on Cisco IOS XR software.
For more information about BGP and complete descriptions of the BGP commands listed in this module,
see Related Documents, on page 161 section of this module. To locate documentation for other commands
that might appear while performing a configuration task, search online in the Cisco ASR 9000 Series
Router software master command index.
Note
Feature History for Implementing BGP
Release Modification
Release 3.7.2 This feature was introduced.
The following features were supported:
BGP Prefix Independent Convergence Unipath Primary
Backup
BGP Local Label Retention
Asplain notation for 4-byte Autonomous System Number
BGP Nonstop Routing
Command Line Interface (CLI) consistency for BGP
commands
L2VPN Address Family Configuration Mode
Release 3.9.0
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 1Release Modification
The following features were supported:
BGP Add Path Advertisement
Accumulated iGP (AiGP)
Pre-route
IPv4 BGP-Policy Accounting
IPv6 uRPF
Release 4.0.0
Release 4.1.0 Support for 5000 BGP NSR sessions was added
BGP DMZ Link Bandwidth for Unequal Cost Recursive Load
Balancing feature was added
Release 4.1.1
The following features were supported:
Selective VRF Download
BGP Multi-Instance/Multi-AS
BFD Multihop Support for BGP
Release 4.2.0
The following features were supported:
BGP 3107 PIC Updates for Global Prefixes
BGP Prefix Independent Convergence for RIB and FIB
BGP Prefix Origin Validation Based on RPKI
Release 4.2.1
Prerequisites for Implementing BGP, page 2
Information About Implementing BGP, page 3
How to Implement BGP on Cisco IOS XR Software, page 51
Configuration Examples for Implementing BGP, page 152
Where to Go Next, page 161
Additional References, page 161
Prerequisites for Implementing BGP
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment is
preventing you from using a command, contact your AAA administrator for assistance.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
2 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Prerequisites for Implementing BGPInformation About Implementing BGP
To implement BGP, you need to understand the following concepts:
BGP Functional Overview
BGP uses TCP as its transport protocol. Two BGP routers form a TCP connection between one another (peer
routers) and exchange messages to open and confirm the connection parameters.
BGP routers exchange network reachability information. This information is mainly an indication of the full
paths (BGP autonomous system numbers) that a route should take to reach the destination network. This
information helps construct a graph that shows which autonomous systems are loop free and where routing
policies can be applied to enforce restrictions on routing behavior.
Any two routersforming a TCP connection to exchange BGP routing information are called peers or neighbors.
BGP peers initially exchange their full BGP routing tables. After this exchange, incremental updates are sent
as the routing table changes. BGP keeps a version number of the BGP table, which is the same for all of its
BGP peers. The version number changes whenever BGP updatesthe table due to routing information changes.
Keepalive packets are sent to ensure that the connection is alive between the BGP peers and notification
packets are sent in response to error or special conditions.
For information on configuring BGP to distribute Multiprotocol Label Switching (MPLS) Layer 3 virtual
private network (VPN) information, see the Cisco ASR 9000 Series Aggregation Services Router MPLS
Configuration Guide
For information on BGP support for Bidirectional Forwarding Detection (BFD), see the
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Configuration Guide and
the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Command Reference.
Note
BGP Router Identifier
For BGP sessions between neighbors to be established, BGP must be assigned a router ID. The router ID is
sent to BGP peers in the OPEN message when a BGP session is established.
BGP attempts to obtain a router ID in the following ways (in order of preference):
By means of the address configured using the bgp router-id command in router configuration mode.
By using the highest IPv4 address on a loopback interface in the system if the router is booted with saved
loopback address configuration.
By using the primary IPv4 address of the first loopback address that gets configured if there are not any
in the saved configuration.
If none of these methodsfor obtaining a router ID succeeds, BGP does not have a router ID and cannot establish
any peering sessions with BGP neighbors. In such an instance, an error message is entered in the system log,
and the show bgp summary command displays a router ID of 0.0.0.0.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 3
Implementing BGP on Cisco ASR 9000 Series Router
Information About Implementing BGPAfter BGP has obtained a router ID, it continues to use it even if a better router ID becomes available. This
usage avoids unnecessary flapping for all BGP sessions. However, if the router ID currently in use becomes
invalid (because the interface goes down or its configuration is changed), BGP selects a new router ID (using
the rules described) and all established peering sessions are reset.
We strongly recommend that the bgp router-id command is configured to prevent unnecessary changes
to the router ID (and consequent flapping of BGP sessions).
Note
BGP Default Limits
Cisco IOS XR BGP imposes maximum limits on the number of neighbors that can be configured on the router
and on the maximum number of prefixes that are accepted from a peer for a given address family. This
limitation safeguards the router from resource depletion caused by misconfiguration, either locally or on the
remote neighbor. The following limits apply to BGP configurations:
The default maximum number of peers that can be configured is 4000. The default can be changed using
the bgp maximum neighbor command. The limit range is 1 to 15000. Any attempt to configure
additional peers beyond the maximum limit or set the maximum limit to a number that is less than the
number of peers currently configured will fail.
To prevent a peer from flooding BGP with advertisements, a limit is placed on the number of prefixes
that are accepted from a peer for each supported address family. The default limits can be overridden
through configuration of the maximum-prefix limit command for the peer for the appropriate address
family. The following default limits are used if the user does not configure the maximum number of
prefixes for the address family:
? 512K (524,288) prefixes for IPv4 unicast
? 128K (131,072) prefixes for IPv4 multicast
? 128K (131,072) prefixes for IPv6 unicast
? 512K (524,288) prefixes for VPNv4 unicast
A cease notification message is sent to the neighbor and the peering with the neighbor is terminated
when the number of prefixes received from the peer for a given address family exceeds the maximum
limit (either set by default or configured by the user) for that address family.
It is possible that the maximum number of prefixes for a neighbor for a given address family has been
configured after the peering with the neighbor has been established and a certain number of prefixes
have already been received from the neighbor for that address family. A cease notification message is
sent to the neighbor and peering with the neighbor is terminated immediately after the configuration if
the configured maximum number of prefixesisfewer than the number of prefixesthat have already been
received from the neighbor for the address family.
BGP Next Hop Tracking
BGP receives notifications from the Routing Information Base (RIB) when next-hop information changes
(event-driven notifications). BGP obtains next-hop information from the RIB to:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
4 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Default Limits Determine whether a next hop is reachable.
Find the fully recursed IGP metric to the next hop (used in the best-path calculation).
Validate the received next hops.
Calculate the outgoing next hops.
Verify the reachability and connectedness of neighbors.
BGP is notified when any of the following events occurs:
Next hop becomes unreachable
Next hop becomes reachable
Fully recursed IGP metric to the next hop changes
First hop IP address or first hop interface change
Next hop becomes connected
Next hop becomes unconnected
Next hop becomes a local address
Next hop becomes a nonlocal address
Note Reachability and recursed metric events trigger a best-path recalculation.
Event notificationsfrom the RIB are classified as critical and noncritical. Notificationsfor critical and noncritical
events are sent in separate batches. However, a noncritical event is sent along with the critical events if the
noncritical event is pending and there is a request to read the critical events.
Critical events are related to the reachability (reachable and unreachable), connectivity (connected and
unconnected), and locality (local and nonlocal) of the next hops. Notifications for these events are not
delayed.
Noncritical eventsinclude only the IGP metric changes. These events are sent at an interval of 3 seconds.
A metric change event is batched and sent 3 seconds after the last one was sent.
The next-hop trigger delay for critical and noncritical events can be configured to specify a minimum batching
interval for critical and noncritical events using the nexthop trigger-delay command. The trigger delay is
address family dependent.
The BGP next-hop tracking feature allows you to specify that BGP routes are resolved using only next hops
whose routes have the following characteristics:
To avoid the aggregate routes, the prefix length must be greater than a specified value.
The source protocol must be from a selected list, ensuring that BGP routes are not used to resolve next
hops that could lead to oscillation.
This route policy filtering is possible because RIB identifies the source protocol of route that resolved a next
hop as well as the mask length associated with the route. The nexthop route-policy command is used to
specify the route-policy.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 5
Implementing BGP on Cisco ASR 9000 Series Router
BGP Next Hop TrackingFor information on route policy filtering for next hops using the next-hop attach point, see the Implementing
Routing Policy Language on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series
Aggregation Services Router Routing Configuration Guide (this publication).
Scoped IPv4/VPNv4 Table Walk
To determine which address family to process, a next-hop notification is received by first dereferencing the
gateway context associated with the next hop, then looking into the gateway context to determine which
address families are using the gateway context. The IPv4 unicast and VPNv4 unicast address families share
the same gateway context, because they are registered with the IPv4 unicast table in the RIB. As a result, both
the global IPv4 unicast table and the VPNv4 table are processed when an IPv4 unicast next-hop notification
is received from the RIB. A mask is maintained in the next hop, indicating whether the next hop belongs to
IPv4 unicast or VPNv4 unicast, or both. This scoped table walk localizes the processing in the appropriate
address family table.
Reordered Address Family Processing
The Cisco IOS XR software walks address family tables based on the numeric value of the address family.
When a next-hop notification batch is received, the order of address family processing is reordered to the
following order:
IPv4 tunnel
VPNv4 unicast
IPv4 labeled unicast
IPv4 unicast
IPv4 multicast
IPv6 unicast
New Thread for Next-Hop Processing
The critical-event thread in the spkr process handles only next-hop, Bidirectional Forwarding Detection (BFD),
and fast-external-failover (FEF) notifications. This critical-event thread ensures that BGP convergence is not
adversely impacted by other events that may take a significant amount of time.
show, clear, and debug Commands
The show bgp nexthops command provides statistical information about next-hop notifications, the amount
of time spent in processing those notifications, and details about each next hop registered with the RIB. The
clear bgp nexthop performance-statistics command ensures that the cumulative statistics associated with
the processing part of the next-hop show command can be cleared to help in monitoring. The clear bgp
nexthop registration command performs an asynchronous registration of the next hop with the RIB. See the
BGP Commands on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series Aggregation Services
Router Routing Command Referencefor information on the next-hop show and clear commands.
The debug bgp nexthop command displays information on next-hop processing. The out keyword provides
debug information only about BGP registration of next hops with RIB. The in keyword displays debug
information about next-hop notifications received from RIB. The out keyword displays debug information
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
6 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Next Hop Trackingabout next-hop notifications sent to the RIB. See the BGP Debug Commands on Cisco ASR 9000 Series
Aggregation Services Router module of Cisco ASR 9000 Series Aggregation Services Router Routing Debug
Command Reference .
Autonomous System Number Formats in BGP
Autonomous system numbers (ASNs) are globally unique identifiers used to identify autonomous systems
(ASs) and enable ASs to exchange exterior routing information between neighboring ASs. A unique ASN is
allocated to each AS for use in BGP routing. ASNs are encoded as 2-byte numbers and 4-byte numbers in
BGP.
2-byte Autonomous System Number Format
The 2-byte ASNs are represented in asplain notation. The 2-byte range is 1 to 65535.
4-byte Autonomous System Number Format
To prepare for the eventual exhaustion of 2-byte Autonomous System Numbers(ASNs), BGP hasthe capability
to support 4-byte ASNs. The 4-byte ASNs are represented both in asplain and asdot notations.
The byte range for 4-byte ASNs in asplain notation is 1-4294967295. The AS is represented as a 4-byte
decimal number. The 4-byte ASN asplain representation is defined in draft-ietf-idr-as-representation-01.txt.
For 4-byte ASNs in asdot format, the 4-byte range is 1.0 to 65535.65535 and the format is:
high-order-16-bit-value-in-decimal . low-order-16-bit-value-in-decimal
The BGP 4-byte ASN capability is used to propagate 4-byte-based AS path information across BGP speakers
that do not support 4-byte AS numbers. See draft-ietf-idr-as4bytes-12.txt for information on increasing the
size of an ASN from 2 bytes to 4 bytes. AS is represented as a 4-byte decimal number
as-format Command
The as-format command configures the ASN notation to asdot. The default value, if the as-format command
is not configured, is asplain.
BGP Configuration
BGP in Cisco IOS XR software follows a neighbor-based configuration model that requires that all
configurations for a particular neighbor be grouped in one place under the neighbor configuration. Peer groups
are not supported for either sharing configuration between neighbors or for sharing update messages. The
concept of peer group has been replaced by a set of configuration groups to be used as templates in BGP
configuration and automatically generated update groups to share update messages between neighbors.
Configuration Modes
BGP configurations are grouped into modes. The following sections show how to enter some of the BGP
configuration modes. From a mode, you can enter the ? command to display the commands available in that
mode.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 7
Implementing BGP on Cisco ASR 9000 Series Router
Autonomous System Number Formats in BGPRouter Configuration Mode
The following example shows how to enter router configuration mode:
RP/0/RSP0/CPU0:router# configuration
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)#
Router Address Family Configuration Mode
The following example shows how to enter router address family configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 112
RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 multicast
RP/0/RSP0/CPU0:router(config-bgp-af)#
Neighbor Configuration Mode
The following example shows how to enter neighbor configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.0.0.1
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
Neighbor Address Family Configuration Mode
The following example shows how to enter neighbor address family configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 112
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.0.0.1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
VRF Configuration Mode
The following example shows how to enter VPN routing and forwarding (VRF) configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_A
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
VRF Address Family Configuration Mode
The following example shows how to enter VRF address family configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 112
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_A
RP/0/RSP0/CPU0:router(config-bgp-vrf)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
8 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP ConfigurationVRF Neighbor Configuration Mode
The following example shows how to enter VRF neighbor configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_A
RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor 11.0.1.2
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
VRF Neighbor Address Family Configuration Mode
The following example shows how to enter VRF neighbor address family configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 112
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_A
RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor 11.0.1.2
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
VPNv4 Address Family Configuration Mode
The following example shows how to enter VPNv4 address family configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 152
RP/0/RSP0/CPU0:router(config-bgp)# address-family vpnv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-af)#
L2VPN Address Family Configuration Mode
The following example shows how to enter L2VPN address family configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 100
RP/0/RSP0/CPU0:router(config-bgp)# address-family l2vpn vpls-vpws
RP/0/RSP0/CPU0:router(config-bgp-af)#
Neighbor Submode
Cisco IOS XR BGP uses a neighbor submode to make it possible to enter configurations without having to
prefix every configuration with the neighbor keyword and the neighbor address:
Cisco IOS XR software has a submode available for neighbors in which it is not necessary for every
command to have a neighbor x.x.x.x prefix:
In Cisco IOS XR software, the configuration is as follows:
RP/0/RSP0
/CPU0:router(config-bgp)# neighbor 192.23.1.2
RP/0/RSP0
/CPU0:router(config-bgp-nbr)# remote-as 2002
RP/0/RSP0
/CPU0:router(config-bgp-nbr)# address-family ipv4 multicast
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 9
Implementing BGP on Cisco ASR 9000 Series Router
BGP Configuration An address family configuration submode inside the neighbor configuration submode is available for
entering address family-specific neighbor configurations. In Cisco IOS XR software, the configuration
is as follows:
RP/0/RSP0
/CPU0:router(config-bgp)# neighbor 2002::2
RP/0/RSP0
/CPU0:router(config-bgp-nbr)# remote-as 2023
RP/0/RSP0
/CPU0:router(config-bgp-nbr)# address-family ipv6 unicast
RP/0/RSP0
/CPU0:router(config-bgp-nbr-af)# next-hop-self
RP/0/RSP0
/CPU0:router(config-bgp-nbr-af)# route-policy one in
You must enter neighbor-specific IPv4, IPv6, VPNv4, or VPNv6 commands in neighbor address-family
configuration submode. In Cisco IOS XR software, the configuration is as follows:
RP/0/RSP0
/CPU0:router(config)# router bgp 109
RP/0/RSP0
/CPU0:router(config-bgp)# neighbor 192.168.40.24
RP/0/RSP0
/CPU0:router(config-bgp-nbr)# remote-as 1
RP/0/RSP0
/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast
RP/0/RSP0
/CPU0:router(config-bgp-nbr-af)# maximum-prefix 1000
You must enter neighbor-specific IPv4 and IPv6 commandsin VRF neighbor address-family configuration
submode. In Cisco IOS XR software, the configuration is as follows:
RP/0/RSP0
/CPU0:router(config)# router bgp 110
RP/0/RSP0
/CPU0:router(config-bgp)# vrf vrf_A
RP/0/RSP0
/CPU0:router(config-bgp-vrf)# neighbor 11.0.1.2
RP/0/RSP0
/CPU0:router(config-bgp-vrf-nbr)# address-family ipv4 unicast
RP/0/RSP0
/CPU0:router(config-bgp-vrf-nbr-af)# route-policy pass all in
Configuration Templates
The af-group, session-group, and neighbor-group configuration commands provide template support for
the neighbor configuration in Cisco IOS XR software.
The af-group command is used to group address family-specific neighbor commands within an IPv4, IPv6,
or VPNv4, address family. Neighbors that have the same address family configuration are able to use the
address family group (af-group) name for their address family-specific configuration. A neighbor inherits the
configuration from an address family group by way of the use command. If a neighbor is configured to use
an address family group, the neighbor (by default) inherits the entire configuration from the address family
group. However, a neighbor does not inherit all of the configuration from the address family group if items
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
10 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Configurationare explicitly configured for the neighbor. The address family group configuration is entered under the BGP
router configuration mode. The following example shows how to enter address family group configuration
mode.
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# af-group afmcast1 address-family ipv4 multicast
RP/0/RSP0/CPU0:router(config-bgp-afgrp)#
The session-group command allows you to create a session group from which neighbors can inherit address
family-independent configuration. A neighbor inherits the configuration from a session group by way of the
use command. If a neighbor is configured to use a session group, the neighbor (by default) inherits the entire
configuration of the session group. A neighbor does not inherit all of the configuration from a session group
if a configuration is done directly on that neighbor. The following example shows how to enter session group
configuration mode:
RP/0/RSP0/CPU0:router# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# session-group session1
RP/0/RSP0/CPU0:router(config-bgp-sngrp)#
The neighbor-group command helps you apply the same configuration to one or more neighbors. Neighbor
groups can include session groups and address family groups and can comprise the complete configuration
for a neighbor. After a neighbor group is configured, a neighbor can inherit the configuration of the group
using the use command. If a neighbor is configured to use a neighbor group, the neighbor inherits the entire
BGP configuration of the neighbor group.
The following example shows how to enter neighbor group configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 123
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group nbrgroup1
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)#
The following example shows how to enter neighbor group address family configuration mode:
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group nbrgroup1
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)#
However, a neighbor does not inherit all of the configuration from the neighbor group if items are
explicitly configured for the neighbor. In addition, some part of the configuration of the neighbor group
could be hidden if a session group or address family group was also being used.
Configuration grouping has the following effects in Cisco IOS XR software:
Commands entered at the session group level define address family-independent commands (the same
commands as in the neighbor submode).
Commands entered at the address family group level define address family-dependent commands for a
specified addressfamily (the same commands asin the neighbor-addressfamily configuration submode).
Commands entered at the neighbor group level define addressfamily-independent commands and address
family-dependent commands for each address family (the same as all available neighbor commands),
and define the use command for the address family group and session group commands.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 11
Implementing BGP on Cisco ASR 9000 Series Router
BGP ConfigurationTemplate Inheritance Rules
In Cisco IOS XR software, BGP neighbors or groups inherit configuration from other configuration groups.
For address family-independent configurations:
Neighbors can inherit from session groups and neighbor groups.
Neighbor groups can inherit from session groups and other neighbor groups.
Session groups can inherit from other session groups.
If a neighbor uses a session group and a neighbor group, the configurations in the session group are
preferred over the global address family configurations in the neighbor group.
For address family-dependent configurations:
Address family groups can inherit from other address family groups.
Neighbor groups can inherit from address family groups and other neighbor groups.
Neighbors can inherit from address family groups and neighbor groups.
Configuration group inheritance rules are numbered in order of precedence as follows:
1 If the item is configured directly on the neighbor, that value is used. In the example that follows, the
advertisement interval is configured both on the neighbor group and neighbor configuration and the
advertisement interval being used is from the neighbor configuration:
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group AS_1
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# advertisement-interval 15
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.1.1.1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group AS_1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# advertisement-interval 20
The following output from the show bgp neighbors command shows that the advertisement interval used
is 20 seconds:
RP/0/RSP0/CPU0:router# show bgp neighbors 10.1.1.1
BGP neighbor is 10.1.1.1, remote AS 1, local AS 140, external link
Remote router ID 0.0.0.0
BGP state = Idle
Last read 00:00:00, hold time is 180, keepalive interval is 60 seconds
Received 0 messages, 0 notifications, 0 in queue
Sent 0 messages, 0 notifications, 0 in queue
Minimum time between advertisement runs is 20 seconds
For Address Family: IPv4 Unicast
BGP neighbor version 0
Update group: 0.1
eBGP neighbor with no inbound or outbound policy; defaults to 'drop'
Route refresh request: received 0, sent 0
0 accepted prefixes
Prefix advertised 0, suppressed 0, withdrawn 0, maximum limit 524288
Threshold for warning message 75%
Connections established 0; dropped 0
Last reset 00:00:14, due to BGP neighbor initialized
External BGP neighbor not directly connected.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
12 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Configuration2 Otherwise, if an item is configured to be inherited from a session-group or neighbor-group and on the
neighbor directly, then the configuration on the neighbor is used. If a neighbor is configured to be inherited
from session-group or af-group, but no directly configured value, then the value in the session-group or
af-group is used. In the example that follows, the advertisement interval is configured on a neighbor group
and a session group and the advertisement interval value being used is from the session group:
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# session-group AS_2
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# advertisement-interval 15
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group AS_1
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# advertisement-interval 20
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 192.168.0.1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# use session-group AS_2
RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group AS_1
The following output from the show bgp neighbors command shows that the advertisement interval used
is 15 seconds:
RP/0/RSP0/CPU0:router# show bgp neighbors 192.168.0.1
BGP neighbor is 192.168.0.1, remote AS 1, local AS 140, external link
Remote router ID 0.0.0.0
BGP state = Idle
Last read 00:00:00, hold time is 180, keepalive interval is 60 seconds
Received 0 messages, 0 notifications, 0 in queue
Sent 0 messages, 0 notifications, 0 in queue
Minimum time between advertisement runs is 15 seconds
For Address Family: IPv4 Unicast
BGP neighbor version 0
Update group: 0.1
eBGP neighbor with no inbound or outbound policy; defaults to 'drop'
Route refresh request: received 0, sent 0
0 accepted prefixes
Prefix advertised 0, suppressed 0, withdrawn 0, maximum limit 524288
Threshold for warning message 75%
Connections established 0; dropped 0
Last reset 00:03:23, due to BGP neighbor initialized
External BGP neighbor not directly connected.
3 Otherwise, if the neighbor uses a neighbor group and does not use a session group or addressfamily group,
the configuration value can be obtained from the neighbor group either directly or through inheritance. In
the example that follows, the advertisement interval from the neighbor group is used because it is not
configured directly on the neighbor and no session group is used:
RP/0/RSP0/CPU0:router(config)# router bgp 150
RP/0/RSP0/CPU0:router(config-bgp)# session-group AS_2
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# advertisement-interval 20
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group AS_1
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# advertisement-interval 15
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 192.168.1.1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group AS_1
The following output from the show bgp neighbors command shows that the advertisement interval used
is 15 seconds:
RP/0/RSP0/CPU0:router# show bgp neighbors 192.168.1.1
BGP neighbor is 192.168.2.2, remote AS 1, local AS 140, external link
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 13
Implementing BGP on Cisco ASR 9000 Series Router
BGP ConfigurationRemote router ID 0.0.0.0
BGP state = Idle
Last read 00:00:00, hold time is 180, keepalive interval is 60 seconds
Received 0 messages, 0 notifications, 0 in queue
Sent 0 messages, 0 notifications, 0 in queue
Minimum time between advertisement runs is 15 seconds
For Address Family: IPv4 Unicast
BGP neighbor version 0
Update group: 0.1
eBGP neighbor with no outbound policy; defaults to 'drop'
Route refresh request: received 0, sent 0
Inbound path policy configured
Policy for incoming advertisements is POLICY_1
0 accepted prefixes
Prefix advertised 0, suppressed 0, withdrawn 0, maximum limit 524288
Threshold for warning message 75%
Connections established 0; dropped 0
Last reset 00:01:14, due to BGP neighbor initialized
External BGP neighbor not directly connected.
To illustrate the same rule, the following example shows how to set the advertisement interval to 15 (from
the session group) and 25 (from the neighbor group). The advertisement interval set in the session group
overrides the one set in the neighbor group. The inbound policy is set to POLICY_1 from the neighbor
group.
RP/0/RSP0/CPU0:routerconfig)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# session-group ADV
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# advertisement-interval 15
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group ADV_2
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# advertisement-interval 25
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# route-policy POLICY_1 in
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# exit
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 192.168.2.2
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# use session-group ADV
RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group ADV_2
The following output from the show bgp neighbors command shows that the advertisement interval used
is 15 seconds:
RP/0/RSP0/CPU0:router# show bgp neighbors 192.168.2.2
BGP neighbor is 192.168.2.2, remote AS 1, local AS 140, external link
Remote router ID 0.0.0.0
BGP state = Idle
Last read 00:00:00, hold time is 180, keepalive interval is 60 seconds
Received 0 messages, 0 notifications, 0 in queue
Sent 0 messages, 0 notifications, 0 in queue
Minimum time between advertisement runs is 15 seconds
For Address Family: IPv4 Unicast
BGP neighbor version 0
Update group: 0.1
eBGP neighbor with no inbound or outbound policy; defaults to 'drop'
Route refresh request: received 0, sent 0
0 accepted prefixes
Prefix advertised 0, suppressed 0, withdrawn 0, maximum limit 524288
Threshold for warning message 75%
Connections established 0; dropped 0
Last reset 00:02:03, due to BGP neighbor initialized
External BGP neighbor not directly connected.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
14 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Configuration4 Otherwise, the default value is used. In the example that follows, neighbor 10.0.101.5 has the minimum
time between advertisement runs set to 30 seconds (default) because the neighbor is not configured to use
the neighbor configuration or the neighbor group configuration:
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group AS_1
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# remote-as 1
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group adv_15
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# remote-as 10
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# advertisement-interval 15
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.0.101.5
RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group AS_1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 10.0.101.10
RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group adv_15
The following output from the show bgp neighbors command shows that the advertisement interval used
is 30 seconds:
RP/0/RSP0/CPU0:router# show bgp neighbors 10.0.101.5
BGP neighbor is 10.0.101.5, remote AS 1, local AS 140, external link
Remote router ID 0.0.0.0
BGP state = Idle
Last read 00:00:00, hold time is 180, keepalive interval is 60 seconds
Received 0 messages, 0 notifications, 0 in queue
Sent 0 messages, 0 notifications, 0 in queue
Minimum time between advertisement runs is 30 seconds
For Address Family: IPv4 Unicast
BGP neighbor version 0
Update group: 0.2
eBGP neighbor with no inbound or outbound policy; defaults to 'drop'
Route refresh request: received 0, sent 0
0 accepted prefixes
Prefix advertised 0, suppressed 0, withdrawn 0, maximum limit 524288
Threshold for warning message 75%
Connections established 0; dropped 0
Last reset 00:00:25, due to BGP neighbor initialized
External BGP neighbor not directly connected.
The inheritance rules used when groups are inheriting configuration from other groups are the same as the
rules given for neighbors inheriting from groups.
Viewing Inherited Configurations
You can use the following show commands to view BGP inherited configurations:
show bgp neighbors
Use the show bgp neighbors command to display information about the BGP configuration for neighbors.
Use the configuration keyword to display the effective configuration for the neighbor, including any
settings that have been inherited from session groups, neighbor groups, or address family groups used
by this neighbor.
Use the inheritance keyword to display the session groups, neighbor groups, and address family groups
from which this neighbor is capable of inheriting configuration.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 15
Implementing BGP on Cisco ASR 9000 Series Router
BGP ConfigurationThe show bgp neighbors command examples that follow are based on this sample configuration:
RP/0/RSP0/CPU0:router(config)# router bgp 142
RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_3 address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# next-hop-self
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# route-policy POLICY_1 in
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# session-group GROUP_2
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# advertisement-interval 15
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group GROUP_1
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# use session-group GROUP_2
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# ebgp-multihop 3
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# weight 100
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# send-community-ebgp
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# exit
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 multicast
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# default-originate
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# exit
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 192.168.0.1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 2
RP/0/RSP0/CPU0:router(config-bgp-nbr)# use neighbor-group GROUP_1
RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# use af-group GROUP_3
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# weight 200
The following example displayssample output from the show bgp neighbors command using the inheritance
keyword. The example shows that the neighbor inherits session parameters from neighbor group GROUP_1,
which in turn inherits from session group GROUP_2. The neighbor inherits IPv4 unicast parameters from
address family group GROUP_3 and IPv4 multicast parameters from neighbor group GROUP_1:
RP/0/RSP0/CPU0:router# show bgp neighbors 192.168.0.1 inheritance
Session: n:GROUP_1 s:GROUP_2
IPv4 Unicast: a:GROUP_3
IPv4 Multicast: n:GROUP_1
The following example displays sample output from the show bgp neighbors command using the
configuration keyword. The example shows from where each item of configuration was inherited, or if it
was configured directly on the neighbor (indicated by [ ]). For example, the ebgp-multihop 3 command was
inherited from neighbor group GROUP_1 and the next-hop-self command was inherited from the address
family group GROUP_3:
RP/0/RSP0/CPU0:router# show bgp neighbors 192.168.0.1 configuration
neighbor 192.168.0.1
remote-as 2 []
advertisement-interval 15 [n:GROUP_1 s:GROUP_2]
ebgp-multihop 3 [n:GROUP_1]
address-family ipv4 unicast []
next-hop-self [a:GROUP_3]
route-policy POLICY_1 in [a:GROUP_3]
weight 200 []
address-family ipv4 multicast [n:GROUP_1]
default-originate [n:GROUP_1]
show bgp af-group
Use the show bgp af-group command to display address family groups:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
16 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Configuration Use the configuration keyword to display the effective configuration for the address family group,
including any settings that have been inherited from address family groups used by this address family
group.
Use the inheritance keyword to display the addressfamily groupsfrom which this addressfamily group
is capable of inheriting configuration.
Use the users keyword to display the neighbors, neighbor groups, and address family groups that inherit
configuration from this address family group.
The show bgp af-group sample commands that follow are based on this sample configuration:
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_3 address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# remove-private-as
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# route-policy POLICY_1 in
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_1 address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# use af-group GROUP_2
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# maximum-prefix 2500 75 warning-only
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# default-originate
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_2 address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# use af-group GROUP_3
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# send-community-ebgp
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# send-extended-community-ebgp
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# capability orf prefix both
The following example displays sample output from the show bgp af-group command using the
configuration keyword. This example shows from where each configuration item was inherited. The
default-originate command was configured directly on this address family group (indicated by [ ]). The
remove-private-as command was inherited from address family group GROUP_2, which in turn inherited
from address family group GROUP_3:
RP/0/RSP0/CPU0:router# show bgp af-group GROUP_1 configuration
af-group GROUP_1 address-family ipv4 unicast
capability orf prefix-list both [a:GROUP_2]
default-originate []
maximum-prefix 2500 75 warning-only []
route-policy POLICY_1 in [a:GROUP_2 a:GROUP_3]
remove-private-AS [a:GROUP_2 a:GROUP_3]
send-community-ebgp [a:GROUP_2]
send-extended-community-ebgp [a:GROUP_2]
The following example displays sample output from the show bgp af-group command using the users
keyword:
RP/0/RSP0/CPU0:router# show bgp af-group GROUP_2 users
IPv4 Unicast: a:GROUP_1
The following example displays sample output from the show bgp af-group command using the inheritance
keyword. This shows that the specified address family group GROUP_1 directly uses the GROUP_2 address
family group, which in turn uses the GROUP_3 address family group:
RP/0/RSP0/CPU0:router# show bgp af-group GROUP_1 inheritance
IPv4 Unicast: a:GROUP_2 a:GROUP_3
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 17
Implementing BGP on Cisco ASR 9000 Series Router
BGP Configurationshow bgp session-group
Use the show bgp session-group command to display session groups:
Use the configuration keyword to display the effective configuration for the session group, including
any settings that have been inherited from session groups used by this session group.
Use the inheritance keyword to display the session groups from which this session group is capable of
inheriting configuration.
Use the users keyword to display the session groups, neighbor groups, and neighbors that inherit
configuration from this session group.
The output from the show bgp session-group command is based on the following session group configuration:
RP/0/RSP0/CPU0:router(config)# router bgp 113
RP/0/RSP0/CPU0:router(config-bgp)# session-group GROUP_1
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# use session-group GROUP_2
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# update-source Loopback 0
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# session-group GROUP_2
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# use session-group GROUP_3
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# ebgp-multihop 2
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# session-group GROUP_3
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# dmz-link-bandwidth
The following issample output from the show bgp session-group command with the configuration keyword
in EXEC mode:
RP/0/RSP0/CPU0:router# show bgp session-group GROUP_1 configuration
session-group GROUP_1
ebgp-multihop 2 [s:GROUP_2]
update-source Loopback0 []
dmz-link-bandwidth [s:GROUP_2 s:GROUP_3]
The following is sample output from the show bgp session-group command with the inheritance keyword
showing that the GROUP_1 session group inherits session parameters from the GROUP_3 and GROUP_2
session groups:
RP/0/RSP0/CPU0:router# show bgp session-group GROUP_1 inheritance
Session: s:GROUP_2 s:GROUP_3
The following issample output from the show bgp session-group command with the users keyword showing
that both the GROUP_1 and GROUP_2 session groupsinheritsession parametersfrom the GROUP_3 session
group:
RP/0/RSP0/CPU0:router# show bgp session-group GROUP_3 users
Session: s:GROUP_1 s:GROUP_2
show bgp neighbor-group
Use the show bgp neighbor-group command to display neighbor groups:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
18 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Configuration Use the configuration keyword to display the effective configuration for the neighbor group, including
any settings that have been inherited from neighbor groups used by this neighbor group.
Use the inheritance keyword to display the address family groups, session groups, and neighbor groups
from which this neighbor group is capable of inheriting configuration.
Use the users keyword to display the neighbors and neighbor groups that inherit configuration from this
neighbor group.
The examples are based on the following group configuration:
RP/0/RSP0/CPU0:router(config)# router bgp 140
RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_3 address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# remove-private-as
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# soft-reconfiguration inbound
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# af-group GROUP_2 address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# use af-group GROUP_3
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# send-community-ebgp
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# send-extended-community-ebgp
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# capability orf prefix both
RP/0/RSP0/CPU0:router(config-bgp-afgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# session-group GROUP_3
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# timers 30 90
RP/0/RSP0/CPU0:router(config-bgp-sngrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group GROUP_1
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# remote-as 1982
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# use neighbor-group GROUP_2
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# exit
RP/0/RSP0/CPU0:router(config-nbrgrp)# exit
RP/0/RSP0/CPU0:router(config-bgp)# neighbor-group GROUP_2
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# use session-group GROUP_3
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)# address-family ipv4 unicast
RP/0/RSP0/CPU0:routerconfig-bgp-nbrgrp-af)# use af-group GROUP_2
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)# weight 100
The following is sample output from the show bgp neighbor-group command with the configuration
keyword. The configuration setting source is shown to the right of each command. In the output shown
previously, the remote autonomous system is configured directly on neighbor group GROUP_1, and the send
community setting isinherited from neighbor group GROUP_2, which in turn inheritsthe setting from address
family group GROUP_3:
RP/0/RSP0/CPU0:router# show bgp neighbor-group GROUP_1 configuration
neighbor-group GROUP_1
remote-as 1982 []
timers 30 90 [n:GROUP_2 s:GROUP_3]
address-family ipv4 unicast []
capability orf prefix-list both [n:GROUP_2 a:GROUP_2]
remove-private-AS [n:GROUP_2 a:GROUP_2 a:GROUP_3]
send-community-ebgp [n:GROUP_2 a:GROUP_2]
send-extended-community-ebgp [n:GROUP_2 a:GROUP_2]
soft-reconfiguration inbound [n:GROUP_2 a:GROUP_2 a:GROUP_3]
weight 100 [n:GROUP_2]
The following issample output from the show bgp neighbor-group command with the inheritance keyword.
This output shows that the specified neighbor group GROUP_1 inherits session (address family-independent)
configuration parameters from neighbor group GROUP_2. Neighbor group GROUP_2 inherits its session
parameters from session group GROUP_3. It also shows that the GROUP_1 neighbor group inherits IPv4
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 19
Implementing BGP on Cisco ASR 9000 Series Router
BGP Configurationunicast configuration parameters from the GROUP_2 neighbor group, which in turn inherits them from the
GROUP_2 address family group, which itself inherits them from the GROUP_3 address family group:
RP/0/RSP0/CPU0:router# show bgp neighbor-group GROUP_1 inheritance
Session: n:GROUP-2 s:GROUP_3
IPv4 Unicast: n:GROUP_2 a:GROUP_2 a:GROUP_3
The following is sample output from the show bgp neighbor-group command with the users keyword. This
output shows that the GROUP_1 neighbor group inherits session (address family-independent) configuration
parameters from the GROUP_2 neighbor group. The GROUP_1 neighbor group also inherits IPv4 unicast
configuration parameters from the GROUP_2 neighbor group:
RP/0/RSP0/CPU0:router# show bgp neighbor-group GROUP_2 users
Session: n:GROUP_1
IPv4 Unicast: n:GROUP_1
No Default Address Family
BGP does notsupport the concept of a default addressfamily. An addressfamily must be explicitly configured
under the BGP router configuration for the address family to be activated in BGP. Similarly, an address family
must be explicitly configured under a neighbor for the BGP session to be activated under that address family.
It is not required to have any addressfamily configured under the BGP router configuration level for a neighbor
to be configured. However, it is a requirement to have an address family configured at the BGP router
configuration level for the address family to be configured under a neighbor.
Routing Policy Enforcement
External BGP (eBGP) neighbors must have an inbound and outbound policy configured. If no policy is
configured, no routes are accepted from the neighbor, nor are any routes advertised to it. This added security
measure ensures that routes cannot accidentally be accepted or advertised in the case of a configuration
omission error.
This enforcement affects only eBGP neighbors (neighbors in a different autonomous system than this
router). For internal BGP (iBGP) neighbors (neighbors in the same autonomous system), all routes are
accepted or advertised if there is no policy.
Note
In the following example, for an eBGP neighbor, if all routes should be accepted and advertised with no
modifications, a simple pass-all policy is configured:
RP/0/RSP0/CPU0:router(config)# route-policy pass-all
RP/0/RSP0/CPU0:router(config-rpl)# pass
RP/0/RSP0/CPU0:router(config-rpl)# end-policy
RP/0/RSP0/CPU0:router(config)# commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
20 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
No Default Address FamilyUse the route-policy (BGP) command in the neighbor address-family configuration mode to apply the pass-all
policy to a neighbor. The following example shows how to allow all IPv4 unicast routes to be received from
neighbor 192.168.40.42 and advertise all IPv4 unicast routes back to it:
RP/0/RSP0/CPU0:router(config)# router bgp 1
RP/0/RSP0/CPU0:router(config-bgp)# neighbor 192.168.40.24
RP/0/RSP0/CPU0:router(config-bgp-nbr)# remote-as 21
RP/0/RSP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all in
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# route-policy pass-all out
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# commit
Use the show bgp summary command to display eBGP neighbors that do not have both an inbound and
outbound policy for every active addressfamily. In the following example,such eBGP neighbors are indicated
in the output with an exclamation (!) mark:
RP/0/RSP0/CPU0:router# show bgp all all summary
Address Family: IPv4 Unicast
============================
BGP router identifier 10.0.0.1, local AS number 1
BGP generic scan interval 60 secs
BGP main routing table version 41
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RecvTblVer bRIB/RIB SendTblVer
Speaker 41 41 41
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
10.0.101.1 0 1 919 925 41 0 0 15:15:08 10
10.0.101.2 0 2 0 0 0 0 0 00:00:00 Idle
Address Family: IPv4 Multicast
==============================
BGP router identifier 10.0.0.1, local AS number 1
BGP generic scan interval 60 secs
BGP main routing table version 1
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RecvTblVer bRIB/RIB SendTblVer
Speaker 1 1 1
Some configured eBGP neighbors do not have both inbound and
outbound policies configured for IPv4 Multicast address family.
These neighbors will default to sending and/or receiving no
routes and are marked with ! in the output below. Use the
show bgp neighbor command for details.
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
10.0.101.2 0 2 0 0 0 0 0 00:00:00 Idle!
Address Family: IPv6 Unicast
============================
BGP router identifier 10.0.0.1, local AS number 1
BGP generic scan interval 60 secs
BGP main routing table version 2
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RecvTblVer bRIB/RIB SendTblVer
Speaker 2 2 2
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 21
Implementing BGP on Cisco ASR 9000 Series Router
Routing Policy EnforcementNeighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
2222::2 0 2 920 918 2 0 0 15:15:11 1
2222::4 0 3 0 0 0 0 0 00:00:00 Idle
Address Family: IPv6 Multicast
==============================
BGP router identifier 10.0.0.1, local AS number 1
BGP generic scan interval 60 secs
BGP main routing table version 1
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RecvTblVer bRIB/RIB SendTblVer
Speaker 1 1 1
Some configured eBGP neighbors do not have both inbound and
outbound policies configured for IPv6 Multicast address family.
These neighbors will default to sending and/or receiving no
routes and are marked with ! in the output below. Use the
show bgp neighbor command for details.
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
2222::2 0 2 920 918 0 0 0 15:15:11 0
2222::4 0 3 0 0 0 0 0 00:00:00 Idle!
Table Policy
The table policy feature in BGP allows you to configure traffic index values on routes as they are installed in
the global routing table. This feature is enabled using the table-policy command and supports the BGP policy
accounting feature.
BGP policy accounting uses traffic indices that are set on BGP routes to track various counters. See the
Implementing Routing Policy on Cisco ASR 9000 Series Router module in the Cisco ASR 9000 Series
Aggregation Services Router Routing Configuration Guide for details on table policy use. See the Cisco
Express Forwarding Commands on Cisco ASR 9000 Series Router module in the Cisco ASR 9000 Series
Aggregation Services Router IP Addresses and Services Command Reference for details on BGP policy
accounting.
Table policy also provides the ability to drop routes from the RIB based on match criteria. This feature can
be useful in certain applications and should be used with caution as it can easily create a routing black hole
where BGP advertises routes to neighbors that BGP does not install in its global routing table and forwarding
table.
Update Groups
The BGP Update Groups feature contains an algorithm that dynamically calculates and optimizes update
groups of neighborsthatshare outbound policies and can share the update messages. The BGP Update Groups
feature separates update group replication from peer group configuration, improving convergence time and
flexibility of neighbor configuration.
To use this feature, you must understand the following concepts:
Related Topics
BGP Update Generation and Update Groups , on page 23
BGP Update Group , on page 23
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
22 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Table PolicyBGP Update Generation and Update Groups
The BGP Update Groups feature separates BGP update generation from neighbor configuration. The BGP
Update Groups feature introduces an algorithm that dynamically calculates BGP update group membership
based on outbound routing policies. This feature does not require any configuration by the network operator.
Update group-based message generation occurs automatically and independently.
BGP Update Group
When a change to the configuration occurs, the router automatically recalculates update group memberships
and applies the changes.
For the best optimization of BGP update group generation, we recommend that the network operator keeps
outbound routing policy the same for neighbors that have similar outbound policies. This feature contains
commands for monitoring BGP update groups. For more information about the commands, see Monitoring
BGP Update Groups, on page 131.
BGP Cost Community
The BGP cost community is a nontransitive extended community attribute that is passed to internal BGP
(iBGP) and confederation peers but not to external BGP (eBGP) peers. The cost community feature allows
you to customize the local route preference and influence the best-path selection process by assigning cost
values to specific routes. The extended community format defines generic points of insertion (POI) that
influence the best-path decision at different points in the best-path algorithm.
The cost community attribute is applied to internal routes by configuring the set extcommunity cost command
in a route policy. See the Routing Policy Language Commands on Cisco ASR 9000 Series Router module
of Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference for information on the
set extcommunity cost command. The cost community set clause is configured with a cost community ID
number (0255) and cost community number (04294967295). The cost community number determines the
preference for the path. The path with the lowest cost community number is preferred. Paths that are not
specifically configured with the cost community number are assigned a default cost community number of
2147483647 (the midpoint between 0 and 4294967295) and evaluated by the best-path selection process
accordingly. When two paths have been configured with the same cost community number, the path selection
process prefers the path with the lowest cost community ID. The cost-extended community attribute is
propagated to iBGP peers when extended community exchange is enabled.
The following commands include the route-policy keyword, which you can use to apply a route policy that
is configured with the cost community set clause:
aggregate-address
redistribute
network
How BGP Cost Community Influences the Best Path Selection Process
The cost community attribute influences the BGP best-path selection process at the point of insertion (POI).
By default, the POI follows the Interior Gateway Protocol (IGP) metric comparison. When BGP receives
multiple paths to the same destination, it uses the best-path selection process to determine which path is the
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 23
Implementing BGP on Cisco ASR 9000 Series Router
BGP Cost Communitybest path. BGP automatically makesthe decision and installsthe best path in the routing table. The POI allows
you to assign a preference to a specific path when multiple equal cost paths are available. If the POI is not
valid for local best-path selection, the cost community attribute is silently ignored.
Cost communities are sorted first by POI then by community ID. Multiple paths can be configured with the
cost community attribute for the same POI. The path with the lowest cost community ID is considered first.
In other words, all cost community paths for a specific POI are considered, starting with the one with the
lowest cost community. Paths that do not contain the cost community cost (for the POI and community ID
being evaluated) are assigned the default community cost value (2147483647). If the cost community values
are equal, then cost community comparison proceeds to the next lowest community ID for this POI.
To select the path with the lower cost community, simultaneously walk through the cost communities of both
paths. Thisis done by maintaining two pointersto the cost community chain, one for each path, and advancing
both pointers to the next applicable cost community at each step of the walk for the given POI, in order of
community ID, and stop when a best path is chosen or the comparison is a tie. At each step of the walk, the
following checks are done:
If neither pointer refers to a cost community,
Declare a tie;
Elseif a cost community is found for one path but not for the other,
Choose the path with cost community as best path;
Elseif the Community ID from one path is less than the other,
Choose the path with the lesser Community ID as best path;
Elseif the Cost from one path is less than the other,
Choose the path with the lesser Cost as best path;
Else Continue.
Paths that are not configured with the cost community attribute are considered by the best-path selection
process to have the default cost value (half of the maximum value [4294967295] or 2147483647).
Note
Applying the cost community attribute at the POI allows you to assign a value to a path originated or learned
by a peer in any part of the local autonomous system or confederation. The cost community can be used as a
tie breaker during the best-path selection process. Multiple instances of the cost community can be configured
for separate equal cost paths within the same autonomous system or confederation. For example, a lower cost
community value can be applied to a specific exit path in a network with multiple equal cost exit points, and
the specific exit path is preferred by the BGP best-path selection process. See the scenario described
inInfluencing Route Preference in a Multiexit IGP Network, on page 26.
The cost community comparison in BGP is enabled by default. Use the bgp bestpath cost-community
ignore command to disable the comparison.
Note
SeeBGP Best Path Algorithm, on page 28 for information on the BGP best-path selection process.
Cost Community Support for Aggregate Routes and Multipaths
The BGP cost community feature supports aggregate routes and multipaths. The cost community attribute
can be applied to either type of route. The cost community attribute is passed to the aggregate or multipath
route from component routes that carry the cost community attribute. Only unique IDs are passed, and only
the highest cost of any individual component route is applied to the aggregate for each ID. If multiple component
routes contain the same ID, the highest configured cost is applied to the route. For example, the following
two component routes are configured with the cost community attribute using an inbound route policy:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
24 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Cost Community 10.0.0.1
? POI=IGP
? cost community ID=1
? cost number=100
192.168.0.1
? POI=IGP
? cost community ID=1
? cost number=200
If these component routes are aggregated or configured as a multipath, the cost value 200 is advertised,
because it has the highest cost.
If one or more component routes do not carry the cost community attribute or the component routes are
configured with different IDs, then the default value (2147483647) is advertised for the aggregate or
multipath route. For example, the following three component routes are configured with the cost
community attribute using an inbound route policy. However, the component routes are configured with
two different IDs.
10.0.0.1
? POI=IGP
? cost community ID=1
? cost number=100
172.16.0.1
? POI=IGP
? cost community ID=2
? cost number=100
192.168.0.1
? POI=IGP
? cost community ID=1
? cost number=200
The single advertised path includes the aggregate cost communities as follows:
{POI=IGP, ID=1, Cost=2147483647} {POI-IGP, ID=2, Cost=2147483647}
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 25
Implementing BGP on Cisco ASR 9000 Series Router
BGP Cost CommunityInfluencing Route Preference in a Multiexit IGP Network
This figure shows an IGP network with two autonomous system boundary routers (ASBRs) on the edge. Each
ASBR has an equal cost path to network 10.8/16.
Figure 1: Multiexit Point IGP Network
Both paths are considered to be equal by BGP. If multipath loadsharing is configured, both pathsto the routing
table are installed and are used to balance the load of traffic. If multipath load balancing is not configured,
the BGP selects the path that was learned first as the best path and installs this path to the routing table. This
behavior may not be desirable under some conditions. For example, the path is learned from ISP1 PE2 first,
but the link between ISP1 PE2 and ASBR1 is a low-speed link.
The configuration of the cost community attribute can be used to influence the BGP best-path selection process
by applying a lower-cost community value to the path learned by ASBR2. For example, the following
configuration is applied to ASBR2:
RP/0/RSP0/CPU0:router(config)# route-policy ISP2_PE1
RP/0/RSP0/CPU0:router(config-rpl)# set extcommunity cost (1:1)
The preceding route policy applies a cost community number of 1 to the 10.8.0.0 route. By default, the path
learned from ASBR1 is assigned a cost community number of 2147483647. Because the path learned from
ASBR2 has a lower-cost community number, the path is preferred.
BGP Cost Community Support for EIGRP MPLS VPN PE-CE with Back-door Links
Back-door links in an EIGRP MPLS VPN topology is preferred by BGP if the back-door link is learned first.
(A back-door link, or route, is a connection that is configured outside of the VPN between a remote and main
site; for example, a WAN leased line that connects a remote site to the corporate network.)
The prebest path point of insertion (POI) in the BGP cost community feature supports mixed EIGRP VPN
network topologies that contain VPN and back-door links. This POI is applied automatically to EIGRP routes
that are redistributed into BGP. The prebest path POI carries the EIGRP route type and metric. This POI
influencesthe best-path calculation process by influencing BGP to consider the POI before any other comparison
step. No configuration is required. This feature is enabled automatically for EIGRP VPN sites when Cisco
IOS XR software is installed on a PE, CE, or back-door router.
For information about configuring EIGRP MPLS VPNs,see the Cisco ASR 9000 Series Aggregation Services
Router MPLS Configuration Guide.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
26 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Cost CommunityThis figure shows how cost community can be used to support backdoor links in a network.
Figure 2: Network Showing How Cost Community Can be Used to Support Backdoor Links
The following sequence of events happens in PE1:
1 PE1 learns IPv4 prefix 10.1.1.0/24 from CE1 through EIGRP running a virtual routing and forwarding
(VRF) instance. EIGRP selects and installs the best path in the RIB. It also encodes the cost-extended
community and adds the information to the RIB.
2 The route is redistributed into BGP (assuming that IGP-to-BGP redistribution is configured). BGP also
receives the cost-extended community from the route through the redistribution process.
3 After BGP has determined the best path for the newly redistributed prefix, the path is advertised to PE
peers (PE2).
4 PE2 receives the BGP VPNv4 prefix route_distinguisher:10.1.1.0/24 along with the cost community. It
is likely that CE2 advertises the same prefix (because of the back-door link between CE1 and CE2) to
PE2 through EIGRP. PE2 BGP would have already learned the CE route through the redistribution process
along with the cost community value
5 PE2 has two paths within BGP: one with cost community cost1 through multipath BGP (PE1) and another
with cost community cost2 through the EIGRP neighbor (CE2).
6 PE2 runs the enhanced BGP best-path calculation.
7 PE2 installs the best path in the RIB passing the appropriate cost community value.
8 PE2 RIB has two paths for 10.1.1.0/24: one with cost community cost2 added by EIGRP and another with
the cost community cost1 added by BGP. Because both the route paths have cost community, RIB compares
the costs first. The BGP path has the lower cost community, so it is selected and downloaded to the RIB.
9 PE2 RIB redistributes the BGP path into EIGRP with VRF. EIGRP runs a diffusing update algorithm
(DUAL) because there are two paths, and selects the BGP-redistributed path.
10 PE2 EIGRP advertises the path to CE2 making the path the next hop for the prefix to send the traffic over
the MPLS network.
Adding Routes to the Routing Information Base
If a nonsourced path becomes the best path after the best-path calculation, BGP adds the route to the Routing
Information Base (RIB) and passes the cost communities along with the other IGP extended communities.
When a route with paths is added to the RIB by a protocol, RIB checks the current best paths for the route
and the added pathsfor cost extended communities. If cost-extended communities are found, the RIB compares
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 27
Implementing BGP on Cisco ASR 9000 Series Router
BGP Cost Communitythe set of cost communities. If the comparison does not result in a tie, the appropriate best path is chosen. If
the comparison results in a tie, the RIB proceeds with the remaining steps of the best-path algorithm. If a cost
community is not present in either the current best paths or added paths, then the RIB continues with the
remaining steps of the best-path algorithm. See BGP Best Path Algorithm, on page 28 for information on
the BGP best-path algorithm.
BGP Best Path Algorithm
BGP routerstypically receive multiple pathsto the same destination. The BGP best-path algorithm determines
the best path to install in the IP routing table and to use for forwarding traffic. This section describes the Cisco
IOS XR software implementation of BGP best-path algorithm, as specified in Section 9.1 of the Internet
Engineering Task Force (IETF) Network Working Group draft-ietf-idr-bgp4-24.txt document.
The BGP best-path algorithm implementation is in three parts:
Part 1Compares two paths to determine which is better.
Part 2Iterates over all paths and determines which order to compare the paths to select the overall best
path.
Part 3Determines whether the old and new best paths differ enough so that the new best path should
be used.
The order of comparison determined by Part 2 is important because the comparison operation is not
transitive; that is, if three paths, A, B, and C exist, such that when A and B are compared, A is better, and
when B and C are compared, B is better, it is not necessarily the case that when A and C are compared,
A is better. This nontransitivity arises because the multi exit discriminator (MED) is compared only among
paths from the same neighboring autonomous system (AS) and not among all paths.
Note
Comparing Pairs of Paths
Perform the following steps to compare two paths and determine the better path:
1 If either path isinvalid (for example, a path hasthe maximum possible MED value or it has an unreachable
next hop), then the other path is chosen (provided that the path is valid).
2 If the paths have unequal pre-bestpath cost communities, the path with the lower pre-bestpath cost
community is selected as the best path.
Note See BGP Cost Community, on page 23 for details on how cost communities are compared.
3 If the paths have unequal weights, the path with the highest weight is chosen.
The weight is entirely local to the router, and can be set with the weight command or using a routing
policy.
Note
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
28 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Best Path Algorithm4 If the paths have unequal local preferences, the path with the higher local preference is chosen.
If a local preference attribute was received with the path or was set by a routing policy, then that value is
used in this comparison. Otherwise, the default local preference value of 100 is used. The default value
can be changed using the bgp default local-preference command.
Note
5 If one of the paths is a redistributed path, which results from a redistribute or network command, then
it is chosen. Otherwise, if one of the paths is a locally generated aggregate, which results from an
aggregate-address command, it is chosen.
Note Step 1 through Step 4 implement the Path Selection with BGPof RFC 1268.
6 If the paths have unequal AS path lengths, the path with the shorter AS path is chosen. This step is skipped
if bgp bestpath as-path ignore command is configured.
Note When calculating the length of the AS path, confederation segments are ignored, and AS sets count as 1.
eiBGP specifies internal and external BGP multipath peers. eiBGP allows simultaneous use of internal
and external paths.
Note
7 If the paths have different origins, the path with the lower origin is selected. Interior Gateway Protocol
(IGP) is considered lower than EGP, which is considered lower than INCOMPLETE.
8 If appropriate, the MED of the paths is compared. If they are unequal, the path with the lower MED is
chosen.
A number of configuration options exist that affect whether or not this step is performed. In general, the
MED is compared if both paths were received from neighbors in the same AS; otherwise the MED
comparison is skipped. However, this behavior is modified by certain configuration options, and there are
also some corner cases to consider.
If the bgp bestpath med always command is configured, then the MED comparison is always performed,
regardless of neighbor AS in the paths. Otherwise, MED comparison depends on the AS paths of the two
paths being compared, as follows:
If a path has no AS path or the AS path starts with an AS_SET, then the path is considered to be
internal, and the MED is compared with other internal paths.
If the AS path starts with an AS_SEQUENCE, then the neighbor AS is the first AS number in the
sequence, and the MED is compared with other paths that have the same neighbor AS.
If the AS path contains only confederation segments or starts with confederation segments followed
by an AS_SET, then the MED is not compared with any other path unless the bgp bestpath med
confed command is configured. In that case, the path is considered internal and the MED is compared
with other internal paths.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 29
Implementing BGP on Cisco ASR 9000 Series Router
BGP Best Path Algorithm If the AS path starts with confederation segmentsfollowed by an AS_SEQUENCE, then the neighbor
AS is the first AS number in the AS_SEQUENCE, and the MED is compared with other paths that
have the same neighbor AS.
If no MED attribute wasreceived with the path, then the MED is considered to be 0 unlessthe bgp bestpath
med missing-as-worst command is configured. In that case, if no MED attribute was received, the MED
is considered to be the highest possible value.
Note
9 If one path is received from an external peer and the other is received from an internal (or confederation)
peer, the path from the external peer is chosen.
10 If the paths have different IGP metrics to their next hops, the path with the lower IGP metric is chosen.
11 If the paths have unequal IP cost communities, the path with the lower IP cost community is selected as
the best path.
Note See the BGP Cost Community, on page 23 for details on how cost communities are compared.
12 If all path parameters in Step 1 through Step 10 are the same, then the router IDs are compared. If the path
was received with an originator attribute, then that is used as the router ID to compare; otherwise, the
router ID of the neighbor from which the path was received is used. If the paths have different router IDs,
the path with the lower router ID is chosen.
Where the originator is used as the router ID, it is possible to have two paths with the same router ID. It
is also possible to have two BGP sessions with the same peer router, and therefore receive two paths with
the same router ID.
Note
13 If the paths have different cluster lengths, the path with the shorter cluster length is selected. If a path was
not received with a cluster list attribute, it is considered to have a cluster length of 0.
14 Finally, the path received from the neighbor with the lower IP address is chosen. Locally generated paths
(for example, redistributed paths) are considered to have a neighbor IP address of 0.
Order of Comparisons
The second part of the BGP best-path algorithm implementation determines the order in which the paths
should be compared. The order of comparison is determined as follows:
1 The paths are partitioned into groups such that within each group the MED can be compared among all
paths. The same rules as in Comparing Pairs of Paths, on page 28 are used to determine whether MED
can be compared between any two paths. Normally, this comparison resultsin one group for each neighbor
AS. If the bgp bestpath med always command is configured, then there is just one group containing all
the paths.
2 The best path in each group is determined. Determining the best path is achieved by iterating through all
pathsin the group and keeping track of the best one seen so far. Each path is compared with the best-so-far,
and if it is better, it becomes the new best-so-far and is compared with the next path in the group.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
30 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Best Path Algorithm3 A set of paths is formed containing the best path selected from each group in Step 2. The overall best path
is selected from this set of paths, by iterating through them as in Step 2.
Best Path Change Suppression
The third part of the implementation is to determine whether the best-path change can be suppressed or
notwhether the new best path should be used, or continue using the existing best path. The existing best
path can continue to be used if the new one is identical to the point at which the best-path selection algorithm
becomes arbitrary (if the router-id is the same). Continuing to use the existing best path can avoid churn in
the network.
This suppression behavior does not comply with the IETF Networking Working Group
draft-ietf-idr-bgp4-24.txt document, but is specified in the IETF Networking Working Group
draft-ietf-idr-avoid-transition-00.txt document.
Note
The suppression behavior can be turned off by configuring the bgp bestpath compare-routerid command.
If this command is configured, the new best path is always preferred to the existing one.
Otherwise, the following steps are used to determine whether the best-path change can be suppressed:
1 If the existing best path is no longer valid, the change cannot be suppressed.
2 If either the existing or new best paths were received from internal (or confederation) peers or were locally
generated (for example, by redistribution), then the change cannot be suppressed. That is, suppression is
possible only if both paths were received from external peers.
3 If the paths were received from the same peer (the paths would have the same router-id), the change cannot
be suppressed. The router ID is calculated using rules in Comparing Pairs of Paths, on page 28.
4 If the paths have different weights, local preferences, origins, or IGP metrics to their next hops, then the
change cannot be suppressed. Note that all these values are calculated using the rules in Comparing Pairs
of Paths, on page 28.
5 If the paths have different-length AS paths and the bgp bestpath as-path ignore command is not configured,
then the change cannot be suppressed. Again, the AS path length is calculated using the rulesin Comparing
Pairs of Paths, on page 28.
6 If the MED of the paths can be compared and the MEDs are different, then the change cannot be suppressed.
The decision as to whether the MEDs can be compared is exactly the same as the rules in Comparing Pairs
of Paths, on page 28, as is the calculation of the MED value.
7 If all path parameters in Step 1 through Step 6 do not apply, the change can be suppressed.
Administrative Distance
An administrative distance is a rating of the trustworthiness of a routing information source. In general, the
higher the value, the lower the trust rating. For information on specifying the administrative distance for BGP,
see the BGP Commands module of the Cisco ASR 9000 Series Aggregation Services Router Routing Command
Reference
Normally, a route can be learned through more than one protocol. Administrative distance is used to discriminate
between routes learned from more than one protocol. The route with the lowest administrative distance is
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 31
Implementing BGP on Cisco ASR 9000 Series Router
Administrative Distanceinstalled in the IP routing table. By default, BGP uses the administrative distances shown in Table 2: BGP
Default Administrative Distances, on page 32.
Table 2: BGP Default Administrative Distances
Distance Default Value Function
Applied to routes learned from
eBGP.
External 20
Applied to routes learned from
iBGP.
Internal 200
Applied to routes originated by the
router.
Local 200
Distance does not influence the BGP path selection algorithm, but it does influence whether BGP-learned
routes are installed in the IP routing table.
Note
In most cases, when a route is learned through eBGP, it is installed in the IP routing table because of its
distance (20). Sometimes, however, two ASs have an IGP-learned back-door route and an eBGP-learned
route. Their policy might be to use the IGP-learned path as the preferred path and to use the eBGP-learned
path when the IGP path is down. See Figure 3: Back Door Example , on page 32.
Figure 3: Back Door Example
In Figure 3: Back Door Example , on page 32, Routers A and C and Routers B and C are running eBGP.
Routers A and B are running an IGP (such as Routing Information Protocol [RIP], Interior Gateway Routing
Protocol [IGRP], Enhanced IGRP, or Open Shortest Path First [OSPF]). The default distances for RIP, IGRP,
Enhanced IGRP, and OSPF are 120, 100, 90, and 110, respectively. All these distances are higher than the
default distance of eBGP, which is 20. Usually, the route with the lowest distance is preferred.
Router A receives updates about 160.10.0.0 from two routing protocols: eBGP and IGP. Because the default
distance for eBGP is lower than the default distance of the IGP, Router A chooses the eBGP-learned route
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
32 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Administrative Distancefrom Router C. If you want Router A to learn about 160.10.0.0 from Router B (IGP), establish a BGP back
door. See .
In the following example, a network back-door is configured:
RP/0/RSP0/CPU0:router(config)# router bgp 100
RP/0/RSP0/CPU0:router(config-bgp)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-af)# network 160.10.0.0/16 backdoor
Router A treats the eBGP-learned route as local and installs it in the IP routing table with a distance of 200.
The network is also learned through Enhanced IGRP (with a distance of 90), so the Enhanced IGRP route is
successfully installed in the IP routing table and is used to forward traffic. If the Enhanced IGRP-learned
route goes down, the eBGP-learned route is installed in the IP routing table and is used to forward traffic.
Although BGP treats network 160.10.0.0 as a local entry, it does not advertise network 160.10.0.0 asit normally
would advertise a local entry.
Multiprotocol BGP
Multiprotocol BGP is an enhanced BGP that carries routing information for multiple network layer protocols
and IP multicast routes. BGP carries two sets of routes, one set for unicast routing and one set for multicast
routing. The routes associated with multicast routing are used by the Protocol Independent Multicast (PIM)
feature to build data distribution trees.
Multiprotocol BGP is useful when you want a link dedicated to multicast traffic, perhaps to limit which
resources are used for which traffic. Multiprotocol BGP allows you to have a unicast routing topology different
from a multicast routing topology providing more control over your network and resources.
In BGP, the only way to perform interdomain multicast routing was to use the BGP infrastructure that was
in place for unicast routing. Perhaps you want all multicast traffic exchanged at one network access point
(NAP). If those routers were not multicast capable, or there were differing policies for which you wanted
multicast traffic to flow, multicast routing could not be supported without multiprotocol BGP.
It is possible to configure BGP peers that exchange both unicast and multicast network layer reachability
information (NLRI), but you cannot connect multiprotocol BGP clouds with a BGP cloud. That is, you
cannot redistribute multiprotocol BGP routes into BGP.
Note
Figure 4: Noncongruent Unicast and Multicast Routes, on page 34 illustrates simple unicast and multicast
topologies that are incongruent, and therefore are not possible without multiprotocol BGP.
Autonomous systems 100, 200, and 300 are each connected to two NAPs that are FDDI rings. One is used
for unicast peering (and therefore the exchange of unicast traffic). The Multicast Friendly Interconnect (MFI)
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 33
Implementing BGP on Cisco ASR 9000 Series Router
Multiprotocol BGPring is used for multicast peering (and therefore the exchange of multicast traffic). Each router is unicast and
multicast capable.
Figure 4: Noncongruent Unicast and Multicast Routes
Figure 5: Multicast BGP Environment, on page 35 is a topology of unicast-only routers and multicast-only
routers. The two routers on the left are unicast-only routers (that is, they do not support or are not configured
to perform multicast routing). The two routers on the right are multicast-only routers. Routers A and B support
both unicast and multicast routing. The unicast-only and multicast-only routers are connected to a single NAP.
In Figure 5: Multicast BGP Environment, on page 35, only unicast traffic can travel from Router A to the
unicast routers to Router B and back. Multicast traffic could not flow on that path, so another routing table is
required. Multicast traffic uses the path from Router A to the multicast routers to Router B and back.
Figure 5: Multicast BGP Environment, on page 35 illustrates a multiprotocol BGP environment with a
separate unicast route and multicast route from Router A to Router B. Multiprotocol BGP allows these routes
to be incongruent. Both of the autonomous systems must be configured for internal multiprotocol BGP
(IMBGP) in the figure.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
34 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Multiprotocol BGPA multicast routing protocol,such as PIM, usesthe multicast BGP database to perform Reverse Path Forwarding
(RPF) lookupsfor multicast-capable sources. Thus, packets can be sent and accepted on the multicast topology
but not on the unicast topology.
Figure 5: Multicast BGP Environment
Route Dampening
Route dampening is a BGP feature that minimizes the propagation of flapping routes across an internetwork.
A route is considered to be flapping when it is repeatedly available, then unavailable, then available, then
unavailable, and so on.
For example, consider a network with three BGP autonomous systems: autonomous system 1, autonomous
system 2, and autonomoussystem 3. Suppose the route to network A in autonomoussystem 1 flaps(it becomes
unavailable). Under circumstances without route dampening, the eBGP neighbor of autonomous system 1 to
autonomous system 2 sends a withdraw message to autonomous system 2. The border router in autonomous
system 2, in turn, propagates the withdrawal message to autonomous system 3. When the route to network A
reappears, autonomous system 1 sends an advertisement message to autonomous system 2, which sends it to
autonomous system 3. If the route to network A repeatedly becomes unavailable, then available, many
withdrawal and advertisement messages are sent. Route flapping is a problem in an internetwork connected
to the Internet, because a route flap in the Internet backbone usually involves many routes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 35
Implementing BGP on Cisco ASR 9000 Series Router
Route DampeningMinimizing Flapping
The route dampening feature minimizes the flapping problem as follows. Suppose again that the route to
network A flaps. The router in autonomous system 2 (in which route dampening is enabled) assigns network
A a penalty of 1000 and moves it to history state. The router in autonomous system 2 continues to advertise
the status of the route to neighbors. The penalties are cumulative. When the route flaps so often that the penalty
exceeds a configurable suppression limit, the router stops advertising the route to network A, regardless of
how many times it flaps. Thus, the route is dampened.
The penalty placed on network A is decayed until the reuse limit is reached, upon which the route is once
again advertised. At half of the reuse limit, the dampening information for the route to network A is removed.
No penalty is applied to a BGP peer reset when route dampening is enabled, even though the reset withdraws
the route.
Note
BGP Routing Domain Confederation
One way to reduce the iBGP mesh is to divide an autonomous system into multiple subautonomous systems
and group them into a single confederation. To the outside world, the confederation looks like a single
autonomous system. Each autonomous system is fully meshed within itself and has a few connections to other
autonomous systems in the same confederation. Although the peers in different autonomous systems have
eBGP sessions, they exchange routing information as if they were iBGP peers. Specifically, the next hop,
MED, and local preference information is preserved. This feature allows you to retain a single IGP for all of
the autonomous systems.
BGP Route Reflectors
BGP requires that all iBGP speakers be fully meshed. However, this requirement does not scale well when
there are many iBGP speakers. Instead of configuring a confederation, you can reduce the iBGP mesh by
using a route reflector configuration.
Figure 6: Three Fully Meshed iBGP Speakers, on page 37 illustrates a simple iBGP configuration with three
iBGP speakers(routers A, B, and C). Without route reflectors, when Router A receives a route from an external
neighbor, it must advertise it to both routers B and C. Routers B and C do not readvertise the iBGP learned
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
36 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Routing Domain Confederationroute to other iBGP speakers because the routers do not pass on routes learned from internal neighbors to
other internal neighbors, thus preventing a routing information loop.
Figure 6: Three Fully Meshed iBGP Speakers
With route reflectors, all iBGP speakers need not be fully meshed because there is a method to pass learned
routes to neighbors. In this model, an iBGP peer is configured to be a route reflector responsible for passing
iBGP learned routes to a set of iBGP neighbors. In Figure 7: Simple BGP Model with a Route Reflector, on
page 38 , Router B is configured as a route reflector. When the route reflector receives routes advertised from
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 37
Implementing BGP on Cisco ASR 9000 Series Router
BGP Route ReflectorsRouter A, it advertisesthem to Router C, and vice versa. Thisscheme eliminatesthe need for the iBGP session
between routers A and C.
Figure 7: Simple BGP Model with a Route Reflector
The internal peers of the route reflector are divided into two groups: client peers and all other routers in the
autonomous system (nonclient peers). A route reflector reflects routes between these two groups. The route
reflector and its client peers form a cluster. The nonclient peers must be fully meshed with each other, but the
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
38 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Route Reflectorsclient peers need not be fully meshed. The clients in the cluster do not communicate with iBGP speakers
outside their cluster.
Figure 8: More Complex BGP Route Reflector Model
Figure 8: More Complex BGP Route Reflector Model, on page 39 illustrates a more complex route reflector
scheme. Router A is the route reflector in a cluster with routers B, C, and D. Routers E, F, and G are fully
meshed, nonclient routers.
When the route reflector receives an advertised route, depending on the neighbor, it takesthe following actions:
A route from an external BGP speaker is advertised to all clients and nonclient peers.
A route from a nonclient peer is advertised to all clients.
A route from a client is advertised to all clients and nonclient peers. Hence, the clients need not be fully
meshed.
Along with route reflector-aware BGP speakers, it is possible to have BGP speakers that do not understand
the concept of route reflectors. They can be members of either client or nonclient groups, allowing an easy
and gradual migration from the old BGP model to the route reflector model. Initially, you could create a single
cluster with a route reflector and a few clients. All other iBGP speakers could be nonclient peers to the route
reflector and then more clusters could be created gradually.
An autonomous system can have multiple route reflectors. A route reflector treats other route reflectors just
like other iBGP speakers. A route reflector can be configured to have other route reflectors in a client group
or nonclient group. In a simple configuration, the backbone could be divided into many clusters. Each route
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 39
Implementing BGP on Cisco ASR 9000 Series Router
BGP Route Reflectorsreflector would be configured with other route reflectors as nonclient peers (thus, all route reflectors are fully
meshed). The clients are configured to maintain iBGP sessions with only the route reflector in their cluster.
Usually, a cluster of clients has a single route reflector. In that case, the cluster is identified by the router ID
of the route reflector. To increase redundancy and avoid a single point of failure, a cluster might have more
than one route reflector. In this case, all route reflectors in the cluster must be configured with the cluster ID
so that a route reflector can recognize updates from route reflectors in the same cluster. All route reflectors
serving a cluster should be fully meshed and all of them should have identical sets of client and nonclient
peers.
By default, the clients of a route reflector are not required to be fully meshed and the routes from a client are
reflected to other clients. However, if the clients are fully meshed, the route reflector need not reflect routes
to clients.
As the iBGP learned routes are reflected, routing information may loop. The route reflector model has the
following mechanisms to avoid routing loops:
Originator ID is an optional, nontransitive BGP attribute. It is a 4-byte attributed created by a route
reflector. The attribute carriesthe router ID of the originator of the route in the local autonomoussystem.
Therefore, if a misconfiguration causesrouting information to come back to the originator, the information
is ignored.
Cluster-list is an optional, nontransitive BGP attribute. It is a sequence of cluster IDs that the route has
passed. When a route reflector reflects a route from its clients to nonclient peers, and vice versa, it
appends the local cluster ID to the cluster-list. If the cluster-list is empty, a new cluster-list is created.
Using this attribute, a route reflector can identify if routing information is looped back to the same cluster
due to misconfiguration. If the local cluster ID is found in the cluster-list, the advertisement is ignored.
Default Address Family for show Commands
Most of the show commands provide address family (AFI) and subaddress family (SAFI) arguments (see
RFC 1700 and RFC 2858 for information on AFI and SAFI). The Cisco IOS XR software parser provides the
ability to set the afi and safi so that it is not necessary to specify them while running a show command. The
parser commands are:
set default-afi { ipv4 | ipv6 | all }
set default-safi { unicast | multicast | all }
The parser automatically sets the default afi value to ipv4 and default safi value to unicast . It is necessary
to use only the parser commands to change the default afi value from ipv4 or default safi value from unicast
. Any afi or safi keyword specified in a show command overrides the values set using the parser commands.
Use the following show default-afi-safi-vrf command to check the currently set value of the afi and safi.
Distributed BGP
Distributed BGP splits BGP functionality into three process types:
BGP process managerResponsible for verifying configuration changes and for calculating and
publishing the distribution of neighbors among BGP speaker processes.
There is a single instance of this process.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
40 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Default Address Family for show Commands bRIB processResponsible for performing the best-path calculation of routes (receives partial best
paths from the speaker). The best route is installed into the bRIB and is advertised back to all speakers.
See the BGP Best Path Algorithm, on page 28 for information on best-path calculation. The bRIB
process is also responsible for installing routes in the RIB, and for handling routes redistributed from
the RIB. To accommodate route leaking from one RIB to another, bRIB may register for redistribution
from multiple RIB routes into a single route in the bRIB process.
There is a single instance of this process for each address family.
BGP speaker processResponsible for handling all BGP connections to peers. The speaker stores
received paths in the RIB and performs a partial best-path calculation, advertising the partial best paths
to the bRIB (limited best-path calculation). Speakers perform a limited best-path calculation because to
compare Multi Exit Discriminators (MEDs), paths need to be compared from the same AS but may not
be received on the same speaker. Because BGP speakers do not have access to the entire BGP local RIB,
BGP speakers can perform only a limited best-path calculation. (These are Step 1 through Step 7 in the
BGP Best Path Algorithm, on page 28.) Only the best paths are advertised to the bRIB to reduce
speaker/bRIB interprocess communications (IPC) and to reduce the number of paths to be processed in
the bRIB. BGP speakers can only mark a path as active only after learning the result of the full best-path
calculation from the bRIB. Neighbor import and export policies are imposed by the speaker.
If the bgp bestpath med always command is enabled, complete best-path calculation happens inside
speaker process. When the bgp bestpath med always command is not enabled,speakers calculate partial
best paths only (performs the best-path steps up to the MED comparison) and send them to bRIB. bRIB
calculatesthe final best path (performs all the stepsin the best-path calculation).When the bgp bestpath
med always command is enabled, speakers can compare the MED across all ASs, allowing the speaker
to calculate a single best path to send it to bRIB. bRIB is the ultimate process that calculates the final
best path, but when the bgp bestpath med always command is enabled, the speakers send a single best
path instead of potentially sending multiple partial best paths.
There are multiple instances of this process in which each instance is responsible for a subset of BGP
peer connections.
Up to a total 15 speakers for all address families and one bRIB for each address family (IPv4, IPv6, and
VPNv4) are supported.
Distributed BGP is used to reduce the impact that a fault in one address family has on another address family.
For example, you can have one speaker with only IPv6 neighbors (peering to IPv6 addresses) and a separate
speaker with only IPv4 neighbors (peering to IPv4 addresses), and yet another speaker with only VPNv4
provider edge (PE) or customer edge (CE) neighbors (peering to IPv4 addresses distinct from the non-VPN
neighbors). In this scenario, there is no overlap in processes (bgp, brib, and rib) between IPv4, IPv6, and
VPNv4. Therefore, a bgp, brib, or rib process crash affects only one address family. Distributed BGP also
allows more CPU capacity for receiving, computing, and sending BGP routing updates. When in distributed
BGP mode, you can control the number of distributed speakers that are enabled, as well as which neighbors
are assigned to each speaker. If no distributed speakers are enabled, BGP operates in standalone mode. If at
least one distributed speaker is enabled, BGP operates in distributed mode.
MPLS VPN Carrier Supporting Carrier
Carrier supporting carrier (CSC) is a term used to describe a situation in which one service provider allows
another service provider to use a segment of its backbone network. The service provider that provides the
segment of the backbone network to the other provider is called the backbone carrier. The service provider
that uses the segment of the backbone network is called the customer carrier.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 41
Implementing BGP on Cisco ASR 9000 Series Router
MPLS VPN Carrier Supporting CarrierA backbone carrier offers Border Gateway Protocol and Multiprotocol Label Switching (BGP/MPLS) VPN
services. The customer carrier can be either:
An Internet service provider (ISP) (By definition, an ISP does not provide VPN service.)
A BGP/MPLS VPN service provider
You can configure a CSC network to enable BGP to transport routes and MPLS labels between the backbone
carrier provider edge (PE) routers and the customer carrier customer edge (CE) routers using multiple paths.
The benefits of using BGP to distribute IPv4 routes and MPLS label routes are:
BGP takes the place of an Interior Gateway Protocol (IGP) and Label Distribution Protocol (LDP) in a
VPN routing and forwarding (VRF) table. You can use BGP to distribute routes and MPLS labels. Using
a single protocol instead of two simplifies the configuration and troubleshooting.
BGP is the preferred routing protocol for connecting two ISPs, mainly because of its routing policies
and ability to scale. ISPs commonly use BGP between two providers. This feature enables those ISPs
to use BGP.
For detailed information on configuring MPLS VPN CSC with BGP, see the Implementing MPLS Layer 3
VPNs on Cisco ASR 9000 Series Router module of the Cisco ASR 9000 Series Aggregation Services Router
MPLS Configuration Guide.
BGP Keychains
BGP keychains enable keychain authentication between two BGP peers. The BGP endpoints must both comply
with draft-bonica-tcp-auth-05.txt and a keychain on one endpoint and a password on the other endpoint does
not work.
See the Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide for
information on keychain management.
BGP is able to use the keychain to implement hitless key rollover for authentication. Key rolloverspecification
is time based, and in the event of clock skew between the peers, the rollover process is impacted. The
configurable tolerance specification allows for the accept window to be extended (before and after) by that
margin. This accept window facilitates a hitless key rollover for applications (for example, routing and
management protocols).
The key rollover does not impact the BGP session, unless there is a keychain configuration mismatch at the
endpoints resulting in no common keys for the session traffic (send or accept).
BGP Nonstop Routing
The Border Gateway Protocol (BGP) Nonstop Routing (NSR) with Stateful Switchover (SSO) feature enables
all bgp peerings to maintain the BGP state and ensure continuous packet forwarding during events that could
interrupt service. Under NSR, events that might potentially interrupt service are not visible to peer routers.
Protocolsessions are not interrupted and routing states are maintained across processrestarts and switchovers.
BGP NSR provides nonstop routing during the following events:
Route processor switchover
Process crash or process failure of BGP or TCP
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
42 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP KeychainsIn case of process crash or process failure, NSR will be maintained only if nsr
process-failures switchover command is configured. In the event of process failures
of active instances, the nsr process-failuresswitchover configuresfailover as a recovery
action and switches over to a standby route processor (RP) or a standby distributed route
processor (DRP) thereby maintaining NSR.
The nsr process-failures switchover command maintains both the NSR and BGP
sessions in the event of a BGP or TCP process restart. Without configuring the nsr
process-failures switchover, restarting the BGP or TCP process causes BGP flap. This
is an expected behavior.
Note
During route processor switchover and In-Service System Upgrade (ISSU), NSR is achieved by stateful
switchover (SSO) of both TCP and BGP.
NSR does not force any software upgrades on other routers in the network, and peer routers are not required
to support NSR.
When a route processor switchover occurs due to a fault, the TCP connections and the BGP sessions are
migrated transparently to the standby route processor, and the standby route processor becomes active. The
existing protocol state is maintained on the standby route processor when it becomes active, and the protocol
state does not need to be refreshed by peers.
Events such as soft reconfiguration and policy modifications can trigger the BGP internal state to change. To
ensure state consistency between active and standby BGP processes during such events, the concept of post-it
is introduced that act as synchronization points.
BGP NSR provides the following features:
NSR-related alarms and notifications
Configured and operational NSR states are tracked separately
NSR statistics collection
NSR statistics display using show commands
XML schema support
Auditing mechanisms to verify state synchronization between active and standby instances
CLI commands to enable and disable NSR
Support for 5000 NSR sessions
BGP Prefix Independent Convergence Unipath Primary/Backup
The Border Gateway Protocol Prefix Independent Convergence Unipath (BGP PIC Unipath) primary/backup
feature provides the capability to install a backup path into the forwarding table. Installing the backup path
provides prefix independent convergence in the event of a primary PECE link failure.
The primary/backup path provides a mechanism for BGP to determine a backup best path. The backup best
path acts as a backup to the overall best path, which is the primary best path. BGP programs both the paths
into the Forwarding Information Base (FIB).
The procedure to determine the backup best path is as follows:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 43
Implementing BGP on Cisco ASR 9000 Series Router
BGP Prefix Independent Convergence Unipath Primary/Backup1 Determine the best path from the entire set of paths available for a prefix.
2 Eliminate the current best path.
3 Eliminate all the paths that have the same next hop as that of the current best path.
4 Rerun the best path algorithm on the remaining set of paths to determine the backup best path.
The PE-CE local convergence is in the order of four to five seconds for 10000 prefixes. Installing a backup
path on the linecards, so that the Forwarding Information Base (FIB) can immediately switch to an alternate
path, in the event of a primary PE-CE link failure reduces the convergence time.
In the case of primary PE-CE link failure, the FIB starts forwarding the received traffic towards the backup
PE. FIB will continue forwarding the received traffic towards the backup PE for the duration of the network
convergence. Since the approach of using a backup path is independent to the prefixes, Prefix Independent
Convergence Unipath functionality provides a prefix independent sub second convergence.
The additional-paths selection command installs the backup path in the Forwarding Information Base (FIB)
to enable primary backup path.
BGP Local Label Retention
When a primary PE-CE link fails, BGP withdraws the route corresponding to the primary path along with its
local label and programsthe backup path in the Routing Information Base (RIB) and the Forwarding Information
Base (FIB), by default.
However, until all the internal peers of the primary PE reconverge to use the backup path as the new bestpath,
the traffic continues to be forwarded to the primary PE with the local label that was allocated for the primary
path. Hence the previously allocated local label for the primary path must be retained on the primary PE for
some configurable time after the reconvergence. BGP Local Label Retention feature enables the retention of
the local label for a specified period. If no time is specified, the local lable is retained for a default value of
five minutes.
The retain local-label command enables the retention of the local label until the network is converged.
Command Line Interface (CLI) Consistency for BGP Commands
From Cisco IOS XR Release 3.9.0 onwards, the Border Gateway Protocol (BGP) commands use disable
keyword to disable a feature. The keyword inheritance-disable disables the inheritance of the feature
properties from the parent level.
BGP Additional Paths
The Border Gateway Protocol (BGP) Additional Paths feature modifies the BGP protocol machinery for a
BGP speaker to be able to send multiple paths for a prefix. This gives 'path diversity' in the network. The add
path enables BGP prefix independent convergence (PIC) at the edge routers.
BGP add path enables add path advertisement in an iBGP network and advertises the following types of paths
for a prefix:
Backup pathsto enable fast convergence and connectivity restoration.
Group-best pathsto resolve route oscillation.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
44 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Local Label Retention All pathsto emulate an iBGP full-mesh.
Add path is not be supported with MDT, tunnel, and L2VPN addressfamilies and eBGP
peerings.
Note
iBGP Multipath Load Sharing
When a Border Gateway Protocol (BGP)speaking router that has no local policy configured, receives multiple
network layer reachability information (NLRI) from the internal BGP (iBGP) for the same destination, the
router will choose one iBGP path as the best path. The best path is then installed in the IP routing table of the
router.
The iBGP Multipath Load Sharing feature enables the BGP speaking router to select multiple iBGP paths as
the best paths to a destination. The best paths or multipaths are then installed in the IP routing table of the
router.
When there are multiple border BGP routers having reachability information heard over eBGP, if no local
policy is applied, the border routers will choose their eBGP paths as best. They advertise that bestpath inside
the ISP network. For a core router, there can be multiple paths to the same destination, but it will select only
one path as best and use that path for forwarding. iBGP multipath load sharing adds the ability to enable load
sharing among multiple equi-distant paths.
Configuring multiple iBGP best paths enables a router to evenly share the traffic destined for a particular site.
The iBGP Multipath Load Sharing feature functions similarly in a Multiprotocol Label Switching (MPLS)
Virtual Private Network (VPN) with a service provider backbone.
For multiple paths to the same destination to be considered as multipaths, the following criteria must be met:
All attributes must be the same. The attributes include weight, local preference, autonomous system
path (entire attribute and not just length), origin code, Multi Exit Discriminator (MED), and Interior
Gateway Protocol (iGP) distance.
The next hop router for each multipath must be different.
Even if the criteria are met and multiple paths are considered multipaths, the BGP speaking router will still
designate one of the multipaths as the best path and advertise this best path to its neighbors.
Accumulated Interior Gateway Protocol Attribute
The Accumulated Interior Gateway Protocol (AiGP)Attribute is an optional non-transitive BGP Path Attribute.
The attribute type code for the AiGP Attribute isto be assigned by IANA. The value field of the AiGP Attribute
is defined as a set of Type/Length/Value elements (TLVs). The AiGP TLV contains the Accumulated IGP
Metric.
The AiGP feature is required in the 3107 network to simulate the current OSPF behavior of computing the
distance associated with a path. OSPF/LDP carries the prefix/label information only in the local area. Then,
BGP carries the prefix/lable to all the remote areas by redistributing the routes into BGP at area boundaries.
The routes/labels are then advertised using LSPs. The next hop for the route is changed at each ABR to local
router which removes the need to leak OSPF routes across area boundaries. The bandwidth available on each
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 45
Implementing BGP on Cisco ASR 9000 Series Router
iBGP Multipath Load Sharingof the core links is mapped to OSPF cost, hence it is imperative that BGP carries this cost correctly between
each of the PEs. This functionality is achieved by using the AiGP.
Per VRF and Per CE Label for IPv6 Provider Edge
The per VRF and per CE label for IPv6 feature makes it possible to save label space by allocating labels per
default VRF or per CE nexthop.
All IPv6 Provider Edge (6PE) labels are allocated per prefix by default. Each prefix that belongs to a VRF
instance is advertised with a single label, causing an additional lookup to be performed in the VRF forwarding
table to determine the customer edge (CE) next hop for the packet.
However, use the label-allocation-mode command with the per-ce keyword or the per-vrf keyword to avoid
the additional lookup on the PE router and conserve label space.
Use per-ce keyword to specify that the same label be used for all the routes advertised from a unique customer
edge (CE) peer router. Use the per-vrf keyword to specify that the same label be used for all the routes
advertised from a unique VRF.
IPv4 BGP-Policy Accounting on Cisco ASR 9000's A9K-SIP-700
Border Gateway Protocol (BGP) policy accounting measures and classifies IP traffic that is sent to, or received
from, different peers. Policy accounting is enabled on an individual input or output interface basis. Counters
based on parameters such as community list, autonomous system number, or autonomous system path are
assigned to identify the IP traffic.
Using BGP policy accounting, you can account for traffic according to the route it traverses. Service providers
can identify and account for all traffic by customer and bill accordingly.
For more information on BGP policy accounting and how to configure BGP policy accounting, refer the
Implementing Cisco Express Forwarding module in Cisco ASR 9000 Series Aggregation Services Router IP
Addresses and Services Configuration Guide.
IPv6 Unicast Routing on Cisco ASR 9000's A9K-SIP-700
Cisco ASR 9000's A9K-SIP-700 provides complete Internet Protocol Version 6 (IPv6) unicast capability.
An IPv6 unicast address is an identifier for a single interface, on a single node. A packet that is sent to a unicast
address is delivered to the interface identified by that address. Cisco IOS XR software supports the following
IPv6 unicast address types:
Global aggregatable address
Site-local address
Link-local address
IPv4-compatible IPv6 address
For more information on IPv6 unicase addressing, refer the Implementing Network Stack IPv4 and IPv6
module in Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration
Guide.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
46 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Per VRF and Per CE Label for IPv6 Provider EdgeIPv6 uRPF Support on Cisco ASR 9000's A9K-SIP-700
Unicast IPv6 Reverse Path Forwarding (uRPF) mitigates problems caused by the introduction of malformed
orspoofed IP source addressesinto a network by discarding IP packetsthat lack a verifiable IP source address.
Unicast RPF does this by doing a reverse lookup in the Cisco Express Forwarding (CEF) table. Therefore,
uRPF is possible only if CEF is enabled on the router.
Use the ipv6 verify unicast source reachable-via {any | rx} [allow-default] [allow-self-ping] command in
interface configuration mode to enable IPV6 uRPF.
For more information on IPv6 uRPF, refer Implementing Cisco Express Forwarding module in Cisco ASR 9000
Series Aggregation Services Router IP Addresses and Services Command Reference
Remove and Replace Private AS Numbers from AS Path in BGP
Private autonomous system numbers (ASNs) are used by Internet Service Providers (ISPs) and customer
networks to conserve globally unique AS numbers. Private AS numbers cannot be used to access the global
Internet because they are not unique. AS numbers appear in eBGP AS paths in routing updates. Removing
private ASNs from the AS path is necessary if you have been using private ASNs and you want to access the
global Internet.
Public AS numbers are assigned by InterNIC and are globally unique. They range from 1 to 64511. Private
AS numbers are used to conserve globally unique AS numbers, and they range from 64512 to 65535. Private
AS numbers cannot be leaked to a global BGP routing table because they are not unique, and BGP best path
calculationsrequire unique AS numbers. Therefore, it might be necessary to remove private AS numbersfrom
an AS path before the routes are propagated to a BGP peer.
External BGP (eBGP) requires that globally unique AS numbers be used when routing to the global Internet.
Using private AS numbers (which are not unique) would prevent access to the global Internet. The remove
and replace private AS Numbers from AS Path in BGP feature allows routers that belong to a private AS to
accessthe global Internet. A network administrator configuresthe routersto remove private AS numbersfrom
the AS path contained in outgoing update messages and optionally, to replace those numbers with the ASN
of the local router, so that the AS Path length remains unchanged.
The ability to remove and replace private AS numbers from the AS Path is implemented in the following
ways:
The remove-private-as command removes private AS numbers from the AS path even if the path
contains both public and private ASNs.
The remove-private-as command removes private AS numbers even if the AS path contains only private
AS numbers. There is no likelihood of a 0-length AS path because this command can be applied to eBGP
peers only, in which case the AS number of the local router is appended to the AS path.
The remove-private-as command removes private AS numbers even if the private ASNs appear before
the confederation segments in the AS path.
The replace-as command replaces the private AS numbers being removed from the path with the local
AS number, thereby retaining the same AS path length.
The feature can be applied to neighbors per address family (address family configuration mode). Therefore,
you can apply the feature for a neighbor in one address family and not on another, affecting update messages
on the outbound side for only the address family for which the feature is configured.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 47
Implementing BGP on Cisco ASR 9000 Series Router
IPv6 uRPF Support on Cisco ASR 9000's A9K-SIP-700Use show bgp neighbors and show bgp update-group commands to verify that the that private AS numbers
were removed or replaced.
Selective VRF Download
Selective VRF Download (SVD) feature is a solution to download only those prefixes and labels to a line
card that are actively required to forward traffic through that line card.
To meet the demand for a consolidated edge MSE platform, the number of VRFs, VRF interfaces, and prefix
capacity increases. Convergence timings are different in different line card engines. One of the major factors
that determine convergence timing is the time taken to process and program a prefix and its associated data
structures. Hence, less number of prefixes and labels ensure better convergence timing. SVD reducesscalability
and convergence problems in L3VPNs by enabling selective download of VRF routes to both Engine-3 (E3)
and Engine-5 (E5) Linecards.
SVD is enabled by default on the line cards. Use selective-vrf-download disable command to disable SVD.
Use show svd role and show svd state commands to display the role and state information of SVD on the
line cards.
For more information on Selective VRF Download, see Cisco white paper, Selective Virtual Routing and
Forwarding Table Download: A solution to increase Layer3 VPN scale at this URL http://www.cisco.com/
en/US/technologies/collateral/tk648/tk365/white_paper_c11-681649.html
Line Card Roles and Filters
In a Selective VRF Download (SVD) context, the line cards have these roles:
Core LC: A line card which has only core facing interfaces (interfaces that connect to other P/PEs
Customer LC: A line card which has one or more customer facing interfaces (interfaces that connect to
CEs in different VRFs)
The line cards handle these prefixes:
Local Prefix: A prefix that is received from a CE connected to the router in a configured VRF context
Remote Prefix: A prefix received from another PE and is imported to a configured VRF
These filters are applicable to each line card type:
A core LC needs all the local prefixes and VRF labels so that the label and/or IP forwarding is set up
correctly.
A customer LC needs both the local and remote prefixes for all the VRFs that it is connected to and for
any other VRFs that some connected VRF has dependency on (This is based on the import/export RT
configuration; VRF A may have imported routes from VRF B, so the imported route in VRF A
points to a next-hop that is in VRF B. For route resolution, VRF B routes need to be downloaded to
each line card that has a VRF A interface.)
If a line card is hosting both core facing and customer facing interfaces then it does not need to do any
filtering at all. All the tables and all routes will be present on such line cards. These line cards will have
a role called standard. All RPs and DRPs will have the standard role.
While the IPv4 default table needs to be present an all nodes, to correctly resolve L3VPN routes, if the
line card does not have any IPv6 interfaces it can filter out all IPv6 tables and routes. In such a case the
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
48 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Selective VRF Downloadline card can be deemed not interested in the IPv6 AFI and should behave similar to if IPv6 is not
supported by the line card.
BGP DMZ Link Bandwidth for Unequal Cost Recursive Load Balancing
Border Gateway Protocol demilitarized zone (BGP DMZ) Link Bandwidth for Unequal Cost Recursive Load
Balancing provides support for unequal cost load balancing for recursive prefixes on local node using BGP
DMZ Link Bandwidth. The unequal load balance is achieved by using the dmz-link-bandwidth command
in BGP Neighbor configuration mode and the bandwidth command in Interface configuration mode.
BFD Multihop Support for BGP
Bi-directional Forwarding Detection Multihop (BFD-MH) support is enabled for BGP. BFD Multihop
establishes a BFD session between two addressesthat may span multiple network hops. Cisco IOS XR Software
BFD Multihop is based on RFC 5883. For more information on BFD Multihop, refer Cisco ASR 9000 Series
Aggregation Services Router Interface and Hardware Component Configuration Guide and Cisco ASR 9000
Series Aggregation Services Router Interface and Hardware Component Command Reference.
BGP Multi-Instance/Multi-AS Support
Multi-Instance BGP is support for multiple BGP instances. Each BGP instance is a separate process running
on the same or on a different RP/DRP node. The BGP instances do not share any prefix table between them.
No need for a common adj-rib-in (bRIB) as is the case with distributed BGP. The BGP instances do not
communicate with each other and do not set up peering with each other. Each individual instance can set up
peering with another router independently.
Multi-AS BGP enables configuring each instance of a multi-instance BGP with a different AS number.
Multi-Instance/Multi-AS BGP provides these capabilities:
Mechanism to consolidate the services provided by multiple routers using a common routing infrastructure
into a single IOS-XR router.
Mechanism to achieve AF isolation by configuring the different AFs in different BGP instances.
Means to achieve higher session scale by distributing the overall peering sessions between multiple
instances.
Mechanism to achieve higher prefix scale (especially on a RR) by having different instances carrying
different BGP tables.
Improved BGP convergence under certain scenarios.
All BGP functionalities including NSR are supported for all the instances.
BGP Prefix Origin Validation Based on RPKI
A BGP route associates an address prefix with a set of autonomous systems (AS) that identify the interdomain
path the prefix has traversed in the form of BGP announcements. This set is represented as the AS_PATH
attribute in BGP and starts with the AS that originated the prefix.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 49
Implementing BGP on Cisco ASR 9000 Series Router
BGP DMZ Link Bandwidth for Unequal Cost Recursive Load BalancingTo help reduce well-known threats against BGP including prefix mis-announcing and monkey-in-the-middle
attacks, one of the security requirements is the ability to validate the origination AS of BGP routes. The AS
number claiming to originate an address prefix (as derived from the AS_PATH attribute of the BGP route)
needs to be verified and authorized by the prefix holder.
The Resource Public Key Infrastructure (RPKI) is an approach to build a formally verifiable database of IP
addresses and AS numbers as resources. The RPKI is a globally distributed database containing, among other
things, information mapping BGP (internet) prefixes to their authorized origin-AS numbers. Routers running
BGP can connect to the RPKI to validate the origin-AS of BGP paths.
BGP 3107 PIC Updates for Global Prefixes
The BGP 3107 PIC Updates for Global Prefixes feature supports Prefix Independent Convergence (PIC)
updates for global IPv4 and IPv6 prefixes in an MPLS VPN provider network. This feature is based on RFC
3107 that describes using BGP to distribute MPLS labels for global IPv4 or IPv6 prefixes. This enables IGP
to scale better and also provides PIC updates for fast convergence.
RFC 3107 enables routes and labels to be carried in BGP. When BGP is used to distribute a particular route,
it can also be used to distribute an MPLS label that is mapped to that route. The label mapping information
for a particular route is piggybacked in the same BGP Update message that is used to distribute the route
itself. RFC 3107 allows filtering of Next-Hop Loops from OSPF and reduces labels advertised by LDP. This
implementation significantly reduces OSPF and LDP database.
The 3107 PIC implementation supports the following address-families with additional-path configuration.
address-family ipv4 unicast
address-family ipv6 unicast
address-family vpnv4 unicast
address-family vpnv6 unicast
The address-family l2vpn vpls-vpws does not support additional-path. Hence, the l2vpn service that uses
address-family l2vpn vpls-vpws does not guarantee PIC convergence time.
Note
The 3107 PIC implementation supports these Cisco IOS XR features:
PIC Edge for 3107
Traffic Engineering Fast-reroute (TE FRR)Traffic convergence for core link failure is guaranteed
within 50 milliseconds using verbatim tunnel.
L2VPN Service
L3VPN VPNv4 Service
6 PE Service
6 VPE Service
VPLS Service
BGP 3107 PIC Updates for Global Prefixes implementation uses a shared recursive Load Info (RLDI)
forwarding object in place of a Light-Weight recursive (LW-RLDI) object. The RLDI is shared between
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
50 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP 3107 PIC Updates for Global Prefixesmultiple leaves, while the LW-RLDI is instantiated per leaf. Sharing helps in handling PIC updates since it
will be prefix independent.
BGP Prefix Independent Convergence for RIB and FIB
BGP PIC for RIB and FIB adds support for static recursive as PE-CE and faster backup activation by using
fast re-route trigger.
The BGP PIC for RIB and FIB feature supports:
FRR-like trigger for faster PE-CE link down detection, to further reduce the convergence time (Fast
PIC-edge activation).
PIC-edge for static recursive routes.
BFD single-hop trigger for PIC-Edge without any explicit /32 static route configuration.
Recursive PIC activation at third level and beyond, on failure trigger at the first (IGP) level.
BGP path recursion constraints in FIB to ensure that FIB is in sync with BGP with respect to BGP
next-hop resolution.
IPv6 loop-free alternate fast-reroute (LFA FRR)
How to Implement BGP on Cisco IOS XR Software
Enabling BGP Routing
Perform this task to enable BGP routing and establish a BGP routing process. Configuring BGP neighbors is
included as part of enabling BGP routing.
At least one neighbor and at least one address family must be configured to enable BGP routing. At least
one neighbor with both a remote AS and an address family must be configured globally using the address
family and remote as commands.
Note
Before You Begin
BGP must be able to obtain a router identifier (for example, a configured loopback address). At least, one
address family must be configured in the BGP router configuration and the same address family must also be
configured under the neighbor.
If the neighbor is configured as an external BGP (eBGP) peer, you must configure an inbound and outbound
route policy on the neighbor using the route-policy command.
Note
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 51
Implementing BGP on Cisco ASR 9000 Series Router
BGP Prefix Independent Convergence for RIB and FIBSUMMARY STEPS
1. configure
2. route-policy route-policy-name
3. end-policy
4. Do one of the following:
end
commit
5. configure
6. router bgp as-number
7. bgp router-id ip-address
8. address-family { ipv4 | ipv6 } unicast
9. exit
10. neighbor ip-address
11. remote-as as-number
12. address-family { ipv4 | ipv6 } unicast
13. route-policy route-policy-name { in | out }
14. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
(Optional) Creates a route policy and enters route policy
configuration mode, where you can define the route policy.
route-policy route-policy-name
Example:
RP/0/RSP0/CPU0:router(config)# route-policy
Step 2
drop-as-1234
RP/0/RSP0/CPU0:router(config-rpl)# if
as-path passes-through '1234' then
RP/0/RSP0/CPU0:router(config-rpl)# apply
check-communities
RP/0/RSP0/CPU0:router(config-rpl)# else
RP/0/RSP0/CPU0:router(config-rpl)# pass
RP/0/RSP0/CPU0:router(config-rpl)# endif
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
52 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Enabling BGP RoutingCommand or Action Purpose
(Optional) Ends the definition of a route policy and exits route
policy configuration mode.
end-policy
Example:
RP/0/RSP0/CPU0:router(config-rpl)# end-policy
Step 3
Step 4 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 5
Specifies the BGP AS number and enters the BGP configuration
mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 6
bgp router-id ip-address Configures the local router with a specified router ID.
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
router-id 192.168.70.24
Step 7
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 53
Implementing BGP on Cisco ASR 9000 Series Router
Enabling BGP RoutingCommand or Action Purpose
Specifies either the IPv4 or IPv6 addressfamily and enters address
family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 8
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# exit
Step 9
Placesthe router in neighbor configuration mode for BGP routing
and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
Step 10
Creates a neighbor and assigns a remote autonomous system
number to it.
remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Step 11
Specifies either the IPv4 or IPv6 addressfamily and enters address
family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 12
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
(Optional) Applies the specified policy to inbound IPv4 unicast
routes.
route-policy route-policy-name { in | out }
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy drop-as-1234 in
Step 13
Step 14 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
54 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Enabling BGP RoutingCommand or Action Purpose
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Configuring a Routing Domain Confederation for BGP
Perform this task to configure the routing domain confederation for BGP. This includes specifying a
confederation identifier and autonomous systems that belong to the confederation.
Configuring a routing domain confederation reducesthe internal BGP (iBGP) mesh by dividing an autonomous
system into multiple autonomous systems and grouping them into a single confederation. Each autonomous
system is fully meshed within itself and has a few connections to another autonomous system in the same
confederation. The confederation maintains the next hop and local preference information, and that allows
you to retain a single Interior Gateway Protocol (IGP) for all autonomous systems. To the outside world, the
confederation looks like a single autonomous system.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. bgp confederation identifier as-number
4. bgp confederation peers as-number
5. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 55
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a Routing Domain Confederation for BGPCommand or Action Purpose
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router# router bgp 120
Step 2
bgp confederation identifier as-number Specifies a BGP confederation identifier.
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
confederation identifier 5
Step 3
Specifies that the BGP autonomous systems belong to a specified
BGP confederation identifier. You can associate multiple AS
bgp confederation peers as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
Step 4
numbers to the same confederation identifier, as shown in the
example.
confederation peers 1091
RP/0/RSP0/CPU0:router(config-bgp)# bgp
confederation peers 1092
RP/0/RSP0/CPU0:router(config-bgp)# bgp
confederation peers 1093
RP/0/RSP0/CPU0:router(config-bgp)# bgp
confederation peers 1094
RP/0/RSP0/CPU0:router(config-bgp)# bgp
confederation peers 1095
RP/0/RSP0/CPU0:router(config-bgp)# bgp
confederation peers 1096
Step 5 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp)# commit
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
56 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a Routing Domain Confederation for BGPCommand or Action Purpose
Resetting an eBGP Session Immediately Upon Link Failure
By default, if a link goes down, all BGP sessions of any directly adjacent external peers are immediately reset.
Use the bgp fast-external-fallover disable command to disable automatic resetting. Turn the automatic reset
back on using the no bgp fast-external-fallover disable command.
eBGP sessions flap when the node reaches 3500 eBGP sessions with BGP timer values set as 10 and 30. To
support more than 3500 eBGP sessions, increase the packet rate by using the lpts pifib hardware police
location location-id command. Following is a sample configuration to increase the eBGP sessions:
RP/0/RSP0/CPU0:router#configure
RP/0/RSP0/CPU0:router(config)#lpts pifib hardware police location 0/2/CPU0
RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)#flow bgp configured rate 4000
RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)#flow bgp known rate 4000
RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)#flow bgp default rate 4000
RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)#commit
Logging Neighbor Changes
Logging neighbor changes is enabled by default. Use the log neighbor changes disable command to turn off
logging. The no log neighbor changes disable command can also be used to turn logging back on if it has
been disabled.
Adjusting BGP Timers
Perform this task to set the timers for BGP neighbors.
BGP uses certain timers to control periodic activities, such as the sending of keepalive messages and the
interval after which a neighbor is assumed to be down if no messages are received from the neighbor during
the interval. The values set using the timers bgp command in router configuration mode can be overridden
on particular neighbors using the timers command in the neighbor configuration mode.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. timers bgp keepalive hold-time
4. neighbor ip-address
5. timers keepalive hold-time
6. Do one of the following:
end
commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 57
Implementing BGP on Cisco ASR 9000 Series Router
Resetting an eBGP Session Immediately Upon Link FailureDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
123
Step 2
timers bgp keepalive hold-time Sets a default keepalive time and a default hold time for all neighbors.
Example:
RP/0/RSP0/CPU0:router(config-bgp)# timers
bgp 30 90
Step 3
Places the router in neighbor configuration mode for BGP routing
and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
Step 4
(Optional) Sets the keepalive timer and the hold-time timer for the
BGP neighbor.
timers keepalive hold-time
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
timers 60 220
Step 5
Step 6 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
commit
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
58 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Adjusting BGP TimersCommand or Action Purpose
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Changing the BGP Default Local Preference Value
Perform this task to set the default local preference value for BGP paths.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. bgp default local-preference value
4. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
120
Step 2
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 59
Implementing BGP on Cisco ASR 9000 Series Router
Changing the BGP Default Local Preference ValueCommand or Action Purpose
Sets the default local preference value from the default of 100, making
it either a more preferable path (over 100) or less preferable path (under
100).
bgp default local-preference value
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
default local-preference 200
Step 3
Step 4 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp)# commit
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring the MED Metric for BGP
Perform this task to set the multi exit discriminator (MED) to advertise to peers for routes that do not already
have a metric set (routes that were received with no MED attribute).
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
60 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring the MED Metric for BGPSUMMARY STEPS
1. configure
2. router bgp as-number
3. default-metric value
4. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifiesthe autonomoussystem number and entersthe BGP configuration
mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router
bgp 120
Step 2
Sets the default metric, which is used to set the MED to advertise to peers
for routes that do not already have a metric set (routes that were received
with no MED attribute).
default-metric value
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
default metric 10
Step 3
Step 4 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:routerr(config-bgp)#
commit
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
? Entering no exitsthe configuration session and returnsthe router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 61
Implementing BGP on Cisco ASR 9000 Series Router
Configuring the MED Metric for BGPCommand or Action Purpose
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Configuring BGP Weights
Perform this task to assign a weight to routes received from a neighbor. A weight is a number that you can
assign to a path so that you can control the best-path selection process. If you have particular neighbors that
you want to prefer for most of your traffic, you can use the weight command to assign a higher weight to all
routes learned from that neighbor.
Before You Begin
Note The clear bgp command must be used for the newly configured weight to take effect.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. neighbor ip-address
4. remote-as as-number
5. address-family { ipv4 | ipv6 } unicast
6. weight weight-value
7. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
62 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP WeightsCommand or Action Purpose
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
Placesthe router in neighbor configuration mode for BGP routing
and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
Step 3
Creates a neighbor and assigns a remote autonomous system
number to it.
remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Step 4
Specifies either the IPv4 or IPv6 addressfamily and enters address
family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 5
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
weight weight-value Assigns a weight to all routes learned through the neighbor.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
weight 41150
Step 6
Step 7 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 63
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP WeightsCommand or Action Purpose
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Tuning the BGP Best-Path Calculation
Perform this task to change the default BGP best-path calculation behavior.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. bgp bestpath med missing-as-worst
4. bgp bestpath med always
5. bgp bestpath med confed
6. bgp bestpath as-path ignore
7. bgp bestpath compare-routerid
8. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
126
Step 2
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
64 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Tuning the BGP Best-Path CalculationCommand or Action Purpose
Directs the BGP software to consider a missing MED attribute in a
path as having a value of infinity, making this path the least desirable
path.
bgp bestpath med missing-as-worst
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
bestpath med missing-as-worst
Step 3
Configures the BGP speaker in the specified autonomous system to
compare MEDs among all the paths for the prefix, regardless of the
autonomous system from which the paths are received.
bgp bestpath med always
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
bestpath med always
Step 4
Enables BGP software to compare MED valuesfor pathslearned from
confederation peers.
bgp bestpath med confed
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
bestpath med confed
Step 5
Configures the BGP software to ignore the autonomous system length
when performing best-path selection.
bgp bestpath as-path ignore
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
bestpath as-path ignore
Step 6
Configure the BGP speaker in the autonomous system to compare the
router IDs of similar paths.
bgp bestpath compare-routerid
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
bestpath compare-routerid
Step 7
Step 8 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 65
Implementing BGP on Cisco ASR 9000 Series Router
Tuning the BGP Best-Path CalculationCommand or Action Purpose
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Indicating BGP Back-door Routes
Perform this task to set the administrative distance on an external Border Gateway Protocol (eBGP) route to
that of a locally sourced BGP route, causing it to be less preferred than an Interior Gateway Protocol (IGP)
route.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family { ipv4 | ipv6 } unicast
4. network { ip-address / prefix-length | ip-address mask } backdoor
5. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
120
Step 2
Specifies either the IPv4 or IPv6 address family and enters address
family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 3
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
66 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Indicating BGP Back-door RoutesCommand or Action Purpose
Configures the local router to originate and advertise the specified
network.
network { ip-address / prefix-length |
ip-address mask } backdoor
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
network 172.20.0.0/16
Step 4
Step 5 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-af)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring Aggregate Addresses
Perform this task to create aggregate entries in a BGP routing table.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 67
Implementing BGP on Cisco ASR 9000 Series Router
Configuring Aggregate AddressesSUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family { ipv4 | ipv6 } unicast
4. aggregate-address address/mask-length [ as-set ] [ as-confed-set ] [ summary-only ] [ route-policy
route-policy-name ]
5. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
120
Step 2
Specifies either the IPv4 or IPv6 addressfamily and enters addressfamily
configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 3
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Creates an aggregate address. The path advertised for this route is an
autonomous system set consisting of all elements contained in all paths
that are being summarized.
aggregate-address address/mask-length [
as-set ] [ as-confed-set ] [ summary-only ] [
route-policy route-policy-name ]
Step 4
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
aggregate-address 10.0.0.0/8 as-set
The as-set keyword generates autonomous system set path
information and community information from contributing paths.
The as-confed-set keyword generates autonomous system
confederation set path information from contributing paths.
The summary-only keyword filters all more specific routes from
updates.
The route-policy route-policy-name keyword and argument
specify the route policy used to set the attributes of the aggregate
route.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
68 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring Aggregate AddressesCommand or Action Purpose
Step 5 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-af)#
commit
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Redistributing iBGP Routes into IGP
Perform this task to redistribute iBGP routes into an Interior Gateway Protocol (IGP), such as Intermediate
System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF).
Use of the bgp redistribute-internal command requires the clear route * command to be issued to
reinstall all BGP routes into the IP routing table.
Note
Redistributing iBGP routes into IGPs may cause routing loops to form within an autonomous system. Use
this command with caution.
Caution
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 69
Implementing BGP on Cisco ASR 9000 Series Router
Redistributing iBGP Routes into IGPSUMMARY STEPS
1. configure
2. router bgp as-number
3. bgp redistribute-internal
4. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifiesthe autonomoussystem number and entersthe BGP configuration
mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router
bgp 120
Step 2
Allows the redistribution of iBGP routes into an IGP, such as IS-IS or
OSPF.
bgp redistribute-internal
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
redistribute-internal
Step 3
Step 4 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
70 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Redistributing iBGP Routes into IGPCommand or Action Purpose
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Redistributing Prefixes into Multiprotocol BGP
Perform this task to redistribute prefixes from another protocol into multiprotocol BGP.
Redistribution is the process of injecting prefixes from one routing protocol into another routing protocol.
This task shows how to inject prefixes from another routing protocol into multiprotocol BGP. Specifically,
prefixes that are redistributed into multiprotocol BGP using the redistribute command are injected into the
unicast database, the multicast database, or both.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family { ipv4 | ipv6 } unicast
4. Do one of the following:
redistribute connected [ metric metric-value ] [ route-policy route-policy-name ]
redistribute eigrp process-id [ match { external | internal }] [ metric metric-value ] [
route-policy route-policy-name ]
redistribute isis process-id [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [ route-policy
route-policy-name ]
redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2
]]} [ metric metric-value ] [ route-policy route-policy-name ]
redistribute ospfv3 process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 |
2 ]]} [ metric metric-value ] [ route-policy route-policy-name ]
redistribute rip [ metric metric-value ] [ route-policy route-policy-name ]
redistribute static [ metric metric-value ] [ route-policy route-policy-name ]
5. Do one of the following:
end
commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 71
Implementing BGP on Cisco ASR 9000 Series Router
Redistributing Prefixes into Multiprotocol BGPDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the
BGP configuration mode, allowing you to configure the
BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
Specifies either the IPv4 or IPv6 address family and enters
address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)# address-family
ipv4 unicast
Step 3
To see a list of all the possible keywords and arguments for
this command, use the CLI help (?).
Causesroutesfrom the specified instance to be redistributed
into BGP.
Step 4 Do one of the following:
redistribute connected [ metric metric-value ] [
route-policy route-policy-name ]
redistribute eigrp process-id [ match { external |
internal }] [ metric metric-value ] [ route-policy
route-policy-name ]
redistribute isis process-id [ level { 1 | 1-inter-area
| 2 }] [ metric metric-value ] [ route-policy
route-policy-name ]
redistribute ospf process-id [ match { external [ 1
| 2 ] | internal | nssa-external [ 1 | 2 ]]} [ metric
metric-value ] [ route-policy route-policy-name ]
redistribute ospfv3 process-id [ match { external [
1 | 2 ] | internal | nssa-external [ 1 | 2 ]]} [ metric
metric-value ] [ route-policy route-policy-name ]
redistribute rip [ metric metric-value ] [ route-policy
route-policy-name ]
redistribute static [ metric metric-value ] [
route-policy route-policy-name ]
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# redistribute
ospf 110
Step 5 Do one of the following: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
72 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Redistributing Prefixes into Multiprotocol BGPCommand or Action Purpose
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?[cancel]:
end
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# end
? Entering yes saves configuration changes to the
running configuration file, exitsthe configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-af)# commit ? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Configuring BGP Route Dampening
Perform this task to configure and monitor BGP route dampening.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 73
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Route DampeningSUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family { ipv4 | ipv6 } unicast
4. bgp dampening [ half-life [ reuse suppress max-suppress-time ] | route-policy route-policy-name ]
5. Do one of the following:
end
commit
6. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast |
multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4
{ unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics
7. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast |
multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4
{ unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics regexp regular-expression
8. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | labeled all {
unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name |
all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics route-policy
route-policy-name
9. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | labeled all {
unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name |
all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics { ip-address { mask |
/prefix-length }}
10. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast |
multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4
{ unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics { ip-address [{ mask | /prefix-length
} [ longer-prefixes ]]}
11. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast |
multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
labeled-unicast } | ipv6 unicast } } flap-statistics
12. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast
| multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
labeled-unicast } | ipv6 unicast }} flap-statistics regexp regular-expression
13. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast
| multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
labeled-unicast } | ipv6 unicast } } flap-statistics route-policy route-policy-name
14. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast
| multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
labeled-unicast } | ipv6 unicast } } flap-statistics network / mask-length
15. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast
| multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
labeled-unicast } | ipv6 unicast } } flap-statistics ip-address / mask-length
16. show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | labeled all {
unicast | multicast | all | labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name |
all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]] dampened-paths
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
74 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Route Dampening17. clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | ipv6 unicast | all { unicast |
multicast | all | labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
labeled-unicast } | ipv6 unicast } } dampening [ ip-address / mask-length ]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and
enters the BGP configuration mode, allowing
you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
Specifies either the IPv4 or IPv6 address family
and enters addressfamily configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)# address-family ipv4
unicast
Step 3
To see a list of all the possible keywords and
arguments for this command, use the CLI help
(?).
Configures BGP dampening for the specified
address family.
bgp dampening [ half-life [ reuse suppress max-suppress-time ] |
route-policy route-policy-name ]
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# bgp dampening 30 1500
10000 120
Step 4
Step 5 Do one of the following: Saves configuration changes.
end When you issue the end command, the
system prompts you to commit changes:
Uncommitted changes found, commit
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# end
them before
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-af)# commit
? Entering yes saves configuration
changes to the running configuration
file, exits the configuration session,
and returnsthe router to EXEC mode.
? Entering no exits the configuration
session and returns the router to
EXEC mode without committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 75
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Route DampeningCommand or Action Purpose
? Entering cancel leaves the router in
the current configuration session
without exiting or committing the
configuration changes.
Use the commit command to save the
configuration changes to the running
configuration file and remain within the
configuration session.
show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | Displays BGP flap statistics.
ipv6 unicast | all { unicast | multicast | all | labeled-unicast }
Step 6
| vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 {
unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics
Example:
RP/0/RSP0/CPU0:router# show bgp flap statistics
Displays BGP flap statistics for all paths that
match the regular expression.
show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } |
ipv6 unicast | all { unicast | multicast | all | labeled-unicast }
| vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 {
Step 7
unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics regexp
regular-expression
Example:
RP/0/RSP0/CPU0:router# show bgp flap-statistics regexp _1$
Displays BGP flap statistics for the specified
route policy.
show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } |
ipv6 unicast | labeled all { unicast | multicast | all |
labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name
Step 8
| all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]]
flap-statistics route-policy route-policy-name
Example:
RP/0/RSP0/CPU0:router(config)# show bgp flap-statistics
route-policy policy_A
show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } | Displays BGP flap for the specified prefix.
ipv6 unicast | labeled all { unicast | multicast | all |
Step 9
labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name
| all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]]
flap-statistics { ip-address { mask | /prefix-length }}
Example:
RP/0/RSP0/CPU0:router# show bgp flap-statistics 172.20.1.1
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
76 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Route DampeningCommand or Action Purpose
Displays BGP flap statistics for more specific
entries for the specified IP address.
show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } |
ipv6 unicast | all { unicast | multicast | all | labeled-unicast }
| vpnv4 unicast [ rd rd-address ] | vrf { vrf-name | all } [ ipv4 {
Step 10
unicast | labeled-unicast } | ipv6 unicast ]] flap-statistics {
ip-address [{ mask | /prefix-length } [ longer-prefixes ]]}
Example:
RP/0/RSP0/CPU0:router# show bgp flap-statistics 172.20.1.1
longer-prefixes
clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } | Clears BGP flap statistics for all routes.
ipv6 unicast | all { unicast | multicast | all | labeled-unicast
Step 11
} | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
labeled-unicast } | ipv6 unicast } } flap-statistics
Example:
RP/0/RSP0/CPU0:router# clear bgp all all flap-statistics
Clears BGP flap statisticsfor all pathsthat match
the specified regular expression.
clear bgp { ipv4 { unicast | multicast | labeled-unicast | all }
| ipv6 unicast | all { unicast | multicast | all |
labeled-unicast } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 {
Step 12
unicast | labeled-unicast } | ipv6 unicast }} flap-statistics regexp
regular-expression
Example:
RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast flap-statistics
regexp _1$
Clears BGP flap statistics for the specified route
policy.
clear bgp { ipv4 { unicast | multicast | labeled-unicast | all }
| ipv6 unicast | all { unicast | multicast | all | labeled-unicast
} | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
Step 13
labeled-unicast } | ipv6 unicast } } flap-statistics route-policy
route-policy-name
Example:
RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast flap-statistics
route-policy policy_A
Clears BGP flap statistics for the specified
network.
clear bgp { ipv4 { unicast | multicast | labeled-unicast | all }
| ipv6 unicast | all { unicast | multicast | all | labeled-unicast
} | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
Step 14
labeled-unicast } | ipv6 unicast } } flap-statistics network /
mask-length
Example:
RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast flap-statistics
192.168.40.0/24
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 77
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Route DampeningCommand or Action Purpose
Clears BGP flap statistics for routes received
from the specified neighbor.
clear bgp { ipv4 { unicast | multicast | labeled-unicast | all }
| ipv6 unicast | all { unicast | multicast | all | labeled-unicast
} | vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
Step 15
labeled-unicast } | ipv6 unicast } } flap-statistics ip-address /
mask-length
Example:
RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast flap-statistics
172.20.1.1
Displaysthe dampened routes, including the time
remaining before they are unsuppressed.
show bgp [ ipv4 { unicast | multicast | labeled-unicast | all } |
ipv6 unicast | labeled all { unicast | multicast | all |
labeled-unicast } | vpnv4 unicast [ rd rd-address ] | vrf { vrf-name
Step 16
| all } [ ipv4 { unicast | labeled-unicast } | ipv6 unicast ]]
dampened-paths
Example:
RP/0/RSP0/CPU0:router# show bgp dampened paths
Clears route dampening information and
unsuppresses the suppressed routes.
clear bgp { ipv4 { unicast | multicast | labeled-unicast | all } |
ipv6 unicast | all { unicast | multicast | all | labeled-unicast }
Step 17
| vpnv4 unicast | vrf { vrf-name | all } { ipv4 { unicast |
Always use the clear bgp dampening
command for an individual
address-family. The all option for
address-families with clear bgp
dampening should never be used
during normal functioning of the
system. For example, use clear bgp
ipv4 unicast dampening prefix
x.x.x./y
Caution
labeled-unicast } | ipv6 unicast } } dampening [ ip-address /
mask-length ]
Example:
RP/0/RSP0/CPU0:router# clear bgp dampening
Applying Policy When Updating the Routing Table
Perform this task to apply a routing policy to routes being installed into the routing table.
Before You Begin
See the Implementing Routing Policy on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series
Aggregation Services Router Routing Configuration Guide (this publication) for a list of the supported attributes
and operations that are valid for table policy filtering.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
78 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Applying Policy When Updating the Routing TableSUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family { ipv4 | ipv6 } unicast
4. table-policy policy-name
5. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
120.6
Step 2
Specifies either the IPv4 or IPv6 address family and enters address
family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 3
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Applies the specified policy to routes being installed into the routing
table.
table-policy policy-name
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
table-policy tbl-plcy-A
Step 4
Step 5 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# end
exiting(yes/no/cancel)?[cancel]:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 79
Implementing BGP on Cisco ASR 9000 Series Router
Applying Policy When Updating the Routing TableCommand or Action Purpose
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-af)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Setting BGP Administrative Distance
Perform this task to specify the use of administrative distances that can be used to prefer one class of route
over another.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family { ipv4 | ipv6 } unicast
4. distance bgp external-distance internal-distance local-distance
5. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
80 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Setting BGP Administrative DistanceCommand or Action Purpose
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
120
Step 2
Specifies either an IPv4 or IPv6 address family unicast and enters
address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 3
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Sets the external, internal, and local administrative distances to prefer
one class of routes over another. The higher the value, the lower the
trust rating.
distance bgp external-distance
internal-distance local-distance
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
distance bgp 20 20 200
Step 4
Step 5 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-af)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 81
Implementing BGP on Cisco ASR 9000 Series Router
Setting BGP Administrative DistanceConfiguring a BGP Neighbor Group and Neighbors
Perform thistask to configure BGP neighbor groups and apply the neighbor group configuration to a neighbor.
A neighbor group is a template that holds address family-independent and address family-dependent
configurations associated with the neighbor.
After a neighbor group is configured, each neighbor can inherit the configuration through the use command.
If a neighbor is configured to use a neighbor group, the neighbor (by default) inherits the entire configuration
of the neighbor group, which includes the address family-independent and address family-dependent
configurations. The inherited configuration can be overridden if you directly configure commands for the
neighbor or configure session groups or address family groups through the use command.
You can configure an address family-independent configuration under the neighbor group. An address
family-dependent configuration requires you to configure the address family under the neighbor group to
enter address family submode.
From neighbor group configuration mode, you can configure address family-independent parameters for the
neighbor group. Use the address-family command when in the neighbor group configuration mode.
After specifying the neighbor group name using the neighbor group command, you can assign options to
the neighbor group.
Note All commandsthat can be configured under a specified neighbor group can be configured under a neighbor.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family { ipv4 | ipv6 } unicast
4. exit
5. neighbor-group name
6. remote-as as-number
7. address-family { ipv4 | ipv6 } unicast
8. route-policy route-policy-name { in | out }
9. exit
10. exit
11. neighbor ip-address
12. use neighbor-group group-name
13. remote-as as-number
14. Do one of the following:
end
commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
82 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a BGP Neighbor Group and NeighborsDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
120
Step 2
Specifies either an IPv4 or IPv6 addressfamily unicast and enters
address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 3
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# exit
Step 4
neighbor-group name Places the router in neighbor group configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
neighbor-group nbr-grp-A
Step 5
Creates a neighbor and assigns a remote autonomous system
number to it.
remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)#
remote-as 2002
Step 6
Specifies either an IPv4 or IPv6 addressfamily unicast and enters
address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 7
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
(Optional) Applies the specified policy to inbound IPv4 unicast
routes.
route-policy route-policy-name { in | out }
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)#
route-policy drop-as-1234 in
Step 8
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 83
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a BGP Neighbor Group and NeighborsCommand or Action Purpose
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp-af)#
exit
Step 9
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbrgrp)#
exit
Step 10
Placesthe router in neighbor configuration mode for BGP routing
and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
Step 11
(Optional) Specifies that the BGP neighbor inherit configuration
from the specified neighbor group.
use neighbor-group group-name
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# use
neighbor-group nbr-grp-A
Step 12
Creates a neighbor and assigns a remote autonomous system
number to it.
remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Step 13
Step 14 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-nbr)# commit
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
84 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a BGP Neighbor Group and NeighborsCommand or Action Purpose
Use the commit command to save the configuration
changesto the running configuration file and remain within
the configuration session.
Configuring a Route Reflector for BGP
Perform this task to configure a route reflector for BGP.
All the neighbors configured with the route-reflector-clientcommand are members of the client group, and
the remaining iBGP peers are members of the nonclient group for the local route reflector.
Together, a route reflector and its clients form a cluster. A cluster of clients usually has a single route reflector.
In such instances, the cluster is identified by the software as the router ID of the route reflector. To increase
redundancy and avoid a single point of failure in the network, a cluster can have more than one route reflector.
If it does, all route reflectors in the cluster must be configured with the same 4-byte cluster ID so that a route
reflector can recognize updates from route reflectors in the same cluster. The bgp cluster-id command is used
to configure the cluster ID when the cluster has more than one route reflector.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. bgp cluster-id cluster-id
4. neighbor ip-address
5. remote-as as-number
6. address-family { ipv4 | ipv6 } unicast
7. route-reflector-client
8. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 85
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a Route Reflector for BGPCommand or Action Purpose
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
Configures the local router as one of the route reflectors serving
the cluster. It is configured with a specified cluster ID to identify
the cluster.
bgp cluster-id cluster-id
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
cluster-id 192.168.70.1
Step 3
Places the router in neighbor configuration mode for BGP routing
and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
Step 4
172.168.40.24
Creates a neighbor and assigns a remote autonomous system
number to it.
remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2003
Step 5
Specifies either an IPv4 or IPv6 address family unicast and enters
address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 6
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Configures the router as a BGP route reflector and configures the
neighbor as its client.
route-reflector-client
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-reflector-client
Step 7
Step 8 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
86 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a Route Reflector for BGPCommand or Action Purpose
? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Configuring BGP Route Filtering by Route Policy
Perform this task to configure BGP routing filtering by route policy.
Before You Begin
See the Implementing Routing Policy on Cisco ASR 9000 Series Router module of Cisco ASR 9000 Series
Aggregation Services Router Routing Configuration Guide (this publication) for a list of the supported
attributes and operations that are valid for inbound and outbound neighbor policy filtering.
SUMMARY STEPS
1. configure
2. route-policy name
3. end-policy
4. router bgp as-number
5. neighbor ip-address
6. address-family { ipv4 | ipv6 } unicast
7. route-policy route-policy-name { in | out }
8. Do one of the following:
end
commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 87
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Route Filtering by Route PolicyDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
(Optional) Creates a route policy and enters route policy
configuration mode, where you can define the route policy.
route-policy name
Example:
RP/0/RSP0/CPU0:router(config)# route-policy
Step 2
drop-as-1234
RP/0/RSP0/CPU0:router(config-rpl)# if
as-path passes-through '1234' then
RP/0/RSP0/CPU0:router(config-rpl)# apply
check-communities
RP/0/RSP0/CPU0:router(config-rpl)# else
RP/0/RSP0/CPU0:router(config-rpl)# pass
RP/0/RSP0/CPU0:router(config-rpl)# endif
(Optional) Ends the definition of a route policy and exits route
policy configuration mode.
end-policy
Example:
RP/0/RSP0/CPU0:router(config-rpl)# end-policy
Step 3
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 4
Placesthe router in neighbor configuration mode for BGP routing
and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
Step 5
Specifies either an IPv4 or IPv6 addressfamily unicast and enters
address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 6
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
route-policy route-policy-name { in | out } Applies the specified policy to inbound routes.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy drop-as-1234 in
Step 7
Step 8 Do one of the following: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
88 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Route Filtering by Route PolicyCommand or Action Purpose
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
end
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Configuring BGP Next-Hop Trigger Delay
Perform this task to configure BGP next-hop trigger delay. The Routing Information Base (RIB) classifies
the dampening notifications based on the severity of the changes. Event notifications are classified as critical
and noncritical. This task allows you to specify the minimum batching interval for the critical and noncritical
events.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family { ipv4 | ipv6 } unicast
4. nexthop trigger-delay { critical delay | non-critical delay }
5. Do one of the following:
end
commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 89
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Next-Hop Trigger DelayDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
120
Step 2
Specifies either an IPv4 or IPv6 address family unicast and enters
address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 3
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
nexthop trigger-delay { critical delay | Sets the critical next-hop trigger delay.
non-critical delay }
Step 4
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
nexthop trigger-delay critical 15000
Step 5 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-af)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
90 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Next-Hop Trigger DelayCommand or Action Purpose
Disabling Next-Hop Processing on BGP Updates
Perform this task to disable next-hop calculation for a neighbor and insert your own address in the next-hop
field of BGP updates. Disabling the calculation of the best next hop to use when advertising a route causes
all routes to be advertised with the network device as the next hop.
Note Next-hop processing can be disabled for addressfamily group, neighbor group, or neighbor addressfamily.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. neighbor ip-address
4. remote-as as-number
5. address-family { ipv4 | ipv6 } unicast
6. next-hop-self
7. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 91
Implementing BGP on Cisco ASR 9000 Series Router
Disabling Next-Hop Processing on BGP UpdatesCommand or Action Purpose
Places the router in neighbor configuration mode for BGP routing
and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
Step 3
Creates a neighbor and assigns a remote autonomous system
number to it.
remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 206
Step 4
Specifies either an IPv4 or IPv6 address family unicast and enters
address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 5
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Sets the next-hop attribute for all routes advertised to the specified
neighbor to the address of the local router. Disabling the calculation
next-hop-self
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
next-hop-self
Step 6
of the best next hop to use when advertising a route causes all
routes to be advertised with the local network device as the next
hop.
Step 7 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
92 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Disabling Next-Hop Processing on BGP UpdatesConfiguring BGP Community and Extended-Community Advertisements
Perform this task to specify that community/extended-community attributes should be sent to an eBGP
neighbor. These attributes are not sent to an eBGP neighbor by default. By contrast, they are always sent to
iBGP neighbors. This section provides examples on how to enable sending community attributes. The
send-community-ebgp keyword can be replaced by the send-extended-community-ebgp keyword to
enable sending extended-communities.
If the send-community-ebgp command is configured for a neighbor group or address family group, all
neighbors using the group inherit the configuration. Configuring the command specifically for a neighbor
overrides inherited values.
BGP community and extended-community filtering cannot be configured for iBGP neighbors. Communities
and extended-communities are alwayssent to iBGP neighbors under IPv4, IPv6, VPNv4, and MDT address
families.
Note
SUMMARY STEPS
1. configure
2. router bgp as-number
3. neighbor ip-address
4. remote-as as-number
5. address-family{ipv4{labeled-unicast | mdt | multicast | mvpn | tunnel | unicast} | ipv6
{labeled-unicast | mvpn | unicast}}
6. Use one of these commands:
send-community-ebgp
send-extended-community-ebgp
7. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 93
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Community and Extended-Community AdvertisementsCommand or Action Purpose
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
120
Step 2
Places the router in neighbor configuration mode for BGP routing and
configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
neighbor 172.168.40.24
Step 3
Creates a neighbor and assigns a remote autonomous system number
to it.
remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Step 4
Enters neighbor address family configuration mode for the specified
address family. Use either ipv4 or ipv6 address family keyword with
one of the specified address family sub mode identifiers.
address-family{ipv4{labeled-unicast | mdt |
multicast | mvpn | tunnel | unicast} | ipv6
{labeled-unicast | mvpn | unicast}}
Step 5
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family ipv6 unicast
IPv6 address family mode supports these sub modes:
labeled-unicast
mvpn
unicast
IPv4 address family mode supports these sub modes:
labeled-unicast
mdt
multicast
mvpn
tunnel
unicast
Refer the address-family (BGP) command in BGP Commands module
of Cisco ASR 9000 Series Aggregation Services Router Routing
Command Reference for more information on the Address Family
Submode support.
Specifies that the router send community attributes or extended
community attributes (which are disabled by default for eBGP
neighbors) to a specified eBGP neighbor.
Step 6 Use one of these commands:
send-community-ebgp
send-extended-community-ebgp
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
94 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Community and Extended-Community AdvertisementsCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
send-community-ebgp
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
send-extended-community-ebgp
Step 7 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring the BGP Cost Community
Perform this task to configure the BGP cost community.
BGP receives multiple paths to the same destination and it uses the best-path algorithm to decide which is the
best path to install in RIB. To enable users to determine an exit point after partial comparison, the cost
community is defined to tie-break equal paths during the best-path selection process.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 95
Implementing BGP on Cisco ASR 9000 Series Router
Configuring the BGP Cost CommunitySUMMARY STEPS
1. configure
2. route-policy name
3. set extcommunity cost { cost-extcommunity-set-name | cost-inline-extcommunity-set } [ additive ]
4. end-policy
5. router bgp as-number
6. Do one of the following:
default-information originate
aggregate-address address/mask-length [ as-set ] [ as-confed-set ] [summary-only ] [ route-policy
route-policy-name ]
address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast
} redistribute connected [ metric metric-value ] [ route-policy route-policy-name ]
address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast
} redistribute eigrp process-id [ match { external | internal }] [ metric metric-value ] [
route-policy route-policy-name ]
address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast
} redistribute isis process-id [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [
route-policy route-policy-name ]
address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast
} redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2
]}] [ metric metric-value ] [ route-policy route-policy-name ]
7. Do one of the following:
address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv4 mdt | ipv6 unicast | ipv6
multicast | vpnv4 unicast | vpnv6 unicast } redistribute ospfv3 process-id [ match { external
[ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric metric-value ] [ route-policy
route-policy-name ]
address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast
} redistribute rip [ metric metric-value ] [ route-policy route-policy-name ]
address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast
} redistribute static [ metric metric-value ] [ route-policy route-policy-name ]
address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv6 unicast | vpnv4 unicast
} network { ip-address/prefix-length | ip-address mask } [ route-policy route-policy-name ]
neighbor ip-address remote-as as-number address-family { ipv4 unicast | ipv4 multicast
| ipv4 tunnel | ipv4 ipv6 unicast | vpnv4 unicast }
route-policy route-policy-name { in | out }
8. Do one of the following:
end
commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
96 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring the BGP Cost Community9. show bgp [ vrf vrf-name ] ip-address
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters route policy configuration mode and
specifies the name of the route policy to be
configured.
route-policy name
Example:
RP/0/RSP0/CPU0:router(config)# route-policy costA
Step 2
Specifiesthe BGP extended community attribute
for cost.
set extcommunity cost { cost-extcommunity-set-name |
cost-inline-extcommunity-set } [ additive ]
Example:
RP/0/RSP0/CPU0:router(config)# set extcommunity cost cost_A
Step 3
Ends the definition of a route policy and exits
route policy configuration mode.
end-policy
Example:
RP/0/RSP0/CPU0:router(config)# end-policy
Step 4
Enters BGP configuration mode allowing you
to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 5
Applies the cost community to the attach point
(route policy).
Step 6 Do one of the following:
default-information originate
aggregate-address address/mask-length [ as-set ] [ as-confed-set
] [ summary-only ] [ route-policy route-policy-name ]
address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel
| ipv6 unicast | vpnv4 unicast } redistribute connected [
metric metric-value ] [ route-policy route-policy-name ]
address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel
| ipv6 unicast | vpnv4 unicast } redistribute eigrp process-id
[ match { external | internal }] [ metric metric-value ] [
route-policy route-policy-name ]
address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel
| ipv6 unicast | vpnv4 unicast } redistribute isis process-id
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 97
Implementing BGP on Cisco ASR 9000 Series Router
Configuring the BGP Cost CommunityCommand or Action Purpose
[ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [
route-policy route-policy-name ]
address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel
| ipv6 unicast | vpnv4 unicast } redistribute ospf process-id
[ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2
]}] [ metric metric-value ] [ route-policy route-policy-name ]
Step 7 Do one of the following:
address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel
| ipv4 mdt | ipv6 unicast | ipv6 multicast | vpnv4 unicast |
vpnv6 unicast } redistribute ospfv3 process-id [ match {
external [ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [ metric
metric-value ] [ route-policy route-policy-name ]
address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel
| ipv6 unicast | vpnv4 unicast } redistribute rip [ metric
metric-value ] [ route-policy route-policy-name ]
address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel
| ipv6 unicast | vpnv4 unicast } redistribute static [ metric
metric-value ] [ route-policy route-policy-name ]
address-family { ipv4 unicast | ipv4 multicast | ipv4 tunnel
| ipv6 unicast | vpnv4 unicast } network {
ip-address/prefix-length | ip-address mask } [ route-policy
route-policy-name ]
neighbor ip-address remote-as as-number address-family
{ ipv4 unicast | ipv4 multicast | ipv4 tunnel | ipv4 ipv6
unicast | vpnv4 unicast }
route-policy route-policy-name { in | out }
Step 8 Do one of the following: Saves configuration changes.
end When you issue the end command, the
system prompts you to commit changes:
Uncommitted changes found, commit
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# end
them before
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration
changes to the running configuration
or
RP/0/RSP0/CPU0:router(config-bgp-af)# commit
file, exits the configuration session,
and returnsthe router to EXEC mode.
? Entering no exits the configuration
session and returns the router to
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
98 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring the BGP Cost CommunityCommand or Action Purpose
EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in
the current configuration session
without exiting or committing the
configuration changes.
Use the commit command to save the
configuration changes to the running
configuration file and remain within the
configuration session.
Displays the cost community in the following
format:
show bgp [ vrf vrf-name ] ip-address
Example:
RP/0/RSP0/CPU0:router# show bgp 172.168.40.24
Step 9
Cost: POI : cost-community-ID : cost-number
Configuring Software to Store Updates from a Neighbor
Perform this task to configure the software to store updates received from a neighbor.
The soft-reconfiguration inbound command causes a route refresh request to be sent to the neighbor if the
neighbor is route refresh capable. If the neighbor is not route refresh capable, the neighbor must be reset to
relearn received routes using the clear bgp soft command. See the Resetting Neighbors Using BGP Inbound
Soft Reset, on page 124.
Storing updates from a neighbor works only if either the neighbor is route refresh capable or the
soft-reconfiguration inbound command is configured. Even if the neighbor is route refresh capable and
the soft-reconfiguration inbound command is configured, the original routes are not stored unless the
always option is used with the command. The original routes can be easily retrieved with a route refresh
request. Route refresh sends a request to the peer to resend itsrouting information. The soft-reconfiguration
inbound command stores all pathsreceived from the peer in an unmodified form and refersto these stored
paths during the clear. Soft reconfiguration is memory intensive.
Note
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 99
Implementing BGP on Cisco ASR 9000 Series Router
Configuring Software to Store Updates from a NeighborSUMMARY STEPS
1. configure
2. router bgp as-number
3. neighbor ip-address
4. address-family { ipv4 | ipv6 } unicast
5. soft-reconfiguration inbound [ always]
6. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
Places the router in neighbor configuration mode for BGP routing
and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
Step 3
Specifies either an IPv4 or IPv6 address family unicast and enters
address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 4
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Configures the software to store updates received from a specified
neighbor. Soft reconfiguration inbound causes the software to store
soft-reconfiguration inbound [ always]
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
soft-reconfiguration inbound always
Step 5
the original unmodified route in addition to a route that is modified
or filtered. This allows a soft clear to be performed after the
inbound policy is changed.
Soft reconfiguration enables the software to store the incoming
updates before apply policy if route refresh is not supported by the
peer (otherwise a copy of the update is not stored). The always
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
100 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring Software to Store Updates from a NeighborCommand or Action Purpose
keyword forcesthe software to store a copy even when route refresh
is supported by the peer.
Step 6 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Configuring Distributed BGP
Perform this task to configure distributed BGP. Configuring distributed BGP includes starting the speaker
process and allocating the speaker process to a neighbor.
Before You Begin
If BGP is running in standalone mode, the clear bgp current-mode or clear bgp vrf all * command must
be used to switch from standalone mode to distributed mode.
Note
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 101
Implementing BGP on Cisco ASR 9000 Series Router
Configuring Distributed BGPSUMMARY STEPS
1. configure
2. router bgp as-number
3. distributed speaker id
4. commit
5. address-family { ipv4 | ipv6 } unicast
6. exit
7. neighbor ip-address
8. remote-as as-number
9. speaker-id id
10. address-family { ipv4 | ipv6 } unicast
11. end
12. clear bgp current-mode
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
distributed speaker id Specifies the speaker process to start.
Example:
RP/0/RSP0/CPU0:router(config-bgp)# distributed
speaker 2
Step 3
Saves the configuration changes to the running configuration
file and remains within the configuration session.
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp)# commit
Step 4
Specifies either an IPv4 or IPv6 address family unicast and
enters address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 5
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
102 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring Distributed BGPCommand or Action Purpose
exit Exits address family mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# exit
Step 6
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
Step 7
Creates a neighbor and assigns a remote autonomous system
number to it.
remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Step 8
speaker-id id Allocates a neighbor to a specified speaker process.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
speaker-id 2
Step 9
Specifies either an IPv4 or IPv6 address family unicast and
enters address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 10
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Step 11 end Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exits the configuration session and
returnsthe router to EXEC mode without committing
the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 103
Implementing BGP on Cisco ASR 9000 Series Router
Configuring Distributed BGPCommand or Action Purpose
clear bgp current-mode Switches from standalone mode to distributed mode.
Example:
RP/0/RSP0/CPU0:router# clear bgp current-mode
Step 12
Configuring a VPN Routing and Forwarding Instance in BGP
Layer 2 and Layer 3 (virtual private network) VPN can be configured only if there is an available Layer 3
VPN license for the line card slot on which the feature is being configured.
If the advanced IP license is enabled, 4096 Layer 3 VPN routing and forwarding instances (VRFs) can be
configured on an interface. If the infrastructure VRF license is enabled, eight Layer 3 VRFs can be configured
on the line card. See the Software Entitlement on Cisco ASR 9000 Series Router module in Cisco ASR 9000
Series Aggregation Services Router System Management Configuration Guide for more information on
advanced IP licencing.
The following error message appears if the appropriate licence is not enabled:
RP/0/RSP0/CPU0:router#LC/0/0/CPU0:Dec 15 17:57:53.653 : rsi_agent[247]:
%LICENSE-ASR9K_LICENSE-2-INFRA_VRF_NEEDED : 5 VRF(s) are configured without license
A9K-iVRF-LIC in violation of the Software Right To Use Agreement.
This feature may be disabled by the system without the appropriate license.
Contact Cisco to purchase the license immediately to avoid potential service interruption.
The following tasks are used to configure a VPN routing and forwarding (VRF) instance in BGP:
Defining the Virtual Routing and Forwarding Tables in Provider Edge Routers
Perform this task to define the VPN routing and forwarding (VRF) tables in the provider edge (PE) routers.
SUMMARY STEPS
1. configure
2. vrf vrf-name
3. address-family { ipv4 | ipv6 } unicast
4. maximum prefix maximum [ threshold ]
5. import route-policy policy-name
6. import route-target [ as-number : nn | ip-address : nn ]
7. export route-policy policy-name
8. export route-target [ as-number : nn | ip-address : nn ]
9. Do one of the following:
end
commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
104 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
vrf vrf-name Configures a VRF instance.
Example:
RP/0/RSP0/CPU0:router(config)# vrf vrf_pe
Step 2
Specifies either the IPv4 or IPv6 address family and enters address
family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 3
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Step 4 maximum prefix maximum [ threshold ] Configures a limit to the number of prefixes allowed in a VRF table.
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)#
maximum prefix 2300
A maximum number of routes is applicable only to dynamic routing
protocols and not to static or connected routes.
You can specify a threshold percentage of the prefix limit using the
mid-threshold argument.
(Optional) Provides finer control over what gets imported into a VRF.
This import filter discards prefixes that do not match the specified
policy-name argument.
import route-policy policy-name
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)#
import route-policy policy_a
Step 5
Specifies a list of route target (RT) extended communities. Only
prefixes that are associated with the specified import route target
extended communities are imported into the VRF.
import route-target [ as-number : nn |
ip-address : nn ]
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)#
import route-target 234:222
Step 6
(Optional) Provides finer control over what gets exported into a VRF.
This export filter discards prefixes that do not match the specified
policy-name argument.
export route-policy policy-name
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)#
export route-policy policy_b
Step 7
Specifies a list of route target extended communities. Export route
target communities are associated with prefixes when they are
export route-target [ as-number : nn |
ip-address : nn ]
Step 8
advertised to remote PEs. The remote PEs import them into VRFs
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 105
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:routerr(config-vrf-af)#
export route-target 123;234
which have import RTs that match these exported route target
communities.
Step 9 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-vrf-af)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring the Route Distinguisher
The route distinguisher (RD) makes prefixes unique across multiple VPN routing and forwarding (VRF)
instances.
In the L3VPN multipath same route distinguisher (RD)environment, the determination of whether to install
a prefix in RIB or not is based on the prefix's bestpath. In a rare misconfiguration situation, where the best
pah is not a valid path to be installed in RIB, BGP drops the prefix and does not consider the other paths. The
behavior is different for different RD setup, where the non-best multipath will be installed if the best multipath
is invalid to be installed in RIB.
Perform this task to configure the RD.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
106 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPSUMMARY STEPS
1. configure
2. router bgp as-number
3. bgp router-id ip-address
4. vrf vrf-name
5. rd { as-number : nn | ip-address : nn | auto }
6. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters BGP configuration mode allowing you to configure the BGP
routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
120
Step 2
bgp router-id ip-address Configures a fixed router ID for the BGP-speaking router.
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
router-id 10.0.0.0
Step 3
vrf vrf-name Configures a VRF instance.
Example:
RP/0/RSP0/CPU0:router(config-bgp)# vrf
vrf_pe
Step 4
Step 5 rd { as-number : nn | ip-address : nn | auto } Configures the route distinguisher.
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# rd
345:567
Use the auto keyword if you want the router to automatically assign
a unique RD to the VRF.
Automatic assignment of RDs is possible only if a router ID is
configured using the bgp router-id command in router configuration
mode. This allows you to configure a globally unique router ID that
can be used for automatic RD generation. The router ID for the VRF
does not need to be globally unique, and using the VRF router ID
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 107
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
would be incorrect for automatic RD generation. Having a single router
ID also helpsin checkpointing RD information for BGP graceful restart,
because it is expected to be stable across reboots.
Step 6 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring PE-PE or PE-RR Interior BGP Sessions
To enable BGP to carry VPN reachability information between provider edge (PE) routers you must configure
the PE-PE interior BGP (iBGP) sessions. A PE uses VPN information carried from the remote PE router to
determine VPN connectivity and the label value to be used so the remote (egress) router can demultiplex the
packet to the correct VPN during packet forwarding.
The PE-PE, PE-route reflector (RR) iBGP sessions are defined to all PE and RR routers that participate in the
VPNs configured in the PE router.
Perform this task to configure PE-PE iBGP sessions and to configure global VPN options on a PE.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
108 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPSUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family vpnv4 unicast
4. exit
5. neighbor ip-address
6. remote-as as-number
7. description text
8. password { clear | encrypted } password
9. shutdown
10. timers keepalive hold-time
11. update-source type interface-id
12. address-family vpnv4 unicast
13. route-policy route-policy-name in
14. route-policy route-policy-name out
15. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
address-family vpnv4 unicast Enters VPN address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family vpvn4 unicast
Step 3
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# exit
Step 4
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 109
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
neighbor ip-address Configures a PE iBGP neighbor.
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.16.1.1
Step 5
remote-as as-number Assigns the neighbor a remote autonomous system number.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 1
Step 6
(Optional) Provides a description of the neighbor. The
description is used to save comments and does not affect
software function.
description text
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
description neighbor 172.16.1.1
Step 7
Enables Message Digest 5 (MD5) authentication on the TCP
connection between the two BGP neighbors.
password { clear | encrypted } password
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
password encrypted 123abc
Step 8
Terminates any active sessions for the specified neighbor and
removes all associated routing information.
shutdown
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
shutdown
Step 9
timers keepalive hold-time Set the timers for the BGP neighbor.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# timers
12000 200
Step 10
Allows iBGP sessions to use the primary IP address from a
specific interface as the local address when forming an iBGP
session with a neighbor.
update-source type interface-id
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
update-source gigabitEthernet 0/1/5/0
Step 11
address-family vpnv4 unicast Enters VPN neighbor address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family vpvn4 unicast
Step 12
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
110 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
Specifies a routing policy for an inbound route. The policy can
be used to filter routes or modify route attributes.
route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pe-pe-vpn-in in
Step 13
Specifies a routing policy for an outbound route. The policy
can be used to filter routes or modify route attributes.
route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pe-pe-vpn-out out
Step 14
Step 15 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Configuring Route Reflector to Hold Routes That Have a Defined Set of RT Communities
A provider edge (PE) needsto hold the routesthat match the import route targets(RTs) of the VPNs configured
on it. The PE router can discard all other VPNv4 routes. But, a route reflector (RR) must retain all VPNv4
routes, because it might peer with PE routers and different PEs might require different RT-tagged VPNv4
(making RRs non-scalable). You can configure an RR to only hold routes that have a defined set of RT
communities. Also, a number of the RRs can be configured to service a differentset of VPNs(thereby achieving
some scalability). A PE is then made to peer with all RRs that service the VRFs configured on the PE. When
a new VRF is configured with an RT for which the PE does not already hold routes, the PE issues route
refreshes to the RRs and retrieves the relevant VPN routes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 111
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPNote that this process can be more efficient if the PE-RR session supports extended community outbound
route filter (ORF).
Note
Perform this task to configure a reflector to retain routes tagged with specific RTs.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family vpnv4 unicast
4. retain route-target { all | route-policy route-policy-name }
5. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
address-family vpnv4 unicast Enters VPN address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family vpvn4 unicast
Step 3
Configures a reflector to retain routes tagged with particular RTs.
Use the route-policy-name argument for the policy name that lists
retain route-target { all | route-policy
route-policy-name }
Step 4
the extended communities that a path should have in order for the
RR to retain that path.
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# retain
route-target route-policy rr_ext-comm
The all keyword is not required, because thisisthe default
behavior of a route reflector.
Note
Step 5 Do one of the following: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
112 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
end
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Configuring BGP as a PE-CE Protocol
Perform this task to configure BGP on the PE and establish PE-CE communication using BGP.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 113
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPSUMMARY STEPS
1. configure
2. router bgp as-number
3. vrf vrf-name
4. bgp router-id ip-address
5. label-allocation-mode per-ce
6. address-family { ipv4 | ipv6 } unicast
7. network { ip-address / prefix-length | ip-address mask }
8. aggregate-address address / mask-length
9. exit
10. neighbor ip-address
11. remote-as as-number
12. password { clear | encrypted } password
13. ebgp-multihop [ ttl-value ]
14. Do one of the following:
address-family { ipv4 | ipv6 } unicast
address-family {ipv4 {unicast | labeled-unicast} | ipv6 unicast}
15. site-of-origin [ as-number : nn | ip-address : nn ]
16. as-override
17. allowas-in [ as-occurrence-number ]
18. route-policy route-policy-name in
19. route-policy route-policy-name out
20. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
114 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
vrf vrf-name Enables BGP routing for a particular VRF on the PE router.
Example:
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_pe_2
Step 3
bgp router-id ip-address Configures a fixed router ID for a BGP-speaking router.
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# bgp
router-id 172.16.9.9
Step 4
Step 5 label-allocation-mode per-ce Configures the per-CE label allocation mode to avoid
an extra lookup on the PE router and conserve labelspace
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
label-allocation-mode per-ce
(per-prefix is the default label allocation mode). In this
mode, the PE router allocates one label for every
immediate next-hop (in most cases, this would be a CE
router). This label is directly mapped to the next hop, so
there is no VRF route lookup performed during data
forwarding. However, the number of labels allocated
would be one for each CE rather than one for each VRF.
Because BGP knows all the next hops, it assigns a label
for each next hop (not for each PE-CE interface). When
the outgoing interface is a multiaccess interface and the
media access control (MAC) address of the neighbor is
not known, Address Resolution Protocol (ARP) is
triggered during packet forwarding.
The per-vrf keyword configures the same label to be
used for all the routes advertised from a unique VRF.
Specifies either an IPv4 or IPv6 address family unicast and
enters address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)# address-family
ipv4 unicast
Step 6
To see a list of all the possible keywords and arguments for
this command, use the CLI help (?).
Originates a network prefix in the address family table in the
VRF context.
network { ip-address / prefix-length | ip-address mask
}
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# network
Step 7
172.16.5.5/24
Configures aggregation in the VRF address family context to
summarize routing information to reduce the state maintained
aggregate-address address / mask-length
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
aggregate-address 10.0.0.0/24
Step 8
in the core. This summarization introduces some inefficiency
in the PE edge, because an additional lookup is required to
determine the ultimate next hop for a packet.When configured,
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 115
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
a summary prefix is advertised instead of a set of component
prefixes, which are more specifics of the aggregate. The PE
advertises only one label for the aggregate. Because component
prefixes could have different next hops to CEs, an additional
lookup has to be performed during data forwarding.
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# exit
Step 9
Configures a CE neighbor. The ip-address argument must
be a private address.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor
10.0.0.0
Step 10
remote-as as-number Configures the remote AS for the CE neighbor.
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
remote-as 2
Step 11
Enable Message Digest 5 (MD5) authentication on a TCP
connection between two BGP neighbors.
password { clear | encrypted } password
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
password encrypted 234xyz
Step 12
Configures the CE neighbor to accept and attempt BGP
connections to external peers residing on networks that are
not directly connected.
ebgp-multihop [ ttl-value ]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
ebgp-multihop 55
Step 13
Specifies either an IPv4 or IPv6 address family unicast and
enters address family configuration submode.
Step 14 Do one of the following:
address-family { ipv4 | ipv6 } unicast
To see a list of all the possible keywords and arguments for
this command, use the CLI help (?).
address-family {ipv4 {unicast | labeled-unicast} |
ipv6 unicast}
Example:
RP/0/RSP0/CPU0:router(config-vrf)# address-family
ipv4 unicast
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
116 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
Configures the site-of-origin (SoO) extended community.
Routes that are learned from this CE neighbor are tagged with
site-of-origin [ as-number : nn | ip-address : nn ]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
site-of-origin 234:111
Step 15
the SoO extended community before being advertised to the
rest of the PEs. SoO is frequently used to detect loops when
as-override is configured on the PE router. If the prefix is
looped back to the same site, the PE detects this and does not
send the update to the CE.
Configures AS override on the PE router. This causes the PE
router to replace the CEs ASN with its own (PE) ASN.
as-override
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
as-override
Step 16
This loss of information could lead to routing loops;
to avoid loops caused by as-override, use it in
conjunction with site-of-origin.
Note
Allows an AS path with the PE autonomous system number
(ASN) a specified number of times.
allowas-in [ as-occurrence-number ]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
allowas-in 5
Step 17
Hub and spoke VPN networks need the looping back of routing
information to the HUB PE through the HUB CE. When this
happens, due to the presence of the PE ASN, the looped-back
information is dropped by the HUB PE. To avoid this, use the
allowas-in command to allow prefixes even if they have the
PEs ASN up to the specified number of times.
Specifies a routing policy for an inbound route. The policy
can be used to filter routes or modify route attributes.
route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
route-policy pe_ce_in_policy in
Step 18
Specifies a routing policy for an outbound route. The policy
can be used to filter routes or modify route attributes.
route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
route-policy pe_ce_out_policy out
Step 19
Step 20 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
commit
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 117
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Redistribution of IGPs to BGP
Perform this task to configure redistribution of a protocol into the VRF address family.
Even if Interior Gateway Protocols (IGPs) are used as the PE-CE protocol, the import logic happens through
BGP. Therefore, all IGP routes have to be imported into the BGP VRF table.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
118 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPSUMMARY STEPS
1. configure
2. router bgp as-number
3. vrf vrf-name
4. address-family { ipv4 | ipv6 } unicast
5. Do one of the following:
redistribute connected [ metric metric-value ] [ route-policy route-policy-name ]
redistribute eigrp process-id [ match { external | internal }] [ metric metric-value ] [
route-policy route-policy-name ]
redistribute isis process-id [ level { 1 | 1-inter-area | 2 }] [ metric metric-value ] [ route-policy
route-policy-name ]
redistribute ospf process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 | 2
]}] [ metric metric-value ] [ route-policy route-policy-name ]
redistribute ospfv3 process-id [ match { external [ 1 | 2 ] | internal | nssa-external [ 1 |
2 ]}] [ metric metric-value ] [ route-policy route-policy-name ]
redistribute rip [ metric metric-value ] [ route-policy route-policy-name ]
redistribute static [ metric metric-value ] [ route-policy route-policy-name ]
6. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
vrf vrf-name Enables BGP routing for a particular VRF on the PE router.
Example:
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_a
Step 3
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 119
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
Specifies either an IPv4 or IPv6 address family unicast and
enters address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)# address-family
ipv4 unicast
Step 4
To see a list of all the possible keywords and arguments for
this command, use the CLI help (?).
Configures redistribution of a protocol into the VRF address
family context.
Step 5 Do one of the following:
redistribute connected [ metric metric-value ] [
route-policy route-policy-name ] The redistribute command is used if BGP is not used between
the PE-CE routers. If BGP is used between PE-CE routers, the
redistribute eigrp process-id [ match { external
| internal }] [ metric metric-value ] [ route-policy
route-policy-name ]
IGP that is used has to be redistributed into BGP to establish
VPN connectivity with other PE sites. Redistribution is also
required for inter-table import and export.
redistribute isis process-id [ level { 1 |
1-inter-area | 2 }] [ metric metric-value ] [
route-policy route-policy-name ]
redistribute ospf process-id [ match { external
[ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [
metric metric-value ] [ route-policy
route-policy-name ]
redistribute ospfv3 process-id [ match { external
[ 1 | 2 ] | internal | nssa-external [ 1 | 2 ]}] [
metric metric-value ] [ route-policy
route-policy-name ]
redistribute rip [ metric metric-value ] [
route-policy route-policy-name ]
redistribute static [ metric metric-value ] [
route-policy route-policy-name ]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
redistribute eigrp 23
Step 6 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
120 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring a VPN Routing and Forwarding Instance in BGPCommand or Action Purpose
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Configuring Keychains for BGP
Keychains provide secure authentication by supporting different MAC authentication algorithms and provide
graceful key rollover. Perform this task to configure keychains for BGP. This task is optional.
If a keychain is configured for a neighbor group or a session group, a neighbor using the group inherits
the keychain. Values of commands configured specifically for a neighbor override inherited values.
Note
SUMMARY STEPS
1. configure
2. router bgp as-number
3. neighbor ip-address
4. remote-as as-number
5. keychain name
6. Do one of the following:
end
commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 121
Implementing BGP on Cisco ASR 9000 Series Router
Configuring Keychains for BGPDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
120
Step 2
Places the router in neighbor configuration mode for BGP routing
and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
Step 3
Creates a neighbor and assigns a remote autonomoussystem number
to it.
remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Step 4
keychain name Configures keychain-based authentication.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
keychain kych_a
Step 5
Step 6 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
commit
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
122 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring Keychains for BGPCommand or Action Purpose
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Disabling a BGP Neighbor
Perform this task to administratively shut down a neighbor session without removing the configuration.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. neighbor ip-address
4. shutdown
5. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp
127
Step 2
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 123
Implementing BGP on Cisco ASR 9000 Series Router
Disabling a BGP NeighborCommand or Action Purpose
Places the router in neighbor configuration mode for BGP routing
and configures the neighbor IP address as a BGP peer.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
Step 3
shutdown Disables all active sessions for the specified neighbor.
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
shutdown
Step 4
Step 5 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the
configuration session.
Resetting Neighbors Using BGP Inbound Soft Reset
Perform this task to trigger an inbound soft reset of the specified address families for the specified group or
neighbors. The group is specified by the * , ip-address , as-number , or external keywords and arguments.
Resetting neighbors is useful if you change the inbound policy for the neighbors or any other configuration
that affects the sending or receiving of routing updates. If an inbound soft reset is triggered, BGP sends a
REFRESH request to the neighbor if the neighbor has advertised the ROUTE_REFRESH capability. To
determine whether the neighbor has advertised the ROUTE_REFRESH capability, use the show bgp neighbors
command.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
124 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Resetting Neighbors Using BGP Inbound Soft ResetSUMMARY STEPS
1. show bgp neighbors
2. clear bgp { ipv4 { unicast | multicast | all | tunnel } | ipv6 unicast | all { unicast | multicast
| all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } { * |
ip-address | as as-number | external } soft [ in [ prefix-filter ] | out ]
DETAILED STEPS
Command or Action Purpose
Verifies that received route refresh capability from the
neighbor is enabled.
show bgp neighbors
Example:
RP/0/RSP0/CPU0:router# show bgp neighbors
Step 1
clear bgp { ipv4 { unicast | multicast | all | tunnel } Soft resets a BGP neighbor.
| ipv6 unicast | all { unicast | multicast | all | tunnel
Step 2
The * keyword resets all BGP neighbors.
} | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast
| ipv6 unicast } { * | ip-address | as as-number |
external } soft [ in [ prefix-filter ] | out ]
The ip-address argument specifies the address of the
neighbor to be reset.
Example:
RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast
10.0.0.1 soft in
The as-number argument specifies that all neighbors
that match the autonomous system number be reset.
The external keyword specifies that all external
neighbors are reset.
Resetting Neighbors Using BGP Outbound Soft Reset
Perform this task to trigger an outbound soft reset of the specified address families for the specified group or
neighbors. The group is specified by the * , ip-address , as-number , or external keywords and arguments.
Resetting neighbors is useful if you change the outbound policy for the neighbors or any other configuration
that affects the sending or receiving of routing updates.
If an outbound soft reset is triggered, BGP resends all routes for the address family to the given neighbors.
To determine whether the neighbor has advertised the ROUTE_REFRESH capability, use the show bgp
neighbors command.
SUMMARY STEPS
1. show bgp neighbors
2. clear bgp { ipv4 { unicast | multicast | all | tunnel } | ipv6 unicast | all { unicast | multicast
| all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } { * |
ip-address | as as-number | external } soft [ in [ prefix-filter ] | ]
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 125
Implementing BGP on Cisco ASR 9000 Series Router
Resetting Neighbors Using BGP Outbound Soft ResetDETAILED STEPS
Command or Action Purpose
Verifies that received route refresh capability from the
neighbor is enabled.
show bgp neighbors
Example:
RP/0/RSP0/CPU0:router# show bgp neighbors
Step 1
clear bgp { ipv4 { unicast | multicast | all | tunnel } | Soft resets a BGP neighbor.
ipv6 unicast | all { unicast | multicast | all | tunnel
Step 2
The * keyword resets all BGP neighbors.
} | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast
| ipv6 unicast } { * | ip-address | as as-number |
external } soft [ in [ prefix-filter ] | ]
The ip-address argument specifies the address of the
neighbor to be reset.
Example:
RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast
10.0.0.2 soft out
The as-number argument specifies that all neighbors
that match the autonomous system number be reset.
The external keyword specifies that all external
neighbors are reset.
Resetting Neighbors Using BGP Hard Reset
Perform this task to reset neighbors using a hard reset. A hard reset removes the TCP connection to the
neighbor, removes all routes received from the neighbor from the BGP table, and then re-establishes the
session with the neighbor. If the graceful keyword is specified, the routes from the neighbor are not removed
from the BGP table immediately, but are marked as stale. After the session is re-established, any stale route
that has not been received again from the neighbor is removed.
SUMMARY STEPS
1. clear bgp { ipv4 { unicast | multicast | all | tunnel } | ipv6 unicast | all { unicast | multicast
| all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } | { * |
ip-address | as as-number | external } [ graceful ] soft [ in [ prefix-filter ] | out ]
DETAILED STEPS
Command or Action Purpose
clear bgp { ipv4 { unicast | multicast | all | tunnel } | Clears a BGP neighbor.
ipv6 unicast | all { unicast | multicast | all | tunnel }
Step 1
The * keyword resets all BGP neighbors.
| vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast |
ipv6 unicast } | { * | ip-address | as as-number | external
} [ graceful ] soft [ in [ prefix-filter ] | out ]
The ip-address argument specifies the address of the
neighbor to be reset.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
126 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Resetting Neighbors Using BGP Hard ResetCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router# clear bgp ipv4 unicast
10.0.0.3 graceful soft out
The as-number argument specifies that all neighbors
that match the autonomous system number be reset.
The external keyword specifies that all external
neighbors are reset.
The graceful keyword specifies a graceful restart.
Clearing Caches, Tables, and Databases
Perform this task to remove all contents of a particular cache, table, or database. The clear bgp command
resets the sessions of the specified group of neighbors (hard reset); it removes the TCP connection to the
neighbor, removes all routes received from the neighbor from the BGP table, and then re-establishes the
session with the neighbor. Clearing a cache, table, or database can become necessary when the contents of
the particular structure have become, or are suspected to be, invalid.
SUMMARY STEPS
1. clear bgp { ipv4 { unicast | multicast | all | tunnel } | ipv6 unicast | all { unicast | multicast
| all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } { ipv4 unicast | ipv6 unicast } ip-address
2. clear bgp external
3. clear bgp *
DETAILED STEPS
Command or Action Purpose
clear bgp { ipv4 { unicast | multicast | all | tunnel } | ipv6 unicast Clears a specified neighbor.
| all { unicast | multicast | all | tunnel } | vpnv4 unicast | vrf {
vrf-name | all } { ipv4 unicast | ipv6 unicast } ip-address
Step 1
Example:
RP/0/RSP0/CPU0:router# clear bgp ipv4 172.20.1.1
clear bgp external Clears all external peers.
Example:
RP/0/RSP0/CPU0:router# clear bgp external
Step 2
clear bgp * Clears all BGP neighbors.
Example:
RP/0/RSP0/CPU0:router# clear bgp *
Step 3
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 127
Implementing BGP on Cisco ASR 9000 Series Router
Clearing Caches, Tables, and DatabasesDisplaying System and Network Statistics
Perform thistask to display specific statistics,such asthe contents of BGP routing tables, caches, and databases.
Information provided can be used to determine resource usage and solve network problems. You can also
display information about node reachability and discover the routing path that the packets of your device are
taking through the network.
SUMMARY STEPS
1. show bgp cidr-only
2. show bgp community community-list [ exact-match ]
3. show bgp regexp regular-expression
4. show bgp
5. show bgp neighbors ip-address [ advertised-routes | dampened-routes | flap-statistics |
performance-statistics | received prefix-filter | routes ]
6. show bgp paths
7. show bgp neighbor-group group-name configuration
8. show bgp summary
DETAILED STEPS
Command or Action Purpose
Displays routes with nonnatural network masks (classless
interdomain routing [CIDR]) routes.
show bgp cidr-only
Example:
RP/0/RSP0/CPU0:router# show bgp cidr-only
Step 1
show bgp community community-list [ Displays routes that match the specified BGP community.
exact-match ]
Step 2
Example:
RP/0/RSP0/CPU0:router# show bgp community
1081:5 exact-match
Displaysroutesthat match the specified autonomoussystem path
regular expression.
show bgp regexp regular-expression
Example:
RP/0/RSP0/CPU0:router# show bgp regexp "^3 "
Step 3
show bgp Displays entries in the BGP routing table.
Example:
RP/0/RSP0/CPU0:router# show bgp
Step 4
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
128 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Displaying System and Network StatisticsCommand or Action Purpose
Displays information about the BGP connection to the specified
neighbor.
show bgp neighbors ip-address [
advertised-routes | dampened-routes |
Step 5
flap-statistics | performance-statistics | received
prefix-filter | routes ]
The advertised-routes keyword displays all routes the
router advertised to the neighbor.
Example:
RP/0/RSP0/CPU0:router# show bgp neighbors
10.0.101.1
The dampened-routes keyword displays the dampened
routes that are learned from the neighbor.
The flap-statistics keyword displays flap statistics of the
routes learned from the neighbor.
The performance-statistics keyword displays
performance statistics relating to work done by the BGP
process for this neighbor.
The received prefix-filter keyword and argument display
the received prefix list filter.
The routes keyword displays routes learned from the
neighbor.
show bgp paths Displays all BGP paths in the database.
Example:
RP/0/RSP0/CPU0:router# show bgp paths
Step 6
Displays the effective configuration for a specified neighbor
group, including any configuration inherited by this neighbor
group.
show bgp neighbor-group group-name
configuration
Example:
RP/0/RSP0/CPU0:router# show bgp
neighbor-group group_1 configuration
Step 7
show bgp summary Displays the status of all BGP connections.
Example:
RP/0/RSP0/CPU0:router# show bgp summary
Step 8
Displaying BGP Process Information
Perform this task to display specific BGP process information.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 129
Implementing BGP on Cisco ASR 9000 Series Router
Displaying BGP Process InformationSUMMARY STEPS
1. show bgp process
2. show bgp ipv4 unicast summary
3. show bgp vpnv4 unicast summary
4. show bgp vrf ( vrf-name | all }
5. show bgp process detail
6. show bgp summary
7. show placement program bgp
8. show placement program brib
DETAILED STEPS
Command or Action Purpose
Displays status and summary information for the BGP process. The
output shows various global and address family-specific BGP
show bgp process
Example:
RP/0/RSP0/CPU0:router# show bgp process
Step 1
configurations. A summary of the number of neighbors, update
messages, and notification messages sent and received by the process
is also displayed.
Displays a summary of the neighbors for the IPv4 unicast address
family.
show bgp ipv4 unicast summary
Example:
RP/0/RSP0/CPU0:router# show bgp ipv4
unicast summary
Step 2
Displays a summary of the neighbors for the VPNv4 unicast address
family.
show bgp vpnv4 unicast summary
Example:
RP/0/RSP0/CPU0:router# show bgp vpnv4
unicast summary
Step 3
show bgp vrf ( vrf-name | all } Displays BGP VPN virtual routing and forwarding (VRF) information.
Example:
RP/0/RSP0/CPU0:router# show bgp vrf
vrf_A
Step 4
Displays detailed process information including the memory used by
each of various internal structure types.
show bgp process detail
Example:
RP/0/RSP0/CPU0:router# show bgp
processes detail
Step 5
show bgp summary Displays the status of all BGP connections.
Example:
RP/0/RSP0/CPU0:router# show bgp summary
Step 6
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
130 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Displaying BGP Process InformationCommand or Action Purpose
Step 7 show placement program bgp Displays BGP program information.
Example:
RP/0/RSP0/CPU0:router# show placement
program bgp
If a program isshown as having rejected locations (for example,
locations where program cannot be placed), the locations in
question can be viewed using the show placement program bgp
command.
If a program has been placed but not started, the amount of
elapsed time since the program was placed is displayed in the
Waiting to start column.
Step 8 show placement program brib Displays bRIB program information.
Example:
RP/0/RSP0/CPU0:router# show placement
program brib
If a program isshown as having rejected locations (for example,
locations where program cannot be placed), the locations in
question can be viewed using the show placement program bgp
command.
If a program has been placed but not started, the amount of
elapsed time since the program was placed is displayed in the
Waiting to start column.
Monitoring BGP Update Groups
This task displays information related to the processing of BGP update groups.
SUMMARY STEPS
1. show bgp [ ipv4 { unicast | multicast | all | tunnel } | ipv6 { unicast | all } | all { unicast |
multicast | all | tunnel } | vpnv4 unicast | vrf { vrf-name | all } [ ipv4 unicast ] update-group
[ neighbor ip-address | process-id.index [ summary | performance-statistics ]]
DETAILED STEPS
Command or Action Purpose
show bgp [ ipv4 { unicast | multicast | all | Displays information about BGP update groups.
tunnel } | ipv6 { unicast | all } | all { unicast |
Step 1
The ip-address argument displays the update groups to which that
neighbor belongs.
multicast | all | tunnel } | vpnv4 unicast | vrf
{ vrf-name | all } [ ipv4 unicast ] update-group
[ neighbor ip-address | process-id.index [
summary | performance-statistics ]]
The process-id.index argument selects a particular update group
to display and is specified as follows: process ID (dot) index.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 131
Implementing BGP on Cisco ASR 9000 Series Router
Monitoring BGP Update GroupsCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router# show bgp update-group
0.0
Process ID range is from 0 to 254. Index range is from 0 to
4294967295.
The summary keyword displays summary information for
neighbors in a particular update group.
If no argument is specified, this command displays information
for all update groups (for the specified address family).
The performance-statistics keyword displays performance
statistics for an update group.
Configuring BGP Nonstop Routing
Perform this task to configure BGP Nonstop Routing (NSR).
SUMMARY STEPS
1. configure
2. router bgp as-number
3. nsr
4. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the BGP AS number, and enters the BGP configuration mode,
for configuring BGP routing processes.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router
bgp 120
Step 2
Step 3 nsr Activates BGP Nonstop routing.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
132 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Nonstop RoutingCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-bgp)# nsr
BGP supports 5000 NSR
sessions.
Note
Step 4 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before exiting
(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Installing Primary Backup Path for Prefix Independent Convergence (PIC)
Perform the following tasks to install a backup path into the forwarding table and provide prefix independent
convergence (PIC) in case of a PE-CE link failure:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 133
Implementing BGP on Cisco ASR 9000 Series Router
Installing Primary Backup Path for Prefix Independent Convergence (PIC)SUMMARY STEPS
1. configure
2. router bgp as-number
3. Do one of the following
address-family {vpnv4 unicast | vpnv6 unicast}
vrf vrf-name {ipv4 unicast | ipv6 unicast}
4. additional-paths selection route-policy route-policy-name
5. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifiesthe autonomoussystem number and entersthe BGP configuration
mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router
bgp 100
Step 2
Specifies the address family or VRF address family and enters the address
family or VRF address family configuration submode.
Step 3 Do one of the following
address-family {vpnv4 unicast |
vpnv6 unicast}
vrf vrf-name {ipv4 unicast | ipv6
unicast}
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family vpnv4 unicast
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
134 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Installing Primary Backup Path for Prefix Independent Convergence (PIC)Command or Action Purpose
Configures additional paths selection mode for a prefix.
Use the additional-pathsselection command with an appropriate
route-policy to calculate backup paths and to enable Prefix
Independent Convergence (PIC) functionality.
Note
additional-paths selection route-policy
route-policy-name
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
additional-paths selection
route-policy ap1
Step 4
The route-policy configuration is a pre-requisite for configuring the
additional-pathsselection mode for a prefix . Thisis an example route-policy
configuration to use with additional-selection command:
route-policy ap1
set path-selection backup 1 install
end-policy
Step 5 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exitsthe configuration session and returnsthe router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Retaining Allocated Local Label for Primary Path
Perform the following tasks to retain the previously allocated local label for the primary path on the primary
PE for some configurable time after reconvergence:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 135
Implementing BGP on Cisco ASR 9000 Series Router
Retaining Allocated Local Label for Primary PathSUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family { vpnv4 unicast | vpnv6 unicast }
4. retain local-label minutes
5. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router
bgp 100
Step 2
Specifies the address family and enters the address family configuration
submode.
address-family { vpnv4 unicast | vpnv6
unicast }
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family vpnv4 unicast
Step 3
Retains the previously allocated local label for the primary path on the
primary PE for 10 minutes after reconvergence.
retain local-label minutes
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
retain local-label 10
Step 4
Step 5 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before exiting
(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp)# end
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
136 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Retaining Allocated Local Label for Primary PathCommand or Action Purpose
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-bgp)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session
Configuring BGP Additional Paths
Perform these tasks to configure BGP Additional Paths capability:
SUMMARY STEPS
1. configure
2. route-policy route-policy-name
3. if conditional-expression then action-statement else
4. pass endif
5. end-policy
6. router bgp as-number
7. address-family {ipv4 {unicast | multicast} | ipv6 {unicast | multicast | l2vpn vpls-vpws| vpnv4 unicast
| vpnv6 unicast }
8. additional-paths receive
9. additional-paths send
10. additional-paths selection route-policy route-policy-name
11. Use one of these commands:
end
commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 137
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Additional PathsDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Defines the route policy and enters route-policy
configuration mode.
route-policy route-policy-name
Example:
RP/0/RSP0/CPU0:router (config)#route-policy
add_path_policy
Step 2
if conditional-expression then action-statement else Decidesthe actions and dispositionsfor the given route.
Example:
RP/0/RSP0/CPU0:router (config-rpl)#if community
matches-any (*) then
Step 3
set path-selection all advertise
else
pass endif Passesthe route for processing and endsthe ifstatement.
Example:
RP/0/RSP0/CPU0:router(config-rpl-else)#pass
RP/0/RSP0/CPU0:router(config-rpl-else)#endif
Step 4
Ends the route policy definition of the route policy and
exits route-policy configuration mode.
end-policy
Example:
RP/0/RSP0/CPU0:router(config-rpl)#end-policy
Step 5
Specifies the autonomous system number and enters
the BGP configuration mode, allowing you to configure
the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)#router bgp 100
Step 6
Specifies the address family and enters address family
configuration submode.
address-family {ipv4 {unicast | multicast} | ipv6 {unicast |
multicast | l2vpn vpls-vpws | vpnv4 unicast | vpnv6 unicast
}
Step 7
Example:
RP/0/RSP0/CPU0:router(config-bgp)#address-family ipv4
unicast
Configures receive capability of multiple paths for a
prefix to the capable peers.
additional-paths receive
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#additional-paths
receive
Step 8
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
138 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring BGP Additional PathsCommand or Action Purpose
Configuressend capability of multiple pathsfor a prefix
to the capable peers .
additional-paths send
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#additional-paths
send
Step 9
Configures additional paths selection capability for a
prefix.
additional-paths selection route-policy route-policy-name
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#additional-paths
selection route-policy add_path_policy
Step 10
Step 11 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to
the running configuration file, exits the
or
RP/0/RSP0/CPU0:router(config)# commit
configuration session, and returnsthe router
to EXEC mode.
? Entering no exits the configuration session
and returns the router to EXEC mode
without committing the configuration
changes.
? Entering cancel leaves the router in the
current configuration session without exiting
or committing the configuration changes.
Use the commit command to save the
configuration changesto the running configuration
file and remain within the configuration session.
Configuring iBGP Multipath Load Sharing
Perform this task to configure the iBGP Multipath Load Sharing:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 139
Implementing BGP on Cisco ASR 9000 Series Router
Configuring iBGP Multipath Load SharingSUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family {ipv4|ipv6} {unicast|multicast}
4. maximum-paths ibgp number
5. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the
BGP configuration mode, allowing you to configure the
BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 100
Step 2
Specifies either the IPv4 or IPv6 address family and enters
address family configuration submode.
address-family {ipv4|ipv6} {unicast|multicast}
Example:
RP/0/RSP0/CPU0:router(config-bgp)# address-family
ipv4 multicast
Step 3
Configures the maximum number of iBGP paths for load
sharing.
maximum-paths ibgp number
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# maximum-paths
ibgp 30
Step 4
Step 5 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the
running configuration file, exitsthe configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
140 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring iBGP Multipath Load SharingCommand or Action Purpose
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Originating Prefixes with AiGP
Perform this task to configure origination of routes with the AiGP metric:
Before You Begin
Origination of routes with the accumulated interior gateway protocol (AiGP) metric is controlled by
configuration. AiGP attributes are attached to redistributed routes that satisfy following conditions:
The protocol redistributing the route is enabled for AiGP.
The route is an interior gateway protocol (iGP) route redistributed into border gateway protocol (BGP).
The value assigned to the AiGP attribute is the value of iGP next hop to the route or as set by a
route-policy.
The route is a static route redistributed into BGP. The value assigned is the value of next hop to the route
or as set by a route-policy.
The route is imported into BGP through network statement. The value assigned is the value of next hop
to the route or as set by a route-policy.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 141
Implementing BGP on Cisco ASR 9000 Series Router
Originating Prefixes with AiGPSUMMARY STEPS
1. configure
2. route-policy aigp_policy
3. set aigp-metricigp-cost
4. exit
5. router bgp as-number
6. address-family {ipv4 | ipv6} unicast
7. redistribute ospf osp route-policy plcy_namemetric value
8. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters route-policy configuration mode and sets the
route-policy
route-policy aigp_policy
Example:
RP/0/RSP0/CPU0:router(config)# route-policy
aip_policy
Step 2
set aigp-metricigp-cost Sets the internal routing protocol cost as the aigp metric.
Example:
RP/0/RSP0/CPU0:router(config-rpl)# set aigp-metric
igp-cost
Step 3
exit Exits route-policy configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-rpl)# exit
Step 4
Specifies the BGP AS number and enters the BGP
configuration mode, allowing you to configure the BGP
routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 100
Step 5
Specifies either the IPv4 or IPv6 address family and enters
address family configuration submode.
address-family {ipv4 | ipv6} unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)# address-family
ipv4 unicast
Step 6
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
142 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Originating Prefixes with AiGPCommand or Action Purpose
redistribute ospf osp route-policy plcy_namemetric value Allows the redistribution of AiBGP metric into OSPF.
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#redistribute
ospf osp route-policy aigp_policy metric 1
Step 7
Step 8 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the
running configuration file, exitsthe configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Enabling BGP Unequal Cost Recursive Load Balancing
Perform this task to enable unequal cost recursive load balancing for external BGP (eBGP), interior BGP
(iBGP), and eiBGP and to enable BGP to carry link bandwidth attribute of the demilitarized zone (DMZ) link.
When the PE router includes the link bandwidth extended community in its updates to the remote PE through
the Multiprotocol Interior BGP (MP-iBGP)session (either IPv4 or VPNv4), the remote PE automatically does
load balancing if the maximum-paths command is enabled.
Unequal cost recursive load balancing happens across maximum eight paths only.
Note Enabling BGP unequal cost recursive load balancing feature is not supported on CPP based cards.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 143
Implementing BGP on Cisco ASR 9000 Series Router
Enabling BGP Unequal Cost Recursive Load BalancingSUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family { ipv4 | ipv6 } unicast
4. maximum-paths { ebgp | ibgp | eibgp } maximum [ unequal-cost ]
5. exit
6. neighbor ip-address
7. dmz-link-bandwidth
8. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number and enters the BGP
configuration mode, allowing you to configure the BGP routing
process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Step 2
Specifies either an IPv4 or IPv6 address family unicast and enters
address family configuration submode.
address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Step 3
To see a list of all the possible keywords and arguments for this
command, use the CLI help (?).
Configures the maximum number of parallel routes that BGP
installs in the routing table.
maximum-paths { ebgp | ibgp | eibgp } maximum
[ unequal-cost ]
Step 4
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
maximum-paths ebgp 3
Valid values for maximum-paths are eight,
inclusive.
Note
ebgp maximum : Consider only eBGP paths for multipath.
ibgp maximum [ unequal-cost ]: Consider load balancing
between iBGP learned paths.
eibgp maximum : Consider both eBGP and iBGP learned
pathsfor load balancing. eiBGP load balancing always does
unequal-cost load balancing.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
144 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Enabling BGP Unequal Cost Recursive Load BalancingCommand or Action Purpose
When eiBGP is applied, eBGP or iBGP load balancing cannot be
configured; however, eBGP and iBGP load balancing can coexist.
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# exit
Step 5
Configures a CE neighbor. The ip-address argument must be a
private address.
neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor
10.0.0.0
Step 6
Originates a demilitarized-zone (DMZ) link-bandwidth extended
community for the link to an eBGP/iBGP neighbor.
dmz-link-bandwidth
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
dmz-link-bandwidth
Step 7
Step 8 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
commit
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 145
Implementing BGP on Cisco ASR 9000 Series Router
Enabling BGP Unequal Cost Recursive Load BalancingConfiguring RPKI Cache
Perform this task to configure Resource Public Key Infrastructure (RPKI) cache parameters.
Configure the RPKI cache configuration in rpki-cache submode under the router-bgp submode. Use the rpki
cache ip_addres command to enter into the rpki-cache submode
SUMMARY STEPS
1. configure
2. router bgp as-number
3. rpki cache {host-name | ip-address}
4. Use one of these commands:
transport ssh port port_number
transport tcp port port_number
5. (Optional) username user_name
6. (Optional) password
7. preference preference_value
8. purge-time time
9. Use one of these commands.
refresh-time time
refresh-time off
10. Use one these commands.
response-time time
response-time off
11. shutdown
12. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
146 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring RPKI CacheCommand or Action Purpose
Specifies the BGP AS number and enters the BGP
configuration mode, allowing you to configure the
BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)#router bgp 100
Step 2
Entersrpki-cache submode and enables configuration
of RPKI cache parameters.
rpki cache {host-name | ip-address}
Example:
RP/0/RSP0/CPU0:router(config-bgp)#rpki cache 10.2.3.4
Step 3
Step 4 Use one of these commands: Specifies a transport method for the RPKI cache.
sshSelect ssh to connect to the RPKI cache
using SSH.
transport ssh port port_number
transport tcp port port_number
tcpSelect tcp to connect to the RPKI cache
using TCP (unencrypted).
Example:
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#transport ssh
port 1
port port_numberSpecify a port number for
the specified RPKI cache transport. Range for
the port number is 1 to 65535 for both ssh and
tcp.
Or
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#transport tcp
port 2
You can set the transport to either tcp or
ssh. Change of transport causes the cache
session to flap.
Note
(Optional)
Specifies a (SSH) username for the RPKI cache.
username user_name
Example:
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#username
ssh_rpki_cache
Step 5
(Optional)
Specifies a (SSH) password for the RPKI cache.
password
Example:
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#password
ssh_rpki_pass
Step 6
The username and password
configurations only apply if the SSH
method of transport is active.
Note
Specifies a preference value for the RPKI cache.
Range for the preference value is 1 to 10. Setting a
lower preference value is better.
preference preference_value
Example:
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#preference 1
Step 7
Configures the time BGP waits to keep routes from
a cache after the cache session drops. Set purge time
purge-time time
Example:
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#purge-time 30
Step 8
in seconds. Range for the purge time is 30 to 360
seconds.
Configures the time BGP waits in between sending
periodic serial queries to the cache. Set refresh-time
Step 9 Use one of these commands.
refresh-time time
in seconds. Range for the refresh time is 15 to 3600
refresh-time off seconds.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 147
Implementing BGP on Cisco ASR 9000 Series Router
Configuring RPKI CacheCommand or Action Purpose
Configure the off option to specify not to send
serial-queries periodically.
Example:
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#refresh-time
20
Or
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#refresh-time
off
Configures the time BGP waits for a response after
sending a serial or reset query. Set response-time in
Step 10 Use one these commands.
response-time time
seconds. Range for the response time is 15 to 3600
response-time off seconds.
Configure the off option to wait indefinitely for a
response.
Example:
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#response-time
30
Or
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#response-time
off
shutdown Configures shut down of the RPKI cache.
Example:
RP/0/RSP0/CPU0:router(config-bgp-rpki-cache)#shutdown
Step 11
Step 12 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
before exiting(yes/no/cancel)?
[cancel]:
? Entering yessaves configuration changes
to the running configuration file, exits
or
RP/0/RSP0/CPU0:router(config)# commit
the configuration session, and returnsthe
router to EXEC mode.
? Entering no exits the configuration
session and returns the router to EXEC
mode without committing the
configuration changes.
? Entering cancel leaves the router in the
current configuration session without
exiting or committing the configuration
changes.
Use the commit command to save the
configuration changes to the running
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
148 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring RPKI CacheCommand or Action Purpose
configuration file and remain within the
configuration session.
Configuring RPKI Prefix Validation
Perform this task to control the behavior of RPKI prefix validation processing.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. Use one of these commands.
rpki origin-as validation disable
rpki origin-as validation time {off | prefix_validation_time
4. origin-as validity signal ibgp
5. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the BGP AS number and enters the BGP configuration mode,
allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)#router
bgp 100
Step 2
Step 3 Use one of these commands. Sets the BGP origin-AS validation parameters.
rpki origin-as validation disable disableUse disable option to disable RPKI origin-AS validation.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 149
Implementing BGP on Cisco ASR 9000 Series Router
Configuring RPKI Prefix ValidationCommand or Action Purpose
timeUse time option to eitherset prefix validation time (in seconds)
or to set off the automatic prefix validation after an RPKI update.
rpki origin-as validation time {off |
prefix_validation_time
Range for prefix validation time is 5 to 60 seconds.
Example:
RP/0/RSP0/CPU0:router(config-bgp)#rpki
origin-as validation disable
Configuring the disable option disables prefix validation for all eBGP
paths and all eBGP paths are marked as "valid" by default.
The rpki origin-as validation options can also configured in
neighbor and neighbor address family submodes. The
neighbor must be an ebgp neighbor. If configured at the
neighbor or neighor address family level, prefix validation
disable or time options will be valid only for that specific
neighbor or neighbor address family.
Note
Or
RP/0/RSP0/CPU0:router(config-bgp)#rpki
origin-as validation time 50
Or
RP/0/RSP0/CPU0:router(config-bgp)#rpki
origin-as validation time off
Step 4 origin-as validity signal ibgp Enablesthe iBGP signaling of validity state through an extended-community.
Example:
RP/0/RSP0/CPU0:router(config-bgp)#rpki
origin-as validity signal ibgp
This can also be configured in global address family submode.
Step 5 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Configuring RPKI Bestpath Computation
Perform this task to configure RPKI bestpath computation options.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
150 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuring RPKI Bestpath ComputationSUMMARY STEPS
1. configure
2. router bgp as-number
3. rpki bestpath use origin-as validity
4. rpki bestpath origin-as allow invalid
5. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the BGP AS number and enters the BGP configuration mode,
allowing you to configure the BGP routing process.
router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)#router
bgp 100
Step 2
Enables the validity states of BGP paths to affect the path's preference in
the BGP bestpath process. This configuration can also be done in router
BGP address family submode.
rpki bestpath use origin-as validity
Example:
RP/0/RSP0/CPU0:router(config-bgp)#rpki
bestpath use origin-as validity
Step 3
Allows all "invalid" paths to be considered for BGP bestpath computation.
This configuration can also be done at global address family,
neighbor, and neighbor address family submodes. Configuring rpki
bestpath origin-as allow invalid in router BGP and address family
submodes allow all "invalid" paths to be considered for BGP
bestpath computation. By default, all such paths are not bestpath
candidates. Configuring pki bestpath origin-as allow invalid in
neighbor and neighbor addressfamily submodes allow all "invalid"
paths from that specific neighbor or neighbor address family to be
considered as bestpath candidates. The neighbor must be an eBGP
neighbor.
Note
rpki bestpath origin-as allow invalid
Example:
RP/0/RSP0/CPU0:router(config-bgp)#rpki
bestpath origin-as allow invalid
Step 4
This configuration takes effect only when the rpki bestpath use origin-as
validity configuration is enabled.
Step 5 Use one of these commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 151
Implementing BGP on Cisco ASR 9000 Series Router
Configuring RPKI Bestpath ComputationCommand or Action Purpose
When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
end
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the
router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Configuration Examples for Implementing BGP
This section provides the following configuration examples:
Enabling BGP: Example
The following shows how to enable BGP.
prefix-set static
2020::/64,
2012::/64,
10.10.0.0/16,
10.2.0.0/24
end-set
route-policy pass-all
pass
end-policy
route-policy set_next_hop_agg_v4
set next-hop 10.0.0.1
end-policy
route-policy set_next_hop_static_v4
if (destination in static) then
set next-hop 10.1.0.1
else
drop
endif
end-policy
route-policy set_next_hop_agg_v6
set next-hop 2003::121
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
152 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Configuration Examples for Implementing BGPend-policy
route-policy set_next_hop_static_v6
if (destination in static) then
set next-hop 2011::121
else
drop
endif
end-policy
router bgp 65000
bgp fast-external-fallover disable
bgp confederation peers
65001
65002
bgp confederation identifier 1
bgp router-id 1.1.1.1
address-family ipv4 unicast
aggregate-address 10.2.0.0/24 route-policy set_next_hop_agg_v4
aggregate-address 10.3.0.0/24
redistribute static route-policy set_next_hop_static_v4
address-family ipv4 multicast
aggregate-address 10.2.0.0/24 route-policy set_next_hop_agg_v4
aggregate-address 10.3.0.0/24
redistribute static route-policy set_next_hop_static_v4
address-family ipv6 unicast
aggregate-address 2012::/64 route-policy set_next_hop_agg_v6
aggregate-address 2013::/64
redistribute static route-policy set_next_hop_static_v6
address-family ipv6 multicast
aggregate-address 2012::/64 route-policy set_next_hop_agg_v6
aggregate-address 2013::/64
redistribute static route-policy set_next_hop_static_v6
neighbor 10.0.101.60
remote-as 65000
address-family ipv4 unicast
address-family ipv4 multicast
neighbor 10.0.101.61
remote-as 65000
address-family ipv4 unicast
address-family ipv4 multicast
neighbor 10.0.101.62
remote-as 3
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
address-family ipv4 multicast
route-policy pass-all in
route-policy pass-all out
neighbor 10.0.101.64
remote-as 5
update-source Loopback0
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
address-family ipv4 multicast
route-policy pass-all in
route-policy pass-all out
Displaying BGP Update Groups: Example
The following is sample output from the show bgp update-group command run in EXEC mode:
RP/0/RSP0/CPU0:router# show bgp update-group
Update group for IPv4 Unicast, index 0.1:
Attributes:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 153
Implementing BGP on Cisco ASR 9000 Series Router
Displaying BGP Update Groups: ExampleOutbound Route map:rm
Minimum advertisement interval:30
Messages formatted:2, replicated:2
Neighbors in this update group:
10.0.101.92
Update group for IPv4 Unicast, index 0.2:
Attributes:
Minimum advertisement interval:30
Messages formatted:2, replicated:2
Neighbors in this update group:
10.0.101.91
BGP Neighbor Configuration: Example
The following example shows how BGP neighbors on an autonomous system are configured to share
information. In the example, a BGP router is assigned to autonomous system 109, and two networks are listed
as originating in the autonomous system. Then the addresses of three remote routers (and their autonomous
systems) are listed. The router being configured shares information about networks 172 .16 .0.0 and 192.168
.7.0 with the neighbor routers. The first router listed is in a different autonomous system; the second neighbor
and remote-as commandsspecify an internal neighbor (with the same autonomoussystem number) at address
172 .26 .234.2; and the third neighbor and remote-as commandsspecify a neighbor on a different autonomous
system.
route-policy pass-all
pass
end-policy
router bgp 109
address-family ipv4 unicast
network 172
.16
.0.0 255.255
.0.0
network 192.168
.7.0 255.255
.0.0
neighbor 172
.16
.200.1
remote-as 167
exit
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-out out
neighbor 172
.26
.234.2
remote-as 109
exit
address-family ipv4 unicast
neighbor 172
.26
.64.19
remote-as 99
exit
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
154 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Neighbor Configuration: ExampleBGP Confederation: Example
The following is a sample configuration thatshowsseveral peersin a confederation. The confederation consists
of three internal autonomous systems with autonomous system numbers 6001, 6002, and 6003. To the BGP
speakers outside the confederation, the confederation lookslike a normal autonomoussystem with autonomous
system number 666 (specified using the bgp confederation identifier command).
In a BGP speaker in autonomous system 6001, the bgp confederation peers command marks the peers from
autonomous systems 6002 and 6003 as special eBGP peers. Hence, peers 171.16 .232.55 and 171.16 .232.56
get the local preference, next hop, and MED unmodified in the updates. The router at 171 .19 .69.1 is a normal
eBGP speaker, and the updates received by it from this peer are just like a normal eBGP update from a peer
in autonomous system 666.
router bgp 6001
bgp confederation identifier 666
bgp confederation peers
6002
6003
exit
address-family ipv4 unicast
neighbor 171.16
.232.55
remote-as 6002
exit
address-family ipv4 unicast
neighbor 171.16
.232.56
remote-as 6003
exit
address-family ipv4 unicast
neighbor 171
.19
.69.1
remote-as 777
In a BGP speaker in autonomous system 6002, the peers from autonomous systems 6001 and 6003 are
configured as special eBGP peers. Peer 171 .17 .70.1 is a normal iBGP peer, and peer 199.99.99.2 is a normal
eBGP peer from autonomous system 700.
router bgp 6002
bgp confederation identifier 666
bgp confederation peers
6001
6003
exit
address-family ipv4 unicast
neighbor 171
.17
.70.1
remote-as 6002
exit
address-family ipv4 unicast
neighbor 171.19
.232.57
remote-as 6001
exit
address-family ipv4 unicast
neighbor 171.19
.232.56
remote-as 6003
exit
address-family ipv4 unicast
neighbor 171
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 155
Implementing BGP on Cisco ASR 9000 Series Router
BGP Confederation: Example.19
.99.2
remote-as 700
exit
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
In a BGP speaker in autonomous system 6003, the peers from autonomous systems 6001 and 6002 are
configured as special eBGP peers. Peer 192 .168 .200.200 is a normal eBGP peer from autonomous system
701.
router bgp 6003
bgp confederation identifier 666
bgp confederation peers
6001
6002
exit
address-family ipv4 unicast
neighbor 171.19
.232.57
remote-as 6001
exit
address-family ipv4 unicast
neighbor 171.19
.232.55
remote-as 6002
exit
address-family ipv4 unicast
neighbor 192
.168
.200.200
remote-as 701
exit
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
The following is a part of the configuration from the BGP speaker 192 .168 .200.205 from autonomoussystem
701 in the same example. Neighbor 171.16 .232.56 is configured as a normal eBGP speaker from autonomous
system 666. The internal division of the autonomous system into multiple autonomous systems is not known
to the peers external to the confederation.
router bgp 701
address-family ipv4 unicast
neighbor 172
.16
.232.56
remote-as 666
exit
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
exit
address-family ipv4 unicast
neighbor 192
.168
.200.205
remote-as 701
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
156 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Confederation: ExampleBGP Route Reflector: Example
The following example shows how to use an address family to configure internal BGP peer 10.1.1.1 as a route
reflector client for both unicast and multicast prefixes:
router bgp 140
address-family ipv4 unicast
neighbor 10.1.1.1
remote-as 140
address-family ipv4 unicast
route-reflector-client
exit
address-family ipv4 multicast
route-reflector-client
BGP Nonstop Routing Configuration: Example
The following example shows how to enable BGP NSR:
RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# router bgp 120
RP/0/RSP0/CPU0:router(config-bgp)# nsr
RP/0/RSP0/CPU0:router(config-bgp)# end
The following example shows how to disable BGP NSR:
RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# router bgp 120
RP/0/RSP0/CPU0:router(config-bgp)# no nsr
RP/0/RSP0/CPU0:router(config-bgp)# end
Primary Backup Path Installation: Example
The following example shows how to enable installation of primary backup path:
router bgp 120
address-family ipv4 unicast
additional-paths receive
additional-paths send
additional-paths selection route-policy bgp_add_path
!
!
end
Allocated Local Label Retention: Example
The following example shows how to retain the previously allocated local label for the primary path on the
primary PE for 10 minutes after reconvergence:
router bgp 100
address-family l2vpn vpls-vpws
retain local-label 10
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 157
Implementing BGP on Cisco ASR 9000 Series Router
BGP Route Reflector: Exampleend
iBGP Multipath Loadsharing Configuration: Example
The following is a sample configuration where 30 paths are used for loadsharing:
router bgp 100
address-family ipv4 multicast
maximum-paths ibgp 30
!
!
end
Configuring BGP Additional Paths: Example
This is a sample configuration for enabling BGP Additional Paths send, receive, and selcetion capabilities:
route-policy add_path_policy
if community matches-any (*) then
set path-selection all advertise
else
pass
endif
end-policy
!
router bgp 100
address-family ipv4 unicast
additional-paths receive
additional-paths send
additional-paths selection route-policy add_path_policy
!
!
end
Originating Prefixes With AiGP: Example
The following is a sample configuration for originating prefixes with the AiGP metric attribute:
route-policy aigp-policy
set aigp-metric 4
set aigp-metric igp-cost
end-policy
!
router bgp 100
address-family ipv4 unicast
network 10.2.3.4/24 route-policy aigp-policy
redistribute ospf osp1 metric 4 route-policy aigp-policy
!
!
end
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
158 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
iBGP Multipath Loadsharing Configuration: ExampleBGP Unequal Cost Recursive Load Balancing: Example
This is a sample configuration for unequal cost recursive load balancing:
interface Loopback0
ipv4 address 20.20.20.20 255.255.255.255
!
interface MgmtEth0/RSP0/CPU0/0
ipv4 address 8.43.0.10 255.255.255.0
!
interface TenGigE0/3/0/0
bandwidth 8000000
ipv4 address 11.11.11.11 255.255.255.0
ipv6 address 11:11:0:1::11/64
!
interface TenGigE0/3/0/1
bandwidth 7000000
ipv4 address 11.11.12.11 255.255.255.0
ipv6 address 11:11:0:2::11/64
!
interface TenGigE0/3/0/2
bandwidth 6000000
ipv4 address 11.11.13.11 255.255.255.0
ipv6 address 11:11:0:3::11/64
!
interface TenGigE0/3/0/3
bandwidth 5000000
ipv4 address 11.11.14.11 255.255.255.0
ipv6 address 11:11:0:4::11/64
!
interface TenGigE0/3/0/4
bandwidth 4000000
ipv4 address 11.11.15.11 255.255.255.0
ipv6 address 11:11:0:5::11/64
!
interface TenGigE0/3/0/5
bandwidth 3000000
ipv4 address 11.11.16.11 255.255.255.0
ipv6 address 11:11:0:6::11/64
!
interface TenGigE0/3/0/6
bandwidth 2000000
ipv4 address 11.11.17.11 255.255.255.0
ipv6 address 11:11:0:7::11/64
!
interface TenGigE0/3/0/7
bandwidth 1000000
ipv4 address 11.11.18.11 255.255.255.0
ipv6 address 11:11:0:8::11/64
!
interface TenGigE0/4/0/0
description CONNECTED TO IXIA 1/3
transceiver permit pid all
!
interface TenGigE0/4/0/2
ipv4 address 9.9.9.9 255.255.0.0
ipv6 address 9:9::9/64
ipv6 enable
!
route-policy pass-all
pass
end-policy
!
router static
address-family ipv4 unicast
202.153.144.0/24 8.43.0.1
!
!
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 159
Implementing BGP on Cisco ASR 9000 Series Router
BGP Unequal Cost Recursive Load Balancing: Examplerouter bgp 100
bgp router-id 20.20.20.20
address-family ipv4 unicast
maximum-paths eibgp 8
redistribute connected
!
neighbor 11.11.11.12
remote-as 200
dmz-link-bandwidth
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
!
!
neighbor 11.11.12.12
remote-as 200
dmz-link-bandwidth
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
!
!
neighbor 11.11.13.12
remote-as 200
dmz-link-bandwidth
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
!
!
neighbor 11.11.14.12
remote-as 200
dmz-link-bandwidth
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
!
!
neighbor 11.11.15.12
remote-as 200
dmz-link-bandwidth
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
!
!
neighbor 11.11.16.12
remote-as 200
dmz-link-bandwidth
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
!
!
neighbor 11.11.17.12
remote-as 200
dmz-link-bandwidth
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
!
!
neighbor 11.11.18.12
remote-as 200
dmz-link-bandwidth
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
!
!
!
end
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
160 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
BGP Unequal Cost Recursive Load Balancing: ExampleWhere to Go Next
For detailed information about BGP commands, see Cisco ASR 9000 Series Aggregation Services Router
Routing Command Reference
Additional References
The following sections provide references related to implementing BGP.
Related Documents
Related Topic Document Title
Cisco ASR 9000 Series Aggregation Services Router
Routing Command Reference
BGP commands: complete command syntax,
command modes, command history, defaults, usage
guidelines, and examples
Cisco ASR 9000 Series Aggregation Services Router
IP Addresses and Services Command Reference
Cisco Express Forwarding (CEF) commands:
complete command syntax, command modes,
command history, defaults, usage guidelines, and
examples
Cisco ASR 9000 Series Aggregation Services Router
MPLS Configuration Guide
MPLS VPN configuration information.
Cisco ASR 9000 Series Aggregation Services Router
Interface and Hardware Component Configuration
Guide and Cisco ASR 9000 Series Aggregation
Services Router Interface and Hardware Component
Command Reference
Bidirectional Forwarding Detection (BFD)
Configuring AAA Services on Cisco ASR 9000 Series
Router module of Cisco ASR 9000 Series
Aggregation Services Router System Security
Configuration Guide
Task ID information.
Standards
Standards Title
Authentication for TCP-based Routing and
Management Protocols, by R. Bonica, B. Weis, S.
Viswanathan, A. Lange, O. Wheeler
draft-bonica-tcp-auth-05.txt
A Border Gateway Protocol 4, by Y. Rekhter, T.Li,
S. Hares
draft-ietf-idr-bgp4-26.txt
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 161
Implementing BGP on Cisco ASR 9000 Series Router
Where to Go NextStandards Title
Definitions of Managed Objects for the Fourth
Version of Border Gateway Protocol (BGP-4), by J.
Hass and S. Hares
draft-ietf-idr-bgp4-mib-15.txt
Subcodes for BGP Cease Notification Message, by
Enke Chen, V. Gillet
draft-ietf-idr-cease-subcode-05.txt
Avoid BGP Best Path Transitions from One External
to Another, by Enke Chen, Srihari Sangli
draft-ietf-idr-avoid-transition-00.txt
BGP Support for Four-octet AS Number Space, by
Quaizar Vohra, Enke Chen
draft-ietf-idr-as4bytes-12.txt
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the Cisco
Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
RFCs
RFCs Title
RFC 1700 Assigned Numbers
RFC 1997 BGP Communities Attribute
Protection of BGP Sessions via the TCP MD5
Signature Option
RFC 2385
RFC 2439 BGP Route Flap Damping
Use of BGP-4 Multiprotocol Extensions for IPv6
Inter-Domain Routing
RFC 2545
BGP Route Reflection - An Alternative to Full Mesh
IBGP
RFC 2796
RFC 2858 Multiprotocol Extensions for BGP-4
RFC 2918 Route Refresh Capability for BGP-4
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
162 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Additional ReferencesRFCs Title
RFC 3065 Autonomous System Confederations for BGP
RFC 3392 Capabilities Advertisement with BGP-4
RFC 4271 A Border Gateway Protocol 4 (BGP-4)
RFC 4364 BGP/MPLS IP Virtual Private Networks (VPNs)
RFC 4724 Graceful Restart Mechanism for BGP
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 163
Implementing BGP on Cisco ASR 9000 Series Router
Additional References Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
164 OL-26048-02
Implementing BGP on Cisco ASR 9000 Series Router
Additional ReferencesC H A P T E R 2
Implementing EIGRP on Cisco ASR 9000 Series
Router
The Enhanced Interior Gateway Routing Protocol (EIGRP) is an enhanced version of IGRP developed by
Cisco. This module describes the concepts and tasks you need to implement basic EIGRP configuration
using Cisco IOS XR software. EIGRP uses distance vector routing technology, which specifies that a router
need not know all the router and link relationships for the entire network. Each router advertises destinations
with a corresponding distance and upon receiving routes, adjuststhe distance and propagatesthe information
to neighboring routes.
For EIGRP configuration information related to the following features, see the Related Documents, on page
203 section of this module.
Multiprotocol Label Switching (MPLS) Layer 3 Virtual Private Network (VPN)
Site of Origin (SoO) Support
For more information about EIGRP on the Cisco IOS XR software and complete descriptions of the EIGRP
commandslisted in this module,see the Related Documents, on page 203 section of this module. To locate
documentation for other commands that might appear while executing a configuration task, search online
in the Cisco IOS XR software master command index.
Note
Feature History for Implementing EIGRP on Cisco ASR 9000 Series Router Software
Release Modification
Release 3.7.2 This feature was introduced.
Release 3.9.0 No modification.
Prerequisites for Implementing EIGRP, page 166
Restrictions for Implementing EIGRP , page 166
Information About Implementing EIGRP, page 166
How to Implement EIGRP , page 177
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 165 Configuration Examples for Implementing EIGRP , page 201
Additional References, page 203
Prerequisites for Implementing EIGRP
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment is
preventing you from using a command, contact your AAA administrator for assistance.
Restrictions for Implementing EIGRP
The following restrictions are employed when running EIGRP on this version of Cisco IOS XR software:
Only one instance of an EIGRP process is supported.
Bidirectional Forwarding Detection (BFD) feature and the Simple Network Management Protocol
(SNMP) MIB are not supported.
Interface static routes are not automatically redistributed into EIGRP, because there are no network
commands.
Metric configuration (either through the default-metric command or a route policy) is required for
redistribution of connected and static routes.
Auto summary is disabled by default.
Stub leak maps are not supported.
Information About Implementing EIGRP
To implement EIGRP, you need to understand the following concepts:
EIGRP Functional Overview
Enhanced Interior Gateway Routing Protocol (EIGRP) is an interior gateway protocolsuited for many different
topologies and media. EIGRP scales well and provides extremely quick convergence times with minimal
network traffic.
EIGRP has very low usage of network resources during normal operation. Only hello packets are transmitted
on a stable network. When a change in topology occurs, only the routing table changes are propagated and
not the entire routing table. Propagation reduces the amount of load the routing protocol itself places on the
network. EIGRP also provides rapid convergence times for changes in the network topology.
The distance information in EIGRP isrepresented as a composite of available bandwidth, delay, load utilization,
and link reliability with improved convergence properties and operating efficiency. The fine-tuning of link
characteristics achieves optimal paths.
The convergence technology that EIGRP usesis based on research conducted at SRI International and employs
an algorithm referred to as the Diffusing Update Algorithm (DUAL). This algorithm guarantees loop-free
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
166 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Prerequisites for Implementing EIGRPoperation at every instant throughout a route computation and allows all devicesinvolved in a topology change
to synchronize at the same time. Routers that are not affected by topology changes are not involved in
recomputations. The convergence time with DUAL rivals that of any other existing routing protocol.
EIGRP Features
EIGRP offers the following features:
Fast convergenceThe DUAL algorithm allows routing information to converge as quickly as any
currently available routing protocol.
Partial updatesEIGRP sends incremental updates when the state of a destination changes, instead of
sending the entire contents of the routing table. Thisfeature minimizesthe bandwidth required for EIGRP
packets.
Neighbor discovery mechanismThis is a simple hello mechanism used to learn about neighboring
routers. It is protocol independent.
Variable-length subnet masks (VLSMs).
Arbitrary route summarization.
ScalingEIGRP scales to large networks.
The following key features are supported in the Cisco IOS XR implementation:
Provider Edge (PE)-Customer Edge (CE) protocolsupport with Site of Origin (SoO) and Border Gateway
Protocol (BGP) cost community support.
PECE protocol support for MPLS.
EIGRP Components
EIGRP has the following four basic components:
Neighbor discovery or neighbor recovery
Reliable transport protocol
DUAL finite state machine
Protocol-dependent modules
Neighbor discovery or neighbor recovery is the process that routers use to dynamically learn of other routers
on their directly attached networks. Routers must also discover when their neighbors become unreachable or
inoperative. Neighbor discovery or neighbor recovery is achieved with low overhead by periodically sending
small hello packets. As long as hello packets are received, the Cisco IOS XR software can determine that a
neighbor is alive and functioning. After this status is determined, the neighboring routers can exchange routing
information.
The reliable transport protocol isresponsible for guaranteed, ordered delivery of EIGRP packetsto all neighbors.
It supports intermixed transmission of multicast and unicast packets. Some EIGRP packets must be sent
reliably and others need not be. For efficiency, reliability is provided only when necessary. For example, on
a multiaccess network that has multicast capabilities (such as Ethernet) it is not necessary to send hello packets
reliably to all neighbors individually. Therefore, EIGRP sends a single multicast hello with an indication in
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 167
Implementing EIGRP on Cisco ASR 9000 Series Router
EIGRP Featuresthe packet informing the receivers that the packet need not be acknowledged. Other types of packets (such as
updates) require acknowledgment, which is indicated in the packet. The reliable transport has a provision to
send multicast packets quickly when unacknowledged packets are pending. This provision helps to ensure
that convergence time remains low in the presence of various speed links.
The DUAL finite state machine embodies the decision process for all route computations. It tracks all routes
advertised by all neighbors. DUAL uses the distance information (known as a metric) to select efficient,
loop-free paths. DUAL selectsroutesto be inserted into a routing table based on a calculation of the feasibility
condition. A successor is a neighboring router used for packet forwarding that has a least-cost path to a
destination that is guaranteed not to be part of a routing loop. When there are no feasible successors but there
are neighbors advertising the destination, a recomputation must occur. This is the process whereby a new
successor is determined. The amount of time required to recompute the route affects the convergence time.
Recomputation is processor intensive; it is advantageous to avoid unneeded recomputation. When a topology
change occurs, DUAL testsfor feasible successors. If there are feasible successors, it uses any it findsto avoid
unnecessary recomputation.
The protocol-dependent modules are responsible for network layer protocol-specific tasks. An example is the
EIGRP module, which is responsible for sending and receiving EIGRP packets that are encapsulated in IP.
It is also responsible for parsing EIGRP packets and informing DUAL of the new information received. EIGRP
asks DUAL to make routing decisions, but the results are stored in the IP routing table. EIGRP is also
responsible for redistributing routes learned by other IP routing protocols.
EIGRP Configuration Grouping
Cisco IOS XR software groups all EIGRP configuration under router EIGRP configuration mode, including
interface configuration portions associated with EIGRP. To display EIGRP configuration in its entirety, use
the show running-config router eigrp command. The command output displays the running configuration
for the configured EIGRP instance, including the interface assignments and interface attributes.
EIGRP Configuration Modes
The following examples show how to enter each of the configuration modes. From a mode, you can enter the
? command to display the commands available in that mode.
Router Configuration Mode
The following example shows how to enter router configuration mode:
RP/0/RSP0/CPU0:router# configuration
RP/0/RSP0/CPU0:router(config)# router eigrp 100
RP/0/RSP0/CPU0:router(config-eigrp)#
VRF Configuration Mode
The following example shows how to enter VRF configuration mode:
RP/0/RSP0/CPU0:router# configuration
RP/0/RSP0/CPU0:router(config)# router eigrp 100
RP/0/RSP0/CPU0:router(config-eigrp)# vrf customer1
RP/0/RSP0/CPU0:router(config-eigrp-vrf)#
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
168 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
EIGRP Configuration GroupingIPv4 Address Family Configuration Mode
The following example shows how to enter IPv4 address family configuration mode:
RP/0/RSP0/CPU0:router# configuration
RP/0/RSP0/CPU0:router(config)# router eigrp 100
RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4
RP/0/RSP0/CPU0:router(config-eigrp-af)#
IPv4 VRF Address Family Configuration Mode
The following example shows how to enter IPv4 VRF address family configuration mode:
RP/0/RSP0/CPU0:router# configuration
RP/0/RSP0/CPU0:router(config)# router eigrp 100
RP/0/RSP0/CPU0:router(config-eigrp)# vrf customer1
RP/0/RSP0/CPU0:router(config-eigrp-vrf)# address-family ipv4
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
Interface Configuration Mode
The following example shows how to enter interface configuration mode in IPv4 addressfamily configuration
mode:
RP/0/RSP0/CPU0:router# configuration
RP/0/RSP0/CPU0:router(config)# router eigrp 100
RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4
RP/0/RSP0/CPU0:router(config-eigrp-af)# interface GigabitEthernet 0/3/0/0
RP/0/RSP0/CPU0:router(config-eigrp-af-if)#
EIGRP Interfaces
EIGRP interfaces can be configured as either of the following types:
ActiveAdvertises connected prefixes and forms adjacencies. This is the default type for interfaces.
PassiveAdvertises connected prefixes but does not form adjacencies. The passive command is used
to configure interfaces as passive. Passive interfaces should be used sparingly for important prefixes,
such as loopback addresses, that need to be injected into the EIGRP domain. If many connected prefixes
need to be advertised, then the redistribution of connected routes with the appropriate policy should be
used instead.
Redistribution for an EIGRP Process
Routes from other protocols can be redistributed into EIGRP. A route policy can be configured along with
the redistribute command. A metric is required, configured either through the default-metric command or
under the route policy configured with the redistribute command to import routes into EIGRP.
A route policy allows the filtering of routes based on attributes such as the destination, origination protocol,
route type, route tag, and so on. When redistribution is configured under a VRF, EIGRP retrieves extended
communities attached to the route in the routing information base (RIB). The SoO is used to filter out routing
loops in the presence of MPSL VPN backdoor links.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 169
Implementing EIGRP on Cisco ASR 9000 Series Router
EIGRP InterfacesMetric Weights for EIGRP Routing
EIGRP uses the minimum bandwidth on the path to a destination network and the total delay to compute
routing metrics. You can use the metric weights command to adjust the default behavior of EIGRP routing
and metric computations. For example, this adjustment allows you to tune system behavior to allow forsatellite
transmission. EIGRP metric defaults have been carefully selected to provide optimal performance in most
networks.
By default, the EIGRP composite metric is a 32-bit quantity that is a sum of the segment delays and lowest
segment bandwidth (scaled and inverted) for a given route. For a network of homogeneous media, this metric
reduces to a hop count. For a network of mixed media (FDDI, Ethernet, and serial lines running from 9600
bits per second to T1 rates), the route with the lowest metric reflects the most desirable path to a destination.
Mismatched K Values
Mismatched K values (EIGRP metrics) can prevent neighbor relationships from being established and can
negatively impact network convergence. The following example explains this behavior between two EIGRP
peers (ROUTER-A and ROUTER-B).
The following error message is displayed in the console of ROUTER-B because the K values are mismatched:
RP/0/RSP0/CPU0:Mar 13 08:19:55:eigrp[163]:%ROUTING-EIGRP-5-NBRCHANGE:IP-EIGRP(0) 1:Neighbor
11.0.0.20 (GigabitEthernet0/6/0/0) is down: K-value mismatch
Two scenarios occur in which this error message can be displayed:
The two routers are connected on the same link and configured to establish a neighbor relationship.
However, each router is configured with different K values.
The following configuration is applied to ROUTER-A. The K values are changed with the metric
weights command. A value of 2 is entered for the k1 argument to adjust the bandwidth calculation. The
value of 1 is entered for the k3 argument to adjust the delay calculation.
hostname ROUTER-A!
interface GigabitEthernet0/6/0/0
ipv4 address 10.1.1.1 255.255.255.0
router eigrp 100
metric weights 0 2 0 1 0 0
interface GigabitEthernet0/6/0/0
The following configuration is applied to ROUTER-B. However, the metric weights command is not
applied and the default K values are used. The default K values are 1, 0, 1, 0, and 0.
hostname ROUTER-B!
interface GigabitEthernet0/6/0/1
ipv4 address 10.1.1.2 255.255.255.0
router eigrp 100
interface GigabitEthernet0/6/0/1
The bandwidth calculation is set to 2 on ROUTER-A and set to 1 (by default) on ROUTER-B. This
configuration prevents these peers from forming a neighbor relationship.
The K-value mismatch error message can also be displayed if one of the two peers has transmitted a
goodbye message and the receiving router does not support this message. In this case, the receiving
router interprets this message as a K-value mismatch.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
170 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Metric Weights for EIGRP RoutingGoodbye Message
The goodbye message is a feature designed to improve EIGRP network convergence. The goodbye message
is broadcast when an EIGRP routing process is shut down to inform adjacent peers about the impending
topology change. This feature allows supporting EIGRP peers to synchronize and recalculate neighbor
relationships more efficiently than would occur if the peers discovered the topology change after the hold
timer expired.
The following message is displayed by routers that run a supported release when a goodbye message is
received:
RP/0/RSP0/CPU0:Mar 13 09:13:17:eigrp[163]:%ROUTING-EIGRP-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor
10.0.0.20 (GigabitEthernet0/6/0/0) is down: Interface Goodbye received
A Cisco router that runs a software release that does not support the goodbye message can misinterpret the
message as a K-value mismatch and display the following message:
RP/0/RSP0/CPU0:Mar 13 09:13:17:eigrp[163]:%ROUTING-EIGRP-5-NBRCHANGE: IP-EIGRP(0) 1: Neighbor
10.0.0.20 (GigabitEthernet0/6/0/0) is down: K-value mismatch
The receipt of a goodbye message by a nonsupporting peer does not disrupt normal network operation.
The nonsupporting peer terminates the session when the hold timer expires. The sending and receiving
routers reconverge normally after the sender reloads.
Note
Percentage of Link Bandwidth Used for EIGRP Packets
By default, EIGRP packets consume a maximum of 50 percent of the link bandwidth, as configured with the
bandwidth interface configuration command. You might want to change that value if a different level of link
utilization is required or if the configured bandwidth does not match the actual link bandwidth (it may have
been configured to influence route metric calculations).
Floating Summary Routes for an EIGRP Process
You can also use a floating summary route when configuring the summary-address command. The floating
summary route is created by applying a default route and administrative distance at the interface level. The
following scenario illustrates the behavior of this enhancement.
Figure 9: Floating Summary Route Is Applied to Router-B, on page 172 shows a network with three routers,
Router-A, Router-B, and Router-C. Router-A learns a default route from elsewhere in the network and then
advertises this route to Router-B. Router-B is configured so that only a default summary route is advertised
to Router-C. The defaultsummary route is applied to interface 0/1 on Router-B with the following configuration:
RP/0/RSP0/CPU0:router(config)# router eigrp 100
RP/0/RSP0/CPU0:router(config-eigrp)# address-family ipv4
RP/0/RSP0/CPU0:router(config-eigrp-af)# interface GigabitEthernet 0/3/0/0
RP/0/RSP0/CPU0:router(config-eigrp-af-if)# summary-address 100.0.0.0 0.0.0.0
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 171
Implementing EIGRP on Cisco ASR 9000 Series Router
Percentage of Link Bandwidth Used for EIGRP PacketsFigure 9: Floating Summary Route Is Applied to Router-B
The configuration of the default summary route on Router-B sends a 0.0.0.0/0 summary route to Router-C
and blocks all other routes, including the 10.1.1.0/24 route, from being advertised to Router-C. However, this
configuration also generates a local discard route on Router-B, a route for 0.0.0.0/0 to the null 0 interface with
an administrative distance of 5. When this route is created, it overrides the EIGRP learned default route.
Router-B is no longer able to reach destinations that it would normally reach through the 0.0.0.0.0/0 route.
This problem is resolved by applying a floating summary route to the interface on Router-B that connects to
Router-C. The floating summary route is applied by relating an administrative distance to the default summary
route on the interface of Router-B with the following statement:
RP/0/RSP0/CPU0:router(config-if)# summary-address 100 0.0.0.0 0.0.0.0 250
The administrative distance of 250, applied in the above statement, is now assigned to the discard route
generated on Router-B. The 0.0.0.0/0, from Router-A, is learned through EIGRP and installed in the local
routing table. Routing to Router-C is restored.
If Router-A loses the connection to Router-B, Router-B continues to advertise a default route to Router-C,
which allows traffic to continue to reach destinations attached to Router-B. However, traffic destined for
networks to Router-A or behind Router-A is dropped when the traffic reaches Router-B.
Figure 10: Floating Summary Route Applied for Dual-Homed Remotes, on page 173 shows a network with
two connectionsfrom the core: Router-A and Router-D. Both routers have floating summary routes configured
on the interfaces connected to Router-C. If the connection between Router-E and Router-C fails, the network
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
172 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Floating Summary Routes for an EIGRP Processcontinues to operate normally. All traffic flows from Router-C through Router-B to the hosts attached to
Router-A and Router-D.
Figure 10: Floating Summary Route Applied for Dual-Homed Remotes
However, if the link between Router-D and Router-E fails, the network may dump traffic into a black hole
because Router-E continues to advertise the default route (0.0.0.0/0) to Router-C, as long as at least one link
(other than the link to Router-C) to Router-E is still active. In this scenario, Router-C still forwards traffic to
Router-E, but Router-E drops the traffic creating the black hole. To avoid this problem, you should configure
the summary address with an administrative distance on only single-homed remote routers or areas in which
only one exit point exists between the segments of the network. If two or more exit points exist (from one
segment of the network to another), configuring the floating default route can cause a black hole to form.
Split Horizon for an EIGRP Process
Split horizon controls the sending of EIGRP update and query packets. When split horizon is enabled on an
interface, update and query packets are not sent for destinations for which this interface is the next hop.
Controlling update and query packets in this manner reduces the possibility of routing loops.
By default, split horizon is enabled on all interfaces.
Split horizon blocks route information from being advertised by a router on any interface from which that
information originated. This behavior usually optimizes communications among multiple routing devices,
particularly when links are broken. However, with nonbroadcast networks (such as Frame Relay and SMDS),
situations can arise for which this behavior islessthan ideal. For these situations, including networksin which
you have EIGRP configured, you may want to disable split horizon.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 173
Implementing EIGRP on Cisco ASR 9000 Series Router
Split Horizon for an EIGRP ProcessAdjustment of Hello Interval and Hold Time for an EIGRP Process
You can adjust the interval between hello packets and the hold time.
Routing devices periodically send hello packets to each other to dynamically learn of other routers on their
directly attached networks. This information is used to discover neighbors and learn when neighbors become
unreachable or inoperative. By default, hello packets are sent every 5 seconds.
You can configure the hold time on a specified interface for a particular EIGRP routing process designated
by the autonomous system number. The hold time is advertised in hello packets and indicates to neighbors
the length of time they should consider the sender valid. The default hold time is three times the hello interval,
or 15 seconds.
Stub Routing for an EIGRP Process
The EIGRP Stub Routing feature improves network stability, reduces resource usage, and simplifies stub
router configuration.
Stub routing is commonly used in a hub-and-spoke network topology. In a hub-and-spoke network, one or
more end (stub) networks are connected to a remote router (the spoke) that is connected to one or more
distribution routers (the hub). The remote router is adjacent only to one or more distribution routers. The only
route for IP traffic to follow into the remote router is through a distribution router. This type of configuration
is commonly used in WAN topologies in which the distribution router is directly connected to a WAN. The
distribution router can be connected to many more remote routers. Often, the distribution router is connected
to 100 or more remote routers. In a hub-and-spoke topology, the remote router must forward all nonlocal
traffic to a distribution router, so it becomes unnecessary for the remote router to hold a complete routing
table. Generally, the distribution router need not send anything more than a default route to the remote router.
When using the EIGRP Stub Routing feature, you need to configure the distribution and remote routers to
use EIGRP and configure only the remote router as a stub. Only specified routes are propagated from the
remote (stub) router. The stub router responds to all queries for summaries, connected routes, redistributed
static routes, external routes, and internal routes with the message inaccessible. A router that is configured
as a stub sends a special peer information packet to all neighboring routers to report its status as a stub router.
Any neighbor that receives a packet informing it of the stub status does not query the stub router for any
routes, and a router that has a stub peer does not query that peer. The stub router depends on the distribution
router to send the proper updates to all peers.
This figure shows a simple hub-and-spoke configuration.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
174 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Adjustment of Hello Interval and Hold Time for an EIGRP ProcessFigure 11: Simple Hub-and-Spoke Network
The stub routing feature by itself does not prevent routes from being advertised to the remote router. In the
example in Figure 11: Simple Hub-and-Spoke Network, on page 174 , the remote router can access the
corporate network and the Internet through the distribution router only. Having a full route table on the remote
router, in this example, would serve no functional purpose because the path to the corporate network and the
Internet would always be through the distribution router. The larger route table would only reduce the amount
of memory required by the remote router. Bandwidth and memory can be conserved by summarizing and
filtering routes in the distribution router. The remote router need not receive routes that have been learned
from other networks because the remote router must send all nonlocal traffic, regardless of destination, to the
distribution router. If a true stub network is desired, the distribution router should be configured to send only
a default route to the remote router. The EIGRP Stub Routing feature does not automatically enable
summarization on the distribution router. In most cases, the network administrator needs to configure
summarization on the distribution routers.
Without the stub feature, even after the routes that are sent from the distribution router to the remote router
have been filtered orsummarized, a problem might occur. If a route islostsomewhere in the corporate network,
EIGRP could send a query to the distribution router, which in turn sends a query to the remote router even if
routes are being summarized. If there is a problem communicating over the WAN link between the distribution
router and the remote router, an EIGRP stuck in active (SIA) condition could occur and cause instability
elsewhere in the network. The EIGRP Stub Routing feature allows a network administrator to prevent queries
from being sent to the remote router.
Route Policy Options for an EIGRP Process
Route policies comprise series of statements and expressions that are bracketed with the route-policy and
end-policy keywords. Rather than a collection of individual commands (one for each line), the statements
within a route policy have context relative to each other. Thus, instead of each line being an individual
command, each policy orset is an independent configuration object that can be used, entered, and manipulated
as a unit.
Each line of a policy configuration is a logical subunit. At least one new line must follow the then , else ,
and end-policy keywords. A new line must also follow the closing parenthesis of a parameter list and the
name string in a reference to an AS path set, community set, extended community set, or prefix set (in the
EIGRP context). At least one new line must precede the definition of a route policy or prefix set. A new line
must appear at the end of a logical unit of policy expression and may not appear anywhere else.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 175
Implementing EIGRP on Cisco ASR 9000 Series Router
Route Policy Options for an EIGRP ProcessThis is the command to set the EIGRP metric in a route policy:
RP/0/RSP0/CPU0:router(config-rpl)# set eigrp-metric bandwidth delay reliability loading mtu
This is the command to provide EIGRP offset list functionality in a route policy:
RP/0/RSP0/CPU0:router(config-rpl)# add eigrp-metric bandwidth delay reliability loading mtu
A route policy can be used in EIGRP only if all the statements are applicable to the particular EIGRP attach
point. The following commands accept a route policy:
default-information allowedMatch statements are allowed for destination. No set statements are
allowed.
route-policyMatch statements are allowed for destination, next hop, and tag. Set statements are
allowed for eigrp-metric and tag.
redistributeMatch statements are allowed for destination, next hop,source-protocol, tag and route-type.
Set statements are allowed for eigrp-metric and tag.
The range for setting a tag is 0 to 255 for internal routes and 0 to 4294967295 for external routes.
EIGRP Layer 3 VPN PE-CE Site-of-Origin
The EIGRP MPLS and IP VPN PE-CE Site-of-Origin (SoO) feature introduces the capability to filter
Multiprotocol Label Switching (MPLS) and IP Virtual Private Network (VPN) traffic on a per-site basis for
EIGRP networks. SoO filtering is configured at the interface level and is used to manage MPLS and IP VPN
traffic and to prevent transient routing loops from occurring in complex and mixed network topologies.
Router Interoperation with the Site-of-Origin Extended Community
The configuration of the SoO extended community allows routers that support this feature to identify the site
from which each route originated. When this feature is enabled, the EIGRP routing process on the PE or CE
router checks each received route for the SoO extended community and filters based on the following conditions:
A received route from BGP or a CE router contains a SoO value that matches the SoO value on the
receiving interface:
? If a route is received with an associated SoO value that matches the SoO value that is configured
on the receiving interface, the route is filtered out because it was learned from another PE router
or from a backdoor link. This behavior is designed to prevent routing loops.
A received route from a CE router is configured with a SoO value that does not match:
? If a route is received with an associated SoO value that does not match the SoO value that is
configured on the receiving interface, the route is accepted into the EIGRP topology table so that
it can be redistributed into BGP.
? If the route is already installed in the EIGRP topology table but is associated with a different SoO
value, the SoO value from the topology table is used when the route is redistributed into BGP.
A received route from a CE router does not contain a SoO value:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
176 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
EIGRP Layer 3 VPN PE-CE Site-of-OriginIf a route is received without a SoO value, the route is accepted into the EIGRP topology table,
and the SoO value from the interface that is used to reach the next-hop CE router is appended to
the route before it is redistributed into BGP.
?
When BGP and EIGRP peers that support the SoO extended community receive these routes, they also
receive the associated SoO values and pass them to other BGP and EIGRP peers that support the SoO
extended community. This filtering is designed to prevent transient routes from being relearned from
the originating site, which prevents transient routing loops from occurring.
In conjunction with BGP cost community, EIGRP, BGP, and the RIB ensure that paths over the MPLS
VPN core are preferred over backdoor links.
For MPLS and IP VPN and SoO configuration information, see Implementing MPLS Layer 3 VPNs in
the Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide.
EIGRP v4/v6 Authentication Using Keychain
EIGRP authentication using keychain introduces the capability to authenticate EIGRP protocol packets on a
per-interface basis. The EIGRP routing authentication provides a mechanism to authenticate all EIGRP protocol
traffic on one or more interfaces, based on Message Digest 5 (MD5) authentication.
The EIGRP routing authentication uses the Cisco IOS XR software security keychain infrastructure to store
and retrieve secret keys and to authenticate incoming and outgoing traffic on a per-interface basis.
How to Implement EIGRP
This section contains instructions for the following tasks:
Note To save configuration changes, you must commit changes when the system prompts you.
Enabling EIGRP Routing
This task enables EIGRP routing and establishes an EIGRP routing process.
Before You Begin
Although you can configure EIGRP before you configure an IP address, no EIGRP routing occurs until at
least one IP address is configured.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 177
Implementing EIGRP on Cisco ASR 9000 Series Router
EIGRP v4/v6 Authentication Using KeychainSUMMARY STEPS
1. configure
2. router eigrp as-number
3. address-family { ipv4 }
4. router-id id
5. default-metric bandwidth delay reliability loading mtu
6. distance internal-distance external-distance
7. interface type interface-path-id
8. holdtime seconds
9. bandwidth-percent percent
10. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number of the routing process to
configure an EIGRP routing process.
router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp
100
Step 2
address-family { ipv4 } Enters an address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-eigrp)#
address-family ipv4
Step 3
Step 4 router-id id (Optional) Configures a router-id for an EIGRP process.
Example:
RP/0/RSP0/CPU0:router(config-eigrp)#
router-id 172.20.1.1
It is good practice to use the router-id command to
explicitly specify a unique 32-bit numeric value for the
router ID. This action ensures that EIGRP can function
regardless of the interface address configuration.
Note
default-metric bandwidth delay reliability (Optional) Sets metrics for an EIGRP process.
loading mtu
Step 5
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
178 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Enabling EIGRP RoutingCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
default-metric 1000 100 250 100 1500
(Optional) Allows the use of two administrative distancesinternal
and externalthat could be a better route to a node.
distance internal-distance external-distance
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
distance 80 130
Step 6
interface type interface-path-id Defines the interfaces on which the EIGRP routing protocol runs.
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
interface GigabitEthernet 0/1/0/0
Step 7
Step 8 holdtime seconds (Optional) Configures the hold time for an interface.
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af-if)#
holdtime 30
To ensure nonstop forwarding during RP failovers, as the
number of neighbors increase, a higher holdtime than the
default value is recommended. With 256 neighbors across
all VRFs, we recommend 60 seconds.
Note
(Optional) Configuresthe percentage of bandwidth that may be used
by EIGRP on an interface.
bandwidth-percent percent
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af-if)#
bandwidth-percent 75
Step 9
Step 10 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af-if)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
or returns the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-eigrp-af-if)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 179
Implementing EIGRP on Cisco ASR 9000 Series Router
Enabling EIGRP RoutingCommand or Action Purpose
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Configuring Route Summarization for an EIGRP Process
This task configures route summarization for an EIGRP process.
You can configure a summary aggregate address for a specified interface. If any more specific routes are in
the routing table, EIGRP advertisesthe summary addressfrom the interface with a metric equal to the minimum
of all more specific routes.
Before You Begin
You should not use the summary-addresssummarization command to generate the default route (0.0.0.0)
from an interface. This command creates an EIGRP summary default route to the null 0 interface with an
administrative distance of 5. The low administrative distance of this default route can cause this route to
displace default routes learned from other neighbors from the routing table. If the default route learned
from the neighbors is displaced by the summary default route or the summary route is the only default
route present, all traffic destined for the default route does not leave the router; instead, this traffic is sent
to the null 0 interface, where it is dropped.
The recommended way to send only the default route from a given interface is to use a route-policy
command.
Note
SUMMARY STEPS
1. configure
2. router eigrp as-number
3. address-family { ipv4 }
4. route-policy name out
5. interface type interface-path-id
6. summary-address ip-address { / length | mask } [ admin-distance ]
7. Do one of the following:
end
commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
180 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring Route Summarization for an EIGRP ProcessDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RRP/0/RSP0/CPU0:router# configure
Step 1
Specifies the AS number of the routing process to configure an
EIGRP routing process
router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp
100
Step 2
address-family { ipv4 } Enters an address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-eigrp)#
address-family ipv4
Step 3
Applies a routing policy to updates advertised to or received from
an EIGRP neighbor.
route-policy name out
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
route-policy FILTER_DEFAULT out
Step 4
interface type interface-path-id Defines the interfaces on which the EIGRP routing protocol runs.
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
interface GigabitEthernet 0/1/0/0
Step 5
Configures a summary aggregate addressfor the specified EIGRP
interface.
summary-address ip-address { / length | mask }
[ admin-distance ]
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af-if)#
summary-address 192.168.0.0/16 95
Step 6
Step 7 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af-if)#
end
exiting(yes/no/cancel)?[cancel]:
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 181
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring Route Summarization for an EIGRP ProcessCommand or Action Purpose
or
RP/0/RSP0/CPU0:router(config-eigrp-af-if)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Redistributing Routes for EIGRP
This task explains how to redistribute routes, apply limits on the number of routes, and set timers for nonstop
forwarding.
SUMMARY STEPS
1. configure
2. router eigrp as-number
3. address-family { ipv4 }
4. redistribute {{ bgp | connected | isis | ospf | rip | static } [ as-number ]} [ route-policy name
]
5. redistribute maximum-prefix maximum [ threshold ] [[ dampened ] [ reset-time minutes ] [ restart
minutes ] [ restart-count number ] | [ warning-only ]]
6. timers nsf route-hold seconds
7. maximum paths maximum
8. maximum-prefix maximum [ threshold ] [[ dampened ] [ reset-time minutes ] [ restart minutes ]
[ restart-count number ] | [ warning-only]]
9. Do one of the following:
end
commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
182 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Redistributing Routes for EIGRPDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the AS number of the routing process to configure
an EIGRP routing process.
router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp 100
Step 2
address-family { ipv4 } Enters an address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-eigrp)#
address-family ipv4
Step 3
Redistributes the routes from the specified protocol and AS
number to the EIGRP process. Optionally, the redistributed
redistribute {{ bgp | connected | isis | ospf | rip
| static } [ as-number ]} [ route-policy name ]
Step 4
routes can be filtered into the EIGRP process by providing the
route policy.
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
redistribute bgp 100
Limits the maximum number of prefixes that are redistributed
to the EIGRP process.
redistribute maximum-prefix maximum [ threshold
] [[ dampened ] [ reset-time minutes ] [ restart
minutes ] [ restart-count number ] | [ warning-only
]]
Step 5
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
redistribute maximum-prefix 5000 95 warning-only
Sets the timer that determines how long an NSF-aware EIGRP
router holds routes for an inactive peer.
timers nsf route-hold seconds
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)# timers
nsf route-hold 120
Step 6
Controls the maximum number of parallel routes that the
EIGRP can support.
maximum paths maximum
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)# maximum
paths 10
Step 7
Limits the number of prefixes that are accepted under an
address family by EIGRP.
maximum-prefix maximum [ threshold ] [[ dampened
] [ reset-time minutes ] [ restart minutes ] [
restart-count number ] | [ warning-only]]
Step 8
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 183
Implementing EIGRP on Cisco ASR 9000 Series Router
Redistributing Routes for EIGRPCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
maximum-prefix 50000
Step 9 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-eigrp-af)# commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Creating a Route Policy and Attaching It to an EIGRP Process
This task defines a route policy and shows how to attach it to an EIGRP process.
A route policy definition consists of the route-policy command and name argument followed by a sequence
of optional policy statements, and then closed with the end-policy command.
A route policy is not useful until it is applied to routes of a routing protocol.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
184 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Creating a Route Policy and Attaching It to an EIGRP ProcessSUMMARY STEPS
1. configure
2. route-policy name
3. set eigrp-metric bandwidth delay reliability load mtu
4. end-policy
5. Do one of the following:
end
commit
6. configure
7. router eigrp as-number
8. address-family { ipv4 }
9. route-policy route-policy-name { in | out }
10. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
route-policy name Defines a route policy and enters route-policy configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)#
route-policy IN-IPv4
Step 2
set eigrp-metric bandwidth delay reliability (Optional) Sets the EIGRP metric attribute.
load mtu
Step 3
Example:
RP/0/RSP0/CPU0:router(config-rpl)# set
eigrp metric 42 100 200 100 1200
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 185
Implementing EIGRP on Cisco ASR 9000 Series Router
Creating a Route Policy and Attaching It to an EIGRP ProcessCommand or Action Purpose
Endsthe definition of a route policy and exitsroute-policy configuration
mode.
end-policy
Example:
RP/0/RSP0/CPU0:router(config-rpl)#
end-policy
Step 4
Step 5 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-rpl)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-rpl)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router
Step 6
Specifies the autonomous system number of the routing process to
configure an EIGRP routing process.
router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router
eigrp 100
Step 7
address-family { ipv4 } Enters an address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-eigrp)#
address-family ipv4
Step 8
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
186 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Creating a Route Policy and Attaching It to an EIGRP ProcessCommand or Action Purpose
Applies a routing policy to updates advertised to or received from an
EIGRP neighbor.
route-policy route-policy-name { in | out }
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
route-policy IN-IPv4 in
Step 9
Step 10 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
or the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-eigrp-af)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring Stub Routing for an EIGRP Process
This task configures the distribution and remote routers to use an EIGRP process for stub routing.
Before You Begin
EIGRP stub routing should be used only on remote routers. A stub router is defined as a router connected
to the network core or distribution layer through which core transit traffic should not flow. A stub router
should not have any EIGRP neighbors other than distribution routers. Ignoring this restriction causes
undesirable behavior.
Note
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 187
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring Stub Routing for an EIGRP ProcessSUMMARY STEPS
1. configure
2. router eigrp as-number
3. address-family { ipv4 }
4. stub [ receive-only | {[ connected ] [ redistributed ] [ static ] [ summary ]}]
5. Do one of the following:
end
commit
6. show eigrp [ ipv4 ] [ vrf { vrf-name | all }] neighbors [ as-number ] [ detail ] [ type interface-path-id
| static ]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RRP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number of the routing process to
configure an EIGRP routing process.
router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp
100
Step 2
address-family { ipv4 } Enters an address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-eigrp)#
address-family ipv4
Step 3
stub [ receive-only | {[ connected ] [ Configures a router as a stub for EIGRP.
redistributed ] [ static ] [ summary ]}]
Step 4
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)# stub
receive-only
Step 5 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
188 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring Stub Routing for an EIGRP ProcessCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-eigrp-af)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Verifies that a remote router has been configured as a stub router
with EIGRP.
show eigrp [ ipv4 ] [ vrf { vrf-name | all }]
neighbors [ as-number ] [ detail ] [ type
interface-path-id | static ]
Step 6
The last line of the output shows the stub status of the remote or
spoke router.
Example:
RP/0/RSP0/CPU0:router# show eigrp neighbors
detail
Configuring EIGRP as a PE-CE Protocol
Perform thistask to configure EIGRP on the provider edge (PE) and establish provider edge-to-customer edge
(PE-CE) communication using EIGRP.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 189
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring EIGRP as a PE-CE ProtocolSUMMARY STEPS
1. configure
2. router eigrp as-number
3. vrf vrf-name
4. address-family { ipv4 }
5. router-id router-id
6. autonomous-system as-number
7. redistribute {{ bgp | connected | isis | ospf | ospfv3 | rip | static } [ as-number | instance-name
]} [ route-policy name ]
8. interface type interface-path-id
9. site-of-origin { as-number:number | ip-address : number }
10. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number of the routing
process to configure an EIGRP routing process
router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp 100
Step 2
vrf vrf-name Configures a VPN routing and forwarding (VRF) instance.
Example:
RP/0/RSP0/CPU0:router(config-eigrp)# vrf vrf_A
Step 3
address-family { ipv4 } Enters a VRF address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf)#
address-family ipv4
Step 4
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
190 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring EIGRP as a PE-CE ProtocolCommand or Action Purpose
router-id router-id Configures a router ID for the EIGRP process.
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
router-id 33
Step 5
Configures an EIGRP routing process to run within the
VRF instance.
autonomous-system as-number
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
autonomous-system 2
Step 6
You must configure the autonomoussystem under
VRF configuration to bring-up the VRF interface.
Note
redistribute {{ bgp | connected | isis | ospf | ospfv3 Injects routes from one routing domain into EIGRP.
| rip | static } [ as-number | instance-name ]} [
route-policy name ]
Step 7
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
redistribute bgp 100
Configures the interface on which EIGRP the routing
protocol runs.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
interface gigabitEthernet 0/1/5/0
Step 8
Configuresthe site-of-origin (SoO) filtering on the EIGRP
interface.
site-of-origin { as-number:number | ip-address : number
}
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#
site-of-origin 3:4
Step 9
Step 10 Do one of the following: Saves configuration changes.
end When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)# end
before exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#
commit
? Entering yes saves configuration changes to the
running configuration file, exits the
configuration session, and returns the router to
EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 191
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring EIGRP as a PE-CE ProtocolCommand or Action Purpose
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Redistributing BGP Routes into EIGRP
Perform this task to redistribute BGP routes into EIGRP.
Typically, EIGRP routes are redistributed into BGP with extended community information appended to the
route. BGP carries the route over the VPN backbone with the EIGRP-specific information encoded in the
BGP extended community attributes. After the peering customer site receives the route, EIGRP redistributes
the BGP route then extractsthe BGP extended community information and reconstructsthe route asit appeared
in the original customer site.
When redistributing BGP routes into EIGRP, the receiving provider edge (PE) EIGRP router looks for BGP
extended community information. If the information is received, it is used to recreate the original EIGRP
route. If the information is missing, EIGRP uses the configured default metric value.
If the metric values are not derived from the BGP extended community and a default metric is not configured,
the route is not advertised to the customer edge (CE) router by the PE EIGRP. When BGP is redistributed
into BGP, metrics may not be added to the BGP prefix as extended communities; for example, if EIGRP is
not running on the other router. In this case, EIGRP is redistributed into BGP with a no-metrics option.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
192 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Redistributing BGP Routes into EIGRPSUMMARY STEPS
1. configure
2. router eigrp as-number
3. vrf vrf-name
4. address-family { ipv4 }
5. redistribute {{ bgp | connected | isis | ospf | ospfv3 | rip | static } [ as-number | instance-name
]} [ route-policy name ]
6. route-policy route-policy-name { in | out }
7. default-metric bandwidth delay reliability loading mtu
8. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number of the routing
process to configure an EIGRP routing process.
router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp 100
Step 2
vrf vrf-name Configures a VRF instance.
Example:
RP/0/RSP0/CPU0:router(config-eigrp)# router
eigrp 100
Step 3
address-family { ipv4 } Enters a VRF address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf)#
address-family ipv4
Step 4
redistribute {{ bgp | connected | isis | ospf | Injects routes from one routing domain into EIGRP.
ospfv3 | rip | static } [ as-number | instance-name
]} [ route-policy name ]
Step 5
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 193
Implementing EIGRP on Cisco ASR 9000 Series Router
Redistributing BGP Routes into EIGRPCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
redistribute bgp 100
Applies a routing policy to updates advertised to or received
from an EIGRP neighbor.
route-policy route-policy-name { in | out }
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
route-policy policy_A in
Step 6
default-metric bandwidth delay reliability loading mtu Configures metrics for EIGRP.
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
default-metric 1000 100 250 100 1500
Step 7
Step 8 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Monitoring EIGRP Routing
The commands in this section are used to log neighbor adjacency changes, monitor the stability of the routing
system, and help detect problems.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
194 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Monitoring EIGRP RoutingSUMMARY STEPS
1. configure
2. router eigrp as-number
3. address-family [ ipv4 ]
4. log-neighbor-changes
5. log-neighbor-warnings
6. Do one of the following:
end
commit
7. clear eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] neighbors [ ip-address | type interface-path-id
]
8. clear eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] topology [ prefix mask ] [ prefix / length ]
9. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] accounting
10. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] interfaces [ type interface-path-id ] [ detail ]
11. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] neighbors [ detail ] [ type interface-path-id |
static ]
12. show protocols eigrp [ vrf vrf-name ]
13. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] topology [ ip-address mask ] [ active | all-links
| detail-links | pending | summary | zero-successors ]
14. show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] traffic
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number of the routing
process to configure an EIGRP routing process.
router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp 100
Step 2
address-family [ ipv4 ] Enters an address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-eigrp)# address-family
ipv4
Step 3
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 195
Implementing EIGRP on Cisco ASR 9000 Series Router
Monitoring EIGRP RoutingCommand or Action Purpose
Enables the logging of changes in EIGRP neighbor
adjacencies.
log-neighbor-changes
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
log-neighbor-changes
Step 4
Enables the logging of EIGRP neighbor warning
messages.
log-neighbor-warnings
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
log-neighbor-warnings
Step 5
Step 6 Do one of the following: Saves configuration changes.
end When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)# end
? Entering yes saves configuration changes to
the running configuration file, exits the
or
RP/0/RSP0/CPU0:router(config-eigrp-af)# commit
configuration session, and returns the router
to EXEC mode.
? Entering no exits the configuration session
and returnsthe router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the
current configuration session without exiting
or committing the configuration changes.
Use the commit command to save the configuration
changesto the running configuration file and remain
within the configuration session.
Deletes EIGRP and VPN neighbor entries from the
appropriate table.
clear eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ]
neighbors [ ip-address | type interface-path-id ]
Example:
RP/0/RSP0/CPU0:routerr# clear eigrp 20 neighbors
GigabitEthernet 0/1/0/0
Step 7
Deletes EIGRP and VRF topology entries from the
appropriate tab.
clear eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ]
topology [ prefix mask ] [ prefix / length ]
Example:
RP/0/RSP0/CPU0:router# clear eigrp topology
Step 8
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
196 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Monitoring EIGRP RoutingCommand or Action Purpose
Displays prefix accounting information for EIGRP
processes.
show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ]
accounting
Example:
RP/0/RSP0/CPU0:router# show eigrp vrf all accounting
Step 9
Displays information about interfaces configured for
EIGRP.
show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ]
interfaces [ type interface-path-id ] [ detail ]
Example:
RP/0/RSP0/CPU0:router# show eigrp interfaces detail
Step 10
show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] Displays the neighbors discovered by EIGRP.
neighbors [ detail ] [ type interface-path-id | static ]
Step 11
Example:
RP/0/RSP0/CPU0:router# show eigrp neighbors 20
detail static
Displays information about the EIGRP process
configuration.
show protocols eigrp [ vrf vrf-name ]
Example:
RP/0/RSP0/CPU0:router# show protocols eigrp
Step 12
show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] Displays entries in the EIGRP topology table.
topology [ ip-address mask ] [ active | all-links |
detail-links | pending | summary | zero-successors ]
Step 13
Example:
RP/0/RSP0/CPU0:router# show eigrp topology 10.0.0.1
253.254.255.255 summary
show eigrp [ as-number ] [ vrf { vrf | all }] [ ipv4 ] Displaysthe number of EIGRP packetssent and received.
traffic
Step 14
Example:
RP/0/RSP0/CPU0:router# show eigrp traffic
Configuring an EIGRP Authentication Keychain
Perform the following tasks to configure an authentication keychain on EIGRP interfaces.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 197
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring an EIGRP Authentication KeychainConfiguring an Authentication Keychain for an IPv4/IPv6 Interface on a Default VRF
Perform this task to configure an authentication keychain for an IPv4/IPv6 interface on a default VRF.
SUMMARY STEPS
1. configure
2. router eigrp as-number
3. address-family { ipv4 | ipv6 }
4. interface type interface-path-id
5. authentication keychain keychain-name
6. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number of the routing
process to configure an EIGRP routing process.
router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp 100
Step 2
address-family { ipv4 | ipv6 } Enters a VRF address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-eigrp)# address-family
ipv4
Step 3
Configures the interface on which EIGRP the routing
protocol runs.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af)#
Step 4
interface gigabitEthernet 0/1/5/0
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
198 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring an EIGRP Authentication KeychainCommand or Action Purpose
Authenticates all EIGRP protocol traffic on the interface,
based on the MD5 algorithm.
authentication keychain keychain-name
Example:
RP/0/RSP0/CPU0:router(config-eigrp-af-if)#
authentication keychain
Step 5
Step 6 Do one of the following: Saves configuration changes.
end When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#end
? Entering yes saves configuration changes to
the running configuration file, exits the
or
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#commit
configuration session, and returns the router to
EXEC mode.
? Entering no exitsthe configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changesto the running configuration file and remain
within the configuration session.
Configuring an Authentication Keychain for an IPv4/IPv6 Interface on a Nondefault VRF
Perform this task to configure an authentication keychain for an IPv4/IPv6 interface on a nondefault VRF.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 199
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring an EIGRP Authentication KeychainSUMMARY STEPS
1. configure
2. router eigrp as-number
3. vrf vrf-name
4. address-family { ipv4 | ipv6 }
5. interface type interface-path-id
6. authentication keychain keychain-name
7. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Specifies the autonomous system number of the routing
process to configure an EIGRP routing process.
router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp 100
Step 2
Creates a VRF instance and enters VRF configuration
mode.
vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-eigrp)# vrf vrf1
Step 3
address-family { ipv4 | ipv6 } Enters a VRF address family configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf)#
address-family ipv4
Step 4
interface type interface-path-id Configures the interface on which EIGRP runs.
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
Step 5
interface gigabitEthernet 0/1/5/0
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
200 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring an EIGRP Authentication KeychainCommand or Action Purpose
Authenticates all EIGRP protocol traffic on the interface,
based on the MD5 algorithm.
authentication keychain keychain-name
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#
authentication keychain
Step 6
Step 7 Do one of the following: Saves configuration changes.
end When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#end
? Entering yes saves configuration changes to
the running configuration file, exits the
or
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#commit
configuration session, and returns the router
to EXEC mode.
? Entering no exitsthe configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leavesthe router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changesto the running configuration file and remain
within the configuration session.
Configuration Examples for Implementing EIGRP
This section provides the following configuration examples:
Configuring a Basic EIGRP Configuration: Example
The following example shows how to configure EIGRP with a policy that filters incoming routes. This is a
typical configuration for a router that has just one neighbor, but advertises other connected subnets.
router eigrp 144
address-family ipv4
metric maximum-hops 20
router-id 10.10.9.4
route-policy GLOBAL_FILTER_POLICY in
log-neighbor-changes
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 201
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuration Examples for Implementing EIGRPlog-neighbor-warnings
interface Loopback0
!
interface GigabitEthernet 0/2/0/0
passive-interface
!
interface GigabitEthernet 0/6/0/0
hello-interval 8
hold-time 30
summary-address 10.0.0.0 255.255.0.0
!
Configuring an EIGRP Stub Operation: Example
The following example shows how to configure an EIGRP stub. Stub operation allows only connected, static,
and summary routes to be advertised to neighbors.
router eigrp 200
address-family ipv4
stub connected static summary
router-id 172.16.82.22
log-neighbor-changes
log-neighbor-warnings
redistribute connected route-policy CONN_POLICY
interface GigabitEthernet0/6/0/0
passive-interface
neighbor 10.0.0.31
!
interface GigabitEthernet0/6/0/1
passive-interface
neighbor 10.0.1.21
!
!
!
Configuring an EIGRP PE-CE Configuration with Prefix-Limits: Example
The following example shows how to configure EIGRP to operate as a PE-CE protocol on a PE router. The
configuration is under VRF CUSTOMER_1. A maximum prefix is typically configured to ensure that one
set of customer routes do not overwhelm the EIGRP process.
router eigrp 500
vrf CUSTOMER_1
address-family ipv4
timers nsf route-hold 300
router-id 172.16.6.11
maximum-prefix 450 70
default-metric 200000 10000 195 10 1500
log-neighbor-changes
log-neighbor-warnings
redistribute maximum-prefix 350 70
redistribute bgp 1.65500 route-policy SITE_1_POLICY
interface GigabitEthernet 0/4/0/5
neighbor 10.22.1.1
!
!
!
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
202 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring an EIGRP Stub Operation: ExampleConfiguring an EIGRP Authentication Keychain: Example
The following example shows how to configure an authentication keychain for an IPv4 interface on a nondefault
VRF:
RP/0/RSP0/CPU0:router(config)#router eigrp 100
RP/0/RSP0/CPU0:router(config-eigrp)#vrf vrf1
RP/0/RSP0/CPU0:router(config-eigrp-vrf)#address-family ipv4
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#interface POS 0/1/0/0
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#authentication keychain key1
The following example shows how to configure an authentication keychain for an IPv6 interface on a default
VRF:
RP/0/RSP0/CPU0:router(config)#router eigrp 100
RP/0/RSP0/CPU0:router(config-eigrp)#address-family ipv6
RP/0/RSP0/CPU0:router(config-eigrp-af)#interface POS 0/1/0/0
RP/0/RSP0/CPU0:router(config-eigrp-af-if)#authentication keychain key2
Additional References
The following sections provide references related to implementing EIGRP.
Related Documents
Related Topic Document Title
Cisco ASR 9000 Series Aggregation Services Router
Routing Command Reference
EIGRP commands: complete command syntax,
command modes, command history, defaults, usage
guidelines, and examples
Implementing MPLS Layer 3 VPNs module and
Implementing MPLS Layer 2 VPNs module in
Cisco ASR 9000 Series Aggregation Services Router
MPLS Configuration Guide
MPLS VPN support for EIGRP feature information
Implementing MPLS Traffic Engineering on Cisco
ASR 9000 Series Router module in Cisco ASR 9000
Series Aggregation Services Router MPLS
Configuration Guide
Site of Origin (SoO) support for EIGRP feature
information
Cisco ASR 9000 Series Aggregation Services Router
MIB Specification Guide.
MIB Reference
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 203
Implementing EIGRP on Cisco ASR 9000 Series Router
Configuring an EIGRP Authentication Keychain: ExampleStandards
Standards Title
No new or modified standards are supported by this
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the Cisco
Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
RFCs
RFCs Title
No new or modified RFCs are supported by this
feature, and support for existing standards has not
been modified by this feature.
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
204 OL-26048-02
Implementing EIGRP on Cisco ASR 9000 Series Router
Additional ReferencesC H A P T E R 3
Implementing IS-IS on Cisco ASR 9000 Series
Router
Integrated Intermediate System-to-Intermediate System (IS-IS), Internet Protocol Version 4 (IPv4), is a
standards-based Interior Gateway Protocol (IGP). Cisco IOS XR software implements the IP routing
capabilities described in International Organization for Standardization (ISO)/International Engineering
Consortium (IEC) 10589 and RFC 1995, and adds the standard extensions for single topology and
multitopology IS-IS for IP Version 6 (IPv6).
This module describes how to implement IS-IS (IPv4 and IPv6) on your Cisco IOS XR network.
This module describes how to implement IS-IS (IPv4 and IPv6) on Cisco ASR 9000 Series Aggregation
Services Routers.
For more information about IS-IS on Cisco IOS XR software and complete descriptions of the IS-IS
commands listed in this module, refer to the Related Documents, on page 269 section of this module. To
locate documentation for other commands that might appear while executing a configuration task, search
online in the Cisco ASR 9000 Series Aggregation Services Router Commands Master List.
Note
Feature History for Implementing IS-IS
Release Modification
Release 3.7.2 This feature was introduced.
Release 3.9.0 Support for IPv6 and was added.
Support was added for the following features:
IP Fast Re-route Per Prefix Computation.
IP Fast Re-route Per Link Computation.
Release 4.0.1
Prerequisites for Implementing IS-IS, page 206
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 205 Restrictions for Implementing IS-IS, page 206
Information About Implementing IS-IS , page 206
How to Implement IS-IS, page 217
Configuration Examples for Implementing IS-IS , page 266
Where to Go Next, page 269
Additional References, page 269
Prerequisites for Implementing IS-IS
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment is
preventing you from using a command, contact your AAA administrator for assistance.
Restrictions for Implementing IS-IS
When multiple instances of IS-IS are being run, an interface can be associated with only one instance (process).
Instances may not share an interface.
Information About Implementing IS-IS
To implement IS-IS you need to understand the following concepts:
IS-IS Functional Overview
Small IS-IS networks are typically built as a single area that includes all routers in the network. As the network
grows larger, it may be reorganized into a backbone area made up of the connected set of all Level 2 routers
from all areas, which is in turn connected to local areas. Within a local area, routers know how to reach all
system IDs. Between areas, routers know how to reach the backbone, and the backbone routers know how to
reach other areas.
The IS-IS routing protocolsupportsthe configuration of backbone Level 2 and Level 1 areas and the necessary
support for moving routing information between the areas. Routers establish Level 1 adjacencies to perform
routing within a local area (intra-area routing). Routers establish Level 2 adjacencies to perform routing
between Level 1 areas (interarea routing).
For Cisco IOS XR software software, each IS-IS instance can support either a single Level 1 or Level 2 area,
or one of each. By default, all IS-IS instances automatically support Level 1 and Level 2 routing. You can
change the level of routing to be performed by a particular routing instance using the is-type command.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
206 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Prerequisites for Implementing IS-ISKey Features Supported in the Cisco IOS XR IS-IS Implementation
The Cisco IOS XR implementation of IS-IS conforms to the IS-IS Version 2 specifications detailed in RFC
1195 and the IPv6 IS-IS functionality based on the Internet Engineering Task Force (IETF) IS-IS Working
Group draft-ietf-isis-ipv6.txt document.
The following list outlines key features supported in the Cisco IOS XR implementation:
Single topology IPv6
Multitopology
Nonstop forwarding (NSF), both Cisco proprietary and IETF
Three-way handshake
Mesh groups
Multiple IS-IS instances
Configuration of a broadcast medium connecting two networking devices as a point-to-point link
Fast-flooding with different threads handling flooding and shortest path first (SPF).
For information on IS-IS support for Bidirectional Forwarding Detection (BFD), see Cisco ASR 9000
Series Aggregation Services Router Interface and Hardware Component Configuration Guide and
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Command
Reference.
Note
IS-IS Configuration Grouping
Cisco IOS XR groups all of the IS-IS configuration in router IS-IS configuration mode, including the portion
of the interface configurations associated with IS-IS. To display the IS-IS configuration in its entirety, use
the show running router isis command. The command output displays the running configuration for all
configured IS-IS instances, including the interface assignments and interface attributes.
IS-IS Configuration Modes
The following sections show how to enter each of the configuration modes. From a mode, you can enter the
? command to display the commands available in that mode.
Router Configuration Mode
The following example shows how to enter router configuration mode:
RP/0/RSP0/CPU0:router# configuration
RP/0/RSP0/CPU0:router(config)# router isis isp
RP/0/RSP0/CPU0:router(config-isis)#
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 207
Implementing IS-IS on Cisco ASR 9000 Series Router
Key Features Supported in the Cisco IOS XR IS-IS ImplementationRouter Address Family Configuration Mode
The following example shows how to enter router address family configuration mode:
RP/0/RSP0/CPU0:router(config)# router isis isp
RP/0/RSP0/CPU0:router(config-isis)# address-family
ipv4 u
nicast
RP/0/RSP0/CPU0:router(config-isis-af)#
Interface Configuration Mode
The following example shows how to enter interface configuration mode:
RP/0/RSP0/CPU0:router(config)# router isis isp
RP/0/RSP0/CPU0:router(config-isis)# interface GigabitEthernet 0
/3/0/0
RP/0/RSP0/CPU0:router(config-isis-if)#
Interface Address Family Configuration Mode
The following example shows how to enter interface address family configuration mode:
RP/0/RSP0/CPU0:router(config)# router isis isp
RP/0/RSP0/CPU0:router(config-isis)# interface
GigabitEthernet 0 /3/0/0
RP/0/RSP0/CPU0:router(config-isis-if)# address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-isis-if-af)#
IS-IS Interfaces
IS-IS interfaces can be configured as one of the following types:
Activeadvertises connected prefixes and forms adjacencies. This is the default for interfaces.
Passiveadvertises connected prefixes but does not form adjacencies. The passive command is used
to configure interfaces as passive. Passive interfaces should be used sparingly for important prefixes
such as loopback addresses that need to be injected into the IS-IS domain. If many connected prefixes
need to be advertised then the redistribution of connected routes with the appropriate policy should be
used instead.
Suppresseddoes not advertise connected prefixes but forms adjacencies. The suppress command is
used to configure interfaces as suppressed.
Shutdowndoes not advertise connected prefixes and does not form adjacencies. The shutdown
command is used to disable interfaces without removing the IS-IS configuration.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
208 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
IS-IS InterfacesMultitopology Configuration
Cisco IOS XR software supports multitopology for IPv6 IS-IS unless single topology is explicitly configured
in IPv6 address-family configuration mode.
IS-IS supports IP routing and not Open Systems Interconnection (OSI) Connectionless Network Service
(CLNS) routing.
Note
IPv6 Routing and Configuring IPv6 Addressing
By default, IPv6 routing is disabled in the Cisco IOS XR software. To enable IPv6 routing, you must assign
IPv6 addresses to individual interfaces in the router using the ipv6 enable or ipv6 address command. See
the Network Stack IPv4 and IPv6 Commands on Cisco ASR 9000 Series Router module of Cisco ASR 9000
Series Aggregation Services Router IP Addresses and Services Command Reference.
Limit LSP Flooding
Limiting link-state packets (LSP) may be desirable in certain meshy network topologies. An example of
such a network might be a highly redundant one such as a fully meshed set of point-to-point links over a
nonbroadcast multiaccess(NBMA) transport. In such networks, full LSP flooding can limit network scalability.
One way to restrict the size of the flooding domain is to introduce hierarchy by using multiple Level 1 areas
and a Level 2 area. However, two other techniques can be used instead of or with hierarchy: Block flooding
on specific interfaces and configure mesh groups.
Both techniques operate by restricting the flooding of LSPs in some fashion. A direct consequence is that
although scalability of the network isimproved, the reliability of the network (in the face of failures) isreduced
because a series of failures may prevent LSPs from being flooded throughout the network, even though links
exist that would allow flooding if blocking or mesh groups had not restricted their use. In such a case, the
link-state databases of different routers in the network may no longer be synchronized. Consequences such
as persistent forwarding loops can ensue. For this reason, we recommend that blocking or mesh groups be
used only if specifically required, and then only after careful network design.
Flood Blocking on Specific Interfaces
With this technique, certain interfaces are blocked from being used for flooding LSPs, but the remaining
interfaces operate normally for flooding. This technique is simple to understand and configure, but may be
more difficult to maintain and more error prone than mesh groups in the long run. The flooding topology that
IS-IS usesisfine-tuned rather than restricted. Restricting the topology too much (blocking too many interfaces)
makes the network unreliable in the face of failures. Restricting the topology too little (blocking too few
interfaces) may fail to achieve the desired scalability.
To improve the robustness of the network in the event that all nonblocked interfaces drop, use the csnp-interval
command in interface configuration mode to force periodic complete sequence number PDUs(CSNPs) packets
to be used on blocked point-to-point links. The use of periodic CSNPs enables the network to become
synchronized.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 209
Implementing IS-IS on Cisco ASR 9000 Series Router
Multitopology ConfigurationMesh Group Configuration
Configuring mesh groups (a set of interfaces on a router) can help to limit flooding. All routers reachable over
the interfaces in a particular mesh group are assumed to be densely connected with each router having at least
one link to every other router. Many links can fail without isolating one or more routers from the network.
In normal flooding, a new LSP is received on an interface and is flooded out over all other interfaces on the
router. With mesh groups, when a new LSP is received over an interface that is part of a mesh group, the new
LSP is not flooded over the other interfaces that are part of that mesh group.
Maximum LSP Lifetime and Refresh Interval
By default, the routersends a periodic LSP refresh every 15 minutes. LSPsremain in a database for 20 minutes
by default. If they are not refreshed by that time, they are deleted. You can change the LSP refresh interval
or maximum LSP lifetime. The LSP interval should be less than the LSP lifetime or else LSPs time out before
they are refreshed. In the absence of a configured refresh interval, the software adjuststhe LSP refresh interval,
if necessary, to prevent the LSPs from timing out.
Single-Topology IPv6 Support
Single-topology IPv6 support on Cisco IOS XR software software allows IS-IS for IPv6 to be configured on
interfaces along with an IPv4 network protocol. All interfaces must be configured with the identical set of
network protocols, and all routers in the IS-IS area (for Level 1 routing) or the domain (for Level 2 routing)
must support the identical set of network layer protocols on all interfaces.
In single-topology mode, IPv6 topologies work with both narrow and wide metric styles in IPv4 unicast
topology. During single-topology operation, one shortest path first (SPF) computation for each level is used
to compute both IPv4 and IPv6 routes. Using a single SPF is possible because both IPv4 IS-IS and IPv6 IS-IS
routing protocols share a common link topology.
Multitopology IPv6 Support
Multitopology IPv6 support on Cisco IOS XR software for IS-IS assumes that multitopology support is
required as soon as it detects interfaces configured for both IPv6 and IPv4 within the IS-IS stanza.
Because multitopology is the default behavior in the software, you must explicitly configure IPv6 to use the
same topology asIPv4 to enable single-topology IPv6. Configure the single-topology command in IPv6 router
address family configuration submode of the IS-IS router stanza.
IS-IS Authentication
Authentication is available to limit the establishment of adjacencies by using the hello-password command,
and to limit the exchange of LSPs by using the lsp-password command.
IS-IS supports plain-text authentication, which does not provide security against unauthorized users. Plain-text
authentication allows you to configure a password to prevent unauthorized networking devices from forming
adjacencies with the router. The password is exchanged as plain text and is potentially visible to an agent able
to view the IS-IS packets.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
210 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Maximum LSP Lifetime and Refresh IntervalWhen an HMAC-MD5 password is configured, the password is never sent over the network and is instead
used to calculate a cryptographic checksum to ensure the integrity of the exchanged data.
IS-IS stores a configured password using simple encryption. However, the plain-text form of the password is
used in LSPs, sequence number protocols (SNPs), and hello packets, which would be visible to a process that
can view IS-IS packets. The passwords can be entered in plain text (clear) or encrypted form.
To set the domain password, configure the lsp-password command for Level 2; to set the area password,
configure the lsp-password command for Level 1.
The keychain feature allows IS-IS to reference configured keychains. IS-IS key chains enable hello and LSP
keychain authentication. Keychains can be configured at the router level (in the case of the lsp-password
command) and at the interface level (in the case of the hello-password command) within IS-IS. These
commands reference the global keychain configuration and instruct the IS-IS protocol to obtain security
parameters from the global set of configured keychains.
IS-IS is able to use the keychain to implement hitless key rollover for authentication. ey rollover specification
is time based, and in the event of clock skew between the peers, the rollover process is impacted. The
configurable tolerance specification allows for the accept window to be extended (before and after) by that
margin. This accept window facilitates a hitless key rollover for applications (for example, routing and
management protocols).
See Cisco ASR 9000 Series Aggregation Services Router System Security Guide for information on keychain
management.
Nonstop Forwarding
On Cisco IOS XR software, NSF minimizes the amount of time a network is unavailable to its users following
a route processor (RP) failover. The main objective of NSF is to continue forwarding IP packets and perform
a graceful restart following an RP failover.
When a router restarts, all routing peers of that device usually detect that the device went down and then came
back up. This transition results in what is called a routing flap, which could spread across multiple routing
domains. Routing flaps caused by routing restarts create routing instabilities, which are detrimental to the
overall network performance. NSF helps to suppress routing flaps in NSF-aware devices, thus reducing
network instability.
NSF allows for the forwarding of data packets to continue along known routes while the routing protocol
information is being restored following an RP failover. When the NSF feature is configured, peer networking
devices do not experience routing flaps. Data traffic is forwarded through intelligent line cards while the
standby RP assumes control from the failed active RP during a failover. The ability of line cards to remain
up through a failover and to be kept current with the Forwarding Information Base (FIB) on the active RP is
key to NSF operation.
When the Cisco IOS XR router running IS-IS routing performs an RP failover, the router must perform two
tasks to resynchronize its link-state database with its IS-IS neighbors. First, it must relearn the available IS-IS
neighbors on the network without causing a reset of the neighbor relationship. Second, it must reacquire the
contents of the link-state database for the network.
The IS-IS NSF feature offers two options when configuring NSF:
IETF NSF
Cisco NSF
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 211
Implementing IS-IS on Cisco ASR 9000 Series Router
Nonstop ForwardingIf neighbor routers on a network segment are NSF aware, meaning that neighbor routers are running a software
version that supports the IETF Internet draft for router restartability, they assist an IETF NSF router that is
restarting. With IETF NSF, neighbor routers provide adjacency and link-state information to help rebuild the
routing information following a failover.
In Cisco IOS XR software, Cisco NSF checkpoints (stores persistently) all the state necessary to recover from
a restart without requiring any special cooperation from neighboring routers. The state is recovered from the
neighboring routers, but only using the standard features of the IS-IS routing protocol. This capability makes
Cisco NSF suitable for use in networksin which other routers have not used the IETF standard implementation
of NSF.
If you configure IETF NSF on the Cisco IOS XR router and a neighbor router does not support IETF NSF,
the affected adjacencies flap, but nonstop forwarding is maintained to all neighbors that do support IETF
NSF. A restart reverts to a cold start if no neighbors support IETF NSF.
Note
Multi-Instance IS-IS
You can configure up to five IS-IS instances. MPLS can run on multiple IS-IS processes as long as the
processesrun on differentsets of interfaces. Each interface may be associated with only a single IS-IS instance.
Cisco IOS XR software preventsthe double-booking of an interface by two instances at configuration timetwo
instances of MPLS configuration causes an error.
Because the Routing Information Base (RIB) treats each of the IS-IS instances as equal routing clients, you
must be careful when redistributing routes between IS-IS instances. The RIB does not know to prefer Level
1 routes over Level 2 routes. For this reason, if you are running Level 1 and Level 2 instances, you must
enforce the preference by configuring different administrative distances for the two instances.
Multiprotocol Label Switching Traffic Engineering
The MPLS TE feature enables an MPLS backbone to replicate and expand the traffic engineering capabilities
of Layer 2 ATM and Frame Relay networks. MPLS is an integration of Layer 2 and Layer 3 technologies.
For IS-IS, MPLS TE automatically establishes and maintains MPLS TE label-switched paths across the
backbone by using Resource Reservation Protocol (RSVP). The route that a label-switched path uses is
determined by the label-switched paths resource requirements and network resources, such as bandwidth.
Available resources are flooded by using special IS-IS TLV extensions in the IS-IS. The label-switched paths
are explicit routes and are referred to as traffic engineering (TE) tunnels.
Overload Bit on Router
The overload bit is a special bit of state information that is included in an LSP of the router. If the bit is set
on the router, it notifies routers in the area that the router is not available for transit traffic. This capability is
useful in four situations:
1 During a serious but nonfatal error, such as limited memory.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
212 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Multi-Instance IS-IS2 During the startup and restart of the process. The overload bit can be set until the routing protocol has
converged. However, it is not employed during a normal NSF restart or failover because doing so causes
a routing flap.
3 During a trial deployment of a new router. The overload bit can be set until deployment is verified, then
cleared.
4 During the shutdown of a router. The overload bit can be set to remove the router from the topology before
the router is removed from service.
Overload Bit Configuration During Multitopology Operation
Because the overload bit applies to forwarding for a single topology, it may be configured and cleared
independently for IPv4 and IPv6 during multitopology operation. For this reason, the overload is set from the
router address family configuration mode. If the IPv4 overload bit is set, all routers in the area do not use the
router for IPv4 transit traffic. However, they can still use the router for IPv6 transit traffic.
IS-IS Overload Bit Avoidance
The IS-IS overload bit avoidance feature allows network administratorsto prevent labelswitched paths(LSPs)
from being disabled when a router in that path has its Intermediate System-to-Intermediate System (IS-IS)
overload bit set.
When the IS-IS overload bit avoidance feature is activated, all nodes with the overload bit set, including head
nodes, mid nodes, and tail nodes, are ignored, which means that they are still available for use with label
switched paths (LSPs).
The IS-IS overload bit avoidance feature does not change the default behavior on nodes that have their
overload bit set if those nodes are not included in the path calculation (PCALC).
Note
The IS-IS overload bit avoidance feature is activated using the following command:
mpls traffic-eng path-selection ignore overload
The IS-IS overload bit avoidance feature is deactivated using the no form of this command:
no mpls traffic-eng path-selection ignore overload
When the IS-IS overload bit avoidance feature is deactivated, nodes with the overload bit set cannot be used
as nodes of last resort.
Default Routes
You can force a default route into an IS-IS routing domain. Whenever you specifically configure redistribution
of routes into an IS-IS routing domain, the Cisco IOS XR software does not, by default, redistribute the default
route into the IS-IS routing domain. The default-information originate command generates a default route
into IS-IS, which can be controlled by a route policy. You can use the route policy to identify the level into
which the default route is to be announced, and you can specify other filtering options configurable under a
route policy. You can use a route policy to conditionally advertise the default route, depending on the existence
of another route in the routing table of the router.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 213
Implementing IS-IS on Cisco ASR 9000 Series Router
Overload Bit Configuration During Multitopology OperationAttached Bit on an IS-IS Instance
The attached bit is set in a router that is configured with the is-type command and level-1-2 keyword. The
attached bit indicates that the router is connected to other areas (typically through the backbone). This
functionality means that the router can be used by Level 1 routers in the area as the default route to the
backbone. The attached bit is usually set automatically as the router discovers other areas while computing
its Level 2 SPF route. The bit is automatically cleared when the router becomes detached from the backbone.
If the connectivity for the Level 2 instance is lost, the attached bit in the Level 1 instance LSP would
continue sending traffic to the Level 2 instance and cause the traffic to be dropped.
Note
To simulate this behavior when using multiple processes to represent the level-1-2 keyword functionality,
you would manually configure the attached bit on the Level 1 process.
IS-IS Support for Route Tags
The IS-IS Support for route tags feature provides the capability to associate and advertise a tag with an IS-IS
route prefix. Additionally, the feature allows you to prioritize the order of installation of route prefixes in the
RIB based on a tag of a route. Route tags may also be used in route policy to match route prefixes(for example,
to select certain route prefixes for redistribution).
Multicast-Intact Feature
The multicast-intact feature provides the ability to run multicast routing (PIM) when IGP shortcuts are
configured and active on the router. Both OSPFv2 and IS-IS support the multicast-intact feature. MPLS TE
and IP multicast coexistence is supported in Cisco IOS XR software by using the mpls traffic-eng
multicast-intact IS-IS or OSPF router command.
You can enable multicast-intact in the IGP when multicast routing protocols (PIM) are configured and IGP
shortcuts are configured on the router. IGP shortcuts are MPLS tunnels that are exposed to IGP. The IGPs
route the IP traffic over these tunnels to destinations that are downstream from the egress router of the tunnel
(from an SPF perspective). PIM cannot use IGP shortcuts for propagating PIM joins because reverse path
forwarding (RPF) cannot work across a unidirectional tunnel.
When you enable multicast-intact on an IGP, the IGP publishes a parallel or alternate set of equal-cost next-hops
for use by PIM. These next-hops are called mcast-intact next-hops. The mcast-intact next-hops have the
following attributes:
They are guaranteed not to contain any IGP shortcuts.
They are not used for unicast routing but are used only by PIM to look up an IPv4 next-hop to a PIM
source.
They are not published to the FIB.
When multicast-intact is enabled on an IGP, all IPv4 destinations that were learned through link-state
advertisements are published with a set equal-cost mcast-intact next-hops to the RIB. This attribute
applies even when the native next-hops have no IGP shortcuts.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
214 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Attached Bit on an IS-IS Instance In IS-IS, the max-paths limit is applied by counting both the native and mcast-intact next-hops together.
(In OSPFv2, the behavior is slightly different.)
Multicast Topology Support Using IS-IS
Multicast topology support allowsfor the configuration of IS-IS multicast topologiesfor IPv4 or IPv6 routing.
IS-IS maintains a separate topology for multicast and runs a separate Shortest Path First (SPF) over the
multicast topology. IS-IS multicast inserts routes from the IS-IS multicast topology into the multicast-unicast
Routing Information Base (muRIB) table in the RIB for the corresponding address family. Since PIM uses
the muRIB, PIM uses routes from the multicast topology instead of routes from the unicast topology.
MPLS Label Distribution Protocol IGP Synchronization
Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP) Interior Gateway Protocol (IGP)
Synchronization ensures that LDP has completed label exchange before the IGP path is used for switching.
MPLS traffic loss can occur in the following two situations:
When an IGP adjacency is established, the router begins forwarding packets using the new adjacency
before LDP has exchanged labels with peers on that link.
When an LDP session closes, the router continues to forward traffic using the link associated with the
LDP peer rather than using an alternate path with an established LDP session.
This feature provides a mechanism to synchronize LDP and IS-IS to minimize MPLS packet loss. The
synchronization is accomplished by changing the link metric for a neighbor IS-IS link-state packet (LSP),
based on the state of the LDP session.
When an IS-IS adjacency is established on a link but the LDP session is lost or LDP has not yet completed
exchanging labels, IS-IS advertisesthe maximum metric on that link. In thisinstance, LDP IS-IS synchronization
is not yet achieved.
In IS-IS, a link with a maximum wide metric (0xFFFFFF) is not considered for shortest path first (SPF).
Therefore, the maximum wide metric of -1 (0XFFFFFE) is used with MPLS LDP IGP synchronization.
Note
When LDP IS-IS synchronization is achieved, IS-IS advertises a regular (configured or default) metric on
that link.
MPLS LDP-IGP Synchronization Compatibility with LDP Graceful Restart
LDP graceful restart protects traffic when an LDP session is lost. If a graceful restart-enabled LDP session
fails, MPLS LDP IS-IS synchronization is still achieved on the interface while it is protected by graceful
restart. MPLS LDP IGP synchronization is eventually lost under the following circumstances:
LDP fails to restart before the LDP graceful restart reconnect timer expires.
The LDP session on the protected interface fails to recover before the LDP graceful restart recovery
timer expires.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 215
Implementing IS-IS on Cisco ASR 9000 Series Router
Multicast Topology Support Using IS-ISMPLS LDP-IGP Synchronization Compatibility with IGP Nonstop Forwarding
IS-IS nonstop forwarding (NSF) protectstraffic during IS-IS processrestarts and route processor (RP) failovers.
LDP IS-IS synchronization is supported with IS-IS NSF only if LDP graceful restart is also enabled over the
interface. If IS-IS NSF is not enabled, the LDP synchronization state is not retained acrossrestarts and failovers.
Label Distribution Protocol IGP Auto-configuration
Label Distribution Protocol (LDP) Interior Gateway Protocol (IGP) auto-configuration simplifiesthe procedure
to enable LDP on a set of interfaces used by an IGP instance. LDP IGP auto-configuration can be used on a
large number interfaces(for example, when LDP is used for transport in the core) and on multiple IGP instances
simultaneously.
This feature supports the IPv4 address family for the default VPN routing and forwarding (VRF) instance.
LDP IGP auto-configuration can also be explicitly disabled on individual interfaces under LDP using the igp
auto-config disable command. This allows LDP to receive all IGP interfaces except the ones explicitly
disabled.
See Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide for information on
configuring LDP IGP auto-configuration.
MPLS TE Forwarding Adjacency
MPLS TE forwarding adjacency allows a network administrator to handle a traffic engineering, label switch
path (LSP) tunnel as a link in an Interior Gateway Protocol (IGP) network, based on the Shortest Path First
(SPF) algorithm. A forwarding adjacency can be created between routers in the same IS-IS level. The routers
can be located multiple hopsfrom each other. As a result, a TE tunnel is advertised as a link in an IGP network,
with the cost of the link associated with it. Routers outside of the TE domain see the TE tunnel and use it to
compute the shortest path for routing traffic throughout the network.
MPLS TE forwarding adjacency is considered in IS-IS SPF only if a two-way connectivity check is achieved.
This is possible if the forwarding adjacency is bidirectional or the head end and tail end routers of the MPLS
TE tunnel are adjacent.
The MPLS TE forwarding adjacency feature is supported by IS-IS. For details on configuring MPLS TE
forwarding adjacency, see the Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration
Guide.
MPLS TE Interarea Tunnels
MPLS TE interarea tunnels allow you to establish MPLS TE tunnels that span multiple IGP areas (Open
Shorted Path First [OSPF]) and levels (IS-IS), removing the restriction that required that both the tunnel
headend and tailend routers be in the same area. The IGP can be either IS-IS or OSPF. See the Configuring
MPLS Traffic Engineering for IS-IS, on page 243 for information on configuring MPLS TE for IS-IS.
For details on configuring MPLS TE interarea tunnels, see the Cisco ASR 9000 Series Aggregation Services
Router MPLS Configuration Guide.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
216 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Label Distribution Protocol IGP Auto-configurationIP Fast Reroute
The IP Fast Reroute (IPFRR) loop-free alternate (LFA) computation provides protection against link failure.
Locally computed repair paths are used to prevent packet loss caused by loops that occur during network
reconvergence after a failure. See IETF draft-ietf-rtgwg-ipfrr-framework-06.txt and
draft-ietf-rtgwg-lf-conv-frmwk-00.txt for detailed information on IPFRR LFA.
IPFRR LFA is different from Multiprotocol Label Switching (MPLS) as it is applicable to networks using
conventional IP routing and forwarding. See Cisco ASR 9000 Series Aggregation Services Router MPLS
Configuration Guide for information on configuring MPLS IPFRR.
How to Implement IS-IS
This section contains the following procedures:
Note To save configuration changes, you must commit changes when the system prompts you.
Enabling IS-IS and Configuring Level 1 or Level 2 Routing
This task explains how to enable IS-IS and configure the routing level for an area.
Configuring the routing level in Step 4 is optional, but is highly recommended to establish the proper level
of adjacencies.
Note
Before You Begin
Although you can configure IS-IS before you configure an IP address, no IS-IS routing occurs until at least
one IP address is configured.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. net network-entity-title
4. is-type { level-1 | level-1-2 | level-2-only }
5. Do one of the following:
end
commit
6. show isis [ instance instance-id ] protocol
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 217
Implementing IS-IS on Cisco ASR 9000 Series Router
IP Fast RerouteDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing instance, and places the
router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis
isp
Step 2
By default, all IS-IS instances are automatically Level 1 and Level
2. You can change the level of routing to be performed by a
particular routing instance by using the is-type router configuration
command.
Step 3 net network-entity-title Configures network entity titles (NETs) for the routing instance.
Example:
RP/0/RSP0/CPU0:router(config-isis)# net
47.0004.004d.0001.0001.0c11.1110.00
Specify a NET for each routing instance if you are configuring
multi-instance IS-IS.
This example configures a router with area ID 47.0004.004d.0001
and system ID 0001.0c11.1110.00.
To specify more than one area address, specify additional NETs.
Although the area address portion of the NET differs, the systemID
portion of the NET must match exactly for all of the configured
items.
Step 4 is-type { level-1 | level-1-2 | level-2-only } (Optional) Configures the system type (area or backbone router).
Example:
RP/0/RSP0/CPU0:router(config-isis)# is-type
level-2-only
By default, every IS-IS instance acts as a level-1-2 router.
The level-1 keyword configures the software to perform Level
1 (intra-area) routing only. Only Level 1 adjacencies are
established. The software learns about destinations inside its area
only. Any packets containing destinations outside the area are
sent to the nearest level-1-2 router in the area.
The level-2-only keyword configures the software to perform
Level 2 (backbone) routing only, and the router establishes only
Level 2 adjacencies, either with other Level 2-only routers or with
level-1-2 routers.
The level-1-2 keyword configures the software to perform both
Level 1 and Level 2 routing. Both Level 1 and Level 2 adjacencies
are established. The router acts as a border router between the
Level 2 backbone and its Level 1 area.
Step 5 Do one of the following: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
218 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Enabling IS-IS and Configuring Level 1 or Level 2 RoutingCommand or Action Purpose
When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
end
commit
Example:
RP/0/RSP0/CPU0:router(config-isis)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
show isis [ instance instance-id ] protocol (Optional) Displays summary information about the IS-IS instance.
Example:
RP/0/RSP0/CPU0:router# show isis protocol
Step 6
Configuring Single Topology for IS-IS
After an IS-IS instance is enabled, it must be configured to compute routes for a specific network topology.
This task explains how to configure the operation of the IS-IS protocol on an interface for an IPv4 or IPv6
topology.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 219
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Single Topology for IS-ISBefore You Begin
To enable the router to run in single-topology mode, configure each of the IS-IS interfaces with all of the
address families enabled and single-topology in the address-family IPv6 unicast in the IS-IS router
stanza. You can use either the IPv6 address family or both IPv4 and IPv6 address families, but your
configuration must represent the set of all active address families on the router. Additionally, explicitly
enable single-topology operation by configuring it in the IPv6 router address family submode.
Two exceptions to these instructions exist:
Note
1 If the address-family stanza in the IS-IS process contains the adjacency-check disable command,
then an interface is not required to have the address family enabled.
2 The single-topology command is not valid in the ipv4 address-family submode.
The default metric style for single topology is narrow metrics. However, you can use either wide metrics
or narrow metrics. How to configure them depends on how single topology is configured. If both IPv4
and IPv6 are enabled and single topology is configured, the metric style is configured in the address-family
ipv4 stanza. You may configure the metric style in the address-family ipv6 stanza, but it is ignored in
this case. If only IPv6 is enabled and single topology is configured, then the metric style is configured in
the address-family ipv6 stanza.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
220 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Single Topology for IS-ISSUMMARY STEPS
1. configure
2. interface type interface-path-id
3. Do one of the following:
ipv4 address address mask
ipv6 address ipv6-prefix / prefix-length [ eui-64 ]
ipv6 address ipv6-address { / prefix-length | link-local }
ipv6 enable
4. exit
5. router isis instance-id
6. net network-entity-title
7. address-family ipv6 [ unicast ]
8. single-topology
9. exit
10. interface type interface-path-id
11. circuit-type { level-1 | level-1-2 | level-2-only }
12. address-family { ipv4 | ipv6 } [ unicast | multicast ]
13. Do one of the following:
end
commit
14. show isis [ instance instance-id ] interface [ type interface-path-id ] [ detail ] [ level { 1 | 2 }]
15. show isis [ instance instance-id ] topology [ systemid system-id ] [ level { 1 | 2 }] [ summary ]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
interface type interface-path-id Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# interface
GigabitEthernet 0/1/0/3
Step 2
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 221
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Single Topology for IS-ISCommand or Action Purpose
Definesthe IPv4 addressfor the interface. An IP addressisrequired
on all interfaces in an area enabled for IS-IS if any one interface is
configured for IS-IS routing.
Step 3 Do one of the following:
ipv4 address address mask
ipv6 address ipv6-prefix / prefix-length [
eui-64 ]
or
Specifies an IPv6 network assigned to the interface and enables
IPv6 processing on the interface with the eui-64 keyword.
ipv6 address ipv6-address { / prefix-length |
link-local }
or
ipv6 enable
Specifies an IPv6 address assigned to the interface and enablesIPv6
processing on the interface with the link-local keyword.
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4 address
10.0.1.3 255.255.255.0
or
Automatically configures an IPv6 link-local address on the interface
while also enabling the interface for IPv6 processing.
or
RP/0/RSP0/CPU0:router(config-if)# ipv6
address 3ffe:1234:c18:1::/64 eui-64
The link-local address can be used only to communicate with
nodes on the same link.
RP/0/RSP0/CPU0:router(config-if)# ipv6
Specifying the ipv6 address ipv6-prefix / prefix-length
interface configuration command without the eui-64 keyword
configures site-local and global IPv6 addresses.
address FE80::260:3EFF:FE11:6770 link-local
RP/0/RSP0/CPU0:router(config-if)# ipv6
enable
or
Specifying the ipv6 address ipv6-prefix / prefix-length
command with the eui-64 keyword configures site-local and
global IPv6 addresses with an interface ID in the low-order
64 bits of the IPv6 address. Only the 64-bit network prefix
for the address needs to be specified; the last 64 bits are
automatically computed from the interface ID.
Specifying the ipv6 address command with the link-local
keyword configures a link-local address on the interface that
is used instead of the link-local address that is automatically
configured when IPv6 is enabled on the interface.
Exits interface configuration mode, and returns the router to global
configuration mode.
exit
Example:
RP/0/RSP0/CPU0:router(config-if)# exit
Step 4
Enables IS-IS routing for the specified routing instance, and places
the router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis
isp
Step 5
By default, all IS-IS instances are Level 1 and Level 2. You
can change the level of routing to be performed by a particular
routing instance by using the is-type command.
Step 6 net network-entity-title Configures NETs for the routing instance.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
222 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Single Topology for IS-ISCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-isis)# net
47.0004.004d.0001.0001.0c11.1110.00
Specify a NET for each routing instance if you are configuring
multi-instance IS-IS. You can specify a name for a NET and
for an address.
This example configures a router with area ID
47.0004.004d.0001 and system ID 0001.0c11.1110.00.
To specify more than one area address, specify additional
NETs. Although the area address portion of the NET differs,
the system ID portion of the NET must match exactly for all
of the configured items.
Specifies the IPv6 address family and enters router address family
configuration mode.
address-family ipv6 [ unicast ]
Example:
RP/0/RSP0/CPU0:router(config-isis)#
address-family ipv6 unicast
Step 7
This example specifies the unicast IPv6 address family.
(Optional) Configures the link topology for IPv4 when IPv6 is
configured.
single-topology
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
single-topology
Step 8
The single-topology command is valid only in IPv6 submode.
The command instructs IPv6 to use the single topology rather
than the default configuration of a separate topology in the
multitopology mode.
See the Single-Topology IPv6 Support, on page 210 for more
information.
Exits router address family configuration mode, and returns the
router to router configuration mode.
exit
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# exit
Step 9
interface type interface-path-id Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-isis)# interface
GigabitEthernet 0/1/0/3
Step 10
Step 11 circuit-type { level-1 | level-1-2 | level-2-only } (Optional) Configures the type of adjacency.
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
circuit-type level-1-2
The default circuit type is the configured system type
(configured through the is-type command).
Typically, the circuit type must be configured when the router
is configured as only level-1-2 and you want to constrain an
interface to form only level-1 or level-2-only adjacencies.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 223
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Single Topology for IS-ISCommand or Action Purpose
Specifies the IPv4 or IPv6 address family, and enters interface
address family configuration mode.
address-family { ipv4 | ipv6 } [ unicast | multicast
]
Step 12
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
address-family ipv4 unicast
This example specifiesthe unicast IPv4 addressfamily on the
interface.
Step 13 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-if-af)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
show isis [ instance instance-id ] interface [ type (Optional) Displays information about the IS-IS interface.
interface-path-id ] [ detail ] [ level { 1 | 2 }]
Step 14
Example:
RP/0/RSP0/CPU0:router# show isis interface
GigabitEthernet 0/1/0/1
show isis [ instance instance-id ] topology [ (Optional) Displays a list of connected routers in all areas.
systemid system-id ] [ level { 1 | 2 }] [ summary
]
Step 15
Example:
RP/0/RSP0/CPU0:router# show isis topology
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
224 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Single Topology for IS-ISConfiguring Multitopology Routing
This set of procedures configures multitopology routing, which is used by PIM for reverse-path forwarding
(RPF) path selection.
Restrictions for Configuring Multitopology Routing
Only the default VRF is currently supported in a multitopology solution.
Only protocol-independent multicast (PIM) and intermediate system-intermediate system (IS-IS) routing
protocols are currently supported.
Topology selection is restricted solely to (S, G) route sources for both SM and SSM. Static and IS-IS
are the only interior gateway protocols (IGPs) that support multitopology deployment.
For non-(S, G) route sources like a rendezvous point or bootstrap router (BSR), or when a route policy
is not configured, the current policy default remains in effect. In other words, either a unicast-default or
multicast-default table is selected for all sources, based on OSFP/IS-IS/Multiprotocol Border Gateway
Protocol (MBGP) configuration.
Although both multicast and unicast keywords are available when using the address-family {ipv4 |
ipv6} command in routing policy language (RPL), only topologies under multicast SAFI can be configured
globally.
Note
Information About Multitopology Routing
Configuring multitopology networks requires the following tasks:
Configuring a Global Topology and Associating It with an Interface
Follow these stepsto enable a global topology in the default VRF and to enable its use with a specific interface.
SUMMARY STEPS
1. configure
2. address-family { ipv4 | ipv6 } multicast topology topo-name
3. maximum prefix limit
4. interface type interface-path-id
5. address-family { ipv4 | ipv6 } multicast topology topo-name
6. Repeat Step 4 and Step 5 until you have specified all the interface instances you want to associate with
your topologies.
7. Do one of the following:
end
commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 225
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Multitopology RoutingDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Configures a topology in the default VRF table that will
be associated with a an interface.
address-family { ipv4 | ipv6 } multicast topology topo-name
Example:
RP/0/RSP0/CPU0:router(config)# address-family ipv4
multicast topology green
Step 2
(Optional) Limits the number of prefixes allowed in a
topology routing table. Range is 32 to 2000000.
maximum prefix limit
Example:
RP/0/RSP0/CPU0:router(config-af)# maximum prefix 100
Step 3
Specifiesthe interface to be associated with the previously
specified VRF table that will add the connected and local
routes to the appropriate routing table.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-af)# interface
GigabitEthernet 0/3/0/0
Step 4
Enablesthe topology for the interface specified in Step 4,
on page 226, adding the connected and local routesto the
appropriate routing table.
address-family { ipv4 | ipv6 } multicast topology
topo-name
Example:
RP/0/RSP0/CPU0:router(config-if)# address-family ipv4
multicast topology green
Step 5
Repeat Step 4 and Step 5 until you have specified all the
interface instances you want to associate with your topologies.
Step 6
Example:
RP/0/RSP0/CPU0:router(config-if-af)# interface
gigabitethernet 0/3/2/0
RP/0/RSP0/CPU0:routerrouter(config-if)# address-family
ipv4 multicast topology purple
RP/0/RSP0/CPU0:router(config-if-af)#
Step 7 Do one of the following: Saves configuration changes.
end When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
commit
Example:
RP/0/RSP0/CPU0:router(config-mcast-default-ipv4)# end
before exiting(yes/no/cancel)?[cancel]:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
226 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Multitopology RoutingCommand or Action Purpose
? Entering yes saves configuration changes to
the running configuration file, exits the
or
RP/0/RSP0/CPU0:router(config-mcast-default-ipv4)#
commit
configuration session, and returns the router
to EXEC mode.
? Entering no exits the configuration session
and returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leavesthe router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changesto the running configuration file and remain
within the configuration session.
Enabling an IS-IS Topology
To enable a topology in IS-IS, you must associate an IS-IS topology ID with the named topology. IS-IS uses
the topology ID to differentiate topologies in the domain.
Note This command must be configured prior to other topology commands.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. address-family { ipv4 | ipv6 } multicast topology topo-name
4. topology-id multitoplogy-id
5. Do one of the following:
end
commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 227
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Multitopology RoutingDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
router isis instance-id Enters IS-IS configuration submode.
Example:
RP/0/RSP0/CPU0:router(config)# router isis
purple
Step 2
address-family { ipv4 | ipv6 } multicast Associates an IS-IS topology ID with the named topology.
topology topo-name
Step 3
Example:
RP/0/RSP0/CPU0:router(config-isis)#
address-family ipv4 multicast topology
green
Configures the numeric multitopologyID in IS-IS that identifies the
topology. Range is 6 to 4095.
topology-id multitoplogy-id
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
toplogy-id 122
Step 4
Step 5 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)#
end
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-if-af)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
228 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Multitopology RoutingCommand or Action Purpose
Placing an Interface in a Topology in IS-IS
To associate an interface with a topology in IS-IS, follow these steps.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. net network-entity-title
4. interface type interface-path-id
5. address-family { ipv4 | ipv6 } multicast topology topo-name
6. Repeat Step 4, on page 230 and Step 5, on page 230 until you have specified all the interface instances
and associated topologies you want to configure in your network.
7. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
router isis instance-id Enters IS-IS configuration submode.
Example:
RP/0/RSP0/CPU0:router(config)# router isis
purple
Step 2
net network-entity-title Creates a network entity title for the configured isis interface.
Example:
RP/0/RSP0/CPU0:router(config-isis)# net
netname
Step 3
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 229
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Multitopology RoutingCommand or Action Purpose
Enters isis interface configuration submode and creates an
interface instance.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-isis)# interface
gigabitethernet 0/3/0/0
Step 4
address-family { ipv4 | ipv6 } multicast topology
topo-name
Step 5 Entersisis address-family interface configuration submode.
Places the interface instance into a topology.
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
address-family ipv4 multicast topology green
Repeat Step 4, on page 230 and Step 5, on page 230
until you have specified all the interface instances and
Step 6
associated topologies you want to configure in your
network.
Step 7 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-if-af)#
commit
? Entering no exits the configuration session and
returnsthe router to EXEC mode without committing
the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changesto the running configuration file and remain within
the configuration session.
Configuring a Routing Policy
For more information about creating a routing policy and about the set rpf-topology command, see
Cisco ASR 9000 Series Aggregation Services Router Routing Command Reference.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
230 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Multitopology RoutingSUMMARY STEPS
1. configure
2. route-policy policy-name
3. end-policy
4. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Defines a routing policy and enters routing policy configuration
submode.
route-policy policy-name
Example:
RP/0/RSP0/CPU0:router(config)# route-policy
Step 2
For detailed information about the use of the set-rpf-topology and
other routing configuration commands,see Cisco ASR 9000 Series
mt1 Aggregation Services Router Routing Command Reference.
RP/0/RSP0/CPU0:router(config-rpl)# if
destination in 225.0.0.1, 225.0.0.11 then
RP/0/RSP0/CPU0:router(config-rpl-if)# if source
in (10.10.10.10) then
RP/0/RSP0/CPU0:router(config-rpl-if-2)# set
rpf-topology ipv4 multicast topology
greentable
RP/0/RSP0/CPU0:router(config-rpl-if-2)# else
RP/0/RSP0/CPU0:router(config-rpl-if-else-2)#
set rpf-topology ipv4 multicast topology
bluetable
RP/0/RSP0/CPU0:router(config-rpl-if-else-2)#
endif
RP/0/RSP0/CPU0:router(config-rpl-if)# endif
Signifies the end of route policy definition and exits routing policy
configuration submode.
end-policy
Example:
RP/0/RSP0/CPU0:router(config-rpl)# end-policy
Step 3
RP/0/RSP0/CPU0:router(config)#
Step 4 Do one of the following: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 231
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Multitopology RoutingCommand or Action Purpose
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
end
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Configuring Multitopology for IS-IS
Multitopology is configured in the same way asthe single topology. However, the single - topology command
is omitted, invoking the default multitopology behavior. This task is optional.
Controlling LSP Flooding for IS-IS
Flooding of LSPs can limit network scalability. You can control LSP flooding by tuning your LSP database
parameters on the router globally or on the interface. This task is optional.
Many of the commands to control LSP flooding contain an option to specify the level to which they apply.
Without the option, the command applies to both levels. If an option is configured for one level, the other
level continues to use the default value. To configure options for both levels, use the command twice. For
example:
RP/0/RSP0/CPU0:router(config-isis)# lsp-refresh-interval 1200 level 2
RP/0/RSP0/CPU0:router(config-isis)# lsp-refresh-interval 1100 level 1
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
232 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Multitopology for IS-ISSUMMARY STEPS
1. configure
2. router isis instance-id
3. lsp-refresh-interval seconds [ level { 1 | 2 }]
4. lsp-check-interval seconds [ level { 1 | 2 }]
5. lsp-gen-interval { [ initial-wait initial | secondary-wait secondary | maximum-wait maximum
] ... } [ level { 1 | 2 }]
6. lsp-mtu bytes [ level { 1 | 2 }]
7. max-lsp-lifetime seconds [ level { 1 | 2 }]
8. ignore-lsp-errors disable
9. interface type interface-path-id
10. lsp-interval milliseconds [ level { 1 | 2 }]
11. csnp-interval seconds [ level { 1 | 2 }]
12. retransmit-interval seconds [ level { 1 | 2 }]
13. retransmit-throttle-interval milliseconds [ level { 1 | 2 }]
14. mesh-group { number | blocked }
15. Do one of the following:
end
commit
16. show isis interface [ type interface-path-id | level { 1 | 2 }] [ brief ]
17. show isis [ instance instance-id ] database [ level { 1 | 2 }] [ detail | summary | verbose ] [ * |
lsp-id ]
18. show isis [ instance instance-id ] lsp-log [ level { 1 | 2 }]
19. show isis database-log [ level { 1 | 2 }]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing instance, and places
the router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis
isp
Step 2
You can change the level of routing to be performed by a
particular routing instance by using the is-type router
configuration command.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 233
Implementing IS-IS on Cisco ASR 9000 Series Router
Controlling LSP Flooding for IS-ISCommand or Action Purpose
(Optional) Sets the time between regeneration of LSPs that contain
different sequence numbers
lsp-refresh-interval seconds [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis)#
lsp-refresh-interval 10800
Step 3
The refresh interval should always be set lower than the
max-lsp-lifetime command.
(Optional) Configuresthe time between periodic checks of the entire
database to validate the checksums of the LSPs in the database.
lsp-check-interval seconds [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis)#
lsp-check-interval 240
Step 4
This operation is costly in terms of CPU and so should be
configured to occur infrequently.
(Optional) Reduces the rate of LSP generation during periods of
instability in the network. Helps reduce the CPU load on the router
and number of LSP transmissions to its IS-IS neighbors.
lsp-gen-interval { [ initial-wait initial |
secondary-wait secondary | maximum-wait
maximum ] ... } [ level { 1 | 2 }]
Step 5
Example:
RP/0/RSP0/CPU0:router(config-isis)#
During prolonged periods of network instability, repeated
recalculation of LSPs can cause an increased CPU load on
the local router. Further, the flooding of these recalculated
lsp-gen-interval maximum-wait 15 LSPsto the other Intermediate Systemsin the network causes
initial-wait 5
increased traffic and can result in other routers having to spend
more time running route calculations.
(Optional) Sets the maximum transmission unit (MTU) size of
LSPs.
lsp-mtu bytes [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis)# lsp-mtu
1300
Step 6
(Optional) Sets the initial lifetime given to an LSP originated by
the router.
max-lsp-lifetime seconds [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis)#
max-lsp-lifetime 11000
Step 7
Thisisthe amount of time that the LSP persistsin the database
of a neighbor unless the LSP is regenerated or refreshed.
(Optional) Sets the router to purge LSPs received with checksum
errors.
ignore-lsp-errors disable
Example:
RP/0/RSP0/CPU0:router(config-isis)#
ignore-lsp-errors disable
Step 8
interface type interface-path-id Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-isis)#
interface GigabitEthernet 0/1/0/3
Step 9
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
234 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Controlling LSP Flooding for IS-ISCommand or Action Purpose
(Optional) Configures the amount of time between each LSP sent
on an interface.
lsp-interval milliseconds [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
lsp-interval 100
Step 10
(Optional) Configures the interval at which periodic CSNP packets
are sent on broadcast interfaces.
csnp-interval seconds [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
csnp-interval 30 level 1
Step 11
Sending more frequent CSNPs means that adjacent routers
must work harder to receive them.
Sending less frequent CSNP means that differences in the
adjacent routers may persist longer.
(Optional) Configures the amount of time that the sending router
waits for an acknowledgment before it considers that the LSP was
not received and subsequently resends.
retransmit-interval seconds [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
retransmit-interval 60
Step 12
RP/0/RSP0/CPU0:router(config-isis-if)#
retransmit-interval 60
(Optional) Configures the amount of time between retransmissions
on each LSP on a point-to-point interface.
retransmit-throttle-interval milliseconds [
level { 1 | 2 }]
Step 13
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
retransmit-throttle-interval 1000
This time is usually greater than or equal to the lsp-interval
command time because the reason for lost LSPs may be that
a neighboring router is busy. A longer interval gives the
neighbor more time to receive transmissions.
(Optional) Optimizes LSP flooding in NBMA networks with highly
meshed, point-to-point topologies.
mesh-group { number | blocked }
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
mesh-group blocked
Step 14
This command is appropriate only for an NBMA network
with highly meshed, point-to-point topologies.
Step 15 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-isis-if)# end
exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-isis-if)#
commit
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 235
Implementing IS-IS on Cisco ASR 9000 Series Router
Controlling LSP Flooding for IS-ISCommand or Action Purpose
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
show isis interface [ type interface-path-id | (Optional) Displays information about the IS-IS interface.
level { 1 | 2 }] [ brief ]
Step 16
Example:
RP/0/RSP0/CPU0:router# show isis interface
GigabitEthernet 0/1/0/1 brief
show isis [ instance instance-id ] database [ (Optional) Displays the IS-IS LSP database.
level { 1 | 2 }] [ detail | summary | verbose ]
[ * | lsp-id ]
Step 17
Example:
RP/0/RSP0/CPU0:router# show isis database
level 1
show isis [ instance instance-id ] lsp-log [ level (Optional) Displays LSP log information.
{ 1 | 2 }]
Step 18
Example:
RP/0/RSP0/CPU0:router# show isis lsp-log
show isis database-log [ level { 1 | 2 }] (Optional) Display IS-IS database log information.
Example:
RP/0/RSP0/CPU0:router# show isis
database-log level 1
Step 19
Configuring Nonstop Forwarding for IS-IS
This task explains how to configure your router with NSF that allows the Cisco IOS XR software to
resynchronize the IS-IS link-state database with its IS-IS neighbors after a process restart. The process restart
could be due to an:
RP failover (for a warm restart)
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
236 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Nonstop Forwarding for IS-IS Simple process restart (due to an IS-IS reload or other administrative request to restart the process)
IS-IS software upgrade
In all cases, NSF mitigates link flaps and loss of user sessions. This task is optional.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. nsf { cisco | ietf }
4. nsf interface-expires number
5. nsf interface-timer seconds
6. nsf lifetime seconds
7. Do one of the following:
end
commit
8. show running-config [ command ]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing instance, and places the
router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router
isis isp
Step 2
You can change the level of routing to be performed by a particular
routing instance by using the is-type router configuration command.
Step 3 nsf { cisco | ietf } Enables NSF on the next restart.
Example:
RP/0/RSP0/CPU0:router(config-isis)# nsf
ietf
Enter the cisco keyword to run IS-IS in heterogeneous networks
that might not have adjacent NSF-aware networking devices.
Enter the ietf keyword to enable IS-IS in homogeneous networks
where all adjacent networking devices support IETF draft-based
restartability.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 237
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Nonstop Forwarding for IS-ISCommand or Action Purpose
Configures the number of resends of an acknowledged NSF-restart
acknowledgment.
nsf interface-expires number
Example:
RP/0/RSP0/CPU0:router(config-isis)# nsf
interface-expires 1
Step 4
If the resend limit is reached during the NSF restart, the restart falls
back to a cold restart.
nsf interface-timer seconds Configuresthe number ofsecondsto wait for each restart acknowledgment.
Example:
RP/0/RSP0/CPU0:router(config-isis) nsf
interface-timer 15
Step 5
Step 6 nsf lifetime seconds Configures the maximum route lifetime following an NSF restart.
Example:
RP/0/RSP0/CPU0:router(config-isis)# nsf
lifetime 20
This command should be configured to the length of time required
to perform a full NSF restart because it is the amount of time that
the Routing Information Base (RIB) retains the routes during the
restart.
Setting this value too high results in stale routes.
Setting this value too low could result in routes purged too soon.
Step 7 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-isis)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
238 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Nonstop Forwarding for IS-ISCommand or Action Purpose
(Optional) Displays the entire contents of the currently running
configuration file or a subset of that file.
show running-config [ command ]
Example:
RP/0/RSP0/CPU0:router# show
running-config router isis isp
Step 8
Verify that nsf appearsin the IS-IS configuration of the NSF-aware
device.
This example shows the contents of the configuration file for the
isp instance only.
Configuring Authentication for IS-IS
This task explains how to configure authentication for IS-IS. This task is optional.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. lsp-password { hmac-md5 | text } { clear | encrypted } password [ level { 1 | 2 }] [ send-only ]
[ snp send-only ]
4. interface type interface-path-id
5. hello-password { hmac-md5 | text } { clear | encrypted } password [ level { 1 | 2 }] [ send-only
]
6. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing instance, and
places the router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis isp
Step 2
You can change the level of routing to be performed
by a particular routing instance by using the is-type
command.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 239
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Authentication for IS-ISCommand or Action Purpose
lsp-password { hmac-md5 | text } { clear | encrypted } Configures the LSP authentication password.
password [ level { 1 | 2 }] [ send-only ] [ snp send-only ]
Step 3
The hmac-md5 keyword specifies that the password
is used in HMAC-MD5 authentication.
Example:
RP/0/RSP0/CPU0:router(config-isis)# lsp-password
hmac-md5 clear password1 level 1
The text keyword specifies that the password uses
cleartext password authentication.
The clear keyword specifies that the password is
unencrypted when entered.
The encrypted keyword specifies that the password
is encrypted using a two-way algorithm when entered.
The level 1 keyword sets a password for authentication
in the area (in Level 1 LSPs and Level SNPs).
The level 2 keywordsset a password for authentication
in the backbone (the Level 2 area).
The send-only keyword adds authentication to LSP
and sequence number protocol data units (SNPs) when
they are sent. It does not authenticate received LSPs or
SNPs.
The snp send-only keyword adds authentication to
SNPs when they are sent. It does not authenticate
received SNPs.
To disable SNP password checking, the snp
send-only keywords must be specified in the
lsp-password command.
Note
interface type interface-path-id Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-isis)# interface
GigabitEthernet 0/1/0/3
Step 4
hello-password { hmac-md5 | text } { clear | encrypted Configuresthe authentication password for an IS-IS interface.
} password [ level { 1 | 2 }] [ send-only ]
Step 5
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#hello-password
text clear mypassword
Step 6 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
240 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Authentication for IS-ISCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-isis-if)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
or
RP/0/RSP0/CPU0:router(config-isis-if)# commit
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Configuring Keychains for IS-IS
This task explains how to configure keychains for IS-IS. This task is optional.
Keychains can be configured at the router level ( lsp-password command) and at the interface level (
hello-password command) within IS-IS. These commands reference the global keychain configuration and
instruct the IS-IS protocol to obtain security parameters from the global set of configured keychains. The
router-level configuration (lsp-password command) sets the keychain to be used for all IS-IS LSPs generated
by this router, as well as for all Sequence Number Protocol Data Units (SN PDUs). The keychain used for
HELLO PDUs is set at the interface level, and may be set differently for each interface configured for IS-IS.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. l sp-password keychain keychain-name [ level { 1 | 2 }] [ send-only ] [ snp send-only ]
4. interface type interface-path-id
5. h ello-password keychain keychain-name [ level { 1 | 2 }] [ send-only ]
6. Do one of the following:
end
commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 241
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Keychains for IS-ISDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing instance,
and places the router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis isp
Step 2
You can change the level of routing to be performed
by a particular routing instance by using the is-type
command.
l sp-password keychain keychain-name [ level { 1 | 2 }] Configures the keychain.
[ send-only ] [ snp send-only ]
Step 3
Example:
RP/0/RSP0/CPU0:router(config-isis)# lsp-password
keychain isis_a level 1
interface type interface-path-id Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-isis)# interface
GigabitEthernet 0/1/0/3
Step 4
Configures the authentication password for an IS-IS
interface.
h ello-password keychain keychain-name [ level { 1 | 2
}] [ send-only ]
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#hello-password
keychain isis_b
Step 5
Step 6 Do one of the following: Saves configuration changes.
end When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
commit
Example:
RP/0/RSP0/CPU0:router(config-isis-if)# end
before exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to
the running configuration file, exits the
or
RP/0/RSP0/CPU0:router(config-isis-if)# commit
configuration session, and returns the router to
EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
242 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Keychains for IS-ISCommand or Action Purpose
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Configuring MPLS Traffic Engineering for IS-IS
This task explains how to configure IS-IS for MPLS TE. This task is optional.
For a description of the MPLS TE tasks and commands that allow you to configure the router to support
tunnels, configure an MPLS tunnel that IS-IS can use, and troubleshoot MPLS TE, see Implementing MPLS
Traffic Engineering on Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide
Before You Begin
Your network must support the MPLS Cisco IOS XR software feature before you enable MPLS TE for IS-IS
on your router.
You must enter the commands in the following task list on every IS-IS router in the traffic-engineered
portion of your network.
Note
MPLS traffic engineering currently does not support routing and signaling of LSPs over unnumbered IP
links. Therefore, do not configure the feature over those links.
Note
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 243
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring MPLS Traffic Engineering for IS-ISSUMMARY STEPS
1. configure
2. router isis instance-id
3. address-family { ipv4 | ipv6 } [ unicast | multicast ]
4. mpls traffic-eng level { 1 | 2 }
5. mpls traffic-eng router-id { ip-address | interface-name interface-instance }
6. metric-style wide [ level { 1 | 2 }]
7. Do one of the following:
end
commit
8. show isis [ instance instance-id ] mpls traffic-eng tunnel
9. show isis [ instance instance-id ] mpls traffic-eng adjacency-log
10. show isis [ instance instance-id ] mpls traffic-eng advertisements
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing instance, and
places the router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis isp
Step 2
You can change the level of routing to be performed
by a particular routing instance by using the is-type
router configuration command.
Specifies the IPv4 or IPv6 address family, and enters router
address family configuration mode.
address-family { ipv4 | ipv6 } [ unicast | multicast ]
Example:
RP/0/RSP0/CPU0:router(config-isis)#address-family
ipv4 unicast
Step 3
Configures a router running IS-IS to flood MPLS TE link
information into the indicated IS-IS level.
mpls traffic-eng level { 1 | 2 }
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# mpls
traffic-eng level 1
Step 4
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
244 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring MPLS Traffic Engineering for IS-ISCommand or Action Purpose
Specifies that the MPLS TE router identifier for the node is
the given IP address or an IP address associated with the
given interface.
mpls traffic-eng router-id { ip-address | interface-name
interface-instance }
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# mpls
traffic-eng router-id loopback0
Step 5
Configures a router to generate and accept only wide link
metrics in the Level 1 area.
metric-style wide [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
metric-style wide level 1
Step 6
Step 7 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# end
? Entering yes saves configuration changes to the
running configuration file, exitsthe configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-af)# commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
show isis [ instance instance-id ] mpls traffic-eng (Optional) Displays MPLS TE tunnel information.
tunnel
Step 8
Example:
RP/0/RSP0/CPU0:router# show isis instance isp mpls
traffic-eng tunnel
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 245
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring MPLS Traffic Engineering for IS-ISCommand or Action Purpose
(Optional) Displays a log of MPLS TE IS-IS adjacency
changes.
show isis [ instance instance-id ] mpls traffic-eng
adjacency-log
Example:
RP/0/RSP0/CPU0:router# show isis instance isp mpls
traffic-eng adjacency-log
Step 9
(Optional) Displays the latest flooded record from MPLS
TE.
show isis [ instance instance-id ] mpls traffic-eng
advertisements
Example:
RP/0/RSP0/CPU0:router# show isis instance isp mpls
traffic-eng advertisements
Step 10
Tuning Adjacencies for IS-IS
This task explains how to enable logging of adjacency state changes, alter the timers for IS-IS adjacency
packets, and display various aspects of adjacency state. Tuning your IS-IS adjacencies increases network
stability when links are congested. This task is optional.
For point-to-point links, IS-IS sends only a single hello for Level 1 and Level 2, which means that the level
modifiers are meaningless on point-to-point links. To modify hello parameters for a point-to-point interface,
omit the specification of the level options.
The options configurable in the interface submode apply only to that interface. By default, the values are
applied to both Level 1 and Level 2.
The hello-password command can be used to prevent adjacency formation with unauthorized or undesired
routers. This ability is particularly useful on a LAN, where connections to routers with which you have no
desire to establish adjacencies are commonly found.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
246 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Tuning Adjacencies for IS-ISSUMMARY STEPS
1. configure
2. router isis instance-id
3. log adjacency changes
4. interface type interface-path-id
5. hello-padding { disable | sometimes } [ level { 1 | 2 }]
6. hello-interval seconds [ level { 1 | 2 }]
7. hello-multiplier multiplier [ level { 1 | 2 }]
8. h ello-password { hmac-md5 | text } { clear | encrypted } password [ level { 1 | 2 }] [ send-only
]
9. Do one of the following:
end
commit
10. show isis [ instance instance-id ] adjacency t ype interface- path-id ] [ detail ] [ systemid system-id
]
11. show isis adjacency-log
12. show isis [ instance instance-id ] interface [ type interface-path-id ] [ brief | detail ] [ level { 1 |
2 }]
13. show isis [ instance instance-id ] neighbors [ interface-type interface-instance ] [ summary ] [ detail
] [ systemid system-id ]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing instance,
and places the router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis isp
Step 2
You can change the level of routing to be
performed by a particular routing instance by using
the is-type command.
Generates a log message when an IS-IS adjacency
changes state (up or down).
log adjacency changes
Example:
RP/0/RSP0/CPU0:router(config-isis)# log adjacency
changes
Step 3
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 247
Implementing IS-IS on Cisco ASR 9000 Series Router
Tuning Adjacencies for IS-ISCommand or Action Purpose
interface type interface-path-id Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-isis)# interface
GigabitEthernet 0/1/0/3
Step 4
Configures padding on IS-IS hello PDUs for an IS-IS
interface on the router.
hello-padding { disable | sometimes } [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-if)# hello-padding
sometimes
Step 5
Hello padding appliesto only thisinterface and not
to all interfaces.
Specifies the length of time between hello packets that
the software sends.
hello-interval seconds [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#hello-interval
6
Step 6
Specifies the number of IS-IS hello packets a neighbor
must miss before the routershould declare the adjacency
as down.
hello-multiplier multiplier [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
hello-multiplier 10
Step 7
A higher value increases the networks tolerance
for dropped packets, but also may increase the
amount of time required to detect the failure of an
adjacent router.
Conversely, not detecting the failure of an adjacent
router can result in greater packet loss.
Specifies that this system include authentication in the
hello packets and requires successful authentication of
h ello-password { hmac-md5 | text } { clear | encrypted
} password [ level { 1 | 2 }] [ send-only ]
Step 8
the hello packet from the neighbor to establish an
adjacency.
Example:
RP/0/RSP0/CPU0:router(config-isis-if)# hello-password
text clear mypassword
Step 9 Do one of the following: Saves configuration changes.
end When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
commit
Example:
RP/0/RSP0/CPU0:router(config-isis-if)# end
before exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to
the running configuration file, exits the
or
RP/0/RSP0/CPU0:router(config-isis-if)# commit
configuration session, and returns the router
to EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
248 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Tuning Adjacencies for IS-ISCommand or Action Purpose
? Entering no exits the configuration session
and returnsthe router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the
current configuration session without exiting
or committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and
remain within the configuration session.
show isis [ instance instance-id ] adjacency t ype interface- (Optional) Displays IS-IS adjacencies.
path-id ] [ detail ] [ systemid system-id ]
Step 10
Example:
RP/0/RSP0/CPU0:router# show isis instance isp
adjacency
(Optional) Displays a log of the most recent adjacency
state transitions.
show isis adjacency-log
Example:
RP/0/RSP0/CPU0:router# show isis adjacency-log
Step 11
show isis [ instance instance-id ] interface [ type (Optional) Displaysinformation about the IS-IS interface.
interface-path-id ] [ brief | detail ] [ level { 1 | 2 }]
Step 12
Example:
RP/0/RSP0/CPU0:router# show isis interface
GigabitEthernet 0/1/0/1 brief
show isis [ instance instance-id ] neighbors [ interface-type (Optional) Displays information about IS-IS neighbors.
interface-instance ] [summary ] [ detail ] [systemid system-id
]
Step 13
Example:
RP/0/RSP0/CPU0:router# show isis neighbors summary
Setting SPF Interval for a Single-Topology IPv4 and IPv6 Configuration
This task explains how to make adjustments to the SPF calculation to tune router performance. This task is
optional.
Because the SPF calculation computes routes for a particular topology, the tuning attributes are located in the
router address family configuration submode. SPF calculation computes routes for Level 1 and Level 2
separately.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 249
Implementing IS-IS on Cisco ASR 9000 Series Router
Setting SPF Interval for a Single-Topology IPv4 and IPv6 ConfigurationWhen IPv4 and IPv6 address families are used in a single-topology mode, only a single SPF for the IPv4
topology exists. The IPv6 topology borrows the IPv4 topology; therefore, no SPF calculation is required
for IPv6. To tune the SPF calculation parameters for single-topology mode, configure the address-family
ipv4 unicast command.
The incremental SPF algorithm can be enabled separately. When enabled, the incremental shortest path first
(ISPF) is not employed immediately. Instead, the full SPF algorithm is used to seed the state information
required for the ISPF to run. The startup delay prevents the ISPF from running for a specified interval after
an IS-IS restart (to permit the database to stabilize). After the startup delay elapses, the ISPF is principally
responsible for performing all of the SPF calculations. The reseed interval enables a periodic running of the
full SPF to ensure that the iSFP state remains synchronized.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. address-family { ipv4 | ipv6 } [ unicast | multicast ]
4. spf-interval {[ initial-wait initial | secondary-wait secondary | maximum-wait maximum ] ...}
[ level { 1 | 2 }]
5. ispf [ level { 1 | 2 }]
6. Do one of the following:
end
commit
7. show isis [ instance instance-id ] [[ ipv4 | ipv6 | afi-all ] [ unicast | multicast | safi-all ]] spf-log
[ level { 1 | 2 }] [ ispf | fspf | prc | nhc ] [ detail | verbose ] [ last number | first number ]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing instance, and
places the router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis isp
Step 2
You can change the level of routing to be performed by
a particular routing instance by using the is-type router
configuration command.
Specifies the IPv4or IPv6 address family, and enters router
address family configuration mode.
address-family { ipv4 | ipv6 } [ unicast | multicast ]
Example:
RP/0/RSP0/CPU0:router(config-isis)#address-family
ipv4 unicast
Step 3
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
250 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Setting SPF Interval for a Single-Topology IPv4 and IPv6 ConfigurationCommand or Action Purpose
(Optional) Controlsthe minimum time between successive SPF
calculations.
spf-interval {[ initial-wait initial | secondary-wait
secondary | maximum-wait maximum ] ...} [ level { 1
| 2 }]
Step 4
This value imposes a delay in the SPF computation after
an event trigger and enforces a minimum elapsed time
between SPF runs.
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
spf-interval initial-wait 10 maximum-wait 30
If this value is configured too low, the router can lose too
many CPU resources when the network is unstable.
Configuring the value too high delays changes in the
network topology that result in lost packets.
The SPF interval does not apply to the running of the
ISPF because that algorithm runs immediately on
receiving a changed LSP.
(Optional) Configures incremental IS-IS ISPF to calculate
network topology.
ispf [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# ispf
Step 5
Step 6 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-af)# commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
(Optional) Displays how often and why the router has run a
full SPF calculation.
show isis [ instance instance-id ] [[ ipv4 | ipv6 | afi-all
] [ unicast | multicast | safi-all ]] spf-log [ level { 1 |
2 }] [ ispf | fspf | prc | nhc ] [ detail | verbose ] [ last
number | first number ]
Step 7
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 251
Implementing IS-IS on Cisco ASR 9000 Series Router
Setting SPF Interval for a Single-Topology IPv4 and IPv6 ConfigurationCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router# show isis instance 1
spf-log ipv4
Customizing Routes for IS-IS
This task explains how to perform route functions that include injecting default routes into your IS-IS routing
domain and redistributing routes learned in another IS-IS instance. This task is optional.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. set-overload-bit [ on-startup { delay | wait-for-bgp }] [ level { 1 | 2 }]
4. address-family { ipv4 | ipv6 } [ unicast | multicast ]
5. default-information originate [ route-policy route-policy-name ]
6. redistribute isis instance [ level-1 | level-2 | level-1-2 ] [ metric metric ] [ metric-type { internal
| external }] [ policy policy-name ]
7. Do one of the following:
summary-prefix address / prefix-length [ level { 1 | 2 }]
summary-prefix ipv6-prefix / prefix-length [ level { 1 | 2 }]
8. maximum-paths route-number
9. distance weight [ address / prefix-length [ route-list-name ]]
10. set-attached-bit
11. Do one of the following:
end
commit
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
252 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Customizing Routes for IS-ISDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing process, and places the
router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis
isp
Step 2
By default, all IS-IS instances are automatically Level 1 and
Level 2. You can change the level of routing to be performed by
a particular routing instance by using the is-type command.
set-overload-bit [ on-startup { delay | (Optional) Sets the overload bit.
wait-for-bgp }] [ level { 1 | 2 }]
Step 3
The configured overload bit behavior does not apply to NSF
restarts because the NSF restart does not set the overload bit
during restart.
Note
Example:
RP/0/RSP0/CPU0:router(config-isis)#
set-overload-bit
Specifies the IPv4 or IPv6 address family, and enters router address
family configuration mode.
address-family { ipv4 | ipv6 } [ unicast |
multicast ]
Example:
RP/0/RSP0/CPU0:router(config-isis)#
address-family ipv4 unicast
Step 4
(Optional) Injects a default IPv4 or IPv6 route into an IS-IS routing
domain.
default-information originate [ route-policy
route-policy-name ]
Step 5
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
default-information originate
The route-policy keyword and route-policy-name argument
specify the conditions under which the IPv4 or IPv6 default route
is advertised.
If the route-policy keyword is omitted, then the IPv4 or IPv6
default route is unconditionally advertised at Level 2.
(Optional) Redistributes routes from one IS-IS instance into another
instance.
redistribute isis instance [ level-1 | level-2 |
level-1-2 ] [ metric metric ] [ metric-type {
internal | external }] [ policy policy-name ]
Step 6
In this example, an IS-IS instance redistributes Level 1 routes
from another IS-IS instance.
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
redistribute isis 2 level-1
(Optional) Allows a Level 1-2 router to summarize Level 1 IPv4 and
IPv6 prefixes at Level 2, instead of advertising the Level 1 prefixes
directly when the router advertises the summary.
Step 7 Do one of the following:
summary-prefix address / prefix-length
[ level { 1 | 2 }]
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 253
Implementing IS-IS on Cisco ASR 9000 Series Router
Customizing Routes for IS-ISCommand or Action Purpose
This example specifies an IPv4 address and mask.
summary-prefix ipv6-prefix / prefix-length
[ level { 1 | 2 }]
or
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
summary-prefix 10.1.0.0/16 level 1
This example specifies an IPv6 prefix, and the command must
be in the form documented in RFC 2373 in which the address is
specified in hexadecimal using 16-bit values between colons.
Note that IPv6 prefixes must be configured only in the IPv6
router address family configuration submode, and IPv4 prefixes
in the IPv4 router address family configuration submode.
or
RP/0/RSP0/CPU0:router(config-isis-af)#
summary-prefix 3003:xxxx::/24 level 1
(Optional) Configuresthe maximum number of parallel paths allowed
in a routing table.
maximum-paths route-number
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
maximum-paths 16
Step 8
(Optional) Defines the administrative distance assigned to routes
discovered by the IS-IS protocol.
distance weight [ address / prefix-length [
route-list-name ]]
Step 9
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
distance 90
A different administrative distance may be applied for IPv4 and
IPv6.
(Optional) Configures an IS-IS instance with an attached bit in the
Level 1 LSP.
set-attached-bit
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
set-attached-bit
Step 10
Step 11 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-af)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
254 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Customizing Routes for IS-ISCommand or Action Purpose
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring MPLS LDP IS-IS Synchronization
This task explains how to enable Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP)
IS-IS synchronization. MPLS LDP synchronization can be enabled for an address family under interface
configuration mode. Only IPv4 unicast address family is supported. This task is optional.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. interface type interface-path-id
4. address-family ipv4 unicast
5. mpls ldp sync [ level { 1 | 2 }]
6. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
EnablesIS-IS routing for the specified routing process, and places
the router in router configuration mode.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis isp
Step 2
By default, all IS-IS instances are automatically Level 1
and Level 2. You can change the level of routing to be
performed by a particular routing instance by using the
is-type command.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 255
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring MPLS LDP IS-IS SynchronizationCommand or Action Purpose
interface type interface-path-id Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-isis)# interface
GigabitEthernet 0/1/0/3
Step 3
Specifiesthe IPv4 addressfamily and entersrouter addressfamily
configuration mode.
address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
address-family ipv4 unicast
Step 4
Enables MPLS LDP synchronization for the IPv4 address family
under interface GigabitEthernet 0/1/0/3.
mpls ldp sync [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)# mpls
ldp sync level 1
Step 5
Step 6 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-if-af)#
commit
? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commitcommand to save the configuration changes
to the running configuration file and remain within the
configuration session.
Enabling Multicast-Intact
This optional task describes how to enable multicast-intact for IS-IS routes that use IPv4 and IPv6 addresses.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
256 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Enabling Multicast-IntactSUMMARY STEPS
1. configure
2. router isis instance-id
3. address-family { ipv4 | ipv6 } [ unicast | multicast ]
4. mpls traffic-eng multicast-intact
5. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing process, and places
the router in router configuration mode. In this example, the IS-IS
instance is called isp.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis
isp
Step 2
Specifies the IPv4 or IPv6 address family, and enters router address
family configuration mode.
address-family { ipv4 | ipv6 } [ unicast |
multicast ]
Example:
RP/0/RSP0/CPU0:router(config-isis)#
address-family ipv4 unicast
Step 3
mpls traffic-eng multicast-intact Enables multicast-intact.
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# mpls
traffic-eng multicast-intact
Step 4
Step 5 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# end
exiting(yes/no/cancel)?[cancel]:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 257
Implementing IS-IS on Cisco ASR 9000 Series Router
Enabling Multicast-IntactCommand or Action Purpose
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-af)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Tagging IS-IS Interface Routes
This optional task describes how to associate a tag with a connected route of an IS-IS interface.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. address-family { ipv4 | ipv6 } [ unicast | multicast ]
4. metric-style wide [ transition ] [ level { 1 | 2 }]
5. exit
6. interface type number
7. address-family { ipv4 | ipv6 } [ unicast | multicast ]
8. tag tag
9. Do one of the following:
end
commit
10. show isis [ ipv4 | ipv6 | afi-all ] [ unicast | multicast | safi-all ] route [ detail ]
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
258 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Tagging IS-IS Interface RoutesDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing process, and
placesthe router in router configuration mode. In this example,
the IS-IS instance is called isp.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis isp
Step 2
Specifies the IPv4 or IPv6 address family, and enters router
address family configuration mode.
address-family { ipv4 | ipv6 } [ unicast | multicast
]
Example:
RP/0/RSP0/CPU0:router(config-isis)#
address-family ipv4 unicast
Step 3
Configures a router to generate and accept only wide link
metrics in the Level 1 area.
metric-style wide [ transition ] [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
metric-style wide level 1
Step 4
Exits router address family configuration mode, and returns the
router to router configuration mode.
exit
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# exit
Step 5
interface type number Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-isis)# interface
GigabitEthernet 0/1/0/3
Step 6
Specifies the IPv4 or IPv6 address family, and enters address
family configuration mode.
address-family { ipv4 | ipv6 } [ unicast | multicast
]
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
address-family ipv4 unicast
Step 7
Sets the value of the tag to associate with the advertised
connected route.
tag tag
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)# tag
3
Step 8
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 259
Implementing IS-IS on Cisco ASR 9000 Series Router
Tagging IS-IS Interface RoutesCommand or Action Purpose
Step 9 Do one of the following: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
commit
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-if-af)#
commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Displays tag information. Verify that all tags are present in the
RIB.
show isis [ ipv4 | ipv6 | afi-all ] [ unicast |
multicast | safi-all ] route [ detail ]
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)# show
isis ipv4 route detail
Step 10
Setting the Priority for Adding Prefixes to the RIB
This optional task describes how to set the priority (order) for which specified prefixes are added to the RIB.
The prefixes can be chosen using an access list (ACL), prefix list, or by matching a tag value.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
260 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Setting the Priority for Adding Prefixes to the RIBSUMMARY STEPS
1. configure
2. router isis instance-id
3. address-family { ipv4 | ipv6 } [ unicast | multicast ]
4. metric-style wide [ transition ] [ level { 1 | 2 }]
5. spf prefix-priority [ level { 1 | 2 }] { critical | high | medium } { access-list-name | tag tag }
6. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing process, and places
the router in router configuration mode. In this example, the IS-IS
instance is called isp.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis
isp
Step 2
Specifies the IPv4 or IPv6 address family, and enters router address
family configuration mode.
address-family { ipv4 | ipv6 } [ unicast |
multicast ]
Example:
RP/0/RSP0/CPU0:router(config-isis)#
address-family ipv4 unicast
Step 3
Configures a router to generate and accept only wide-link metrics
in the Level 1 area.
metric-style wide [ transition ] [ level { 1 | 2 }]
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
metric-style wide level 1
Step 4
spf prefix-priority [ level { 1 | 2 }] { critical | Installs all routes tagged with the value 3 first.
high | medium } { access-list-name | tag tag }
Step 5
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# spf
prefix-priority high tag 3
Step 6 Do one of the following: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 261
Implementing IS-IS on Cisco ASR 9000 Series Router
Setting the Priority for Adding Prefixes to the RIBCommand or Action Purpose
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
end
commit
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# end
exiting(yes/no/cancel)?[cancel]:
? Entering yessaves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-af)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Configuring IP/LDP Fast Reroute
This optional task describes how to enable the IP/LDP fast reroute computation to converge traffic flows
around link failures.
To enable node protection on broadcast links, fast reroute and bidirectional forwarding detection (BFD)
must be enabled on the interface under IS-IS.
Note
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
262 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring IP/LDP Fast RerouteSUMMARY STEPS
1. configure
2. router isis instance-id
3. interface type interface-path-id
4. circuit-type { level-1 | level-1-2 | level-2-only }
5. address-family { ipv4 | ipv6 } [ unicast | multicast ]
6. fast-reroute {per-link | per-prefix}
7. Do one of the following:
fast-reroute per-link { level { 1 | 2 }}
fast-reroute per-prefix { level { 1 | 2 }}
8. Do one of the following:
fast-reroute per-link exclude interface type interface-path-id { level { 1 | 2 }}
fast-reroute per-prefix exclude interface type interface-path-id { level { 1 | 2 }}
9. Do one of the following:
fast-reroute per-link lfa-candidate interface type interface-path-id { level { 1 | 2 }}
fast-reroute per-prefix lfa-candidate interface type interface-path-id { level { 1 | 2 }}
10. Do one of the following:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables IS-IS routing for the specified routing process,
and places the router in router configuration mode. In
this example, the IS-IS instance is called isp.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis isp
Step 2
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 263
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring IP/LDP Fast RerouteCommand or Action Purpose
interface type interface-path-id Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-isis)# interface POS
0/1/0/3
Step 3
circuit-type { level-1 | level-1-2 | level-2-only } (Optional) Configures the type of adjacency.
Example:
RP/0/RSP0/CPU0:router(config-isis-if)# circuit-type
level-1
Step 4
Specifies the address family, and enters router address
family configuration mode.
address-family { ipv4 | ipv6 } [ unicast | multicast ]
Example:
RP/0/RSP0/CPU0:router(config-isis-if)# address-family
ipv4 unicast
Step 5
This example specifies the unicast IPv4 address
family.
Specifies fast-reroute computation on per-link or
per-prefix basis.
fast-reroute {per-link | per-prefix}
Example:
RP/0/RSP0/CPU0:router8(config-isis-if-af)#
fast-reroute per-link
Step 6
per-linkUsed for prefix independent per-link
computation.
per-prefixUsed for prefix dependent
computation.
Configures fast-reroute per-link or per-prefix
computation for one level; use either level 1 or level 2.
Step 7 Do one of the following:
fast-reroute per-link { level { 1 | 2 }}
fast-reroute per-prefix { level { 1 | 2 }}
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)#fast-reroute
per-link level 1
Or
RP/0/RSP0/CPU0:router(config-isis-if-af)#fast-reroute
per-prefix level 2
Step 8 Do one of the following: Excludes an interface from fast-reroute computation.
fast-reroute per-link exclude interface type
interface-path-id { level { 1 | 2 }}
fast-reroute per-prefix exclude interface type
interface-path-id { level { 1 | 2 }}
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
264 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring IP/LDP Fast RerouteCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)#fast-reroute
per-link exclude interface Loopback0 level 1
Or
RP/0/RSP0/CPU0:router(config-isis-if-af)#fast-reroute
per-prefix exclude interface POS0/6/0/0 level 2
Configures to include an interface to LFA candidate in
fast-reroute computation.
Step 9 Do one of the following:
fast-reroute per-link lfa-candidate interface type
interface-path-id { level { 1 | 2 }}
fast-reroute per-prefix lfa-candidate interface type
interface-path-id { level { 1 | 2 }}
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)#fast-reroute
per-link lfa-candidate interface MgmtEth0/RP0/CPU0/0
level 1
Or
RP/0/RSP0/CPU0:router(config-isis-if-af)#fast-reroute
per-prefix lfa-candidate interface
MgmtEth0/RP1/CPU0/0 level 2
Step 10 Do one of the following: Saves configuration changes.
end When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
commit
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)# end
before exiting(yes/no/cancel)?[cancel]:
or
RP/0/RSP0/CPU0:router(config-isis-af)# commit
? Entering yes saves configuration changes to
the running configuration file, exits the
configuration session, and returns the router
to EXEC mode.
? Entering no exits the configuration session
and returnsthe router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the
current configuration session without exiting
or committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and
remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 265
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring IP/LDP Fast RerouteCommand or Action Purpose
Configuring IS-IS Overload Bit Avoidance
This task describes how to activate IS-IS overload bit avoidance.
Before You Begin
The IS-IS overload bit avoidance feature is valid only on networks that support the following Cisco IOS XR
features:
MPLS
IS-IS
SUMMARY STEPS
1. configure
2. mpls traffic-eng path-selection ignore overload
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng path-selection ignore overload Activates IS-IS overload bit avoidance.
Example:
RP/0/RSP0/CPU0:router(config)# mpls traffic-eng
path-selection ignore overload
Step 2
Configuration Examples for Implementing IS-IS
This section provides the following configuration examples:
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
266 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring IS-IS Overload Bit AvoidanceConfiguring Single-Topology IS-IS for IPv6: Example
The following example shows single-topology mode being enabled. An IS-IS instance is created, the NET is
defined, IPv6 is configured along with IPv4 on an interface, and IPv4 link topology is used for IPv6.
This configuration allows POS interface 0/3/0/0 to form adjacencies for both IPv4 and IPv6 addresses.
router isis isp
net 49.0000.0000.0001.00
address-family ipv6 unicast
single-topology
interface POS0/3/0/0
address-family ipv4 unicast
!
address-family ipv6 unicast
!
exit
!
interface POS0/3/0/0
ipv4 address 10.0.1.3 255.255.255.0
ipv6 address 2001::1/64
Configuring Multitopology IS-IS for IPv6: Example
The following example shows multitopology IS-IS being configured in IPv6.
router isis isp
net 49.0000.0000.0001.00
interface POS0/3/0/0
address-family ipv6 unicast
metric-style wide level 1
exit
!
interface POS0/3/0/0
ipv6 address 2001::1/64
Redistributing IS-IS Routes Between Multiple Instances: Example
The following example shows usage of the set- attached-bit and redistribute commands. Two instances,
instance 1 restricted to Level 1 and instance 2 restricted to Level 2, are configured.
The Level 1 instance is propagating routes to the Level 2 instance using redistribution. Note that the
administrative distance is explicitly configured higher on the Level 2 instance to ensure that Level 1 routes
are preferred.
Attached bit is being set for the Level 1 instance since it is redistributing routes into the Level 2 instance.
Therefore, instance 1 is a suitable candidate to get from the area to the backbone.
router isis 1
is-type level-2-only
net 49.0001.0001.0001.0001.00
address-family ipv4 unicast
distance 116
redistribute isis 2 level 2
!
interface GigabitEthernet 0/3/0/0
address-family ipv4 unicast
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 267
Implementing IS-IS on Cisco ASR 9000 Series Router
Configuring Single-Topology IS-IS for IPv6: Example!
!
router isis 2
is-type level-1
net 49.0002.0001.0001.0002.00
address-family ipv4 unicast
set
-attached
-bit
!
interface GigabitEthernet 0/1/0/0
address-family ipv4 unicast
Tagging Routes: Example
The following example shows how to tag routes.
route-policy isis-tag-55
end-policy
!
route-policy isis-tag-555
if destination in (5.5.5.0/24 eq 24) then
set tag 555
pass
else
drop
endif
end-policy
!
router static
address-family ipv4 unicast
0.0.0.0/0 2.6.0.1
5.5.5.0/24 Null0
!
!
router isis uut
net 00.0000.0000.12a5.00
address-family ipv4 unicast
metric-style wide
redistribute static level-1 route-policy isis-tag-555
spf prefix-priority critical tag 13
spf prefix-priority high tag 444
spf prefix-priority medium tag 777
Configuring IS-IS Overload Bit Avoidance: Example
The following example shows how to activate IS-IS overload bit avoidance:
RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# mpls traffic-eng path-selection ignore overload
RP/0/RSP0/CPU0:router(config)#
The following example shows how to deactivate IS-IS overload bit avoidance:
RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# no mpls traffic-eng path-selection ignore overload
RP/0/RSP0/CPU0:router(config)#
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
268 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Tagging Routes: ExampleWhere to Go Next
To implement more IP routing protocols, see the following document modules in Cisco ASR 9000 Series
Aggregation Services Router Routing Configuration Guide:
Implementing OSPF
Implementing BGP
Implementing EIGRP
Implementing RIP
Additional References
The following sections provide references related to implementing IS-IS.
Related Documents
Related Topic Document Title
Cisco ASR 9000 Series Aggregation Services Router
Routing Command Reference
IS-IS commands: complete command syntax,
command modes, command history, defaults, usage
guidelines, and examples
Implementing MPLS Traffic Engineering on Cisco
ASR 9000 Series Router module in Cisco ASR 9000
Series Aggregation Services Router MPLS
Configuration Guide
MPLS TE feature information
Intermediate System-to-Intermediate System (IS-IS)
TLVs at: http://www.cisco.com/en/US/tech/tk365/
technologies_tech_note09186a0080094bbd.shtml
IS-IS TLVs
Cisco ASR 9000 Series Aggregation Services Router
Interface and Hardware Component Configuration
Guide and Cisco ASR 9000 Series Aggregation
Services Router Interface and Hardware Component
Command Reference
Bidirectional Forwarding Detection (BFD)
Standards
Standards Title
Draft-ietf-isis-ipv6-05.txt Routing IPv6 with IS-IS, by Christian E. Hopps
M-ISIS: Multi Topology (MT) Routing in IS-IS, by
Tony Przygienda, Naiming Shen, and Nischal Sheth
Draft-ietf-isis-wg-multi-topology-06.txt
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 269
Implementing IS-IS on Cisco ASR 9000 Series Router
Where to Go NextStandards Title
IS-IS Extensions for Traffic Engineering, by Henk
Smit and Toni Li
Draft-ietf-isis-traffic-05.txt
Restart Signaling for IS-IS, by M. Shand and Les
Ginsberg
Draft-ietf-isis-restart-04.txt
Point-to-point operation over LAN in link-state
routing protocols, by Naiming Shen
Draft-ietf-isis-igp-p2p-over-lan-05.txt
IP Fast Reroute Framework, by M. Shand and S.
Bryant
Draft-ietf-rtgwg-ipfrr-framework-06.txt
A Framework for Loop-free Convergence, by M.
Shand and S. Bryant
Draft-ietf-rtgwg-lf-conv-frmwk-00.txt
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the Cisco
Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
RFCs
RFCs Title
RFC 1142 OSI IS-IS Intra-domain Routing Protocol
Use of OSI IS-IS for Routing in TCP/IP and Dual
Environments
RFC 1195
RFC 2763 Dynamic Hostname Exchange Mechanism for IS-IS
Domain-wide Prefix Distribution with Two-Level
IS-IS
RFC 2966
RFC 2973 IS-IS Mesh Groups
RFC 3277 IS-IS Transient Blackhole Avoidance
Three-Way Handshake for IS-IS Point-to-Point
Adjacencies
RFC 3373
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
270 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Additional ReferencesRFCs Title
RFC 3567 IS-IS Cryptographic Authentication
RFC 4444 IS-IS Management Information Base
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 271
Implementing IS-IS on Cisco ASR 9000 Series Router
Additional References Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
272 OL-26048-02
Implementing IS-IS on Cisco ASR 9000 Series Router
Additional ReferencesC H A P T E R 4
Implementing OSPF on Cisco ASR 9000 Series
Router
Open Shortest Path First (OSPF) is an Interior Gateway Protocol (IGP) developed by the OSPF working
group of the Internet Engineering Task Force (IETF). Designed expressly for IP networks, OSPF supports
IP subnetting and tagging of externally derived routing information. OSPF also allows packet authentication
and uses IP multicast when sending and receiving packets.
OSPF Version 3 (OSPFv3) expands on OSPF Version 2, providing support for IPv6 routing prefixes.
This module describes the concepts and tasks you need to implement both versions of OSPF on your
Cisco ASR 9000 Series Router . The term OSPF? implies both versions of the routing protocol, unless
otherwise noted.
For more information about OSPF on Cisco IOS XR software and complete descriptions of the OSPF
commandslisted in this module,see the Related Documents, on page 378 section of this module. To locate
documentation for other commands that might appear during execution of a configuration task, search
online in the Cisco ASR 9000 Series Aggregation Services Router Commands Master List
Note
Feature History for Implementing OSPF
Release Modification
Release 3.7.2 This feature was introduced.
Support was added for the following features:
OSPFv2 SPF Prefix Prioritization.
IP fast reroute loop-free alternates computation
Warm Standby for OSPF Version 3
Release 3.9.0
Cisco ASR 9000 Series Aggregation Services Router Routing Configuration Guide, Release 4.2.x
OL-26048-02 273
Cisco ASR 9000 Series Aggregation Services Router Netflow
Configuration Guide, Release 4.2.x
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-26127-02© 2012 Cisco Systems, Inc. All rights reserved.C O N T E N T S
P r e f a c e Preface v
Changes to this Document v
Obtaining Documentation and Submitting a Service Request v
C H A P T E R 1 Configuring NetFlow 1
Prerequisites for Configuring NetFlow 2
Restrictions for Configuring NetFlow 2
Information About Configuring NetFlow 2
NetFlow Overview 2
Monitor Map Overview 3
Sampler Map Overview 3
Exporter Map Overview 3
NetFlow Configuration Submodes 4
Flow Exporter Map Configuration Submode 5
Flow Exporter Map Version Configuration Submode 5
Flow Monitor Map Configuration Submode 6
Sampler Map Configuration Submode 6
Enabling the NetFlow BGP Data Export Function 6
MPLS Flow Monitor with IPv4 and IPv6 Support 7
MPLS Cache Reorganization to Support Both IPv4 and IPv6 7
MPLS Packets with IPv6 Flows 7
Destination-based NetFlow Accounting 8
How to Configure NetFlow on Cisco IOS XR Software 9
Configuring an Exporter Map 9
Configuring a Sampler Map 12
Configuring a Monitor Map 14
Applying a Monitor Map and a Sampler Map to an Interface 18
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 iiiClearing NetFlow Data 19
Configuring NetFlow Collection of MPLS Packets with IPv6 Fields 20
Configuring Destination-based NetFlow Accounting 25
Trident Netflow 27
Supported features 27
Punt path policer rate 27
Calculating Punt path policer rate 27
Trident base line cards supported features 28
Configuration Examples for NetFlow 28
Sampler Map: Example 28
Exporter Map: Example 28
Flow Monitor Map: Examples 29
MPLS Flow Monitor with IPv4 and IPv6 Support: Examples 30
Destination-based NetFlow Accounting: Example 30
Additional References 31
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
iv OL-26127-02
ContentsPreface
This guide describes the Cisco IOS XR Netflow configurations. The preface for the Cisco ASR 9000 Series
Aggregation Services Router Netflow Configuration guide contains the following sections
Changes to this Document, page v
Obtaining Documentation and Submitting a Service Request, page v
Changes to this Document
This table lists the changes made to this document since it was first printed
Revision Date Change Summary
Republished with documentation
updates for Cisco IOS XR Release
4.2.1
OL-26127-02 June 2012
OL-26127-01 December 2011 Initial release of this document.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation,submitting a service request, and gathering additional information,
see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco
technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 v Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
vi OL-26127-02
Preface
Obtaining Documentation and Submitting a Service RequestC H A P T E R 1
Configuring NetFlow
This module describes the configuration of NetFlow .
A NetFlow flow is a unidirectional sequence of packets that arrive on a single interface (or subinterface),
and have the same values for key fields.
NetFlow is useful for the following:
Accounting/BillingNetFlow data provides fine grained metering for highly flexible and detailed
resource utilization accounting.
Network Planning and AnalysisNetFlow data provides key information forstrategic network planning.
Network MonitoringNetFlow data enables near real-time network monitoring capabilities.
Feature History for Configuring NetFlow
Release Modification
Release 3.9.1 This feature was introduced.
Release 4.0.0 IPv6 Sampled NetFlow feature was introduced.
Release 4.2.0 Destination-based Netflow Accounting feature was introduced.
This module includes the following sections:
Prerequisites for Configuring NetFlow, page 2
Restrictions for Configuring NetFlow, page 2
Information About Configuring NetFlow, page 2
How to Configure NetFlow on Cisco IOS XR Software, page 9
Configuration Examples for NetFlow, page 28
Additional References, page 31
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 1Prerequisites for Configuring NetFlow
To perform these configuration tasks, your Cisco IOS XR software system administrator must assign you to
a user group associated with a task group that includes the corresponding command task IDs. If you need
assistance with your task group assignment, contact your system administrator.
Restrictions for Configuring NetFlow
Consider the following restrictions when configuring NetFlow in Cisco IOS XR software:
You must configure a source interface. If you do not configure a source interface, the exporter will
remain in a disabled state.
Supports export format Version 9 only.
You must configure a valid record map name for every flow monitor map.
We recommend that you do not use the management interface to export NetFlow packets. Exporting the
management interface does not work efficiently.
Tip
Information About Configuring NetFlow
To implement NetFlow, you must understand the following concepts:
NetFlow Overview
A flow is exported as part of a NetFlow export User Datagram Protocol (UDP) datagram under the following
circumstances:
The flow has been inactive or active for too long.
The flow cache is getting full.
One of the counters (packets and or bytes) has wrapped.
The user forces the flow to export.
NetFlow export UDP datagrams are sent to an external flow collector device that provides NetFlow export
data filtering and aggregation. The export of data consists of expired flows and control information.
The NetFlow infrastructure is based on the configuration and use of the following maps:
Monitor map
Sampler map
Exporter map
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
2 OL-26127-02
Configuring NetFlow
Prerequisites for Configuring NetFlowThese maps are described in the sections that follow.
Monitor Map Overview
A monitor map contains name references to the flow record map and flow exporter map. Monitor maps are
applied to an interface. You can configure the following monitor map attributes:
Number of entries in the flow cache
Type of cache (permanent or normal). Permanent caches do not have their entries removed from the
cache unless they are explicitly cleared by the user
Active flow timeout
Inactive flow timeout
Update timeout
Default timeouts
Record type of packets sampled and collected
The record name specifiesthe type of packetsthat NetFlow samples asthey passthrough
the router. Currently, MPLS, IPv4, and IPv6 packet sampling is supported.
Note
The active flow and inactive flow timeouts are associated with a normal cache type. The update timeout
is associated with the permanent cache type.
Note
Sampler Map Overview
The sampler map specifies the rate at which packets (one out of n packets) are sampled. On high bandwidth
interfaces, applying NetFlow processing to every single packet can result in significant CPU utilization.
Sampler map configuration is typically geared towards such high speed interfaces.
The Policer rate is based on the network processor (NP). If netflow is applied on 1 NP, the aggregated maximum
flow packet processing rate per line card (LC) is 100k flow packets per second (irrespective of the direction
and the number of interface netflow that is applied in that NP). However, depending on the Netflow monitor
configuration distribution among NPs in an LC, policing of flow packet can take effect with an aggregated
rate that is less than 100k. For example, if Netflow is applied to 1 interface per NP in a 4 NP LC, then the
Policer rate per NP is 25K packets per second.
Exporter Map Overview
An exporter map contains user network specification and transport layer detailsfor the NetFlow export packet.
The flow exporter-map command allows you to configure collector and version attributes. You can configure
the following collector information:
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 3
Configuring NetFlow
Monitor Map Overview Export destination IP address
DSCP value for export packet
Source interface
UDP port number (This is where the collector is listening for NetFlow packets.)
Transport protocol for export packets
Note In Cisco IOS XR Software, UDP is the only supported transport protocol for export packets.
NetFlow export packets use the IP address that is assigned to the source interface. If the source interface
does not have an IP address assigned to it, the exporter will be inactive.
Note
You can also configure the following export version attributes:
Template timeout
Template data timeout
Template options timeout
Interface table timeout
Sampler table timeout
Note A single flow monitor map can support up to eight exporters.
NetFlow Configuration Submodes
In Cisco IOS XR Software, NetFlow map configuration takes place in map-specific submodes. Cisco IOS XR
Software supports the following NetFlow map configuration submodes:
The Cisco IOS XR Software allows you to issue most commands available under submodes as one single
command string from global configuration mode. For example, you can issue the record ipv4 command
from the flow monitor map configuration submode as follows:
Note
RP/0/RSP0/CPU0:router(config)# flow monitor-map fmm
RP/0/RSP0/CPU0:router(config-fmm)# record ipv4
Alternatively, you can issue the same command from global configuration mode, as shown in the following
example:
RP/0/RSP0/CPU0:router(config)# flow monitor-map fmm record ipv4
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
4 OL-26127-02
Configuring NetFlow
NetFlow Configuration SubmodesFlow Exporter Map Configuration Submode
When you issue the flow exporter-map fem-name command in global configuration mode, the command-line
interface (CLI) prompt changes to config-fem, indicating that you have entered the flow exporter map
configuration submode.
In the following sample output, the question mark (?) online help function displays all the commands available
under the flow exporter map configuration submode:
RP/0/RSP0/CPU0:router(config)# flow exporter-map fem
RP/0/RSP0/CPU0:router(config-fem)# ?
clear Clear the uncommitted configuration
clear Clear the configuration
commit Commit the configuration changes to running
describe Describe a command without taking real actions
destination Export destination configuration
do Run an exec command
dscp Specify DSCP value for export packets
exit Exit from this submode
no Negate a command or set its defaults
pwd Commands used to reach current submode
root Exit to the global configuration mode
show Show contents of configuration
source Source interface
transport Specify the transport protocol for export packets
version Specify export version parameters
Note If you enter the version command, you enter the flow exporter map version configuration submode.
Note A single flow monitor map can support up to eight exporters.
Flow Exporter Map Version Configuration Submode
When you issue the version v9 command in the flow exporter map configuration submode, the CLI prompt
changes to config-fem-ver, indicating that you have entered the flow exporter map version configuration
submode.
In the following sample output, the question mark (?) online help function displays all the commands available
under the flow exporter map version configuration submode:
RP/0/RSP0/CPU0:router(config-fem)# version v9
RP/0/RSP0/CPU0:router(config-fem-ver)# ?
commit Commit the configuration changes to running
describe Describe a command without taking real actions
do Run an exec command
exit Exit from this submode
no Negate a command or set its defaults
options Specify export of options template
show Show contents of configuration
template Specify template export parameters
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 5
Configuring NetFlow
NetFlow Configuration SubmodesFlow Monitor Map Configuration Submode
When you issue the flow monitor-map map_name command in global configuration mode, the CLI prompt
changes to config-fmm, indicating that you have entered the flow monitor map configuration submode.
In the following sample output, the question mark (?) online help function displays all the commands available
under the flow monitor map configuration submode:
RP/0/RSP0/CPU0:router(config)# flow monitor-map fmm
RP/0/RSP0/CPU0:router(config-fmm)# ?
cache Specify flow cache attributes
commit Commit the configuration changes to running
describe Describe a command without taking real actions
do Run an exec command
exit Exit from this submode
exporter Specify flow exporter map name
no Negate a command or set its defaults
record Specify a flow record map name
show Show contents of configuration
Sampler Map Configuration Submode
When you issue the sampler-map map_name command in global configuration mode, the CLI prompt changes
to config-sm, indicating that you have entered the sampler map configuration submode.
In the following sample output, the question mark (?) online help function displays all the commands available
under the sampler map configuration submode:
RP/0/RSP0/CPU0(config)# sampler-map fmm
RP/0/RSP0/CPU0:router(config-sm)# ?
clear Clear the uncommitted configuration
clear Clear the configuration
commit Commit the configuration changes to running
describe Describe a command without taking real actions
do Run an exec command
exit Exit from this submode
no Negate a command or set its defaults
pwd Commands used to reach current submode
random Use random mode for sampling packets
root Exit to the global configuration mode
show Show contents of configuration
RP/0/RSP0/CPU0(config-sm)#RP/0/RP0/CP0:router(config-sm)#
Enabling the NetFlow BGP Data Export Function
Use the bgp attribute-download command to enable NetFlow BGP routing attribute collection. The routing
attributes are then exported. When no routing attributes are collected, zeroes (0) are exported.
When BGP attribute download is enabled, BGP downloads the attribute information for prefixes (community,
extended community, and as-path) to the Routing Information Base (RIB) and Forwarding Information Base
(FIB). This enables FIB to associate the prefixes with attributes and send the NetFlow statistics along with
the associated attributes.
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
6 OL-26127-02
Configuring NetFlow
NetFlow Configuration SubmodesMPLS Flow Monitor with IPv4 and IPv6 Support
Cisco IOS XR Software supports the NetFlow collection of MPLS packets. It also supports the NetFlow
collection of MPLS packets carrying IPv4, IPv6, or both IPv4 and IPv6 payloads.
MPLS Cache Reorganization to Support Both IPv4 and IPv6
In Cisco IOS XR Software, at a time, you can have only one MPLS flow monitor running on an interface. If
you apply an additional MPLS flow monitor to the interface, the new flow monitor overwrites the existing
one.
At a time, you can apply only one flow monitor on an interface per direction. You can apply either the same
flow monitor to an interface in both directions, or each direction can have its own flow monitor.
You can configure the MPLS flow monitor to collect IPv4 fields, IPv6 fields, or IPv4-IPv6 fields. IPv4-IPv6
configuration collects both IPv4 and IPv6 addresses using one MPLS flow monitor. IPv4 configuration collects
only IPv4 addresses. IPv6 configuration collects only IPv6 addresses.
The MPLS flow monitor supports up to 1,000,000 cache entries. NetFlow entries include the following types
of fields:
IPv4 fields
IPv6 fields
MPLS with IPv4 fields
MPLS with IPv6 fields
The maximum number of bytes per NetFlow cache entry is as follows:
IPv488 bytes per entry
MPLS88 bytes per entry
IPv6108 bytes per entry
MPLS with IPv4 fields108 bytes per entry
MPLS with IPv6 fields128 bytes per entry
The different types of NetFlow entries are stored in separate caches. Consequently, the number of NetFlow
entries on a line card can significantly impact the amount of available memory on the line card. Also, even
though the sampling rate for IPv6 is the same as the sampling rate for IPv4, the CPU utilization for IPv6
is higher due to the longer keys used by the IPv6 fields.
Note
MPLS Packets with IPv6 Flows
The collection of IPv6 flows in MPLS packets is an option. The CPU uses 128 bytes for each IPv6 field. IPv6
flows may contain the following types of information:
Source IP address
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 7
Configuring NetFlow
MPLS Flow Monitor with IPv4 and IPv6 Support Destination IP address
Traffic class value
Layer 4 protocol number
Layer 4 source port number
Layer 4 destination port number
Flow ID
Header option mask
To collect the IPv6 fields in MPLS packets, you must activate the MPLS record type, ipv6-fields by running
the record mpls ipv6-fields command. You can also specify the number of labels to be used for aggregation
with this command.
Destination-based NetFlow Accounting
Destination-based NetFlow accounting (DBA) is a usage-based billing application that tracks and records
traffic according to its destination and enables service providers to do destination-specific accounting and
billing. The destination-based NetFlow accounting record includes the destination peer autonomous system
(AS) number and the BGP next-hop IP address.
DBA is supported on ASR9000 Gigabit Ethernet and ASR9000 Enhanced Gigabit Ethernet linecards.
In destination-based NetFlow accounting, the following fields are collected and exported:
Destination peer AS number
BGP next-hop IP address
Ingress interface
Egress interface
Forwarding status
Incoming IPv4 TOS
Counter of packets in the flow
Counter of bytes in the flow
Timestamp for the first and last packets in the flow
Destination-based NetFlow accounting supports the following features:
Only IPv4 addresses
Configuration on physical interfaces, bundle interfaces, and logical subinterfaces
IPv4 unicast and multicast traffic
Only ingress traffic
Only full mode NetFlow
NetFlow export format Version 9 over User Datagram Protocols (UDPs)
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
8 OL-26127-02
Configuring NetFlow
Destination-based NetFlow AccountingDestination-based NetFlow accounting does not support the following features :
IPv6 addresses
MPLS IPv4 and IPv6
Configuration for individual Modular QoS Command-Line Interface (MQC) classes
Simultaneous configuration of destination-based NetFlow accounting with IPv4 sampled NetFlow on
the same interface, in the same direction.
Layer 2 switched MPLS traffic
Egress traffic
Sampled mode NetFlow
NetFlow export formats version 5, version 8, IP Flow Information Export (IPFIX), or Stream Control
Transmission Protocol (SCTP).
How to Configure NetFlow on Cisco IOS XR Software
The steps that follow provide a general overview of NetFlow configuration:
SUMMARY STEPS
1. Create and configure an exporter map.
2. Create and configure a monitor map and a sampler map.
3. Apply the monitor map and sampler map to an interface.
DETAILED STEPS
Step 1 Create and configure an exporter map.
Step 2 Create and configure a monitor map and a sampler map.
The monitor map must reference the exporter map you created in Step 1. If you do not apply an exporter-map
to the monitor-map, the flow records are not exported, and aging is done according to the cache parameters
specified in the monitor-map.
Note
Step 3 Apply the monitor map and sampler map to an interface.
These steps are described in detail in the following sections:
Configuring an Exporter Map
Configure an exporter map and apply it to the monitor map with the flow monitor-map map_name exporter
map_name command. You can configure the exporter map prior to configuring the monitor map, or you can
configure the monitor map first and then configure and apply an exporter map later on.
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 9
Configuring NetFlow
How to Configure NetFlow on Cisco IOS XR SoftwareNote Cisco IOS XR Software supports the configuration of a single collector only in the exporter map.
The steps that follow describe how to create and configure an exporter map.
SUMMARY STEPS
1. configure
2. flow exporter-map map_name
3. destination hostname_or_IP_address
4. dscp dscp_value
5. source type interface-path-id
6. transport udp port
7. version v9
8. options {interface-table | sampler-table} [timeout seconds]
9. template [data | options] timeout seconds
10. Use one of these commands:
end
commit
11. exit
12. exit
13. show flow exporter-map map_name
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Creates an exporter map, configures the exporter map name, and
enters flow exporter map configuration mode.
flow exporter-map map_name
Example:
RP/0/RSP0/CPU0:router(config)# flow
exporter-map fem
Step 2
Configures the export destination for the flow exporter map. The
destination can be a hostname or an IP address.
destination hostname_or_IP_address
Example:
RP/0/RSP0/CPU0:router(config-fem)#
destination nnn.nnn.nnn.nnn
Step 3
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
10 OL-26127-02
Configuring NetFlow
Configuring an Exporter MapCommand or Action Purpose
(Optional) Specifies the differentiated services codepoint (DSCP)
value for export packets. Replace the dscp_value argument with a
value in the range from 0 through 63.
dscp dscp_value
Example:
RP/0/RSP0/CPU0:router(config-fem)# dscp 55
Step 4
source type interface-path-id Specifies a source interface, in the format type interface-path-id.
Example:
RP/0/RSP0/CPU0:router(config-fem)# source
gigabitEthernet 0/0/0/0
Step 5
(Optional) Specifiesthe destination port for UDP packets. Replace
port with the destination UDP port value, in the range from 1024
through 65535.
transport udp port
Example:
RP/0/RSP0/CPU0:router(config-fem)#
transport udp 9991
Step 6
(Optional) Enters flow exporter map version configuration
submode.
version v9
Example:
RP/0/RSP0/CPU0:router(config-fem-ver)#
version v9
Step 7
(Optional) Configures the export timeout value for the sampler
table. Replace seconds with the export timeout value, in the range
from 1 through 604800 seconds.
options {interface-table | sampler-table}
[timeout seconds]
Example:
RP/0/RSP0/CPU0:router(config-fem-ver)#
options sampler-table timeout 2000
Step 8
Default is 1800 seconds.
(Optional) Configures the export period for data packets. Replace
seconds with the export timeout value, in the range from 1 through
604800 seconds.
template [data | options] timeout seconds
Example:
RP/0/RSP0/CPU0:router(config-fem-ver)#
template data timeout 10000
Step 9
Step 10 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 11
Configuring NetFlow
Configuring an Exporter MapCommand or Action Purpose
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
exit Exits flow exporter map version configuration submode.
Example:
RP/0/RSP0/CPU0:router(config-fem-ver)# exit
Step 11
exit Enters EXEC mode.
Example:
RP/0/RSP0/CPU0:router(config)# exit
Step 12
show flow exporter-map map_name Displays exporter map data.
Example:
RP/0/RSP0/CPU0:router# show flow
exporter-map fem
Step 13
Configuring a Sampler Map
The steps that follow describe how to create and configure a sampler map.
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
12 OL-26127-02
Configuring NetFlow
Configuring a Sampler MapSUMMARY STEPS
1. configure
2. sampler-map map_name
3. random 1 out-of sampling_interval
4. Use one of these commands:
end
commit
5. exit
6. exit
7. show sampler-map map_name
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router configure
Step 1
Step 2 sampler-map map_name Creates a sampler map and enters sampler map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)#
Keep the following in mind when configuring a sampler map:
sampler-map sm
RP/0/RSP0/CPU0:router(config-sm)#
Configures the sampling interval to use random mode for sampling
packets. Replace the sampling_interval argument with a number, in
the range from 1 through 65535 units.
random 1 out-of sampling_interval
Example:
RP/0/RSP0/CPU0:router(config-sm)# random
1 out-of 65535
Step 3
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 13
Configuring NetFlow
Configuring a Sampler MapCommand or Action Purpose
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Exits sampler map configuration mode and enters global configuration
mode.
exit
Example:
RP/0/RSP0/CPU0:router(config-sm)# exit
Step 5
exit Exits global configuration mode and enters EXEC mode.
Example:
RP/0/RSP0/CPU0:router(config)# exit
Step 6
show sampler-map map_name Displays sampler map data.
Example:
RP/0/RSP0/CPU0:router# show sampler-map
fsm
Step 7
Configuring a Monitor Map
The steps that follow describe how to create and configure a monitor map.
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
14 OL-26127-02
Configuring NetFlow
Configuring a Monitor MapSUMMARY STEPS
1. configure
2. flow monitor-map map_name
3. Do one of the following:
record ipv4
record ipv4 [peer as]
record ipv6
record mpls [labels number]
record mpls [ipv4-fields] [labels number]
record mpls [ipv6-fields] [labels number]
record mpls [ipv4-ipv6-fields] [labels number]
4. cache entries number
5. cache permanent
6. cache timeout {active timeout_value | inactive timeout_value | update timeout_value}
7. exporter map_name
8. Use one of these commands:
end
commit
9. exit
10. exit
11. show flow monitor-map map_name
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Creates a monitor map and configures a monitor map name and entersflow
monitor map configuration submode.
flow monitor-map map_name
Example:
RP/0/RSP0/CPU0:router(config)# flow
Step 2
monitor-map fmm
RP/0/RSP0/CPU0:router(config-fmm)#
Step 3 Do one of the following: Configures the flow record map name for IPv4, IPv6, or MPLS.
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 15
Configuring NetFlow
Configuring a Monitor MapCommand or Action Purpose
Use the record ipv4 command to configure the flow record map
name for IPv4. By default, you collect and export the originating
autonomous system (AS) numbers.
record ipv4
record ipv4 [peer as]
record ipv6
Use the record ipv4 [peer as] command to record peer AS. Here,
you collect and export the peer AS numbers.
record mpls [labels number]
record mpls [ipv4-fields] [labels
number]
Ensure that the bgp attribute-download command is configured.
Else, no AS is collected when the record ipv4 [peer-as] command
is configured.
Note
record mpls [ipv6-fields] [labels
number]
Use the record ipv6 command to configure the flow record map
name for IPv6.
record mpls [ipv4-ipv6-fields] [labels
number]
Use the record mpls labels command with the number argument to
specify the number of labels that you want to aggregate. By default,
Example:
RP/0/RSP0/CPU0:router(config-fmm)#
record ipv4
MPLS-aware NetFlow aggregates the top six labels of the MPLS
label stack. The maximum value is 6.
Use the record mpls ipv4-fields command to collect IPv4 fields in
the MPLS-aware NetFlow.
Use the record mpls ipv6-fields command to collect IPV6 fields in
the MPLS-aware NetFlow.
Use the record mpls ipv4-ipv6-fields command to collect IPv4 and
IPv6 fields in the MPLS-aware NetFlow.
(Optional) Configures the number of entries in the flow cache. Replace the
number argument with the number of flow entries allowed in the flow
cache, in the range from 4096 through 1000000.
cache entries number
Example:
RP/0/RSP0/CPU0:router(config-fmm)#
cache entries 10000
Step 4
The default number of cache entries is 65535.
cache permanent (Optional) Disables removal of entries from flow cache.
Example:
RP/0/RSP0/CPU0:router(config-fmm)#
flow monitor-map fmm cache permanent
Step 5
(Optional) Configures the active, inactive, or update flow cache timeout
value.
cache timeout {active timeout_value |
inactive timeout_value | update
timeout_value}
Step 6
The default timeout value for the inactive flow cache is 15 seconds.
Example:
RP/0/RSP0/CPU0:router(config-fmm)#
cache timeout inactive 1000
The default timeout value for the active flow cache is 1800 seconds.
The default timeout value for the update flow cache is 1800 seconds.
The update timeout_value keyword argument is used for
permanent caches only. It specifies the timeout value that is used
to export entries from permanent caches. In this case, the entries
are exported but remain the cache.
Note
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
16 OL-26127-02
Configuring NetFlow
Configuring a Monitor MapCommand or Action Purpose
Step 7 exporter map_name Associates an exporter map with a monitor map.
Example:
RP/0/RSP0/CPU0:router(config-fmm)#
exporter fem
A single flow monitor map can support up to eight
exporters.
Note
Step 8 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exitsthe configuration session and returnsthe router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
exit Exits flow monitor map configuration submode.
Example:
RP/0/RSP0/CPU0:router(config-fmm)#
exit
Step 9
exit Exits global configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# exit
Step 10
show flow monitor-map map_name Displays flow monitor map data.
Example:
RP/0/RSP0/CPU0:router# show flow
monitor-map fmm
Step 11
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 17
Configuring NetFlow
Configuring a Monitor MapApplying a Monitor Map and a Sampler Map to an Interface
SUMMARY STEPS
1. configure
2. interface type number
3. flow [ipv4 | ipv6 | mpls] monitor monitor_map sampler sampler_map {egress | ingress}
4. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
interface type number Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# interface
Step 2
gigabitEthernet 0/0/0/0
RP/0/RSP0/CPU0:router(config-if)#
flow [ipv4 | ipv6 | mpls] monitor monitor_map Associates a monitor map and a sampler map with an interface.
sampler sampler_map {egress | ingress}
Step 3
Enter ipv4 to enable IPV4 NetFlow on the specified interface. Enter ipv6
to enable IPV6 NetFlow on the specified interface. Enter mpls to enable
Example: MPLS-aware NetFlow on the specified interface.
RP/0/RSP0/CPU0:router(config-if)# flow
ipv4 monitor fmm sampler fsm egress
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
18 OL-26127-02
Configuring NetFlow
Applying a Monitor Map and a Sampler Map to an InterfaceCommand or Action Purpose
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Clearing NetFlow Data
The steps that follow describe how to clear flow exporter map and flow monitor map data.
SUMMARY STEPS
1. clear flow exporter [exporter_name] {restart | statistics} location node-id
2. clear flow monitor [monitor_name] cache [force-export | statistics] location node-id}
DETAILED STEPS
Command or Action Purpose
clear flow exporter [exporter_name] {restart |statistics} Clears the flow exporter data.
location node-id
Step 1
Specify the statistics option to clear exporter statistics. Specify
the restart option to export all of the templatesthat are currently
Example:
configured on the specified node.
RP/0/RSP0/CPU0:router# clear flow exporter
statistics location 0/0/CPU0
clear flow monitor [monitor_name] cache [force-export Clears the flow monitor data.
| statistics] location node-id}
Step 2
Specify the statistics option to clear cache statistics. Specify
the force-export option to export the data from cache to server
Example:
first and then clear the entries from cache.
RP/0/RSP0/CPU0:router# clear flow monitor cache
force-export location 0/0/CPU0
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 19
Configuring NetFlow
Clearing NetFlow DataConfiguring NetFlow Collection of MPLS Packets with IPv6 Fields
The following steps show how to configure NetFlow collection of MPLS packets with IPv6 fields.
SUMMARY STEPS
1. configure
2. flow exporter-map map_name
3. version v9
4. options {interface-table | sampler-table} [timeout seconds]
5. template [data | options] timeout seconds
6. exit
7. transport udp port
8. source type interface-path-id
9. destination hostname_or_IP_address
10. exit
11. flow monitor-map map_name
12. record mpls [ipv4-ipv6-fields] [labels number]
13. exporter map_name
14. cache entries number
15. cache timeout {active timeout_value | inactive timeout_value | update timeout_value}
16. cache permanent
17. exit
18. sampler-map map_name
19. random 1 out-of sampling_interval
20. exit
21. interface type number
22. flow [ipv4 | ipv6 | mpls] monitor monitor_map sampler sampler_map {egress | ingress}
23. Use one of these commands:
end
commit
24. exit
25. exit
26. show flow monitor-map map_name
27. show flow exporter-map map_name
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
20 OL-26127-02
Configuring NetFlow
Configuring NetFlow Collection of MPLS Packets with IPv6 FieldsDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Creates an exporter map, configures the exporter map name, and
enters flow exporter map configuration mode.
flow exporter-map map_name
Example:
RP/0/RSP0/CPU0:router(config)# flow
Step 2
exporter-map exp1
version v9 (Optional) Entersflow exporter map version configuration submode.
Example:
RP/0/RSP0/CPU0:router(config-fem)# version
Step 3
v9
(Optional) Configures the export timeout value for the interface
table or the sampler table. Replace seconds with the export timeout
options {interface-table | sampler-table}
[timeout seconds]
Step 4
value, in the range from 1 through 604800 seconds. The default is
1800 seconds for both the interface table and the sample table.
Example:
RP/0/RSP0/CPU0:router(config-fem-ver)#
options interface-table timeout 300
You must perform this step twice to configure the export timeout
value for both an interface table and a sample table.
(Optional) Configures the export period for data packets or options
packets. Replace seconds with the export timeout value, in the range
from 1 through 604800 seconds.
template [data | options] timeout seconds
Example:
RP/0/RSP0/CPU0:router(config-fem-ver)#
template data timeout 300
Step 5
You must perform this step twice to configure the export period for
both data packets and options packets.
Exits flow exporter map version configuration mode, and enters
flow exporter map configuration mode.
exit
Example:
RSP0/CPU0:router(config-fem-ver)# exit
Step 6
(Optional) Specifies the destination port for UDP packets. Replace
port with the destination UDP port value, in the range from 1024
through 65535.
transport udp port
Example:
RP/0/RSP0/CPU0:router(config-fem)#
transport udp 12515
Step 7
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 21
Configuring NetFlow
Configuring NetFlow Collection of MPLS Packets with IPv6 FieldsCommand or Action Purpose
Specifies a source interface, in the format type interface-path-id.
For example:
POS 0/1/0/1 or Loopback0
source type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-fem)# source
Loopback0
Step 8
Configures the export destination for the flow exporter map. The
destination can be a hostname or an IP address.
destination hostname_or_IP_address
Example:
RP/0/RSP0/CPU0:router(config-fem)#
destination 170.1.1.11
Step 9
Exits flow exporter map configuration mode, and enters flow
exporter map configuration mode.
exit
Example:
RP/0/RSP0/CPU0:router(config-fem)# exit
Step 10
Creates a monitor map and configures a monitor map name and
enters flow monitor map configuration submode.
flow monitor-map map_name
Example:
RP/0/RSP0/CPU0:router(config)# flow
monitor-map MPLS-IPv6-fmm
Step 11
Configures the flow record map name for IPv4, IPv6, or MPLS.
Use the ipv4-ipv6-fields keyword to collect IPv4 and IPv6 fields
in an MPLS-aware NetFlow.
record mpls [ipv4-ipv6-fields] [labels number]
Example:
RP/0/RSP0/CPU0:router(config-fmm)# record
mpls ipv6-fields labels 3
Step 12
Step 13 exporter map_name Associates an exporter map with a monitor map.
Example:
RP/0/RSP0/CPU0:router(config-fmm)#
exporter exp1
A single flow monitor map can support up to eight
exporters.
Note
(Optional) Configures the number of entries in the flow cache.
Replace the number argument with the number of flow entries
allowed in the flow cache, in the range from 4096 through 1000000.
cache entries number
Example:
RP/0/RSP0/CPU0:router(config-fmm)# cache
entries 10000
Step 14
The default number of cache entries is 65535.
(Optional) Configures the active, inactive, or update flow cache
timeout value.
cache timeout {active timeout_value | inactive
timeout_value | update timeout_value}
Step 15
Example:
RP/0/RSP0/CPU0:router(config-fmm)# cache
timeout inactive 1800
The default timeout value for the inactive flow cache is 15
seconds.
The default timeout value for the active flow cache is 1800
seconds.
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
22 OL-26127-02
Configuring NetFlow
Configuring NetFlow Collection of MPLS Packets with IPv6 FieldsCommand or Action Purpose
The default timeout value for the update flow cache is 1800
seconds.
The inactive and active keywords are not applicable to
permanent caches.
Note
The update keyword is used for permanent caches only.
It specifies the timeout value that is used to export entries
from permanent caches. In this case, the entries are exported
but remain the cache.
Note
cache permanent (Optional) Disables the removal of entries from flow cache.
Example:
RP/0/RSP0/CPU0:router(config-fmm)# flow
monitor-map fmm cache permanent
Step 16
exit Exits flow monitor map configuration submode.
Example:
RP/0/RSP0/CPU0:router(config-fmm)# exit
Step 17
Step 18 sampler-map map_name Creates a sampler map and enterssampler map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# sampler-map
Keep the following in mind when configuring a sampler map:
fsm
RP/0/RSP0/CPU0:router(config-sm)#
Configures the sampling interval to use random mode for sampling
packets. Replace the sampling_interval argument with a number,
in the range from 1 through 65535 units.
random 1 out-of sampling_interval
Example:
RP/0/RSP0/CPU0:router(config-sm)# random
1 out-of 65535
Step 19
Exits sampler map configuration mode and enters global
configuration mode.
exit
Example:
RP/0/RSP0/CPU0:router(config-sm)#exit
Step 20
interface type number Enters interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# interface
Step 21
gigabitEthernet 0/0/0/0
RP/0/RSP0/CPU0:router(config-if)#
flow [ipv4 | ipv6 | mpls] monitor monitor_map Associates a monitor map and a sampler map with an interface.
sampler sampler_map {egress | ingress}
Step 22
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 23
Configuring NetFlow
Configuring NetFlow Collection of MPLS Packets with IPv6 FieldsCommand or Action Purpose
Enter ipv4 to enable IPV4 NetFlow on the specified interface. Enter
ipv6 to enable IPV6 NetFlow on the specified interface. Enter mpls
to enable MPLS-aware NetFlow on the specified interface.
Example:
RP/0/RSP0/CPU0:router(config-if)# flow
ipv4 monitor MPLS-IPv6-fmm sampler fsm
egress
Step 23 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
exit Exits interface configuration submode for the Ethernet interface.
Example:
RP/0/RSP0/CPU0:router(config-if)# exit
Step 24
exit Exits global configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# exit
Step 25
show flow monitor-map map_name Displays flow monitor map data.
Example:
RP/0/RSP0/CPU0:router# show flow
monitor-map fmm
Step 26
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
24 OL-26127-02
Configuring NetFlow
Configuring NetFlow Collection of MPLS Packets with IPv6 FieldsCommand or Action Purpose
show flow exporter-map map_name Displays exporter map data.
Example:
RP/0/RSP0/CPU0:router# show flow
exporter-map fem
Step 27
Configuring Destination-based NetFlow Accounting
You configure destination-based NetFlow accounting by configuring the flow monitor map, flow record, and
flow monitor as described in the following steps.
SUMMARY STEPS
1. configure
2. flow monitor-map map_name
3. record ipv4 destination
4. exit
5. interface type interface-path-id
6. flow ipv4 monitor name ingress
7. Use one of these commands:
end
commit
8. show flow exporter-map map_name
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Creates a monitor map and configures a monitor map name and enters
flow monitor map configuration submode.
flow monitor-map map_name
Example:
RP/0/RSP0/CPU0:router(config)# flow
Step 2
monitor-map map1
RP/0/RSP0/CPU0:router(config-fmm)#
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 25
Configuring NetFlow
Configuring Destination-based NetFlow AccountingCommand or Action Purpose
Configures the flow record for an IPv4 destination-based NetFlow
accounting record. The destination keyword specifies that the record
is for IPv4 destination-based NetFlow accounting.
record ipv4 destination
Example:
RP/0/RSP0/CPU0:router(config-fmm)#
record ipv4 destination.
Step 3
exit Exits flow monitor map mode to global configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-fmm)# exit
Step 4
Interface type and physical interface-path-id in the format type
rack/slot/module/port.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router# interface POS
0/1/0/0
Step 5
typePOS, Ethernet, ATM, etc.
rackChassis number of the rack.
slotPhysical slot number of the line card or modular services card.
moduleModule number. A physical layer interface module (PLIM)
is always 0.
portPhysical port number of the interface.
Configures an IPv4 flow monitor for the ingress direction and assigns
the name of the monitor.
flow ipv4 monitor name ingress
Example:
RP/0/RSP0/CPU0:router# flow ipv4 monitor
monitor1 ingress
Step 6
Step 7 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
26 OL-26127-02
Configuring NetFlow
Configuring Destination-based NetFlow AccountingCommand or Action Purpose
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
show flow exporter-map map_name Verifies exporter map data.
Example:
RP/0/RSP0/CPU0:router# show flow
exporter-map fem
Step 8
Trident Netflow
Trident Netflow exports using only the V9 (Version 9) format. V9 is the most flexible NetFlow export. This
format is flexible and extensible. It provides the flexibility to support new fields and record types.
Supported features
Flow monitor type of IPv4, IPv6, and MPLS can all be configured to an interface per direction.
Sampled Netflow. There is no support for full mode sampling.
Non-deterministic Random Sampling Algorithm.
Different traffic types, including unicast and multicast traffic.
Punt path policer rate
In order to achieve the maximum flow processing without overloading the LC CPU, all flow packets that are
punted from each Network Processor are policed. This is done to avoid overloading the CPU. The aggregate
punt policer rate is 100 Kpps. To avoid having flow packets arrive at the CPU at a huge rate, the punt path
policer needs to be applied on all NPs that have the netflow feature applied on them.
The Punt path policer rate can be calculated in following way:
Calculating Punt path policer rate
The policer rate of each NP_NetflowMonitor is 100k, where NP_NetflowMonitor is NP that has Netflow
monitor configured to its associated interfaces; or any of its associated interfaces are member of a bundle
interfaces or bundle sub-interfaces that has Netflow monitor applied.
Determining NP for NP_NetflowMonitor or non - NP_NetflowMonitor:
1 If any of its associated interface or sub-interface has any flow monitor applied, then it is
NP_NetflowMonitor.
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 27
Configuring NetFlow
Trident Netflow2 If any of its interfaces is a member of a bundle interface or bundle sub-interface that has Netflow monitor
configured, the NP is considered as non- NP_NetflowMonitor.
Trident base line cards supported features
Supports ingress and egress Netflow (IPv4, IPv6, MPLS) on L3 physical interface, L3-sub-interface,
L3-Bundle interface, and L3 bundle sub-interface.
Supports configurable Sampling Rate 1:1 ~ 1: 65535
Supports only up to 4 Sampling Rates (or Intervals) per LC.
Supports up to 8k (Large memory LC) or 4k (Small Memory LC) interfaces/subinterfaces
Supports configuration with flow monitor per NP.
Supports maximum aggregate Netflow processing rate of 50k flow packets perseconds per LC, enforced
by Netflow Punt Policer on each NPs.
Supports netflow processing of 100Kpps, with CPU utilization not exceeding 50%.
Supports up to 4 flow exporters per flow monitor.
Supports exporting packet rates of up to 100k flows per second.
Configuration Examples for NetFlow
The following examples show NetFlow configurations:
Sampler Map: Example
The following example shows how to create a new sampler map called fsm1, which samples 1 out of 65535
packets:
RP/0/RSP0/CPU0:router# sampler-map fsm1
RP/0/RSP0/CPU0:router(config-sm)# random 1 out-of 65535
RP/0/RSP0/CPU0:router(config)# exit
Exporter Map: Example
The following example shows how to create a new flow exporter map called fem1, which uses the version
9 (V9) export format for NetFlow export packets. The data template flow-set is inserted into the V9 export
packets once every 10 minutes, and the options interface table flow-set is inserted into the V9 export packet.
The export packets are sent to the flow collector destination 10.1.1.1, where the source address is identical to
the interface IP address of Loopback 0. The UDP destination port is 1024, and the DSCP value is 10:
RP/0/RSP0/CPU0:router(config)# flow exporter-map fem1
RP/0/RSP0/CPU0:router(config-fem)# destination 10.1.1.1
RP/0/RSP0/CPU0:router(config-fem)# source Loopback 0
RP/0/RSP0/CPU0:router(config-fem)# transport udp 1024
RP/0/RSP0/CPU0:router(config-fem)# dscp 10
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
28 OL-26127-02
Configuring NetFlow
Configuration Examples for NetFlowRP/0/RSP0/CPU0:router(config-fem)# exit
RP/0/RSP0/CPU0:router(config-fem)# version v9
RP/0/RSP0/CPU0:router(config-fem-ver)# template data timeout 600
RP/0/RSP0/CPU0:router(config-fem-ver)# options interface-table
RP/0/RSP0/CPU0:router(config-fem-ver)# exit
Flow Monitor Map: Examples
The following example shows how to create a new flow monitor map with name fmm1. This flow monitor
map references the flow exporter map fem1, and sets the flow cache attributes to 10000 cache entries. The
active entries from the cache are aged every 30 seconds, while the inactive entries from the cache are aged
every 15 seconds. The record map for this monitor map is IPv4:
RP/0/RSP0/CPU0:router(config)# flow monitor-map fmm1
RP/0/RSP0/CPU0:router(config-fmm)# record ipv4
RP/0/RSP0/CPU0:router(config-fmm)# exporter fem1
RP/0/RSP0/CPU0:router(config-fmm)# cache entries 10000
RP/0/RSP0/CPU0:router(config-fmm)# cache timeout active 30
RP/0/RSP0/CPU0:router(config-fmm)# cache timeout inactive 15
RP/0/RSP0/CPU0:router(config-fmm)# exit
The following example shows how to apply the flow monitor fmm1and the sampler fsm1 to the TenGigE
0/0/0/0 interface in the ingress direction:
RP/0/RSP0/CPU0:router(config)# interface TenGigE 0/0/0/0
RP/0/RSP0/CPU0:router(config-if)# flow ipv4 monitor fmm1 sampler fsm1 ingress
RP/0/RSP0/CPU0:router(config-if)# exit
The following example shows how to configure the NetFlow monitor to collect MPLS packets with IPv6
fields:
RP/0/RSP0/CPU0:router# config
RP/0/RSP0/CPU0:router(config)# flow exporter-map exp1
RP/0/RSP0/CPU0:router(config-fem)# version v9
RP/0/RSP0/CPU0:router(config-fem-ver)# options interface-table timeout 300
RP/0/RSP0/CPU0:router(config-fem-ver)# options sampler-table timeout 300
RP/0/RSP0/CPU0:router(config-fem-ver)# template data timeout 300
RP/0/RSP0/CPU0:router(config-fem-ver)# template options timeout 300
RP/0/RSP0/CPU0:router(config-fem-ver)# exit
RP/0/RSP0/CPU0:router(config-fem)# transport udp 12515
RP/0/RSP0/CPU0:router(config-fem)# source Loopback0
RP/0/RSP0/CPU0:router(config-fem)# destination 170.1.1.11
RP/0/RSP0/CPU0:router(config-fmm)# exit
RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-IPv6-fmm
RP/0/RSP0/CPU0:router(config-fmm)# record mpls ipv6-fields labels 3
RP/0/RSP0/CPU0:router(config-fmm)# exporter exp1
RP/0/RSP0/CPU0:router(config-fmm)# cache entries 10000
RP/0/RSP0/CPU0:router(config-fmm)# cache permanent
RP/0/RSP0/CPU0:router(config-fmm)# exit
RP/0/RSP0/CPU0:router(config)# sampler-map FSM
RP/0/RSP0/CPU0:router(config-sm)# random 1 out-of 65535
RP/0/RSP0/CPU0:router(config-sm)# exit
RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0
RP/0/RSP0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv6-fmm sampler FSM ingress
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 29
Configuring NetFlow
Flow Monitor Map: ExamplesMPLS Flow Monitor with IPv4 and IPv6 Support: Examples
The following configuration collects MPLS traffic, but no payload information is collected.
RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-fmm
RP/0/RSP0/CPU0:router(config-fmm)# record mpls labels 3
RP/0/RSP0/CPU0:router(config-fmm)# cache permanent
RP/0/RSP0/CPU0:router(config)# exit
RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0
RP/0/RSP0/CPU0:router(config-if)# flow mpls monitor MPLS-fmm sampler fsm ingress
The following configuration collects MPLS traffic with IPv4 payloads. It also collects MPLS traffic without
IPv4 payloads, but it populates the IPv4 fields with zeros (0).
RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-IPv4-fmm
RP/0/RSP0/CPU0:router(config-fmm)# record mpls IPv4-fields labels 3
RP/0/RSP0/CPU0:router(config-fmm)# cache permanent
RP/0/RSP0/CPU0:router(config-fmm)# exit
RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0
RP/0/RSP0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv4-fmm sampler fsm ingress
The following configuration collects MPLS traffic with IPv6 payloads. It also collects MPLS traffic without
IPv6 payloads, but it populates the IPv6 fields with zeros (0).
RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-IPv6-fmm
RP/0/RSP0/CPU0:router(config-fmm)# record mpls IPv6-fields labels 3
RP/0/RSP0/CPU0:router(config-fmm)# cache permanent
RP/0/RSP0/CPU0:router(config-fmm)# exit
RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0
RP/0/RSP0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv6-fmm sampler fsm ingress
The following configuration collects MPLS traffic with both IPv6 and IPv4 fields. It also collects MPLS
traffic without IPv4 or IPv6 payloads, but it populates the IPv6 and IPv4 fields with zeros (0).
RP/0/RSP0/CPU0:router(config)# flow monitor-map MPLS-IPv4-IPv6-fmm
RP/0/RSP0/CPU0:router(config-fmm)# record mpls IPv4-IPv6-fields labels 3
RP/0/RSP0/CPU0:router(config-fmm)# cache permanent
RP/0/RSP0/CPU0:router(config-fmm)# exit
RP/0/RSP0/CPU0:router(config)# interface gigabitEthernet 0/0/0/0
RP/0/RSP0/CPU0:router(config-if)# flow mpls monitor MPLS-IPv4-IPv6-fmm sampler fsm ingress
Note Flow records are exported using the Version 9 format.
Destination-based NetFlow Accounting: Example
The following example shows how to configure an IPv4 flow record for destination-based NetFlow accounting:
RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# flow monitor-map map1
RP/0/RSP0/CPU0:router(config-fmm)# record ipv4 destination
RP/0/RSP0/CPU0:router(config-fmm)# exporter fem
RP/0/RSP0/CPU0:router(config-fmm)# exit
RP/0/RSP0/CPU0:router(config)# interface pos 0/1/0/0
RP/0/RSP0/CPU0:router(config-if)# flow ipv4 monitor map1 ingress
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
30 OL-26127-02
Configuring NetFlow
MPLS Flow Monitor with IPv4 and IPv6 Support: ExamplesRP/0/RSP0/CPU0:router(config-if)# end
RP/0/RSP0/CPU0:router# show flow exporter-map fem
RP/0/RSP0/CPU0:router# show flow monitor-map map1
Additional References
The following sections provide references related to interface configuration.
Related Documents
Related Topic Document Title
Cisco IOS XR master command reference Cisco IOS XR Master Commands List
Cisco ASR 9000 Series Aggregation Services Router
Interface and Hardware Component Command
Reference
Cisco IOS XR interface configuration commands
Cisco ASR 9000 Series Aggregation Services Router
Getting Started Guide
Initial system bootup and configuration information
for a router using the Cisco IOS XR software.
Cisco ASR 9000 Series Aggregation Services Router
Interface and Hardware Component Command
Reference
Information about user groups and task IDs
Information about configuring interfaces and other Cisco Craft Works Interface User Guide
components from a remote Craft Works Interface
(CWI) client management application.
Standards
Standards Title
No new or modified standards are supported by this
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the Cisco
Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 31
Configuring NetFlow
Additional ReferencesRFCs
RFCs Title
3954 NetFlow services export protocol Version 9.
Technical Assistance
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
32 OL-26127-02
Configuring NetFlow
Additional ReferencesI N D E X
A
accounting for IPv4, destination-based 8, 25
Additional References command 31
C
cache entries command 14
cache permanent command 14
cache timeout command 14
Configuration Examples for NetFlow command 28
configuring 9
D
destination command 9
Destination-based NetFlow Accounting 30
Example command 30
dscp command 9
E
exporter command 14
exporter map 3
Exporter Map 28
Example command 28
F
flow exporter map configuration submode 5
flow exporter map version configuration submode 5
flow exporter-map command 9
Flow Monitor Map 29
Examples 29
flow monitor map configuration submode 6
flow monitor-map command 9, 14, 25
M
monitor map 3
MPLS Flow Monitor with IPv4 and IPv6 Support 30
Examples 30
N
NetFlow 1, 2, 3, 5, 6, 8, 9, 25
accounting for IPv4, destination-based 8, 25
configuring 9
exporter map 3
flow exporter map configuration submode 5
flow exporter map version configuration submode 5
flow monitor map configuration submode 6
monitor map 3
overview 1, 2
restrictions 2
sampler map 3
sampler map configuration submode 6
O
options command 9
overview 1, 2
R
random command 12
record ipv4 command 14
record ipv4 destination command 25
record ipv6 command 14
restrictions 2
S
sampler map 3
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
OL-26127-02 IN-1Sampler Map 28
Example command 28
sampler map configuration submode 6
sampler-map command 12
show flow exporter-map command 9, 25
show flow monitor map command 14
show sampler-map command 12
source command 9
T
template command 9
transport udp command 9
Trident Netflow 27
V
version v9 command 9
Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide, Release 4.2.x
IN-2 OL-26127-02
Index
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Cisco ASR 9000 Series Aggregation
Services Router MPLS Layer 3 VPN
Configuration Guide
Cisco IOS XR Software Release 4.2.x
Text Part Number: OL-26115-02THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL
STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT
WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT
SHIPPED WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE
OR LIMITED WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public
domain version of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH
ALL FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT
LIMITATION, THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF
DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING,
WITHOUT LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO
OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this
URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display
output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in
illustrative content is unintentional and coincidental.
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
© 2012 Cisco Systems, Inc. All rights reserved.iii
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
C O N T E N T S
Preface VPC-vii
Implementing MPLS Layer 3 VPNs VPC-9
Contents VPC-10
Prerequisites for Implementing MPLS L3VPN VPC-10
MPLS L3VPN Restrictions VPC-11
Information About MPLS Layer 3 VPNs VPC-11
MPLS L3VPN Overview VPC-11
MPLS L3VPN Benefits VPC-12
How MPLS L3VPN Works VPC-13
Virtual Routing and Forwarding Tables VPC-13
VPN Routing Information: Distribution VPC-13
BGP Distribution of VPN Routing Information VPC-14
MPLS Forwarding VPC-14
Automatic Route Distinguisher Assignment VPC-15
MPLS L3VPN Major Components VPC-15
Inter-AS Support for L3VPN VPC-15
Inter-AS Support: Overview VPC-16
Inter-AS and ASBRs VPC-16
Confederations VPC-17
MPLS VPN Inter-AS BGP Label Distribution VPC-18
Exchanging IPv4 Routes with MPLS labels VPC-19
BGP Routing Information VPC-20
BGP Messages and MPLS Labels VPC-20
Sending MPLS Labels with Routes VPC-21
Generic Routing Encapsulation Support for L3VPN VPC-21
GRE Restriction for L3VPN VPC-21
VPNv4 Forwarding Using GRE Tunnels VPC-21
Carrier Supporting Carrier Support for L3VPN VPC-23
CSC Prerequisites VPC-23
CSC Benefits VPC-23
Configuration Options for the Backbone and Customer Carriers VPC-24
Customer Carrier: ISP with IP Core VPC-24
Customer Carrier: MPLS Service Provider VPC-25Contents
iv
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
How to Implement MPLS Layer 3 VPNs VPC-26
Configuring the Core Network VPC-26
Assessing the Needs of MPLS VPN Customers VPC-26
Configuring Routing Protocols in the Core VPC-27
Configuring MPLS in the Core VPC-27
Determining if FIB Is Enabled in the Core VPC-27
Configuring Multiprotocol BGP on the PE Routers and Route Reflectors VPC-28
Connecting MPLS VPN Customers VPC-29
Defining VRFs on the PE Routers to Enable Customer Connectivity VPC-30
Configuring VRF Interfaces on PE Routers for Each VPN Customer VPC-32
Configuring BGP as the Routing Protocol Between the PE and CE Routers VPC-34
Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers VPC-38
Configuring Static Routes Between the PE and CE Routers VPC-41
Configuring OSPF as the Routing Protocol Between the PE and CE Routers VPC-42
Configuring EIGRP as the Routing Protocol Between the PE and CE Routers VPC-45
Configuring EIGRP Redistribution in the MPLS VPN VPC-48
Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with
ASBRs Exchanging IPv4 Routes and MPLS Labels VPC-50
Configuring ASBRs to Exchange IPv4 Routes and MPLS Labels VPC-50
Configuring the Route Reflectors to Exchange VPN-IPv4 Routes VPC-53
Configuring the Route Reflector to Reflect Remote Routes in its AS VPC-56
Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with
ASBRs Exchanging VPN-IPv4 Addresses VPC-59
Configuring the ASBRs to Exchange VPN-IPv4 Addresses VPC-59
Configuring a Static Route to an ASBR Peer VPC-62
Configuring EBGP Routing to Exchange VPN Routes Between Subautonomous Systems in a
Confederation VPC-64
Configuring MPLS Forwarding for ASBR Confederations VPC-66
Configuring a Static Route to an ASBR Confederation Peer VPC-68
Configuring Carrier Supporting Carrier VPC-70
Identifying the Carrier Supporting Carrier Topology VPC-70
Configuring the Backbone Carrier Core VPC-71
Configuring the CSC-PE and CSC-CE Routers VPC-71
Configuring a Static Route to a Peer VPC-78
Verifying the MPLS Layer 3 VPN Configuration VPC-80
Configuring L3VPN over GRE VPC-83
Creating a GRE Tunnel between Provider Edge Routers VPC-83
Configuring IGP between Provider Edge Routers VPC-85
Configuring LDP/GRE on the Provider Edge Routers VPC-87
Configuring L3VPN VPC-89Contents
v
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuration Examples for Implementing MPLS Layer 3 VPNs VPC-95
Configuring an MPLS VPN Using BGP: Example VPC-95
Configuring the Routing Information Protocol on the PE Router: Example VPC-96
Configuring the PE Router Using EIGRP: Example VPC-96
Configuration Examples for MPLS VPN CSC VPC-97
Configuring the Backbone Carrier Core: Examples VPC-97
Configuring the Links Between CSC-PE and CSC-CE Routers: Examples VPC-97
Configuring a Static Route to a Peer: Example VPC-98
Configuring L3VPN over GRE: Example VPC-98
Additional References VPC-102
Related Documents VPC-102
Standards VPC-102
MIBs VPC-102
RFCs VPC-103
Technical Assistance VPC-103
Implementing IPv6 VPN Provider Edge Transport over MPLS VPC-105
Contents VPC-105
Prerequisites for Implementing 6PE/VPE VPC-106
Information About 6PE/VPE VPC-106
Overview of 6PE/VPE VPC-106
Benefits of 6PE/VPE VPC-107
Deploying IPv6 over MPLS Backbones VPC-107
IPv6 on the Provider Edge and Customer Edge Routers VPC-107
IPv6 Provider Edge Multipath VPC-108
OSPFv3 6VPE VPC-108
Multiple VRF Support VPC-108
OSPFv3 PE-CE Extensions VPC-109
VRF Lite VPC-109
How to Implement 6PE/VPE VPC-109
Configuring 6PE/VPE VPC-109
Configuring PE to PE Core VPC-111
Configuring PE to CE Core VPC-115
Configuring OSPFv3 as the Routing Protocol Between the PE and CE Routers VPC-118
Configuration Examples for 6PE VPC-122
Configuring 6PE on a PE Router: Example VPC-122
Configuring 6VPE on a PE Router: Example VPC-122
Configuring OSPFv3 between PE to CE: Example: VPC-123
Additional References VPC-124Contents
vi
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Related Document VPC-124
Standards VPC-124
MIBs VPC-124
RFCs VPC-124
Technical Assistance VPC-125
Indexvii
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Preface
The preface consists of these sections:
Changes to This Document, page VPC-vii
Obtaining Documentation and Submitting a Service Request, page VPC-vii
Changes to This Document
Table 1 lists the technical changes made to this document since it was first printed.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional
information, see the monthly Whats New in Cisco Product Documentation, which also lists all new and
revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the Whats New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.
Table 1 Changes to This Document
Revision Date Change Summary
OL-26115-02 May 2012 Support for GRE tunnel interfaces was increased to 2000.
OL-26115-01 December 2011 Initial release of this document.Preface
viii
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-029
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Implementing MPLS Layer 3 VPNs
A Multiprotocol Label Switching (MPLS) Layer 3 Virtual Private Network (VPN) consists of a set of
sites that are interconnected by means of an MPLS provider core network. At each customer site, one or
more customer edge (CE) routers attach to one or more provider edge (PE) routers.
This module provides the conceptual and configuration information for MPLS Layer 3 VPNs on
Cisco ASR 9000 Series Aggregation Services Routers.
Note You must acquire an evaluation or permanent license in order to use MPLS Layer 3 VPN functionality.
However, if you are upgrading from a previous version of the software, MPLS Layer 3 VPN functionality
will continue to work using an implicit license for 90 days (during which time, you can purchase a
permanent license). For more information about licenses, see the Software Entitlement on
Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series Aggregation Services Router
System Management Configuration Guide.
Note For a complete description of the commands listed in this module, refer to the Cisco ASR 9000 Series
Aggregation Services Router MPLS Command Reference . To locate documentation of other commands
that appear in this chapter, use the command reference master index, or search online.
Feature History for Implementing MPLS Layer 3 VPNs on Cisco ASR 9000 Series Routers
Release Modification
Release 3.7.2 This feature was introduced.
Release 4.2.0 Support for Generic Routing Encapsulation (GRE) was added on A9K-SIP-700
line card.
Release 4.2.1 The maximum number of supported tunnel interfaces was increased to 2000 for
the ASR 9000 Enhanced Ethernet and ASR 9000 Ethernet line cards.Implementing MPLS Layer 3 VPNs
Contents
10
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Contents
Prerequisites for Implementing MPLS L3VPN, page VPC-10
MPLS L3VPN Restrictions, page VPC-11
Information About MPLS Layer 3 VPNs, page VPC-11
How to Implement MPLS Layer 3 VPNs, page VPC-26
Configuration Examples for Implementing MPLS Layer 3 VPNs, page VPC-95
Additional References, page VPC-102
Prerequisites for Implementing MPLS L3VPN
These prerequisites are required to configure MPLS Layer 3 VPN:
You must be in a user group associated with a task group that includes the proper task IDs. The
command reference guides include the task IDs required for each command.
If you suspect user group assignment is preventing you from using a command, contact your AAA
administrator for assistance.
These prerequisites are required for configuring MPLS VPN Inter-AS with autonomous system
boundary routers (ASBRs) exchanging VPN-IPV4 addresses or IPv4 routes and MPLS labels:
Before configuring external Border Gateway Protocol (eBGP) routing between autonomous systems
or subautonomous systems in an MPLS VPN, ensure that all MPLS VPN routing instances and
sessions are properly configured (see the How to Implement MPLS Layer 3 VPNs, page VPC-26 for
procedures).
These tasks must be performed:
Define VPN routing instances
Configure BGP routing sessions in the MPLS core
Configure PE-to-PE routing sessions in the MPLS core
Configure BGP PE-to-CE routing sessions
Configure a VPN-IPv4 eBGP session between directly connected ASBRs
To configure MPLS Layer 3 VPNs, routers must support MPLS forwarding and Forwarding Information
Base (FIB).Implementing MPLS Layer 3 VPNs
MPLS L3VPN Restrictions
11
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
MPLS L3VPN Restrictions
These are restrictions for implementing MPLS Layer 3 VPNs:
Multihop VPN-IPv4 eBGP is not supported for configuring eBGP routing between autonomous
systems or subautonomous systems in an MPLS VPN.
MPLS VPN supports only IPv4 address families.
These restrictions apply when configuring MPLS VPN Inter-AS with ASBRs exchanging IPv4 routes
and MPLS labels:
For networks configured with eBGP multihop, a label switched path (LSP) must be configured
between nonadjacent routers.
Inter-AS supports IPv4 routes only. IPv6 is not supported.
Note The physical interfaces that connect the BGP speakers must support FIB and MPLS.
These restrictions apply to routing protocols OSPF and RIP:
IPv6 is not supported on OSPF and RIP.
Information About MPLS Layer 3 VPNs
To implement MPLS Layer 3 VPNs, you need to understand these concepts:
MPLS L3VPN Overview, page VPC-11
MPLS L3VPN Benefits, page VPC-12
How MPLS L3VPN Works, page VPC-13
MPLS L3VPN Major Components, page VPC-15
Generic Routing Encapsulation Support for L3VPN, page VPC-21
MPLS L3VPN Overview
Before defining an MPLS VPN, VPN in general must be defined. A VPN is:
An IP-based network delivering private network services over a public infrastructure
A set of sites that are allowed to communicate with each other privately over the Internet or other
public or private networks
Conventional VPNs are created by configuring a full mesh of tunnels or permanent virtual circuits
(PVCs) to all sites in a VPN. This type of VPN is not easy to maintain or expand, as adding a new site
requires changing each edge device in the VPN.
MPLS-based VPNs are created in Layer 3 and are based on the peer model. The peer model enables the
service provider and the customer to exchange Layer 3 routing information. The service provider relays
the data between the customer sites without customer involvement.
MPLS VPNs are easier to manage and expand than conventional VPNs. When a new site is added to an
MPLS VPN, only the edge router of the service provider that provides services to the customer site needs
to be updated. Implementing MPLS Layer 3 VPNs
Information About MPLS Layer 3 VPNs
12
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
The components of the MPLS VPN are described as follows:
Provider (P) routerRouter in the core of the provider network. PE routers run MPLS switching
and do not attach VPN labels to routed packets. VPN labels are used to direct data packets to the
correct private network or customer edge router.
PE routerRouter that attaches the VPN label to incoming packets based on the interface or
subinterface on which they are received, and also attaches the MPLS core labels. A PE router
attaches directly to a CE router.
Customer (C) routerRouter in the Internet service provider (ISP) or enterprise network.
Customer edge (CE) routerEdge router on the network of the ISP that connects to the PE router
on the network. A CE router must interface with a PE router.
Figure 1 shows a basic MPLS VPN topology.
Figure 1 Basic MPLS VPN Topology
MPLS L3VPN Benefits
MPLS L3VPN provides these benefits:
Service providers can deploy scalable VPNs and deliver value-added services.
Connectionless service guarantees that no prior action is necessary to establish communication
between hosts.
Centralized Service: Building VPNs in Layer 3 permits delivery of targeted services to a group of
users represented by a VPN.
Scalability: Create scalable VPNs using connection-oriented, point-to-point overlays, Frame Relay,
or ATM virtual connections.
Security: Security is provided at the edge of a provider network (ensuring that packets received from
a customer are placed on the correct VPN) and in the backbone.
Integrated Quality of Service (QoS) support: QoS provides the ability to address predictable
performance and policy implementation and support for multiple levels of service in an MPLS VPN.
MPLS Backbone
Customer Site Customer Site
Provider Edge
(PE) router
Provider Edge
(PE) router
Provider (P)
routers
Provider (P)
routers
103875
Customer
Edge
(CE) router
Customer
Edge
(CE) routerImplementing MPLS Layer 3 VPNs
Information About MPLS Layer 3 VPNs
13
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Straightforward Migration: Service providers can deploy VPN services using a straightforward
migration path.
Migration for the end customer is simplified. There is no requirement to support MPLS on the CE
router and no modifications are required for a customer intranet.
How MPLS L3VPN Works
MPLS VPN functionality is enabled at the edge of an MPLS network. The PE router performs these
tasks:
Exchanges routing updates with the CE router
Translates the CE routing information into VPN version 4 (VPNv4) routes
Exchanges VPNv4 routes with other PE routers through the Multiprotocol Border Gateway Protocol
(MP-BGP)
Virtual Routing and Forwarding Tables
Each VPN is associated with one or more VPN routing and forwarding (VRF) instances. A VRF defines
the VPN membership of a customer site attached to a PE router. A VRF consists of these components:
An IP version 4 (IPv4) unicast routing table
A derived FIB table
A set of interfaces that use the forwarding table
A set of rules and routing protocol parameters that control the information that is included in the
routing table
These components are collectively called a VRF instance.
A one-to-one relationship does not necessarily exist between customer sites and VPNs. A site can be a
member of multiple VPNs. However, a site can associate with only one VRF. A VRF contains all the
routes available to the site from the VPNs of which it is a member.
Packet forwarding information is stored in the IP routing table and the FIB table for each VRF. A
separate set of routing and FIB tables is maintained for each VRF. These tables prevent information from
being forwarded outside a VPN and also prevent packets that are outside a VPN from being forwarded
to a router within the VPN.
VPN Routing Information: Distribution
The distribution of VPN routing information is controlled through the use of VPN route target
communities, implemented by BGP extended communities. VPN routing information is distributed as
follows:
When a VPN route that is learned from a CE router is injected into a BGP, a list of VPN route target
extended community attributes is associated with it. Typically, the list of route target community
extended values is set from an export list of route targets associated with the VRF from which the
route was learned.Implementing MPLS Layer 3 VPNs
Information About MPLS Layer 3 VPNs
14
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
An import list of route target extended communities is associated with each VRF. The import list
defines route target extended community attributes that a route must have for the route to be
imported into the VRF. For example, if the import list for a particular VRF includes route target
extended communities A, B, and C, then any VPN route that carries any of those route target
extended communitiesA, B, or Cis imported into the VRF.
BGP Distribution of VPN Routing Information
A PE router can learn an IP prefix from these sources:
A CE router by static configuration
An eBGP session with the CE router
A Routing Information Protocol (RIP) exchange with the CE router
Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), and RIP
as Interior Gateway Protocols (IGPs)
The IP prefix is a member of the IPv4 address family. After the PE router learns the IP prefix, the PE
converts it into the VPN-IPv4 prefix by combining it with a 64-bit route distinguisher. The generated
prefix is a member of the VPN-IPv4 address family. It uniquely identifies the customer address, even if
the customer site is using globally nonunique (unregistered private) IP addresses. The route distinguisher
used to generate the VPN-IPv4 prefix is specified by the rd command associated with the VRF on the
PE router.
BGP distributes reachability information for VPN-IPv4 prefixes for each VPN. BGP communication
takes place at two levels:
Within the IP domain, known as an autonomous system.
Between autonomous systems.
PE to PE or PE to route reflector (RR) sessions are iBGP sessions, and PE to CE sessions are eBGP
sessions. PE to CE eBGP sessions can be directly or indirectly connected (eBGP multihop).
BGP propagates reachability information for VPN-IPv4 prefixes among PE routers by the BGP protocol
extensions (see RFC 2283, Multiprotocol Extensions for BGP-4), which define support for address
families other than IPv4. Using the extensions ensures that the routes for a given VPN are learned only
by other members of that VPN, enabling members of the VPN to communicate with each other.
MPLS Forwarding
Based on routing information stored in the VRF IP routing table and the VRF FIB table, packets are
forwarded to their destination using MPLS.
A PE router binds a label to each customer prefix learned from a CE router and includes the label in the
network reachability information for the prefix that it advertises to other PE routers. When a PE router
forwards a packet received from a CE router across the provider network, it labels the packet with the
label learned from the destination PE router. When the destination PE router receives the labeled packet,
it pops the label and uses it to direct the packet to the correct CE router. Label forwarding across the
provider backbone is based on either dynamic label switching or traffic engineered paths. A customer
data packet carries two levels of labels when traversing the backbone:
The top label directs the packet to the correct PE router.
The second label indicates how that PE router should forward the packet to the CE router.Implementing MPLS Layer 3 VPNs
Inter-AS Support for L3VPN
15
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
More labels can be stacked if other features are enabled. For example, if traffic engineering (TE) tunnels
with fast reroute (FRR) are enabled, the total number of labels imposed in the PE is four (Layer 3 VPN,
Label Distribution Protocol (LDP), TE, and FRR).
Automatic Route Distinguisher Assignment
To take advantage of iBGP load balancing, every network VRF must be assigned a unique route
distinguisher. VRFs require a route distinguisher for BGP to distinguish between potentially identical
prefixes received from different VPNs.
With thousands of routers in a network each supporting multiple VRFs, configuration and management
of route distinguishers across the network can present a problem. Cisco IOS XR software simplifies this
process by assigning unique route distinguisher to VRFs using the rd auto command.
To assign a unique route distinguisher for each router, you must ensure that each router has a unique BGP
router-id. If so, the rd auto command assigns a Type 1 route distinguisher to the VRF using this format:
ip-address:number. The IP address is specified by the BGP router-id statement and the number (which
is derived as an unused index in the 0 to 65535 range) is unique across the VRFs.
Finally, route distinguisher values are checkpointed so that route distinguisher assignment to VRF is
persistent across failover or process restart. If an route distinguisher is explicitely configured for a VRF,
this value is not overridden by the autoroute distinguisher.
MPLS L3VPN Major Components
An MPLS-based VPN network has three major components:
VPN route target communitiesA VPN route target community is a list of all members of a VPN
community. VPN route targets need to be configured for each VPN community member.
Multiprotocol BGP (MP-BGP) peering of the VPN community PE routersMP-BGP propagates
VRF reachability information to all members of a VPN community. MP-BGP peering needs to be
configured in all PE routers within a VPN community.
MPLS forwardingMPLS transports all traffic between all VPN community members across a
VPN service-provider network.
A one-to-one relationship does not necessarily exist between customer sites and VPNs. A given site can
be a member of multiple VPNs. However, a site can associate with only one VRF. A customer-site VRF
contains all the routes available to the site from the VPNs of which it is a member.
Inter-AS Support for L3VPN
This section contains these topics:
Inter-AS Support: Overview, page VPC-16
Inter-AS and ASBRs, page VPC-16
Confederations, page VPC-17
MPLS VPN Inter-AS BGP Label Distribution, page VPC-18
Exchanging IPv4 Routes with MPLS labels, page VPC-19Implementing MPLS Layer 3 VPNs
Inter-AS Support for L3VPN
16
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Inter-AS Support: Overview
An autonomous system (AS) is a single network or group of networks that is controlled by a common
system administration group and uses a single, clearly defined routing protocol.
As VPNs grow, their requirements expand. In some cases, VPNs need to reside on different autonomous
systems in different geographic areas. In addition, some VPNs need to extend across multiple service
providers (overlapping VPNs). Regardless of the complexity and location of the VPNs, the connection
between autonomous systems must be seamless.
An MPLS VPN Inter-AS provides these benefits:
Allows a VPN to cross more than one service provider backbone.
Service providers, running separate autonomous systems, can jointly offer MPLS VPN services to
the same end customer. A VPN can begin at one customer site and traverse different VPN service
provider backbones before arriving at another site of the same customer. Previously, MPLS VPN
could traverse only a single BGP autonomous system service provider backbone. This feature lets
multiple autonomous systems form a continuous, seamless network between customer sites of a
service provider.
Allows a VPN to exist in different areas.
A service provider can create a VPN in different geographic areas. Having all VPN traffic flow
through one point (between the areas) allows for better rate control of network traffic between the
areas.
Allows confederations to optimize iBGP meshing.
Internal Border Gateway Protocol (iBGP) meshing in an autonomous system is more organized and
manageable. You can divide an autonomous system into multiple, separate subautonomous systems
and then classify them into a single confederation. This capability lets a service provider offer
MPLS VPNs across the confederation, as it supports the exchange of labeled VPN-IPv4 Network
Layer Reachability Information (NLRI) between the subautonomous systems that form the
confederation.
Inter-AS and ASBRs
Separate autonomous systems from different service providers can communicate by exchanging IPv4
NLRI in the form of VPN-IPv4 addresses. The ASBRs use eBGP to exchange that information. Then an
Interior Gateway Protocol (IGP) distributes the network layer information for VPN-IPV4 prefixes
throughout each VPN and each autonomous system. These protocols are used for sharing routing
information:
Within an autonomous system, routing information is shared using an IGP.
Between autonomous systems, routing information is shared using an eBGP. An eBGP lets service
providers set up an interdomain routing system that guarantees the loop-free exchange of routing
information between separate autonomous systems.
The primary function of an eBGP is to exchange network reachability information between autonomous
systems, including information about the list of autonomous system routes. The autonomous systems use
EBGP border edge routers to distribute the routes, which include label switching information. Each
border edge router rewrites the next-hop and MPLS labels.
Inter-AS configurations supported in an MPLS VPN can include:Implementing MPLS Layer 3 VPNs
Inter-AS Support for L3VPN
17
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Interprovider VPNMPLS VPNs that include two or more autonomous systems, connected by
separate border edge routers. The autonomous systems exchange routes using eBGP. No IGP or
routing information is exchanged between the autonomous systems.
BGP ConfederationsMPLS VPNs that divide a single autonomous system into multiple
subautonomous systems and classify them as a single, designated confederation. The network
recognizes the confederation as a single autonomous system. The peers in the different autonomous
systems communicate over eBGP sessions; however, they can exchange route information as if they
were iBGP peers.
Confederations
A confederation is multiple subautonomous systems grouped together. A confederation reduces the total
number of peer devices in an autonomous system. A confederation divides an autonomous system into
subautonomous systems and assigns a confederation identifier to the autonomous systems. A VPN can
span service providers running in separate autonomous systems or multiple subautonomous systems that
form a confederation.
In a confederation, each subautonomous system is fully meshed with other subautonomous systems. The
subautonomous systems communicate using an IGP, such as Open Shortest Path First (OSPF) or
Intermediate System-to-Intermediate System (IS-IS). Each subautonomous system also has an eBGP
connection to the other subautonomous systems. The confederation eBGP (CEBGP) border edge routers
forward next-hop-self addresses between the specified subautonomous systems. The next-hop-self
address forces the BGP to use a specified address as the next hop rather than letting the protocol choose
the next hop.
You can configure a confederation with separate subautonomous systems two ways:
Configure a router to forward next-hop-self addresses between only the CEBGP border edge routers
(both directions). The subautonomous systems (iBGP peers) at the subautonomous system border
do not forward the next-hop-self address. Each subautonomous system runs as a single IGP domain.
However, the CEBGP border edge router addresses are known in the IGP domains.
Configure a router to forward next-hop-self addresses between the CEBGP border edge routers
(both directions) and within the iBGP peers at the subautonomous system border. Each
subautonomous system runs as a single IGP domain but also forwards next-hop-self addresses
between the PE routers in the domain. The CEBGP border edge router addresses are known in the
IGP domains.
Figure 2 illustrates a typical MPLS VPN confederation configuration. In this configuration:
The two CEBGP border edge routers exchange VPN-IPv4 addresses with labels between the two
autonomous systems.
The distributing router changes the next-hop addresses and labels and uses a next-hop-self address.
IGP-1 and IGP-2 know the addresses of CEBGP-1 and CEBGP-2.Implementing MPLS Layer 3 VPNs
Inter-AS Support for L3VPN
18
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Figure 2 eBGP Connection Between Two Subautonomous Systems in a Confederation
In this confederation configuration:
CEBGP border edge routers function as neighboring peers between the subautonomous systems.
The subautonomous systems use eBGP to exchange route information.
Each CEBGP border edge router (CEBGP-1 and CEBGP-2) assigns a label for the router before
distributing the route to the next subautonomous system. The CEBGP border edge router distributes
the route as a VPN-IPv4 address by using the multiprotocol extensions of BGP. The label and the
VPN identifier are encoded as part of the NLRI.
Each PE and CEBGP border edge router assigns its own label to each VPN-IPv4 address prefix
before redistributing the routes. The CEBGP border edge routers exchange IPV-IPv4 addresses with
the labels. The next-hop-self address is included in the label (as the value of the eBGP next-hop
attribute). Within the subautonomous systems, the CEBGP border edge router address is distributed
throughout the iBGP neighbors, and the two CEBGP border edge routers are known to both
confederations.
For more information about how to configure confederations, see the Configuring MPLS Forwarding
for ASBR Confederations section on page MPC-66.
MPLS VPN Inter-AS BGP Label Distribution
Note This section is not applicable to Inter-AS over IP tunnels.
You can set up the MPLS VPN Inter-AS network so that the ASBRs exchange IPv4 routes with MPLS
labels of the provider edge (PE) routers. Route reflectors (RRs) exchange VPN-IPv4 routes by using
multihop, multiprotocol external Border Gateway Protocol (eBGP). This method of configuring the
Inter-AS system is often called MPLS VPN Inter-AS BGP Label Distribution.
Configuring the Inter-AS system so that the ASBRs exchange the IPv4 routes and MPLS labels has these
benefits:
CE-1 CE-2
CE-3 CE-4
CE-5
PE-1 PE-2 PE-3
CEGBP-1 CEBGP-2
Core of P
routers
Core of P
routers
43880
Sub-AS2 with
IGP-2
Sub-AS1 with
IGP-1
eBGP intraconfederation
for VPNv4 routes with label
distribution
Service Provider 1 Service Provider 1
VPN 1
VPN 1Implementing MPLS Layer 3 VPNs
Inter-AS Support for L3VPN
19
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Saves the ASBRs from having to store all the VPN-IPv4 routes. Using the route reflectors to store
the VPN-IPv4 routes and forward them to the PE routers results in improved scalability compared
with configurations in which the ASBR holds all the VPN-IPv4 routes and forwards the routes based
on VPN-IPv4 labels.
Having the route reflectors hold the VPN-IPv4 routes also simplifies the configuration at the border
of the network.
Enables a non-VPN core network to act as a transit network for VPN traffic. You can transport IPv4
routes with MPLS labels over a non-MPLS VPN service provider.
Eliminates the need for any other label distribution protocol between adjacent label switch routers
(LSRs). If two adjacent LSRs are also BGP peers, BGP can handle the distribution of the MPLS
labels. No other label distribution protocol is needed between the two LSRs.
Exchanging IPv4 Routes with MPLS labels
Note This section is not applicable to Inter-AS over IP tunnels.
You can set up a VPN service provider network to exchange IPv4 routes with MPLS labels. You can
configure the VPN service provider network as follows:
Route reflectors exchange VPN-IPv4 routes by using multihop, multiprotocol eBGP. This
configuration also preserves the next-hop information and the VPN labels across the autonomous
systems.
A local PE router (for example, PE1 in Figure 3) needs to know the routes and label information for
the remote PE router (PE2).
This information can be exchanged between the PE routers and ASBRs in one of two ways:
Internal Gateway Protocol (IGP) and Label Distribution Protocol (LDP): The ASBR can
redistribute the IPv4 routes and MPLS labels it learned from eBGP into IGP and LDP and from
IGP and LDP into eBGP.
Internal Border Gateway Protocol (iBGP) IPv4 label distribution: The ASBR and PE router can
use direct iBGP sessions to exchange VPN-IPv4 and IPv4 routes and MPLS labels.
Alternatively, the route reflector can reflect the IPv4 routes and MPLS labels learned from the
ASBR to the PE routers in the VPN. This reflecting of learned IPv4 routes and MPLS labels is
accomplished by enabling the ASBR to exchange IPv4 routes and MPLS labels with the route
reflector. The route reflector also reflects the VPN-IPv4 routes to the PE routers in the VPN.
For example, in VPN1, RR1 reflects to PE1 the VPN-IPv4 routes it learned and IPv4 routes and
MPLS labels learned from ASBR1. Using the route reflectors to store the VPN-IPv4 routes and
forward them through the PE routers and ASBRs allows for a scalable configuration.Implementing MPLS Layer 3 VPNs
Inter-AS Support for L3VPN
20
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Figure 3 VPNs Using eBGP and iBGP to Distribute Routes and MPLS Labels
BGP Routing Information
BGP routing information includes these items:
Network number (prefix), which is the IP address of the destination.
Autonomous system (AS) path, which is a list of the other ASs through which a route passes on the
way to the local router. The first AS in the list is closest to the local router; the last AS in the list is
farthest from the local router and usually the AS where the route began.
Path attributes, which provide other information about the AS path, for example, the next hop.
BGP Messages and MPLS Labels
MPLS labels are included in the update messages that a router sends. Routers exchange these types of
BGP messages:
Open messagesAfter a router establishes a TCP connection with a neighboring router, the routers
exchange open messages. This message contains the number of the autonomous system to which the
router belongs and the IP address of the router that sent the message.
Update messagesWhen a router has a new, changed, or broken route, it sends an update message
to the neighboring router. This message contains the NLRI, which lists the IP addresses of the usable
routes. The update message includes any routes that are no longer usable. The update message also
includes path attributes and the lengths of both the usable and unusable paths. Labels for VPN-IPv4
routes are encoded in the update message, as specified in RFC 2858. The labels for the IPv4 routes
are encoded in the update message, as specified in RFC 3107.
Keepalive messagesRouters exchange keepalive messages to determine if a neighboring router is
still available to exchange routing information. The router sends these messages at regular intervals.
(Sixty seconds is the default for Cisco routers.) The keepalive message does not contain routing
data; it contains only a message header.
Notification messagesWhen a router detects an error, it sends a notification message.
RR1
PE1
CE1 CE2
VPN1 VPN2
PE2
RR2
ASBR1 ASBR2
Multihop
Multiprotocol
VPNv4
BGP IPv4 routes
and label with
multipath support
59251Implementing MPLS Layer 3 VPNs
Inter-AS Support for L3VPN
21
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Sending MPLS Labels with Routes
When BGP (eBGP and iBGP) distributes a route, it can also distribute an MPLS label that is mapped to
that route. The MPLS label mapping information for the route is carried in the BGP update message that
contains the information about the route. If the next hop is not changed, the label is preserved.
When you issue the show bgp neighbors ip-address command on both BGP routers, the routers
advertise to each other that they can then send MPLS labels with the routes. If the routers successfully
negotiate their ability to send MPLS labels, the routers add MPLS labels to all outgoing BGP updates.
Generic Routing Encapsulation Support for L3VPN
Generic Routing Encapsulation (GRE) is a tunneling protocol that can encapsulate many types of
packets to enable data transmission using a tunnel. The GRE tunneling protocol enables:
High assurance Internet Protocol encryptor (HAIPE) devices for encryption over the public Internet
and nonsecure connections.
Service providers (that do not run MPLS in their core network) to provide VPN services along with
the security services.
Note GRE is used with IP to create a virtual point-to-point link to routers at remote points in a network. For
detailed information about configuring GRE tunnel interfaces, refer to the Cisco IOS XR Interfaces and
Hardware Components Configuration Guide. For a PE to PE (core) link, enable LDP (with implicit null)
on the GRE interfaces for L3VPN.
GRE Restriction for L3VPN
The following restrictions are applicable to L3VPN forwarding over GRE:
Carrier Supporting Carrier (CsC) or Inter-AS is not supported.
GRE-based L3VPN does not interwork with MPLS or IP VPNs.
GRE tunnel is supported only as a core link(PE-PE, PE-P, P-P, P-PE). A PE-CE (edge) link is not
supported.
VPNv6 forwarding using GRE tunnels is not supported.
VPNv4 Forwarding Using GRE Tunnels
This section describes the working of VPNv4 forwarding over GRE tunnels. The following description
assumes that GRE is used only as a core link between the encapsulation and decapsulation provider edge
(PE) routers that are connected to one or more customer edge (CE) routers.
Ingress of Encapsulation Router
On receiving prefixes from the CE routers, Border Gateway Protocol (BGP) assigns the VPN label to the
prefixes that need to be exported. These VPN prefixes are then forwarded to the Forwarding Information
Base (FIB) using the Route Information Base (RIB) or the label switched database (LSD). The FIB then
populates the prefix in the appropriate VRF table. The FIB also populates the label in the global label
table. Using BGP, the prefixes are then relayed to the remote PE router (decapsulation router).Implementing MPLS Layer 3 VPNs
Inter-AS Support for L3VPN
22
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Egress of Encapsulation Router
The forwarding behavior on egress of the encapsulation PE router is similar to the MPLS VPN label
imposition. Regardless of whether the VPN label imposition is performed on the ingress or egress side,
the GRE tunnel forwards a packet that has an associated label. This labeled packet is then encapsulated
with a GRE header and forwarded based on the IP header.
Ingress of Decapsulation Router
The decapsulation PE router learns the VPN prefixes and label information from the remote
encapsulation PE router using BGP. The next-hop information for the VPN prefix is the address of the
GRE tunnel interface connecting the two PE routers. BGP downloads these prefixes to the RIB. The RIB
downloads the routes to the FIB and the FIB installs the routes in the hardware.
Egress of Decapsulation Router
The egress forwarding behavior on the decapsulation PE router is similar to VPN disposition and
forwarding, based on the protocol type of the inner payload.Implementing MPLS Layer 3 VPNs
Carrier Supporting Carrier Support for L3VPN
23
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Carrier Supporting Carrier Support for L3VPN
This section provides conceptual information about MPLS VPN Carrier Supporting Carrier (CSC)
functionality and includes these topics:
CSC Prerequisites, page VPC-23
CSC Benefits, page VPC-23
Configuration Options for the Backbone and Customer Carriers, page VPC-24
Throughout this document, the following terminology is used in the context of CSC:
backbone carrierService provider that provides the segment of the backbone network to the other
provider. A backbone carrier offers BGP and MPLS VPN services.
customer carrierService provider that uses the segment of the backbone network. The customer
carrier may be an Internet service provider (ISP) or a BGP/MPLS VPN service provider.
CE routerA customer edge router is part of a customer network and interfaces to a provider edge (PE)
router. In this document, the CE router sits on the edge of the customer carrier network.
PE routerA provider edge router is part of a service provider's network connected to a customer edge
(CE) router. In this document, the PE router sits on the edge of the backbone carrier network
ASBRAn autonomous system boundary router connects one autonomous system to another.
CSC Prerequisites
These prerequisites are required to configure CSC:
You must be able to configure MPLS VPNs with end-to-end (CE-to-CE router) pings working.
You must be able to configure Interior Gateway Protocols (IGPs), MPLS Label Distribution Protocol
(LDP), and Multiprotocol Border Gateway Protocol (MP-BGP).
You must ensure that CSC-PE and CSC-CE routers support BGP label distribution.
Note BGP is the only supported label distribution protocol on the link between CE and PE.
CSC Benefits
This section describes the benefits of CSC to the backbone carrier and customer carriers.
Benefits to the Backbone Carrier
The backbone carrier can accommodate many customer carriers and give them access to its
backbone.
The MPLS VPN carrier supporting carrier feature is scalable.
The MPLS VPN carrier supporting carrier feature is a flexible solution.
Benefits to the Customer Carriers
The MPLS VPN carrier supporting carrier feature removes from the customer carrier the burden of
configuring, operating, and maintaining its own backbone.Implementing MPLS Layer 3 VPNs
Carrier Supporting Carrier Support for L3VPN
24
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Customer carriers who use the VPN services provided by the backbone carrier receive the same level
of security that Frame Relay or ATM-based VPNs provide.
Customer carriers can use any link layer technology to connect the CE routers to the PE routers.
The customer carrier can use any addressing scheme and still be supported by a backbone carrier.
Benefits of Implementing MPLS VPN CSC Using BGP
The benefits of using BGP to distribute IPv4 routes and MPLS label routes are:
BGP takes the place of an IGP and LDP in a VPN forwarding and routing instance (VRF) table.
BGP is the preferred routing protocol for connecting two ISPs,
Configuration Options for the Backbone and Customer Carriers
To enable CSC, the backbone and customer carriers must be configured accordingly:
The backbone carrier must offer BGP and MPLS VPN services.
The customer carrier can take several networking forms. The customer carrier can be:
An ISP with an IP core (see the Customer Carrier: ISP with IP Core section on page MPC-24).
An MPLS service provider with or without VPN services (see Customer Carrier: MPLS
Service Provider section on page MPC-25).
Note An IGP in the customer carrier network is used to distribute next hops and loopbacks to the CSC-CE.
IBGP with label sessions are used in the customer carrier network to distribute next hops and loopbacks
to the CSC-CE.
Customer Carrier: ISP with IP Core
Figure 4 shows a network configuration where the customer carrier is an ISP. The customer carrier has
two sites, each of which is a point of presence (POP). The customer carrier connects these sites using a
VPN service provided by the backbone carrier. The backbone carrier uses MPLS or IP tunnels to provide
VPN services. The ISP sites use IP.
Figure 4 Network: Customer Carrier Is an ISP
The links between the CE and PE routers use eBGP to distribute IPv4 routes and MPLS labels. Between
the links, the PE routers use multiprotocol iBGP to distribute VPNv4 routes.
ISP site 1
CSC-CE1
IP IP MPLS
CSC-PE1 CSC-PE2 CSC-CE2
Backbone carrier ISP site 2
50846Implementing MPLS Layer 3 VPNs
Carrier Supporting Carrier Support for L3VPN
25
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Customer Carrier: MPLS Service Provider
Figure 5 shows a network configuration where the backbone carrier and the customer carrier are
BGP/MPLS VPN service providers. The customer carrier has two sites. The customer carrier uses MPLS
in its network while the backbone carrier may use MPLS or IP tunnels in its network.
Figure 5 Network: Customer Carrier Is an MPLS VPN Service Provider
In this configuration (Figure 5), the customer carrier can configure its network in one of these ways:
The customer carrier can run an IGP and LDP in its core network. In this case, the CSC-CE1 router
in the customer carrier redistributes the eBGP routes it learns from the CSC-PE1 router of the
backbone carrier to an IGP.
The CSC-CE1 router of the customer carrier system can run an IPv4 and labels iBGP session with
the PE1 router.
CE1 PE1
Customer carrier
MPLS VPN SP
Backbone carrier
MPLS VPN SP
Customer carrier
MPLS VPN SP
CSC-CE1 CSC-PE1 CSC-PE2
IPv4 +
labels
IPv4 +
labels
CSC-CE2 PE2 CE2
MP-IBGP exchanging VPNv4 prefixes
MP-IBGP exchanging VPNv4 prefixes
65682Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
26
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
How to Implement MPLS Layer 3 VPNs
This section contains instructions for these tasks:
Configuring the Core Network, page VPC-26
Connecting MPLS VPN Customers, page VPC-29
Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with
ASBRs Exchanging IPv4 Routes and MPLS Labels, page VPC-50 (optional)
Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS VPN Inter-AS with
ASBRs Exchanging VPN-IPv4 Addresses, page VPC-59 (optional)
Configuring Carrier Supporting Carrier, page VPC-70 (optional)
Verifying the MPLS Layer 3 VPN Configuration, page VPC-80
Configuring L3VPN over GRE, page VPC-83
Configuring the Core Network
Configuring the core network includes these tasks:
Assessing the Needs of MPLS VPN Customers, page VPC-26
Configuring Routing Protocols in the Core, page VPC-27
Configuring MPLS in the Core, page VPC-27
Determining if FIB Is Enabled in the Core, page VPC-27
Configuring Multiprotocol BGP on the PE Routers and Route Reflectors, page VPC-28
Assessing the Needs of MPLS VPN Customers
Before configuring an MPLS VPN, the core network topology must be identified so that it can best serve
MPLS VPN customers. Perform this task to identify the core network topology.
SUMMARY STEPS
1. Identify the size of the network.
2. Identify the routing protocols in the core.
3. Determine if MPLS High Availability support is required.
4. Determine if BGP load sharing and redundant paths are required.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
27
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
DETAILED STEPS
Configuring Routing Protocols in the Core
To configure a routing protocol, see the Cisco ASR 9000 Series Aggregation Services Routers Routing
Configuration Guide.
Configuring MPLS in the Core
To enable MPLS on all routers in the core, you must configure a Label Distribution Protocol (LDP). You
can use either of these as an LDP:
MPLS LDPSee the Implementing MPLS Label Distribution Protocol on
Cisco ASR 9000 Series Routersfor configuration information.
MPLS Traffic Engineering Resource Reservation Protocol (RSVP)See Implementing RSVP for
MPLS-TE on Cisco ASR 9000 Series Routers module in this document for configuration
information.
Determining if FIB Is Enabled in the Core
Forwarding Information Base (FIB) must be enabled on all routers in the core, including the provider
edge (PE) routers. For information on how to determine if FIB is enabled, see the Implementing
Cisco Express Forwarding on Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series
Aggregation Services Router IP Addresses and Services Configuration Guide.
Command or Action Purpose
Step 1 Identify the size of the network. Identify these to determine the number of routers and ports
required:
How many customers will be supported?
How many VPNs are required for each customer?
How many virtual routing and forwarding (VRF)
instances are there for each VPN?
Step 2 Identify the routing protocols in the core. Determine which routing protocols are required in the core
network.
Step 3 Determine if MPLS High Availability support is
required.
MPLS VPN nonstop forwarding and graceful restart are
supported on select routers and Cisco IOS XR software
releases.
Step 4 Determine if BGP load sharing and redundant paths
are required.
Determine if BGP load sharing and redundant paths in the
MPLS VPN core are required.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
28
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring Multiprotocol BGP on the PE Routers and Route Reflectors
Perform this task to configure multiprotocol BGP (MP-BGP) connectivity on the PE routers and route
reflectors.
SUMMARY STEPS
1. configure
2. router bgp autonomous-system-number
3. address-family vpnv4 unicast
4. neighbor ip-address remote-as autonomous-system-number
5. address-family vpnv4 unicast
end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Enters BGP configuration mode allowing you to configure
the BGP routing process.
Step 3 address-family vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family vpnv4 unicast
Enters VPNv4 address family configuration mode for the
VPNv4 address family.
Step 4 neighbor ip-address remote-as
autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24 remote-as 2002
Creates a neighbor and assigns it a remote autonomous
system number.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
29
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Connecting MPLS VPN Customers
To connect MPLS VPN customers to the VPN, perform these tasks:
Defining VRFs on the PE Routers to Enable Customer Connectivity, page VPC-30
Configuring VRF Interfaces on PE Routers for Each VPN Customer, page VPC-32
Configuring BGP as the Routing Protocol Between the PE and CE Routers, page VPC-34 (optional)
Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers, page VPC-38
(optional)
Configuring Static Routes Between the PE and CE Routers, page VPC-41 (optional)
Configuring OSPF as the Routing Protocol Between the PE and CE Routers, page VPC-42
(optional)
Configuring EIGRP as the Routing Protocol Between the PE and CE Routers, page VPC-45
(optional)
Configuring EIGRP Redistribution in the MPLS VPN, page VPC-48 (optional)
Step 5 address-family vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family vpnv4 unicast
Enters VPNv4 address family configuration mode for the
VPNv4 address family.
Step 6 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting (yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
30
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Defining VRFs on the PE Routers to Enable Customer Connectivity
Perform this task to define VPN routing and forwarding (VRF) instances.
SUMMARY STEPS
1. configure
2. vrf vrf-name
3. address-family ipv4 unicast
4. import route-policy policy-name
5. import route-target [as-number:nn | ip-address:nn]
6. export route-policy policy-name
7. export route-target [as-number:nn | ip-address:nn]
8. exit
9. exit
10. router bgp autonomous-system-number
11. vrf vrf-name
12. rd {as-number | ip-address | auto}
13. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config)# vrf vrf_1
Configures a VRF instance and enters VRF configuration
mode.
Step 3 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Enters VRF address family configuration mode for the IPv4
address family.
Step 4 import route-policy policy-name
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)# import
route-policy policy_A
Specifies a route policy that can be imported into the local
VPN.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
31
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 5 import route-target [as-number:nn |
ip-address:nn]
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)# import
route-target 120:1
Allows exported VPN routes to be imported into the VPN if
one of the route targets of the exported route matches one of
the local VPN import route targets.
Step 6 export route-policy policy-name
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)# export
route-policy policy_B
Specifies a route policy that can be exported from the local
VPN.
Step 7 export route-target [as-number:nn |
ip-address:nn]
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)# export
route-target 120:2
Associates the local VPN with a route target. When the
route is advertised to other provider edge (PE) routers, the
export route target is sent along with the route as an
extended community.
Step 8 exit
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)# exit
Exits VRF address family configuration mode and returns
the router to VRF configuration mode.
Step 9 exit
Example:
RP/0/RSP0/CPU0:router(config-vrf)# exit
Exits VRF configuration mode and returns the router to
global configuration mode.
Step 10 router bgp autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Enters BGP configuration mode allowing you to configure
the BGP routing process.
Step 11 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_1
Configures a VRF instance and enters VRF configuration
mode for BGP routing.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
32
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring VRF Interfaces on PE Routers for Each VPN Customer
Perform this task to associate a VPN routing and forwarding (VRF) instance with an interface or a
subinterface on the PE routers.
Note You must remove IPv4/IPv6 addresses from an interface prior to assigning, removing, or changing an
interface's VRF. If this is not done in advance, any attempt to change the VRF on an IP interface is
rejected.
SUMMARY STEPS
1. configure
2. interface type interface-path-id
3. vrf vrf-name
4. ipv4 address ipv4-address mask
5. end
or
commit
Step 12 rd {as-number | ip-address | auto}
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# rd auto
Automatically assigns a unique route distinguisher (RD) to
vrf_1.
Step 13 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# end
or
RP/0/RSP0/CPU0:router(config-bgp-vrf)# commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
33
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface
GigabitEthernet 0/3/0/0
Enters interface configuration mode.
Step 3 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-if)# vrf vrf_A
Configures a VRF instance and enters VRF configuration
mode.
Step 4 ipv4 address ipv4-address mask
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4 address
192.168.1.27 255.255.255.0
Configures a primary IPv4 address for the specified
interface.
Step 5 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
34
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring BGP as the Routing Protocol Between the PE and CE Routers
Perform this task to configure PE-to-CE routing sessions using BGP.
SUMMARY STEPS
1. configure
2. router bgp autonomous-system-number
3. bgp router-id {ip-address}
4. vrf vrf-name
5. label-allocation-mode per-ce
6. address-family ipv4 unicast
7. redistribute connected [metric metric-value] [route-policy route-policy-name]
or
redistribute isis process-id [level {1 | 1-inter-area | 2}] [metric metric-value] [route-policy
route-policy-name]
or
redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric
metric-value] [route-policy route-policy-name]
or
redistribute static [metric metric-value] [route-policy route-policy-name]
8. aggregate-address address/mask-length [as-set] [as-confed-set] [summary-only] [route-policy
route-policy-name]
9. network {ip-address/prefix-length | ip-address mask} [route-policy route-policy-name]
10. exit
11. neighbor ip-address
12. remote-as autonomous-system-number
13. password {clear | encrypted} password
14. ebgp-multihop [ttl-value]
15. address-family ipv4 unicast
16. allowas-in [as-occurrence-number]
17. route-policy route-policy-name in
18. route-policy route-policy-name out
19. end
or
commitImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
35
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Enters Border Gateway Protocol (BGP) configuration mode
allowing you to configure the BGP routing process.
Step 3 bgp router-id {ip-address}
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
router-id 192.168.70.24
Configures the local router with a router ID of
192.168.70.24.
Step 4 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf_1
Configures a VPN routing and forwarding (VRF) instance
and enters VRF configuration mode for BGP routing.
Step 5 label-allocation-mode per-ce
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
label-allocation-mode per-ce
Sets the MPLS VPN label allocation mode for each
customer edge (CE) label mode allowing the provider edge
(PE) router to allocate one label for every immediate
next-hop.
Step 6 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
address-family ipv4 unicast
Enters VRF address family configuration mode for the IPv4
address family.
Step 7 redistribute connected [metric metric-value]
[route-policy route-policy-name]
or
redistribute isis process-id [level {1 |
1-inter-area | 2}] [metric metric-value]
[route-policy route-policy-name]
or
redistribute ospf process-id [match {external
[1 | 2] | internal | nssa-external [1 | 2]}]
[metric metric-value] [route-policy
route-policy-name]
or
redistribute static [metric metric-value]
[route-policy route-policy-name]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
redistribute connected
Causes routes to be redistributed into BGP. The routes that
can be redistributed into BGP are:
Connected
Intermediate System-to-Intermediate System (IS-IS)
Open Shortest Path First (OSPF)
StaticImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
36
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 8 aggregate-address address/mask-length [as-set]
[as-confed-set] [summary-only] [route-policy
route-policy-name]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
aggregate-address 10.0.0.0/8 as-set
Creates an aggregate address. The path advertised for this
route is an autonomous system set consisting of all elements
contained in all paths that are being summarized.
The as-set keyword generates autonomous system set
path information and community information from
contributing paths.
The as-confed-set keyword generates autonomous
system confederation set path information from
contributing paths.
The summary-only keyword filters all more specific
routes from updates.
The route-policy route-policy-name keyword and
argument specify the route policy used to set the
attributes of the aggregate route.
Step 9 network {ip-address/prefix-length | ip-address
mask} [route-policy route-policy-name]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
network 172.20.0.0/16
Configures the local router to originate and advertise the
specified network.
Step 10 exit
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)# exit
Exits VRF address family configuration mode and returns
the router to VRF configuration mode for BGP routing.
Step 11 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# neighbor
172.168.40.24
Places the router in VRF neighbor configuration mode for
BGP routing and configures the neighbor IP address
172.168.40.24 as a BGP peer.
Step 12 remote-as autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
remote-as 2002
Creates a neighbor and assigns it a remote autonomous
system number.
Step 13 password {clear | encrypted} password
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
password clear pswd123
Configures neighbor 172.168.40.24 to use MD5
authentication with the password pswd123.
Step 14 ebgp-multihop [ttl-value]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
ebgp-multihop
Allows a BGP connection to neighbor 172.168.40.24.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
37
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 15 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
address-family ipv4 unicast
Enters VRF neighbor address family configuration mode
for BGP routing.
Step 16 allowas-in [as-occurrence-number]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
allowas-in 3
Replaces the neighbor autonomous system number (ASN)
with the PE ASN in the AS path three times.
Step 17 route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
route-policy In-Ipv4 in
Applies the In-Ipv4 policy to inbound IPv4 unicast routes.
Step 18 route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
route-policy In-Ipv4 in
Applies the In-Ipv4 policy to outbound IPv4 unicast routes.
Step 19 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
end
or
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
38
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring RIPv2 as the Routing Protocol Between the PE and CE Routers
Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions using Routing
Information Protocol version 2 (RIPv2).
SUMMARY STEPS
1. configure
2. router rip
3. vrf vrf-name
4. interface type instance
5. site-of-origin {as-number:number | ip-address:number}
6. exit
7. redistribute bgp as-number [[external | internal | local] [route-policy name]
or
redistribute connected [route-policy name]
or
redistribute isis process-id [level-1 | level-1-2 | level-2] [route-policy name]
or
redistribute eigrp as-number [route-policy name]
or
redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}]
[route-policy name]
or
redistribute static [route-policy name]
8. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router rip
Example:
RP/0/RSP0/CPU0:router(config)# router rip
Enters the Routing Information Protocol (RIP)
configuration mode allowing you to configure the RIP
routing process.
Step 3 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-rip)# vrf vrf_1
Configures a VPN routing and forwarding (VRF) instance
and enters VRF configuration mode for RIP routing.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
39
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 4 interface type instance
Example:
RP/0/RSP0/CPU0:router(config-rip-vrf)#
interface GigabitEthernet 0/3/0/0
Enters VRF interface configuration mode.
Step 5 site-of-origin {as-number:number |
ip-address:number}
Example:
RP/0/RSP0/CPU0:router(config-rip-vrf-if)#
site-of-origin 200:1
Identifies routes that have originated from a site so that the
re-advertisement of that prefix back to the source site can be
prevented. Uniquely identifies the site from which a PE
router has learned a route.
Step 6 exit
Example:
RP/0/RSP0/CPU0:router(config-rip-vrf-if)# exit
Exits VRF interface configuration mode, and returns the
router to VRF configuration mode for RIP routing.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
40
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 7 redistribute bgp as-number [[external |
internal | local] [route-policy name]
or
redistribute connected [route-policy name]
or
redistribute eigrp as-number [route-policy
name]
or
redistribute isis process-id [level-1 |
level-1-2 | level-2] [route-policy name]
or
redistribute ospf process-id [match {external
[1 | 2] | internal | nssa-external [1 | 2]}]
[route-policy name]
or
redistribute static [route-policy name]
Example:
RP/0/RSP0/CPU0:router(config-rip-vrf)#
redistribute connected
Causes routes to be redistributed into RIP. The routes that
can be redistributed into RIP are:
Border Gateway Protocol (BGP)
Connected
Enhanced Interior Gateway Routing Protocol (EIGRP)
Intermediate System-to-Intermediate System (IS-IS)
Open Shortest Path First (OSPF)
Static
Step 8 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-rip-vrf)# end
or
RP/0/RSP0/CPU0:router(config-rip-vrf)# commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
41
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring Static Routes Between the PE and CE Routers
Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use static
routes.
Note You must remove IPv4/IPv6 addresses from an interface prior to assigning, removing, or changing an
interface's VRF. If this is not done in advance, any attempt to change the VRF on an IP interface is
rejected.
SUMMARY STEPS
1. configure
2. router static
3. vrf vrf-name
4. address-family ipv4 unicast
5. prefix/mask [vrf vrf-name] {ip-address | type interface-path-id}
6. prefix/mask [vrf vrf-name] bfd fast-detect
7. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router static
Example:
RP/0/RSP0/CPU0:router(config)# router static
Enters static routing configuration mode allowing you to
configure the static routing process.
Step 3 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-static)# vrf vrf_1
Configures a VPN routing and forwarding (VRF) instance
and enters VRF configuration mode for static routing.
Step 4 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-static-vrf)#
address-family ipv4 unicast
Enters VRF address family configuration mode for the IPv4
address family.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
42
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring OSPF as the Routing Protocol Between the PE and CE Routers
Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use Open
Shortest Path First (OSPF).
SUMMARY STEPS
1. configure
2. router ospf process-name
3. vrf vrf-name
4. router-id {router-id | type interface-path-id}
5. redistribute bgp process-id [metric metric-value] [metric-type {1 | 2}] [route-policy
policy-name] [tag tag-value]
or
redistribute connected [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name]
[tag tag-value]
Step 5 prefix/mask [vrf vrf-name] {ip-address | type
interface-path-id}
Example:
RP/0/RSP0/CPU0:router(config-static-vrf-afi)#
172.168.40.24/24 vrf vrf_1 10.1.1.1
Assigns the static route to vrf_1.
Step 6 prefix/mask [vrf vrf-name] bfd fast-detect
Example:
RP/0/RSP0/CPU0:router(config-static-vrf-afi)#
172.168.40.24/24 vrf vrf_1 bfd fast-detect
Enables bidirectional forwarding detection (BFD) to detect
failures in the path between adjacent forwarding engines.
This option is available is when the forwarding router
address is specified in Step 5.
Step 7 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-static-vrf-afi)#
end
or
RP/0/RSP0/CPU0:router(config-static-vrf-afi)#
commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
43
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
or
redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric
metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]
or
redistribute static [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag
tag-value]
or
redistribute eigrp process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric
metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]
or
redistribute rip [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag
tag-value]
6. area area-id
7. interface type interface-path-id
8. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router ospf process-name
Example:
RP/0/RSP0/CPU0:router(config)# router ospf 109
Enters OSPF configuration mode allowing you to configure
the OSPF routing process.
Step 3 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-ospf)# vrf vrf_1
Configures a VPN routing and forwarding (VRF) instance
and enters VRF configuration mode for OSPF routing.
Step 4 router-id {router-id | type interface-path-id}
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)#
router-id 172.20.10.10
Configures the router ID for the OSPF routing process.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
44
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 5 redistribute bgp process-id [metric
metric-value] [metric-type {1 | 2}]
[route-policy policy-name] [tag tag-value]
or
redistribute connected [metric metric-value]
[metric-type {1 | 2}] [route-policy
policy-name] [tag tag-value]
or
redistribute ospf process-id [match {external
[1 | 2] | internal | nssa-external [1 | 2]}]
[metric metric-value] [metric-type {1 | 2}]
[route-policy policy-name] [tag tag-value]
or
redistribute static [metric metric-value]
[metric-type {1 | 2}] [route-policy
policy-name] [tag tag-value]
or
redistribute eigrp process-id [match {external
[1 | 2] | internal | nssa-external [1 |
2]]}[metric metric-value] [metric-type {1 | 2}]
[route-policy policy-name] [tag tag-value]
or
redistribute rip [metric metric-value]
[metric-type {1 | 2}] [route-policy
policy-name] [tag tag-value]
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)#
redistribute connected
Causes routes to be redistributed into OSPF. The routes that
can be redistributed into OSPF are:
Border Gateway Protocol (BGP)
Connected
Enhanced Interior Gateway Routing Protocol (EIGRP)
OSPF
Static
Routing Information Protocol (RIP)
Step 6 area area-id
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)# area 0
Configures the OSPF area as area 0.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
45
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring EIGRP as the Routing Protocol Between the PE and CE Routers
Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use
Enhanced Interior Gateway Routing Protocol (EIGRP).
Using EIGRP between the PE and CE routers allows you to transparently connect EIGRP customer
networks through an MPLS-enable Border Gateway Protocol (BGP) core network so that EIGRP routes
are redistributed through the VPN across the BGP network as internal BGP (iBGP) routes.
Prerequisites
BGP must configured in the network. See the Implementing BGP on Cisco ASR 9000 Series Routers
module in Cisco ASR 9000 Series Aggregation Services Routers Routing Configuration Guide.
Note You must remove IPv4/IPv6 addresses from an interface prior to assigning, removing, or changing an
interface's VRF. If this is not done in advance, any attempt to change the VRF on an IP interface is
rejected.
Step 7 interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf-ar)#
interface GigabitEthernet 0/3/0/0
Associates interface GigabitEthernet 0/3/0/0 with area 0.
Step 8 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf-ar-if)#
end
or
RP/0/RSP0/CPU0:router(config-ospf-vrf-ar-if)#
commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
46
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
SUMMARY STEPS
1. configure
2. router eigrp as-number
3. vrf vrf-name
4. address-family ipv4
5. router-id router-id
6. autonomous-system as-number
7. default-metric bandwidth delay reliability loading mtu
8. redistribute {{bgp | connected | isis | ospf| rip | static} [as-number | instance-name]}
[route-policy name]
9. interface type interface-path-id
10. site-of-origin {as-number:number | ip-address:number}
11. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp 24
Enters EIGRP configuration mode allowing you to
configure the EIGRP routing process.
Step 3 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-eigrp)# vrf vrf_1
Configures a VPN routing and forwarding (VRF) instance
and enters VRF configuration mode for EIGRP routing.
Step 4 address-family ipv4
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf)#
address family ipv4
Enters VRF address family configuration mode for the IPv4
address family.
Step 5 router-id router-id
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
router-id 172.20.0.0
Configures the router ID for the Enhanced Interior Gateway
Routing Protocol (EIGRP) routing process.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
47
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 6 autonomous-system as-number
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
autonomous-system 6
Configures the EIGRP routing process to run within a VRF.
Step 7 default-metric bandwidth delay reliability
loading mtu
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
default-metric 100000 4000 200 45 4470
Sets the metrics for an EIGRP.
Step 8 redistribute {{bgp | connected | isis | ospf|
rip | static} [as-number | instance-name]}
[route-policy name]
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
redistribute connected
Causes connected routes to be redistributed into EIGRP.
Step 9 interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
interface GigabitEthernet 0/3/0/0
Associates interface GigabitEthernet 0/3/0/0 with the
EIGRP routing process.
Step 10 site-of-origin {as-number:number |
ip-address:number}
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#
site-of-origin 201:1
Configures site of origin (SoO) on interface
GigabitEthernet 0/3/0/0.
Step 11 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#
end
or
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#
commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
48
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring EIGRP Redistribution in the MPLS VPN
Perform this task for every provider edge (PE) router that provides VPN services to enable Enhanced
Interior Gateway Routing Protocol (EIGRP) redistribution in the MPLS VPN.
Prerequisites
The metric can be configured in the route-policy configuring using the redistribute command (or
configured with the default-metric command). If an external route is received from another EIGRP
autonomous system or a non-EIGRP network without a configured metric, the route is not installed in
the EIGRP database. If an external route is received from another EIGRP autonomous system or a
non-EIGRP network without a configured metric, the route is not advertised to the CE router. See the
Implementing EIGRP on Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series
Aggregation Services Routers Routing Configuration Guide.
Restrictions
Redistribution between native EIGRP VPN routing and forwarding (VRF) instances is not supported.
This behavior is designed.
SUMMARY STEPS
1. configure
2. router eigrp as-number
3. vrf vrf-name
4. address-family ipv4
5. redistribute bgp [as-number] [route-policy policy-name]
6. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router eigrp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router eigrp 24
Enters EIGRP configuration mode allowing you to
configure the EIGRP routing process.
Step 3 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-eigrp)# vrf vrf_1
Configures a VRF instance and enters VRF configuration
mode for EIGRP routing.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
49
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 4 address-family ipv4
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf)#
address family ipv4
Enters VRF address family configuration mode for the IPv4
address family.
Step 5 redistribute bgp [as-number] [route-policy
policy-name]
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af)#
redistribute bgp 24 route-policy policy_A
Causes Border Gateway Protocol (BGP) routes to be
redistributed into EIGRP.
Step 6 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#
end
or
RP/0/RSP0/CPU0:router(config-eigrp-vrf-af-if)#
commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
50
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS
VPN Inter-AS with ASBRs Exchanging IPv4 Routes and MPLS Labels
Note This section is not applicable to Inter-AS over IP tunnels.
This section contains instructions for these tasks:
Configuring ASBRs to Exchange IPv4 Routes and MPLS Labels, page VPC-50
Configuring the Route Reflectors to Exchange VPN-IPv4 Routes, page VPC-53
Configuring the Route Reflector to Reflect Remote Routes in its AS, page VPC-56
Configuring ASBRs to Exchange IPv4 Routes and MPLS Labels
Perform this task to configure the autonomous system boundary routers (ASBRs) to exchange IPv4
routes and MPLS labels.
SUMMARY STEPS
1. configure
2. router bgp autonomous-system-number
3. address-family ipv4 unicast
4. allocate-label all
5. neighbor ip-address
6. remote-as autonomous-system-number
7. address-family ipv4 labeled-unicast
8. route-policy route-policy-name in
9. route-policy route-policy-name out
10. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
RP/0/RSP0/CPU0:router(config-bgp)#
Enters Border Gateway Protocol (BGP) configuration mode
allowing you to configure the BGP routing process.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
51
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 3 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-af)#
Enters global address family configuration mode for the
IPv4 unicast address family.
Step 4 allocate-label all
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
allocate-label all
Allocates the MPLS labels for a specific IPv4 unicast or
VPN routing and forwarding (VRF) IPv4 unicast routes so
that the BGP router can send labels with BGP routes to a
neighboring router that is configured for a labeled-unicast
session.
Step 5 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor
172.168.40.24
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address
172.168.40.24 as a BGP peer.
Step 6 remote-as autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Creates a neighbor and assigns it a remote autonomous
system number.
Step 7 address-family ipv4 labeled-unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family ipv4 labeled-unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)
Enters neighbor address family configuration mode for the
IPv4 labeled-unicast address family.
Step 8 route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pass-all in
Applies a routing policy to updates that are received from a
BGP neighbor.
Use the route-policy-name argument to define the name
of the of route policy. The example shows that the route
policy name is defined as pass-all.
Use the in keyword to define the policy for inbound
routes.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
52
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 9 route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pass-all out
Applies a routing policy to updates that are sent to a BGP
neighbor.
Use the route-policy-name argument to define the name
of the of route policy. The example shows that the route
policy name is defined as pass-all.
Use the out keyword to define the policy for outbound
routes.
Step 10 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
53
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring the Route Reflectors to Exchange VPN-IPv4 Routes
Perform this task to enable the route reflectors to exchange VPN-IPv4 routes by using multihop. This
task specifies that the next-hop information and the VPN label are to be preserved across the autonomous
system.
SUMMARY STEPS
1. configure
2. router bgp autonomous-system-number
3. neighbor ip-address
4. remote-as autonomous-system-number
5. ebgp-multihop [ttl-value]
6. update-source type interface-path-id
7. address-family vpnv4 unicast
8. route-policy route-policy-name in
9. route-policy route-policy-name out
10. next-hop-unchanged
11. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
RP/0/RSP0/CPU0:router(config-bgp)#
Enters Border Gateway Protocol (BGP) configuration mode
allowing you to configure the BGP routing process.
Step 3 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
172.168.40.24
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address
172.168.40.24 as a BGP peer.
Step 4 remote-as autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Creates a neighbor and assigns it a remote autonomous
system number.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
54
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 5 ebgp-multihop [ttl-value]
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
ebgp-multihop
Enables multihop peerings with external BGP neighbors.
Step 6 update-source type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
update-source loopback0
Allows BGP sessions to use the primary IP address from a
particular interface as the local address.
Step 7 address-family vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family vpnv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
Configures VPNv4 address family.
Step 8 route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pass-all in
Applies a routing policy to updates that are received from a
BGP neighbor.
Use the route-policy-name argument to define the name
of the of route policy. The example shows that the route
policy name is defined as pass-all.
Use the in keyword to define the policy for inbound
routes.
Step 9 route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pass-all out
Applies a routing policy to updates that are sent to a BGP
neighbor.
Use the route-policy-name argument to define the name
of the of route policy. The example shows that the route
policy name is defined as pass-all.
Use the out keyword to define the policy for outbound
routes.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
55
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 10 next-hop-unchanged
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
next-hop-unchanged
Disables overwriting of the next hop before advertising to
external Border Gateway Protocol (eBGP) peers.
Step 11 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
56
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring the Route Reflector to Reflect Remote Routes in its AS
Perform this task to enable the route reflector (RR) to reflect the IPv4 routes and labels learned by the
autonomous system boundary router (ASBR) to the provider edge (PE) routers in the autonomous
system. This task is accomplished by making the ASBR and PE route reflector clients of the RR.
SUMMARY STEPS
1. configure
2. router bgp autonomous-system-number
3. address-family ipv4 unicast
4. allocate-label all
5. neighbor ip-address
6. remote-as autonomous-system-number
7. update-source type interface-path-id
8. address-family ipv4 labeled-unicast
9. route-reflector-client
10. neighbor ip-address
11. remote-as autonomous-system-number
12. update-source type interface-path-id
13. address-family ipv4 labeled-unicast
14. route-reflector-client
15. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
Enters Border Gateway Protocol (BGP) configuration mode
allowing you to configure the BGP routing process.
Step 3 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-af)#
Enters global address family configuration mode for the
IPv4 unicast address family.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
57
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 4 allocate-label all
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
allocate-label all
Allocates the MPLS labels for a specific IPv4 unicast or
VPN routing and forwarding (VRF) IPv4 unicast routes so
that the BGP router can send labels with BGP routes to a
neighboring router that is configured for a labeled-unicast
session.
Step 5 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor
172.168.40.24
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address
172.168.40.24 as an ASBR eBGP peer.
Step 6 remote-as autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Creates a neighbor and assigns it a remote autonomous
system number.
Step 7 update-source type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
update-source loopback0
Allows BGP sessions to use the primary IP address from a
particular interface as the local address.
Step 8 address-family ipv4 labeled-unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family ipv4 labeled-unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
Enters neighbor address family configuration mode for the
IPv4 labeled-unicast address family.
Step 9 route-reflector-client
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-reflector-client
Configures the router as a BGP route reflector and neighbor
172.168.40.24 as its client.
Step 10 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
neighbor 10.40.25.2
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address 10.40.25.2
as an VPNv4 iBGP peer.
Step 11 remote-as autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Creates a neighbor and assigns it a remote autonomous
system number.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
58
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 12 update-source type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
update-source loopback0
Allows BGP sessions to use the primary IP address from a
particular interface as the local address.
Step 13 address-family ipv4 labeled-unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family ipv4 labeled-unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
Enters neighbor address family configuration mode for the
IPv4 labeled-unicast address family.
Step 14 route-reflector-client
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-reflector-client
Configures the neighbor as a route reflector client.
Step 15 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
59
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Providing VPN Connectivity Across Multiple Autonomous Systems with MPLS
VPN Inter-AS with ASBRs Exchanging VPN-IPv4 Addresses
This section contains instructions for these tasks:
Configuring the ASBRs to Exchange VPN-IPv4 Addresses, page VPC-59
Configuring a Static Route to an ASBR Peer, page VPC-62
Configuring EBGP Routing to Exchange VPN Routes Between Subautonomous Systems in a
Confederation, page VPC-64
Configuring MPLS Forwarding for ASBR Confederations, page VPC-66
Configuring a Static Route to an ASBR Confederation Peer, page VPC-68
Configuring the ASBRs to Exchange VPN-IPv4 Addresses
Perform this task to configure an external Border Gateway Protocol (eBGP) autonomous system
boundary router (ASBR) to exchange VPN-IPv4 routes with another autonomous system.
SUMMARY STEPS
1. configure
2. router bgp autonomous-system-number
3. address-family vpnv4 unicast
4. retain route-target {all | route-policy route-policy-name}
5. neighbor ip-address
6. remote-as autonomous-system-number
7. address-family vpnv4 unicast
8. route-policy route-policy-name in
9. route-policy route-policy-name out
10. neighbor ip-address
11. remote-as autonomous-system-number
12. update-source type interface-path-id
13. address-family vpnv4 unicast
14. end
or
commitImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
60
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
RP/0/RSP0/CPU0:router(config-bgp)#
Enters Border Gateway Protocol (BGP) configuration mode
allowing you to configure the BGP routing process.
Step 3 address-family vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family vpnv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-af)#
Configures VPNv4 address family.
Step 4 retain route-target {all | route-policy
route-policy-name}
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# retain
route-target route-policy policy1
Retrieves VPNv4 table from PE routers.
The retain route-target command is required on an
Inter-AS option B ASBR. You can use this command with
either all or route-policy keyword
Step 5 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor
172.168.40.24
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address
172.168.40.24 as an ASBR eBGP peer.
Step 6 remote-as autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Creates a neighbor and assigns it a remote autonomous
system number.
Step 7 address-family vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family vpnv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
Configures VPNv4 address family.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
61
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 8 route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pass-all in
Applies a routing policy to updates that are received from a
BGP neighbor.
Use the route-policy-name argument to define the name
of the of route policy. The example shows that the route
policy name is defined as pass-all.
Use the in keyword to define the policy for inbound
routes.
Step 9 route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pass-all out
Applies a routing policy to updates that are sent from a BGP
neighbor.
Use the route-policy-name argument to define the name
of the of route policy. The example shows that the route
policy name is defined as pass-all.
Use the out keyword to define the policy for outbound
routes.
Step 10 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
neighbor 10.40.25.2
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address 10.40.25.2
as an VPNv4 iBGP peer.
Step 11 remote-as autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Creates a neighbor and assigns it a remote autonomous
system number.
Step 12 update-source type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
update-source loopback0
Allows BGP sessions to use the primary IP address from a
particular interface as the local address.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
62
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring a Static Route to an ASBR Peer
Perform this task to configure a static route to an ASBR peer.
SUMMARY STEPS
1. configure
2. router static
3. address-family ipv4 unicast
4. A.B.C.D/length next-hop
5. end
or
commit
Step 13 address-family vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family vpnv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
Configures VPNv4 address family.
Step 14 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
63
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router static
Example:
RP/0/RSP0/CPU0:router(config)# router static
RP/0/RSP0/CPU0:router(config-static)#
Enters router static configuration mode.
Step 3 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-static)#
address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-static-afi)#
Enables an IPv4 address family.
Step 4 A.B.C.D/length next-hop
Example:
RP/0/RSP0/CPU0:router(config-static-afi)#
10.10.10.10/32 10.9.9.9
Enters the address of the destination router (including IPv4
subnet mask).
Step 5 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-static-afi)# end
or
RP/0/RSP0/CPU0:router(config-static-afi)#
commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
64
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring EBGP Routing to Exchange VPN Routes Between Subautonomous Systems in a
Confederation
Perform this task to configure external Border Gateway Protocol (eBGP) routing to exchange VPN
routes between subautonomous systems in a confederation.
Note To ensure that host routes for VPN-IPv4 eBGP neighbors are propagated (by means of the Interior
Gateway Protocol [IGP]) to other routers and PE routers, specify the redistribute connected command
in the IGP configuration portion of the confederation eBGP (CEBGP) router. If you are using Open
Shortest Path First (OSPF), make sure that the OSPF process is not enabled on the CEBGP interface in
which the redistribute connected subnet exists.
SUMMARY STEPS
1. configure
2. router bgp autonomous-system-number
3. bgp confederation peers peer autonomous-system-number
4. bgp confederation identifier autonomous-system-number
5. address-family vpnv4 unicast
6. neighbor ip-address
7. remote-as autonomous-system-number
8. address-family vpnv4 unicast
9. route-policy route-policy-name in
10. route-policy route-policy-name out
11. next-hop-self
12. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
RP/0/RSP0/CPU0:router(config-bgp)#
Enters BGP configuration mode allowing you to configure
the BGP routing process.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
65
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 3 bgp confederation peers peer
autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
confederation peers 8
Configures the peer autonomous system number that
belongs to the confederation.
Step 4 bgp confederation identifier
autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
confederation identifier 5
Specifies the autonomous system number for the
confederation ID.
Step 5 address-family vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family vpnv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-af)#
Configures VPNv4 address family.
Step 6 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor
10.168.40.24
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address
10.168.40.24 as a BGP peer.
Step 7 remote-as autonomous-system-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 2002
Creates a neighbor and assigns it a remote autonomous
system number.
Step 8 address-family vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family vpnv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
Configures VPNv4 address family.
Step 9 route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy In-Ipv4 in
Applies a routing policy to updates received from a BGP
neighbor.
Step 10 route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy Out-Ipv4 out
Applies a routing policy to updates advertised to a BGP
neighbor.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
66
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring MPLS Forwarding for ASBR Confederations
Perform this task to configure MPLS forwarding for autonomous system boundary router (ASBR)
confederations (in BGP) on a specified interface.
Note This configuration adds the implicit NULL rewrite corresponding to the peer associated with the
interface, which is required to prevent BGP from automatically installing rewrites by LDP (in multihop
instances).
SUMMARY STEPS
1. configure
2. router bgp as-number
3. mpls activate
4. interface type interface-path-id
5. end
or
commit
Step 11 next-hop-self
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
next-hop-self
Disables next-hop calculation and let you insert your own
address in the next-hop field of BGP updates.
Step 12 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
67
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 120
RP/0/RSP0/CPU0:router(config-bgp)
Enters BGP configuration mode allowing you to
configure the BGP routing process.
Step 3 mpls activate
Example:
RP/0/RSP0/CPU0:router(config-bgp)# mpls activate
RP/0/RSP0/CPU0:router(config-bgp-mpls)#
Enters BGP MPLS activate configuration mode.
Step 4 interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-bgp-mpls)# interface
GigabitEthernet 0/3/0/0
Enables MPLS on the interface.
Step 5 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-mpls)# end
or
RP/0/RSP0/CPU0:router(config-bgp-mpls)# commit
Saves configuration changes.
When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to
the running configuration file, exits the
configuration session, and returns the
router to EXEC mode.
Entering no exits the configuration session
and returns the router to EXEC mode
without committing the configuration
changes.
Entering cancel leaves the router in the
current configuration session without
exiting or committing the configuration
changes.
Use the commit command to save the
configuration changes to the running
configuration file and remain within the
configuration session.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
68
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring a Static Route to an ASBR Confederation Peer
Perform this task to configure a static route to an Inter-AS confederation peer. For more detailed
information, see Configuring a Static Route to a Peer section on page MPC-78.
SUMMARY STEPS
1. configure
2. router static
3. address-family ipv4 unicast
4. A.B.C.D/length next-hop
5. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router static
Example:
RP/0/RSP0/CPU0:router(config)# router static
RP/0/RSP0/CPU0:router(config-static)#
Enters router static configuration mode.
Step 3 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-static)#
address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-static-afi)#
Enables an IPv4 address family.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
69
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 4 A.B.C.D/length next-hop
Example:
RP/0/RSP0/CPU0:router(config-static-afi)#
10.10.10.10/32 10.9.9.9
Enters the address of the destination router (including IPv4
subnet mask).
Step 5 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-static-afi)# end
or
RP/0/RSP0/CPU0:router(config-static-afi)#
commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
70
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring Carrier Supporting Carrier
Perform the tasks in this section to configure Carrier Supporting Carrier (CSC):
Identifying the Carrier Supporting Carrier Topology, page VPC-70
Configuring the Backbone Carrier Core, page VPC-71
Configuring the CSC-PE and CSC-CE Routers, page VPC-71
Configuring a Static Route to a Peer, page VPC-78
Identifying the Carrier Supporting Carrier Topology
Before you configure the MPLS VPN CSC with BGP, you must identify both the backbone and customer
carrier topology.
Note You can connect multiple CSC-CE routers to the same PE, or you can connect a single CSC-CE router
to multiple CSC-PEs using more than one CSC-CE interface to provide redundancy and multiple path
support in a CSC topology.
Perform this task to identify the carrier supporting carrier topology.
SUMMARY STEPS
1. Identify the type of customer carrier, ISP, or MPLS VPN service provider.
2. Identify the CE routers.
3. Identify the customer carrier core router configuration.
4. Identify the customer carrier edge (CSC-CE) routers.
5. Identify the backbone carrier router configuration.
DETAILED STEPS
Command or Action Purpose
Step 1 Identify the type of customer carrier, ISP, or MPLS
VPN service provider.
Sets up requirements for configuration of carrier supporting
carrier network.
Step 2 Identify the CE routers. Sets up requirements for configuration of CE to PE
connections.
Step 3 Identify the customer carrier core router configuration. Sets up requirements for configuration between core (P)
routers and between P routers and edge routers (PE and
CSC-CE routers).
Step 4 Identify the customer carrier edge (CSC-CE) routers. Sets up requirements for configuration of CSC-CE to
CSC-PE connections.
Step 5 Identify the backbone carrier router configuration. Sets up requirements for configuration between CSC core
routers and between CSC core routers and edge routers
(CSC-CE and CSC-PE routers).Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
71
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring the Backbone Carrier Core
Configuring the backbone carrier core requires setting up connectivity and routing functions for the CSC
core and the CSC-PE routers. To do so, you must complete these high-level tasks:
Verify IP connectivity in the CSC core.
Verify LDP configuration in the CSC core.
Note This task is not applicable to CSC over IP tunnels.
Configure VRFs for CSC-PE routers.
Configure multiprotocol BGP for VPN connectivity in the backbone carrier.
Configuring the CSC-PE and CSC-CE Routers
Perform these tasks to configure links between a CSC-PE router and the carrier CSC-CE router for an
MPLS VPN CSC network that uses BGP to distribute routes and MPLS labels:
Configuring a CSC-PE
Configuring a CSC-CE
Figure 6 shows the configuration for the peering with directly connected interfaces between CSC-PE and
CSC-CE routers. This configuration is used as the example in the tasks that follow.
Figure 6 Configuration for Peering with Directly Connected Interfaces Between CSC-PE and
CSC-CE Routers
Configuring a CSC-PE
Perform this task to configure a CSC-PE.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family vpnv4 unicast
4. neighbor A.B.C.D
5. remote-as as-number
6. update-source type interface-path-id
7. address-family vpnv4 unicast
8. vrf vrf-name
9. rd {as-number:nn | ip-address:nn | auto}
CSC-CE
e1/0 e1/0
10.0.0.1 10.0.0.2
CSC-PE 121190Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
72
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
10. address-family ipv4 unicast
11. allocate-label all
12. neighbor A.B.C.D
13. remote-as as-number
14. address-family ipv4 labeled-unicast
15. route-policy route-policy-name in
16. route-policy route-policy-name out
17. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 2
RP/0/RSP0/CPU0:router(config-bgp)#
Configures a BGP routing process and enters router
configuration mode.
Range for 2-byte numbers is 1 to 65535. Range for
4-byte numbers is 1.0 to 65535.65535.
Step 3 address-family vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family vpnv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-af)#
Configures VPNv4 address family.
Step 4 neighbor A.B.C.D
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# neighbor
10.10.10.0
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
Configures the IP address for the BGP neighbor.
Step 5 remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 888
Configures the AS number for the BGP neighbor.
Step 6 update-source type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
update-source loopback0
Allows BGP sessions to use the primary IP address from a
particular interface as the local address.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
73
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 7 address-family vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family vpnv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
Configures VPNv4 unicast address family.
Step 8 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# vrf
9999
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
Configures a VRF instance.
Step 9 rd {as-number:nn | ip-address:nn | auto}
Example:
RP/0/RSP0/CPU0:router(onfig-bgp-vrf)# rd auto
Configures a route distinguisher.
Note Use the auto keyword to automatically assign a
unique route distinguisher.
Step 10 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
Configures IPv4 unicast address family.
Step 11 allocate-label all
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
allocate-label all
Allocate labels for all local prefixes and prefixes received
with labels.
Step 12 neighbor A.B.C.D
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
neighbor 10.10.10.0
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
Configures the IP address for the BGP neighbor.
Step 13 remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
remote-as 888
Enables the exchange of information with a neighboring
BGP router.
Step 14 address-family ipv4 labeled-unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
address-family ipv4 labeled-unicast
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
Configures IPv4 labeled-unicast address family.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
74
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 15 route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
route-policy pass-all in
Applies the pass-all policy to all inbound routes.
Step 16 route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
route-policy pass-all out
Applies the pass-all policy to all outbound routes.
Step 17 end
or
commit
Example:
RP/0/RSP0/CPU0:router(cconfig-bgp-vrf-nbr-af)#
end
or
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
75
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring a CSC-CE
Perform this task to configure a CSC-CE.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. address-family ipv4 unicast
4. redistribute ospf instance-number
5. allocate-label route-policy route-policy-name
6. exit
7. neighbor A.B.C.D
8. remote-as as-number
9. address-family ipv4 labeled-unicast
10. route-policy route-policy-name in
11. route-policy route-policy-name out
12. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 1
Configures a BGP routing process and enters router
configuration mode.
Range for 2-byte numbers is 1 to 65535. Range for
4-byte numbers is 1.0 to 65535.65535.
Step 3 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family ipv4 unicast
Configures IPv4 unicast address-family.
Step 4 redistribute ospf instance-number
Example:
RP/0/RSP0/CPU0:router(config-router-af)#
redistribute ospf 1
Redistributes OSPF routes into BGP.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
76
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 5 allocate-label route-policy route-policy-name
Example:
RP/0/RSP0/CPU0:router(config-router-af)#
allocate-label route-policy internal-routes
Allocates labels for those routes that match the route policy.
These labeled routes are advertised to neighbors configured
with address-family ipv4 labeled-unicast.
Step 6 exit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# exit
Exits the current configuration mode.
Step 7 neighbor A.B.C.D
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
10.0.0.1
Configures the IP address for the BGP neighbor.
Step 8 remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 1
Enables the exchange of information with a neighboring
BGP router.
Step 9 address-family ipv4 labeled-unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family ipv4 labeled-unicast
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
Configures IPv4 labeled-unicast address family.
Step 10 route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pass-all in
Applies the route-policy to all inbound routes.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
77
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 11 route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pass-all out
Applies the route-policy to all outbound routes.
Step 12 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp)# end
or
RP/0/RSP0/CPU0:router(config-bgp)# commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
78
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring a Static Route to a Peer
Perform this task to configure a static route to an Inter-AS or CSC-CE peer.
When you configure an Inter-AS or CSC peer, BGP allocates a label for a /32 route to that peer and
performs a NULL label rewrite. When forwarding a labeled packet to the peer, the router removes the
top label from the label stack; however, in such an instance, BGP expects a /32 route to the peer. This
task ensures that there is, in fact, a /32 route to the peer.
Please be aware of these facts before performing this task:
A /32 route is not required to establish BGP peering. A route using a shorter prefix length will also
work.
A shorter prefix length route is not associated with the allocated label; even though the BGP session
comes up between the peers, without the static route, forwarding will not work.
Note To configure a static route on a CSC-PE, you must configure the router under the VRF (as noted in the
detailed steps).
SUMMARY STEPS
1. configure
2. router static
3. address-family ipv4 unicast
4. A.B.C.D/length next-hop
5. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router(config)# configure
Enters global configuration mode.
Step 2 router static
Example:
RP/0/RSP0/CPU0:router(config)# router static
Enters router static configuration mode.
Step 3 address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-static)#
address-family ipv4 unicast
Enables an IPv4 address family.
Note To configure a static route on a CSC-PE, you must
first configure the VRF using the vrf command
before address-family. Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
79
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 4 A.B.C.D/length next-hop
Example:
RP/0/RSP0/CPU0:router(config-static-afi)#
10.10.10.10/32 10.9.9.9
Enters the address of the destination router (including IPv4
subnet mask).
Step 5 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-static-af)# end
or
RP/0/RSP0/CPU0:router(config-static-af)# commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
80
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Verifying the MPLS Layer 3 VPN Configuration
Perform this task to verify the MPLS Layer 3 VPN configuration.
SUMMARY STEPS
1. show running-config router bgp as-number vrf vrf-name
2. show running-config routes
3. show ospf vrf vrf-name database
4. show running-config router bgp as-number vrf vrf-name neighbor ip-address
5. show bgp vrf vrf-name summary
6. show bgp vrf vrf-name neighbors ip-address
7. show bgp vrf vrf-name
8. show route vrf vrf-name ip-address
9. show bgp vpn unicast summary
10. show running-config router isis
11. show running-config mpls
12. show isis adjacency
13. show mpls ldp forwarding
14. show bgp vpnv4 unicast
show bgp vrf vrf-name
15. show bgp vrf vrf-name imported-routes
16. show route vrf vrf-name ip-address
17. show cef vrf vrf-name ip-address
18. show cef vrf vrf-name ip-address location node-id
19. show bgp vrf vrf-name ip-address
20. show ospf vrf vrf-name database
DETAILED STEPS
Command or Action Purpose
Step 1 show running-config router bgp as-number vrf
vrf-name
Example:
RP/0/RSP0/CPU0:router# show running-config
router bgp 3 vrf vrf_A
Displays the specified VPN routing and forwarding (VRF)
content of the currently running configuration.
Step 2 show running-config routes
Example:
RP/0/RSP0/CPU0:router# show running-config
routes
Displays the Open Shortest Path First (OSPF) routes table
in the currently running configuration.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
81
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 3 show ospf vrf vrf-name database
Example:
RP/0/RSP0/CPU0:router# show ospf vrf vrf_A
database
Displays lists of information related to the OSPF database
for a specified VRF.
Step 4 show running-config router bgp as-number vrf
vrf-name neighbor ip-address
Example:
RP/0/RSP0/CPU0:router# show running-config
router bgp 3 vrf vrf_A neighbor 172.168.40.24
Displays the Border Gateway Protocol (BGP) VRF
neighbor content of the currently running configuration.
Step 5 show bgp vrf vrf-name summary
Example:
RP/0/RSP0/CPU0:router# show bgp vrf vrf_A
summary
Displays the status of the specified BGP VRF connections.
Step 6 show bgp vrf vrf-name neighbors ip-address
Example:
RP/0/RSP0/CPU0:router# show bgp vrf vrf_A
neighbors 172.168.40.24
Displays information about BGP VRF connections to the
specified neighbors.
Step 7 show bgp vrf vrf-name
Example:
RP/0/RSP0/CPU0:router# show bgp vrf vrf_A
Displays information about a specified BGP VRF.
Step 8 show route vrf vrf-name ip-address
Example:
RP/0/RSP0/CPU0:router# show route vrf vrf_A
10.0.0.0
Displays the current routes in the Routing Information Base
(RIB) for a specified VRF.
Step 9 show bgp vpn unicast summary
Example:
RP/0/RSP0/CPU0:router# show bgp vpn unicast
summary
Displays the status of all BGP VPN unicast connections.
Step 10 show running-config router isis
Example:
RP/0/RSP0/CPU0:router# show running-config
router isis
Displays the Intermediate System-to-Intermediate System
(IS-IS) content of the currently running configuration.
Step 11 show running-config mpls
Example:
RP/0/RSP0/CPU0:router# show running-config mpls
Displays the MPLS content of the currently
running-configuration.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
82
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 12 show isis adjacency
Example:
RP/0/RSP0/CPU0:router# show isis adjacency
Displays IS-IS adjacency information.
Step 13 show mpls ldp forwarding
Example:
RP/0/RSP0/CPU0:router# show mpls ldp forwarding
Displays the Label Distribution Protocol (LDP) forwarding
state installed in MPLS forwarding.
Step 14 show bgp vpnv4 unicast
Example:
RP/0/RSP0/CPU0:router# show bgp vpnv4 unicast
Displays entries in the BGP routing table for VPNv4 unicast
addresses.
Step 15 show bgp vrf vrf-name
Example:
RP/0/RSP0/CPU0:router# show bgp vrf vrf_A
Displays entries in the BGP routing table for VRF vrf_A.
Step 16 show bgp vrf vrf-name imported-routes
Example:
RP/0/RSP0/CPU0:router# show bgp vrf vrf_A
imported-routes
Displays BGP information for routes imported into
specified VRF instances.
Step 17 show route vrf vrf-name ip-address
Example:
RP/0/RSP0/CPU0:router# show route vrf vrf_A
10.0.0.0
Displays the current specified VRF routes in the RIB.
Step 18 show cef vrf vrf-name ip-address
Example:
RP/0/RSP0/CPU0:router# show cef vrf vrf_A
10.0.0.1
Displays the IPv4 Cisco Express Forwarding (CEF) table
for a specified VRF.
Step 19 show cef vrf vrf-name ip-address location
node-id
Example:
RP/0/RSP0/CPU0:router# show cef vrf vrf_A
10.0.0.1 location 0/1/cpu0
Displays the IPv4 CEF table for a specified VRF and
location.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
83
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring L3VPN over GRE
Perform the following tasks to configure L3VPN over GRE:
Creating a GRE Tunnel between Provider Edge Routers
Configuring IGP between Provider Edge Routers
Configuring LDP/GRE on the Provider Edge Routers
Configuring L3VPN
Creating a GRE Tunnel between Provider Edge Routers
Perform this task to configure a GRE tunnel between provider edge routers.
SUMMARY STEPS
1. configure
2. interface tunnel-ip number
3. ipv4 address ipv4-address subnet-mask
4. ipv6 address ipv6-prefix/prefix-length
5. tunnel mode gre ipv4
6. tunnel source type number
7. tunnel destination ip-address
8. end
or
commit
Step 20 show bgp vrf vrf-name ip-address
Example:
RP/0/RSP0/CPU0:router# show bgp vrf vrf_A
10.0.0.0
Displays entries in the BGP routing table for VRF vrf_A.
Step 21 show ospf vrf vrf-name database
Example:
RP/0/RSP0/CPU0:router# show ospf vrf vrf_A
database
Displays lists of information related to the OSPF database
for a specified VRF.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
84
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 interface tunnel-ip number
Example:
RP/0/RSP0/CPU0:router(config)# interface
tunnel-ip 4000
Enters tunnel interface configuration mode.
number is the number associated with the tunnel
interface.
Step 3 ipv4 address ipv4-address subnet-mask
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4 address
10.1.1.1 255.255.255.0
Specifies the IPv4 address and subnet mask for the
interface.
ipv4-address specifies the IP address of the interface.
subnet-mask specifies the subnet mask of the interface.
Step 4 ipv6 address ipv6-prefix/prefix-length
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv6 address
100:1:1:1::1/64
Specifies an IPv6 network assigned to the interface.
Step 5 tunnel mode gre ipv4
Example:
RP/0/RSP0/CPU0:router(config-if)# tunnel mode
gre ipv4
Sets the encapsulation mode of the tunnel interface to GRE.
Step 6 tunnel source type path-id
Example:
RP/0/RSP0/CPU0:router(config-if)# tunnel source
TenGigE0/2/0/1
Specifies the source of the tunnel interface. Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
85
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring IGP between Provider Edge Routers
Perform this task to configure IGP between provider edge routers.
SUMMARY STEPS
1. configure
2. router ospf process-name
3. nsr
4. router-id {router-id}
5. mpls ldp sync
6. dead-interval seconds
7. hello-interval seconds
8. area area-id
9. interface tunnel-ip number
10. end
or
commit
Step 7 tunnel destination ip-address
Example:
RP/0/RSP0/CPU0:router(config-if)# tunnel
destination 145.12.5.2
Defines the tunnel destination.
Step 8 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
or
RP/0/RSP0/CPU0:router(config-if)# commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
86
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router ospf process-name
Example:
RP/0/RSP0/CPU0:router(config)# router ospf 1
Enables OSPF routing for the specified routing process and
places the router in router configuration mode.
Step 3 nsr
Example:
RP/0/RSP0/CPU0:router(config-ospf)# nsr
Activates BGP NSR.
Step 4 router-id {router-id}
Example:
RP/0/RSP0/CPU0:router(config-ospf)# router-id
1.1.1.1
Configures a router ID for the OSPF process.
Note We recommend using a stable IP address as the
router ID.
Step 5 mpls ldp sync
Example:
RP/0/RSP0/CPU0:router(config-ospf)# mpls ldp
sync
Enables MPLS LDP synchronization.
Step 6 dead-interval seconds
Example:
RP/0/RSP0/CPU0:router(config-ospf)#
dead-interval 60
Sets the time to wait for a hello packet from a neighbor
before declaring the neighbor down.
Step 7 hello-interval seconds
Example:
RP/0/RSP0/CPU0:router(config-ospf)#
hello-interval 15
Specifies the interval between hello packets that OSPF
sends on the interface.
Step 8 area area-id
Example:
RP/0/RSP0/CPU0:router(config-ospf)# area 0
Enters area configuration mode and configures an area for
the OSPF process.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
87
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring LDP/GRE on the Provider Edge Routers
Perform this task to configure LDP/GRE on the provider edge routers.
SUMMARY STEPS
1. configure
2. mpls ldp
3. router-id {router-id}
4. discovery hello holdtime seconds
5. discovery hello interval seconds
6. nsr
7. graceful-restart
8. graceful-restart reconnect-timeout seconds
9. graceful-restart forwarding-state-holdtime seconds
10. holdtime seconds
11. neighbor ip-address
12. interface tunnel-ip number
Step 9 interface tunnel-ip number
Example:
RP/0/RSP0/CPU0:router(config-ospf)# interface
tunnel-ip 4
Enters tunnel interface configuration mode.
number is the number associated with the tunnel
interface.
Step 10 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-ospf)# end
or
RP/0/RSP0/CPU0:router(config-ospf)# commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
88
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
13. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 mpls ldp
Example:
RP/0/RSP0/CPU0:router(config)# mpls ldp
Enables MPLS LDP configuration mode.
Step 3 router-id {router-id}
Example:
RP/0/RSP0/CPU0:router(config-ldp)# router-id
1.1.1.1
Configures a router ID for the OSPF process.
Note We recommend using a stable IP address as the
router ID.
Step 4 discovery hello holdtime seconds
Example:
RP/0/RSP0/CPU0:router(config-ldp)# discovery
hello holdtime 40
Defines the period of time a discovered LDP neighbor is
remembered without receipt of an LDP Hello message from
the neighbor.
Step 5 discovery hello interval seconds
Example:
RP/0/RSP0/CPU0:router(config-ldp)# discovery
hello holdtime 20
Defines the period of time between the sending of
consecutive Hello messages.
Step 6 nsr
Example:
RP/0/RSP0/CPU0:router(config-ldp)# nsr
Activates BGP NSR.
Step 7 graceful-restart
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
graceful-restart
Enables graceful restart on the router.
Step 8 graceful-restart reconnect-timeout seconds
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
graceful-restart recoonect-timeout 180
Defines the time for which the neighbor should wait for a
reconnection if the LDP session is lost. Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
89
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring L3VPN
Perform this task to configure L3VPN.
SUMMARY STEPS
1. configure
2. vrf vrf-name
Step 9 graceful-restart forwarding-state-holdtime
seconds
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
graceful-restart forwarding-state-holdtime 300
Defines the time that the neighbor should retain the MPLS
forwarding state during a recovery.
Step 10 holdtime seconds
Example:
RP/0/RSP0/CPU0:router(config-ldp)# holdtime 90
Configures the hold time for an interface.
Step 11 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-ldp)# neighbor
10.1.1.0
Defines a neighboring router.
Step 12 interface tunnel-ip number
Example:
RP/0/RSP0/CPU0:router(config-ldp)# interface
tunnel-ip 4
Enters tunnel interface configuration mode.
number is the number associated with the tunnel
interface.
Step 13 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
or
RP/0/RSP0/CPU0:router(config-ldp)# commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
90
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
3. address-family { ipv4 | ipv6 } unicast
4. import route-target [as-number:nn | ip-address:nn]
5. export route-target [as-number:nn | ip-address:nn]
6. interface type interface-path-id
7. vrf vrf-name
8. ipv4 address ipv4-address subnet-mask
9. dot1q vlan vlan-id
10. router bgp process-name
11. nsr
12. bgp router-id ip-address
13. address-family {vpnv4 | vpnv6} unicast
14. neighbor ip-address
15. remote-as as-number
16. update-source type interface-path-id
17. address-family {vpnv4 | vpnv6} unicast
18. route-policy policy-name in
19. route-policy policy-name out
20. vrf vrf-name
21. rd {as-number:nn | ip-address:nn | auto}
22. address-family {ipv4 | ipv6} unicast
23. redistribute connected [metric metric-value] [route-policy route-policy-name]
24. redistribute static [metric metric-value] [route-policy route-policy-name]
25. neighbor ip-address
26. remote-as as-number
27. ebgp-multihop ttl-value
28. address-family {ipv4 | ipv6} unicast
29. route-policy policy-name in
30. route-policy policy-name out
31. end
or
commitImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
91
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config)# vrf vpn1
Configures a VRF instance.
Step 3 address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family { ipv4 | ipv6 } unicast
Specifies either the IPv4 or IPv6 address family and enters
address family configuration submode.
Step 4 import route-target [as-number:nn |
ip-address:nn]
Example:
RP/0/RSP0/CPU0:router(config-vrf)# import
route-target 2:1
Specifies a list of route target (RT) extended communities.
Only prefixes that are associated with the specified import
route target extended communities are imported into the
VRF.
Step 5 export route-target [as-number:nn |
ip-address:nn]
Example:
RP/0/RSP0/CPU0:router(config-vrf)# export
route-target 1:1
Specifies a list of route target extended communities.
Export route target communities are associated with
prefixes when they are advertised to remote PEs. The
remote PEs import them into VRFs which have import RTs
that match these exported route target communities.
Step 6 interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)#interface
TenGigE0/2/0/0.1
Enters interface configuration mode and configures an
interface.
Step 7 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-if)# vrf vpn1
Configures a VRF instance.
Step 8 ipv4 address ipv4-address subnet-mask
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4 address
150.1.1.1 255.255.255.0
Specifies the IPv4 address and subnet mask for the
interface.
ipv4-address specifies the IP address of the interface.
subnet-mask specifies the subnet mask of the interface.
Step 9 dot1q native vlan vlan-id
Example:
RP/0/RSP0/CPU0:router(config-if)# dot1q native
vlan 1
Assigns the native VLAN ID of a physical interface
trunking 802.1Q VLAN traffic.Implementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
92
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 10 router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 1
Specifies the autonomous system number and enters the
BGP configuration mode, allowing you to configure the
BGP routing process.
Step 11 nsr
Example:
RP/0/RSP0/CPU0:router(config-bgp)# nsr
Activates BGP NSR.
Step 12 bgp router-id ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# bgp
router-id 1.1.1.1
Configures the local router with a specified router ID.
Step 13 address-family {vpnv4 | vpnv6} unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family vpnv4 unicast
Enters address family configuration submode for the
specified address family.
Step 14 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
4.4.4.4
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address as a BGP
peer.
Step 15 remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#remote-as
1
Creates a neighbor and assigns a remote autonomous
system number to it.
Step 16 update-source type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#update-so
urce Loopback0
Allows sessions to use the primary IP address from a
specific interface as the local address when forming a
session with a neighbor.
Step 17 address-family {vpnv4 | vpnv6} unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family vpnv4 unicast
Enters address family configuration submode for the
specified address family.
Step 18 route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#routepolicy pass-all in
Defines a route policy and enters route policy configuration
mode.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
93
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 19 route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#routepolicy pass-all out
Defines a route policy and enters route policy configuration
mode.
Step 20 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config)# vrf vpn1
Configures a VRF instance.
Step 21 rd {as-number:nn | ip-address:nn | auto}
Example:
RP/0/RSP0/CPU0:router(config-vrf)#rd 1:1
Configures the route distinguisher.
Step 22 address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-vrf)#
address-family ipv4 unicast
Specifies either the IPv4 or IPv6 address family and enters
address family configuration submode.
Step 23 redistribute connected [metric metric-value]
[route-policy route-policy-name]
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)#
redistribute connected
Causes routes from the specified instance to be redistributed
into BGP.
Step 24 redistribute static [metric metric-value]
[route-policy route-policy-name]
Example:
RP/0/RSP0/CPU0:router(config-vrf-af)#
redistribute static
Causes routes from the specified instance to be redistributed
into BGP.
Step 25 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
150.1.1.2
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address as a BGP
peer.
Step 26 remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#remote-as
7501
Creates a neighbor and assigns a remote autonomous
system number to it.
Step 27 ebg-multihop ttl-value
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#ebgp-mult
ihop 10
Configures the CE neighbor to accept and attempt BGP
connections to external peers residing on networks that are
not directly connected.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
How to Implement MPLS Layer 3 VPNs
94
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 28 address-family { ipv4 | ipv6 } unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family ipv4 unicast
Specifies either the IPv4 or IPv6 address family and enters
address family configuration submode.
Step 29 route-policy route-policy-name in
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#routepolicy BGP_pass_all in
Defines a route policy and enters route policy configuration
mode.
Step 30 route-policy route-policy-name out
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#routepolicy BGP_pass_all out
Defines a route policy and enters route policy configuration
mode.
Step 31 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# end
or
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing MPLS Layer 3 VPNs
Configuration Examples for Implementing MPLS Layer 3 VPNs
95
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuration Examples for Implementing MPLS Layer 3 VPNs
This section provides these sample configurations for MPLS L3VPN features:
Configuring an MPLS VPN Using BGP: Example, page VPC-95
Configuring the Routing Information Protocol on the PE Router: Example, page VPC-96
Configuring the PE Router Using EIGRP: Example, page VPC-96
Configuration Examples for MPLS VPN CSC, page VPC-97
Configuring L3VPN over GRE: Example, page VPC-98
Configuring an MPLS VPN Using BGP: Example
This example shows the configuration for an MPLS VPN using BGP on vrf vpn1:
address-family ipv4 unicast
import route-target
100:1
!
export route-target
100:1
!
!
!
route-policy pass-all
pass
end-policy
!
interface Loopback0
ipv4 address 10.0.0.1 255.255.255.255
!
interface gigabitEthernet 0/1/0/0
vrf vpn1
ipv4 address 10.0.0.2 255.0.0.0
!
interface gigabitEthernet 0/1/0/1
ipv4 address 10.0.0.1 255.0.0.0
!
router ospf 100
area 100
interface loopback0
interface gigabitEthernet 0/1/0/1
!
!
router bgp 100
address-family vpnv4 unicast
retain route-target route-policy policy1
neighbor 10.0.0.3
remote-as 100
update-source Loopback0
address-family vpnv4 unicast
!
vrf vpn1
rd 100:1
address-family ipv4 unicast
redistribute connected
!
neighbor 10.0.0.1
remote-as 200Implementing MPLS Layer 3 VPNs
Configuration Examples for Implementing MPLS Layer 3 VPNs
96
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
address-family ipv4 unicast
as-override
route-policy pass-all in
route-policy pass-all out
!
advertisement-interval 5
!
!
!
mpls ldp
route-id looback0
interface gigabitEthernet 0/1/0/1
!
Configuring the Routing Information Protocol on the PE Router: Example
This example shows the configuration for the RIP on the PE router:
vrf vpn1
address-family ipv4 unicast
import route-target
100:1
!
export route-target
100:1
!
!
!
route-policy pass-all
pass
end-policy
!
interface gigabitEthernet 0/1/0/0
vrf vpn1
ipv4 address 10.0.0.2 255.0.0.0
!
router rip
vrf vpn1
interface GigabitEthernet0/1/0/0
!
timers basic 30 90 90 120
redistribute bgp 100
default-metric 3
route-policy pass-all in
!
Configuring the PE Router Using EIGRP: Example
This example shows the configuration for the Enhanced Interior Gateway Routing Protocol (EIGRP) on
the PE router:
Router eigrp 10
vrf VRF1
address-family ipv4
router-id 10.1.1.2
default-metric 100000 2000 255 1 1500
as 62
redistribute bgp 2000Implementing MPLS Layer 3 VPNs
Configuration Examples for Implementing MPLS Layer 3 VPNs
97
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
interface Loopback0
!
interface GigabitEthernet0/6/0/0
Configuration Examples for MPLS VPN CSC
Configuration examples for the MPLS VPN CSC include:
Configuring the Backbone Carrier Core: Examples, page VPC-97
Configuring the Links Between CSC-PE and CSC-CE Routers: Examples, page VPC-97
Configuring a Static Route to a Peer: Example, page VPC-98
Configuring the Backbone Carrier Core: Examples
Configuration examples for the backbone carrier core included in this section are as follows:
Configuring VRFs for CSC-PE Routers: Example, page VPC-97
Configuring the Links Between CSC-PE and CSC-CE Routers: Examples, page VPC-97
Configuring VRFs for CSC-PE Routers: Example
This example shows how to configure a VPN routing and forwarding instance (VRF) for a CSC-PE
router:
config
vrf vpn1
address-family ipv4 unicast
import route-target 100:1
export route-target 100:1
end
Configuring the Links Between CSC-PE and CSC-CE Routers: Examples
This section contains these examples:
Configuring a CSC-PE: Example, page VPC-97
Configuring a CSC-CE: Example, page VPC-98
Configuring a CSC-PE: Example
In this example, a CSC-PE router peers with a PE router, 10.1.0.2, in its own AS. It also has a labeled
unicast peering with a CSC-CE router, 10.0.0.1.
config
router bgp 2
address-family vpnv4 unicast
neighbor 10.1.0.2
remote-as 2
update-source loopback0
address-family vpnv4 unicast
vrf customer-carrier
rd 1:100
address-family ipv4 unicast
allocate-label all
redistribute static
neighbor 10.0.0.1Implementing MPLS Layer 3 VPNs
Configuration Examples for Implementing MPLS Layer 3 VPNs
98
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
remote-as 1
address-family ipv4 labeled-unicast
route-policy pass-all in
route-policy pass-all out
as-override
end
Configuring a CSC-CE: Example
This example shows how to configure a CSC-CE router. In this example, the CSC-CE router peers
CSC-PE router 10.0.0.2 in AS 2.
config
router bgp 1
address-family ipv4 unicast
redistribute ospf 200
allocate-label all
neighbor 10.0.0.2
remote-as 2
address-family ipv4 labeled-unicast
route-policy pass-all in
route-policy pass-all out
end
Configuring a Static Route to a Peer: Example
This example shows how to configure a static route to an Inter-AS or CSC-CE peer:
config
router static
address-family ipv4 unicast
10.0.0.2/32 40.1.1.1
end
Configuring L3VPN over GRE: Example
The following example shows how to configure L3VPN over GRE:
Sample configuration to create a GRE tunnel between PE1 and PE2:
RP/0/RSP0/CPU0:PE1#sh run int tunnel-ip 1
interface tunnel-ip1
ipv4 address 100.1.1.1 255.255.255.0
ipv6 address 100:1:1:1::1/64
tunnel mode gre ipv4
tunnel source TenGigE0/2/0/1
tunnel destination 145.12.5.2
!
RP/0/RSP0/CPU0:PE2#sh run int tunnel-ip 1
interface tunnel-ip1
ipv4 address 100.1.1.2 255.255.255.0
ipv6 address 100:1:1:1::2/64
tunnel mode gre ipv4
tunnel source TenGigE0/1/0/2
tunnel destination 145.12.1.1
Configure IGP between PE1 and PE2:
Sample configuration for PE1 is given below. PE2 will also have a similar configuration.
RP/0/RSP0/CPU0:PE1#sh run router ospf 1Implementing MPLS Layer 3 VPNs
Configuration Examples for Implementing MPLS Layer 3 VPNs
99
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
router ospf 1
nsr
router-id 1.1.1.1 <=== Loopback0
mpls ldp sync
mtu-ignore enable
dead-interval 60
hello-interval 15
area 0
interface TenGigE0/2/0/1
!
RP/0/RSP0/CPU0:PE1#sh run router ospf 0
router ospf 0
nsr
router-id 1.1.1.1
mpls ldp sync
dead-interval 60
hello-interval 15
area 0
interface Loopback0
!
interface tunnel-ip1
!
* Check for OSPF neighbors
RP/0/RSP0/CPU0:PE1#sh ospf neighbor
Neighbors for OSPF 0
Neighbor ID Pri State Dead Time Address Interface
4.4.4.4 1 FULL/ - 00:00:47 100.1.1.2 tunnel-ip1 <==
Neighbor PE2
Neighbor is up for 00:13:40
Neighbors for OSPF 1
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/DR 00:00:50 145.12.1.2 TenGigE0/2/0/1 <==
Neighbor P1
Neighbor is up for 00:13:43
Configure LDP/GRE on PE1 and PE2:
RP/0/RSP0/CPU0:PE1#sh run mpls ldp
mpls ldp
router-id 1.1.1.1 <=== Loopback0
discovery hello holdtime 45
discovery hello interval 15
nsr
graceful-restart
graceful-restart reconnect-timeout 180
graceful-restart forwarding-state-holdtime 300
holdtime 90
log
neighbor
!
interface tunnel-ip1
!
*Check for mpls forwarding
RP/0/RSP0/CPU0:PE1#sh mpls forwarding prefix 4.4.4.4/32
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched Implementing MPLS Layer 3 VPNs
Configuration Examples for Implementing MPLS Layer 3 VPNs
100
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
---- ------- -------------- -------- ----------- ----------
16003 Pop 4.4.4.4/32 ti1 100.4.1.2 0
Configure L3VPN
RP/0/RSP0/CPU0:PE1#sh run vrf vpn1
vrf vpn1
address-family ipv4 unicast
import route-target
2:1
!
export route-target
1:1
!
RP/0/RSP0/CPU0:PE1#sh run int tenGigE 0/2/0/0.1
interface TenGigE0/2/0/0.1
vrf vpn1
ipv4 address 150.1.1.1 255.255.255.0
dot1q vlan 1
!
RP/0/RSP0/CPU0:PE1#sh run router bgp
router bgp 1
nsr
bgp router-id 1.1.1.1 <===Loopback0
address-family vpnv4 unicast
!
neighbor 4.4.4.4 <===iBGP session with PE2
remote-as 1
update-source Loopback0
address-family vpnv4 unicast
route-policy pass-all in
route-policy pass-all out
!
!
vrf vpn1
rd 1:1
address-family ipv4 unicast
redistribute connected
redistribute static
!
neighbor 150.1.1.2 <=== VRF neighbor
remote-as 7501
ebgp-multihop 10
address-family ipv4 unicast
route-policy BGP_pass_all in
route-policy BGP_pass_all out
!
* Check vrf ping to the 150.1.1.2.
RP/0/RSP0/CPU0:PE1#ping vrf vpn1 150.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 150.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
* Send traffic to vrf routes adverstised and verify that mpls counters increase in tunnel
interface accounting
RP/0/RSP0/CPU0:PE1#sh int tunnel-ip1 accounting
tunnel-ip1
Protocol Pkts In Chars In Pkts Out Chars OutImplementing MPLS Layer 3 VPNs
Configuration Examples for Implementing MPLS Layer 3 VPNs
101
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
IPV4_MULTICAST 3 276 3 276
MPLS 697747 48842290 0 0Implementing MPLS Layer 3 VPNs
Additional References
102
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Additional References
For additional information, refer to these documents:
Related Documents
Standards
MIBs
Related Topic Document Title
Cisco ASR 9000 Series Router L2VPN commands MPLS Virtual Private Network Commands on
Cisco ASR 9000 Series Routers module in the
Cisco ASR 9000 Series Aggregation Services Router MPLS
Command Reference
Routing (BGP, EIGRP, OSPF, and RIP) commands:
complete command syntax, command modes,
command history, defaults, usage guidelines, and
examples
Cisco ASR 9000 Series Aggregation Services Router Routing
Command Reference
Routing (BGP, EIGRP, OSPF, and RIP) configuration Cisco ASR 9000 Series Aggregation Services Router Routing
Configuration Guide
MPLS LDP configuration: configuration concepts,
task, and examples
Implementing MPLS Label Distribution Protocol on
Cisco ASR 9000 Series Routers module in this document.
MPLS Traffic Engineering Resource Reservation
Protocol configuration: configuration concepts, task,
and examples
Implementing RSVP for MPLS-TE on
Cisco ASR 9000 Series Routers module in this document.
Getting started material Cisco ASR 9000 Series Aggregation Services Router Getting
Started Guide
Standards Title
No new or modified standards are supported by this
feature, and support for existing standards has not been
modified by this feature.
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR software, use the
Cisco MIB Locator found at this URL and choose a platform under
the Cisco Access Products menu:
http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtmlImplementing MPLS Layer 3 VPNs
Additional References
103
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
RFCs
Technical Assistance
RFCs Title
RFC 1700 Assigned Numbers
RFC 1918 Address Allocation for Private Internets
RFC 1966 BGP Route Reflectors: An Alternative to Full Mesh iBGP
RFC 2283 Multiprotocol Extensions for BGP-4
RFC 2547 BGP/MPLS VPNs
RFC 2842 Capabilities Advertisement with BGP-4
RFC 2858 Multiprotocol Extensions for BGP-4
RFC 3107 Carrying Label Information in BGP-4
Description Link
The Cisco Technical Support website contains
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
http://www.cisco.com/techsupportImplementing MPLS Layer 3 VPNs
Additional References
104
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02105
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Implementing IPv6 VPN Provider Edge Transport
over MPLS
This module describes how to implement IPv6 VPN Provider Edge Transport over MPLS on
Cisco ASR 9000 Series Aggregation Services Routers.
IPv6 VPN Provider Edge (6PE/VPE) uses the existing MPLS IPv4 core infrastructure for IPv6 transport.
6PE/VPE enables IPv6 sites to communicate with each other over an MPLS IPv4 core network using
MPLS label switched paths (LSPs).
This feature relies heavily on multiprotocol Border Gateway Protocol (BGP) extensions in the IPv4
network configuration on the provider edge (PE) router to exchange IPv6 reachability information (in
addition to an MPLS label) for each IPv6 address prefix. Edge routers are configured as dual-stack,
running both IPv4 and IPv6, and use the IPv4 mapped IPv6 address for IPv6 prefix reachability
exchange.
For detailed information about the commands used to configure L2TP functionality, see the
Cisco ASR 9000 Aggregation Services Router Routing Command Reference.
Feature History for Implementing 6PE on Cisco ASR 9000 Series Routers
Contents
Prerequisites for Implementing 6PE/VPE, page VPC-106
Information About 6PE/VPE, page VPC-106
How to Implement 6PE/VPE, page VPC-109
Configuration Examples for 6PE, page VPC-122
Additional References, page VPC-124
Release Modification
Release 3.9.1 This feature was introduced.
Release 4.0.0 Support was added for the 6PE and 6VPE features for IPv6 L3VPN on
A9K-SIP-700.
Support was added for the BGP per VRF/CE label allocation for 6PE feature.
Release 4.1.0 Support for the Open Shortest Path First version 3 (OSPFv3) IPv6 VPN Provider
Edge (6VPE) feature was added.Implementing IPv6 VPN Provider Edge Transport over MPLS
Prerequisites for Implementing 6PE/VPE
106
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Prerequisites for Implementing 6PE/VPE
These prerequisites are required to implement 6PE:
You must be in a user group associated with a task group that includes the proper task IDs. The
command reference guides include the task IDs required for each command.
If you suspect user group assignment is preventing you from using a command, contact your AAA
administrator for assistance.
Familiarity with MPLS and BGP4 configuration and troubleshooting.
Information About 6PE/VPE
To configure the 6PE feature, you should understand the concepts that are described in these sections:
Overview of 6PE/VPE, page VPC-106
Benefits of 6PE/VPE, page VPC-107
Deploying IPv6 over MPLS Backbones, page VPC-107
IPv6 on the Provider Edge and Customer Edge Routers, page VPC-107
IPv6 Provider Edge Multipath, page VPC-108
OSPFv3 6VPE, page VPC-108
Overview of 6PE/VPE
Multiple techniques are available to integrate IPv6 services over service provider core backbones:
Dedicated IPv6 network running over various data link layers
Dual-stack IPv4-IPv6 backbone
Existing MPLS backbone leverage
These solutions are deployed on service providers backbones when the amount of IPv6 traffic and the
revenue generated are in line with the necessary investments and the agreed-upon risks. Conditions are
favorable for the introduction of native IPv6 services, from the edge, in a scalable way, without any IPv6
addressing restrictions and without putting a well-controlled IPv4 backbone in jeopardy. Backbone
stability is essential for service providers that have recently stabilized their IPv4 infrastructure.
Service providers running an MPLS/IPv4 infrastructure follow similar trends because several integration
scenarios that offer IPv6 services on an MPLS network are possible. Cisco Systems has specially
developed Cisco 6PE or IPv6 Provider Edge Router over MPLS, to meet all those requirements.
Inter-AS support for 6PE requires support of Border Gateway Protocol (BGP) to enable address families
and to allocate and distribute PE and ASBR labels.Implementing IPv6 VPN Provider Edge Transport over MPLS
Information About 6PE/VPE
107
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Benefits of 6PE/VPE
Service providers who currently deploy MPLS experience these benefits of Cisco 6PE:
Minimal operational cost and riskNo impact on existing IPv4 and MPLS services.
Only provider edge routers upgradeA 6PE/VPE router can be an existing PE router or a new one
dedicated to IPv6 traffic.
No impact on IPv6 customer edge routersThe ISP can connect to any customer CE running Static,
IGP or EGP.
Production services readyAn ISP can delegate IPv6 prefixes.
IPv6 introduction into an existing MPLS service6PE/VPE routers can be added at any time.
Deploying IPv6 over MPLS Backbones
Backbones enabled by 6PE (IPv6 over MPLS) allow IPv6 domains to communicate with each other over
an MPLS IPv4 core network. This implementation requires no backbone infrastructure upgrades and no
reconfiguration of core routers because forwarding is based on labels instead of the IP header itself. This
provides a very cost-effective strategy for IPv6 deployment.
Additionally, the inherent virtual private network (VPN) and traffic engineering (TE) services available
within an MPLS environment allow IPv6 networks to be combined into VPNs or extranets over an
infrastructure that supports IPv4 VPNs and MPLS-TE.
IPv6 on the Provider Edge and Customer Edge Routers
Service Provider Edge Routers
6PE is particularly applicable to service providers who currently run an MPLS network. One of its
advantages is that there is no need to upgrade the hardware, software, or configuration of the core
network, and it eliminates the impact on the operations and the revenues generated by existing IPv4
traffic. MPLS is used by many service providers to deliver services to customers. MPLS as a multiservice
infrastructure technology is able to provide layer 3 VPN, QoS, traffic engineering, fast re-routing and
integration of ATM and IP switching.
Customer Edge Routers
Using tunnels on the CE routers is the simplest way to deploy IPv6 over MPLS networks. It has no
impact on the operation or infrastructure of MPLS, and requires no changes to the P routers in the core
or to the PE routers. However, tunnel meshing is required as the number of CEs to connect increases,
and it becomes difficult to delegate a global IPv6 prefix for an ISP.
Figure 7 illustrates the network architecture using tunnels on the CE routers. Implementing IPv6 VPN Provider Edge Transport over MPLS
Information About 6PE/VPE
108
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Figure 7 IPv6 Using Tunnels on the CE Routers
IPv6 Provider Edge Multipath
Internal and external BGP multipath for IPv6 allows the IPv6 router to balance load between several
paths (for example, the same neighboring autonomous system (AS) or sub-AS, or the same metrics) to
reach its destination. The 6PE multipath feature uses multiprotocol internal BGP (MP-IBGP) to
distribute IPv6 routes over the MPLS IPv4 core network and to attach an MPLS label to each route.
When MP-IBGP multipath is enabled on the 6PE router, all labeled paths are installed in the forwarding
table with available MPLS information (label stack). This functionality enables 6PE to perform load
balancing.
OSPFv3 6VPE
The Open Shortest Path First version 3 (OSPFv3) IPv6 VPN Provider Edge (6VPE) feature adds VPN
routing and forwarding (VRF) and provider edge-to-customer edge(PE-CE) routing support to
Cisco IOS XR OSPFv3 implementation. This feature allows:
Multiple VRF support per OSPFv3 routing process
OSPFV3 PE-CE extensions
Multiple VRF Support
OSPFv3 supports multiple VRFs in a single routing process that allows scaling to tens and hundreds of
VRFs without consuming too much route processor (RP) resources.
v6
IPv6
PE
PE
P
OC-48/192
IPv6 over IPv4 tunnels
v4
IPv4
v6
IPv6
v4
IPv4
v6
IPv6
IPv6
IPv4
v6
v4
P
P P
PE
PE
Dual stack
IPv4-IPv6
CE routers
Dual stack
IPv4-IPv6
CE routers
210608Implementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
109
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Multiple OSPFv3 processes can be configured on a single router. In large-scale VRF deployments, this
allows partition VRF processing across multiple RPs. It is also used to isolate default routing table or
high impact VRFs from the regular VRFs. It is recommended to use a single process for all the VRFs.
If needed, a second OSPFv3 process must be configured for IPv6 routing.
Note The maximum of four OSPFv3 processes are supported.
OSPFv3 PE-CE Extensions
IPv6 protocol is being vastly deployed in today's customer networks. Service Providers (SPs) need to be
able to offer Virtual Private Network (VPN) services to their customers for supporting IPv6 protocol, in
addition to the already offered VPN services for IPv4 protocol.
In order to support IPv6, routing protocols require additional extensions for operating in the VPN
environment. Extensions to OSPFv3 are required in order for OSPFv3 to operate at the PE-CE links.
VRF Lite
VRF lite feature enables VRF deployment without BGP or MPLS based backbone. In VRF lite, the PE
routers are directly connected using VRF interfaces. For OSPFv3, the following needs to operate
differently in the VRF lite scenario, as opposed to the deployment with BGP or MPLS backbone:
DN bit processingIn VRF lite environment, the DN bit processing is disabled.
ABR statusIn VRF context (except default VRF), OSPFv3 router is automatically set as an ABR,
regardless to its connectivity to area 0. This automatic ABR status setting is disabled in the VRF
lite environment.
Note To enable VRF Lite, issue the capability vrf-lite command in the OSPFv3 VRF configuration submode.
How to Implement 6PE/VPE
This section includes these implementation procedures:
Configuring 6PE/VPE, page VPC-109
Configuring PE to PE Core, page VPC-111
Configuring PE to CE Core, page VPC-115
Configuring OSPFv3 as the Routing Protocol Between the PE and CE Routers, page VPC-118
Configuring 6PE/VPE
This task describes how to configure 6PE/VPE on PE routers to transport the IPv6 prefixes across the
IPv4 cloud.
Ensure that you configure 6PE/VPE on PE routers participating in both the IPv4 cloud and IPv6 clouds. Implementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
110
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Note For 6PE, you can use all routing protocols supported on Cisco IOS XR software such as BGP, OSPF,
IS-IS, EIGRP, RIP, and Static to learn routes from both clouds. However, for 6VPE, you can use only
the BGP, EIGRP and Static routing protocols to learn routes.
SUMMARY STEPS
1. configure
2. router bgp as-number
3. neighbor ip-address
4. address-family ipv6 labeled-unicast
5. exit
6. exit
7. address-family ipv6 unicast
8. allocate-label [all | route-policy policy_name]
9. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 1
Enters the number that identifies the autonomous system
(AS) in which the router resides.
Range for 2-byte numbers is 1 to 65535. Range for 4-byte
numbers is 1.0 to 65535.65535.
Step 3 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
1.1.1.1
Enters neighbor configuration mode for configuring Border
Gateway Protocol (BGP) routing sessions.
Step 4 address-family ipv6 labeled-unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family ipv6 labeled-unicast
Specifies IPv6 labeled-unicast address prefixes.
Note This option is also available in IPv6 neighbor
configuration mode and VRF neighbor
configuration mode.
Step 5 exit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# exit
Exits BGP address-family submode.Implementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
111
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring PE to PE Core
This task describes how to configure a Provider Edge (PE) to PE Core.
For information on configuring VPN Routing and Forwarding (VRF), refer to the Implementing BGP on
Cisco ASR 9000 Series Router module of the Cisco ASR 9000 Series Aggregation Services Router
Routing Configuration Guide.
SUMMARY STEPS
1. configure
2. router bgp
3. address-family vpnv6 unicast
Step 6 exit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# exit
Exits BGP neighbor submode.
Step 7 address-family ipv6 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family ipv6 unicast
Specifies IPv6 unicast address prefixes.
Step 8 allocate-label [all | route-policy policy_name]
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)#
allocate-label all
Allocates MPLS labels for specified IPv4 unicast routes.
Note The route-policy keyword provides finer control to
filter out certain routes from being advertised to the
neighbor.
Step 9 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# end
or
RP/0/RSP0/CPU0:router(config-bgp-af)# commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
112
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
4. bgp dampening [ half-life [ reuse suppress max-suppress-time ] | route-policy route-policy-name ]
5. bgp client-to-client reflection { cluster-id | disable }
6. neighbor ip-address
7. remote-as as-number
8. description text
9. password { clear | encrypted } password
10. shutdown
11. timers keepalive hold-time
12. update-source type interface-id
13. address-family vpnv6 unicast
14. route-policy route-policy-name { in | out }
15. exit
16. vrf vrf-name
17. rd { as-number : nn | ip-address : nn | auto }
18. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 10
Specifies the BGP AS number and enters the BGP
configuration mode, allowing you to configure the BGP
routing process.
Step 3 address-family vpnv6 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp)#
address-family vpnv6 unicast
Specifies the vpnv6 address family and enters address
family configuration submode.
Step 4 bgp dampening [ half-life [ reuse suppress
max-suppress-time ] | route-policy
route-policy-name ]
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# bgp
dampening 30 1500 10000 120
Configures BGP dampening for the specified address
family.Implementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
113
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 5 bgp client-to-client reflection {cluster-id |
disable }
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# bgp
client-to-client reflection disable
Configures client to client route reflection.
Step 6 exit
Example:
RP/0/RSP0/CPU0:router(config-bgp-af)# exit
Exits the address family configuration submode.
Step 7 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp)# neighbor
10.1.1.1
Places the router in neighbor configuration mode for BGP
routing and configures the neighbor IP address as a BGP
peer.
Step 8 remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
remote-as 100
Creates a neighbor and assigns a remote autonomous
system number to it.
Step 9 description text
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
description neighbor 172.16.1.1
Provides a description of the neighbor. The description is
used to save comments and does not affect software
function.
Step 10 password { clear | encrypted } password
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# password
encrypted 123abc
Enables Message Digest 5 (MD5) authentication on the
TCP connection between the two BGP neighbors.
Step 11 shutdown
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# router
bgp 1
Terminates any active sessions for the specified neighbor
and removes all associated routing information.
Step 12 timers keepalive hold-time
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)# timers
12000 200
Set the timers for the BGP neighbor.
Step 13 update-source type interface-id
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
update-source gigabitEthernet 0/1/5/0
Allows iBGP sessions to use the primary IP address from a
specific interface as the local address when forming an
iBGP session with a neighbor.
Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
114
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 14 address-family vpnv6 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr)#
address-family vpvn6 unicast
Enters VPN neighbor address family configuration mode.
Step 15 route-policy route-policy-name { in | out }
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pe-pe-vpn-in in
Specifies a routing policy for an inbound route. The policy
can be used to filter routes or modify route attributes.
Step 16 route-policy route-policy-name { in | out }
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)#
route-policy pe-pe-vpn-out out
Specifies a routing policy for an outbound route. The policy
can be used to filter routes or modify route attributes.
Step 17 exit
Example:
RP/0/RSP0/CPU0:router(config-bgp-nbr-af)# exit
Exits address family configuration and neighbor submode.
Step 18 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf-pe
Configures a VRF instance.
Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
115
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring PE to CE Core
This task describes how to configure a PE to Customer Edge (CE) core.
SUMMARY STEPS
1. configure
2. router bgp
3. vrf vrf-name
4. bgp router-id ip-address
5. label-allocation-mode { per-ce | per-vrf }
6. address-family ipv6 unicast
7. redistribute {connected | static | eigrp }
8. neighbor ip-address
9. remote-as as-number
10. ebgp-multihop { maximum hops | mpls }
11. address-family ipv6 unicast
12. site-of-origin [ as-number : nn | ip-address : nn ]
Step 19 rd { as-number : nn | ip-address : nn | auto }
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
rd 345:567
Configures the route distinguisher.
Use the auto keyword if you want the router to
automatically assign a unique RD to the VRF.
Step 20 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)# end
or
RP/0/RSP0/CPU0:router(config-bgp-vrf)# commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
116
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
13. as-override
14. allowas-in [ as-occurrence-number ]
15. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router bgp as-number
Example:
RP/0/RSP0/CPU0:router(config)# router bgp 10
Specifies the BGP AS number and enters the BGP
configuration mode, allowing you to configure the BGP
routing process.
Step 3 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-bgp)# vrf vrf-pe
Configures a VRF instance.
Step 4 bgp router-id ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)#bgp
router-id 172.16.9.9
Configures a fixed router ID for a BGP-speaking router.
Step 5 label-allocation-mode { per-ce | per-vrf }
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
label-allocation-mode per-ce
Configures the per-CE label allocation mode to avoid an
extra lookup on the PE router and conserve label space
(per-prefix is the default label allocation mode). In this
mode, the PE router allocates one label for every immediate
next-hop (in most cases, this would be a CE router). This
label is directly mapped to the next hop, so there is no VRF
route lookup performed during data forwarding. However,
the number of labels allocated would be one for each CE
rather than one for each VRF. Because BGP knows all the
next hops, it assigns a label for each next hop (not for each
PE-CE interface). When the outgoing interface is a
multiaccess interface and the media access control (MAC)
address of the neighbor is not known, Address Resolution
Protocol (ARP) is triggered during packet forwarding.
The per-vrf keyword configures the same label to be used
for all the routes advertised from a unique VRF.Implementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
117
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 6 address-family ipv6 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
address-family ipv6 unicast
Specifies an IPv6 address family unicast and enters address
family configuration submode.
To see a list of all the possible keywords and arguments for
this command, use the CLI help (?).
Step 7 redistribute {connected | static | eigrp }
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-af)#
Causes routes from the specified instance to be redistributed
into BGP.
Step 8 neighbor ip-address
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf)#
neighbor 10.0.0.0
Configures a CE neighbor. The ip-address argument must
be a private address.
Step 9 remote-as as-number
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
remote-as 2
Configures the remote AS for the CE neighbor.
Step 10 ebgp-multihop { maximum hops | mpls }
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
ebgp-multihop 55
Configures the CE neighbor to accept and attempt BGP
connections to external peers residing on networks that are
not directly connected.
Step 11 address-family ipv6 unicast
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr)#
address-family ipv6 unicast
Specifies an IPv6 address family unicast and enters address
family configuration submode.
To see a list of all the possible keywords and arguments for
this command, use the CLI help (?).
Step 12 site-of-origin [as-number:nn | ip-address:nn ]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
site-of-origin 234:111
Configures the site-of-origin (SoO) extended community.
Routes that are learned from this CE neighbor are tagged
with the SoO extended community before being advertised
to the rest of the PEs. SoO is frequently used to detect loops
when as-override is configured on the PE router. If the
prefix is looped back to the same site, the PE detects this
and does not send the update to the CE.
Step 13 as-override
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
as-override
Configures AS override on the PE router. This causes the PE
router to replace the CEs ASN with its own (PE) ASN.
Note This loss of information could lead to routing loops;
to avoid loops caused by as-override, use it in
conjunction with site-of-origin.
Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
118
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuring OSPFv3 as the Routing Protocol Between the PE and CE Routers
Perform this task to configure provider edge (PE)-to-customer edge (CE) routing sessions that use Open
Shortest Path First version 3 (OSPFv3).
SUMMARY STEPS
1. configure
2. router ospfv3 process-name
3. vrf vrf-name
4. capability vrf-lite
5. router-id {router-id | type interface-path-id}
6. domain-id type {0005 | 0105 | 0205 | 8005} value domain-id
7. redistribute bgp process-id [metric metric-value] [metric-type {1 | 2}] [route-policy
policy-name] [tag tag-value]
or
Step 14 allowas-in [ as-occurrence-number ]
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
allowas-in 5
Allows an AS path with the PE autonomous system number
(ASN) a specified number of times.
Hub and spoke VPN networks need the looping back of
routing information to the HUB PE through the HUB CE.
When this happens, due to the presence of the PE ASN, the
looped-back information is dropped by the HUB PE. To
avoid this, use the allowas-in command to allow prefixes
even if they have the PEs ASN up to the specified number
of times.
Step 15 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
end
or
RP/0/RSP0/CPU0:router(config-bgp-vrf-nbr-af)#
commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
119
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
redistribute connected [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name]
[tag tag-value]
or
redistribute ospf process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric
metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]
or
redistribute static [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag
tag-value]
or
redistribute eigrp process-id [match {external [1 | 2] | internal | nssa-external [1 | 2]}] [metric
metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag tag-value]
or
redistribute rip [metric metric-value] [metric-type {1 | 2}] [route-policy policy-name] [tag
tag-value]
8. area area-id
9. interface type interface-path-id
10. end
or
commit
DETAILED STEPS
Command or Action Purpose
Step 1 configure
Example:
RP/0/RSP0/CPU0:router# configure
Enters global configuration mode.
Step 2 router ospf process-name
Example:
RP/0/RSP0/CPU0:router(config)# router ospf 109
Enters OSPF configuration mode allowing you to configure
the OSPF routing process.
Step 3 vrf vrf-name
Example:
RP/0/RSP0/CPU0:router(config-ospf)# vrf vrf_1
Configures a VPN routing and forwarding (VRF) instance
and enters VRF configuration mode for OSPF routing.
Step 4 capability vrf-lite
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)#
capability vrf-lite
Enables VRF Lite feature.
Step 5 router-id {router-id | type interface-path-id}
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)#
router-id 172.20.10.10
Configures the router ID for the VRF.
Note Router ID configuration is required for each VRF.Implementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
120
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 6 domain-id type {0005 | 0105 | 0205 | 8005}
value domain-id
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)#
domain-id type 0005 value CAFE00112233
Specifies the domain ID.
Step 7 redistribute bgp process-id [metric
metric-value] [metric-type {1 | 2}]
[route-policy policy-name] [tag tag-value]
or
redistribute connected [metric metric-value]
[metric-type {1 | 2}] [route-policy
policy-name] [tag tag-value]
or
redistribute ospf process-id [match {external
[1 | 2] | internal | nssa-external [1 | 2]}]
[metric metric-value] [metric-type {1 | 2}]
[route-policy policy-name] [tag tag-value]
or
redistribute static [metric metric-value]
[metric-type {1 | 2}] [route-policy
policy-name] [tag tag-value]
or
redistribute eigrp process-id [match {external
[1 | 2] | internal | nssa-external [1 |
2]]}[metric metric-value] [metric-type {1 | 2}]
[route-policy policy-name] [tag tag-value]
or
redistribute rip [metric metric-value]
[metric-type {1 | 2}] [route-policy
policy-name] [tag tag-value]
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)#
redistribute connected
Causes routes to be redistributed into OSPF. The routes that
can be redistributed into OSPF are:
Border Gateway Protocol (BGP)
Connected
Enhanced Interior Gateway Routing Protocol (EIGRP)
OSPF
Static
Routing Information Protocol (RIP)
Step 8 area area-id
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf)# area 0
Configures the OSPF area as area 0.
Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS
How to Implement 6PE/VPE
121
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Step 9 interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf-ar)#
interface GigabitEthernet 0/3/0/0
Associates interface GigabitEthernet 0/3/0/0 with area 0.
Step 10 end
or
commit
Example:
RP/0/RSP0/CPU0:router(config-ospf-vrf-ar-if)#
end
or
RP/0/RSP0/CPU0:router(config-ospf-vrf-ar-if)#
commit
Saves configuration changes.
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Command or Action PurposeImplementing IPv6 VPN Provider Edge Transport over MPLS
Configuration Examples for 6PE
122
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Configuration Examples for 6PE
This section includes these configuration example:
Configuring 6PE on a PE Router: Example, page VPC-122
Configuring 6VPE on a PE Router: Example, page VPC-122
Configuring 6PE on a PE Router: Example
This sample configuration shows the configuration of 6PE on a PE router:
interface GigabitEthernet0/3/0/0
ipv6 address 2001::1/64
!
router isis ipv6-cloud
net 49.0000.0000.0001.00
address-family ipv6 unicast
single-topology
interface GigabitEthernet0/3/0/0
address-family ipv6 unicast
!
!
router bgp 55400
bgp router-id 54.6.1.1
address-family ipv4 unicast
!
address-family ipv6 unicast
network 55:5::/64
redistribute connected
redistribute isis ipv6-cloud
allocate-label all
!
neighbor 34.4.3.3
remote-as 55400
address-family ipv4 unicast
!
address-family ipv6 labeled-unicast
Configuring 6VPE on a PE Router: Example
This sample configuration shows the configuration of 6VPE on a PE router:
vrf vpn1
address-family ipv6 unicast
import route-target
200:2
!
export route-target
200:2
interface Loopback0
ipv4 address 10.0.0.1 255.255.255.255
interface GigabitEthernet0/0/0/1
vrf vpn1
ipv6 address 2001:c003:a::2/64 Implementing IPv6 VPN Provider Edge Transport over MPLS
Configuration Examples for 6PE
123
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
router bgp 1
bgp router-id 10.0.0.1
bgp redistribute-internal
bgp graceful-restart
address-family ipv4 unicast
!
address-family vpnv6 unicast
!
neighbor 10.0.0.2 >>>> Remote peer loopback address.
remote-as 1
update-source Loopback0
address-family ipv4 unicast
!
address-family vpnv6 unicast
route-policy pass-all in
route-policy pass-all out
!
vrf vpn1
rd 100:2
bgp router-id 140.140.140.140
address-family ipv6 unicast
redistribute connected
!
neighbor 2001:c003:a::1
remote-as 6502
address-family ipv6 unicast
route-policy pass-all in
route-policy pass-all out
!
Configuring OSPFv3 between PE to CE: Example:
This example shows you how to configure provider edge (PE)-to-customer edge (CE) routing sessions
that use Open Shortest Path First version 3 (OSPFv3):
router ospfv3 0
vrf V1
router-id 100.0.0.2
domain-id type 0005 value CAFE00112233
domain-id secondary type 0105 value beef00000001
domain-id secondary type 0205 value beef00000002
capability vrf-lite
redistribute bgp 1
area 0
interface POS0/3/0/1
vrf V2
router-id 200.0.0.2
capability vrf-lite
area 1
interface POS0/3/0/2Implementing IPv6 VPN Provider Edge Transport over MPLS
Additional References
124
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Additional References
For additional information related to this feature, refer to these references:
Related Document
Standards
MIBs
RFCs
Related Topic Document Title
Getting started material Cisco ASR 9000 Series Aggregation Services Router Getting
Started Guide
Standards
1
1. Not all supported standards are listed.
Title
No new or modified standards are supported by this
feature, and support for existing standards has not been
modified by this feature.
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR software, use the
Cisco MIB Locator found at this URL and choose a platform under
the Cisco Access Products menu:
http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
RFCs Title
Implementing IPv6 VPN Provider Edge Transport over MPLS
Additional References
125
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
Technical Assistance
Description Link
The Cisco Technical Support website contains
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
http://www.cisco.com/techsupportImplementing IPv6 VPN Provider Edge Transport over MPLS
Additional References
126
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02127
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
HC Cisco ASR 9000 Series Aggregation Services Router Interface
and Hardware Component Configuration Guide
IC Cisco ASR 9000 Series Aggregation Services Router IP
Addresses and Services Configuration Guide
MCC Cisco ASR 9000 Series Aggregation Services Router
Multicast Configuration Guide
MNC Cisco ASR 9000 Series Aggregation Services Router System
Monitoring Configuration Guide
MPC Cisco ASR 9000 Series Aggregation Services Router MPLS
Configuration Guide
QC Cisco ASR 9000 Series Aggregation Services Router Modular
Quality of Service Configuration Guide
RC Cisco ASR 9000 Series Aggregation Services Router Routing
Configuration Guide
SC Cisco ASR 9000 Series Aggregation Services Router System
Security Configuration Guide
SMC Cisco ASR 9000 Series Aggregation Services Router System
Management Configuration Guide
LSC Cisco ASR 9000 Series Aggregation Services Router L2VPN
and Ethernet Services Configuration Guide
I N D E X
Numerics
6PE/VPE
BGP multipath VPC-108
conditions for use VPC-106
how to configure VPC-109
how to deploy VPC-107
overview VPC-106
prerequisites VPC-106
service provider considerations VPC-106
supported protocols VPC-110
A
automatic route distinguisher, MPLS Layer 3 VPN VPC-15
autonomous system VPC-16
B
BGP
confederations VPC-17
BGP (border gateway protocol)
distributing routes VPC-21
messages and MPLS labels VPC-20
routing information VPC-20
BGP4 configuration VPC-106
BGP multipath
6PE/VPE VPC-108
C
CSC (Carrier Supporting Carrier)
configuration examples VPC-78
configuration options for backbone and customer
carriers VPC-24
configuring a CSC-PE link VPC-71
configuring a static route to a peer VPC-78
customer carrier network options VPC-24
identifying topology VPC-70
CSC-CE link, how to configure VPC-75
CSC-PE link, how to configure VPC-71
customer edge router
6PE/VPE VPC-107
MPLS Layer 3 VPN VPC-12
customer edge router (CE)
MPLS Layer 3 VPN VPC-12
E
eBGP VPC-10Index
128
Cisco ASR 9000 Series Aggregation Services Router MPLS Layer 3 VPN Configuration Guide
OL-26115-02
G
Generic Routing Encapsulation (GRE over
L3VPN) VPC-21
I
Inter-AS configurations
BGP VPC-17
interprovider VPN VPC-16
supported VPC-16
interprovider VPN, MPLS VPN VPC-17
M
MPLS Layer 3 VPN
automatic route distinguisher VPC-15
autonomous system VPC-16
components VPC-12
concepts VPC-11
customer edge router VPC-12
customer router VPC-12
defined VPC-11
defining VPC-11
distributed routing information VPC-13
FIB VPC-10
implementing VPC-11
major components VPC-15
MPLS forwarding VPC-14
PE router VPC-12
prerequisites VPC-10
provider router VPC-12
restrictions VPC-10
scalability VPC-12
security VPC-12
topology VPC-12
VPN routing information VPC-14
working VPC-13
MPLS VPN
Inter-AS ASBRs VPC-15
major components VPC-15
P
PE router
MPLS Layer 3 VPN VPC-12
S
service provider edge routers, 6PE VPC-107
service providers, 6PE VPC-106
static
router to a peer, how to configure VPC-78
T
tunnel types
6PE VPC-107
V
verifying IP connectivity, CSC
MPLS Layer 3 VPN VPC-71
VRF (virtual routing and forwarding)
configuring backbone carrier core VPC-71
Cisco ASR 9000 Series Aggregation Services Router MPLS
Configuration Guide, Release 4.2.x
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-26056-02THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown
for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2012 Cisco Systems, Inc. All rights reserved.C O N T E N T S
P r e f a c e Preface xiii
Changes to This Document xiii
Obtaining Documentation and Submitting a Service Request xiii
C H A P T E R 1 Implementing MPLS Label Distribution Protocol 1
Prerequisites for Implementing Cisco MPLS LDP 2
Information About Implementing Cisco MPLS LDP 2
Overview of Label Distribution Protocol 2
Label Switched Paths 2
LDP Control Plane 3
Exchanging Label Bindings 4
LDP Forwarding 5
LDP Graceful Restart 6
Control Plane Failure 7
Phases in Graceful Restart 8
Recovery with Graceful-Restart 9
Label Advertisement Control (Outbound Filtering) 10
Label Acceptance Control (Inbound Filtering) 10
Local Label Allocation Control 11
Session Protection 11
IGP Synchronization 12
IGP Auto-configuration 13
LDP Nonstop Routing 13
IP LDP Fast Reroute Loop Free Alternate 14
Downstream on Demand 15
Explicit-Null and Implicit-Null Labels 16
How to Implement MPLS LDP 16
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 iiiConfiguring LDP Discovery Parameters 17
Configuring LDP Discovery Over a Link 19
Configuring LDP Discovery for Active Targeted Hellos 20
Configuring LDP Discovery for Passive Targeted Hellos 22
Configuring Label Advertisement Control (Outbound Filtering) 24
Setting Up LDP Neighbors 26
Setting Up LDP Forwarding 29
Setting Up LDP NSF Using Graceful Restart 31
Configuring Label Acceptance Control (Inbound Filtering) 34
Configuring Local Label Allocation Control 36
Configuring Session Protection 37
Configuring LDP IGP Synchronization: OSPF 39
Configuring LDP IGP Synchronization: ISIS 40
Enabling LDP Auto-Configuration for a Specified OSPF Instance 42
Enabling LDP Auto-Configuration in an Area for a Specified OSPF Instance 44
Disabling LDP Auto-Configuration 46
Configuring LDP Nonstop Routing 48
Configuring LDP Downstream on Demand mode 50
Redistributing MPLS LDP Routes into BGP 51
Setting Up Implicit-Null-Override Label 52
Configuration Examples for Implementing MPLS LDP 54
Configuring LDP with Graceful Restart: Example 54
Configuring LDP Discovery: Example 54
Configuring LDP Link: Example 54
Configuring LDP Discovery for Targeted Hellos: Example 55
Configuring Label Advertisement (Outbound Filtering): Example 55
Configuring LDP Neighbors: Example 56
Configuring LDP Forwarding: Example 56
Configuring LDP Nonstop Forwarding with Graceful Restart: Example 56
Configuring Label Acceptance (Inbound Filtering): Example 57
Configuring Local Label Allocation Control: Example 57
Configuring LDP Session Protection: Example 58
Configuring LDP IGP SynchronizationOSPF: Example 58
Configuring LDP IGP SynchronizationISIS: Example 58
Configuring LDP Auto-Configuration: Example 59
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
iv OL-26056-02
ContentsConfigure IP LDP Fast Reroute Loop Free Alternate: Example 59
Verify IP LDP Fast Reroute Loop Free Alternate: Example 61
Additional References 63
C H A P T E R 2 Implementing RSVP for MPLS-TE 65
Prerequisites for Implementing RSVP for MPLS-TE 66
Information About Implementing RSVP for MPLS-TE 66
Overview of RSVP for MPLS-TE 66
LSP Setup 67
High Availability 67
Graceful Restart 67
Graceful Restart: Standard and Interface-Based 68
Graceful Restart: Figure 69
ACL-based Prefix Filtering 70
RSVP MIB 70
Information About Implementing RSVP Authentication 71
RSVP Authentication Functions 71
RSVP Authentication Design 71
Global, Interface, and Neighbor Authentication Modes 72
Security Association 73
Key-source Key-chain 74
Guidelines for Window-Size and Out-of-Sequence Messages 75
Caveats for Out-of-Sequence 75
How to Implement RSVP 75
Configuring Traffic Engineering Tunnel Bandwidth 76
Confirming DiffServ-TE Bandwidth 76
Enabling Graceful Restart 78
Configuring ACL-based Prefix Filtering 80
Configuring ACLs for Prefix Filtering 80
Configuring RSVP Packet Dropping 81
Verifying RSVP Configuration 83
Enabling RSVP Traps 86
How to Implement RSVP Authentication 88
Configuring Global Configuration Mode RSVP Authentication 88
Enabling RSVP Authentication Using the Keychain in Global Configuration Mode 88
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 v
ContentsConfiguring a Lifetime for RSVP Authentication in Global Configuration Mode 90
Configuring the Window Size for RSVP Authentication in Global Configuration
Mode 91
Configuring an Interface for RSVP Authentication 93
Specifying the RSVP Authentication Keychain in Interface Mode 93
Configuring a Lifetime for an Interface for RSVP Authentication 95
Configuring the Window Size for an Interface for RSVP Authentication 96
Configuring RSVP Neighbor Authentication 98
Specifying the Keychain for RSVP Neighbor Authentication 98
Configuring a Lifetime for RSVP Neighbor Authentication 100
Configuring the Window Size for RSVP Neighbor Authentication 102
Verifying the Details of the RSVP Authentication 104
Eliminating Security Associations for RSVP Authentication 104
Configuration Examples for RSVP 104
Bandwidth Configuration (Prestandard): Example 104
Bandwidth Configuration (MAM): Example 104
Bandwidth Configuration (RDM): Example 105
Refresh Reduction and Reliable Messaging Configuration: Examples 105
Refresh Interval and the Number of Refresh Messages Configuration: Example 105
Retransmit Time Used in Reliable Messaging Configuration: Example 105
Acknowledgement Times Configuration: Example 105
Summary Refresh Message Size Configuration: Example 106
Disable Refresh Reduction: Example 106
Configure Graceful Restart: Examples 106
Enable Graceful Restart: Example 106
Enable Interface-Based Graceful Restart: Example 106
Change the Restart-Time: Example 107
Change the Hello Interval: Example 107
Configure ACL-based Prefix Filtering: Example 107
Set DSCP for RSVP Packets: Example 107
Enable RSVP Traps: Example 108
Configuration Examples for RSVP Authentication 108
RSVP Authentication Global Configuration Mode: Example 108
RSVP Authentication for an Interface: Example 109
RSVP Neighbor Authentication: Example 109
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
vi OL-26056-02
ContentsRSVP Authentication by Using All the Modes: Example 110
Additional References 110
C H A P T E R 3 Implementing MPLS Forwarding 113
Prerequisites for Implementing Cisco MPLS Forwarding 113
Restrictions for Implementing Cisco MPLS Forwarding 113
Information About Implementing MPLS Forwarding 114
MPLS Forwarding Overview 114
Label Switching Functions 114
Distribution of Label Bindings 115
MFI Control-Plane Services 115
MFI Data-Plane Services 115
MPLS Maximum Transmission Unit 116
Additional References 116
C H A P T E R 4 Implementing MPLS Traffic Engineering 119
Prerequisites for Implementing Cisco MPLS Traffic Engineering 120
Restrictions for Implementing Cisco MPLS Traffic Engineering 120
Information About Implementing MPLS Traffic Engineering 121
Overview of MPLS Traffic Engineering 121
Benefits of MPLS Traffic Engineering 121
How MPLS-TE Works 121
MPLS Traffic Engineering 123
Backup AutoTunnels 123
AutoTunnel Attribute-set 123
Link Protection 124
Node Protection 124
Backup AutoTunnel Assignment 125
Explicit Paths 126
Periodic Backup Promotion 126
Protocol-Based CLI 126
Differentiated Services Traffic Engineering 127
Prestandard DS-TE Mode 127
IETF DS-TE Mode 127
Bandwidth Constraint Models 128
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 vii
ContentsMaximum Allocation Bandwidth Constraint Model 128
Russian Doll Bandwidth Constraint Model 128
TE Class Mapping 129
Flooding 129
Flooding Triggers 129
Flooding Thresholds 130
Fast Reroute 130
MPLS-TE and Fast Reroute over Link Bundles 131
Ignore Intermediate System-to-Intermediate System Overload Bit Setting in MPLS-TE 131
Flexible Name-based Tunnel Constraints 132
MPLS Traffic Engineering Interarea Tunneling 133
Interarea Support 133
Multiarea Support 134
Loose Hop Expansion 134
Loose Hop Reoptimization 135
ABR Node Protection 135
Fast Reroute Node Protection 135
MPLS-TE Forwarding Adjacency 135
MPLS-TE Forwarding Adjacency Benefits 136
MPLS-TE Forwarding Adjacency Restrictions 136
MPLS-TE Forwarding Adjacency Prerequisites 136
Path Computation Element 136
Path Protection 138
Prerequisites for Path Protection 138
Restrictions for Path Protection 139
MPLS-TE Automatic Bandwidth 139
MPLS-TE Automatic Bandwidth Overview 139
Adjustment Threshold 141
Overflow Detection 141
Restrictions for MPLS-TE Automatic Bandwidth 141
Point-to-Multipoint Traffic-Engineering 142
Point-to-Multipoint Traffic-Engineering Overview 142
Point-to-Multipoint RSVP-TE 144
Point-to-Multipoint Fast Reroute 144
Point-to-Multipoint Label Switch Path 144
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
viii OL-26056-02
ContentsPath Option for Point-to-Multipoint RSVP-TE 145
MPLS Traffic Engineering Shared Risk Link Groups 146
Explicit Path 147
Fast ReRoute with SRLG Constraints 148
Importance of Protection 149
Delivery of Packets During a Failure 150
Multiple Backup Tunnels Protecting the Same Interface 150
SRLG Limitations 150
Soft-Preemption 151
Path Option Attributes 151
Configuration Hierarchy of Path Option Attributes 152
Traffic Engineering Bandwidth and Bandwidth Pools 152
Path Option Switchover 153
Path Option and Path Protection 153
Auto-Tunnel Mesh 154
Destination List (Prefix-List) 154
How to Implement Traffic Engineering 155
Building MPLS-TE Topology 155
Creating an MPLS-TE Tunnel 158
Configuring Forwarding over the MPLS-TE Tunnel 161
Protecting MPLS Tunnels with Fast Reroute 164
Enabling an AutoTunnel Backup 169
Removing an AutoTunnel Backup 170
Establishing MPLS Backup AutoTunnels to Protect Fast Reroutable TE LSPs 172
Establishing Next-Hop Tunnels with Link Protection 174
Configuring a Prestandard DS-TE Tunnel 176
Configuring an IETF DS-TE Tunnel Using RDM 178
Configuring an IETF DS-TE Tunnel Using MAM 181
Configuring MPLS -TE and Fast-Reroute on OSPF 184
Configuring the Ignore Integrated IS-IS Overload Bit Setting in MPLS-TE 187
Configuring Flexible Name-based Tunnel Constraints 188
Assigning Color Names to Numeric Values 188
Associating Affinity-Names with TE Links 190
Associating Affinity Constraints for TE Tunnels 192
Configuring IS-IS to Flood MPLS-TE Link Information 193
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 ix
ContentsConfiguring an OSPF Area of MPLS-TE 195
Configuring Explicit Paths with ABRs Configured as Loose Addresses 197
Configuring MPLS-TE Forwarding Adjacency 199
Configuring a Path Computation Client and Element 200
Configuring a Path Computation Client 200
Configuring a Path Computation Element Address 202
Configuring PCE Parameters 203
Configuring Path Protection on MPLS-TE 206
Enabling Path Protection for an Interface 206
Assigning a Dynamic Path Option to a Tunnel 208
Forcing a Manual Switchover on a Path-Protected Tunnel 210
Configuring the Delay the Tunnel Takes Before Reoptimization 210
Configuring the Automatic Bandwidth 212
Configuring the Collection Frequency 212
Forcing the Current Application Period to Expire Immediately 214
Configuring the Automatic Bandwidth Functions 215
Configuring the Shared Risk Link Groups 218
Configuring the SRLG Values of Each Link that has a Shared Risk with Another
Link 218
Creating an Explicit Path With Exclude SRLG 220
Using Explicit Path With Exclude SRLG 222
Creating a Link Protection on Backup Tunnel with SRLG Constraint 226
Creating a Node Protection on Backup Tunnel with SRLG Constraint 229
Configuring Point-to-Multipoint TE 232
Enabling Multicast Routing on the Router 232
Configuring the Static Group for the Point-to-Multipoint Interface 235
Configuring Destinations for the Tunnel Interface 237
Disabling Destinations 241
Logging Per Destinations for Point-to-Multipoint 243
Enabling Soft-Preemption on a Node 245
Enabling Soft-Preemption on a Tunnel 247
Configuring Attributes within a Path-Option Attribute 249
Configuring Auto-Tunnel Mesh Tunnel ID 251
Configuring Auto-tunnel Mesh Unused Timeout 252
Configuring Auto-Tunnel Mesh Group 254
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
x OL-26056-02
ContentsConfiguring Tunnel Attribute-Set Templates 256
Enabling LDP on Auto-Tunnel Mesh 258
Configuration Examples for Cisco MPLS-TE 260
Build MPLS-TE Topology and Tunnels: Example 260
Configure IETF DS-TE Tunnels: Example 261
Configure MPLS-TE and Fast-Reroute on OSPF: Example 262
Configure the Ignore IS-IS Overload Bit Setting in MPLS-TE: Example 262
Configure Flexible Name-based Tunnel Constraints: Example 263
Configure an Interarea Tunnel: Example 264
Configure Forwarding Adjacency: Example 265
Configure PCE: Example 265
Configure Tunnels for Path Protection: Example 266
Configure Automatic Bandwidth: Example 267
Configure the MPLS-TE Shared Risk Link Groups: Example 267
Configure the MPLS-TE Auto-Tunnel Backup: Example 269
Configure Point-to-Multipoint TE: Examples 276
P2MP Topology Scenario: Example 276
Configure Point-to-Multipoint for the Source: Example 278
Configure the Point-to-Multipoint Tunnel: Example 278
Disable a Destination: Example 279
Configure the Point-to-Multipoint Solution: Example 279
Additional References 283
C H A P T E R 5 Implementing MPLS OAM 285
Prerequisites for MPLS LSP Ping and Traceroute for P2MP 285
MPLS Network Management with MPLS LSP Ping and MPLS LSP Traceroute 286
Roles of Various Routers 286
P2MP Ping 287
P2MP Traceroute 288
Configure the Ping and Traceroute: Example 288
C H A P T E R 6 Implementing MPLS Transport Profile 295
Restrictions for MPLS-TP 295
Information About Implementing MPLS Transport Profile 296
MPLS Transport Profile 296
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 xi
ContentsBidirectional LSPs 297
MPLS-TP Path Protection 297
Fault OAM Support 297
MPLS-TP Links and Physical Interfaces 299
Tunnel LSPs 299
MPLS-TP IP-less support 300
How to Implement MPLS Transport Profile 300
Configuring the Node ID and Global ID 300
Configuring Pseudowire OAM Attributes 301
Configuring the Pseudowire Class 302
Configuring the Pseudowire 303
Configuring the MPLS TP Tunnel 304
Configuring MPLS-TP LSPs at Midpoint 307
Configuring MPLS-TP Links and Physical Interfaces 309
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
xii OL-26056-02
ContentsPreface
The Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide preface contains these
sections:
Changes to This Document, page xiii
Obtaining Documentation and Submitting a Service Request, page xiii
Changes to This Document
This table lists the technical changes made to this document since it was first printed.
Table 1: Changes to This Document
Revision Date Change Summary
Republished with documentation
updates for Cisco IOS XR Release
4.2.1.
OL-26056-02 June 2012
OL-26056-01 December 2011 Initial release of this document.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation,submitting a service request, and gathering additional information,
see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco
technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 xiii Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
xiv OL-26056-02
Preface
Obtaining Documentation and Submitting a Service RequestC H A P T E R 1
Implementing MPLS Label Distribution Protocol
This module describes how to implement MPLS Label Distribution Protocol on Cisco ASR 9000 Series
Aggregation Services Routers.
The Multiprotocol Label Switching (MPLS) is a standards-based solution driven by the Internet Engineering
Task Force (IETF) that was devised to convert the Internet and IP backbones from best-effort networks into
business-class transport mediums.
MPLS, with its label switching capabilities, eliminates the need for an IP route look-up and creates a virtual
circuit (VC)switching function, allowing enterprisesthe same performance on their IP-based network services
as with those delivered over traditional networks such as Frame Relay or ATM.
Label Distribution Protocol (LDP) performs label distribution in MPLS environments. LDP provides the
following capabilities:
LDP performs hop-by-hop or dynamic path setup; it does not provide end-to-end switching services.
LDP assigns labels to routes using the underlying Interior Gateway Protocols (IGP) routing protocols.
LDP provides constraint-based routing using LDP extensions for traffic engineering.
Finally, LDP is deployed in the core of the network and is one of the key protocols used in MPLS-based
Layer 2 and Layer 3 virtual private networks (VPNs).
Feature History for Implementing MPLS LDP
Release Modification
Release 3.7.2 This feature was introduced.
Support was added for these features:
IP LDP Fast Reroute Loop Free Alternate
Downstream on Demand
Release 4.0.1
Release 4.2.1 Support was added for LDP Implicit Null for IGP Routes.
Prerequisites for Implementing Cisco MPLS LDP, page 2
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 1 Information About Implementing Cisco MPLS LDP, page 2
How to Implement MPLS LDP , page 16
Configuration Examples for Implementing MPLS LDP, page 54
Additional References, page 63
Prerequisites for Implementing Cisco MPLS LDP
These prerequisites are required to implement MPLS LDP:
You must be in a user group associated with a task group that includesthe proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
You must be running Cisco IOS XR software.
You must install a composite mini-image and the MPLS package.
You must activate IGP.
We recommend to use a lower session holdtime bandwidth such as neighbors so that a session down
occurs before an adjacency-down on a neighbor. Therefore, the following default values for the hello
times are listed:
Holdtime is 15 seconds.
Interval is 5 seconds.
For example, the LDP session holdtime can be configured as 30 seconds by using the holdtime command.
Information About Implementing Cisco MPLS LDP
To implement MPLS LDP, you should understand these concepts:
Overview of Label Distribution Protocol
LDP performs label distribution in MPLS environments. LDP uses hop-by-hop or dynamic path setup, but
does not provide end-to-end switching services. Labels are assigned to routesthat are chosen by the underlying
IGP routing protocols. The Label Switched Paths (LSPs) that result from the routes, forward labeled traffic
across the MPLS backbone to adjacent nodes.
Label Switched Paths
LSPs are created in the network through MPLS. They can be created statically, by RSVP traffic engineering
(TE), or by LDP. LSPs created by LDP perform hop-by-hop path setup instead of an end-to-end path.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
2 OL-26056-02
Implementing MPLS Label Distribution Protocol
Prerequisites for Implementing Cisco MPLS LDPLDP Control Plane
The control plane enableslabelswitched routers(LSRs) to discover their potential peer routers and to establish
LDP sessions with those peers to exchange label binding information.
This figure shows the control messages exchanged between LDP peers.
Figure 1: LDP Control Protocol
LDP uses the hello discovery mechanism to discover its neighbor or peer on the network. When LDP is
enabled on an interface, it sends hello messages to a link-local multicast address, and joins a specific multicast
group to receive hellos from other LSRs present on the given link. When LSRs on a given link receive hellos,
their neighbors are discovered and the LDP session (using TCP) is established.
Hellos are not only used to discover and trigger LDP sessions; they are also required to maintain LDP
sessions. If a certain number of hellos from a given peer are missed in sequence, LDP sessions are brought
down until the peer is discovered again.
Note
LDP also supports non-link neighbors that could be multiple hops away on the network, using the targeted
hello mechanism. In these cases, hellos are sent on a directed, unicast address.
The first message in the session establishment phase is the initialization message, which is used to negotiate
session parameters. After session establishment, LDP sends a list of all its interface addresses to its peers in
an address message.Whenever a new address becomes available or unavailable, the peers are notified regarding
such changes via ADDRESS or ADDRESS_WITHDRAW messages respectively.
When MPLS LDP learns an IGP prefix it allocates a label locally as the inbound label. The local binding
between the prefix label is conveyed to its peers via LABEL_MAPPING message. If the binding breaks and
becomes unavailable, a LABEL_WITHDRAW message is sent to all its peers, which responds with
LABEL_RELEASE messages.
The local label binding and remote label binding received from its peer(s) is used to setup forwarding entries.
Using routing information from the IGP protocol and the forwarding information base (FIB), the next active
hop isselected. Label binding islearned from the next hop peer, and is used asthe outbound label while setting
up the forwarding plane.
The LDP session is also kept alive using the LDP keepalive mechanism, where an LSR sends a keepalive
message periodically to its peers. If no messages are received and a certain number of keepalive messages
are missed from a peer, the session is declared dead, and brought down immediately.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 3
Implementing MPLS Label Distribution Protocol
Overview of Label Distribution ProtocolRelated Topics
Configuring LDP Discovery Parameters, on page 17
Configuring LDP Discovery Over a Link, on page 19
Configuring LDP Link: Example, on page 54
Configuring LDP Discovery for Active Targeted Hellos, on page 20
Configuring LDP Discovery for Passive Targeted Hellos, on page 22
Configuring LDP Discovery for Targeted Hellos: Example, on page 55
Exchanging Label Bindings
LDP creates LSPs to perform the hop-by-hop path setup so that MPLS packets can be transferred between
the nodes on the MPLS network.
This figure illustrates the process of label binding exchange for setting up LSPs.
Figure 2: Setting Up Label Switched Paths
For a given network (10.0.0.0), hop-by-hop LSPs are set up between each of the adjacent routers (or, nodes)
and each node allocates a local label and passes it to its neighbor as a binding:
1 R4 allocates local label L4 for prefix 10.0.0.0 and advertises it to its neighbors (R3).
2 R3 allocates local label L3 for prefix 10.0.0.0 and advertises it to its neighbors (R1, R2, R4).
3 R1 allocates local label L1 for prefix 10.0.0.0 and advertises it to its neighbors (R2, R3).
4 R2 allocates local label L2 for prefix 10.0.0.0 and advertises it to its neighbors (R1, R3).
5 R1s label information base (LIB) keeps local and remote labels bindings from its neighbors.
6 R2s LIB keeps local and remote labels bindings from its neighbors.
7 R3s LIB keeps local and remote labels bindings from its neighbors.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
4 OL-26056-02
Implementing MPLS Label Distribution Protocol
Overview of Label Distribution Protocol8 R4s LIB keeps local and remote labels bindings from its neighbors.
Related Topics
Setting Up LDP Neighbors, on page 26
Configuring LDP Neighbors: Example, on page 56
LDP Forwarding
Once label bindings are learned, the LDP control plane is ready to setup the MPLS forwarding plane as shown
in the following figure.
Once label bindings are learned, the LDP control plane is ready to setup the MPLS forwarding plane as shown
in this figure.
Figure 3: Forwarding Setup
1 Because R3 is next hop for 10.0.0.0 as notified by the FIB, R1 selects label binding from R3 and installs
forwarding entry (Layer 1, Layer 3).
2 Because R3 is next hop for 10.0.0.0 (as notified by FIB), R2 selects label binding from R3 and installs
forwarding entry (Layer 2, Layer 3).
3 Because R4 is next hop for 10.0.0.0 (as notified by FIB), R3 selects label binding from R4 and installs
forwarding entry (Layer 3, Layer 4).
4 Because next hop for 10.0.0.0 (as notified by FIB) is beyond R4, R4 uses NO-LABEL as the outbound
and installs the forwarding entry (Layer 4); the outbound packet is forwarded IP-only.
5 Incoming IP traffic on ingress LSR R1 gets label-imposed and is forwarded as an MPLS packet with label
L3.
6 Incoming IP traffic on ingress LSR R2 gets label-imposed and is forwarded as an MPLS packet with label
L3.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 5
Implementing MPLS Label Distribution Protocol
Overview of Label Distribution Protocol7 R3 receives an MPLS packet with label L3, looks up in the MPLS label forwarding table and switches
this packet as an MPLS packet with label L4.
8 R4 receives an MPLS packet with label L4, looks up in the MPLS label forwarding table and finds that it
should be Unlabeled, pops the top label, and passes it to the IP forwarding plane.
9 IP forwarding takes over and forwards the packet onward.
Related Topics
Setting Up LDP Forwarding, on page 29
Configuring LDP Forwarding: Example, on page 56
LDP Graceful Restart
LDP (Label Distribution Protocol) graceful restart provides a control plane mechanism to ensure high
availability and allows detection and recovery from failure conditions while preserving Nonstop Forwarding
(NSF)services. Graceful restart is a way to recover from signaling and control plane failures without impacting
forwarding.
Without LDP graceful restart, when an established session fails, the corresponding forwarding states are
cleaned immediately from the restarting and peer nodes. In this case LDP forwarding restarts from the
beginning, causing a potential loss of data and connectivity.
The LDP graceful restart capability is negotiated between two peers during session initialization time, in FT
SESSION TLV. In this typed length value (TLV), each peer advertises the following information to its peers:
Reconnect time
Advertises the maximum time that other peer will wait for this LSR to reconnect after control channel
failure.
Recovery time
Advertises the maximum time that the other peer has on its side to reinstate or refresh its states with
this LSR. This time is used only during session reestablishment after earlier session failure.
FT flag
Specifies whether a restart could restore the preserved (local) node state for this flag.
Once the graceful restart session parameters are conveyed and the session is up and running, graceful restart
procedures are activated.
When configuring the LDP graceful restart process in a network with multiple links, targeted LDP hello
adjacencies with the same neighbor, or both, make sure that graceful restart is activated on the session before
any hello adjacency times out in case of neighbor control plane failures. One way of achieving this is by
configuring a lower session hold time between neighbors such that session timeout occurs before hello
adjacency timeout. It is recommended to set LDP session hold time using the following formula:
Session Holdtime <= (Hello holdtime - Hello interval) * 3
This meansthat for default values of 15 seconds and 5 secondsfor link Hello holdtime and interval respectively,
session hold time should be set to 30 seconds at most.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
6 OL-26056-02
Implementing MPLS Label Distribution Protocol
LDP Graceful RestartFor more information about LDP commands,see the Implementing MPLS Label Distribution Protocol module
of the Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide.
Related Topics
Setting Up LDP NSF Using Graceful Restart, on page 31
Configuring LDP Nonstop Forwarding with Graceful Restart: Example, on page 56
Control Plane Failure
When a control plane failure occurs, connectivity can be affected. The forwarding statesinstalled by the router
control planes are lost, and the in-transit packets could be dropped, thus breaking NSF.
Thisfigure illustrates a control plane failure and showsthe process and results of a control plane failure leading
to loss of connectivity.
Figure 4: Control Plane Failure
1 The R4 LSR control plane restarts.
2 LIB is lost when the control plane restarts.
3 The forwarding states installed by the R4 LDP control plane are immediately deleted.
4 Any in-transit packets flowing from R3 to R4 (still labeled with L4) arrive at R4.
5 The MPLS forwarding plane at R4 performs a lookup on local label L4 which fails. Because of thisfailure,
the packet is dropped and NSF is not met.
6 The R3 LDP peer detects the failure of the control plane channel and deletes its label bindings from R4.
7 The R3 control plane stops using outgoing labels from R4 and deletes the corresponding forwarding state
(rewrites), which in turn causes forwarding disruption.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 7
Implementing MPLS Label Distribution Protocol
LDP Graceful Restart8 The established LSPs connected to R4 are terminated at R3, resulting in broken end-to-end LSPs from R1
to R4.
9 The established LSPs connected to R4 are terminated at R3, resulting in broken LSPs end-to-end from R2
to R4.
Phases in Graceful Restart
The graceful restart mechanism is divided into different phases:
Control communication failure detection
Control communication failure is detected when the system detects either:
Missed LDP hello discovery messages
Missed LDP keepalive protocol messages
Detection of Transmission Control Protocol (TCP) disconnection a with a peer
Forwarding state maintenance during failure
Persistent forwarding states at each LSR are achieved through persistent storage (checkpoint) by the
LDP control plane. While the control plane is in the process of recovering, the forwarding plane keeps
the forwarding states, but marks them as stale. Similarly, the peer control plane also keeps (and marks
as stale) the installed forwarding rewrites associated with the node that is restarting. The combination
of local node forwarding and remote node forwarding plane states ensures NSF and no disruption in
the traffic.
Control state recovery
Recovery occurs when the session isreestablished and label bindings are exchanged again. This process
allows the peer nodes to synchronize and to refresh stale forwarding states.
Related Topics
Setting Up LDP NSF Using Graceful Restart, on page 31
Configuring LDP Nonstop Forwarding with Graceful Restart: Example, on page 56
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
8 OL-26056-02
Implementing MPLS Label Distribution Protocol
LDP Graceful RestartRecovery with Graceful-Restart
This figure illustrates the process of failure recovery using graceful restart.
Figure 5: Recovering with Graceful Restart
1 The router R4 LSR control plane restarts.
2 With the control plane restart, LIB is gone but forwarding states installed by R4s LDP control plane are
not immediately deleted but are marked as stale.
3 Any in-transit packets from R3 to R4 (still labeled with L4) arrive at R4.
4 The MPLS forwarding plane at R4 performs a successful lookup for the local label L4 as forwarding is
still intact. The packet is forwarded accordingly.
5 The router R3 LDP peer detects the failure of the control plane and channel and deletes the label bindings
from R4. The peer, however, does not delete the corresponding forwarding states but marks them as stale.
6 At this point there are no forwarding disruptions.
7 The peer also starts the neighbor reconnect timer using the reconnect time value.
8 The established LSPs going toward the router R4 are still intact, and there are no broken LSPs.
When the LDP control plane recovers, the restarting LSR starts its forwarding state hold timer and restores
its forwarding state from the checkpointed data. This action reinstates the forwarding state and entries and
marks them as old.
The restarting LSR reconnects to its peer, indicated in the FT Session TLV, that it either was or was not able
to restore its state successfully. If it was able to restore the state, the bindings are resynchronized.
The peer LSR stops the neighbor reconnect timer (started by the restarting LSR), when the restarting peer
connects and starts the neighbor recovery timer. The peer LSR checks the FT Session TLV if the restarting
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 9
Implementing MPLS Label Distribution Protocol
LDP Graceful Restartpeer was able to restore its state successfully. It reinstates the corresponding forwarding state entries and
receives binding from the restarting peer. When the recovery timer expires, any forwarding state that is still
marked as stale is deleted.
If the restarting LSR fails to recover (restart), the restarting LSR forwarding state and entries will eventually
timeout and is deleted, while neighbor-related forwarding states or entries are removed by the Peer LSR on
expiration of the reconnect or recovery timers.
Related Topics
Setting Up LDP NSF Using Graceful Restart, on page 31
Configuring LDP Nonstop Forwarding with Graceful Restart: Example, on page 56
Label Advertisement Control (Outbound Filtering)
By default, LDP advertises labels for all the prefixes to all its neighbors. When this is not desirable (for
scalability and security reasons), you can configure LDP to perform outbound filtering for local label
advertisement for one or more prefixes to one more peers. This feature is known as LDP outbound label
filtering, or local label advertisement control.
Related Topics
Configuring Label Advertisement Control (Outbound Filtering), on page 24
Configuring Label Advertisement (Outbound Filtering): Example, on page 55
Label Acceptance Control (Inbound Filtering)
By default, LDP accepts labels (as remote bindings) for all prefixes from all peers. LDP operates in liberal
label retention mode, which instructs LDP to keep remote bindings from all peers for a given prefix. For
security reasons, or to conserve memory, you can override this behavior by configuring label binding acceptance
for set of prefixes from a given peer.
The ability to filter remote bindings for a defined set of prefixes is also referred to as LDP inbound label
filtering.
Inbound filtering can also be implemented using an outbound filtering policy; however, you may not be
able to implement this system if an LDP peer resides under a different administration domain. When both
inbound and outbound filtering options are available, we recommend that you use outbound label filtering.
Note
Related Topics
Configuring Label Acceptance Control (Inbound Filtering), on page 34
Configuring Label Acceptance (Inbound Filtering): Example, on page 57
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
10 OL-26056-02
Implementing MPLS Label Distribution Protocol
Label Advertisement Control (Outbound Filtering)Local Label Allocation Control
By default, LDP allocates local labels for all prefixes that are not Border Gateway Protocol (BGP) prefixes
1
.
This is acceptable when LDP is used for applications other than Layer 3 virtual private networks (L3VPN)
core transport. When LDP is used to set up transport LSPs for L3VPN traffic in the core, it is not efficient or
even necessary to allocate and advertise local labels for, potentially, thousands of IGP prefixes. In such a case,
LDP is typically required to allocate and advertise local label for loopback /32 addresses for PE routers. This
is accomplished using LDP local label allocation control, where an access list can be used to limit allocation
of local labels to a set of prefixes. Limiting local label allocation provides several benefits, including reduced
memory usage requirements, fewer local forwarding updates, and fewer network and peer updates.
You can configure label allocation using an IP access list to specify a set of prefixes that local labels can
allocate and advertise.
Tip
Related Topics
Configuring Local Label Allocation Control, on page 36
Configuring Local Label Allocation Control: Example, on page 57
Session Protection
When a link comes up, IP converges earlier and much faster than MPLS LDP and may result in MPLS traffic
loss until MPLS convergence. If a link flaps, the LDP session will also flap due to loss of link discovery. LDP
session protection minimizestraffic loss, providesfaster convergence, and protects existing LDP (link)sessions
by means of parallel source of targeted discovery hello. An LDP session is kept alive and neighbor label
bindings are maintained when links are down. Upon reestablishment of primary link adjacencies, MPLS
convergence is expedited as LDP need not relearn the neighbor label bindings.
LDP session protection lets you configure LDP to automatically protect sessions with all or a given set of
peers (as specified by peer-acl). When configured, LDP initiates backup targeted hellos automatically for
neighbors for which primary link adjacencies already exist. These backup targeted hellos maintain LDP
sessions when primary link adjacencies go down.
The Session Protection figure illustrates LDP session protection between neighbors R1 and R3. The primary
link adjacency between R1 and R3 is directly connected link and the backup; targeted adjacency is maintained
between R1 and R3. If the direct link fails, LDP link adjacency is destroyed, but the session is kept up and
1
For L3VPN Inter-AS option C, LDP may also be required to assign local labels for some BGP prefixes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 11
Implementing MPLS Label Distribution Protocol
Local Label Allocation Controlrunning using targeted hello adjacency (through R2). When the direct link comes back up, there is no change
in the LDP session state and LDP can converge quickly and begin forwarding MPLS traffic.
Figure 6: Session Protection
When LDP session protection is activated (upon link failure), protection is maintained for an unlimited
period time.
Note
Related Topics
Configuring Session Protection, on page 37
Configuring LDP Session Protection: Example, on page 58
IGP Synchronization
Lack of synchronization between LDP and IGP can cause MPLS traffic loss. Upon link up, for example, IGP
can advertise and use a link before LDP convergence has occurred; or, a link may continue to be used in IGP
after an LDP session goes down.
LDP IGP synchronization synchronizes LDP and IGP so that IGP advertises links with regular metrics only
when MPLS LDP is converged on that link. LDP considers a link converged when at least one LDP session
is up and running on the link for which LDP has sent its applicable label bindings and received at least one
label binding from the peer. LDP communicates this information to IGP upon link up or session down events
and IGP acts accordingly, depending on sync state.
In the event of an LDP graceful restart session disconnect, a session is treated as converged as long as the
graceful restart neighbor is timed out. Additionally, upon local LDP restart, a checkpointed recovered LDP
graceful restart session is used and treated as converged and is given an opportunity to connect and
resynchronize.
Under certain circumstances, it might be required to delay declaration of resynchronization to a configurable
interval. LDP provides a configuration option to delay declaring synchronization up for up to 60 seconds.
LDP communicates this information to IGP upon linkup or session down events.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
12 OL-26056-02
Implementing MPLS Label Distribution Protocol
IGP SynchronizationThe configuration for LDP IGP synchronization resides in respective IGPs (OSPF and IS-IS) and there
is no LDP-specific configuration for enabling of thisfeature. However, there is a specific LDP configuration
for IGP sync delay timer.
Note
Related Topics
Configuring LDP IGP Synchronization: OSPF, on page 39
Configuring LDP IGP SynchronizationOSPF: Example, on page 58
Configuring LDP IGP Synchronization: ISIS, on page 40
Configuring LDP IGP SynchronizationISIS: Example, on page 58
IGP Auto-configuration
To enable LDP on a large number of interfaces, IGP auto-configuration lets you automatically configure LDP
on all interfaces associated with a specified IGP interface; for example, when LDP is used for transport in the
core network. However, there needs to be one IGP set up to enable LDP auto-configuration.
Typically, LDP assigns and advertises labels for IGP routes and must often be enabled on all active interfaces
by an IGP. Without IGP auto-configuration, you must define the set of interfaces under LDP, a procedure
that is time-intensive and error-prone.
LDP auto-configuration is supported for IPv4 unicast family in the default VRF. The IGP is responsible
for verifying and applying the configuration.
Note
You can also disable auto-configuration on a per-interface basis. This permits LDP to enable all IGP interfaces
except those that are explicitly disabled and prevents LDP from enabling an interface when LDP
auto-configuration is configured under IGP.
Related Topics
Enabling LDP Auto-Configuration for a Specified OSPF Instance, on page 42
Enabling LDP Auto-Configuration in an Area for a Specified OSPF Instance, on page 44
Disabling LDP Auto-Configuration, on page 46
Configuring LDP Auto-Configuration: Example, on page 59
LDP Nonstop Routing
LDP nonstop routing (NSR) functionality makes failures, such as Route Processor (RP) or Distributed Route
Processor (DRP) failover, invisible to routing peers with minimal to no disruption of convergence performance.
By default, NSR is globally enabled on all LDP sessions except AToM.
A disruption in service may include any of these events:
Route processor (RP) or distributed route processor (DRP) failover
LDP process restart
In-service system upgrade (ISSU)
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 13
Implementing MPLS Label Distribution Protocol
IGP Auto-configuration Minimum disruption restart (MDR)
Unlike graceful restart functionality, LDP NSR does not require protocol extensions and does not force
software upgrades on other routers in the network, nor does LDP NSR require peer routers to support
NSR.
L2VPN configuration is not supported on NSR.
Note
Process failures of active TCP or LDP results in session loss and, as a result, NSR cannot be provided unless
RP switchover is configured as a recovery action. For more information about how to configure switchover
as a recovery action for NSR, see the Configuring Transports module in Cisco ASR 9000 Series Aggregation
Services Router IP Addresses and Services Configuration Guide .
Related Topics
Configuring LDP Nonstop Routing, on page 48
IP LDP Fast Reroute Loop Free Alternate
The IP Fast Reroute is a mechanism that enables a router to rapidly switch traffic, after an adjacent link failure,
node failure, or both, towards a pre-programmed loop-free alternative (LFA) path. This LFA path is used to
switch traffic until the router installs a new primary next hop again, as computed for the changed network
topology.
The goal of LFA FRR is to reduce failure reaction time to 50 milliseconds by using a pre-computed alternate
next hop, in the event that the currently selected primary next hop fails, so that the alternate can be rapidly
used when the failure is detected.
This feature targets to address the fast convergence ability by detecting, computing, updating or enabling
prefix independent pre-computed alternate loop-free paths at the time of failure.
IGP pre-computes a backup path per IGP prefix. IGP selects one and only one backup path per primary path.
RIB installs the best path and download path protection information to FIB by providing correct annotation
for protected and protecting paths. FIB pre-installsthe backup path in dataplane. Upon the link or node failure,
the routing protocol detects the failure, all the backup paths of the impacted prefixes are enabled in a
prefix-independent manner.
Prerequisites
The Label Distribution Protocol (LDP) can use the loop-free alternates as long as these prerequisites are met:
The Label Switching Router (LSR) running LDP must distribute its labels for the Forwarding Equivalence
Classes (FECs) it can provide to all its neighbors, regardless of whether they are upstream, or not.
There are two approaches in computing LFAs:
Link-based (per-link)--In link-based LFAs, all prefixes reachable through the primary (protected) link
share the same backup information. This means that the whole set of prefixes, sharing the same primary,
also share the repair or fast reroute (FRR) ability. The per-link approach protects only the next hop
address. The per-link approach is suboptimal and not the best for capacity planning. This is because all
traffic is redirected to the next hop instead of being spread over multiple paths, which may lead to
potential congestion on link to the next hop. The per-link approach does not provide support for node
protection.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
14 OL-26056-02
Implementing MPLS Label Distribution Protocol
IP LDP Fast Reroute Loop Free Alternate Prefix-based (per-prefix)--Prefix-based LFAs allow computing backup information per prefix. It
protects the destination address. The per-prefix approach is the preferred approach due to its greater
applicability, and the greater protection and better bandwidth utilization that it offers.
The repair or backup information computed for a given prefix using prefix-based LFA
may be different from the computed by link-based LFA.
Note
The per-prefix LFA approach is preferred for LDP IP Fast Reroute LFA for these reasons:
Better node failure resistance
Better capacity planning and coverage
Features Not Supported
These interfaces and features are not supported for the IP LDP Fast Reroute Loop Free Alternate feature:
BVI interface (IRB) is not supported either as primary or backup path.
GRE tunnel is not supported either as primary or backup path.
Cisco ASR 9000 Series SPA Interface Processor-700 POS line card on Cisco ASR 9000 Series Router
is not supported as primary link. It can be used as LFA backup only on main interface.
In a multi-topology scenerio, the route in topology T can only use LFA within topology T. Hence, the
availability of a backup path depends on the topology.
For more information about configuring the IP Fast Reroute Loop-free alternate , see Implementing IS-IS on
Cisco IOS XR Software module of the Cisco ASR 9000 Series Aggregation Services Router Routing
Configuration Guide.
Related Topics
Configure IP LDP Fast Reroute Loop Free Alternate: Example, on page 59
Verify IP LDP Fast Reroute Loop Free Alternate: Example, on page 61
Downstream on Demand
This Downstream on demand feature adds support for downstream-on-demand mode, where the label is not
advertised to a peer, unlessthe peer explicitly requestsit. At the same time,since the peer does not automatically
advertise labels, the label request is sent whenever the next-hop points out to a peer that no remote label has
been assigned.
In order to enable downstream-on-demand mode, this configuration must be applied at mplsldp configuration
mode:
mpls ldp downstream-on-demand with ACL
The ACL contains a list of peer IDs that are configured for downstream-on-demand mode. When the ACL is
changed or configured, the list of established neighbors is traversed. If a session's downstream-on-demand
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 15
Implementing MPLS Label Distribution Protocol
Downstream on Demandconfiguration has changed, the session is reset in order that the new down-stream-on-demand mode can be
configured. The reason for resetting the session is to ensure that the labels are properly advertised between
the peers. When a new session is established, the ACL is verified to determine whether the session should
negotiate for downstream-on-demand mode. If the ACL does not exist or is empty, downstream-on-demand
mode is not configured for any neighbor.
For it to be enabled, the Downstream on demand feature has to be configured on both peers of the session. If
only one peer in the session has downstream-on-demand feature configured, then the session does not use
downstream-on-demand mode.
If, after, a label request is sent, and no remote label is received from the peer, the router will periodically
resend the label request. After the peer advertises a label after receiving the label request, it will automatically
readvertise the label if any label attribute changes subsequently.
Related Topics
Configuring LDP Downstream on Demand mode, on page 50
Explicit-Null and Implicit-Null Labels
Cisco MPLS LDP uses null label, implicit or explicit, as local label for routes or prefixes that terminate on
the given LSR. These routes include all local, connected, and attached networks. By default, the null label is
implicit-null that allows LDP control plane to implement penultimate hop popping (PHOP) mechanism.
When thisis not desirable, you can configure explicit-null that allows LDP control plane to implement ultimate
hop popping (UHOP) mechanism. You can configure this explicit-null feature on the ultimate hop LSR. This
configuration knob includes an access-list to specify the IP prefixes for which PHOP is desired.
This new enhancement allows you to configure implicit-null local label for non-egress (ultimate hop LSR)
prefixes by using the implicit-null-override command. This enforces implicit-null local label for a specific
prefix even if the prefix requires a non-null label to be allocated by default. For example, by default, an LSR
allocates and advertises a non-null label for an IGP route. If you wish to terminate LSP for this route on
penultimate hop of the LSR, you can enforce implicit-null label allocation and advertisement for this prefix
using implicit-null-override feature.
If a given prefix is permitted in both explicit-null and implicit-null-override feature, then
implicit-null-override supercedes and an implicit-null label is allocated and advertised for the prefix.
Note
In order to enable implicit-null-override mode, this configuration must be applied at MPLS LDP label
configuration mode:
mpls ldp
label
implicit-null-override for
!
This feature works with any prefix including static, IGP, and BGP, when specified in the ACL.
How to Implement MPLS LDP
A typical MPLS LDP deployment requires coordination among several global neighbor routers. Various
configuration tasks are required to implement MPLS LDP :
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
16 OL-26056-02
Implementing MPLS Label Distribution Protocol
Explicit-Null and Implicit-Null LabelsConfiguring LDP Discovery Parameters
Perform this task to configure LDP discovery parameters (which may be crucial for LDP operations).
Note The LDP discovery mechanism is used to discover or locate neighbor nodes.
SUMMARY STEPS
1. configure
2. mpls ldp
3. router-id { type number | ip-address }
4. discovery { hello | targeted-hello } holdtime seconds
5. discovery { hello | targeted-hello } interval seconds
6. Use one of the following commands:
end
commit
7. (Optional) show mpls ldp parameters
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls ldp
Step 2
Step 3 router-id { type number | ip-address } Specifies the router ID of the local node.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
router-id loopback 1
In Cisco IOS XR software, the router ID is specified as an
interface name or IP address. By default, LDP uses the global
router ID (configured by the global router ID process).
Specifies the time that a discovered neighbor is kept without receipt
of any subsequent hello messages. The default value for the seconds
discovery { hello | targeted-hello } holdtime
seconds
Step 4
argument is 15 seconds for link hello and 90 seconds for targeted
hello messages.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 17
Implementing MPLS Label Distribution Protocol
Configuring LDP Discovery ParametersCommand or Action Purpose
discovery hello holdtime 30
RP/0/RSP0/CPU0:router(config-ldp)#
discovery targeted-hello holdtime 180
Selects the period of time between the transmission of consecutive
hello messages. The default value for the seconds argument is 5
discovery { hello | targeted-hello } interval
seconds
Step 5
seconds for link hello messages and 10 seconds for targeted hello
messages.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
discovery hello interval 15
RP/0/RSP0/CPU0:router(config-ldp)#
discovery targeted-hello interval 20
Step 6 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
RP/0/RSP0/CPU0:router
(config-ldp)# end
or
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the
RP/0/RSP0/CPU0:router configuration changes.
(config-ldp)# commit
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
(Optional)
Displays all the current MPLS LDP parameters.
show mpls ldp parameters
Example:
Step 7
RP/0/RSP0/CPU0:router
# show mpls ldp parameters
Related Topics
LDP Control Plane, on page 3
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
18 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring LDP Discovery ParametersConfiguring LDP Discovery Over a Link
Perform this task to configure LDP discovery over a link.
Note There is no need to enable LDP globally.
Before You Begin
A stable router ID is required at either end of the link to ensure the link discovery (and session setup) is
successful. If you do not assign a router ID to the routers, the system will default to the global router ID.
Default router IDs are subject to change and may cause an unstable discovery.
SUMMARY STEPS
1. configure
2. mpls ldp
3. router-id ip-address
4. interface type interface-path-id
5. Use one of the following commands:
end
commit
6. (Optional) show mpls ldp discovery
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
ldp
Step 2
Step 3 router-id ip-address Specifies the router ID of the local node.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
router-id loopback 1
In Cisco IOS XR software, the router ID is specified as an interface
name or IP address. By default, LDP uses the global router ID
(configured by the global router ID process).
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 19
Implementing MPLS Label Distribution Protocol
Configuring LDP Discovery Over a LinkCommand or Action Purpose
Enters interface configuration mode for the LDP protocol. Interface type
must be Tunnel-TE.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
Step 4
interface tunnel-te 12001
RP/0/RSP0/CPU0:router(config-ldp-if)#
Step 5 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-ldp-if)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
or the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-ldp-if)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
(Optional)
Displays the status of the LDP discovery process. This command, without
an interface filter, generates a list of interfaces over which the LDP
show mpls ldp discovery
Example:
RP/0/RSP0/CPU0:router# show mpls ldp
discovery
Step 6
discovery process is running. The output information contains the state of
the link (xmt/rcv hellos), local LDP identifier, the discovered peers LDP
identifier, and holdtime values.
Related Topics
LDP Control Plane, on page 3
Configuring LDP Link: Example, on page 54
Configuring LDP Discovery for Active Targeted Hellos
Perform this task to configure LDP discovery for active targeted hellos.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
20 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring LDP Discovery for Active Targeted HellosNote The active side for targeted hellos initiates the unicast hello toward a specific destination.
Before You Begin
These prerequisites are required to configure LDP discovery for active targeted hellos:
Stable router ID is required at either end of the targeted session. If you do not assign a router ID to the
routers, the system will default to the global router ID. Please note that default router IDs are subject to
change and may cause an unstable discovery.
One or more MPLS Traffic Engineering tunnels are established between non-directly connected LSRs.
SUMMARY STEPS
1. configure
2. mpls ldp
3. router-id ip-address
4. interface type interface-path-id
5. Use one of the following commands:
end
commit
6. (Optional) show mpls ldp discovery
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
ldp
Step 2
Step 3 router-id ip-address Specifies the router ID of the local node.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
router-id loopback 1
In Cisco IOS XR software, the router ID is specified as an interface name
or IP address. By default, LDP uses the global router ID (configured by
global router ID process).
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 21
Implementing MPLS Label Distribution Protocol
Configuring LDP Discovery for Active Targeted HellosCommand or Action Purpose
interface type interface-path-id Enters interface configuration mode for the LDP protocol.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
interface tunnel-te 12001
Step 4
Step 5 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ldp)#
commit
? Entering no exitsthe configuration session and returnsthe router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
(Optional)
Displays the status of the LDP discovery process. This command, without
an interface filter, generates a list of interfaces over which the LDP
show mpls ldp discovery
Example:
RP/0/RSP0/CPU0:router# show mpls ldp
discovery
Step 6
discovery process is running. The output information contains the state of
the link (xmt/rcv hellos), local LDP identifier, the discovered peers LDP
identifier, and holdtime values.
Related Topics
LDP Control Plane, on page 3
Configuring LDP Discovery for Targeted Hellos: Example, on page 55
Configuring LDP Discovery for Passive Targeted Hellos
Perform this task to configure LDP discovery for passive targeted hellos.
A passive side for targeted hello is the destination router (tunnel tail), which passively waits for an incoming
hello message. Because targeted hellos are unicast, the passive side waits for an incoming hello message to
respond with hello toward its discovered neighbor.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
22 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring LDP Discovery for Passive Targeted HellosBefore You Begin
Stable router ID is required at either end of the link to ensure that the link discovery (and session setup) is
successful. If you do not assign a router ID to the routers, the system defaults to the global router ID. Default
router IDs are subject to change and may cause an unstable discovery.
SUMMARY STEPS
1. configure
2. mpls ldp
3. router-id ip-address
4. discovery targeted-hello accept
5. Use one of the following commands:
end
commit
6. (Optional) show mpls ldp discovery
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
ldp
Step 2
Step 3 router-id ip-address Specifies the router ID of the local node.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
router-id loopback 1
In Cisco IOS XR software, the router ID is specified as an interface
name or IP address. By default, LDP uses the global router ID
(configured by global router ID process).
Directs the system to accept targeted hello messages from any source and
activates passive mode on the LSR for targeted hello acceptance.
discovery targeted-hello accept
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
discovery targeted-hello accept
Step 4
This command is executed on the receiver node (with respect to a given
MPLS TE tunnel).
You can control the targeted-hello acceptance using the discovery
targeted-hello accept command.
Step 5 Use one of the following commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 23
Implementing MPLS Label Distribution Protocol
Configuring LDP Discovery for Passive Targeted HellosCommand or Action Purpose
When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
end
commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the
router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ldp)#
commit
? Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
(Optional)
Displays the status of the LDP discovery process. This command, without an
interface filter, generates a list of interfaces over which the LDP discovery
show mpls ldp discovery
Example:
RP/0/RSP0/CPU0:router# show mpls ldp
discovery
Step 6
process is running. The output information contains the state of the link
(xmt/rcv hellos), local LDP identifier, the discovered peers LDP identifier,
and holdtime values.
Related Topics
LDP Control Plane, on page 3
Configuring LDP Discovery for Targeted Hellos: Example, on page 55
Configuring Label Advertisement Control (Outbound Filtering)
Perform this task to configure label advertisement (outbound filtering).
By default, a label switched router (LSR) advertises all incoming label prefixes to each neighboring router.
You can control the exchange of label binding information using the mpls ldp label advertise command.
Using the optional keywords, you can advertise selective prefixesto all neighbors, advertise selective prefixes
to defined neighbors, or disable label advertisement to all peers for all prefixes.
Note Prefixes and peers advertised selectively are defined in the access list.
Before You Begin
Before configuring label advertisement, enable LDP and configure an access list.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
24 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring Label Advertisement Control (Outbound Filtering)SUMMARY STEPS
1. configure
2. mpls ldp
3. label advertise { disable | for prefix-acl [ to peer-acl ] | interface type interface-path-id }
4. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls ldp
Step 2
label advertise { disable | for prefix-acl [ Configureslabel advertisement by specifying one of the following options:
to peer-acl ] | interface type
interface-path-id }
Step 3
disable
Disables label advertisement to all peers for all prefixes (if there
Example: are no other conflicting rules).
RP/0/RSP0/CPU0:router(config-ldp)# label
interface
advertise interface POS 0/1/0/0
RP/0/RSP0/CPU0:router(config-ldp)# for
pfx_acl1 to peer_acl1
Specifies an interface for label advertisement of an interface address.
for prefix-acl
to peer-acl
Specifies neighbors to advertise and receive label advertisements.
Step 4 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 25
Implementing MPLS Label Distribution Protocol
Configuring Label Advertisement Control (Outbound Filtering)Command or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
or
RP/0/RSP0/CPU0:router(config-ldp)#
commit
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Related Topics
Label Advertisement Control (Outbound Filtering), on page 10
Configuring Label Advertisement (Outbound Filtering): Example, on page 55
Setting Up LDP Neighbors
Perform this task to set up LDP neighbors.
Before You Begin
Stable router ID isrequired at either end of the link to ensure the link discovery (and session setup) issuccessful.
If you do not assign a router ID to the routers, the system will default to the global router ID. Default router
IDs are subject to change and may cause an unstable discovery.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
26 OL-26056-02
Implementing MPLS Label Distribution Protocol
Setting Up LDP NeighborsSUMMARY STEPS
1. configure
2. mpls ldp
3. interface type interface-path-id
4. discovery transport-address [ ip-address | interface ]
5. exit
6. holdtime seconds
7. neighbor ip-address password [ encryption ] password
8. backoff initial maximum
9. Use one of the following commands:
end
commit
10. (Optional) show mpls ldp neighbor
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls ldp
Step 2
interface type interface-path-id Enters interface configuration mode for the LDP protocol.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
interface POS 0/1/0/0
Step 3
discovery transport-address [ ip-address | Provides an alternative transport address for a TCP connection.
interface ]
Step 4
Default transport address advertised by an LSR (for TCP
connections) to its peer is the router ID.
Example:
RP/0/RSP0/CPU0:router(config-ldp-if)#
discovery transport-address 192.168.1.42
Transport address configuration is applied for a given
LDP-enabled interface.
or
RP/0/RSP0/CPU0:router(config-ldp)#
discovery transport-address interface
If the interface version of the command is used, the configured
IP address of the interface is passed to its neighbors as the
transport address.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 27
Implementing MPLS Label Distribution Protocol
Setting Up LDP NeighborsCommand or Action Purpose
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-ldp-if)# exit
Step 5
Changes the time for which an LDP session is maintained in the
absence of LDP messages from the peer.
holdtime seconds
Example:
RP/0/RSP0/CPU0:router(config-ldp)# holdtime
30
Step 6
Outgoing keepalive interval is adjusted accordingly (to make
three keepalives in a given holdtime) with a change in session
holdtime value.
Session holdtime is also exchanged when the session is
established.
In this example holdtime is set to 30 seconds, which causes the
peer session to timeout in 30 seconds, as well as transmitting
outgoing keepalive messages toward the peer every 10 seconds.
Configures password authentication (using the TCP MD5 option) for
a given neighbor.
neighbor ip-address password [ encryption ]
password
Example:
RP/0/RSP0/CPU0:router(config-ldp)# neighbor
192.168.2.44 password secretpasswd
Step 7
Configures the parameters for the LDP backoff mechanism. The LDP
backoff mechanism preventstwo incompatibly configured LSRsfrom
backoff initial maximum
Example:
RP/0/RSP0/CPU0:router(config-ldp)# backoff
10 20
Step 8
engaging in an unthrottled sequence of session setup failures. If a
session setup attempt fails due to such incompatibility, each LSR
delays its next attempt (backs off), increasing the delay exponentially
with each successive failure until the maximum backoff delay is
reached.
Step 9 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ldp)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
28 OL-26056-02
Implementing MPLS Label Distribution Protocol
Setting Up LDP NeighborsCommand or Action Purpose
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
(Optional)
Displays the status of the LDP session with its neighbors. This
command can be run with various filters as well as with the brief
option.
show mpls ldp neighbor
Example:
RP/0/RSP0/CPU0:router# show mpls ldp
neighbor
Step 10
Related Topics
Configuring LDP Neighbors: Example, on page 56
Setting Up LDP Forwarding
Perform this task to set up LDP forwarding.
By default, the LDP control plane implements the penultimate hop popping (PHOP) mechanism. The PHOP
mechanism requires that label switched routers use the implicit-null label as a local label for the given
Forwarding Equivalence Class (FEC) for which LSR is the penultimate hop. Although PHOP has certain
advantages, it may be required to extend LSP up to the ultimate hop under certain circumstances(for example,
to propagate MPL QoS). This is done using a special local label (explicit-null) advertised to the peers after
which the peers use this label when forwarding traffic toward the ultimate hop (egress LSR).
Before You Begin
Stable router ID isrequired at either end of the link to ensure the link discovery (and session setup) issuccessful.
If you do not assign a router ID to the routers, the system will default to the global router ID. Default router
IDs are subject to change and may cause an unstable discovery.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 29
Implementing MPLS Label Distribution Protocol
Setting Up LDP ForwardingSUMMARY STEPS
1. configure
2. mpls ldp
3. explicit-null
4. Use one of the following commands:
end
commit
5. (Optional) show mpls ldp forwarding
6. (Optional) show mpls forwarding
7. (Optional) ping ip-address
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
ldp
Step 2
Causes a router to advertise an explicit null label in situations where it
normally advertises an implicit null label (for example, to enable an
ultimate-hop disposition instead of PHOP).
explicit-null
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
explicit-null
Step 3
Step 4 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
RP/0/RSP0/CPU0:router(config-ldp)#
commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
30 OL-26056-02
Implementing MPLS Label Distribution Protocol
Setting Up LDP ForwardingCommand or Action Purpose
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
(Optional)
Displays the MPLS LDP view of installed forwarding states (rewrites).
show mpls ldp forwarding
Example:
RP/0/RSP0/CPU0:router# show mpls ldp
forwarding
Step 5
(Optional)
Displays a global view of all MPLS installed forwarding states (rewrites)
by various applications (LDP, TE, and static).
show mpls forwarding
Example:
RP/0/RSP0/CPU0:router# show mpls
forwarding
Step 6
(Optional)
Checks for connectivity to a particular IP address (going through MPLS
LSP as shown in the show mpls forwarding command).
ping ip-address
Example:
RP/0/RSP0/CPU0:router# ping
192.168.2.55
Step 7
Related Topics
LDP Forwarding, on page 5
Configuring LDP Forwarding: Example, on page 56
Setting Up LDP NSF Using Graceful Restart
Perform this task to set up NSF using LDP graceful restart.
LDP graceful restart is a way to enable NSF for LDP. The correct way to set up NSF using LDP graceful
restart is to bring up LDP neighbors (link or targeted) with additional configuration related to graceful restart.
Before You Begin
Stable router ID isrequired at either end of the link to ensure the link discovery (and session setup) issuccessful.
If you do not assign a router ID to the routers, the system will default to the global router ID. Default router
IDs are subject to change and may cause an unstable discovery.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 31
Implementing MPLS Label Distribution Protocol
Setting Up LDP NSF Using Graceful RestartSUMMARY STEPS
1. configure
2. mpls ldp
3. interface type interface-path-id
4. exit
5. graceful-restart
6. graceful-restart forwarding-state-holdtime seconds
7. graceful-restart reconnect-timeout seconds
8. Use one of the following commands:
end
commit
9. (Optional) show mpls ldp parameters
10. (Optional) show mpls ldp neighbor
11. (Optional) show mpls ldp graceful-restart
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls ldp
Step 2
interface type interface-path-id Enters interface configuration mode for the LDP protocol.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
Step 3
interface POS 0/1/0/0
RP/0/RSP0/CPU0:router(config-ldp-if)#
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-ldp-if)# exit
Step 4
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
32 OL-26056-02
Implementing MPLS Label Distribution Protocol
Setting Up LDP NSF Using Graceful RestartCommand or Action Purpose
graceful-restart Enables the LDP graceful restart feature.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
graceful-restart
Step 5
Specifies the length of time that forwarding can keep LDP-installed
forwarding states and rewrites, and specifies wh en the LDP control
plane restarts.
graceful-restart forwarding-state-holdtime
seconds
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
Step 6
After restart of the control plane, when the forwarding state
holdtime expires, any previously installed LDP forwarding
state or rewrite that is not yet refreshed is deleted from the
forwarding.
graceful-restart forwarding-state-holdtime
180
Recovery time sent after restart is computed as the current
remaining value of the forwarding state hold timer.
Specifies the length of time a neighbor waits before restarting the
node to reconnect before declaring an earlier graceful restart session
graceful-restart reconnect-timeout seconds
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
graceful-restart reconnect-timeout 169
Step 7
as down. This command is used to start a timer on the peer (upon a
neighbor restart). Thistimer isreferred to as Neighbor Livenesstimer.
Step 8 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ldp)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 33
Implementing MPLS Label Distribution Protocol
Setting Up LDP NSF Using Graceful RestartCommand or Action Purpose
(Optional)
Displays all the current MPLS LDP parameters.
show mpls ldp parameters
Example:
RP/0/RSP0/CPU0:router# show mpls ldp
parameters
Step 9
(Optional)
Displays the status of the LDP session with its neighbors. This
command can be run with various filters as well as with the brief
option.
show mpls ldp neighbor
Example:
RP/0/RSP0/CPU0:router# show mpls ldp
neighbor
Step 10
(Optional)
Displays the status of the LDP graceful restart feature. The output
of this command not only shows states of different graceful restart
show mpls ldp graceful-restart
Example:
RP/0/RSP0/CPU0:router# show mpls ldp
graceful-restart
Step 11
timers, but also a list of graceful restart neighbors, their state, and
reconnect count.
Related Topics
LDP Graceful Restart, on page 6
Phases in Graceful Restart, on page 8
Recovery with Graceful-Restart, on page 9
Configuring LDP Nonstop Forwarding with Graceful Restart: Example, on page 56
Configuring Label Acceptance Control (Inbound Filtering)
Perform this task to configure LDP inbound label filtering.
By default, there is no inbound label filtering performed by LDP and thus an LSR accepts (and retains)
all remote label bindings from all peers.
Note
SUMMARY STEPS
1. configure
2. mpls ldp
3. label accept for prefix-acl from ip-address
4. Use one of the following commands:
end
commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
34 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring Label Acceptance Control (Inbound Filtering)DETAILED STEPS
Command or Action Purpose
configure Enters the configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters the MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls ldp
Step 2
Configuresinbound label acceptance for prefixesspecified by prefix-acl
from neighbor (as specified by its IP address).
label accept for prefix-acl from ip-address
Example:
RP/0/RSP0/CPU0:router(config-ldp)# label
Step 3
accept for pfx_acl_1 from 192.168.1.1
RP/0/RSP0/CPU0:router(config-ldp)# label
accept for pfx_acl_2 from 192.168.2.2
Step 4 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ldp)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Related Topics
Label Acceptance Control (Inbound Filtering), on page 10
Configuring Label Acceptance (Inbound Filtering): Example, on page 57
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 35
Implementing MPLS Label Distribution Protocol
Configuring Label Acceptance Control (Inbound Filtering)Configuring Local Label Allocation Control
Perform this task to configure label allocation control.
Note By default, local label allocation control is disabled and all non-BGP prefixes are assigned local labels.
SUMMARY STEPS
1. configure
2. mpls ldp
3. label allocate for prefix-acl
4. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters the configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters the MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls ldp
Step 2
label allocate for prefix-acl Configures label allocation control for prefixes as specified by prefix-acl.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
label allocate for pfx_acl_1
Step 3
Step 4 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
36 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring Local Label Allocation ControlCommand or Action Purpose
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ldp)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Related Topics
Local Label Allocation Control, on page 11
Configuring Local Label Allocation Control: Example, on page 57
Configuring Session Protection
Perform this task to configure LDP session protection.
By default, there is no protection is done for link sessions by means of targeted hellos.
SUMMARY STEPS
1. configure
2. mpls ldp
3. session protection [ for peer-acl ] [ duration seconds ]
4. Use one of the following commands:
end
commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 37
Implementing MPLS Label Distribution Protocol
Configuring Session ProtectionDETAILED STEPS
Command or Action Purpose
configure Enters the configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters the MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls ldp
Step 2
Configures LDP session protection for peers specified by peer-acl with
a maximum duration, in seconds.
session protection [ for peer-acl ] [ duration
seconds ]
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
Step 3
session protection for peer_acl_1
duration 60
Step 4 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ldp)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Related Topics
Session Protection, on page 11
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
38 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring Session ProtectionConfiguring LDP Session Protection: Example, on page 58
Configuring LDP IGP Synchronization: OSPF
Perform this task to configure LDP IGP Synchronization under OSPF.
Note By default, there is no synchronization between LDP and IGPs.
SUMMARY STEPS
1. configure
2. router ospf process-name
3. Use one of the following commands:
mpls ldp sync
area area-id mpls ldp sync
area area-id interface name mpls ldp sync
4. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Identifies the OSPF routing process and enters OSPF configuration
mode.
router ospf process-name
Example:
RP/0/RSP0/CPU0:router(config)# router ospf
100
Step 2
Step 3 Use one of the following commands: Enables LDP IGP synchronization on an interface.
mpls ldp sync
area area-id mpls ldp sync
area area-id interface name mpls ldp sync
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 39
Implementing MPLS Label Distribution Protocol
Configuring LDP IGP Synchronization: OSPFCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-ospf)# mpls
ldp sync
Step 4 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-ospf)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ospf)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
IGP Synchronization, on page 12
Configuring LDP IGP SynchronizationOSPF: Example, on page 58
Configuring LDP IGP Synchronization: ISIS
Perform this task to configure LDP IGP Synchronization under ISIS.
Note By default, there is no synchronization between LDP and ISIS.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
40 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring LDP IGP Synchronization: ISISSUMMARY STEPS
1. configure
2. router isis instance-id
3. interface type interface-path-id
4. address-family ipv4 unicast
5. mpls ldp sync
6. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enables the Intermediate System-to-Intermediate System (IS-IS)
routing protocol and defines an IS-IS instance.
router isis instance-id
Example:
RP/0/RSP0/CPU0:router(config)# router isis
Step 2
100
RP/0/RSP0/CPU0:router(config-isis)#
Configures the IS-IS protocol on an interface and enters ISIS
interface configuration mode.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-isis)#
Step 3
interface POS 0/2/0/0
RP/0/RSP0/CPU0:router(config-isis-if)#
Enters address family configuration mode for configuring IS-IS
routing for a standard IP Version 4 (IPv4) address prefix.
address-family ipv4 unicast
Example:
RP/0/RSP0/CPU0:router(config-isis-if)#
Step 4
address-family ipv4 unicast
RP/0/RSP0/CPU0:router(config-isis-if-af)#
mpls ldp sync Enables LDP IGP synchronization.
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)#
mpls ldp sync
Step 5
Step 6 Use one of the following commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 41
Implementing MPLS Label Distribution Protocol
Configuring LDP IGP Synchronization: ISISCommand or Action Purpose
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
end
commit
Example:
RP/0/RSP0/CPU0:router(config-isis-if-af)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-if-af)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
IGP Synchronization, on page 12
Configuring LDP IGP SynchronizationISIS: Example, on page 58
Enabling LDP Auto-Configuration for a Specified OSPF Instance
Perform this task to enable IGP auto-configuration globally for a specified OSPF process name.
You can disable auto-configuration on a per-interface basis. This lets LDP enable all IGP interfaces except
those that are explicitly disabled.
Note This feature is supported for IPv4 unicast family in default VRF only.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
42 OL-26056-02
Implementing MPLS Label Distribution Protocol
Enabling LDP Auto-Configuration for a Specified OSPF InstanceSUMMARY STEPS
1. configure
2. router ospf process-name
3. mpls ldp auto-config
4. area area-id
5. interface type interface-path-id
6. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters a uniquely identifiable OSPF routing process. The process name
is any alphanumeric string no longer than 40 characters withoutspaces.
router ospf process-name
Example:
RP/0/RSP0/CPU0:router(config)# router ospf
Step 2
190
RP/0/RSP0/CPU0:router(config-ospf)#
mpls ldp auto-config Enables LDP auto-configuration.
Example:
RP/0/RSP0/CPU0:router(config-ospf)# mpls
ldp auto-config
Step 3
Step 4 area area-id Configures an OSPF area and identifier.
Example:
RP/0/RSP0/CPU0:router(config-ospf)# area
8
area-id
Either a decimal value or an IP address.
Step 5 interface type interface-path-id Enables LDP auto-configuration on the specified interface.
Example:
RP/0/RSP0/CPU0:router(config-ospf-ar)#
interface pos 0/6/0/0
LDP configurable limit for maximum number of interfaces
does not apply to IGP auto-configuration interfaces.
Note
Step 6 Use one of the following commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 43
Implementing MPLS Label Distribution Protocol
Enabling LDP Auto-Configuration for a Specified OSPF InstanceCommand or Action Purpose
When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
end
commit
Example:
RP/0/RSP0/CPU0:router(config-ospf-ar-if)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ospf-ar-if)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
IGP Auto-configuration, on page 13
Configuring LDP Auto-Configuration: Example, on page 59
Disabling LDP Auto-Configuration, on page 46
Enabling LDP Auto-Configuration in an Area for a Specified OSPF Instance
Perform this task to enable IGP auto-configuration in a defined area with a specified OSPF process name.
You can disable auto-configuration on a per-interface basis. This lets LDP enable all IGP interfaces except
those that are explicitly disabled.
Note This feature is supported for IPv4 unicast family in default VRF only.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
44 OL-26056-02
Implementing MPLS Label Distribution Protocol
Enabling LDP Auto-Configuration in an Area for a Specified OSPF InstanceSUMMARY STEPS
1. configure
2. router ospf process-name
3. area area-id
4. mpls ldp auto-config
5. interface type interface-path-id
6. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters a uniquely identifiable OSPF routing process. The process
name is any alphanumeric string no longer than 40 characters without
spaces.
router ospf process-name
Example:
RP/0/RSP0/CPU0:router(config)# router ospf
Step 2
100
RP/0/RSP0/CPU0:router(config-ospf)#
Step 3 area area-id Configures an OSPF area and identifier.
Example:
RP/0/RSP0/CPU0:router(config-ospf)# area
area-id
Either a decimal value or an IP address.
8
RP/0/RSP0/CPU0:router(config-ospf-ar)#
mpls ldp auto-config Enables LDP auto-configuration.
Example:
RP/0/RSP0/CPU0:router(config-ospf-ar)#
mpls ldp auto-config
Step 4
Enables LDP auto-configuration on the specified interface. The LDP
configurable limit for maximum number of interfaces does not apply
to IGP auto-config interfaces.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-ospf-ar)#
Step 5
interface pos 0/6/0/0
RP/0/RSP0/CPU0:router(config-ospf-ar-if)
Step 6 Use one of the following commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 45
Implementing MPLS Label Distribution Protocol
Enabling LDP Auto-Configuration in an Area for a Specified OSPF InstanceCommand or Action Purpose
When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
end
commit
Example:
RP/0/RSP0/CPU0:router(config-ospf-ar-if)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ospf-ar-if)#
commit
? Entering no exits the configuration session and returnsthe
router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
IGP Auto-configuration, on page 13
Configuring LDP Auto-Configuration: Example, on page 59
Disabling LDP Auto-Configuration, on page 46
Disabling LDP Auto-Configuration
Perform this task to disable IGP auto-configuration.
You can disable auto-configuration on a per-interface basis. This lets LDP enable all IGP interfaces except
those that are explicitly disabled.
SUMMARY STEPS
1. configure
2. mpls ldp
3. interface type interface-path-id
4. igp auto-config disable
5. Use one of the following commands:
end
commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
46 OL-26056-02
Implementing MPLS Label Distribution Protocol
Disabling LDP Auto-ConfigurationDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters the MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls ldp
RP/0/RSP0/CPU0:router(config-ldp)#
Step 2
interface type interface-path-id Enters interface configuration mode and configures an interface.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
interface pos 0/6/0/0
Step 3
igp auto-config disable Disables auto-configuration on the specified interface.
Example:
RP/0/RSP0/CPU0:router(config-ldp-if)# igp
auto-config disable
Step 4
Step 5 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-ldp-if)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ldp-if)#
commit
? Entering no exitsthe configuration session and returnsthe
router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 47
Implementing MPLS Label Distribution Protocol
Disabling LDP Auto-ConfigurationRelated Topics
IGP Auto-configuration, on page 13
Configuring LDP Auto-Configuration: Example, on page 59
Configuring LDP Nonstop Routing
Perform this task to configure LDP NSR.
Note By default, NSR is globally-enabled on all LDP sessions except AToM.
SUMMARY STEPS
1. configure
2. mpls ldp
3. nsr
4. Use one of the following commands:
end
commit
5. show mpls ldp nsr statistics
6. show mpls ldp nsr summary
7. show mpls ldp nsr pending
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters the MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls ldp
Step 2
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
48 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring LDP Nonstop RoutingCommand or Action Purpose
nsr Enables LDP nonstop routing.
Example:
RP/0/RSP0/CPU0:router(config-ldp)# nsr
Step 3
Step 4 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ldp)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
show mpls ldp nsr statistics Displays MPLS LDP NSR statistics.
Example:
RP/0/RSP0/CPU0:router# show mpls ldp nsr
statistics
Step 5
show mpls ldp nsr summary Displays MPLS LDP NSR summarized information.
Example:
RP/0/RSP0/CPU0:router# show mpls ldp nsr
summary
Step 6
show mpls ldp nsr pending Displays MPLS LDP NSR pending information.
Example:
RP/0/RSP0/CPU0:router# show mpls ldp nsr
pending
Step 7
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 49
Implementing MPLS Label Distribution Protocol
Configuring LDP Nonstop RoutingRelated Topics
LDP Nonstop Routing, on page 13
Configuring LDP Downstream on Demand mode
SUMMARY STEPS
1. configure
2. mpls ldp
3. downstream-on-demand
4. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
ldp
Step 2
Enters downstream on demand label advertisement mode. The ACL contains
the list of peer IDs that are configured for downstream-on-demand mode.
downstream-on-demand
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
Step 3
When the ACL is changed or configured, the list of established neighbor is
traversed.
downstream-on-demand with access-list
Step 4 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
end
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
50 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring LDP Downstream on Demand modeCommand or Action Purpose
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ldp)#
commit
? Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Related Topics
Downstream on Demand, on page 15
Redistributing MPLS LDP Routes into BGP
Perform this task to redistribute Border Gateway Protocol (BGP) autonomous system into an MPLS LDP.
SUMMARY STEPS
1. configure
2. mpls ldp
3. redistribute bgp
4. Use one of these commands:
end
commit
5. show run mpls ldp
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 51
Implementing MPLS Label Distribution Protocol
Redistributing MPLS LDP Routes into BGPCommand or Action Purpose
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(conf)# mpls
Step 2
ldp
Step 3 redistribute bgp Allows the redistribution of BGP routes into an MPLS LDP processes.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
Autonomoussystem numbers(ASNs) are globally unique identifiers
used to identify autonomous systems (ASs) and enable ASs to
exchange exterior routing information between neighboring ASs.
A unique ASN is allocated to each AS for use in BGP routing. ASNs
are encoded as 2-byte numbers and 4-byte numbers in BGP.
Note
redistribute bgp {advertise-to
access-list | as}
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the
router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)#
commit
? Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
show run mpls ldp Displays information about the redistributed route information.
Example:
RP/0/RSP0/CPU0:router# show run mpls
Step 5
ldp
Setting Up Implicit-Null-Override Label
Perform this task to configure implicit-null label for non-egress prefixes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
52 OL-26056-02
Implementing MPLS Label Distribution Protocol
Setting Up Implicit-Null-Override LabelSUMMARY STEPS
1. configure
2. mpls ldp
3. label
4. implicit-null-override for access-list
5. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
ldp
Step 2
label Configures the allocation, advertisement ,and acceptance of labels.
Example:
RP/0/RSP0/CPU0:router(config-ldp)#
label
Step 3
Step 4 implicit-null-override for access-list Configures implicit-null local label for non-egress prefixes.
Example:
RP/0/RSP0/CPU0:router(config-ldp-lbl)#
implicit-null-override for 70
This feature works with any prefix including static, IGP, and
BGP, when specified in the ACL.
Note
Step 5 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-ldp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 53
Implementing MPLS Label Distribution Protocol
Setting Up Implicit-Null-Override LabelCommand or Action Purpose
or
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
RP/0/RSP0/CPU0:router(config-ldp)#
commit ? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuration Examples for Implementing MPLS LDP
These configuration examples are provided to implement LDP:
Configuring LDP with Graceful Restart: Example
The example shows how to enable LDP with graceful restart on the POS interface 0/2/0/0.
mpls ldp
graceful-restart
interface pos0/2/0/0
!
Configuring LDP Discovery: Example
The example shows how to configure LDP discovery parameters.
mpls ldp
router-id loopback0
discovery hello holdtime 15
discovery hello interval 5
!
show mpls ldp parameters
show mpls ldp discovery
Configuring LDP Link: Example
The example shows how to configure LDP link parameters.
mpls ldp
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
54 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuration Examples for Implementing MPLS LDPinterface pos 0/1/0/0
!
!
show mpls ldp discovery
Related Topics
Configuring LDP Discovery Over a Link, on page 19
LDP Control Plane, on page 3
Configuring LDP Discovery for Targeted Hellos: Example
The examples show how to configure LDP Discovery to accept targeted hello messages.
Active (tunnel head)
mpls ldp
router-id loopback0
interface tunnel-te 12001
!
!
Passive (tunnel tail)
mpls ldp
router-id loopback0
discovery targeted-hello accept
!
Related Topics
Configuring LDP Discovery for Active Targeted Hellos, on page 20
Configuring LDP Discovery for Passive Targeted Hellos, on page 22
LDP Control Plane, on page 3
Configuring Label Advertisement (Outbound Filtering): Example
The example shows how to configure LDP label advertisement control.
mpls ldp
label
advertise
disable
for pfx_acl_1 to peer_acl_1
for pfx_acl_2 to peer_acl_2
for pfx_acl_3
interface POS 0/1/0/0
interface POS 0/2/0/0
!
!
!
ipv4 access-list pfx_acl_1
10 permit ip host 1.0.0.0 any
!
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 55
Implementing MPLS Label Distribution Protocol
Configuring LDP Discovery for Targeted Hellos: Exampleipv4 access-list pfx_acl_2
10 permit ip host 2.0.0.0 any
!
ipv4 access-list peer_acl_1
10 permit ip host 1.1.1.1 any
20 permit ip host 1.1.1.2 any
!
ipv4 access-list peer_acl_2
10 permit ip host 2.2.2.2 any
!
show mpls ldp binding
Related Topics
Configuring Label Advertisement Control (Outbound Filtering), on page 24
Label Advertisement Control (Outbound Filtering), on page 10
Configuring LDP Neighbors: Example
The example shows how to disable label advertisement.
mpls ldp
router-id Loopback0
neighbor 1.1.1.1 password encrypted 110A1016141E
neighbor 2.2.2.2 implicit-withdraw
!
Related Topics
Setting Up LDP Neighbors, on page 26
Configuring LDP Forwarding: Example
The example shows how to configure LDP forwarding.
mpls ldp
explicit-null
!
show mpls ldp forwarding
show mpls forwarding
Related Topics
Setting Up LDP Forwarding, on page 29
LDP Forwarding, on page 5
Configuring LDP Nonstop Forwarding with Graceful Restart: Example
The example shows how to configure LDP nonstop forwarding with graceful restart.
mpls ldp
log
graceful-restart
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
56 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring LDP Neighbors: Example!
graceful-restart
graceful-restart forwarding state-holdtime 180
graceful-restart reconnect-timeout 15
interface pos0/1/0/0
!
show mpls ldp graceful-restart
show mpls ldp neighbor gr
show mpls ldp forwarding
show mpls forwarding
Related Topics
Setting Up LDP NSF Using Graceful Restart, on page 31
LDP Graceful Restart, on page 6
Phases in Graceful Restart, on page 8
Recovery with Graceful-Restart, on page 9
Configuring Label Acceptance (Inbound Filtering): Example
The example shows how to configure inbound label filtering.
mpls ldp
label
accept
for pfx_acl_2 from 192.168.2.2
!
!
!
Related Topics
Configuring Label Acceptance Control (Inbound Filtering), on page 34
Label Acceptance Control (Inbound Filtering), on page 10
Configuring Local Label Allocation Control: Example
The example shows how to configure local label allocation control.
mpls ldp
label
allocate for pfx_acl_1
!
!
Related Topics
Configuring Local Label Allocation Control, on page 36
Local Label Allocation Control, on page 11
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 57
Implementing MPLS Label Distribution Protocol
Configuring Label Acceptance (Inbound Filtering): ExampleConfiguring LDP Session Protection: Example
The example shows how to configure session protection.
mpls ldp
session protection duration 60 for peer_acl_1
!
Related Topics
Configuring Session Protection, on page 37
Session Protection, on page 11
Configuring LDP IGP SynchronizationOSPF: Example
The example shows how to configure LDP IGP synchronization for OSPF.
router ospf 100
mpls ldp sync
!
mpls ldp
igp sync delay 30
!
Related Topics
Configuring LDP IGP Synchronization: OSPF, on page 39
IGP Synchronization, on page 12
Configuring LDP IGP SynchronizationISIS: Example
The example shows how to configure LDP IGP synchronization.
router isis 100
interface POS 0/2/0/0
address-family ipv4 unicast
mpls ldp sync
!
!
!
mpls ldp
igp sync delay 30
!
Related Topics
Configuring LDP IGP Synchronization: ISIS, on page 40
IGP Synchronization, on page 12
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
58 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configuring LDP Session Protection: ExampleConfiguring LDP Auto-Configuration: Example
The example shows how to configure the IGP auto-configuration feature globally for a specific OSPF interface
ID.
router ospf 100
mpls ldp auto-config
area 0
interface pos 1/1/1/1
The example shows how to configure the IGP auto-configuration feature on a given area for a given OSPF
interface ID.
router ospf 100
area 0
mpls ldp auto-config
interface pos 1/1/1/1
Related Topics
Enabling LDP Auto-Configuration for a Specified OSPF Instance, on page 42
Enabling LDP Auto-Configuration in an Area for a Specified OSPF Instance, on page 44
Disabling LDP Auto-Configuration, on page 46
IGP Auto-configuration, on page 13
Configure IP LDP Fast Reroute Loop Free Alternate: Example
The following examples show how to configure the IP LDP FRR LFA on the router.
The following example shows how to configure LFA FRR with default tie-break configuration:
router isis TEST
net 49.0001.0000.0000.0001.00
address-family ipv4 unicast
metric-style wide
interface GigabitEthernet0/6/0/13
point-to-point
address-family ipv4 unicast
fast-reroute per-prefix
# primary path GigabitEthernet0/6/0/13 will exclude the interface
# GigabitEthernet0/6/0/33 in LFA backup path computation.
fast-reroute per-prefix exclude interface GigabitEthernet0/6/0/33
!
interface GigabitEthernet0/6/0/23
point-to-point
address-family ipv4 unicast
!
interface GigabitEthernet0/6/0/24
point-to-point
address-family ipv4 unicast
!
interface GigabitEthernet0/6/0/33
point-to-point
address-family ipv4 unicast
!
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 59
Implementing MPLS Label Distribution Protocol
Configuring LDP Auto-Configuration: ExampleThe following example shows how to configure TE tunnel as LFA backup:
router isis TEST
net 49.0001.0000.0000.0001.00
address-family ipv4 unicast
metric-style wide
interface GigabitEthernet0/6/0/13
point-to-point
address-family ipv4 unicast
fast-reroute per-prefix
# primary path GigabitEthernet0/6/0/13 will exclude the interface
# GigabitEthernet0/6/0/33 in LFA backup path computation. TE tunnel 1001
# is using the link GigabitEthernet0/6/0/33.
fast-reroute per-prefix exclude interface GigabitEthernet0/6/0/33
fast-reroute per-prefix lfa-candidate interface tunnel-te1001
!
interface GigabitEthernet0/6/0/33
point-to-point
address-family ipv4 unicast
!
The following example shows how to configure LFA FRR with configurable tie-break configuration:
router isis TEST
net 49.0001.0000.0000.0001.00
address-family ipv4 unicast
metric-style wide
fast-reroute per-prefix tiebreaker ?
downstream Prefer backup path via downstream node
lc-disjoint Prefer line card disjoint backup path
lowest-backup-metric Prefer backup path with lowest total metric
node-protecting Prefer node protecting backup path
primary-path Prefer backup path from ECMP set
secondary-path Prefer non-ECMP backup path
fast-reroute per-prefix tiebreaker lc-disjoint index ?
<1-255> Index
fast-reroute per-prefix tiebreaker lc-disjoint index 10
Sample configuration:
router isis TEST
net 49.0001.0000.0000.0001.00
address-family ipv4 unicast
metric-style wide
fast-reroute per-prefix tiebreaker downstream index 60
fast-reroute per-prefix tiebreaker lc-disjoint index 10
fast-reroute per-prefix tiebreaker lowest-backup-metric index 40
fast-reroute per-prefix tiebreaker node-protecting index 30
fast-reroute per-prefix tiebreaker primary-path index 20
fast-reroute per-prefix tiebreaker secondary-path index 50
!
interface GigabitEthernet0/6/0/13
point-to-point
address-family ipv4 unicast
fast-reroute per-prefix
!
interface GigabitEthernet0/1/0/13
point-to-point
address-family ipv4 unicast
fast-reroute per-prefix
!
interface GigabitEthernet0/3/0/0.1
point-to-point
address-family ipv4 unicast
!
interface GigabitEthernet0/3/0/0.2
point-to-point
address-family ipv4 unicast
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
60 OL-26056-02
Implementing MPLS Label Distribution Protocol
Configure IP LDP Fast Reroute Loop Free Alternate: ExampleRelated Topics
IP LDP Fast Reroute Loop Free Alternate, on page 14
Verify IP LDP Fast Reroute Loop Free Alternate: Example
The following examples show how to verify the IP LDP FRR LFA feature on the router.
The following example shows how to verify ISIS FRR output:
RP/0/RSP0/CPU0:router#show isis fast-reroute summary
IS-IS 1 IPv4 Unicast FRR summary
Critical High Medium Low Total
Priority Priority Priority Priority
Prefixes reachable in L1
All paths protected 0 0 4 1008 1012
Some paths protected 0 0 0 0 0
Unprotected 0 0 0 0 0
Protection coverage 0.00% 0.00% 100.00% 100.00% 100.00%
Prefixes reachable in L2
All paths protected 0 0 1 0 1
Some paths protected 0 0 0 0 0
Unprotected 0 0 0 0 0
Protection coverage 0.00% 0.00% 100.00% 0.00% 100.00%
The following example shows how to verify the IGP route 211.1.1.1/24 in ISIS Fast Reroute output:
RP/0/RSP0/CPU0:router#show isis fast-reroute 211.1.1.1/24
L1 211.1.1.1/24 [40/115]
via 12.0.0.2, GigabitEthernet0/6/0/13, NORTH
FRR backup via 14.0.2.2, GigabitEthernet0/6/0/0.3, SOUTH
RP/0/RSP0/CPU0:router#show isis fast-reroute 211.1.1.1/24 detail
L1 211.1.1.1/24 [40/115] low priority
via 12.0.0.2, GigabitEthernet0/6/0/13, NORTH
FRR backup via 14.0.2.2, GigabitEthernet0/6/0/0.3, SOUTH
P: No, TM: 130, LC: No, NP: Yes, D: Yes
src sr1.00-00, 173.1.1.2
L2 adv [40] native, propagated
The following example shows how to verify the IGP route 211.1.1.1/24 in RIB output:
RP/0/RSP0/CPU0:router#show route 211.1.1.1/24
Routing entry for 211.1.1.0/24
Known via "isis 1", distance 115, metric 40, type level-1
Installed Nov 27 10:22:20.311 for 1d08h
Routing Descriptor Blocks
12.0.0.2, from 173.1.1.2, via GigabitEthernet0/6/0/13, Protected
Route metric is 40
14.0.2.2, from 173.1.1.2, via GigabitEthernet0/6/0/0.3, Backup
Route metric is 0
No advertising protos.
The following example shows how to verify the IGP route 211.1.1.1/24 in FIB output:
RP/0/RSP0/CPU0:router#show cef 211.1.1.1/24
211.1.1.0/24, version 0, internal 0x40040001 (ptr 0x9d9e1a68) [1], 0x0 \
(0x9ce0ec40), 0x4500 (0x9e2c69e4)
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 61
Implementing MPLS Label Distribution Protocol
Verify IP LDP Fast Reroute Loop Free Alternate: ExampleUpdated Nov 27 10:22:29.825
remote adjacency to GigabitEthernet0/6/0/13
Prefix Len 24, traffic index 0, precedence routine (0)
via 12.0.0.2, GigabitEthernet0/6/0/13, 0 dependencies, weight 0, class 0, \
protected [flags 0x400]
path-idx 0, bkup-idx 1 [0x9e5b71b4 0x0]
next hop 12.0.0.2
local label 16080 labels imposed {16082}
via 14.0.2.2, GigabitEthernet0/6/0/0.3, 3 dependencies, weight 0, class 0, \
backup [flags 0x300]
path-idx 1
next hop 14.0.2.2
remote adjacency
local label 16080 labels imposed {16079}
RP/0/RSP0/CPU0:router#show cef 211.1.1.1/24 detail
211.1.1.0/24, version 0, internal 0x40040001 (ptr 0x9d9e1a68) [1], 0x0 \
(0x9ce0ec40), 0x4500 (0x9e2c69e4)
Updated Nov 27 10:22:29.825
remote adjacency to GigabitEthernet0/6/0/13
Prefix Len 24, traffic index 0, precedence routine (0)
gateway array (0x9cc622f0) reference count 1158, flags 0x28000d00, source lsd \
(2),
[387 type 5 flags 0x101001 (0x9df32398) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0x9ce0ec40, sh-ldi=0x9df32398]
via 12.0.0.2, GigabitEthernet0/6/0/13, 0 dependencies, weight 0, class 0, \
protected [flags 0x400]
path-idx 0, bkup-idx 1 [0x9e5b71b4 0x0]
next hop 12.0.0.2
local label 16080 labels imposed {16082}
via 14.0.2.2, GigabitEthernet0/6/0/0.3, 3 dependencies, weight 0, class 0, \
backup [flags 0x300]
path-idx 1
next hop 14.0.2.2
remote adjacency
local label 16080 labels imposed {16079}
Load distribution: 0 (refcount 387)
Hash OK Interface Address
0 Y GigabitEthernet0/6/0/13 remote
The following example shows how to verify the IGP route 211.1.1.1/24 in MPLS LDP output:
RP/0/RSP0/CPU0:router#show mpls ldp forwarding 211.1.1.1/24
Prefix Label Label Outgoing Next Hop GR Stale
In Out Interface
---------------- ------- ---------- ------------ ------------------- -- -----
211.1.1.0/24 16080 16082 Gi0/6/0/13 12.0.0.2 Y N
16079 Gi0/6/0/0.3 14.0.2.2 (!) Y N
RP/0/RSP0/CPU0:router#show mpls ldp forwarding 211.1.1.1/24 detail
Prefix Label Label Outgoing Next Hop GR Stale
In Out Interface
---------------- ------- ---------- ------------ ------------------- -- -----
211.1.1.0/24 16080 16082 Gi0/6/0/13 12.0.0.2 Y N
[ Protected; path-id 1 backup-path-id 33;
peer 20.20.20.20:0 ]
16079 Gi0/6/0/0.3 14.0.2.2 (!) Y N
[ Backup; path-id 33; peer 40.40.40.40:0 ]
Routing update : Nov 27 10:22:19.560 (1d08h ago)
Forwarding update: Nov 27 10:22:29.060 (1d08h ago)
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
62 OL-26056-02
Implementing MPLS Label Distribution Protocol
Verify IP LDP Fast Reroute Loop Free Alternate: ExampleRelated Topics
IP LDP Fast Reroute Loop Free Alternate, on page 14
Additional References
For additional information related to Implementing MPLS Label Distribution Protocol, refer to the following
references:
Related Documents
Related Topic Document Title
MPLS Label Distribution Protocol Commands on
Cisco ASR 9000 Series Router module in the
Cisco ASR 9000 Series Aggregation Services Router
MPLS Command Reference
LDP commands on Cisco ASR 9000 Series Router
Cisco ASR 9000 Series Aggregation Services Router
Getting Started Guide
Getting started material
Standards
Standards Title
No new or modified standards are supported by this
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the Cisco
Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
RFCs
RFCs Title
RFC 3031 Multiprotocol Label Switching Architecture
RFC 3036 LDP Specification
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 63
Implementing MPLS Label Distribution Protocol
Additional ReferencesRFCs Title
RFC 3037 LDP Applicability
Graceful Restart Mechanism for Label Distribution
Protocol
RFC 3478
RFC 3815 Definitions of Managed Objects for MPLS LDP
Label Distribution and Management
Downstream on Demand Label Advertisement
RFC 5036
Basic Specification for IP Fast Reroute: Loop-Free
Alternates
RFC 5286
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
64 OL-26056-02
Implementing MPLS Label Distribution Protocol
Additional ReferencesC H A P T E R 2
Implementing RSVP for MPLS-TE
This module describes how to implement Resource Reservation Protocol (RSVP) for MPLS Traffic
Engineering (MPLS-TE) on Cisco ASR 9000 Series Aggregation Services Routers.
The Multiprotocol Label Switching (MPLS) is a standards-based solution, driven by the Internet Engineering
Task Force (IETF), devised to convert the Internet and IP backbones from best-effort networks into
business-class transport media.
Resource Reservation Protocol (RSVP) is a signaling protocol that enables systems to request resource
reservations from the network. RSVP processes protocol messages from other systems, processes resource
requests from local clients, and generates protocol messages. As a result, resources are reserved for data
flows on behalf of local and remote clients. RSVP creates, maintains, and deletes these resource reservations.
RSVP provides a secure method to control quality-of-service (QoS) access to a network.
MPLS Traffic Engineering (MPLS-TE) uses RSVP to signal label switched paths (LSPs).
Feature History for Implementing RSVP for MPLS-TE
Release Modification
Release 3.7.2 This feature was introduced.
Release 3.9.0 The RSVP MIB feature was added.
Prerequisites for Implementing RSVP for MPLS-TE , page 66
Information About Implementing RSVP for MPLS-TE , page 66
Information About Implementing RSVP Authentication, page 71
How to Implement RSVP, page 75
How to Implement RSVP Authentication, page 88
Configuration Examples for RSVP, page 104
Configuration Examples for RSVP Authentication, page 108
Additional References, page 110
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 65Prerequisites for Implementing RSVP for MPLS-TE
These prerequisites are required to implement RSVP for MPLS-TE :
You must be in a user group associated with a task group that includesthe proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
Either a composite mini-image plus an MPLS package, or a full image, must be installed.
Information About Implementing RSVP for MPLS-TE
To implement MPLS RSVP, you must understand the these concepts:
Related Topics
How to Implement RSVP Authentication, on page 88
Overview of RSVP for MPLS-TE
RSVP is a network control protocol that enables Internet applications to signal LSPs for MPLS-TE . The
RSVP implementation is compliant with the IETF RFC 2205, and RFC 3209.
RSVP is automatically enabled on interfaces on which MPLS-TE is configured. For MPLS-TE LSPs with
nonzero bandwidth, the RSVP bandwidth has to be configured on the interfaces. There is no need to configure
RSVP, if all MPLS-TE LSPs have zero bandwidth .
RSVP Refresh Reduction, defined in RFC 2961, includes support for reliable messages and summary refresh
messages. Reliable messages are retransmitted rapidly if the message is lost. Because each summary refresh
message contains information to refresh multiple states, this greatly reduces the amount of messaging needed
to refresh states. For refresh reduction to be used between two routers, it must be enabled on both routers.
Refresh Reduction is enabled by default.
Message rate limiting for RSVP allows you to set a maximum threshold on the rate at which RSVP messages
are sent on an interface. Message rate limiting is disabled by default.
The process that implements RSVP is restartable. A software upgrade, process placement or process failure
of RSVP or any of its collaborators, has been designed to ensure Nonstop Forwarding (NSF) of the data plane.
RSVP supports graceful restart, which is compliant with RFC 3473. It follows the procedures that apply when
the node reestablishes communication with the neighbors control plane within a configured restart time.
It is important to note that RSVP is not a routing protocol. RSVP works in conjunction with routing protocols
and installs the equivalent of dynamic access lists along the routes that routing protocols calculate. Because
of this, implementing RSVP in an existing network does not require migration to a new routing protocol.
Related Topics
Configuring RSVP Packet Dropping, on page 81
Set DSCP for RSVP Packets: Example, on page 107
Verifying RSVP Configuration, on page 83
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
66 OL-26056-02
Implementing RSVP for MPLS-TE
Prerequisites for Implementing RSVP for MPLS-TELSP Setup
LSP setup is initiated when the LSP head node sends path messages to the tail node (see the RSVP Operation
figure ).
Figure 7: RSVP Operation
The Path messagesreserve resources along the path to each node, creating Path softstates on each node.When
the tail node receives a path message, it sends a reservation (RESV) message with a label back to the previous
node. When the reservation message arrives at the previous node, it causes the reserved resources to be locked
and forwarding entries are programmed with the MPLS label sent from the tail-end node. A new MPLS label
is allocated and sent to the next node upstream.
When the reservation message reaches the head node, the label is programmed and the MPLS data starts to
flow along the path.
High Availability
RSVP is designed to ensure nonstop forwarding under the following constraints:
Ability to tolerate the failure of one RP of a 1:1 redundant pair.
Hitless software upgrade.
The RSVP high availability (HA) design followsthe constraints of the underlying architecture where processes
can fail without affecting the operation of other processes. A processfailure of RSVP or any of its collaborators
does not cause any traffic loss or cause established LSPs to go down. When RSVP restarts, it recovers its
signaling states from its neighbors. No special configuration or manual intervention are required. You may
configure RSVP graceful restart, which offers a standard mechanism to recover RSVP state information from
neighbors after a failure.
Graceful Restart
RSVP graceful restart provides a control plane mechanism to ensure high availability (HA), which allows
detection and recovery from failure conditions while preserving nonstop forwarding services on the systems
running Cisco IOS XR software.
RSVP graceful restart provides a mechanism that minimizes the negative effects on MPLS traffic caused by
these types of faults:
Disruption of communication channels between two nodes when the communication channels are separate
from the data channels. This is called control channel failure.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 67
Implementing RSVP for MPLS-TE
LSP Setup Control plane of a node fails but the node preservesits data forwarding states. Thisis called node failure.
The procedure for RSVP graceful restart is described in the Fault Handling section of RFC 3473, Generalized
MPLS Signaling, RSVP-TE Extensions. One of the main advantages of using RSVP graceful restart isrecovery
of the control plane while preserving nonstop forwarding and existing labels.
Graceful Restart: Standard and Interface-Based
When you configure RSVP graceful restart, Cisco IOS XR software sends and expects node-id address based
Hello messages (that is, Hello Request and Hello Ack messages). The RSVP graceful restart Hello session is
not established if the neighbor router does not respond with a node-id based Hello Ack message.
You can also configure graceful restart to respond (send Hello Ack messages) to interface-address based Hello
messages sent from a neighbor router in order to establish a graceful restart Hello session on the neighbor
router. If the neighbor router does not respond with node-id based Hello Ack message, however, the RSVP
graceful restart Hello session is not established.
Cisco IOS XR software provides two commands to configure graceful restart:
signalling hello graceful-restart
signalling hello graceful-restart interface-based
By default, graceful restart is disabled. To enable interface-based graceful restart, you must first enable
standard graceful restart. You cannot enable interface-based graceful restart independently.
Note
Related Topics
Enabling Graceful Restart, on page 78
Enable Graceful Restart: Example, on page 106
Enable Interface-Based Graceful Restart: Example, on page 106
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
68 OL-26056-02
Implementing RSVP for MPLS-TE
Graceful RestartGraceful Restart: Figure
This figure illustrates how RSVP graceful restart handles a node failure condition.
Figure 8: Node Failure with RSVP
RSVP graceful restart requires the use of RSVP hello messages. Hello messages are used between RSVP
neighbors. Each neighbor can autonomously issue a hello message containing a hello request object. A receiver
that supports the hello extension replies with a hello message containing a hello acknowledgment (ACK)
object. This means that a hello message contains either a hello Request or a hello ACK object. These two
objects have the same format.
The restart cap object indicates a nodes restart capabilities. It is carried in hello messages if the sending node
supports state recovery. The restart cap object has the following two fields:
Restart Time
Time after a lossin Hello messages within which RSVP hello session can be reestablished. It is possible
for a user to manually configure the Restart Time.
Recovery Time
Time that the sender waits for the recipient to re-synchronize states after the re-establishment of hello
messages. This value is computed and advertised based on number of states that existed before the fault
occurred.
For graceful restart, the hello messages are sent with an IP Time to Live (TTL) of 64. This is because the
destination of the hello messages can be multiple hops away. If graceful restart is enabled, hello messages
(containing the restart cap object) are send to an RSVP neighbor when RSVP states are shared with that
neighbor.
Restart cap objects are sent to an RSVP neighbor when RSVP states are shared with that neighbor. If the
neighbor replies with hello messages containing the restart cap object, the neighbor is considered to be graceful
restart capable. If the neighbor does not reply with hello messages or replies with hello messages that do not
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 69
Implementing RSVP for MPLS-TE
Graceful Restartcontain the restart cap object, RSVP backs off sending hellos to that neighbor. If graceful restart is disabled,
no hello messages (Requests or ACKs) are sent. If a hello Request message is received from an unknown
neighbor, no hello ACK is sent back.
ACL-based Prefix Filtering
RSVP provides for the configuration of extended access lists (ACLs) to forward, drop, or perform normal
processing on RSVP router-alert (RA) packets. Prefix filtering is designed for use at core access routers in
order that RA packets (identified by a source/destination address) can be seamlessly forwarded across the
core from one access point to another (or, conversely to be dropped at this node). RSVP applies prefix filtering
rules only to RA packets because RA packets contain source and destination addresses of the RSVP flow.
RA packets forwarded due to prefix filtering must not be sent as RSVP bundle messages, because bundle
messages are hop-by-hop and do not contain RA. Forwarding a Bundle message does not work, because
the node receiving the messages is expected to apply prefix filtering rules only to RA packets.
Note
For each incoming RSVP RA packet, RSVP inspectsthe IP header and attemptsto match the source/destination
IP addresses with a prefix configured in an extended ACL. The results are as follows:
If an ACL does not exist, the packet is processed like a normal RSVP packet.
If the ACL match yields an explicit permit (and if the packet is not locally destined), the packet is
forwarded. The IP TTL is decremented on all forwarded packets.
If the ACL match yields an explicit deny, the packet is dropped.
If there is no explicit permit or explicit deny, the ACL infrastructure returns an implicit (default) deny. RSVP
can be configured to drop the packet. By default, RSVP processes the packet if the ACL match yields an
implicit (default) deny.
Related Topics
Configuring ACLs for Prefix Filtering, on page 80
Configure ACL-based Prefix Filtering: Example, on page 107
RSVP MIB
RFC 2206, RSVP Management Information Base Using SMIv2 defines all the SNMP MIB objects that are
relevant to RSVP. By implementing the RSVP MIB, you can perform these functions:
Specifies two traps (NetFlow and LostFlow) which are triggered when a new flow is created or deleted.
Lets you use SNMP to access objects belonging to RSVP.
Related Topics
Enabling RSVP Traps, on page 86
Enable RSVP Traps: Example, on page 108
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
70 OL-26056-02
Implementing RSVP for MPLS-TE
ACL-based Prefix FilteringInformation About Implementing RSVP Authentication
Before implementing RSVP authentication, you must configure a keychain first. The name of the keychain
must be the same as the one used in the keychain configuration. For more information about configuring
keychains, see Cisco ASR 9000 Series Aggregation Services Router System Security Configuration Guide .
Note RSVP authentication supports only keyed-hash message authentication code (HMAC) type algorithms.
To implement RSVP authentication on Cisco IOS XR software, you must understand the following concepts:
RSVP Authentication Functions
You can carry out these tasks with RSVP authentication:
Set up a secure relationship with a neighbor by using secret keys that are known only to you and the
neighbor.
Configure RSVP authentication in global, interface, or neighbor configuration modes.
Authenticate incoming messages by checking if there is a valid security relationship that is associated
based on key identifier, incoming interface, sender address, and destination address.
Add an integrity object with message digest to the outgoing message.
Use sequence numbers in an integrity object to detect replay attacks.
RSVP Authentication Design
Network administrators need the ability to establish a security domain to control the set ofsystemsthat initiates
RSVP requests.
The RSVP authentication feature permits neighborsin an RSVP network to use a secure hash to sign all RSVP
signaling messages digitally, thus allowing the receiver of an RSVP message to verify the sender of the
message without relying solely on the sender's IP address.
The signature is accomplished on a per-RSVP-hop basis with an RSVP integrity object in the RSVP message
as defined in RFC 2747. This method provides protection against forgery or message modification. However,
the receiver must know the security key used by the sender to validate the digital signature in the received
RSVP message.
Network administrators manually configure a common key for each RSVP neighbor on the shared network.
The following reasons explain how to choose between global, interface, or neighbor configuration modes:
Global configuration mode is optimal when a router belongs to a single security domain (for example,
part of a set of provider core routers). A single common key set is expected to be used to authenticate
all RSVP messages.
Interface, or neighbor configuration mode, is optimal when a router belongs to more than one security
domain. For example, a provider router is adjacent to the provider edge (PE), or a PE is adjacent to an
edge device. Different keys can be used but not shared.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 71
Implementing RSVP for MPLS-TE
Information About Implementing RSVP AuthenticationGlobal configuration mode configures the defaults for interface and neighbor interface modes. These modes,
unless explicitly configured, inherit the parameters from global configuration mode, as follows:
Window-size is set to 1.
Lifetime is set to 1800.
key-source key-chain command is set to none or disabled.
Related Topics
Configuring a Lifetime for an Interface for RSVP Authentication, on page 95
RSVP Authentication by Using All the Modes: Example, on page 110
Global, Interface, and Neighbor Authentication Modes
You can configure global defaults for all authentication parameters including key, window size, and lifetime.
These defaults are inherited when you configure authentication for each neighbor or interface. However, you
can also configure these parameters individually on a neighbor or interface basis, in which case the global
values (configured or default) are no longer inherited.
RSVP uses the following rules when choosing which authentication parameter to use when that parameter
is configured at multiple levels (interface, neighbor, or global). RSVP goes from the most specific to least
specific; that is, neighbor, interface, and global.
Note
Global keys simplify the configuration and eliminate the chances of a key mismatch when receiving messages
from multiple neighbors and multiple interfaces. However, global keys do not provide the best security.
Interface keys are used to secure specific interfaces between two RSVP neighbors. Because many of the RSVP
messages are IP routed, there are many scenarios in which using interface keys are not recommended. If all
keys on the interfaces are not the same, there is a risk of a key mismatch for the following reasons:
When the RSVP graceful restart is enabled, RSVP hello messages are sent with a source IP address of
the local router ID and a destination IP address of the neighbor router ID. Because multiple routes can
exist between the two neighbors, the RSVP hello message can traverse to different interfaces.
When the RSVP fast reroute (FRR) is active, the RSVP Path and Resv messages can traverse multiple
interfaces.
When Generalized Multiprotocol Label Switching (GMPLS) optical tunnels are configured, RSVP
messages are exchanged with router IDs as the source and destination IP addresses. Since multiple
control channels can exist between the two neighbors, the RSVP messages can traverse different interfaces.
Neighbor-based keys are particularly useful in a network in which some neighborssupport RSVP authentication
procedures and others do not. When the neighbor-based keys are configured for a particular neighbor, you
are advised to configure all the neighbors addresses and router IDs for RSVP authentication.
Related Topics
Configuring a Lifetime for RSVP Authentication in Global Configuration Mode, on page 90
RSVP Authentication Global Configuration Mode: Example, on page 108
Specifying the RSVP Authentication Keychain in Interface Mode, on page 93
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
72 OL-26056-02
Implementing RSVP for MPLS-TE
Global, Interface, and Neighbor Authentication ModesRSVP Authentication by Using All the Modes: Example, on page 110
Security Association
A security association (SA) is defined as a collection of information that is required to maintain secure
communications with a peer to counter replay attacks, spoofing, and packet corruption.
This table lists the main parameters that define a security association.
Table 2: Security Association Main Parameters
Parameter Description
src IP address of the sender.
dst IP address of the final destination.
interface Interface of the SA.
direction Send or receive type of the SA.
Expiration timer value that is used to collect unused
security association data.
Lifetime
Lastsequence number that was eithersent or accepted
(dependent of the direction type).
Sequence Number
key-source Source of keys for the configurable parameter.
Key number (returned form the key-source) that was
last used.
keyID
digest Algorithm last used (returned from the key-source).
Specifiesthe tolerance for the configurable parameter.
The parameter is applicable when the direction
parameter is the receive type.
Window Size
Specifiesthe last window size value sequence number
that is received or accepted. The parameter is
applicable when the direction parameter isthe receive
type.
Window
An SA is created dynamically when sending and receiving messagesthat require authentication. The neighbor,
source, and destination addresses are obtained either from the IP header or from an RSVP object, such as a
HOP object, and whether the message is incoming or outgoing.
When the SA is created, an expiration timer is created. When the SA authenticates a message, it is marked as
recently used. The lifetime timer periodically checks if the SA is being used. If so, the flag is cleared and is
cleaned up for the next period unless it is marked again.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 73
Implementing RSVP for MPLS-TE
Security AssociationThis table shows how to locate the source and destination address keys for an SA that is based on the message
type.
Table 3: Source and Destination Address Locations for Different Message Types
Message Type Source Address Location Destination Address Location
Path HOP object SESSION object
PathTear HOP object SESSION object
PathError HOP object IP header
Resv HOP object IP header
ResvTear HOP object IP header
ResvError HOP object IP header
ResvConfirm IP header CONFIRM object
Ack IP header IP header
Srefresh IP header IP header
Hello IP header IP header
Bundle
Related Topics
Specifying the Keychain for RSVP Neighbor Authentication, on page 98
RSVP Neighbor Authentication: Example, on page 109
Configuring a Lifetime for RSVP Neighbor Authentication, on page 100
RSVP Authentication Global Configuration Mode: Example, on page 108
Key-source Key-chain
The key-source key-chain is used to specify which keys to use.
You configure a list of keys with specific IDs and have different lifetimes so that keys are changed at
predetermined intervals automatically, without any disruption of service. Rollover enhances network security
by minimizing the problems that could result if an untrusted source obtained, deduced, or guessed the current
key.
RSVP handles rollover by using the following key ID types:
On TX, use the youngest eligible key ID.
On RX, use the key ID that is received in an integrity object.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
74 OL-26056-02
Implementing RSVP for MPLS-TE
Key-source Key-chainFor more information about implementing keychain management,see Cisco ASR 9000 Series Router System
Security Configuration Guide Cisco ASR 9000 Series Router .
Related Topics
Enabling RSVP Authentication Using the Keychain in Global Configuration Mode, on page 88
RSVP Authentication Global Configuration Mode: Example, on page 108
Specifying the Keychain for RSVP Neighbor Authentication, on page 98
RSVP Neighbor Authentication: Example, on page 109
Guidelines for Window-Size and Out-of-Sequence Messages
These guidelines are required for window-size and out-of-sequence messages:
Default window-size is set to 1. If a single message is received out-of-sequence, RSVP rejects it and
displays a message.
When RSVP messages are sent in burst mode (for example, tunnel optimization), some messages can
become out-of-sequence for a short amount of time.
Window size can be increased by using the window-size command. When the window size is increased,
replay attacks can be detected with duplicate sequence numbers.
Related Topics
Configuring the Window Size for RSVP Authentication in Global Configuration Mode, on page 91
Configuring the Window Size for an Interface for RSVP Authentication, on page 96
Configuring the Window Size for RSVP Neighbor Authentication, on page 102
RSVP Authentication by Using All the Modes: Example, on page 110
RSVP Authentication for an Interface: Example, on page 109
Caveats for Out-of-Sequence
These caveats are listed for out-of-sequence:
When RSVP messages traverse multiple interface types with different maximum transmission unit
(MTU) values, some messages can become out-of-sequence if they are fragmented.
Packets with some IP options may be reordered.
Change in QoS configurations may lead to a transient reorder of packets.
QoS policies can cause a reorder of packets in a steady state.
Because all out-of-sequence messages are dropped, the sender must retransmit them. Because RSVP state
timeouts are generally long, out-of-sequence messages during a transient state do not lead to a state timeout.
How to Implement RSVP
RSVP requires coordination among several routers, establishing exchange of RSVP messages to set up LSPs.
Depending on the client application, RSVP requires some basic configuration, as described in these topics:
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 75
Implementing RSVP for MPLS-TE
Guidelines for Window-Size and Out-of-Sequence MessagesConfiguring Traffic Engineering Tunnel Bandwidth
To configure traffic engineering tunnel bandwidth, you must firstset up TE tunnels and configure the reserved
bandwidth per interface (there is no need to configure bandwidth for the data channel or the control channel).
Cisco IOS XR software supports two MPLS DS-TE modes: Prestandard and IETF.
For prestandard DS-TE you do not need to configure bandwidth for the data channel or the control channel.
There is no other specific RSVP configuration required for this application. When no RSVP bandwidth
is specified for a particular interface, you can specify zero bandwidth in the LSP setup if it is configured
under RSVP interface configuration mode or MPLS-TE configuration mode.
Note
Related Topics
Configuring a Prestandard DS-TE Tunnel, on page 176
Configuring an IETF DS-TE Tunnel Using RDM, on page 178
Configuring an IETF DS-TE Tunnel Using MAM, on page 181
Confirming DiffServ-TE Bandwidth
Perform this task to confirm DiffServ-TE bandwidth.
In RSVP global and subpools, reservable bandwidths are configured per interface to accommodate TE tunnels
on the node. Available bandwidth from all configured bandwidth pools is advertised using IGP. RSVP signals
the TE tunnel with appropriate bandwidth pool requirements.
SUMMARY STEPS
1. configure
2. rsvp
3. interface type interface-path-id
4. bandwidth total-bandwidth max-flow sub-pool sub-pool-bw
5. Use one of the following commands:
end
commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
76 OL-26056-02
Implementing RSVP for MPLS-TE
Configuring Traffic Engineering Tunnel BandwidthDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
rsvp Enters RSVP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp
Step 2
interface type interface-path-id Enters interface configuration mode for the RSVP protocol.
Example:
RP/0/RSP0/CPU0:router(config-rsvp)#
Step 3
interface pos 0/2/0/0
Sets the reservable bandwidth, the maximum RSVP bandwidth
available for a flow and the sub-pool bandwidth on this interface.
bandwidth total-bandwidth max-flow sub-pool
sub-pool-bw
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if)#
Step 4
bandwidth 1000 100 sub-pool 150
Step 5 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
or returns the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-rsvp-if)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 77
Implementing RSVP for MPLS-TE
Confirming DiffServ-TE BandwidthCommand or Action Purpose
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Related Topics
Differentiated Services Traffic Engineering, on page 127
Bandwidth Configuration (MAM): Example, on page 104
Bandwidth Configuration (RDM): Example, on page 105
Enabling Graceful Restart
Perform this task to enable graceful restart for implementations using both node-id and interface-based hellos.
RSVP graceful restart provides a control plane mechanism to ensure high availability, which allows detection
and recovery from failure conditions while preserving nonstop forwarding services.
SUMMARY STEPS
1. configure
2. rsvp
3. signalling graceful-restart
4. signalling graceful-restart interface-based
5. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
78 OL-26056-02
Implementing RSVP for MPLS-TE
Enabling Graceful RestartCommand or Action Purpose
rsvp Enters the RSVP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp
Step 2
signalling graceful-restart Enables the graceful restart process on the node.
Example:
RP/0/RSP0/CPU0:router(config-rsvp)#
Step 3
signalling graceful-restart
signalling graceful-restart interface-based Enables interface-based graceful restart process on the node.
Example:
RP/0/RSP0/CPU0:router(config-rsvp)#
Step 4
signalling graceful-restart
interface-based
Step 5 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-rsvp)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
Graceful Restart: Standard and Interface-Based, on page 68
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 79
Implementing RSVP for MPLS-TE
Enabling Graceful RestartEnable Graceful Restart: Example, on page 106
Enable Interface-Based Graceful Restart: Example, on page 106
Configuring ACL-based Prefix Filtering
Two procedures are provided to show how RSVP Prefix Filtering is associated:
Configuring ACLs for Prefix Filtering, on page 80
Configuring RSVP Packet Dropping, on page 81
Configuring ACLs for Prefix Filtering
Perform this task to configure an extended access list ACL that identifies the source and destination prefixes
used for packet filtering.
Note The extended ACL needs to be configured separately using extended ACL configuration commands.
SUMMARY STEPS
1. configure
2. rsvp
3. signalling prefix-filtering access-list
4. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
rsvp Enters the RSVP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp
Step 2
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
80 OL-26056-02
Implementing RSVP for MPLS-TE
Configuring ACL-based Prefix FilteringCommand or Action Purpose
signalling prefix-filtering access-list Enter an extended access list name as a string.
Example:
RP/0/RSP0/CPU0:router(config-rsvp)#
Step 3
signalling prefix-filtering access-list
banks
Step 4 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-rsvp)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Related Topics
ACL-based Prefix Filtering, on page 70
Configure ACL-based Prefix Filtering: Example, on page 107
Configuring RSVP Packet Dropping
Perform this task to configure RSVP to drop RA packets when the ACL match returns an implicit (default)
deny.
The default behavior performs normal RSVP processing on RA packets when the ACL match returns an
implicit (default) deny.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 81
Implementing RSVP for MPLS-TE
Configuring ACL-based Prefix FilteringSUMMARY STEPS
1. configure
2. rsvp
3. signalling prefix-filtering default-deny-action
4. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
rsvp Enters the RSVP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp
Step 2
signalling prefix-filtering default-deny-action Drops RA messages.
Example:
RP/0/RSP0/CPU0:router(config-rsvp)#
Step 3
signalling prefix-filtering
default-deny-action
Step 4 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-rsvp)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
82 OL-26056-02
Implementing RSVP for MPLS-TE
Configuring ACL-based Prefix FilteringCommand or Action Purpose
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Related Topics
Overview of RSVP for MPLS-TE , on page 66
Set DSCP for RSVP Packets: Example, on page 107
Verifying RSVP Configuration
This figure illustrates the topology.
Figure 9: Sample Topology
Perform the following steps to verify RSVP configuration.
SUMMARY STEPS
1. show rsvp session
2. show rsvp counters messages summary
3. show rsvp counters events
4. show rsvp interface type interface-path-id [detail]
5. show rsvp graceful-restart
6. show rsvp graceful-restart [neighbors ip-address | detail]
7. show rsvp interface
8. show rsvp neighbor
DETAILED STEPS
Step 1 show rsvp session
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 83
Implementing RSVP for MPLS-TE
Verifying RSVP ConfigurationVerifiesthat all routers on the path of the LSP are configured with at least one Path State Block (PSB) and one Reservation
State Block (RSB) per session.
Example:
RP/0/RSP0/CPU0:router# show rsvp session
Type Destination Add DPort Proto/ExtTunID PSBs RSBs Reqs
---- --------------- ----- --------------- ----- ----- ----- LSP4
172.16.70.70 6 10.51.51.51 1 1 0
In the example , the output represents an LSP from ingress (head) router 10.51.51.51 to egress (tail) router 172.16.70.70.
The tunnel ID (also called the destination port) is 6.
Example:
If no states can be found for a session that should be up, verify the
application (for example, MPLS-TE ) to see if
everything is in order. If a session has one PSB but no RSB, this indicates
that either the Path message is not making it to the egress (tail) router or
the reservation message is not making it back to the router R1 in question.
Go to the downstream router R2 and display the session information:
Example:
If R2 has no PSB, either the path message is not making it to the
router or the path message is being rejected (for example, due to lack of
resources). If R2 has a PSB but no RSB, go to the next downstream router R3
to investigate. If R2 has a PSB and an RSB, this means the reservation is
not making it from R2 to R1 or is being rejected.
Step 2 show rsvp counters messages summary
Verifies whether the RSVP message is being transmitted and received.
Example:
RP/0/RSP0/CPU0:router# show rsvp counters messages summary
All RSVP Interfaces Recv Xmit Recv Xmit Path 0 25
Resv 30 0 PathError 0 0 ResvError 0 1 PathTear 0 30 ResvTear 12 0
ResvConfirm 0 0 Ack 24 37 Bundle 0 Hello 0 5099 SRefresh 8974 9012
OutOfOrder 0 Retransmit 20 Rate Limited 0
Step 3 show rsvp counters events
Verifies how many RSVP states have expired. Because RSVP uses a soft-state mechanism, some failures will lead to
RSVP states to expire due to lack of refresh from the neighbor.
Example:
RP/0/RSP0/CPU0:router# show rsvp counters events
mgmtEthernet0/0/0/0 tunnel6 Expired Path states 0 Expired
Path states 0 Expired Resv states 0 Expired Resv states 0 NACKs received 0
NACKs received 0 POS0/3/0/0 POS0/3/0/1 Expired
Path states 0 Expired Path states 0 Expired Resv states 0 Expired Resv
states 0 NACKs received 0 NACKs received 0 POS0/3/0/2
POS0/3/0/3 Expired Path states 0 Expired Path
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
84 OL-26056-02
Implementing RSVP for MPLS-TE
Verifying RSVP Configurationstates 0 Expired Resv states 0 Expired Resv states 1 NACKs received 0 NACKs
received 1
Step 4 show rsvp interface type interface-path-id [detail]
Verifies that refresh reduction is working on a particular interface.
Example:
RP/0/RSP0/CPU0:router# show rsvp interface pos0/3/0/3 detail
INTERFACE: POS0/3/0/3 (ifh=0x4000D00). BW
(bits/sec): Max=1000M. MaxFlow=1000M. Allocated=1K (0%). MaxSub=0.
Signalling: No DSCP marking. No rate limiting. States in: 1. Max missed
msgs: 4. Expiry timer: Running (every 30s). Refresh interval: 45s. Normal
Refresh timer: Not running. Summary refresh timer: Running. Refresh
reduction local: Enabled. Summary Refresh: Enabled (4096 bytes max).
Reliable summary refresh: Disabled. Ack hold: 400 ms, Ack max size: 4096
bytes. Retransmit: 900ms. Neighbor information: Neighbor-IP Nbor-MsgIds
States-out Refresh-Reduction Expiry(min::sec) -------------- --------------
---------- ------------------ ---------------- 64.64.64.65 1 1 Enabled
14::45
Step 5 show rsvp graceful-restart
Verifies that graceful restart is enabled locally.
Example:
RP/0/RSP0/CPU0:router# show rsvp graceful-restart
Graceful restart: enabled Number of global
neighbors: 1 Local MPLS router id: 10.51.51.51 Restart time: 60 seconds
Recovery time: 0 seconds Recovery timer: Not running Hello interval: 5000
milliseconds Maximum Hello miss-count: 3
Step 6 show rsvp graceful-restart [neighbors ip-address | detail]
Verifies that graceful restart is enabled on the neighbor(s). These examples show that neighbor 192.168.60.60 is not
responding to hello messages.
Example:
RP/0/RSP0/CPU0:router# show rsvp graceful-restart neighbors 192.168.60.60
Neighbor App State Recovery Reason
Since LostCnt --------------- ----- ------ -------- ------------
-------------------- -------- 192.168.60.60 MPLS INIT DONE N/A 12/06/2003
19:01:49 0
RP/0/RSP0/CPU0:router# show rsvp graceful-restart neighbors detail
Neighbor: 192.168.60.60 Source: 10.51.51.51
(MPLS) Hello instance for application MPLS Hello State: INIT (for 3d23h)
Number of times communications with neighbor lost: 0 Reason: N/A Recovery
State: DONE Number of Interface neighbors: 1 address: 10.64.64.65 Restart
time: 0 seconds Recovery time: 0 seconds Restart timer: Not running Recovery
timer: Not running Hello interval: 5000 milliseconds Maximum allowed missed
Hello messages: 3
Step 7 show rsvp interface
Verifies the available RSVP bandwidth.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 85
Implementing RSVP for MPLS-TE
Verifying RSVP ConfigurationExample:
RP/0/RSP0/CPU0:router# show rsvp interface
Interface MaxBW MaxFlow Allocated MaxSub -----------
-------- -------- --------------- -------- Et0/0/0/0 0 0 0 ( 0%) 0 PO0/3/0/0
1000M 1000M 0 ( 0%) 0 PO0/3/0/1 1000M 1000M 0 ( 0%) 0 PO0/3/0/2 1000M 1000M
0 ( 0%) 0 PO0/3/0/3 1000M 1000M 1K ( 0%) 0
Step 8 show rsvp neighbor
Verifies the RSVP neighbors.
Example:
RP/0/RSP0/CPU0:router# show rsvp neighbor detail
Global Neighbor: 40.40.40.40 Interface Neighbor: 1.1.1.1
Interface: POS0/0/0/0 Refresh Reduction: "Enabled" or "Disabled". Remote
epoch: 0xXXXXXXXX Out of order messages: 0 Retransmitted messages: 0
Interface Neighbor: 2.2.2.2 Interface: POS0/1/0/0 Refresh Reduction:
"Enabled" or "Disabled". Remote epoch: 0xXXXXXXXX Out of order messages: 0
Retransmitted messages: 0
Related Topics
Overview of RSVP for MPLS-TE , on page 66
Enabling RSVP Traps
With the exception of the RSVP MIB traps, no action is required to activate the MIBs. This MIB feature is
automatically enabled when RSVP is turned on; however, RSVP traps must be enabled.
Perform this task to enable all RSVP MIB traps, NewFlow traps, and LostFlow traps.
SUMMARY STEPS
1. configure
2. snmp-server traps rsvp lost-flow
3. snmp-server traps rsvp new-flow
4. snmp-server traps rsvp all
5. Use one of these commands:
end
commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
86 OL-26056-02
Implementing RSVP for MPLS-TE
Enabling RSVP TrapsDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
snmp-server traps rsvp lost-flow Sends RSVP notifications to enable RSVP LostFlow traps.
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server
Step 2
traps rsvp lost-flow
snmp-server traps rsvp new-flow Sends RSVP notifications to enable RSVP NewFlow traps.
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server
Step 3
traps rsvp new-flow
snmp-server traps rsvp all Sends RSVP notifications to enable all RSVP MIB traps.
Example:
RP/0/RSP0/CPU0:router(config)# snmp-server
Step 4
traps rsvp all
Step 5 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 87
Implementing RSVP for MPLS-TE
Enabling RSVP TrapsCommand or Action Purpose
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
RSVP MIB, on page 70
Enable RSVP Traps: Example, on page 108
How to Implement RSVP Authentication
There are three types of RSVP authentication modesglobal, interface, and neighbor. These topics describe
how to implement RSVP authentication for each mode:
Configuring Global Configuration Mode RSVP Authentication
These tasks describe how to configure RSVP authentication in global configuration mode:
Enabling RSVP Authentication Using the Keychain in Global Configuration Mode
Perform this task to enable RSVP authentication for cryptographic authentication by specifying the keychain
in global configuration mode.
You must configure a keychain before completing this task (see Cisco ASR 9000 Series Aggregation
Services Router System Security Configuration Guide ).
Note
SUMMARY STEPS
1. configure
2. rsvp authentication
3. key-source key-chain key-chain-name
4. Use one of the following commands:
end
commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
88 OL-26056-02
Implementing RSVP for MPLS-TE
How to Implement RSVP AuthenticationDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
rsvp authentication Enters RSVP authentication configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp
Step 2
authentication
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
Specifies the source of the key information to authenticate RSVP
signaling messages.
key-source key-chain key-chain-name
Example:
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
Step 3
key-chain-name
Name of the keychain. The maximum number of charactersis 32.
key-source key-chain mpls-keys
Step 4 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
or the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 89
Implementing RSVP for MPLS-TE
Configuring Global Configuration Mode RSVP AuthenticationRelated Topics
Key-source Key-chain, on page 74
RSVP Authentication Global Configuration Mode: Example, on page 108
Configuring a Lifetime for RSVP Authentication in Global Configuration Mode
Perform this task to configure a lifetime value for RSVP authentication in global configuration mode.
SUMMARY STEPS
1. configure
2. rsvp authentication
3. life-time seconds
4. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
rsvp authentication Enters RSVP authentication configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp
Step 2
authentication
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
Controls how long RSVP maintains security associations with other
trusted RSVP neighbors.
life-time seconds
Example:
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
Step 3
seconds
Length of time (in seconds) that RSVP maintains idle security
associations with other trusted RSVP neighbors. Range is from
30 to 86400. The default value is 1800.
life-time 2000
Step 4 Use one of the following commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
90 OL-26056-02
Implementing RSVP for MPLS-TE
Configuring Global Configuration Mode RSVP AuthenticationCommand or Action Purpose
When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
end
commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Related Topics
Global, Interface, and Neighbor Authentication Modes, on page 72
RSVP Authentication Global Configuration Mode: Example, on page 108
Configuring the Window Size for RSVP Authentication in Global Configuration Mode
Perform this task to configure the window size for RSVP authentication in global configuration mode.
SUMMARY STEPS
1. configure
2. rsvp authentication
3. window-size N
4. Use one of the following commands:
end
commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 91
Implementing RSVP for MPLS-TE
Configuring Global Configuration Mode RSVP AuthenticationDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
rsvp authentication Enters RSVP authentication configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp
Step 2
authentication
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
Specifies the maximum number of RSVP authenticated messages that
can be received out-of-sequence.
window-size N
Example:
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
Step 3
N
Size of the window to restrict out-of-sequence messages. The
range is from 1 to 64. The default value is 1, in which case all
out-of-sequence messages are dropped.
window-size 33
Step 4 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
or the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-rsvp-auth)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
92 OL-26056-02
Implementing RSVP for MPLS-TE
Configuring Global Configuration Mode RSVP AuthenticationRelated Topics
Guidelines for Window-Size and Out-of-Sequence Messages, on page 75
RSVP Authentication by Using All the Modes: Example, on page 110
RSVP Authentication for an Interface: Example, on page 109
Configuring an Interface for RSVP Authentication
These tasks describe how to configure an interface for RSVP authentication:
Specifying the RSVP Authentication Keychain in Interface Mode
Perform this task to specify RSVP authentication keychain in interface mode.
You must configure a keychain first (see Cisco ASR 9000 Series Aggregation Services Router System Security
Configuration Guide ).
SUMMARY STEPS
1. configure
2. rsvp interface type interface-path-id
3. authentication
4. key-source key-chain key-chain-name
5. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
rsvp interface type interface-path-id Enters RSVP interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp
Step 2
interface POS 0/2/1/0
RP/0/RSP0/CPU0:router(config-rsvp-if)#
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 93
Implementing RSVP for MPLS-TE
Configuring an Interface for RSVP AuthenticationCommand or Action Purpose
authentication Enters RSVP authentication configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if)#
Step 3
authentication
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
Specifies the source of the key information to authenticate RSVP
signaling messages.
key-source key-chain key-chain-name
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
Step 4
key-chain-name
Name of the keychain. The maximum number of characters
is 32.
key-source key-chain mpls-keys
Step 5 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
or returns the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
Global, Interface, and Neighbor Authentication Modes, on page 72
RSVP Authentication by Using All the Modes: Example, on page 110
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
94 OL-26056-02
Implementing RSVP for MPLS-TE
Configuring an Interface for RSVP AuthenticationConfiguring a Lifetime for an Interface for RSVP Authentication
Perform this task to configure a lifetime for the security association for an interface.
SUMMARY STEPS
1. configure
2. rsvp interface type interface-path-id
3. authentication
4. life-time seconds
5. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
rsvp interface type interface-path-id Enters RSVP interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp
Step 2
interface POS 0/2/1/0
RP/0/RSP0/CPU0:router(config-rsvp-if)#
authentication Enters RSVP authentication configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if)#
Step 3
authentication
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
Controls how long RSVP maintains security associations with other
trusted RSVP neighbors.
life-time seconds
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
Step 4
seconds
Length of time (in seconds) that RSVP maintainsidle security
associations with other trusted RSVP neighbors. Range isfrom
30 to 86400. The default value is 1800.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 95
Implementing RSVP for MPLS-TE
Configuring an Interface for RSVP AuthenticationCommand or Action Purpose
life-time 2000
Step 5 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
or returns the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
RSVP Authentication Design, on page 71
RSVP Authentication by Using All the Modes: Example, on page 110
Configuring the Window Size for an Interface for RSVP Authentication
Perform this task to configure the window size for an interface for RSVP authentication to check the validity
of the sequence number received.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
96 OL-26056-02
Implementing RSVP for MPLS-TE
Configuring an Interface for RSVP AuthenticationSUMMARY STEPS
1. configure
2. rsvp interface type interface-path-d
3. authentication
4. window-size N
5. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
rsvp interface type interface-path-d Enters RSVP interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp
Step 2
interface POS 0/2/1/0
RP/0/RSP0/CPU0:router(config-rsvp-if)#
authentication Enters RSVP interface authentication configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if)#
Step 3
authentication
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
Specifies the maximum number of RSVP authenticated messages
that can be received out-of-sequence.
window-size N
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
Step 4
N
Size of the window to restrict out-of-sequence messages. The
range is from 1 to 64. The default value is 1, in which case all
out-of-sequence messages are dropped.
window-size 33
Step 5 Use one of the following commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 97
Implementing RSVP for MPLS-TE
Configuring an Interface for RSVP AuthenticationCommand or Action Purpose
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
end
commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-rsvp-if-auth)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
Guidelines for Window-Size and Out-of-Sequence Messages, on page 75
RSVP Authentication by Using All the Modes: Example, on page 110
RSVP Authentication for an Interface: Example, on page 109
Configuring RSVP Neighbor Authentication
These tasks describe how to configure the RSVP neighbor authentication:
Specifying the Keychain for RSVP Neighbor Authentication, on page 98
Configuring a Lifetime for RSVP Neighbor Authentication, on page 100
Configuring the Window Size for RSVP Neighbor Authentication, on page 102
Specifying the Keychain for RSVP Neighbor Authentication
Perform this task to specify the keychain RSVP neighbor authentication.
You must configure a keychain first (see Cisco ASR 9000 Series Aggregation Services Router System Security
Configuration Guide ).
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
98 OL-26056-02
Implementing RSVP for MPLS-TE
Configuring RSVP Neighbor AuthenticationSUMMARY STEPS
1. configure
2. rsvp neighbor IP-address authentication
3. key-source key-chain key-chain-name
4. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters neighbor authentication configuration mode. Use the rsvp
neighbor command to activate RSVP cryptographic authentication
for a neighbor.
rsvp neighbor IP-address authentication
Example:
RP/0/RSP0/CPU0:router(config)# rsvp neighbor
Step 2
IP address
1.1.1.1 authentication
IP address of the neighbor. A single IP address for a specific
neighbor; usually one of the neighbor's physical or logical
(loopback) interfaces.
RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)#
authentication
Configures the RSVP authentication parameters.
Specifies the source of the key information to authenticate RSVP
signaling messages.
key-source key-chain key-chain-name
Example:
RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)#
Step 3
key-chain-name
Name of the keychain. The maximum number of characters
is 32.
key-source key-chain mpls-keys
Step 4 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 99
Implementing RSVP for MPLS-TE
Configuring RSVP Neighbor AuthenticationCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
or
RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)#
commit ? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
Key-source Key-chain, on page 74
Security Association, on page 73
RSVP Neighbor Authentication: Example, on page 109
Configuring a Lifetime for RSVP Neighbor Authentication
Perform this task to configure a lifetime for security association for RSVP neighbor authentication mode.
SUMMARY STEPS
1. configure
2. rsvp neighbor IP-address authentication
3. life-time seconds
4. Use one of the following commands:
end
commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
100 OL-26056-02
Implementing RSVP for MPLS-TE
Configuring RSVP Neighbor AuthenticationDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters RSVP neighbor authentication configuration mode. Use the
rsvp neighbor command to specify a neighbor under RSVP.
rsvp neighbor IP-address authentication
Example:
RP/0/RSP0/CPU0:router(config)# rsvp neighbor
Step 2
IP address
IP address of the neighbor. A single IP address for a specific
neighbor; usually one of the neighbor's physical or logical
(loopback) interfaces.
1.1.1.1 authentication
RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)#
authentication
Configures the RSVP authentication parameters.
Controls how long RSVP maintains security associations with other
trusted RSVP neighbors. The argument specifies the
life-time seconds
Example:
RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)#
Step 3
seconds
Length of time (in seconds) that RSVP maintainsidle security
associations with other trusted RSVP neighbors. Range is
from 30 to 86400. The default value is 1800.
life-time 2000
Step 4 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
or returns the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 101
Implementing RSVP for MPLS-TE
Configuring RSVP Neighbor AuthenticationCommand or Action Purpose
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
Security Association, on page 73
RSVP Authentication Global Configuration Mode: Example, on page 108
Configuring the Window Size for RSVP Neighbor Authentication
Perform this task to configure the RSVP neighbor authentication window size to check the validity of the
sequence number received.
SUMMARY STEPS
1. configure
2. rsvp neighbor IP address authentication
3. window-size N
4. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters RSVP neighbor authentication configuration mode. Use the
rsvp neighbor command to specify a neighbor under RSVP.
rsvp neighbor IP address authentication
Example:
RP/0/RSP0/CPU0:router(config)# rsvp neighbor
Step 2
IP address
IP address of the neighbor. A single IP address for a specific
neighbor; usually one of the neighbor's physical or logical
(loopback) interfaces.
1.1.1.1 authentication
RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)#
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
102 OL-26056-02
Implementing RSVP for MPLS-TE
Configuring RSVP Neighbor AuthenticationCommand or Action Purpose
authentication
Configures the RSVP authentication parameters.
Specifies the maximum number of RSVP authenticated messages
that is received out-of-sequence.
window-size N
Example:
RP/0/RSP0/CPU0:router(config-rsvp-nbor-auth)#
window-size 33
Step 3
N
Size of the window to restrict out-of-sequence messages. The
range is from 1 to 64. The default value is 1, in which case all
out-of-sequence messages are dropped.
Step 4 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
RP/0/RSP0/CPU0:router
(config-rsvp-nbor-auth)# end
or
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
RP/0/RSP0/CPU0:router configuration changes.
(config-rsvp-nbor-auth)# commit
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
Guidelines for Window-Size and Out-of-Sequence Messages, on page 75
RSVP Authentication by Using All the Modes: Example, on page 110
RSVP Authentication for an Interface: Example, on page 109
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 103
Implementing RSVP for MPLS-TE
Configuring RSVP Neighbor AuthenticationVerifying the Details of the RSVP Authentication
To display the security associations that RSVP has established with other RSVP neighbors, use the show rsvp
authentication command.
Eliminating Security Associations for RSVP Authentication
To eliminate RSVP authentication SAs, use the clear rsvp authentication command. To eliminate RSVP
counters for each SA, use the clear rsvp counters authentication command.
Configuration Examples for RSVP
Sample RSVP configurations are provided for some of the supported RSVP features.
Bandwidth Configuration (Prestandard): Example, on page 104
Bandwidth Configuration (MAM): Example, on page 104
Bandwidth Configuration (RDM): Example, on page 105
Refresh Reduction and Reliable Messaging Configuration: Examples, on page 105
Configure Graceful Restart: Examples, on page 106
Configure ACL-based Prefix Filtering: Example, on page 107
Set DSCP for RSVP Packets: Example, on page 107
Enable RSVP Traps: Example, on page 108
Bandwidth Configuration (Prestandard): Example
The example shows the configuration of bandwidth on an interface using prestandard DS-TE mode. The
example configures an interface for a reservable bandwidth of 7500, specifies the maximum bandwidth for
one flow to be 1000 and adds a sub-pool bandwidth of 2000.
rsvp interface pos 0/3/0/0
bandwidth 7500 1000 sub-pool 2000
Bandwidth Configuration (MAM): Example
The example shows the configuration of bandwidth on an interface using MAM. The example shows how to
limit the total of all RSVP reservations on POS interface 0/3/0/0 to 7500 kbps, and allows each single flow
to reserve no more than 1000 kbps.
rsvp interface pos 0/3/0/0
bandwidth mam 7500 1000
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
104 OL-26056-02
Implementing RSVP for MPLS-TE
Verifying the Details of the RSVP AuthenticationRelated Topics
Confirming DiffServ-TE Bandwidth, on page 76
Differentiated Services Traffic Engineering, on page 127
Bandwidth Configuration (RDM): Example
The example shows the configuration of bandwidth on an interface using RDM. The example shows how to
limit the total of all RSVP reservations on POS interface 0/3/0/0 to 7500 kbps, and allows each single flow
to reserve no more than 1000 kbps.
rsvp interface pos 0/3/0/0
bandwidth rdm 7500 1000
Related Topics
Confirming DiffServ-TE Bandwidth, on page 76
Differentiated Services Traffic Engineering, on page 127
Refresh Reduction and Reliable Messaging Configuration: Examples
Refresh reduction feature as defined by RFC 2961 issupported and enabled by default. The examplesillustrate
the configuration for the refresh reduction feature. Refresh reduction is used with a neighbor only if the
neighbor supports it also.
Refresh Interval and the Number of Refresh Messages Configuration: Example
The example shows how to configure the refresh interval to 30 seconds on POS 0/3/0/0 and how to change
the number of refresh messages the node can miss before cleaning up the state from the default value of 4 to
6.
rsvp interface pos 0/3/0/0
signalling refresh interval 30
signalling refresh missed 6
Retransmit Time Used in Reliable Messaging Configuration: Example
The example shows how to set the retransmit timer to 2 seconds. To prevent unnecessary retransmits, the
retransmit time value configured on the interface must be greater than the ACK hold time on its peer.
rsvp interface pos 0/4/0/1
signalling refresh reduction reliable retransmit-time 2000
Acknowledgement Times Configuration: Example
The example shows how to change the acknowledge hold time from the default value of 400 ms, to delay or
speed up sending of ACKs, and the maximum acknowledgment message size from default size of 4096 bytes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 105
Implementing RSVP for MPLS-TE
Bandwidth Configuration (RDM): ExampleThe example shows how to change the acknowledge hold time from the default value of 400 ms and how to
delay or speed up sending of ACKs. The maximum acknowledgment message default size is from 4096 bytes.
rsvp interface pos 0/4/0/1
signalling refresh reduction reliable ack-hold-time 1000
rsvp interface pos 0/4/0/1
signalling refresh reduction reliable ack-max-size 1000
Ensure retransmit time on the peers interface is at least twice the amount of the ACK hold time to prevent
unnecessary retransmissions.
Note
Summary Refresh Message Size Configuration: Example
The example shows how to set the summary refresh message maximum size to 1500 bytes.
rsvp interface pos 0/4/0/1
signalling refresh reduction summary max-size 1500
Disable Refresh Reduction: Example
If the peer node does notsupport refresh reduction, or for any other reason you want to disable refresh reduction
on an interface, the example shows how to disable refresh reduction on that interface.
rsvp interface pos 0/4/0/1
signalling refresh reduction disable
Configure Graceful Restart: Examples
RSVP graceful restart is configured globally or per interface (as are refresh-related parameters). These examples
show how to enable graceful restart, set the restart time, and change the hello message interval.
Enable Graceful Restart: Example
The example shows how to enable the RSVP graceful restart by default. If disabled, enable it with the following
command.
rsvp signalling graceful-restart
Related Topics
Enabling Graceful Restart, on page 78
Graceful Restart: Standard and Interface-Based, on page 68
Enable Interface-Based Graceful Restart: Example
The example shows how to enable the RSVP graceful restart feature on an interface.
signalling hello graceful-restart interface-based
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
106 OL-26056-02
Implementing RSVP for MPLS-TE
Configure Graceful Restart: ExamplesRelated Topics
Enabling Graceful Restart, on page 78
Graceful Restart: Standard and Interface-Based, on page 68
Change the Restart-Time: Example
The example shows how to change the restart time that is advertised in hello messages sent to neighbor nodes.
rsvp signalling graceful-restart restart-time 200
Change the Hello Interval: Example
The example shows how to change the interval at which RSVP graceful restart hello messages are sent per
neighbor, and change the number of hellos missed before the neighbor is declared down.
rsvp signalling hello graceful-restart refresh interval 4000
rsvp signalling hello graceful-restart refresh misses 4
Configure ACL-based Prefix Filtering: Example
The example shows when RSVP receives a Router Alert (RA) packet from source address 1.1.1.1 and 1.1.1.1
is not a local address. The packet is forwarded with IP TTL decremented. Packets destined to 2.2.2.2 are
dropped. All other RA packets are processed as normal RSVP packets.
show run ipv4 access-list
ipv4 access-list rsvpacl
10 permit ip host 1.1.1.1 any
20 deny ip any host 2.2.2.2
!
show run rsvp
rsvp
signalling prefix-filtering access-list rsvpacl
!
Related Topics
Configuring ACLs for Prefix Filtering, on page 80
ACL-based Prefix Filtering, on page 70
Set DSCP for RSVP Packets: Example
The configuration example setsthe Differentiated Services Code Point (DSCP) field in the IP header of RSVP
packets.
rsvp interface pos0/2/0/1
signalling dscp 20
Related Topics
Configuring RSVP Packet Dropping, on page 81
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 107
Implementing RSVP for MPLS-TE
Configure ACL-based Prefix Filtering: ExampleOverview of RSVP for MPLS-TE , on page 66
Enable RSVP Traps: Example
The example enables the router to send all RSVP traps:
configure
snmp-server traps rsvp all
The example enables the router to send RSVP LostFlow traps:
configure
snmp-server traps rsvp lost-flow
The example enables the router to send RSVP RSVP NewFlow traps:
configure
snmp-server traps rsvp new-flow
Related Topics
Enabling RSVP Traps, on page 86
RSVP MIB, on page 70
Configuration Examples for RSVP Authentication
These configuration examples are used for RSVP authentication:
RSVP Authentication Global Configuration Mode: Example, on page 108
RSVP Authentication for an Interface: Example, on page 109
RSVP Neighbor Authentication: Example, on page 109
RSVP Authentication by Using All the Modes: Example, on page 110
RSVP Authentication Global Configuration Mode: Example
The configuration example enables authentication of all RSVP messages and increases the default lifetime of
the SAs.
rsvp
authentication
key-source key-chain default_keys
life-time 3600
!
!
Note The specified keychain (default_keys) must exist and contain valid keys, or signaling will fail.
Related Topics
Enabling RSVP Authentication Using the Keychain in Global Configuration Mode, on page 88
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
108 OL-26056-02
Implementing RSVP for MPLS-TE
Enable RSVP Traps: ExampleKey-source Key-chain, on page 74
Configuring a Lifetime for RSVP Authentication in Global Configuration Mode, on page 90
Global, Interface, and Neighbor Authentication Modes, on page 72
Configuring a Lifetime for RSVP Neighbor Authentication, on page 100
Security Association, on page 73
RSVP Authentication for an Interface: Example
The configuration example enables authentication of all RSVP messages that are being sent or received on
one interface only, and sets the window-size of the SAs.
rsvp
interface GigabitEthernet0/6/0/0
authentication
window-size 64
!
!
Because the key-source keychain configuration is not specified, the global authentication mode keychain
is used and inherited. The global keychain must exist and contain valid keys or signaling fails.
Note
Related Topics
Configuring the Window Size for RSVP Authentication in Global Configuration Mode, on page 91
Configuring the Window Size for an Interface for RSVP Authentication, on page 96
Configuring the Window Size for RSVP Neighbor Authentication, on page 102
Guidelines for Window-Size and Out-of-Sequence Messages, on page 75
RSVP Neighbor Authentication: Example
The configuration example enables authentication of all RSVP messages that are being sent to and received
from only a particular IP address.
rsvp
neighbor 10.0.0.1
authentication
key-source key-chain nbr_keys
!
!
!
Related Topics
Specifying the Keychain for RSVP Neighbor Authentication, on page 98
Key-source Key-chain, on page 74
Security Association, on page 73
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 109
Implementing RSVP for MPLS-TE
RSVP Authentication for an Interface: ExampleRSVP Authentication by Using All the Modes: Example
The configuration example shows how to perform the following functions:
Authenticates all RSVP messages.
Authenticates the RSVP messages to or from 10.0.0.1 by setting the keychain for the key-source
key-chain command to nbr_keys, SA lifetime is set to 3600, and the default window-size is set to 1.
Authenticates the RSVP messages not to or from 10.0.0.1 by setting the keychain for the key-source
key-chain command to default_keys, SA lifetime is set to 3600, and the window-size is set 64 when
using GigabitEthernet0/6/0/0; otherwise, the default value of 1 is used.
rsvp
interface GigabitEthernet0/6/0/0
authentication
window-size 64
!
!
neighbor 10.0.0.1
authentication
key-source key-chain nbr_keys
!
!
authentication
key-source key-chain default_keys
life-time 3600
!
!
If a keychain does not exist or contain valid keys, this is considered a configuration error because signaling
fails. However, this can be intended to preventsignaling. For example, when using the above configuration,
if the nbr_keys does not contain valid keys, all signaling with 10.0.0.1 fails.
Note
Related Topics
Configuring the Window Size for RSVP Authentication in Global Configuration Mode, on page 91
Configuring the Window Size for an Interface for RSVP Authentication, on page 96
Configuring the Window Size for RSVP Neighbor Authentication, on page 102
Guidelines for Window-Size and Out-of-Sequence Messages, on page 75
Specifying the RSVP Authentication Keychain in Interface Mode, on page 93
Global, Interface, and Neighbor Authentication Modes, on page 72
Configuring a Lifetime for an Interface for RSVP Authentication, on page 95
RSVP Authentication Design, on page 71
Additional References
These references are related to implementing MPLS RSVP:
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
110 OL-26056-02
Implementing RSVP for MPLS-TE
RSVP Authentication by Using All the Modes: ExampleRelated Documents
Related Topic Document Title
RSVP Infrastructure Commands on Cisco ASR 9000
Series Router module in Cisco ASR 9000 Series
Aggregation Services Router MPLS Command
Reference
Cisco IOS XR MPLS RSVP commands
Cisco ASR 9000 Series Aggregation Services Router
Getting Started Guide
Getting started material
Configuring AAA Services on Cisco ASR 9000 Series
Router module in
Information about user groups and task IDs
Standards
Standard Title
No new or modified standards are supported by this
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the Cisco
Access Products menu:
http://cisco.com/public/sw-center/netmgmt/cmtk/
mibs.shtml
RFCs
RFCs Title
Resource Reservation Protocol Version 1 Functional
Specification
RFC 2205
RFC 2206 RSVP Management Information Base using SMIv2
RFC 2747 RSVP Cryptographic Authentication
RFC 2961 RSVP Refresh Overhead Reduction Extensions
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 111
Implementing RSVP for MPLS-TE
Additional ReferencesRFCs Title
RFC 3209 RSVP-TE: Extensions to RSVP for LSP Tunnels
RFC 3473 Generalized MPLS Signaling, RSVP-TE Extensions
RFC 4090 Fast Reroute Extensionsto RSVP-TE for LSP Tunnels
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
112 OL-26056-02
Implementing RSVP for MPLS-TE
Additional ReferencesC H A P T E R 3
Implementing MPLS Forwarding
This module describes how to implement MPLS Forwarding on Cisco ASR 9000 Series Aggregation Services
Routers.
All Multiprotocol Label Switching (MPLS) features require a core set of MPLS label management and
forwarding services; the MPLS Forwarding Infrastructure (MFI) supplies these services.
Feature History for Implementing MPLS-TE
Release Modification
Release 3.7.2 This feature was introduced.
Prerequisites for Implementing Cisco MPLS Forwarding, page 113
Restrictions for Implementing Cisco MPLS Forwarding, page 113
Information About Implementing MPLS Forwarding, page 114
Additional References, page 116
Prerequisites for Implementing Cisco MPLS Forwarding
These prerequisites are required to implement MPLS Forwarding:
You must be in a user group associated with a task group that includesthe proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
Router that runs Cisco IOS XR software.
Installed composite mini-image and the MPLS package, or a full composite image.
Restrictions for Implementing Cisco MPLS Forwarding
Label switching on a Cisco router requires that Cisco Express Forwarding (CEF) be enabled.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 113 CEF is mandatory for Cisco IOS XR software and it does not need to be enabled explicitly.
Information About Implementing MPLS Forwarding
To implement MPLS Forwarding, you should understand these concepts:
MPLS Forwarding Overview
MPLS combines the performance and capabilities of Layer 2 (data link layer) switching with the proven
scalability of Layer 3 (network layer) routing. MPLS enables service providers to meet the challenges of
growth in network utilization while providing the opportunity to differentiate services without sacrificing the
existing network infrastructure. The MPLS architecture is flexible and can be employed in any combination
of Layer 2 technologies. MPLS support is offered for all Layer 3 protocols, and scaling is possible well beyond
that typically offered in todays networks.
Based on routing information that is stored in the VRF IP routing table and VRF CEF table, packets are
forwarded to their destination using MPLS.
A PE router binds a label to each customer prefix learned from a CE router and includes the label in the
network reachability information for the prefix that it advertisesto other PE routers. When a PE router forwards
a packet received from a CE router across the provider network, it labels the packet with the label learned
from the destination PE router. When the destination PE router receives the labeled packet it pops the label
and uses it to direct the packet to the correct CE router. Label forwarding across the provider backbone, is
based on either dynamic label switching or traffic engineered paths. A customer data packet carries two levels
of labels when traversing the backbone:
Top label directs the packet to the correct PE router
Second label indicates how that PE router should forward the packet to the CE router
Label Switching Functions
In conventional Layer 3 forwarding mechanisms, as a packet traverses the network, each router extracts all
the information relevant to forwarding the packet from the Layer 3 header. This information is then used as
an index for a routing table lookup to determine the next hop for the packet.
In the most common case, the only relevant field in the header is the destination address field, but in some
cases, other header fields might also be relevant. As a result, the header analysis must be done independently
at each router through which the packet passes. In addition, a complicated table lookup must also be done at
each router.
In label switching, the analysis of the Layer 3 header is done only once. The Layer 3 header is then mapped
into a fixed-length, unstructured value called a label.
Many different headers can map to the same label, as long as those headers always result in the same choice
of next hop. In effect, a label represents a forwarding equivalence classthat is, a set of packets which,
however different they may be, are indistinguishable by the forwarding function.
The initial choice of a label need not be based exclusively on the contents of the Layer 3 packet header; for
example, forwarding decisions at subsequent hops can also be based on routing policy.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
114 OL-26056-02
Implementing MPLS Forwarding
Information About Implementing MPLS ForwardingOnce a label is assigned, a short label header is added at the front of the Layer 3 packet. This header is carried
across the network as part of the packet. At subsequent hops through each MPLS router in the network, labels
are swapped and forwarding decisions are made by means of MPLS forwarding table lookup for the label
carried in the packet header. Hence, the packet header does not need to be reevaluated during packet transit
through the network. Because the label is of fixed length and unstructured, the MPLS forwarding table lookup
process is both straightforward and fast.
Distribution of Label Bindings
Each labelswitching router (LSR) in the network makes an independent, local decision asto which label value
to use to represent a forwarding equivalence class. This association is known as a label binding.
Note The distribution of label bindings cannot be done statically for the Layer 2 VPN pseudowire.
Each LSR informs its neighbors of the label bindings it has made. This awareness of label bindings by
neighboring routers is facilitated by these protocols:
Label Distribution Protocol (LDP)
Supports MPLS forwarding along normally routed paths.
Resource Reservation Protocol (RSVP)
Supports MPLS traffic engineering.
Border Gateway Protocol (BGP)
Supports MPLS virtual private networks (VPNs).
When a labeled packet is sent from LSR A to the neighboring LSR B, the label value carried by the IP packet
is the label value that LSR B assigned to represent the forwarding equivalence class of the packet. Thus, the
label value changes as the IP packet traverses the network.
MFI Control-Plane Services
The MFI control-plane provides services to MPLS applications, such as Label Distribution Protocol (LDP)
and Traffic Engineering (TE), that include enabling and disabling MPLS on an interface, local label allocation,
MPLS rewrite setup (including backup links), management of MPLS label tables, and the interaction with
other forwarding paths (IP Version 4 [IPv4] for example) to set up imposition and disposition.
MFI Data-Plane Services
The MFI data-plane provides a software implementation of MPLS forwarding in all of these forms:
Imposition
Disposition
Label swapping
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 115
Implementing MPLS Forwarding
Distribution of Label BindingsMPLS Maximum Transmission Unit
MPLS maximum transmission unit (MTU) indicates that the maximum size of the IP packet can still be sent
on a data link, without fragmenting the packet. In addition, data linksin MPLS networks have a specific MTU,
but for labeled packets. All IPv4 packets have one or more labels. This does imply that the labeled packets
are slightly bigger than the IP packets, because for every label, four bytes are added to the packet. So, if n is
the number of labels, n * 4 bytes are added to the size of the packet when the packet is labeled. The MPLS
MTU parameter pertains to labeled packets.
Additional References
For additional information related to implementing MPLS Forwarding, refer to the following references:
Related Documents
Related Topic Document Title
MPLS Forwarding Commands on Cisco ASR 9000
Series Router module in Cisco ASR 9000 Series
Aggregation Services Routers MPLS Command
Reference
MPLS Forwarding commands
Cisco ASR 9000 Series Aggregation Services Routers
Getting Started Guide
Getting started material
Standards
Standards Title
No new or modified standards are supported by this
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the Cisco
Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
116 OL-26056-02
Implementing MPLS Forwarding
MPLS Maximum Transmission UnitRFCs
RFCs Title
RFC 3031 Multiprotocol Label Switching Architecture
Time to Live (TTL) Processing in Multi-Protocol
Label Switching (MPLS) Networks
RFC 3443
Requirements for Inter-Area MPLS Traffic
Engineering
RFC 4105
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 117
Implementing MPLS Forwarding
Additional References Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
118 OL-26056-02
Implementing MPLS Forwarding
Additional ReferencesC H A P T E R 4
Implementing MPLS Traffic Engineering
This module describes how to implement MPLS Traffic Engineering on Cisco ASR 9000 Series Router.
Multiprotocol Label Switching (MPLS) is a standards-based solution driven by the Internet Engineering
Task Force (IETF) that was devised to convert the Internet and IP backbones from best-effort networks into
business-class transport mediums.
MPLS, with its label switching capabilities, eliminates the need for an IP route look-up and creates a virtual
circuit (VC)switching function, allowing enterprisesthe same performance on their IP-based network services
as with those delivered over traditional networks such as Frame Relay or Asynchronous Transfer Mode
(ATM).
MPLS traffic engineering (MPLS-TE) software enables an MPLS backbone to replicate and expand upon
the TE capabilities of Layer 2 ATM and Frame Relay networks. MPLS is an integration of Layer 2 and Layer
3 technologies. By making traditional Layer 2 features available to Layer 3, MPLS enablestraffic engineering.
Thus, you can offer in a one-tier network what now can be achieved only by overlaying a Layer 3 network
on a Layer 2 network.
Feature History for Implementing MPLS-TE
Release Modification
Release 3.7.2 This feature was introduced.
The MPLS Traffic Engineering (TE): Path Protection feature
was added.
Release 3.9.0
Release 3.9.1 The MPLS-TE automatic bandwidth feature is supported.
Support was added for the following features:
AutoTunnel Backup
MPLS-TE Automatic Bandwidth
SRLG (Shared Risk Link Groups)
Release 4.0.0
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 119Release Modification
Support was added for the following features:
Ignore Intermediate System-to-Intermediate System
Overload Bit Setting in MPLS-TE
Point-to-Multipoint Traffic-Engineering
Release 4.1.0
Release 4.1.1 The Auto-Tunnel Mesh feature was added.
Support was added for the following features:
Soft-Preemption
Path Option Attributes
Release 4.2.0
The Auto-Tunnel Attribute-set feature was added for auto-backup
tunnels.
Release 4.2.1
Prerequisites for Implementing Cisco MPLS Traffic Engineering, page 120
Restrictions for Implementing Cisco MPLS Traffic Engineering, page 120
Information About Implementing MPLS Traffic Engineering, page 121
How to Implement Traffic Engineering, page 155
Configuration Examples for Cisco MPLS-TE, page 260
Additional References, page 283
Prerequisites for Implementing Cisco MPLS Traffic Engineering
These prerequisites are required to implement MPLS TE:
You must be in a user group associated with a task group that includesthe proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
Router that runs Cisco IOS XR software .
Installed composite mini-image and the MPLS package, or a full composite image.
IGP activated.
Restrictions for Implementing Cisco MPLS Traffic Engineering
In addition to the MPLS-TE Fast Reroute feature supporting the GigabitEthernet and TenGigE line cards, this
current release also supports the 8-port OC-12 SPA, 2-port OC-48 SPA, 1-port OC-192 SPA, along with the
Cisco ASR 9000 Series SPA Interface Processor-700. This feature is also supported on the main interfaces
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
120 OL-26056-02
Implementing MPLS Traffic Engineering
Prerequisites for Implementing Cisco MPLS Traffic Engineeringon the SPA line cards, not on sub-interfaces. There is no support for the MPLS-TE Fast Reroute feature on
the 2-port channelized OC-12 SPA or on the 1-port channelized OC-48 SPA.
Information About Implementing MPLS Traffic Engineering
To implement MPLS-TE, you should understand these concepts:
Overview of MPLS Traffic Engineering
MPLS-TE software enables an MPLS backbone to replicate and expand upon the traffic engineering capabilities
of Layer 2 ATM and Frame Relay networks. MPLS is an integration of Layer 2 and Layer 3 technologies.
By making traditional Layer 2 features available to Layer 3, MPLS enables traffic engineering. Thus, you can
offer in a one-tier network what now can be achieved only by overlaying a Layer 3 network on a Layer 2
network.
MPLS-TE is essential for service provider and Internet service provider (ISP) backbones. Such backbones
must support a high use of transmission capacity, and the networks must be very resilient so that they can
withstand link or node failures. MPLS-TE provides an integrated approach to traffic engineering.With MPLS,
traffic engineering capabilities are integrated into Layer 3, which optimizes the routing of IP traffic, given
the constraints imposed by backbone capacity and topology.
Related Topics
Configuring Forwarding over the MPLS-TE Tunnel, on page 161
Benefits of MPLS Traffic Engineering
MPLS-TE enables ISPs to route network traffic to offer the best service to their users in terms of throughput
and delay. By making the service provider more efficient, traffic engineering reduces the cost of the network.
Currently, some ISPs base their services on an overlay model. In the overlay model, transmission facilities
are managed by Layer 2 switching. The routers see only a fully meshed virtual topology, making most
destinations appear one hop away. If you use the explicit Layer 2 transit layer, you can precisely control how
traffic uses available bandwidth. However, the overlay model has numerous disadvantages. MPLS-TE achieves
the TE benefits of the overlay model without running a separate network and without a non-scalable, full
mesh of router interconnects.
How MPLS-TE Works
MPLS-TE automatically establishes and maintains label switched paths (LSPs) across the backbone by using
RSVP. The path that an LSP uses is determined by the LSP resource requirements and network resources,
such as bandwidth. Available resources are flooded by means of extensions to a link-state-based Interior
Gateway Protocol (IGP).
MPLS-TE tunnels are calculated at the LSP headend router, based on a fit between the required and available
resources (constraint-based routing). The IGP automatically routes the traffic to these LSPs.
Typically, a packet crossing the MPLS-TE backbone travels on a single LSP that connects the ingress point
to the egress point. MPLS-TE is built on these mechanisms:
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 121
Implementing MPLS Traffic Engineering
Information About Implementing MPLS Traffic EngineeringTunnel interfaces
From a Layer 2 standpoint, an MPLS tunnel interface represents the headend of an LSP. It is configured
with a set of resource requirements, such as bandwidth and media requirements, and priority. From a
Layer 3 standpoint, an LSP tunnel interface is the headend of a unidirectional virtual link to the tunnel
destination.
MPLS-TE path calculation module
This calculation module operates at the LSP headend. The module determines a path to use for an LSP.
The path calculation uses a link-state database containing flooded topology and resource information.
RSVP with TE extensions
RSVP operates at each LSP hop and is used to signal and maintain LSPs based on the calculated path.
MPLS-TE link management module
This module operates at each LSP hop, performs link call admission on the RSVP signaling messages,
and performs bookkeeping on topology and resource information to be flooded.
Link-state IGP (Intermediate System-to-Intermediate System [IS-IS] or Open Shortest Path First
[OSPF]each with traffic engineering extensions)
These IGPs are used to globally flood topology and resource information from the link management
module.
Enhancements to the shortest path first (SPF) calculation used by the link-state IGP (IS-IS or OSPF)
The IGP automatically routes traffic to the appropriate LSP tunnel, based on tunnel destination. Static
routes can also be used to direct traffic to LSP tunnels.
Label switching forwarding
This forwarding mechanism provides routers with a Layer 2-like ability to direct traffic across multiple
hops of the LSP established by RSVP signaling.
One approach to engineering a backbone is to define a mesh of tunnels from every ingress device to every
egress device. The MPLS-TE path calculation and signaling modules determine the path taken by the LSPs
for these tunnels, subject to resource availability and the dynamic state of the network.
The IGP (operating at an ingress device) determines which traffic should go to which egress device, and steers
that traffic into the tunnel from ingress to egress. A flow from an ingress device to an egress device might be
so large that it cannot fit over a single link, so it cannot be carried by a single tunnel. In this case, multiple
tunnels between a given ingress and egress can be configured, and the flow is distributed using load sharing
among the tunnels.
Related Topics
Building MPLS-TE Topology, on page 155
Creating an MPLS-TE Tunnel, on page 158
Build MPLS-TE Topology and Tunnels: Example, on page 260
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
122 OL-26056-02
Implementing MPLS Traffic Engineering
Overview of MPLS Traffic EngineeringMPLS Traffic Engineering
Multiprotocol Label Switching (MPLS) is an Internet Engineering Task Force (IETF)-specified framework
that provides efficient designation, routing, forwarding, and switching of traffic flows through the network.
TE is the process of adjusting bandwidth allocations to ensure that enough bandwidth is available for
high-priority traffic.
In MPLS TE, the upstream router creates a network tunnel for a particular traffic stream and setsthe bandwidth
available for that tunnel.
Backup AutoTunnels
The MPLS Traffic Engineering AutoTunnel Backup feature enables a router to dynamically build backup
tunnels on the interfacesthat are configured with MPLS TE tunnels. Thisfeature enables a router to dynamically
build backup tunnels when they are needed. This prevents you from having to build MPLS TE tunnelsstatically.
The MPLS Traffic Engineering (TE)AutoTunnel Backup feature has these benefits:
Backup tunnels are built automatically, eliminating the need for usersto preconfigure each backup tunnel
and then assign the backup tunnel to the protected interface.
Protection is expandedFRR does not protect IP traffic that is not using the TE tunnel or Label
Distribution Protocol (LDP) labels that are not using the TE tunnel.
This feature protects against these failures:
P2P Tunnel NHOP protectionProtects against link failure for the associated P2P protected tunnel
P2P Tunnel NNHOP protectionProtects against node failure for the associated P2P protected tunnel
P2MP Tunnel NHOP protectionProtects against link failure for the associated P2MP protected
tunnel
Related Topics
Enabling an AutoTunnel Backup, on page 169
Removing an AutoTunnel Backup, on page 170
Establishing MPLS Backup AutoTunnels to Protect Fast Reroutable TE LSPs, on page 172
Establishing Next-Hop Tunnels with Link Protection, on page 174
Configure the MPLS-TE Auto-Tunnel Backup: Example, on page 269
AutoTunnel Attribute-set
This feature supports auto-tunnels configuration using attribute templates, known as attribute-set. The TE
attribute-set template that specifies a set of TE tunnel attributes, is locally configured at the head-end of
auto-tunnels. The control plane triggers the automatic provisioning of a corresponding TE tunnel, whose
characteristics are specified in the respective attribute-set.
Currently, auto-tunnel backups are created with the default values of all tunnel attributes. To support
configurable attributes for auto-tunnel backup, it is required to configure attribute-set and assign it to the
backup tunnels. The attribute-set consists of a set of tunnel attributes such as priority, affinity, signaled
bandwidth, logging, policy-class, record-route and so on.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 123
Implementing MPLS Traffic Engineering
MPLS Traffic EngineeringThe following rules (consistent across all auto-tunnels) apply while configuring the attribute-set:
If no attribute-set template is defined, the auto-tunnels is created using default attribute values.
If an attribute-set is defined and the attribute-set template is already configured, the auto-tunnel is created
using the attributes specified in the associated attribute-set.
If an attribute-set is assigned, but it is not defined or configured, auto-tunnel is not created.
Any number of attribute-sets can be configured with same attribute settings.
Empty tunnel attribute implies all parameters have default values.
When specific attribute is not specified in the attribute-set, a default value for that attribute is used.
Link Protection
The backup tunnels that bypass only a single link of the LSP path provide link protection. They protect LSPs,
if a link along their path fails, by rerouting the LSP traffic to the next hop, thereby bypassing the failed link.
These are referred to as NHOP backup tunnels because they terminate at the LSP's next hop beyond the point
of failure.
This figure illustrates link protection.
Figure 10: Link Protection
Node Protection
The backup tunnels that bypass next-hop nodes along LSP paths are called NNHOP backup tunnels because
they terminate at the node following the next-hop node of the LSPs, thereby bypassing the next-hop node.
They protect LSPs by enabling the node upstream of a link or node failure to reroute the LSPs and their traffic
around a node failure to the next-hop node. NNHOP backup tunnels also provide protection from link failures
because they bypass the failed link and the node.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
124 OL-26056-02
Implementing MPLS Traffic Engineering
MPLS Traffic EngineeringThis figure illustrates node protection.
Figure 11: Node Protection
Backup AutoTunnel Assignment
At the head or mid points of a tunnel, the backup assignment finds an appropriate backup to protect a given
primary tunnel for FRR protection.
The backup assignment logic is performed differently based on the type of backup configured on the output
interface used by the primary tunnel. Configured backup types are:
Static Backup
AutoTunnel Backup
No Backup (In this case no backup assignment is performed and the tunnels is unprotected.)
Static backup and Backup AutoTunnel cannot exist together on the same interface or
link.
Note
Node protection is always preferred over link protection in the Backup AutoTunnel
assignment.
Note
In order that the Backup AutoTunnel feature operatessuccessfully, the following configuration must be applied
at global configuration level:
ipv4 unnumbered mpls traffic-eng Loopback 0
Note The Loopback 0 is used as router ID.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 125
Implementing MPLS Traffic Engineering
MPLS Traffic EngineeringExplicit Paths
Explicit paths are used to create backup autotunnels as follows:
For NHOP Backup Autotunnels:
NHOP excludes the protected link's local IP address.
NHOP excludes the protected links remote IP address.
The explicit-path name is _autob_nhop_tunnelxxx, where xxx matches the dynamically created backup
tunnel ID.
For NNHOP Backup Autotunnels:
NNHOP excludes the protected links local IP address.
NNHOP excludes the protected links remote IP address (link address on next hop).
NNHOP excludes the NHOP router ID of the protected primary tunnel next hop.
The explicit-path name is _autob_nnhop_tunnelxxx, where xxx matchesthe dynamically created backup
tunnel ID.
Periodic Backup Promotion
The periodic backup promotion attemptsto find and assign a better backup for primary tunnelsthat are already
protected.
With AutoTunnel Backup, the only scenario where two backups can protect the same primary tunnel is when
both an NHOP and NNHOP AutoTunnel Backups get created. The backup assignment takes place as soon as
the NHOP and NNHOP backup tunnels come up. So, there is no need to wait for the periodic promotion.
Although there is no exception for AutoTunnel Backups, periodic backup promotion has no impact on primary
tunnels protected by AutoTunnel Backup.
One exception is when a manual promotion is triggered by the user using the mpls traffic-eng fast-reroute
timers promotion command, where backup assignment or promotion istriggered on all FRR protected primary
tunnels--even unprotected ones. This may trigger the immediate creation of some AutoTunnel Backup, if the
command is entered within the time window when a required AutoTunnel Backup has not been yet created.
You can configure the periodic promotion timer using the global configuration mpls traffic-eng fast-reroute
timers promotion sec command. The range is 0 to 604800 seconds.
Note A value of 0 for the periodic promotion timer disables the periodic promotion.
Protocol-Based CLI
Cisco IOS XR software provides a protocol-based command line interface. The CLI provides commands that
can be used with the multiple IGP protocols supported by MPLS-TE.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
126 OL-26056-02
Implementing MPLS Traffic Engineering
Protocol-Based CLIDifferentiated Services Traffic Engineering
MPLS Differentiated Services (Diff-Serv) Aware Traffic Engineering (DS-TE) is an extension of the regular
MPLS-TE feature. Regular traffic engineering does not provide bandwidth guarantees to different traffic
classes. A single bandwidth constraint is used in regular TE that is shared by all traffic. To support various
classes of service (CoS), users can configure multiple bandwidth constraints. These bandwidth constraints
can be treated differently based on the requirement for the traffic class using that constraint.
MPLS DS-TE providesthe ability to configure multiple bandwidth constraints on an MPLS-enabled interface.
Available bandwidths from all configured bandwidth constraints are advertised using IGP. TE tunnel is
configured with bandwidth value and class-type requirements. Path calculation and admission control take
the bandwidth and class-type into consideration. RSVP is used to signal the TE tunnel with bandwidth and
class-type requirements.
MPLS DS-TE is deployed with either Russian Doll Model (RDM) or Maximum Allocation Model (MAM)
for bandwidth calculations.
Cisco IOS XR software supports two DS-TE modes: Prestandard and IETF.
Related Topics
Confirming DiffServ-TE Bandwidth, on page 76
Bandwidth Configuration (MAM): Example, on page 104
Bandwidth Configuration (RDM): Example, on page 105
Prestandard DS-TE Mode
Prestandard DS-TE uses the Cisco proprietary mechanisms for RSVP signaling and IGP advertisements. This
DS-TE mode does not interoperate with third-party vendor equipment. Note that prestandard DS-TE is enabled
only after configuring the sub-pool bandwidth values on MPLS-enabled interfaces.
Prestandard Diff-Serve TE mode supports a single bandwidth constraint model a Russian Doll Model (RDM)
with two bandwidth pools: global-pool and sub-pool.
TE class map is not used with Prestandard DS-TE mode.
Related Topics
Configuring a Prestandard DS-TE Tunnel, on page 176
Configure IETF DS-TE Tunnels: Example, on page 261
IETF DS-TE Mode
IETF DS-TE mode usesIETF-defined extensionsfor RSVP and IGP. This mode interoperates with third-party
vendor equipment.
IETF mode supports multiple bandwidth constraint models, including RDM and MAM, both with two
bandwidth pools. In an IETF DS-TE network, identical bandwidth constraint models must be configured on
all nodes.
TE class map is used with IETF DS-TE mode and must be configured the same way on all nodes in the
network.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 127
Implementing MPLS Traffic Engineering
Differentiated Services Traffic EngineeringBandwidth Constraint Models
IETF DS-TE mode provides support for the RDM and MAM bandwidth constraints models. Both models
support up to two bandwidth pools.
Cisco IOS XR software provides global configuration for the switching between bandwidth constraint models.
Both models can be configured on a single interface to preconfigure the bandwidth constraints before swapping
to an alternate bandwidth constraint model.
Note NSF is not guaranteed when you change the bandwidth constraint model or configuration information.
By default, RDM is the default bandwidth constraint model used in both pre-standard and IETF mode.
Maximum Allocation Bandwidth Constraint Model
The MAM constraint model has the following characteristics:
Easy to use and intuitive.
Isolation across class types.
Simultaneously achieves isolation, bandwidth efficiency, and protection against QoS degradation.
Related Topics
Configuring an IETF DS-TE Tunnel Using MAM, on page 181
Russian Doll Bandwidth Constraint Model
The RDM constraint model has these characteristics:
Allows greater sharing of bandwidth among different class types.
Ensures bandwidth efficiency simultaneously and protection against QoS degradation of all class types.
Specifies that it is used in conjunction with preemption to simultaneously achieve isolation across
class-types such that each class-type is guaranteed its share of bandwidth, bandwidth efficiency, and
protection against QoS degradation of all class types.
We recommend that RDM not be used in DS-TE environmentsin which the use of preemption is precluded.
Although RDM ensures bandwidth efficiency and protection against QoS degradation of class types, it
does guarantee isolation across class types.
Note
Related Topics
Configuring an IETF DS-TE Tunnel Using RDM, on page 178
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
128 OL-26056-02
Implementing MPLS Traffic Engineering
Differentiated Services Traffic EngineeringTE Class Mapping
Each of the eight available bandwidth values advertised in the IGP corresponds to a TE class. Because the
IGP advertises only eight bandwidth values, there can be a maximum of only eight TE classes supported in
an IETF DS-TE network.
TE class mapping must be exactly the same on all routers in a DS-TE domain. It is the responsibility of the
operator configure these settings properly as there is no way to automatically check or enforce consistency.
The operator must configure TE tunnel class types and priority levels to form a valid TE class. When the TE
class map configuration is changed, tunnels already up are brought down. Tunnels in the down state, can be
set up if a valid TE class map is found.
The default TE class and attributes are listed. The default mapping includes four class types.
Table 4: TE Classes and Priority
TE Class Class Type Priority
0 0 7
1 1 7
2 Unused
3 Unused
4 0 0
5 1 0
6 Unused
7 Unused
Flooding
Available bandwidth in all configured bandwidth poolsisflooded on the network to calculate accurate constraint
paths when a new TE tunnel is configured. Flooding usesIGP protocol extensions and mechanismsto determine
when to flood the network with bandwidth.
Flooding Triggers
TE Link Management (TE-Link) notifies IGP for both global pool and sub-pool available bandwidth and
maximum bandwidth to flood the network in these events:
Periodic timer expires (this does not depend on bandwidth pool type).
Tunnel origination node has out-of-date information for either available global pool orsub-pool bandwidth,
causing tunnel admission failure at the midpoint.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 129
Implementing MPLS Traffic Engineering
Flooding Consumed bandwidth crosses user-configured thresholds. The same threshold is used for both global
pool and sub-pool. If one bandwidth crosses the threshold, both bandwidths are flooded.
Flooding Thresholds
Flooding frequently can burden a network because all routers must send out and process these updates.
Infrequent flooding causes tunnel heads (tunnel-originating nodes) to have out-of-date information, causing
tunnel admission to fail at the midpoints.
You can control the frequency of flooding by configuring a set of thresholds. When locked bandwidth (at one
or more priority levels) crosses one of these thresholds, flooding is triggered.
Thresholds apply to a percentage of the maximum available bandwidth (the global pool), which is locked,
and the percentage of maximum available guaranteed bandwidth (the sub-pool), which is locked. If, for one
or more priority levels, either of these percentages crosses a threshold, flooding is triggered.
Setting up a global pool TE tunnel can cause the locked bandwidth allocated to sub-pool tunnels to be
reduced (and hence to cross a threshold). A sub-pool TE tunnel setup can similarly cause the locked
bandwidth for global pool TE tunnels to cross a threshold. Thus, sub-pool TE and global pool TE tunnels
can affect each other when flooding is triggered by thresholds.
Note
Fast Reroute
Fast Reroute (FRR) provides link protection to LSPs enabling the traffic carried by LSPs that encounter a
failed link to be rerouted around the failure. The reroute decision is controlled locally by the router connected
to the failed link. The headend router on the tunnel is notified of the link failure through IGP or through RSVP.
When it is notified of a link failure, the headend router attempts to establish a new LSP that bypasses the
failure. This provides a path to reestablish links that fail, providing protection to data transfer.
FRR (link or node) is supported over sub-pool tunnels the same way as for regular TE tunnels. In particular,
when link protection is activated for a given link, TE tunnels eligible for FRR are redirected into the protection
LSP, regardless of whether they are sub-pool or global pool tunnels.
The ability to configure FRR on a per-LSP basis makes it possible to provide different levels of fast
restoration to tunnels from different bandwidth pools.
Note
You should be aware of these requirements for the backup tunnel path:
Backup tunnel must not pass through the element it protects.
Primary tunnel and a backup tunnel should intersect at least at two points (nodes) on the path: point of
local repair (PLR) and merge point (MP). PLR isthe headend of the backup tunnel, and MP isthe tailend
of the backup tunnel.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
130 OL-26056-02
Implementing MPLS Traffic Engineering
Fast RerouteWhen you configure TE tunnel with multiple protection on its path and merge point is the same node for
more than one protection, you must configure record-route for that tunnel.
Note
Related Topics
Protecting MPLS Tunnels with Fast Reroute, on page 164
MPLS-TE and Fast Reroute over Link Bundles
MPLS Traffic Engineering (TE) and Fast Reroute (FRR) are supported over bundle interfaces and virtual
local area network (VLAN) interfaces. Bidirectional forwarding detection (BFD) over VLAN is used as an
FRR trigger to obtain less than 50 milliseconds of switchover time.
These link bundle types are supported for MPLS-TE/FRR:
Over Ethernet link bundles.
Over VLANs over Ethernet link bundles.
Number of links are limited to 100 for MPLS-TE and FRR.
VLANs go over any Ethernet interface (for example, GigabitEthernet and TenGigE).
FRR is supported over bundle interfaces in the following ways:
Uses minimum links as a threshold to trigger FRR over a bundle interface.
Uses the minimum total available bandwidth as a threshold to trigger FRR.
Ignore Intermediate System-to-Intermediate System Overload Bit Setting in
MPLS-TE
The Ignore Intermediate System-to-Intermediate System (IS-IS) overload bit avoidance feature allows network
administrators to prevent RSVP-TE label switched paths (LSPs) from being disabled, when a router in that
path has its Intermediate System-to-Intermediate System (IS-IS) overload bit set.
The IS-IS overload bit avoidance feature is activated using this command:
mpls traffic-eng path-selection ignore overload
The IS-IS overload bit avoidance feature is deactivated using the no form of this command:
no mpls traffic-eng path-selection ignore overload
When the IS-IS overload bit avoidance feature is activated, all nodes, including head nodes, mid nodes, and
tail nodes, with the overload bit set, are ignored. This means that they are still available for use with RSVP-TE
label switched paths (LSPs). This feature enables you to include an overloaded node in CSPF.
Enhancement Options of IS-IS OLA
You can restrict configuring IS-IS overload bit avoidance with the following enhancement options:
path-selection ignore overload head
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 131
Implementing MPLS Traffic Engineering
MPLS-TE and Fast Reroute over Link BundlesThe tunnels stay up if set-overload-bit is set by IS-IS on the head router. Ignores overload during CSPF
for LSPs originating from an overloaded node. In all other cases (mid, tail, or both), the tunnel stays
down.
path-selection ignore overload mid
The tunnels stay up if set-overload-bit is set by IS-IS on the mid router. Ignores overload during CSPF
for LSPs transiting from an overloaded node. In all other cases (head, tail, or both), the tunnel stays
down.
path-selection ignore overload tail
The tunnels stay up if set-overload-bit is set by IS-IS on the tail router. Ignores overload during CSPF
for LSPs terminating at an overloaded node. In all other cases (head, mid, or both), the tunnel stays
down.
path-selection ignore overload
The tunnels stay up irrespective of on which router the set-overload-bit is set by IS-IS.
When you do not select any of the options, including head nodes, mid nodes, and tail
nodes, you get a behavior that is applicable to all nodes. This behavior is backward
compatible in nature.
Note
For more information related to IS-IS overload avoidance related commands, see Cisco ASR 9000 Series
Aggregation Services Router MPLS Command Reference.
Related Topics
Configuring the Ignore Integrated IS-IS Overload Bit Setting in MPLS-TE, on page 187
Configure the Ignore IS-IS Overload Bit Setting in MPLS-TE: Example, on page 262
Flexible Name-based Tunnel Constraints
MPLS-TE Flexible Name-based Tunnel Constraints provides a simplified and more flexible means of
configuring link attributes and path affinities to compute paths for MPLS-TE tunnels.
In the traditional TE scheme, links are configured with attribute-flags that are flooded with TE link-state
parameters using Interior Gateway Protocols (IGPs), such as Open Shortest Path First (OSPF).
MPLS-TE Flexible Name-based Tunnel Constraints lets you assign, or map, up to 32 color names for affinity
and attribute-flag attributes instead of 32-bit hexadecimal numbers. After mappings are defined, the attributes
can be referred to by the corresponding color name in the command-line interface (CLI). Furthermore, you
can define constraints using include, include-strict, exclude, and exclude-all arguments, where each statement
can contain up to 10 colors, and define include constraints in both loose and strict sense.
You can configure affinity constraints using attribute flags or the Flexible Name Based Tunnel Constraints
scheme; however, when configurations for both schemes exist, only the configuration pertaining to the
new scheme is applied.
Note
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
132 OL-26056-02
Implementing MPLS Traffic Engineering
Flexible Name-based Tunnel ConstraintsRelated Topics
Assigning Color Names to Numeric Values, on page 188
Associating Affinity-Names with TE Links, on page 190
Associating Affinity Constraints for TE Tunnels, on page 192
Configure Flexible Name-based Tunnel Constraints: Example, on page 263
MPLS Traffic Engineering Interarea Tunneling
These topics describe the following new extensions of MPLS-TE:
Interarea Support, on page 133
Multiarea Support, on page 134
Loose Hop Expansion, on page 134
Loose Hop Reoptimization, on page 135
Fast Reroute Node Protection, on page 135
Interarea Support
The MPLS-TE interarea tunneling feature allows you to establish P2P tunnels spanning multiple Interior
Gateway Protocol (IGP) areas and levels, thereby eliminating the requirement that headend and tailend routers
reside in a single area.
Interarea support allowsthe configuration of a TE LSP thatspans multiple areas, where its headend and tailend
label switched routers (LSRs) reside in different IGP areas.
Multiarea and Interarea TE are required by the customers running multiple IGP area backbones (primarily
for scalability reasons). This lets you limit the amount of flooded information, reduces the SPF duration, and
lessens the impact of a link or node failure within an area, particularly with large WAN backbones split in
multiple areas.
This figure shows a typical interarea TE network.
Figure 12: Interarea (OSPF) TE Network Diagram
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 133
Implementing MPLS Traffic Engineering
MPLS Traffic Engineering Interarea TunnelingMultiarea Support
Multiarea support allows an area border router (ABR) LSR to support MPLS-TE in more than one IGP area.
A TE LSP is still confined to a single area.
Multiarea and Interarea TE are required when you run multiple IGP area backbones. The Multiarea and
Interarea TE allows you to:
Limit the volume of flooded information.
Reduce the SPF duration.
Decrease the impact of a link or node failure within an area.
Figure 13: Interlevel (IS-IS) TE Network
As shown in the figure, R2, R3, R7, and R4 maintain two databases for routing and TE information. For
example, R3 has TE topology information related to R2, flooded through Level-1 IS-IS LSPs plus the TE
topology information related to R4, R9, and R7, flooded as Level 2 IS-IS Link State PDUs (LSPs) (plus, its
own IS-IS LSP).
You can configure multiple areas within an IS-IS Level 1. This is transparent to TE. TE has topology
information about the IS-IS level, but not the area ID.
Note
Loose Hop Expansion
Loose hop optimization allows the reoptimization of tunnels spanning multiple areas and solves the problem
which occurs when an MPLS-TE LSP traverses hops that are not in the LSP's headend's OSPF area and IS-IS
level.
Interarea MPLS-TE allows you to configure an interarea traffic engineering (TE) label switched path (LSP)
by specifying a loose source route of ABRs along the path. It is the then the responsibility of the ABR (having
a complete view of both areas) to find a path obeying the TE LSP constraints within the next area to reach
the next hop ABR (as specified on the headend). The same operation is performed by the last ABR connected
to the tailend area to reach the tailend LSR.
You must be aware of these considerations when using loose hop optimization:
You must specify the router ID of the ABR node (as opposed to a link address on the ABR).
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
134 OL-26056-02
Implementing MPLS Traffic Engineering
MPLS Traffic Engineering Interarea Tunneling When multiarea is deployed in a network that contains subareas, you must enable MPLS-TE in the
subarea for TE to find a path when loose hop is specified.
You must specify the reachable explicit path for the interarea tunnel.
Loose Hop Reoptimization
Loose hop reoptimization allows the reoptimization of the tunnels spanning multiple areas and solves the
problem which occurs when an MPLS-TE headend does not have visibility into other IGP areas.
Whenever the headend attempts to reoptimize a tunnel, it tries to find a better path to the ABR in the headend
area. If a better path is found then the headend initiates the setup of a new LSP. In case a suitable path is not
found in the headend area, the headend initiates a querying message. The purpose of this message is to query
the ABRs in the areas other than the headend area to check if there exist any better paths in those areas. The
purpose of this message is to query the ABRs in the areas other than the headend area, to check if a better
path exists. If a better path does not exist, ABR forwardsthe query to the next router downstream. Alternatively,
if better path is found, ABR responds with a special Path Error to the headend to indicate the existence of a
better path outside the headend area. Upon receiving the Path Error that indicates the existence of a better
path, the headend router initiates the reoptimization.
ABR Node Protection
Because one IGP area does not have visibility into another IGP area, it is not possible to assign backup to
protect ABR node. To overcome this problem, node ID sub-object is added into the record route object of the
primary tunnel so that at a PLR node, backup destination address can be checked against primary tunnel
record-route object and assign a backup tunnel.
Fast Reroute Node Protection
If a link failure occurs within an area, the upstream router directly connected to the failed link generates an
RSVP path error message to the headend. As a response to the message, the headend sends an RSVP path
tear message and the corresponding path option is marked as invalid for a specified period and the next
path-option (if any) is evaluated.
To retry the ABR immediately, a second path option (identical to the first one) should be configured.
Alternatively, the retry period (path-option hold-down, 2 minutes by default) can be tuned to achieve a faster
retry.
Related Topics
Protecting MPLS Tunnels with Fast Reroute, on page 164
MPLS-TE Forwarding Adjacency
The MPLS-TE Forwarding Adjacency feature allows a network administrator to handle a traffic engineering,
label-switched path (LSP) tunnel as a link in an Interior Gateway Protocol (IGP) network based on the Shortest
Path First (SPF) algorithm. A forwarding adjacency can be created between routers regardless of their location
in the network.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 135
Implementing MPLS Traffic Engineering
MPLS-TE Forwarding AdjacencyMPLS-TE Forwarding Adjacency Benefits
TE tunnel interfaces are advertised in the IGP network just like any other links. Routers can then use these
advertisements in their IGPs to compute the SPF even if they are not the head end of any TE tunnels.
Related Topics
Configuring MPLS-TE Forwarding Adjacency, on page 199
Configure Forwarding Adjacency: Example, on page 265
MPLS-TE Forwarding Adjacency Restrictions
The following restrictions are listed for the MPLS-TE Forwarding Adjacency feature:
Using the MPLS-TE Forwarding Adjacency feature increasesthe size of the IGP database by advertising
a TE tunnel as a link.
The MPLS-TE Forwarding Adjacency feature is supported by Intermediate System-to-Intermediate
System (IS-IS).
When the MPLS-TE Forwarding Adjacency feature is enabled on a TE tunnel, the link is advertised in
the IGP network as a Type-Length-Value (TLV) 22 without any TE sub-TLV.
MPLS-TE forwarding adjacency tunnels must be configured bidirectionally.
MPLS-TE Forwarding Adjacency Prerequisites
Your network must support the following features before enabling the MPLS -TE Forwarding Adjacency
feature:
MPLS
IP Cisco Express Forwarding
Intermediate System-to-Intermediate System (IS-IS)
Path Computation Element
Path Computation Element (PCE) solves the specific issue of inter-domain path computation for MPLS-TE
label switched path (LSPs), when the head-end router does not possess full network topology information
(for example, when the head-end and tail-end routers of an LSP reside in different IGP areas).
PCE uses area border routers(ABRs) to compute a TE LSP spanning multiple IGP areas as well as computation
of Inter-AS TE LSP.
PCE is usually used to define an overall architecture, which is made of several components, as follows:
Path Computation Element (PCE)
Represents a software module (which can be a component or application) that enables the router to
compute paths applying a set of constraints between any pair of nodes within the routers TE topology
database. PCEs are discovered through IGP.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
136 OL-26056-02
Implementing MPLS Traffic Engineering
Path Computation ElementPath Computation Client (PCC)
Represents a software module running on a router that is capable of sending and receiving path
computation requests and responses to and from PCEs. The PCC is typically an LSR (Label Switching
Router).
PCC-PCE communication protocol (PCEP)
Specifiesthat PCEP is a TCP-based protocol defined by the IETF PCEWG, and defines a set of messages
and objects used to manage PCEP sessions and to request and send paths for multi-domain TE LSPs.
PCEP is used for communication between PCC and PCE (as well as between two PCEs) and employs
IGP extensions to dynamically discover PCE.
This figure shows a typical PCE implementation.
Figure 14: Path Computation Element Network Diagram
Path computation elements provides support for the following message types and objects:
Message types: Open, PCReq, PCRep, PCErr, Close
Objects: OPEN, CLOSE, RP, END-POINT, LSPA, BANDWIDTH, METRIC, and NO-PATH
Related Topics
Configuring a Path Computation Client, on page 200
Configuring a Path Computation Element Address, on page 202
Configuring PCE Parameters, on page 203
Configure PCE: Example, on page 265
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 137
Implementing MPLS Traffic Engineering
Path Computation ElementPath Protection
Path protection provides an end-to-end failure recovery mechanism (that is, full path protection) for MPLS-TE
tunnels. A secondary Label Switched Path (LSP) is established, in advance, to provide failure protection for
the protected LSP that is carrying a tunnel's TE traffic. When there is a failure on the protected LSP, the source
router immediately enables the secondary LSP to temporarily carry the tunnel's traffic. If there is a failure on
the secondary LSP, the tunnel no longer has path protection until the failure along the secondary path is
cleared. Path protection can be used with a single area (OSPF or IS-IS), external BGP [eBGP], and static).
The failure detection mechanisms trigger a switchover to a secondary tunnel:
Path error or resv-tear from Resource Reservation Protocol (RSVP) signaling
Notification from the Bidirectional Forwarding Detection (BFD) protocol that a neighbor is lost
Notification from the Interior Gateway Protocol (IGP) that the adjacency is down
Local teardown of the protected tunnel's LSP due to preemption in order to signal higher priority LSPs,
a Packet over SONET (POS) alarm, online insertion and removal (OIR), and so forth
An alternate recovery mechanism is Fast Reroute (FRR), which protects MPLS-TE LSPs only from link and
node failures by locally repairing the LSPs at the point of failure. Co-existence of FRR and path protection
is supported, that means FRR and path-protection can be configured on the same tunnel at the same time.
Although not as fast as link or node protection, presignaling a secondary LSP is faster than configuring a
secondary primary path option or allowing the tunnel's source router to dynamically recalculate a path. The
actual recovery time is topology-dependent, and affected by delay factors such as propagation delay or switch
fabric latency.
Related Topics
Enabling Path Protection for an Interface, on page 206
Assigning a Dynamic Path Option to a Tunnel, on page 208
Forcing a Manual Switchover on a Path-Protected Tunnel, on page 210
Configuring the Delay the Tunnel Takes Before Reoptimization, on page 210
Configure Tunnels for Path Protection: Example, on page 266
Prerequisites for Path Protection
Ensure that your network supports MPLS-TE, Cisco Express Forwarding, and Intermediate
System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF).
Enable MPLS.
Configure TE on the routers.
Configure a TE tunnel with a dynamic path option by using the path-option command with the
dynamic keyword.
Related Topics
Enabling Path Protection for an Interface, on page 206
Assigning a Dynamic Path Option to a Tunnel, on page 208
Forcing a Manual Switchover on a Path-Protected Tunnel, on page 210
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
138 OL-26056-02
Implementing MPLS Traffic Engineering
Path ProtectionConfiguring the Delay the Tunnel Takes Before Reoptimization, on page 210
Configure Tunnels for Path Protection: Example, on page 266
Restrictions for Path Protection
Only Point-to-Point (P2P) tunnels are supported.
Point-to-Multipoint (P2MP) TE tunnels are not supported.
A maximum of one standby LSP is supported.
There can be only one secondary path for each dynamic path option.
Explicit path option can be configured for the path protected TE with the secondary path option as
dynamic.
Do not use link and node protection with path protection on the headend router.
A maximum number of path protected tunnel TE heads is 2000.
A maximum number of TE tunnel heads is equal to 4000.
Related Topics
Enabling Path Protection for an Interface, on page 206
Assigning a Dynamic Path Option to a Tunnel, on page 208
Forcing a Manual Switchover on a Path-Protected Tunnel, on page 210
Configuring the Delay the Tunnel Takes Before Reoptimization, on page 210
Configure Tunnels for Path Protection: Example, on page 266
MPLS-TE Automatic Bandwidth
The MPLS-TE automatic bandwidth feature measures the traffic in a tunnel and periodically adjusts the
signaled bandwidth for the tunnel.
These topics provide information about MPLS-TE automatic bandwidth:
MPLS-TE Automatic Bandwidth Overview
MPLS-TE automatic bandwidth is configured on individual Label Switched Paths (LSPs) at every head-end.
MPLS-TE monitors the traffic rate on a tunnel interface. Periodically, MPLS-TE resizes the bandwidth on
the tunnel interface to align it closely with the traffic in the tunnel. MPLS-TE automatic bandwidth can perform
these functions:
Monitors periodic polling of the tunnel output rate
Resizes the tunnel bandwidth by adjusting the highest rate observed during a given period
For every traffic-engineered tunnel that is configured for an automatic bandwidth, the average output rate is
sampled, based on various configurable parameters. Then, the tunnel bandwidth is readjusted automatically
based upon either the largest average output rate that was noticed during a certain interval, or a configured
maximum bandwidth value.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 139
Implementing MPLS Traffic Engineering
MPLS-TE Automatic BandwidthThis table lists the automatic bandwidth functions.
Table 5: Automatic Bandwidth Variables
Function Command Description Default Value
Configures how often the 24 hours
tunnel bandwidths
changed for each tunnel.
The application period is
the period of A minutes
between the bandwidth
applications during which
the output rate collection
is done.
Application frequency application command
Limits the range of 0 Kbps
bandwidth within the
automatic-bandwidth
feature that can request a
bandwidth.
Requested bandwidth bw-limit command
Configures how often the 5 min
tunnel output rate is
polled globally for all
tunnels.
auto-bw collect
command
Collection frequency
You cannot configure this
value.
Highest collected
bandwidth
You cannot configure this
value.
Delta
The output rate on a tunnel is collected at regular intervals that are configured by using the application
command in MPLS-TE auto bandwidth interface configuration mode. When the application period timer
expires, and when the difference between the measured and the current bandwidth exceeds the adjustment
threshold, the tunnel is reoptimized. Then, the bandwidth samples are cleared to record the new largest output
rate at the next interval.
When reoptimizing the LSP with the new bandwidth, a new path request is generated. If the new bandwidth
is not available, the last good LSP continues to be used. This way, the network experiences no traffic
interruptions.
If minimum or maximum bandwidth values are configured for a tunnel, the bandwidth, which the automatic
bandwidth signals, stays within these values.
When more than 100 tunnels are auto-bw enabled, the algorithm will jitter the first application of every
tunnel by a maximum of 20% (max 1hour). The algorithm does this to avoid too many tunnels running
auto bandwidth applications at the same time.
Note
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
140 OL-26056-02
Implementing MPLS Traffic Engineering
MPLS-TE Automatic BandwidthIf a tunnel is shut down, and is later brought again, the adjusted bandwidth is lost and the tunnel is brought
back with the initial configured bandwidth. In addition, the application period is reset when the tunnel is
brought back.
Related Topics
Configuring the Collection Frequency, on page 212
Configuring the Automatic Bandwidth Functions, on page 215
Configure Automatic Bandwidth: Example, on page 267
Adjustment Threshold
Adjustment Threshold is defined as a percentage of the current tunnel bandwidth and an absolute (minimum)
bandwidth. Both thresholds must be fulfilled for the automatic bandwidth to resignal the tunnel. The tunnel
bandwidth is resized only if the difference between the largest sample output rate and the current tunnel
bandwidth is larger than the adjustment thresholds.
For example, assume that the automatic bandwidth is enabled on a tunnel in which the highest observed
bandwidth B is 30 Mbps. Also, assume that the tunnel was initially configured for 45 Mbps. Therefore, the
difference is 15 mbit/s. Now, assuming the default adjustment thresholds of 10% and 10kbps, the tunnel is
signalled with 30 Mbps when the application timer expires. This is because 10% of 45Mbit/s is 4.5 Mbit/s,
which is smaller than 15 Mbit/s. The absolute threshold, which by default is 10kbps, is also crossed.
Overflow Detection
Overflow detection is used if a bandwidth must be resized assoon as an overflow condition is detected, without
having to wait for the expiry of an automatic bandwidth application frequency interval.
For overflow detection one configures a limit N, a percentage threshold Y% and optionally, a minimum
bandwidth threshold Z. The percentage threshold is defined as the percentage of the actual signalled tunnel
bandwidth. When the difference between the measured bandwidth and the actual bandwidth are both larger
than Y% and Z threshold, for N consecutive times, then the system triggers an overflow detection.
The bandwidth adjustment by the overflow detection is triggered only by an increase of traffic volume through
the tunnel, and not by a decrease in the traffic volume. When you trigger an overflow detection, the automatic
bandwidth application interval is reset.
By default, the overflow detection is disabled and needs to be manually configured.
Restrictions for MPLS-TE Automatic Bandwidth
When the automatic bandwidth cannot update the tunnel bandwidth, the following restrictions are listed:
Tunnel is in a fast reroute (FRR) backup, active, or path protect active state. This occurs because of the
assumption that protection is a temporary state, and there is no need to reserve the bandwidth on a backup
tunnel. You should prevent taking away the bandwidth from other primary or backup tunnels.
Reoptimization fails to occur during a lockdown. In this case, the automatic bandwidth does not update
the bandwidth unless the bandwidth application is manually triggered by using the mpls traffic-eng
auto-bw apply command in EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 141
Implementing MPLS Traffic Engineering
MPLS-TE Automatic BandwidthPoint-to-Multipoint Traffic-Engineering
Point-to-Multipoint Traffic-Engineering Overview
The Point-to-Multipoint (P2MP) Resource Reservation Protocol-Traffic Engineering (RSVP-TE) solution
allows service providers to implement IP multicast applications, such as IPTV and real-time video, broadcast
over the MPLS label switch network. The RSVP-TE protocol is extended to signal point-to-point (P2P) and
P2MP label switched paths (LSPs) across the MPLS networks.
By using RSVP-TE extensions as defined in RFC 4875, multiple subLSPs are signaled for a given TE source.
The P2MP tunnel is considered as a set of Source-to-Leaf (S2L) subLSPs that connect the TE source to
multiple leaf Provider Edge (PE) nodes.
At the TE source, the ingress point of the P2MP-TE tunnel, IP multicast traffic is encapsulated with a unique
MPLS label, which is associated with the P2MP-TE tunnel. The traffic continues to be label-switched in the
P2MP tree. If needed, the labeled packet is replicated at branch nodes along the P2MP tree. When the labeled
packet reaches the egress leaf (PE) node, the MPLS label is removed and forwarded onto the IP multicast tree
across the PE-CE link.
To enable end-to-end IP multicast connectivity, RSVP is used in the MPLS-core for P2MP-TE signaling and
PIM is used for PE-CE link signaling.
All edge routers are running PIM-SSM or Source-Specific Multicast (SSM) to exchange multicast routing
information with the directly-connected Customer Edge (CE) routers.
In the MPLS network, RSVP P2MP-TE replaces PIM as the tree building mechanism, RSVP-TE grafts
or prunes a given P2MP tree when the end-points are added or removed in the TE source configuration
(explicit user operation).
These are the definitions for Point-to-Multipoint (P2MP) tunnels:
Source
Configures the node in which Label Switched Path (LSP) signaling is initiated.
Mid-point
Specifies the transit node in which LSP signaling is processed (for example, not a source or receiver).
Receiver, Leaf, and Destination
Specifies the node in which LSP signaling ends.
Branch Point
Specifies the node in which packet replication is performed.
Bud Node
Specifies the node that not only acts as a transit for some S2Ls but also acts as a termination point for
a S2L of a P2MP TE tunnel.
Source-to-Leaf (S2L) SubLSP
Specifies the P2MP-TE LSP segment that runs from the source to one leaf.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
142 OL-26056-02
Implementing MPLS Traffic Engineering
Point-to-Multipoint Traffic-EngineeringPoint-to-Multipoint Traffic-Engineering Features
P2MP RSVP-TE (RFC 4875) is supported. RFC 4875 is based on nonaggregate signaling; for example,
per S2L signaling. Only P2MP LSP is supported.
interface tunnel-mte command identifies the P2MP interface type.
P2MP tunnel setup is supported with label replication.
Fast-Reroute (FRR) link protection is supported with sub-50 msec for traffic loss.
Explicit routing is supported by using under utilized links.
Reoptimization is supported by calculating a better set of paths to the destination with no traffic loss.
Note Per-S2L reoptimization is not supported.
IPv4 and IPv6 payloads are supported.
IPv4 and IPv6 multicast forwarding are supported on a P2MP tunnel interface through a static IGMP
and MLD group configuration.
Both IP multicast and P2MP Label Switch Multicast (LSM) coexist in the same network; therefore, both
use the same forwarding plane (LFIB or MPLS Forwarding Infrastructure [MFI]).
P2MP label replication supports only Source-Specific Multicast (SSM) traffic. SSM configuration
supports the default value, none.
Static mapping for multicast groups to the P2MP-TE tunnel is required.
Point-to-Multipoint Traffic-Engineering Benefits
Single point of traffic control ensures that signaling and path engineering parameters (for example,
protection and diversity) are configured only at the TE source node.
Ability to configure explicit paths to enable optimized traffic distribution and prevention of single point
of failures in the network.
Link protection of MPLS-labeled traffic traversing branch paths of the P2MP-TE tree.
Ability to do bandwidth Admission Control (AC) during set up and signaling of P2MP-TE paths in the
MPLS network.
Related Topics
Configure Point-to-Multipoint for the Source: Example, on page 278
Configure the Point-to-Multipoint Solution: Example, on page 279
Disable a Destination: Example, on page 279
Configure the Point-to-Multipoint Tunnel: Example, on page 278
Configure the Point-to-Multipoint Solution: Example, on page 279
Point-to-Multipoint RSVP-TE , on page 144
Path Option for Point-to-Multipoint RSVP-TE, on page 145
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 143
Implementing MPLS Traffic Engineering
Point-to-Multipoint Traffic-EngineeringPoint-to-Multipoint RSVP-TE
RSVP-TE signals a P2MP tunnel base that is based on a manual configuration. If all Source-to-Leaf (S2L)s
use an explicit path, the P2MP tunnel creates a static tree that follows a predefined path based on a constraint
such as a deterministic Label Switched Path (LSP). If the S2L uses a dynamic path, RSVP-TE creates a P2MP
tunnel base on the best path in the RSVP-TE topology. RSVP-TE supports bandwidth reservation for
constraint-based routing.
RSVP-TE distributes stream information in which the topology tree does not change often (where the source
and receivers are). For example, large scale video distribution between major sites is suitable for a subset of
multicast applications. Because multicast traffic is already in the tunnel, the RSVP-TE tree is protected as
long as you build a backup path.
Fast-Reroute (FRR) capability is supported for P2MP RSVP-TE by using the unicast link protection. You
can choose the type of traffic to go to the backup link.
The P2MP tunnel is signaled by the dynamic and explicit path option in the IGP intra area. Only interArea
and interAS, which are used for the P2MP tunnels, are signaled by the verbatim path option.
Related Topics
Configure Point-to-Multipoint for the Source: Example, on page 278
Configure the Point-to-Multipoint Solution: Example, on page 279
Point-to-Multipoint Fast Reroute, on page 144
Path Option for Point-to-Multipoint RSVP-TE, on page 145
Point-to-Multipoint Fast Reroute
MPLS-TE Fast Reroute (FRR) is a mechanism to minimize interruption in traffic delivery to a TE Label
Switched Path (LSP) destination as a result of link or node failures. FRR enables temporarily fast switching
of LSP traffic along an alternative backup path around a network failure, until the TE tunnel source signals a
new end-to-end LSP.
The Point-of-Local Repair (PLR) is a node that selects a backup tunnel and switches the LSP traffic onto the
backup tunnel in case a failure is detected. The receiver of the backup tunnel is referred to as the Merge Point
(MP).
Both Point-to-Point (P2P) and P2MP-TE support only the Facility FRR method from RFC 4090.
Fast reroutable LSPs can coexist with fast reroutable P2P LSPs in a network. Node, link, and bandwidth
protection for P2P LSPs are supported. Both MPLS-TE link and node protection rely on the fact that labels
for all primary LSPs and subLSPs are using the MPLS global label allocation. For example, one single (global)
label space is used for all MPLS-TE enabled physical interfaces on a given MPLS node.
Related Topics
Point-to-Multipoint Traffic-Engineering Overview, on page 142
Point-to-Multipoint RSVP-TE , on page 144
Point-to-Multipoint Label Switch Path
The Point-to-Multipoint Label Switch Path (P2MP LSP) has only a single root, which is the Ingress Label
Switch Router (LSR). The P2MP LSP is created based on a receiver that is connected to the Egress LSR. The
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
144 OL-26056-02
Implementing MPLS Traffic Engineering
Point-to-Multipoint Traffic-EngineeringEgress LSR initiates the creation of the tree (for example, tunnel grafting or pruning is done by performing
an individual sub-LSP operation) by creating the Forwarding Equivalency Class (FEC) and Opaque Value.
Note Grafting and pruning operate on a per destination basis.
The Opaque Value contains the stream information that uniquely identifies the tree to the root. To receive
label switched multicast packets, the Egress Provider Edge (PE) indicates to the upstream router (the next
hop closest to the root) which label it uses for the multicast source by applying the label mapping message.
The upstream router does not need to have any knowledge of the source; it needs only the received FEC to
identify the correct P2MP LSP. If the upstream router does not have any FEC state, it creates it and installs
the assigned downstream outgoing label into the label forwarding table. If the upstream router is not the root
of the tree, it must forward the label mapping message to the next hop upstream. This process is repeated
hop-by-hop until the root is reached.
By using downstream allocation, the router that wants to receive the multicast traffic assigns the label for it.
The label request, which is sent to the upstream router, is similar to an unsolicited label mapping (that is, the
upstream does not request it). The upstream router that receives that label mapping uses the specific label to
send multicast packets downstream to the receiver. The advantage isthat the router, which allocatesthe labels,
does not get into a situation where it has the same label for two different multicast sources. This is because it
manages its own label space allocation locally.
Path Option for Point-to-Multipoint RSVP-TE
P2MP tunnels are signaled by using the dynamic and explicit path-options in an IGP intra area. InterArea and
InterAS cases for P2MP tunnels are signaled by the verbatim path option.
Path optionsfor P2MP tunnels are individually configured for each sub-LSP. Only one path option persub-LSP
(destination) is allowed. You can choose whether the corresponding sub-LSP is dynamically or explicitly
routed. For the explicit option, you can configure the verbatim path option to bypass the topology database
lookup and verification for the specified destination.
Both dynamic and explicit path options are supported on a per destination basis by using the path-option
(P2MP-TE) command. In addition, you can combine both path options.
Explicit Path Option
Configuresthe intermediate hopsthat are traversed by a sub-LSP going from the TE source to the egress
MPLS node. Although an explicit path configuration enables granular control sub-LSP paths in an
MPLS network, multiple explicit paths are configured for specific network topologies with a limited
number of (equal cost) links or paths.
Dynamic Path Option
Computes the IGP path of a P2MP tree sub-LSP that is based on the OSPF and ISIS algorithm. The
TE source is dynamically calculated based on the IGP topology.
Dynamic Path Calculation Requirements
Dynamic path calculation for each sub-LSP uses the same path parameters as those for the path calculation
of regular point-to-point TE tunnels. As part of the sub-LSP path calculation, the link resource (bandwidth)
is included, which is flooded throughout the MPLS network through the existing RSVP-TE extensions to
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 145
Implementing MPLS Traffic Engineering
Point-to-Multipoint Traffic-EngineeringOSPF and ISIS. Instead of dynamic calculated paths, explicit paths are also configured for one or more
sub-LSPs that are associated with the P2MP-TE tunnel.
OSPF or ISIS are used for each destination.
TE topology and tunnel constraints are used to input the path calculation.
Tunnel constraints such as affinity, bandwidth, and priorities are used for all destinations in a tunnel.
Path calculation yields an explicit route to each destination.
Static Path Calculation Requirements
The static path calculation does not require any new extensions to IGP to advertise link availability.
Explicit path is required for every destination.
Offline path calculation is used.
TE topology database is not needed.
If the topology changes, reoptimization is not required.
Related Topics
Configure the Point-to-Multipoint Tunnel: Example, on page 278
Configure the Point-to-Multipoint Solution: Example, on page 279
Point-to-Multipoint Traffic-Engineering Overview, on page 142
Point-to-Multipoint RSVP-TE , on page 144
MPLS Traffic Engineering Shared Risk Link Groups
Shared Risk Link Groups (SRLG) in MPLS traffic engineering refer to situations in which links in a network
share a common fiber (or a common physical attribute). These links have a shared risk, and that is when one
link fails, other links in the group might fail too.
OSPF and Intermediate System-to-Intermediate System (IS-IS) flood the SRLG value information (including
other TE link attributes such as bandwidth availability and affinity) using a sub-type length value (sub-TLV),
so that all routers in the network have the SRLG information for each link.
To activate the SRLG feature, configure the SRLG value of each link that has a shared risk with another link.
A maximum of 30 SRLGs per interface is allowed. You can configure this feature on multiple interfaces
including the bundle interface.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
146 OL-26056-02
Implementing MPLS Traffic Engineering
MPLS Traffic Engineering Shared Risk Link GroupsFigure 15: Shared Risk Link Group illustrates the MPLS TE SRLG values configured on the bundle interface.
Figure 15: Shared Risk Link Group
Related Topics
Configuring the SRLG Values of Each Link that has a Shared Risk with Another Link, on page 218
Creating an Explicit Path With Exclude SRLG, on page 220
Using Explicit Path With Exclude SRLG, on page 222
Creating a Link Protection on Backup Tunnel with SRLG Constraint, on page 226
Creating a Node Protection on Backup Tunnel with SRLG Constraint, on page 229
Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267
Explicit Path
The Explicit Path configuration allows you to configure the explicit path. An IP explicit path is a list of IP
addresses, each representing a node or link in the explicit path.
The MPLS Traffic Engineering (TE)IP Explicit Address Exclusion feature provides a means to exclude a
link or node from the path for an Multiprotocol Label Switching (MPLS) TE label-switched path (LSP).
This feature is enabled through the explicit-path command that allows you to create an IP explicit path and
enter a configuration submode for specifying the path. The feature adds to the submode commands of the
exclude-address command for specifying addresses to exclude from the path.
The feature also adds to the submode commands of the exclude-srlg command that allows you to specify
the IP address to get SRLGs to be excluded from the explicit path.
If the excluded address or excluded srlg for an MPLS TE LSP identifies a flooded link, the constraint-based
shortest path first (CSPF) routing algorithm does not consider that link when computing paths for the LSP.
If the excluded address specifies a flooded MPLS TE router ID, the CSPF routing algorithm does not allow
paths for the LSP to traverse the node identified by the router ID.
Related Topics
Configuring the SRLG Values of Each Link that has a Shared Risk with Another Link, on page 218
Creating an Explicit Path With Exclude SRLG, on page 220
Using Explicit Path With Exclude SRLG, on page 222
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 147
Implementing MPLS Traffic Engineering
MPLS Traffic Engineering Shared Risk Link GroupsCreating a Link Protection on Backup Tunnel with SRLG Constraint, on page 226
Creating a Node Protection on Backup Tunnel with SRLG Constraint, on page 229
Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267
Fast ReRoute with SRLG Constraints
Fast ReRoute (FRR) protects MPLS TE Label Switch Paths (LSPs) from link and node failures by locally
repairing the LSPs at the point of failure. This protection allows data to continue to flow on LSPs, while their
headend routers attempt to establish new end-to-end LSPs to replace them. FRR locally repairs the protected
LSPs by rerouting them over backup tunnels that bypass failed links or nodes.
Backup tunnels that bypass only a single link of the LSP's path provide Link Protection. They protect LSPs
by specifying the protected link IP addresses to extract SRLG values that are to be excluded from the explicit
path, thereby bypassing the failed link. These are referred to as next-hop (NHOP) backup tunnels because
they terminate at the LSP's next hop beyond the point of failure. Figure 16: NHOP Backup Tunnel with SRLG
constraint illustrates an NHOP backup tunnel.
Figure 16: NHOP Backup Tunnel with SRLG constraint
In the topology shown in the above figure, the backup tunnel path computation can be performed in this
manner:
Get all SRLG values from the exclude-SRLG link (SRLG values 5 and 6)
Mark all the links with the same SRLG value to be excluded from SPF
Path computation as CSPF R2->R6->R7->R3
FRR provides Node Protection for LSPs. Backup tunnels that bypass next-hop nodes along LSP paths are
called NNHOP backup tunnels because they terminate at the node following the next-hop node of the LSP
paths, thereby bypassing the next-hop node. They protect LSPs when a node along their path fails, by enabling
the node upstream to the point of failure to reroute the LSPs and their traffic, around the failed node to the
next-next hop. They also protect LSPs by specifying the protected link IP addresses that are to be excluded
from the explicit path, and the SRLG values associated with the IP addresses excluded from the explicit path.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
148 OL-26056-02
Implementing MPLS Traffic Engineering
MPLS Traffic Engineering Shared Risk Link GroupsNNHOP backup tunnels also provide protection from link failures by bypassing the failed link as well as the
node. Figure 17: NNHOP Backup Tunnel with SRLG constraint illustrates an NNHOP backup tunnel.
Figure 17: NNHOP Backup Tunnel with SRLG constraint
In the topology shown in the above figure, the backup tunnel path computation can be performed in this
manner:
Get all SRLG values from the exclude-SRLG link (SRLG values 5 and 6)
Mark all links with the same SRLG value to be excluded from SPF
Verify path with SRLG constraint
Path computation as CSPF R2->R9->R10->R4
Related Topics
Configuring the SRLG Values of Each Link that has a Shared Risk with Another Link, on page 218
Creating an Explicit Path With Exclude SRLG, on page 220
Using Explicit Path With Exclude SRLG, on page 222
Creating a Link Protection on Backup Tunnel with SRLG Constraint, on page 226
Creating a Node Protection on Backup Tunnel with SRLG Constraint, on page 229
Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267
Importance of Protection
This section describes the following:
Delivery of Packets During a Failure
Multiple Backup Tunnels Protecting the Same Interface
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 149
Implementing MPLS Traffic Engineering
MPLS Traffic Engineering Shared Risk Link GroupsRelated Topics
Configuring the SRLG Values of Each Link that has a Shared Risk with Another Link, on page 218
Creating an Explicit Path With Exclude SRLG, on page 220
Using Explicit Path With Exclude SRLG, on page 222
Creating a Link Protection on Backup Tunnel with SRLG Constraint, on page 226
Creating a Node Protection on Backup Tunnel with SRLG Constraint, on page 229
Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267
Delivery of Packets During a Failure
Backup tunnels that terminate at the NNHOP protect both the downstream link and node. This provides
protection for link and node failures.
Related Topics
Configuring the SRLG Values of Each Link that has a Shared Risk with Another Link, on page 218
Creating an Explicit Path With Exclude SRLG, on page 220
Using Explicit Path With Exclude SRLG, on page 222
Creating a Link Protection on Backup Tunnel with SRLG Constraint, on page 226
Creating a Node Protection on Backup Tunnel with SRLG Constraint, on page 229
Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267
Multiple Backup Tunnels Protecting the Same Interface
RedundancyIf one backup tunnel is down, other backup tunnels protect LSPs.
Increased backup capacityIf the protected interface is a high-capacity link and no single backup path
exists with an equal capacity, multiple backup tunnels can protect that one high-capacity link. The LSPs
using thislink falls over to different backup tunnels, allowing all of the LSPsto have adequate bandwidth
protection during failure (rerouting). If bandwidth protection is not desired, the router spreads LSPs
across all available backup tunnels (that is, there is load balancing across backup tunnels).
Related Topics
Configuring the SRLG Values of Each Link that has a Shared Risk with Another Link, on page 218
Creating an Explicit Path With Exclude SRLG, on page 220
Using Explicit Path With Exclude SRLG, on page 222
Creating a Link Protection on Backup Tunnel with SRLG Constraint, on page 226
Creating a Node Protection on Backup Tunnel with SRLG Constraint, on page 229
Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267
SRLG Limitations
There are few limitations to the configured SRLG feature:
The exclude-address and exclude-srlg options are not allowed in the IP explicit path strict-address
network.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
150 OL-26056-02
Implementing MPLS Traffic Engineering
MPLS Traffic Engineering Shared Risk Link Groups Whenever SRLG values are modified after tunnels are signalled, they are verified dynamically in the
next path verification cycle.
Related Topics
Configuring the SRLG Values of Each Link that has a Shared Risk with Another Link, on page 218
Creating an Explicit Path With Exclude SRLG, on page 220
Using Explicit Path With Exclude SRLG, on page 222
Creating a Link Protection on Backup Tunnel with SRLG Constraint, on page 226
Creating a Node Protection on Backup Tunnel with SRLG Constraint, on page 229
Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267
Soft-Preemption
MPLS-TE preemption consists of freeing the resources of an established LSP, and assigning them to a new
LSP. The freeing of resources causes a traffic disruption to the LSP that is being preempted. Soft preemption
is an extension to the RSVP-TE protocol to minimize and even eliminate such traffic disruption over the
preempted LSP.
The soft-preemption feature attempts to preempt the LSPs in a graceful manner to minimize or eliminate
traffic loss. However, the link might be over-subscribed for a period of time.
In a network that implements soft preemption, zero traffic loss is achieved in this manner:
When signaling a new LSP, the ingress router indicates to all the intermediate nodes that the existing
LSP is to be softly preempted, in case its resources are needed and is to be reassigned.
When a given intermediate node needs to soft-preempt the existing LSP, it sends a new or special path
error (preemption pending) to the ingress router. The intermediate node does not dismantle the LSP and
maintains its state.
When the ingress router receives the path error (preemption pending) from the intermediate node, it
immediately starts a re-optimization that avoids the link that caused the preemption.
When the re-optimization is complete, the ingress router tears down the soft-preempted LSP.
Related Topics
Enabling Soft-Preemption on a Node, on page 245
Enabling Soft-Preemption on a Tunnel, on page 247
Path Option Attributes
The path option attributes are configurable through a template configuration. Thistemplate, named attribute-set,
is configured globally in the MPLS traffic-engineering mode.
You can apply an attribute-set to a path option on a per-LSP basis. The path option configuration is extended
to take a path option attribute name. LSPs computed with a particular path option usesthe attributes asspecified
by the attribute-set under that path option.
These prerequisites are required to implement path option attributes:
Path option type attribute-set is configured in the MPLS TE mode
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 151
Implementing MPLS Traffic Engineering
Soft-Preemption Path option CLI extended to accept an attribute-set name
Note The signalled-bandwidth and affinity attributes are supported under the attribute-set template.
Related Topics
Configuring Attributes within a Path-Option Attribute, on page 249
Configuration Hierarchy of Path Option Attributes
You can specify a value for an attribute within a path option attribute-set template. This does not prevent
the configuring of the same attribute at a tunnel level. However, it is important to note that only one level is
taken into account. So, the configuration at the LSP level is considered more specific than the one at the level
of the tunnel, and it is used from this point onwards.
Attributes that are not specified within an attribute-set take their values as usual--configuration at the tunnel
level, configuration at the global MPLS level, or default values. Here is an example:
attribute-set path-option MYSET
affinity 0xBEEF mask 0xBEEF
interface tunnel-te 10
affinity 0xCAFE mask 0xCAFE
signalled-bandwidth 1000
path-option 1 dynamic attribute-set name MYSET
path-option 2 dynamic
In this example, the attribute-set named MYSET is specifying affinity as 0xBEEF. The signalled bandwidth
has not been configured in this MYSET. The tunnel 10, meanwhile, has affinity 0xCAFE configured. LSPs
computed from path-option 1 uses the affinity 0xBEEF/0xBEEF, while LSPs computed from path-option 2
uses the affinity 0xCAFE/0xCAFE. All LSPs computed using any of these path-options use
signalled-bandwidth as 1000, as this is the only value that is specified only at the tunnel level.
The attributes configured in a path option attribute-set template takes precedence over the same attribute
configured under a tunnel. An attribute configured under a tunnel is used only if the equivalent attribute
is not specified by the in-use path option attribute-set template.
Note
Related Topics
Configuring Attributes within a Path-Option Attribute, on page 249
Traffic Engineering Bandwidth and Bandwidth Pools
MPLS traffic engineering allows constraint-based routing (CBR) of IP traffic. One of the constraints satisfied
by CBR is the availability of required bandwidth over a selected path. Regular TE tunnel bandwidth is called
the global pool. The subpool bandwidth is a portion of the global pool. If it is not in use, the subpool
bandwidth is not reserved from the global pool. Therefore, subpool tunnels require a priority higher than that
of non-subpool tunnels.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
152 OL-26056-02
Implementing MPLS Traffic Engineering
Path Option AttributesYou can configure the signalled-bandwidth path option attribute to use either the global pool (default) or the
subpool bandwidth. The signalled-bandwidth value for the path option may be any valid value and the pool
does not have to be the same as that which is configured on the tunnel.
When you configure signalled-bandwidth for path options with the signalled-bandwidth bandwidth
[sub-pool | global] kbps command, use either allsubpool bandwidths or all global-pool bandwidth values.
Note
Related Topics
Configuring Attributes within a Path-Option Attribute, on page 249
Path Option Switchover
Reoptimization to a particular path option is not possible if the in-use path option and the new path option do
not share the same bandwidth class. The path option switchover operation would fail in such a scenario. Use
this command at the EXEC configuration mode to switchover to a newer path option :
mpls traffic-eng switchover tunnel-xx ID path-option index
The switchover to a newer path option is achieved, in these instances:
when a lower index path option is available
when any signalling message or topology update causes the primary LSP to go down
when a local interface fails on the primary LSP or a path error is received on the primary LSP
Note Path option switchover between various path options with different bandwidth classes is not allowed.
Related Topics
Configuring Attributes within a Path-Option Attribute, on page 249
Path Option and Path Protection
When path-protection is enabled, a standby LSP is established to protect traffic going over the tunnel. The
standby LSP may be established using either the same path option as the primary LSP, or a different one.
The standby LSP is computed to be diverse from the primary LSP, so bandwidth class differences does not
matter. This is true in all cases of diversity except node-diversity. With node diversity, it is possible for the
standby LSP to share up to two links with the primary LSP, the link exiting the head node, and the link entering
the tail node.
If you want to switchover from one path option to another path option and these path options have different
classes, the path option switchover is rejected. However, the path option switchover can not be blocked in the
path-protection feature. When the standby LSP becomes active using another path option of a different class
type, the path option switchover cannot be rejected at the head end. It might get rejected by the downstream
node.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 153
Implementing MPLS Traffic Engineering
Path Option AttributesNode-diversity is only possible under limited conditions. The conditions that must be met are:
there is no second path that is both node and link diverse
the current LSP uses a shared-media link at the head egress or tail ingress
the shared-media link used by the current LSP permits computation of a node-diverse path
In Cisco IOS XR, reoptimization between different class types would actually be rejected by the next hop.
This rejection will occur by an admission failure.
Related Topics
Configuring Attributes within a Path-Option Attribute, on page 249
Auto-Tunnel Mesh
The MPLS traffic engineering auto-tunnel mesh (Auto-mesh) feature allows you to set up full mesh of TE
P2P tunnels automatically with a minimal set of MPLS traffic engineering configurations. You may configure
one or more mesh-groups. Each mesh-group requires a destination-list (IPv4 prefix-list) listing destinations,
which are used as destinations for creating tunnels for that mesh-group.
You may configure MPLS TE auto-mesh type attribute-sets (templates) and associate them to mesh-groups.
LSR creates tunnels using the tunnel properties defined in the attribute-set.
Auto-Tunnel mesh provides benefits:
Minimizes the initial configuration of the network.
You may configure tunnel properties template and mesh-groups or destination-lists on each TE LSRs
that further creates full mesh of TE tunnels between those LSRs.
Minimizes future configurations resulting due to network growth.
It eliminates the need to reconfigure each existing TE LSR in order to establish a full mesh of TE tunnels
whenever a new TE LSR is added in the network.
Related Topics
Configuring Auto-Tunnel Mesh Tunnel ID, on page 251
Configuring Auto-tunnel Mesh Unused Timeout, on page 252
Configuring Auto-Tunnel Mesh Group, on page 254
Configuring Tunnel Attribute-Set Templates, on page 256
Enabling LDP on Auto-Tunnel Mesh, on page 258
Destination List (Prefix-List)
Auto-mesh tunnels can be automatically created using prefix-list. Each TE enabled router in the network
learns about the TE router IDs through a existing IGP extension.
You can view the router IDs on the router using this command:
show mpls traffic-eng topology | include TE Id
IGP Id: 0001.0000.0010.00, MPLS TE Id:100.1.1.1 Router Node (ISIS 1 level-2)
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
154 OL-26056-02
Implementing MPLS Traffic Engineering
Auto-Tunnel MeshIGP Id: 0001.0000.0011.00, MPLS TE Id:100.2.2.2 Router Node (ISIS 1 level-2)
IGP Id: 0001.0000.0012.00, MPLS TE Id:100.3.3.3 Router Node (ISIS 1 level-2)
A prefix-list may be configured on each TE router to match a desired set of router IDs (MPLS TE ID as shown
in the above output). For example, if a prefix-list is configured to match addresses of 100.0.0.0 with wildcard
0.255.255.255, then all 100.x.x.x router IDs are included in the auto-mesh group.
When a new TE router is added in the network and its router ID is also in the block of addresses described
by the prefix-list, for example, 100.x.x.x, then it is added in the auto-mesh group on each existing TE router
without having to explicitly modify the prefix-list or perform any additional configuration.
Auto-mesh does not create tunnels to its own (local) TE router IDs.
When prefix-list configurations on all routers are not identical, it can result in non- symmetrical mesh of
tunnels between those routers.
Note
Related Topics
Configuring Auto-Tunnel Mesh Tunnel ID, on page 251
Configuring Auto-tunnel Mesh Unused Timeout, on page 252
Configuring Auto-Tunnel Mesh Group, on page 254
Configuring Tunnel Attribute-Set Templates, on page 256
Enabling LDP on Auto-Tunnel Mesh, on page 258
How to Implement Traffic Engineering
Traffic engineering requires coordination among several global neighbor routers, creating traffic engineering
tunnels, setting up forwarding across traffic engineering tunnels, setting up FRR, and creating differential
service.
These procedures are used to implement MPLS-TE:
Building MPLS-TE Topology
Perform this task to configure MPLS-TE topology (required for traffic engineering tunnel operations).
Before You Begin
Before you start to build the MPLS-TE topology, you must have enabled:
IGP such as OSPF or IS-IS for MPLS-TE.
MPLS Label Distribution Protocol (LDP).
RSVP on the port interface.
Stable router ID is required at either end of the link to ensure that the link is successful. If you do not
assign a router ID, the system defaults to the global router ID. Default router IDs are subject to change,
which can result in an unstable link.
If you are going to use nondefault holdtime or intervals, you must decide the values to which they are
set.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 155
Implementing MPLS Traffic Engineering
How to Implement Traffic EngineeringSUMMARY STEPS
1. configure
2. mpls traffic-eng
3. interface type interface-path-id
4. exit
5. exit
6. router ospf process-name
7. area area-id
8. exit
9. mpls traffic-eng router-id type interface-path-id
10. Use one of the following commands:
end
commit
11. (Optional) show mpls traffic-eng topology
12. (Optional) show mpls traffic-eng link-management advertisements
DETAILED STEPS
Command or Action Purpose
configure Enters the configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls traffic-eng
Step 2
RP/0/RSP0/CPU0:router(config-mpls-te)#
Enables traffic engineering on a particular interface on the
originating node and enters MPLS-TE interface configuration
mode.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#interface
Step 3
POS0/6/0/0
RP/0/RSP0/CPU0:router(config-mpls-te-if)#
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-if)# exit
Step 4
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
156 OL-26056-02
Implementing MPLS Traffic Engineering
Building MPLS-TE TopologyCommand or Action Purpose
RP/0/RSP0/CPU0:router(config-mpls-te)#
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# exit
Step 5
RP/0/RSP0/CPU0:router(config)#
router ospf process-name Enters a name for the OSPF process.
Example:
RP/0/RSP0/CPU0:router(config)# router ospf 1
Step 6
Step 7 area area-id Configures an area for the OSPF process.
Example:
RP/0/RSP0/CPU0:router(config-router)# area 0
Backbone areas have an area ID of 0.
Non-backbone areas have a non-zero area ID.
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-ospf-ar)# exit
Step 8
RP/0/RSP0/CPU0:router(config-ospf)#
mpls traffic-eng router-id type interface-path-id Sets the MPLS-TE loopback interface.
Example:
RP/0/RSP0/CPU0:router(config-ospf)# mpls
Step 9
traffic-eng router-id Loopback0
Step 10 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-ospf)# end
? Entering yes saves configuration changes to the
running configuration file, exitsthe configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-ospf)# commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 157
Implementing MPLS Traffic Engineering
Building MPLS-TE TopologyCommand or Action Purpose
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
(Optional)
Verifies the traffic engineering topology.
show mpls traffic-eng topology
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
Step 11
topology
(Optional)
Displays all the link-management advertisements for the
links on this node.
show mpls traffic-eng link-management
advertisements
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
Step 12
link-management advertisements
Related Topics
How MPLS-TE Works, on page 121
Build MPLS-TE Topology and Tunnels: Example, on page 260
Creating an MPLS-TE Tunnel
Creating an MPLS-TE tunnel is a process of customizing the traffic engineering to fit your network topology.
Perform this task to create an MPLS-TE tunnel after you have built the traffic engineering topology.
Before You Begin
The following prerequisites are required to create an MPLS-TE tunnel:
You must have a router ID for the neighboring router.
Stable router ID is required at either end of the link to ensure that the link is successful. If you do not
assign a router ID to the routers, the system defaultsto the global router ID. Default router IDs are subject
to change, which can result in an unstable link.
If you are going to use nondefault holdtime or intervals, you must decide the values to which they are
set.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
158 OL-26056-02
Implementing MPLS Traffic Engineering
Creating an MPLS-TE TunnelSUMMARY STEPS
1. configure
2. interface tunnel-te tunnel-id
3. destination ip-address
4. ipv4 unnumbered type interface-path-id
5. path-option preference - priority dynamic
6. signalled- bandwidth {bandwidth [class-type ct ] | sub-pool bandwidth}
7. Use one of these commands:
end
commit
8. (Optional) show mpls traffic-eng tunnels
9. (Optional) show ipv4 interface brief
10. (Optional) show mpls traffic-eng link-management admission-control
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
interface tunnel-te tunnel-id Configures an MPLS-TE tunnel interface.
Example:
RP/0/RSP0/CPU0:router# interface tunnel-te
Step 2
1
Step 3 destination ip-address Assigns a destination address on the new tunnel.
Example:
RP/0/RSP0/CPU0:router(config-if)# destination
The destination address is the remote nodes MPLS-TE router
ID.
192.168.92.125
Assigns a source address so that forwarding can be performed
on the new tunnel. Loopback is commonly used as the interface
type.
ipv4 unnumbered type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4
Step 4
unnumbered Loopback0
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 159
Implementing MPLS Traffic Engineering
Creating an MPLS-TE TunnelCommand or Action Purpose
path-option preference - priority dynamic Sets the path option to dynamic and assigns the path ID.
Example:
RP/0/RSP0/CPU0:router(config-if)# path-option
Step 5
l dynamic
Sets the CT0 bandwidth required on this interface. Because the
default tunnel priority is 7, tunnels use the default TE class map
(namely, class-type 1, priority 7).
signalled- bandwidth {bandwidth [class-type ct ] |
sub-pool bandwidth}
Example:
RP/0/RSP0/CPU0:router(config-if)#
Step 6
signalled-bandwidth 100
Step 7 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-if)# commit
? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
(Optional)
Verifiesthat the tunnel is connected (in the UP state) and displays
all configured TE tunnels.
show mpls traffic-eng tunnels
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
Step 8
tunnels
(Optional)
Displays all TE tunnel interfaces.
show ipv4 interface brief
Example:
RP/0/RSP0/CPU0:router# show ipv4 interface
Step 9
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
160 OL-26056-02
Implementing MPLS Traffic Engineering
Creating an MPLS-TE TunnelCommand or Action Purpose
brief
(Optional)
Displays all the tunnels on this node.
show mpls traffic-eng link-management
admission-control
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
Step 10
link-management admission-control
Related Topics
How MPLS-TE Works, on page 121
Build MPLS-TE Topology and Tunnels: Example, on page 260
Building MPLS-TE Topology, on page 155
Configuring Forwarding over the MPLS-TE Tunnel
Perform this task to configure forwarding over the MPLS-TE tunnel created in the previous task . This task
allows MPLS packets to be forwarded on the link between network neighbors.
Before You Begin
The following prerequisites are required to configure forwarding over the MPLS-TE tunnel:
You must have a router ID for the neighboring router.
Stable router ID is required at either end of the link to ensure that the link is successful. If you do not
assign a router ID to the routers, the system defaultsto the global router ID. Default router IDs are subject
to change, which can result in an unstable link.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 161
Implementing MPLS Traffic Engineering
Configuring Forwarding over the MPLS-TE TunnelSUMMARY STEPS
1. configure
2. interface tunnel-te tunnel-id
3. ipv4 unnumbered type interface-path-id
4. autoroute announce
5. exit
6. router static address-family ipv4 unicast prefix mask ip-address interface type
7. Use one of these commands:
end
commit
8. (Optional) ping {ip-address | hostname}
9. (Optional) show mpls traffic-eng autoroute
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
interface tunnel-te tunnel-id Enters MPLS-TE interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# interface
Step 2
tunnel-te 1
Assigns a source address so that forwarding can be performed on
the new tunnel.
ipv4 unnumbered type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4
Step 3
unnumbered Loopback0
Enables messages that notify the neighbor nodes about the routes
that are forwarding.
autoroute announce
Example:
RP/0/RSP0/CPU0:router(config-if)# autoroute
Step 4
announce
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
162 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring Forwarding over the MPLS-TE TunnelCommand or Action Purpose
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-if)# exit
Step 5
Enables a route using IP version 4 addressing, identifies the
destination address and the tunnel where forwarding is enabled.
router static address-family ipv4 unicast prefix
mask ip-address interface type
Step 6
Example:
RP/0/RSP0/CPU0:router(config)# router static
This configuration is used for static routes when the autoroute
announce command is not used.
address-family ipv4 unicast 2.2.2.2/32
tunnel-te 1
Step 7 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
(Optional)
Checks for connectivity to a particular IP address or host name.
ping {ip-address | hostname}
Example:
RP/0/RSP0/CPU0:router# ping 192.168.12.52
Step 8
(Optional)
Verifies forwarding by displaying what is advertised to IGP for
the TE tunnel.
show mpls traffic-eng autoroute
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
Step 9
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 163
Implementing MPLS Traffic Engineering
Configuring Forwarding over the MPLS-TE TunnelCommand or Action Purpose
autoroute
Related Topics
Overview of MPLS Traffic Engineering, on page 121
Creating an MPLS-TE Tunnel, on page 158
Protecting MPLS Tunnels with Fast Reroute
Perform this task to protect MPLS-TE tunnels, as created in the previous task.
Although this task is similar to the previous task, its importance makes it necessary to present as part of
the tasks required for traffic engineering on Cisco IOS XR software.
Note
Before You Begin
The following prerequisites are required to protect MPLS-TE tunnels:
You must have a router ID for the neighboring router.
Stable router ID is required at either end of the link to ensure that the link is successful. If you do not
assign a router ID to the routers, the system defaultsto the global router ID. Default router IDs are subject
to change, which can result in an unstable link.
You must first configure a primary tunnel.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
164 OL-26056-02
Implementing MPLS Traffic Engineering
Protecting MPLS Tunnels with Fast RerouteSUMMARY STEPS
1. configure
2. interface tunnel-te tunnel-id
3. fast-reroute
4. exit
5. mpls traffic-eng
6. interface type interface-path-id
7. backup-path tunnel-te tunnel-number
8. exit
9. exit
10. interface tunnel-te tunnel-id
11. backup-bw {backup bandwidth |sub-pool {bandwidth | unlimited} | global-pool {bandwidth | unlimited}
}
12. ipv4 unnumbered type interface-path-id
13. path-option preference-priority {explicit name explicit-path-name}
14. destination ip-address
15. Use one of these commands:
end
commit
16. (Optional) show mpls traffic-eng tunnels backup
17. (Optional) show mpls traffic-eng tunnels protection frr
18. (Optional) show mpls traffic-eng fast-reroute database
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
interface tunnel-te tunnel-id Configures an MPLS-TE tunnel interface.
Example:
RP/0/RSP0/CPU0:router# interface tunnel-te 1
Step 2
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 165
Implementing MPLS Traffic Engineering
Protecting MPLS Tunnels with Fast RerouteCommand or Action Purpose
fast-reroute Enables fast reroute.
Example:
RP/0/RSP0/CPU0:router(config-if)# fast-reroute
Step 3
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-if)# exit
Step 4
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls traffic-eng
Step 5
RP/0/RSP0/CPU0:router(config-mpls-te)#
Enables traffic engineering on a particular interface on the
originating node.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# interface
Step 6
pos0/6/0/0
RP/0/RSP0/CPU0:router(config-mpls-te-if)#
backup-path tunnel-te tunnel-number Sets the backup path to the backup tunnel.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-if)#
Step 7
backup-path tunnel-te 2
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-if)# exit
Step 8
RP/0/RSP0/CPU0:router(config-mpls-te)#
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# exit
Step 9
RP/0/RSP0/CPU0:router(config)#
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
166 OL-26056-02
Implementing MPLS Traffic Engineering
Protecting MPLS Tunnels with Fast RerouteCommand or Action Purpose
interface tunnel-te tunnel-id Configures an MPLS-TE tunnel interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface
Step 10
tunnel-te 2
backup-bw {backup bandwidth | sub-pool {bandwidth Sets the CT0 bandwidth required on this interface.
| unlimited} | global-pool {bandwidth | unlimited} }
Step 11
Because the default tunnel priority is 7, tunnels use
the default TE class map.
Note
Example:
RP/0/RSP0/CPU0:router(config-if)#backup-bw
global-pool 5000
Assigns a source address to set up forwarding on the new
tunnel.
ipv4 unnumbered type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4
Step 12
unnumbered Loopback0
Setsthe path option to explicit with a given name (previously
configured) and assigns the path ID.
path-option preference-priority {explicit name
explicit-path-name}
Example:
RP/0/RSP0/CPU0:router(config-if)# path-option
Step 13
l explicit name backup-path
Step 14 destination ip-address Assigns a destination address on the new tunnel.
Example:
RP/0/RSP0/CPU0:router(config-if)# destination
Destination address is the remote nodes MPLS-TE
router ID.
Destination addressisthe merge point between backup
and protected tunnels.
192.168.92.125
When you configure TE tunnel with multiple
protection on its path and merge point is the same
node for more than one protection, you must
configure record-route for that tunnel.
Note
Step 15 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 167
Implementing MPLS Traffic Engineering
Protecting MPLS Tunnels with Fast RerouteCommand or Action Purpose
? Entering yes saves configuration changes to the
running configuration file, exitsthe configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-if)# commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
(Optional)
Displays the backup tunnel information.
show mpls traffic-eng tunnels backup
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
Step 16
tunnels backup
(Optional)
Displays the tunnel protection information for Fast-Reroute
(FRR).
show mpls traffic-eng tunnels protection frr
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
Step 17
tunnels protection frr
(Optional)
Displays the protected tunnel state (for example, the tunnels
current ready or active state).
show mpls traffic-eng fast-reroute database
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
Step 18
fast-reroute database
Related Topics
Fast Reroute, on page 130
Fast Reroute Node Protection, on page 135
Creating an MPLS-TE Tunnel, on page 158
Configuring Forwarding over the MPLS-TE Tunnel, on page 161
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
168 OL-26056-02
Implementing MPLS Traffic Engineering
Protecting MPLS Tunnels with Fast RerouteEnabling an AutoTunnel Backup
Perform this task to configure the AutoTunnel Backup feature. By default, this feature is disabled. You can
configure the AutoTunnel Backup feature for each interface. It has to be explicitly enabled for each interface
or link.
SUMMARY STEPS
1. configure
2. ipv4 unnumbered mpls traffic-eng Loopback 0
3. mpls traffic-eng
4. auto-tunnel backup timers removal unused frequency
5. auto-tunnel backup tunnel-id min minmax max
6. Use one of these commands:
end
commit
7. show mpls traffic-eng auto-tunnel backup summary
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Configures the globally configured IPv4 address that can be used by
the AutoTunnel Backup Tunnels.
ipv4 unnumbered mpls traffic-eng Loopback
0
Step 2
Example:
RP/0/RSP0/CPU0:router(config)#ipv4
unnumbered mpls traffic-eng Loopback 0
Loopback 0 isthe router ID. The AutoTunnel Backup tunnels
will not come up until a global IPv4 address is configured.
Note
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
traffic-eng
Step 3
Configures how frequently a timerscansthe backup automatic tunnels
and removes tunnels that are not in use.
auto-tunnel backup timers removal unused
frequency
Step 4
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
auto-tunnel backup timers removal unused
20
Use the frequency argument to scan the backup automatic tunnel.
Range is 0 to 10080.
You can also configure the auto-tunnel backup command at
mpls traffic-eng interface mode.
Note
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 169
Implementing MPLS Traffic Engineering
Enabling an AutoTunnel BackupCommand or Action Purpose
Configures the range of tunnel interface numbers to be used for
automatic backup tunnels. Range is 0 to 65535.
auto-tunnel backup tunnel-id min minmax max
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
auto-tunnel backup tunnel-id min 6000 max
6500
Step 5
Step 6 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
show mpls traffic-eng auto-tunnel backup Displaysinformation about configured MPLS-TE backup autotunnels.
summary
Step 7
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
auto-tunnel backup summary
Related Topics
Backup AutoTunnels, on page 123
Configure the MPLS-TE Auto-Tunnel Backup: Example, on page 269
Removing an AutoTunnel Backup
To remove all the backup autotunnels, perform this task to remove the AutoTunnel Backup feature.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
170 OL-26056-02
Implementing MPLS Traffic Engineering
Removing an AutoTunnel BackupSUMMARY STEPS
1. clear mpls traffic-eng auto-tunnel backup unused { all | tunnel-tenumber}
2. Use one of these commands:
end
commit
3. show mpls traffic-eng auto-tunnel summary
DETAILED STEPS
Command or Action Purpose
Clears all MPLS-TE automatic backup tunnelsfrom the EXEC mode. You
can also remove the automatic backup tunnel marked with specific
tunnel-te, provided it is currently unused.
clear mpls traffic-eng auto-tunnel backup
unused { all | tunnel-tenumber}
Example:
RP/0/RSP0/CPU0:router# clear mpls
traffic-eng auto-tunnel backup unused
all
Step 1
Step 2 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Displays information about MPLS-TE autotunnels including the ones
removed.
show mpls traffic-eng auto-tunnel summary
Example:
Step 3
RP/0/RSP0/CPU0:router# show mpls
traffic-eng auto-tunnel summary
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 171
Implementing MPLS Traffic Engineering
Removing an AutoTunnel BackupRelated Topics
Backup AutoTunnels, on page 123
Configure the MPLS-TE Auto-Tunnel Backup: Example, on page 269
Establishing MPLS Backup AutoTunnels to Protect Fast Reroutable TE LSPs
To establish an MPLS backup autotunnel to protect fast reroutable TE LSPs, perform these steps:
SUMMARY STEPS
1. configure
2. mpls traffic-eng
3. interface type interface-path-id
4. auto-tunnel backup
5. attribute-set attribute-set-name
6. Use one of these commands:
end
commit
7. show mpls traffic-eng auto-tunnel backup summary
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls traffic-eng
Step 2
Enables traffic engineering on a specific
interface on the originating node.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# interface POS 0/6/0/0
Step 3
Enables an auto-tunnel backup feature for
the specified interface.
auto-tunnel backup
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-if)# auto-tunnel backup
Step 4
You cannot configure the static
backup on the similar link.
Note
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
172 OL-26056-02
Implementing MPLS Traffic Engineering
Establishing MPLS Backup AutoTunnels to Protect Fast Reroutable TE LSPsCommand or Action Purpose
Configures attribute-set template for
auto-tunnel backup tunnels.
attribute-set attribute-set-name
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-if-auto-backup)#attribute-set
ab
Step 5
Step 6 Use one of these commands: Saves configuration changes.
end When you issue the end command,
the system prompts you to commit
changes:
Uncommitted changes found,
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
commit them
before exiting(yes/no/cancel)?
or [cancel]:
RP/0/RSP0/CPU0:router(config)# commit
? Entering yessaves configuration
changes to the running
configuration file, exits the
configuration session, and
returns the router to EXEC
mode.
? Entering no exits the
configuration session and
returns the router to EXEC
mode without committing the
configuration changes.
? Entering cancel leavesthe router
in the current configuration
session without exiting or
committing the configuration
changes.
Use the commit command to save
the configuration changes to the
running configuration file and remain
within the configuration session.
Displays information about configured
MPLS-TE backup autotunnels.
show mpls traffic-eng auto-tunnel backup summary
Example:
RP/0/RSP0/CPU0:router# show mpls traffic auto-tunnel backup summary
Step 7
Related Topics
Backup AutoTunnels, on page 123
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 173
Implementing MPLS Traffic Engineering
Establishing MPLS Backup AutoTunnels to Protect Fast Reroutable TE LSPsConfigure the MPLS-TE Auto-Tunnel Backup: Example, on page 269
Establishing Next-Hop Tunnels with Link Protection
To establish a next-hop tunnel and link protection on the primary tunnel, perform these steps:
SUMMARY STEPS
1. configure
2. mpls traffic-eng
3. interface type interface-path-id
4. auto-tunnel backup nhop-only
5. auto-tunnel backup exclude srlg [preferred]
6. attribute-set attribute-set-name
7. Use one of these commands:
end
commit
8. show mpls traffic-eng tunnels number detail
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls traffic-eng
Step 2
Enables traffic engineering on a specific
interface on the originating node.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# interface POS 0/6/0/0
Step 3
Enables the creation of dynamic NHOP
backup tunnels. By default, both NHOP and
NNHOP protection are enabled.
auto-tunnel backup nhop-only
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-if)# auto-tunnel backup
nhop-only
Step 4
Using this nhop-only option, only
link protection is provided.
Note
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
174 OL-26056-02
Implementing MPLS Traffic Engineering
Establishing Next-Hop Tunnels with Link ProtectionCommand or Action Purpose
Enables the exclusion of SRLG values on
a given link for the AutoTunnel backup
associated with a given interface.
auto-tunnel backup exclude srlg [preferred]
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-if)# auto-tunnel backup exclude
srlg preferred
Step 5
The preferred option allowsthe AutoTunnel
Backup tunnels to come up even if no path
excluding all SRLG is found.
Configures attribute-set template for
auto-tunnel backup tunnels.
attribute-set attribute-set-name
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-if-auto-backup)#attribute-set
ab
Step 6
Step 7 Use one of these commands: Saves configuration changes.
end When you issue the end command,
the system prompts you to commit
changes:
Uncommitted changes found,
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
commit them
before exiting(yes/no/cancel)?
or [cancel]:
RP/0/RSP0/CPU0:router(config)# commit
? Entering yessaves configuration
changes to the running
configuration file, exits the
configuration session, and
returns the router to EXEC
mode.
? Entering no exits the
configuration session and returns
the router to EXEC mode
without committing the
configuration changes.
? Entering cancel leavesthe router
in the current configuration
session without exiting or
committing the configuration
changes.
Use the commit command to save the
configuration changes to the running
configuration file and remain within
the configuration session.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 175
Implementing MPLS Traffic Engineering
Establishing Next-Hop Tunnels with Link ProtectionCommand or Action Purpose
Displays information about configured
NHOP tunnels and SRLG information.
show mpls traffic-eng tunnels number detail
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels 1 detail
Step 8
Related Topics
Backup AutoTunnels, on page 123
Configure the MPLS-TE Auto-Tunnel Backup: Example, on page 269
Configuring a Prestandard DS-TE Tunnel
Perform this task to configure a Prestandard DS-TE tunnel.
Before You Begin
The following prerequisites are required to configure a Prestandard DS-TE tunnel:
You must have a router ID for the neighboring router.
Stable router ID is required at either end of the link to ensure that the link is successful. If you do not
assign a router ID to the routers, the system defaultsto the global router ID. Default router IDs are subject
to change, which can result in an unstable link.
SUMMARY STEPS
1. configure
2. rsvp interface type interface-path-id
3. bandwidth [total reservable bandwidth] [bc0 bandwidth] [global-pool bandwidth] [sub-pool
reservable-bw]
4. exit
5. exit
6. interface tunnel-te tunnel-id
7. signalled-bandwidth {bandwidth [class-type ct] | sub-pool bandwidth}
8. Use one of these commands:
end
commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
176 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring a Prestandard DS-TE TunnelDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
rsvp interface type interface-path-id Enters RSVP configuration mode and selects an RSVP interface.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp interface
Step 2
pos0/6/0/0
Sets the reserved RSVP bandwidth available on this interface by
using the prestandard DS-TE mode. The range for the totalreserve
bandwidth argument is 0 to 4294967295.
bandwidth [total reservable bandwidth] [bc0
bandwidth] [global-pool bandwidth] [sub-pool
reservable-bw]
Step 3
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if)#
Physical interface bandwidth is not used by MPLS-TE.
bandwidth 100 150 sub-pool 50
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if)# exit
Step 4
RP/0/RSP0/CPU0:router(config-rsvp)#
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-rsvp)# exit
Step 5
RP/0/RSP0/CPU0:router(config)#
interface tunnel-te tunnel-id Configures an MPLS-TE tunnel interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface
Step 6
tunnel-te 2
Sets the bandwidth required on this interface. Because the default
tunnel priority is 7, tunnels use the default TE class map (namely,
class-type 1, priority 7).
signalled-bandwidth {bandwidth [class-type ct] |
sub-pool bandwidth}
Example:
RP/0/RSP0/CPU0:router(config-if)#
Step 7
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 177
Implementing MPLS Traffic Engineering
Configuring a Prestandard DS-TE TunnelCommand or Action Purpose
signalled-bandwidth sub-pool 10
Step 8 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-if)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
Prestandard DS-TE Mode, on page 127
Configure IETF DS-TE Tunnels: Example, on page 261
Configuring an IETF DS-TE Tunnel Using RDM
Perform this task to create an IETF mode DS-TE tunnel using RDM.
Before You Begin
The following prerequisites are required to create an IETF mode DS-TE tunnel using RDM:
You must have a router ID for the neighboring router.
Stable router ID is required at either end of the link to ensure that the link is successful. If you do not
assign a router ID to the routers, the system defaultsto the global router ID. Default router IDs are subject
to change, which can result in an unstable link.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
178 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring an IETF DS-TE Tunnel Using RDMSUMMARY STEPS
1. configure
2. rsvp interface type interface-path-id
3. bandwidth rdm {total-reservable-bw | bc0 | global-pool} {sub-pool | bc1 reservable-bw}
4. exit
5. exit
6. mpls traffic-eng
7. ds-te mode ietf
8. exit
9. interface tunnel-te tunnel-id
10. signalled-bandwidth {bandwidth [class-type ct] | sub-pool bandwidth}
11. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
rsvp interface type interface-path-id Enters RSVP configuration mode and selects an RSVP interface.
Example:
RP/0/RSP0/CPU0:router(config)# rsvp interface
Step 2
pos0/6/0/0
Sets the reserved RSVP bandwidth available on this interface by
using the Russian Doll Model (RDM) bandwidth constraints
bandwidth rdm {total-reservable-bw | bc0 |
global-pool} {sub-pool | bc1 reservable-bw}
Step 3
model. The range for the total reserve bandwidth argument is 0
to 4294967295.
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if)#
Physical interface bandwidth is not used by
MPLS-TE.
Note
bandwidth rdm 100 150
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if)# exit
Step 4
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 179
Implementing MPLS Traffic Engineering
Configuring an IETF DS-TE Tunnel Using RDMCommand or Action Purpose
RP/0/RSP0/CPU0:router(config-rsvp)
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-rsvp) exit
Step 5
RP/0/RSP0/CPU0:router(config)
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
Step 6
traffic-eng
RP/0/RSP0/CPU0:router(config-mpls-te)#
Enables IETF DS-TE mode and default TE class map. IETF
DS-TE mode is configured on all network nodes.
ds-te mode ietf
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# ds-te
Step 7
mode ietf
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# exit
Step 8
interface tunnel-te tunnel-id Configures an MPLS-TE tunnel interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface
Step 9
tunnel-te 4
RP/0/RSP0/CPU0:router(config-if)#
Configures the bandwidth required for an MPLS TE tunnel.
Because the default tunnel priority is 7, tunnels use the default
TE class map (namely, class-type 1, priority 7).
signalled-bandwidth {bandwidth [class-type ct] |
sub-pool bandwidth}
Example:
RP/0/RSP0/CPU0:router(config-if)#
Step 10
signalled-bandwidth 10 class-type 1
Step 11 Use one of these commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
180 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring an IETF DS-TE Tunnel Using RDMCommand or Action Purpose
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
end
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-if)# commit ? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changesto the running configuration file and remain within
the configuration session.
Related Topics
Russian Doll Bandwidth Constraint Model, on page 128
Configuring an IETF DS-TE Tunnel Using MAM
Perform this task to configure an IETF mode differentiated services traffic engineering tunnel using the
Maximum Allocation Model (MAM) bandwidth constraint model.
Before You Begin
The following prerequisites are required to configure an IETF mode differentiated servicestraffic engineering
tunnel using the MAM bandwidth constraint model:
You must have a router ID for the neighboring router.
Stable router ID is required at either end of the link to ensure that the link is successful. If you do not
assign a router ID to the routers, the system defaultsto the global router ID. Default router IDs are subject
to change, which can result in an unstable link.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 181
Implementing MPLS Traffic Engineering
Configuring an IETF DS-TE Tunnel Using MAMSUMMARY STEPS
1. configure
2. rsvp interface type interface-path-id
3. bandwidth mam {total reservable bandwidth | max-reservable-bw maximum-reservable-bw} [bc0
reservable bandwidth] [bc1 reservable bandwidth]
4. exit
5. exit
6. mpls traffic-eng
7. ds-te mode ietf
8. ds-te bc-model mam
9. exit
10. interface tunnel-te tunnel-id
11. signalled-bandwidth {bandwidth [class-type ct] | sub-pool bandwidth}
12. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters RSVP configuration mode and selects the RSVP
interface.
rsvp interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# rsvp interface
Step 2
pos0/6/0/0
bandwidth mam {total reservable bandwidth | Setsthe reserved RSVP bandwidth available on thisinterface.
max-reservable-bw maximum-reservable-bw} [bc0
reservable bandwidth] [bc1 reservable bandwidth]
Step 3
Physical interface bandwidth is not used by
MPLS-TE.
Note
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if)# bandwidth
mam max-reservable-bw 400 bc0 300 bc1 200
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
182 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring an IETF DS-TE Tunnel Using MAMCommand or Action Purpose
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if)# exit
Step 4
RP/0/RSP0/CPU0:router(config-rsvp)#
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-rsvp)# exit
Step 5
RP/0/RSP0/CPU0:router(config)#
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls traffic-eng
Step 6
RP/0/RSP0/CPU0:router(config-mpls-te)#
Enables IETF DS-TE mode and default TE class map.
Configure IETF DS-TE mode on all nodes in the network.
ds-te mode ietf
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# ds-te
Step 7
mode ietf
ds-te bc-model mam Enables the MAM bandwidth constraint model globally.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# ds-te
Step 8
bc-model mam
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# exit
Step 9
interface tunnel-te tunnel-id Configures an MPLS-TE tunnel interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface
Step 10
tunnel-te 4
RP/0/RSP0/CPU0:router(config-if)#
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 183
Implementing MPLS Traffic Engineering
Configuring an IETF DS-TE Tunnel Using MAMCommand or Action Purpose
Configures the bandwidth required for an MPLS TE tunnel.
Because the default tunnel priority is 7, tunnels use the default
TE class map (namely, class-type 1, priority 7).
signalled-bandwidth {bandwidth [class-type ct] |
sub-pool bandwidth}
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if)#
Step 11
signalled-bandwidth 10 class-type 1
Step 12 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-rsvp-if)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
or session, and returns the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-rsvp-if)# commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Related Topics
Maximum Allocation Bandwidth Constraint Model, on page 128
Configuring MPLS -TE and Fast-Reroute on OSPF
Perform this task to configure MPLS-TE and Fast Reroute (FRR) on OSPF.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
184 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring MPLS -TE and Fast-Reroute on OSPFBefore You Begin
Only point-to-point (P2P) interfaces are supported for OSPF multiple adjacencies. These may be either
native P2P interfaces or broadcast interfaces on which the OSPF P2P configuration command is applied
to force them to behave as P2P interfaces as far as OSPF is concerned. This restriction does not apply to
IS-IS.
The tunnel-te interface is not supported under IS-IS.
Note
SUMMARY STEPS
1. configure
2. interface tunnel-te tunnel-id
3. path-option [protecting ] preference-priority {dynamic [pce [address ipv4 address] | explicit {name
pathname | identifier path-number } } [isis instance name {level level} ] [ospf instance name {area area
ID} ] ] [verbatim] [lockdown]
4. Repeat Step 3 as many times as needed.
5. Use one of these commands:
end
commit
6. show mpls traffic-eng tunnels [tunnel-number]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Configures an MPLS-TE tunnel interface. The range for the
tunnel ID number is 0 to 65535.
interface tunnel-te tunnel-id
Example:
RP/0/RSP0/CPU0:router(config)# interface
Step 2
tunnel-te 1
RP/0/RSP0/CPU0:router(config-if)#
Configures an explicit path option for an MPLS-TE tunnel.
OSPF is limited to a single OSPF instance and area.
path-option [protecting ] preference-priority {dynamic
[pce [address ipv4 address] | explicit {name pathname
| identifier path-number } } [isis instance name {level
Step 3
level} ] [ospf instance name {area area ID} ] ]
[verbatim] [lockdown]
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 185
Implementing MPLS Traffic Engineering
Configuring MPLS -TE and Fast-Reroute on OSPFCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-if)# path-option
1 explicit identifier 6 ospf green area 0
Repeat Step 3 as many times as needed. Configures another explicit path option.
Example:
RP/0/RSP0/CPU0:router(config-if)# path-option
Step 4
2 explicit name 234 ospf 3 area 7 verbatim
Step 5 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-if)# commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
show mpls traffic-eng tunnels [tunnel-number] Displays information about MPLS-TE tunnels.
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
Step 6
tunnels 1
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
186 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring MPLS -TE and Fast-Reroute on OSPFConfiguring the Ignore Integrated IS-IS Overload Bit Setting in MPLS-TE
Perform this task to configure an overload node avoidance in MPLS-TE. When the overload bit is enabled,
tunnels are brought down when the overload node is found in the tunnel path.
SUMMARY STEPS
1. configure
2. mpls traffic-eng
3. path-selection ignore overload {head | mid | tail}
4. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
Step 2
traffic-eng
RP/0/RSP0/CPU0:router(config-mpls-te)#
Ignoresthe Intermediate System-to-Intermediate System (IS-IS) overload
bit setting for MPLS-TE.
path-selection ignore overload {head | mid |
tail}
Step 3
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
If set-overload-bit is set by IS-IS on the head router, the tunnels stay
up.
path-selection ignore overload head
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 187
Implementing MPLS Traffic Engineering
Configuring the Ignore Integrated IS-IS Overload Bit Setting in MPLS-TECommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
end
or
RP/0/RSP0/CPU0:router(config-mpls-te)# ? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
commit
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Related Topics
Ignore Intermediate System-to-Intermediate System Overload Bit Setting in MPLS-TE, on page 131
Configure the Ignore IS-IS Overload Bit Setting in MPLS-TE: Example, on page 262
Configuring Flexible Name-based Tunnel Constraints
To fully configure MPLS-TE flexible name-based tunnel constraints, you must complete these high-level
tasks in order:
1 Assigning Color Names to Numeric Values, on page 188
2 Associating Affinity-Names with TE Links, on page 190
3 Associating Affinity Constraints for TE Tunnels, on page 192
Assigning Color Names to Numeric Values
The first task in enabling the new coloring scheme is to assign a numerical value (in hexadecimal) to each
value (color).
An affinity color name cannot exceed 64 characters. An affinity value cannot exceed a single digit. For
example, magenta1.
Note
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
188 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring Flexible Name-based Tunnel ConstraintsSUMMARY STEPS
1. configure
2. mpls traffic-eng
3. affinity-map affinity name {affinity value | bit-position value}
4. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
Step 2
traffic-eng
RP/0/RSP0/CPU0:router(config-mpls-te)#
Enters an affinity name and a map value by using a color name (repeat
this command to assign multiple colors up to a maximum of 64 colors).
affinity-map affinity name {affinity value |
bit-position value}
Step 3
An affinity color name cannot exceed 64 characters. The value you assign
to a color name must be a single digit.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
affinity-map red 1
Step 4 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
or the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-mpls-te)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 189
Implementing MPLS Traffic Engineering
Configuring Flexible Name-based Tunnel ConstraintsCommand or Action Purpose
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Related Topics
Flexible Name-based Tunnel Constraints, on page 132
Configure Flexible Name-based Tunnel Constraints: Example, on page 263
Associating Affinity-Names with TE Links
The next step in the configuration of MPLS-TE Flexible Name-based Tunnel Constraints is to assign affinity
names and values to TE links. You can assign up to a maximum of 32 colors. Before you assign a color to a
link, you must define the name-to-value mapping for each color.
SUMMARY STEPS
1. configure
2. mpls traffic-eng
3. interface type interface-path-id
4. attribute-names attribute name
5. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
190 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring Flexible Name-based Tunnel ConstraintsCommand or Action Purpose
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
Step 2
traffic-eng
RP/0/RSP0/CPU0:router(config-mpls-te)#
Enables MPLS-TE on an interface and enters MPLS-TE interface
configuration mode.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
Step 3
interface tunnel-te 2
RP/0/RSP0/CPU0:router(config-mpls-te-if)#
attribute-names attribute name Assigns colors to TE links over the selected interface.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-if)#
Step 4
attribute-names red
Step 5 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-if)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
or returns the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-mpls-te-if)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 191
Implementing MPLS Traffic Engineering
Configuring Flexible Name-based Tunnel ConstraintsRelated Topics
Flexible Name-based Tunnel Constraints, on page 132
Configure Flexible Name-based Tunnel Constraints: Example, on page 263
Assigning Color Names to Numeric Values, on page 188
Associating Affinity Constraints for TE Tunnels
The final step in the configuration of MPLS-TE Flexible Name-based Tunnel Constraints requires that you
associate a tunnel with affinity constraints.
Using this model, there are no masks. Instead, there is support for four types of affinity constraints:
include
include-strict
exclude
exclude-all
Note For the affinity constraints above, all but the exclude-all constraint may be associated with up to 10 colors.
SUMMARY STEPS
1. configure
2. interface tunnel-te tunnel-id
3. affinity {affinity-value mask mask-value | exclude name | exclude -all | include name | include-strict
name}
4. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
192 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring Flexible Name-based Tunnel ConstraintsCommand or Action Purpose
interface tunnel-te tunnel-id Configures an MPLS-TE tunnel interface.
Example:
RP/0/RSP0/CPU0:router(config)#
Step 2
interface tunnel-te 1
Configures link attributes for links comprising a tunnel. You can have up
to ten colors.
affinity {affinity-value mask mask-value |
exclude name | exclude -all | include name
| include-strict name}
Step 3
Multiple include statements can be specified under tunnel configuration.
With this configuration, a link is eligible for CSPF if it has at least a red
Example:
RP/0/RSP0/CPU0:router(config-if)#
color or has at least a green color. Thus, a link with red and any other colors
as well as a link with green and any additional colors meet the above
affinity include red constraint.
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-if)#
commit
? Entering no exitsthe configuration session and returnsthe router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Related Topics
Flexible Name-based Tunnel Constraints, on page 132
Configure Flexible Name-based Tunnel Constraints: Example, on page 263
Configuring IS-IS to Flood MPLS-TE Link Information
Perform this task to configure a router running the Intermediate System-to-Intermediate System (IS-IS)
protocol to flood MPLS-TE link information into multiple IS-IS levels.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 193
Implementing MPLS Traffic Engineering
Configuring IS-IS to Flood MPLS-TE Link InformationThis procedure shows how to enable MPLS-TE in both IS-IS Level 1 and Level 2.
SUMMARY STEPS
1. configure
2. router isis instance-id
3. net network-entity-title
4. address-family {ipv4 | ipv6} {unicast}
5. metric-style wide
6. mpls traffic-eng level
7. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
router isis instance-id Enters an IS-IS instance.
Example:
RP/0/RSP0/CPU0:router(config)# router isis
Step 2
1
net network-entity-title Enters an IS-IS network entity title (NET) for the routing process.
Example:
RP/0/RSP0/CPU0:router(config-isis)# net
Step 3
47.0001.0000.0000.0002.00
Enters address family configuration mode for configuring IS-IS
routing that uses IPv4 and IPv6 address prefixes.
address-family {ipv4 | ipv6} {unicast}
Example:
RP/0/RSP0/CPU0:router(config-isis)#
Step 4
address-family ipv4 unicast
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
194 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring IS-IS to Flood MPLS-TE Link InformationCommand or Action Purpose
metric-style wide Enters the new-style type, length, and value (TLV) objects.
Example:
RP/0/RSP0/CPU0:router(config-isis-af)#
Step 5
metric-style wide
mpls traffic-eng level Enters the required MPLS-TE level or levels.
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# mpls
Step 6
traffic-eng level-1-2
Step 7 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-isis-af)# end
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-isis-af)#
commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Configuring an OSPF Area of MPLS-TE
Perform this task to configure an OSPF area for MPLS-TE in both the OSPF backbone area 0 and area 1.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 195
Implementing MPLS Traffic Engineering
Configuring an OSPF Area of MPLS-TESUMMARY STEPS
1. configure
2. router ospf process-name
3. mpls traffic-eng router-id type interface-path-id
4. area area-id
5. interface type interface-path-id
6. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
router ospf process-name Enters a name that uniquely identifies an OSPF routing process.
Example:
RP/0/RSP0/CPU0:router(config)# router
Step 2
process-name
Any alphanumeric string no longer than 40 characters without
spaces.
ospf 100
Entersthe MPLS interface type. For more information, use the question
mark (?) online help function.
mplstraffic-eng router-id type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-ospf)# mpls
Step 3
traffic-eng router-id Loopback0
area area-id Enters an OSPF area identifier.
Example:
RP/0/RSP0/CPU0:router(config-ospf)# area
Step 4
area-id
Either a decimal value or an IP address.
0
Identifies an interface ID. For more information, use the question mark
(?) online help function.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-ospf-ar)#
Step 5
interface POS 0/2/0/0
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
196 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring an OSPF Area of MPLS-TECommand or Action Purpose
Step 6 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-ospf-ar)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
or returns the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-ospf-ar)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring Explicit Paths with ABRs Configured as Loose Addresses
Perform this task to specify an IPv4 explicit path with ABRs configured as loose addresses.
SUMMARY STEPS
1. configure
2. explicit-path name name
3. index index-id next-address [loose] ipv4 unicast ip-address
4. Use one of the following commands:
end
commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 197
Implementing MPLS Traffic Engineering
Configuring Explicit Paths with ABRs Configured as Loose AddressesDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
explicit-path name name Enters a name for the explicit path.
Example:
RP/0/RSP0/CPU0:router(config)#
Step 2
explicit-path name interarea1
index index-id next-address [loose] ipv4 unicast Includes an address in an IP explicit path of a tunnel.
ip-address
Step 3
Example:
RP/0/RSP0/CPU0:router(config-expl-path)#
index 1 next-address loose ipv4 unicast
10.10.10.10
Step 4 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-expl-path)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
or returns the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-expl-path)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the
configuration session.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
198 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring Explicit Paths with ABRs Configured as Loose AddressesConfiguring MPLS-TE Forwarding Adjacency
Perform this task to configure forwarding adjacency on a specific tunnel-te interface.
SUMMARY STEPS
1. configure
2. interface tunnel-te tunnel-id
3. forwarding-adjacency holdtime value
4. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
interface tunnel-te tunnel-id Enters MPLS-TE interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)#
Step 2
interface tunnel-te 1
Configures forwarding adjacency using an optional specific holdtime
value. By default, this value is 0 (milliseconds).
forwarding-adjacency holdtime value
Example:
RP/0/RSP0/CPU0:router(config-if)#
Step 3
forwarding-adjacency holdtime 60
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 199
Implementing MPLS Traffic Engineering
Configuring MPLS-TE Forwarding AdjacencyCommand or Action Purpose
or
RP/0/RSP0/CPU0:router(config-if)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Related Topics
MPLS-TE Forwarding Adjacency Benefits, on page 136
Configure Forwarding Adjacency: Example, on page 265
Configuring a Path Computation Client and Element
Perform these tasks to configure Path Comptation Client (PCC) and Path Computation Element (PCE):
Configuring a Path Computation Client, on page 200
Configuring a Path Computation Element Address, on page 202
Configuring PCE Parameters, on page 203
Configuring a Path Computation Client
Perform this task to configure a TE tunnel as a PCC.
Note Only one TE-enabled IGP instance can be used at a time.
SUMMARY STEPS
1. configure
2. interface tunnel-te tunnel-id
3. path-option preference-priority dynamic pce
4. Use one of these commands:
end
commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
200 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring a Path Computation Client and ElementDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters MPLS-TE interface configuration mode and enables traffic
engineering on a particular interface on the originating node.
interface tunnel-te tunnel-id
Example:
RP/0/RSP0/CPU0:router(config)#
Step 2
interface tunnel-te 6
path-option preference-priority dynamic pce Configures a TE tunnel as a PCC.
Example:
RP/0/RSP0/CPU0:router(config-if)#
Step 3
path-option 1 dynamic pce
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-if)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Related Topics
Path Computation Element, on page 136
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 201
Implementing MPLS Traffic Engineering
Configuring a Path Computation Client and ElementConfigure PCE: Example, on page 265
Configuring a Path Computation Element Address
Perform this task to configure a PCE address.
Note Only one TE-enabled IGP instance can be used at a time.
SUMMARY STEPS
1. configure
2. mpls traffic-eng
3. pce address ipv4 address
4. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng Enters the MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
Step 2
traffic-eng
pce address ipv4 address Configures a PCE IPv4 address.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
Step 3
pce address ipv4 10.1.1.1
Step 4 Use one of the following commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
202 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring a Path Computation Client and ElementCommand or Action Purpose
When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
end
commit
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-mpls-te)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Related Topics
Path Computation Element, on page 136
Configure PCE: Example, on page 265
Configuring PCE Parameters
Perform this task to configure PCE parameters, including a static PCE peer, periodic reoptimization timer
values, and request timeout values.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 203
Implementing MPLS Traffic Engineering
Configuring a Path Computation Client and ElementSUMMARY STEPS
1. configure
2. mpls traffic-eng
3. pce address ipv4 address
4. pce peer ipv4 address
5. pce keepalive interval
6. pce deadtimer value
7. pce reoptimize value
8. pce request-timeout value
9. pce tolerance keepalive value
10. Use one of the following commands:
end
commit
11. show mpls traffic-eng pce peer [address | all]
12. show mpls traffic-eng pce tunnels
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
Step 2
traffic-eng
pce address ipv4 address Configures a PCE IPv4 address.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# pce
Step 3
address ipv4 10.1.1.1
Configures a static PCE peer address. PCE peers are also
discovered dynamically through OSPF or ISIS.
pce peer ipv4 address
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# pce
Step 4
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
204 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring a Path Computation Client and ElementCommand or Action Purpose
peer address ipv4 10.1.1.1
Configures a PCEP keepalive interval. The range is from 0 to 255
seconds. When the keepalive interval is 0, the LSR does not send
keepalive messages.
pce keepalive interval
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# pce
Step 5
keepalive 10
Configures a PCE deadtimer value. The range is from 0 to 255
seconds. When the dead interval is 0, the LSR does not timeout a
PCEP session to a remote peer.
pce deadtimer value
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# pce
Step 6
deadtimer 50
Configures a periodic reoptimization timer value. The range is
from 60 to 604800 seconds. When the dead interval is 0, the LSR
does not timeout a PCEP session to a remote peer.
pce reoptimize value
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# pce
Step 7
reoptimize 200
Configures a PCE request-timeout. Range isfrom 5 to 100 seconds.
PCC or PCE keeps a pending path request only for the
request-timeout period.
pce request-timeout value
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# pce
Step 8
request-timeout 10
Configures a PCE tolerance keepalive value (which is the
minimum acceptable peer proposed keepalive).
pce tolerance keepalive value
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# pce
Step 9
tolerance keepalive 10
Step 10 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# end
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-mpls-te)#
commit
? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 205
Implementing MPLS Traffic Engineering
Configuring a Path Computation Client and ElementCommand or Action Purpose
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
show mpls traffic-eng pce peer [address | all] Displays the PCE peer address and state.
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
Step 11
pce peer
show mpls traffic-eng pce tunnels Displays the status of the PCE tunnels.
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
Step 12
pce tunnels
Related Topics
Path Computation Element, on page 136
Configure PCE: Example, on page 265
Configuring Path Protection on MPLS-TE
These tasks show how to configure path protection on MPLS-TE:
Enabling Path Protection for an Interface
Perform this task to enable path protection for a given tunnel interface.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
206 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring Path Protection on MPLS-TESUMMARY STEPS
1. configure
2. interface tunnel-te tunnel-id
3. path-protection
4. Use one of these commands:
end
commit
5. show mpls traffic-eng tunnels [tunnel-number]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Configures an MPLS-TE tunnel interface and enablestraffic engineering
on a particular interface on the originating node.
interface tunnel-te tunnel-id
Example:
RP/0/RSP0/CPU0:router(config)# interface
Step 2
tunnel-te 6
path-protection Enables path protection on the tunnel-te interface.
Example:
RP/0/RSP0/CPU0:router(config-if)#
Step 3
path-protection
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-if)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 207
Implementing MPLS Traffic Engineering
Configuring Path Protection on MPLS-TECommand or Action Purpose
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Displays information that path protection is enabled on the tunnel-te
interface for tunnel number 6.
show mplstraffic-eng tunnels[tunnel-number]
Example:
RP/0/RSP0/CPU0:router# show mpls
Step 5
traffic-eng tunnels 6
Related Topics
Path Protection, on page 138
Prerequisites for Path Protection, on page 138
Restrictions for Path Protection, on page 139
Configure Tunnels for Path Protection: Example, on page 266
Assigning a Dynamic Path Option to a Tunnel
Perform this task to assign a secondary path option in case there is a link or node failure along a path and all
interfaces in your network are not protected.
SUMMARY STEPS
1. configure
2. interface tunnel-te tunnel-id
3. path-option preference-priority dynamic
4. Use one of these commands:
end
commit
5. show mpls traffic-eng tunnels [tunnel-number]
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
208 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring Path Protection on MPLS-TEDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Configures an MPLS-TE tunnel interface and enablestraffic engineering
on a particular interface on the originating node.
interface tunnel-te tunnel-id
Example:
RP/0/RSP0/CPU0:router(config)# interface
Step 2
tunnel-te 6
path-option preference-priority dynamic Configures a secondary path option for an MPLS-TE tunnel.
Example:
RP/0/RSP0/CPU0:router(config-if)#
Step 3
path-option 10 dynamic
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-if)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Displays information about the secondary path option that on the
tunnel-te interface for tunnel number 6.
show mplstraffic-eng tunnels[tunnel-number]
Example:
RP/0/RSP0/CPU0:router# show mpls
Step 5
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 209
Implementing MPLS Traffic Engineering
Configuring Path Protection on MPLS-TECommand or Action Purpose
traffic-eng tunnels 6
Related Topics
Path Protection, on page 138
Prerequisites for Path Protection, on page 138
Restrictions for Path Protection, on page 139
Configure Tunnels for Path Protection: Example, on page 266
Forcing a Manual Switchover on a Path-Protected Tunnel
Perform this task to force a manual switchover on a path-protected tunnel.
SUMMARY STEPS
1. mpls traffic-eng path-protection switchover tunnel-te tunnel-ID
DETAILED STEPS
Command or Action Purpose
Forces the path protection switchover of the
Point-to-Point (P2P) tunnel on the tunnel-te interface.
mplstraffic-eng path-protection switchover tunnel-te tunnel-ID
Example:
RP/0/RSP0/CPU0:router# mpls traffic-eng path-protection
Step 1
switchover tunnel-te 6
Related Topics
Path Protection, on page 138
Prerequisites for Path Protection, on page 138
Restrictions for Path Protection, on page 139
Configure Tunnels for Path Protection: Example, on page 266
Configuring the Delay the Tunnel Takes Before Reoptimization
Perform this task to configure the time between when a path-protection switchover event is effected on a
tunnel head to when a reoptimization is performed on that tunnel. This timer affects only the required
reoptimization that is attempted due to a switchover and does not override the global reoptimization timer.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
210 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring Path Protection on MPLS-TESUMMARY STEPS
1. configure
2. mpls traffic-eng
3. reoptimize timers delay path-protection seconds
4. Use one of the following commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router# mpls traffic-eng
Step 2
Adjusts the number of seconds that the tunnel takes before triggering
reoptimization after switchover has happened.
The restriction is that at least one dynamic path-option must be
configured for a standby LSP to come up. The strict (explicit) path
option is not supported for the standby LSP.
Note
reoptimize timers delay path-protection
seconds
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
Step 3
reoptimize timers delay
path-protection 180
Step 4 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
or the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-mpls-te)#
commit
? Entering no exitsthe configuration session and returnsthe router
to EXEC mode without committing the configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 211
Implementing MPLS Traffic Engineering
Configuring Path Protection on MPLS-TECommand or Action Purpose
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Related Topics
Path Protection, on page 138
Prerequisites for Path Protection, on page 138
Restrictions for Path Protection, on page 139
Configure Tunnels for Path Protection: Example, on page 266
Configuring the Automatic Bandwidth
Perform these tasks to configure the automatic bandwidth:
Configuring the Collection Frequency
Perform thistask to configure the collection frequency. You can configure only one global collection frequency.
SUMMARY STEPS
1. configure
2. mpls traffic-eng
3. auto-bw collect frequency minutes
4. Use one of the following commands:
end
commit
5. show mpls traffic-eng tunnels [auto-bw]
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
212 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring the Automatic BandwidthDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
Step 2
traffic-eng
RP/0/RSP0/CPU0:router(config-mpls-te)#
Configures the automatic bandwidth collection frequency, and controls
the manner in which the bandwidth for a tunnel collects output rate
information; but does not adjust the tunnel bandwidth.
auto-bw collect frequency minutes
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
Step 3
minutes
auto-bw collect frequency 1
Configuresthe interval between automatic bandwidth adjustments
in minutes. Range is from 1 to 10080.
Step 4 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
or the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-mpls-te)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 213
Implementing MPLS Traffic Engineering
Configuring the Automatic BandwidthCommand or Action Purpose
Displays information about MPLS-TE tunnels for the automatic
bandwidth. The globally configured collection frequency is displayed.
show mpls traffic-eng tunnels [auto-bw]
Example:
RP/0/RSP0/CPU0:router# show mpls traffic
Step 5
tunnels auto-bw
Related Topics
MPLS-TE Automatic Bandwidth Overview, on page 139
Configure Automatic Bandwidth: Example, on page 267
Forcing the Current Application Period to Expire Immediately
Perform this task to force the current application period to expire immediately on the specified tunnel. The
highest bandwidth is applied on the tunnel before waiting for the application period to end on its own.
SUMMARY STEPS
1. mpls traffic-eng auto-bw apply {all | tunnel-te tunnel-number}
2. show mpls traffic-eng tunnels [auto-bw]
DETAILED STEPS
Command or Action Purpose
Configures the highest bandwidth available on a tunnel without
waiting for the current application period to end.
mpls traffic-eng auto-bw apply {all | tunnel-te
tunnel-number}
Example:
RP/0/RSP0/CPU0:router# mpls traffic-eng
Step 1
all
Configures the highest bandwidth available instantly on all
the tunnels.
auto-bw apply tunnel-te 1
tunnel-te
Configures the highest bandwidth instantly to the specified
tunnel. Range is from 0 to 65535.
Displays information about MPLS-TE tunnels for the automatic
bandwidth.
show mpls traffic-eng tunnels [auto-bw]
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
Step 2
tunnels auto-bw
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
214 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring the Automatic BandwidthConfiguring the Automatic Bandwidth Functions
Perform this task to configure the following automatic bandwidth functions:
Application frequency
Configuresthe application frequency in which a tunnel bandwidth is updated by the automatic bandwidth.
Bandwidth collection
Configures only the bandwidth collection.
Bandwidth parameters
Configures the minimum and maximum automatic bandwidth to set on a tunnel.
Adjustment threshold
Configures the adjustment threshold for each tunnel.
Overflow detection
Configures the overflow detection for each tunnel.
SUMMARY STEPS
1. configure
2. interface tunnel-te tunnel-id
3. auto-bw
4. application minutes
5. bw-limit {min bandwidth } {max bandwidth}
6. adjustment-threshold percentage [min minimum-bandwidth]
7. overflow threshold percentage [min bandwidth] limit limit
8. Use one of the following commands:
end
commit
9. show mpls traffic-eng tunnels [auto-bw]
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 215
Implementing MPLS Traffic Engineering
Configuring the Automatic BandwidthDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Configures an MPLS-TE tunnel interface and enables traffic
engineering on a particular interface on the originating node.
interface tunnel-te tunnel-id
Example:
RP/0/RSP0/CPU0:router(config)# interface
Step 2
tunnel-te 6
RP/0/RSP0/CPU0:router(config-if)#
Configures automatic bandwidth on a tunnel interface and enters
MPLS-TE automatic bandwidth interface configuration mode.
auto-bw
Example:
RP/0/RSP0/CPU0:router(config-if)# auto-bw
Step 3
RP/0/RSP0/CPU0:router(config-if-tunte-autobw)#
Configures the application frequency in minutes for the applicable
tunnel.
application minutes
Example:
RP/0/RSP0/CPU0:router(config-if-tunte-autobw)#
Step 4
minutes
Frequency in minutes for the automatic bandwidth
application. Range is from 5 to 10080 (7 days). The default
value is 1440 (24 hours).
application 1000
Configures the minimum and maximum automatic bandwidth set
on a tunnel.
bw-limit {min bandwidth } {max bandwidth}
Example:
RP/0/RSP0/CPU0:router(config-if-tunte-autobw)#
Step 5
min
Applies the minimum automatic bandwidth in kbps on a
tunnel. Range is from 0 to 4294967295.
bw-limit min 30 max 80
max
Applies the maximum automatic bandwidth in kbps on a
tunnel. Range is from 0 to 4294967295.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
216 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring the Automatic BandwidthCommand or Action Purpose
Configures the tunnel bandwidth change threshold to trigger an
adjustment.
adjustment-threshold percentage [min
minimum-bandwidth]
Example:
RP/0/RSP0/CPU0:router(config-if-tunte-autobw)#
Step 6
percentage
Bandwidth change percent threshold to trigger an adjustment
if the largest sample percentage is higher or lower than the
current tunnel bandwidth. Range is from 1 to 100 percent.
The default value is 5 percent.
adjustment-threshold 50 min 800
min
Configures the bandwidth change value to trigger an
adjustment. The tunnel bandwidth is changed only if the
largest sample is higher or lower than the current tunnel
bandwidth. Range is from 10 to 4294967295 kilobits per
second (kbps). The default value is 10 kbps.
overflow threshold percentage [min bandwidth] limit Configures the tunnel overflow detection.
limit
Step 7
percentage
Example:
RP/0/RSP0/CPU0:router(config-if-tunte-autobw)#
Bandwidth change percent to trigger an overflow. Range is
from 1 to 100 percent.
overflow threshold 100 limit 1
limit
Configures the number of consecutive collection intervals
that exceeds the threshold. The bandwidth overflow triggers
an early tunnel bandwidth update. Range is from 1 to 10
collection periods. The default value is none.
min
Configures the bandwidth change value in kbps to trigger
an overflow. Range is from 10 to 4294967295. The default
value is 10.
Step 8 Use one of the following commands: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-if-tunte-autobw)#
end
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
or returns the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-if-tunte-autobw)#
commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 217
Implementing MPLS Traffic Engineering
Configuring the Automatic BandwidthCommand or Action Purpose
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Displays the MPLS-TE tunnel information only for tunnels in
which the automatic bandwidth is enabled.
show mpls traffic-eng tunnels [auto-bw]
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
Step 9
tunnels auto-bw
Related Topics
MPLS-TE Automatic Bandwidth Overview, on page 139
Configure Automatic Bandwidth: Example, on page 267
Configuring the Shared Risk Link Groups
To activate the MPLS traffic engineering SRLG feature, you must configure the SRLG value of each link that
has a shared risk with another link.
Configuring the SRLG Values of Each Link that has a Shared Risk with Another Link
Perform this task to configure the SRLG value for each link that has a shared risk with another link.
Note You can configure up to 30 SRLGs per interface.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
218 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring the Shared Risk Link GroupsSUMMARY STEPS
1. configure
2. srlg
3. interface type interface-path-id
4. value value
5. Use one of these commands:
end
commit
6. show srlg interface type interface-path-id
7. show srlg
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Configures SRLG configuration commands on a specific interface
configuration mode and assigns this SRLG a value.
srlg
Example:
RP/0/RSP0/CPU0:router(config)# srlg
Step 2
Configures an interface type and path ID to be associated with an SRLG
and enters SRLG interface configuration mode.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-srlg)#
interface POS 0/6/0/0
Step 3
Configures SRLG network values for a specific interface. Range is 0
to 4294967295.
value value
Example:
RP/0/RSP0/CPU0:router(config-srlg-if)#
value 100
Step 4
You can also set SRLG values on multiple interfacesincluding
bundle interface.
Note
RP/0/RSP0/CPU0:router (config-srlg-if)#
value 200
RP/0/RSP0/CPU0:router(config-srlg-if)#
value 300
Step 5 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 219
Implementing MPLS Traffic Engineering
Configuring the Shared Risk Link GroupsCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
show srlg interface type interface-path-id (Optional) Displaysthe SRLG values configured for a specific interface.
Example:
RP/0/RSP0/CPU0:router# show srlg
interface POS 0/6/0/0
Step 6
Step 7 show srlg (Optional) Displays the SRLG values for all the configured interfaces.
Example:
RP/0/RSP0/CPU0:router# show srlg
You can configure up to 250
interfaces.
Note
Related Topics
MPLS Traffic Engineering Shared Risk Link Groups, on page 146
Explicit Path, on page 147
Fast ReRoute with SRLG Constraints, on page 148
Importance of Protection, on page 149
Delivery of Packets During a Failure, on page 150
Multiple Backup Tunnels Protecting the Same Interface , on page 150
SRLG Limitations, on page 150
Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267
Creating an Explicit Path With Exclude SRLG
Perform this task to create an explicit path with the exclude SRLG option.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
220 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring the Shared Risk Link GroupsSUMMARY STEPS
1. configure
2. explicit-path {identifier number [disable | index]}{ name explicit-path-name}
3. index 1 exclude-address 192.168.92.1
4. index 2 exclude-srlg 192.168.92.2
5. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters the explicit path configuration mode. Identifer range is 1 to
65535.
explicit-path {identifier number [disable |
index]}{ name explicit-path-name}
Example:
RP/0/RSP0/CPU0:router(config)#
explicit-path name backup-srlg
Step 2
index 1 exclude-address 192.168.92.1 Specifies the IP address to be excluded from the explicit path.
Example:
RP/0/RSP0/CPU0:router
router(config-expl-path)# index 1
exclude-address 192.168.92.1
Step 3
Specifies the IP address to extract SRLGs to be excluded from the
explicit path.
index 2 exclude-srlg 192.168.92.2
Example:
RP/0/RSP0/CPU0:router(config-expl-path)#
index 2 exclude-srlg 192.168.192.2
Step 4
Step 5 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 221
Implementing MPLS Traffic Engineering
Configuring the Shared Risk Link GroupsCommand or Action Purpose
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
MPLS Traffic Engineering Shared Risk Link Groups, on page 146
Explicit Path, on page 147
Fast ReRoute with SRLG Constraints, on page 148
Importance of Protection, on page 149
Delivery of Packets During a Failure, on page 150
Multiple Backup Tunnels Protecting the Same Interface , on page 150
SRLG Limitations, on page 150
Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267
Using Explicit Path With Exclude SRLG
Perform this task to use an explicit path with the exclude SRLG option on the static backup tunnel.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
222 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring the Shared Risk Link GroupsSUMMARY STEPS
1. configure
2. mpls traffic-eng
3. interface type interface-path-id
4. backup-path tunnel-te tunnel-number
5. exit
6. exit
7. interface tunnel-tetunnel-id
8. ipv4 unnumbered type interface-path-id
9. path-option preference-priority{ dynamic | explicit {identifier | name explicit-path-name}}
10. destination ip-address
11. exit
12. Use one of these commands:
end
commit
13. show run explicit-path name name
14. show mpls traffic-eng topology path destination name explicit-path name
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
traffic-eng
Step 2
Enables traffic engineering on a specific interface on the
originating node.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
interface POS 0/6/0/0
Step 3
backup-path tunnel-te tunnel-number Configures an MPLS TE backup path for a specific interface.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
backup-path tunnel-te 2
Step 4
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 223
Implementing MPLS Traffic Engineering
Configuring the Shared Risk Link GroupsCommand or Action Purpose
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-if)#
exit
Step 5
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# exit
Step 6
interface tunnel-tetunnel-id Configures an MPLS-TE tunnel interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface
tunnel-te 2
Step 7
ipv4 unnumbered type interface-path-id Assigns a source addressto set up forwarding on the new tunnel.
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4
unnumbered Loopback0
Step 8
Sets the path option to explicit with a given name (previously
configured) and assigns the path ID.
path-option preference-priority{ dynamic | explicit
{identifier | name explicit-path-name}}
Step 9
Example:
RP/0/RSP0/CPU0:router(config-if)# path-option
l explicit name backup-srlg
You can use the dynamic option to dynamically assign
a path.
Note
Step 10 destination ip-address Assigns a destination address on the new tunnel.
Example:
RP/0/RSP0/CPU0:router(config-if)# destination
192.168.92.125
Destination addressisthe remote nodes MPLS-TE router
ID.
Destination address is the merge point between backup
and protected tunnels.
When you configure TE tunnel with multiple protection
on its path and merge point is the same node for more
than one protection, you must configure record-route
for that tunnel.
Note
exit Exits the current configuration mode.
Example:
Step 11
RP/0/RSP0/CPU0:router(config-if)# exit
Step 12 Use one of these commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
224 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring the Shared Risk Link GroupsCommand or Action Purpose
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
end
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and
returnsthe router to EXEC mode without committing
the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changesto the running configuration file and remain within
the configuration session.
show run explicit-path name name Displays the SRLG values that are configured for the link.
Example:
RP/0/RSP0/CPU0:router# show run explicit-path
name backup-srlg
Step 13
show mpls traffic-eng topology path destination Displays the SRLG values that are configured for the link.
name explicit-path name
Step 14
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
topology path destination 192.168.92.125
explicit-path backup-srlg
Related Topics
MPLS Traffic Engineering Shared Risk Link Groups, on page 146
Explicit Path, on page 147
Fast ReRoute with SRLG Constraints, on page 148
Importance of Protection, on page 149
Delivery of Packets During a Failure, on page 150
Multiple Backup Tunnels Protecting the Same Interface , on page 150
SRLG Limitations, on page 150
Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 225
Implementing MPLS Traffic Engineering
Configuring the Shared Risk Link GroupsCreating a Link Protection on Backup Tunnel with SRLG Constraint
Perform this task to create an explicit path with the exclude SRLG option on the static backup tunnel.
SUMMARY STEPS
1. configure
2. mpls traffic-eng
3. interface type interface-path-id
4. backup-path tunnel-te tunnel-number
5. exit
6. exit
7. interface tunnel-tetunnel-id
8. ipv4 unnumbered type interface-path-id
9. path-option preference-priority{ dynamic | explicit {identifier | name explicit-path-name}}
10. destination ip-address
11. exit
12. explicit-path {identifier number [disable | index]}{ name explicit-path-name}
13. index 1 exclude-srlg 192.168.92.2
14. Use one of these commands:
end
commit
15. show mpls traffic-eng tunnelstunnel-number detail
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
traffic-eng
Step 2
Enables traffic engineering on a particular interface on the
originating node.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
interface POS 0/6/0/0
Step 3
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
226 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring the Shared Risk Link GroupsCommand or Action Purpose
backup-path tunnel-te tunnel-number Sets the backup path to the primary tunnel outgoing interface.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
backup-path tunnel-te 2
Step 4
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-if)#
exit
Step 5
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# exit
Step 6
interface tunnel-tetunnel-id Configures an MPLS-TE tunnel interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface
tunnel-te 2
Step 7
ipv4 unnumbered type interface-path-id Assigns a source addressto set up forwarding on the new tunnel.
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4
unnumbered Loopback0
Step 8
Sets the path option to explicit with a given name (previously
configured) and assigns the path ID. Identifier range is from 1
to 4294967295.
path-option preference-priority{ dynamic | explicit
{identifier | name explicit-path-name}}
Example:
RP/0/RSP0/CPU0:router(config-if)# path-option
1 explicit name backup-srlg
Step 9
You can use the dynamic option to dynamically assign
a path.
Note
Step 10 destination ip-address Assigns a destination address on the new tunnel.
Example:
RP/0/RSP0/CPU0:router(config-if)# destination
192.168.92.125
Destination address is the remote nodes MPLS-TE router
ID.
Destination address is the merge point between backup
and protected tunnels.
When you configure TE tunnel with multiple protection
on its path and merge point is the same node for more
than one protection, you must configure record-route
for that tunnel.
Note
exit Exits the current configuration mode.
Example:
Step 11
RP/0/RSP0/CPU0:router(config-if)# exit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 227
Implementing MPLS Traffic Engineering
Configuring the Shared Risk Link GroupsCommand or Action Purpose
Enters the explicit path configuration mode. Identifer range is
1 to 65535.
explicit-path {identifier number [disable | index]}{
name explicit-path-name}
Example:
RP/0/RSP0/CPU0:router(config)# explicit-path
name backup-srlg-nodep
Step 12
Specifies the protected link IP address to get SRLGs to be
excluded from the explicit path.
index 1 exclude-srlg 192.168.92.2
Example:
RP/0/RSP0/CPU0:router:router(config-if)#
index 1 exclude-srlg 192.168.192.2
Step 13
Step 14 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and
returnsthe router to EXEC mode without committing
the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changesto the running configuration file and remain within
the configuration session.
Display the tunnel details with SRLG valuesthat are configured
for the link.
show mplstraffic-eng tunnelstunnel-number detail
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
tunnels 2 detail
Step 15
Related Topics
MPLS Traffic Engineering Shared Risk Link Groups, on page 146
Explicit Path, on page 147
Fast ReRoute with SRLG Constraints, on page 148
Importance of Protection, on page 149
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
228 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring the Shared Risk Link GroupsDelivery of Packets During a Failure, on page 150
Multiple Backup Tunnels Protecting the Same Interface , on page 150
SRLG Limitations, on page 150
Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267
Creating a Node Protection on Backup Tunnel with SRLG Constraint
Perform this task to configure node protection on backup tunnel with SRLG constraint.
SUMMARY STEPS
1. configure
2. mpls traffic-eng
3. interface type interface-path-id
4. backup-path tunnel-te tunnel-number
5. exit
6. exit
7. interface tunnel-tetunnel-id
8. ipv4 unnumbered type interface-path-id
9. path-option preference-priority{ dynamic | explicit {identifier | name explicit-path-name}}
10. destination ip-address
11. exit
12. explicit-path {identifier number [disable | index]}{ name explicit-path-name}
13. index 1 exclude-address 192.168.92.1
14. index 2 exclude-srlg 192.168.92.2
15. Use one of these commands:
end
commit
16. show mpls traffic-eng tunnels topology path destination ip-address explicit-path-name name
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
traffic-eng
Step 2
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 229
Implementing MPLS Traffic Engineering
Configuring the Shared Risk Link GroupsCommand or Action Purpose
Enables traffic engineering on a particular interface on the
originating node.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
interface POS 0/6/0/0
Step 3
backup-path tunnel-te tunnel-number Sets the backup path for the primary tunnel outgoing interface.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
backup-path tunnel-te 2
Step 4
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-if)# exit
Step 5
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# exit
Step 6
interface tunnel-tetunnel-id Configures an MPLS-TE tunnel interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface
tunnel-te 2
Step 7
Assigns a source address to set up forwarding on the new
tunnel.
ipv4 unnumbered type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4
unnumbered Loopback0
Step 8
Sets the path option to explicit with a given name (previously
configured) and assigns the path ID. Identifier range is 1 to
4294967295.
path-option preference-priority{ dynamic | explicit
{identifier | name explicit-path-name}}
Example:
RP/0/RSP0/CPU0:router(config-if)# path-option
1 explicit name backup-srlg
Step 9
You can use the dynamic option to dynamically assign
path.
Note
Step 10 destination ip-address Assigns a destination address on the new tunnel.
Example:
RP/0/RSP0/CPU0:router(config-if)# destination
192.168.92.125
Destination addressisthe remote nodes MPLS-TE router
ID.
Destination address is the merge point between backup
and protected tunnels.
When you configure TE tunnel with multiple
protection on its path and merge point is the same
node for more than one protection, you must configure
record-route for that tunnel.
Note
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
230 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring the Shared Risk Link GroupsCommand or Action Purpose
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-if)# exit
Step 11
Enters the explicit path configuration mode. Identifer range is
1 to 65535.
explicit-path {identifier number [disable | index]}{
name explicit-path-name}
Example:
RP/0/RSP0/CPU0:router(config)# explicit-path
name backup-srlg-nodep
Step 12
Specifies the protected node IP address to be excluded from
the explicit path.
index 1 exclude-address 192.168.92.1
Example:
RP/0/RSP0/CPU0:router:router(config-if)# index
1 exclude-address 192.168.92.1
Step 13
Specifies the protected link IP address to get SRLGs to be
excluded from the explicit path.
index 2 exclude-srlg 192.168.92.2
Example:
RP/0/RSP0/CPU0:router(config-if)# index 2
exclude-srlg 192.168.192.2
Step 14
Step 15 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 231
Implementing MPLS Traffic Engineering
Configuring the Shared Risk Link GroupsCommand or Action Purpose
Displaysthe path to the destination with the constraintspecified
in the explicit path.
show mpls traffic-eng tunnels topology path
destination ip-address explicit-path-name name
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
tunnels topology path destination
Step 16
192.168.92.125 explicit-path-name
backup-srlg-nodep
Related Topics
MPLS Traffic Engineering Shared Risk Link Groups, on page 146
Explicit Path, on page 147
Fast ReRoute with SRLG Constraints, on page 148
Importance of Protection, on page 149
Delivery of Packets During a Failure, on page 150
Multiple Backup Tunnels Protecting the Same Interface , on page 150
SRLG Limitations, on page 150
Configure the MPLS-TE Shared Risk Link Groups: Example, on page 267
Configuring Point-to-Multipoint TE
You must enable multicast routing on the edge router before performing Point-to-Multipoint (P2MP) TE
configurations. To configure Point-to-Multipoint TE, perform these procedures:
Enabling Multicast Routing on the Router
Perform this task to enable multicast routing on the router to configure P2MP tunnels.
Before You Begin
To configure Point-to-Multipoint (P2MP) tunnels, you must enable multicast routing on the router.
The customer-facing interface must enable multicast.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
232 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring Point-to-Multipoint TESUMMARY STEPS
1. configure
2. multicast-routing
3. address-family {ipv4 | ipv6 }
4. interface tunnel-mte tunnel-id
5. enable
6. exit
7. interface type interface-path-id
8. enable
9. Use one of these commands:
end
commit
10. show pim ipv6 interface type interface-path-id
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
multicast-routing Enters multicast routing configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# multicast-routing
Step 2
RP/0/RSP0/CPU0:router(config-mcast)#
Configures the available IPv4 or IPv6 address prefixes
to enable multicast routing and forwarding on all router
interfaces.
address-family {ipv4 | ipv6 }
Example:
RP/0/RSP0/CPU0:router(config-mcast)# address-family
Step 3
ipv6
RP/0/RSP0/CPU0:router(config-mcast-default-ipv6)#
interface tunnel-mte tunnel-id Configures an MPLS-TE P2MP tunnel interface.
Example:
RP/0/RSP0/CPU0:router(config-mcast-default-ipv6)#
Step 4
interface tunnel-mte 1
RP/0/RSP0/CPU0:router(config-mcast-default-ipv6-if)#
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 233
Implementing MPLS Traffic Engineering
Configuring Point-to-Multipoint TECommand or Action Purpose
enable Enables multicast routing on the tunnel-mte interface.
Example:
RP/0/RSP0/CPU0:router(config-mcast-default-ipv6-if)#
Step 5
enable
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-mcast-default-ipv6-if)#
Step 6
exit
RP/0/RSP0/CPU0:router(config-mcast-default-ipv6)#
Configures multicast routing on the GigabitEthernet
interface.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-mcast-default-ipv6)#
Step 7
interface GigabitEthernet0/2/0/3
RP/0/RSP0/CPU0:router(config-mcast-default-ipv6-if)#
Enables multicast routing on the GigabitEthernet
interface.
enable
Example:
RP/0/RSP0/CPU0:router(config-mcast-default-ipv6-if)#
Step 8
enable
Step 9 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-mcast-default-ipv6-if)#
? Entering yes saves configuration changes to
end the running configuration file, exits the
configuration session, and returns the router
to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-mcast-default-ipv6-if)# ? Entering no exits the configuration session
and returnsthe router to EXEC mode without
committing the configuration changes.
commit
? Entering cancel leaves the router in the
current configuration session without exiting
or committing the configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
234 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring Point-to-Multipoint TECommand or Action Purpose
Use the commit command to save the configuration
changes to the running configuration file and
remain within the configuration session.
Displays the output for the P2MP-TE tunnel interface
that has IPv6 multicast enabled.
show pim ipv6 interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router# show pim ipv6 interface
Step 10
tunnel-mte 1
Related Topics
Configuring the Static Group for the Point-to-Multipoint Interface, on page 235
Configuring the Static Group for the Point-to-Multipoint Interface
Perform thistask to configure the static group on the Point-to-Multipoint (P2MP) interface to forward specified
multicast traffic over P2MP LSP.
SUMMARY STEPS
1. configure
2. router mld
3. vrf vrf-name
4. interface tunnel-mte tunnel-id
5. static-group group-address
6. Use one of these commands:
end
commit
7. show mrib ipv6 route source-address
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 235
Implementing MPLS Traffic Engineering
Configuring Point-to-Multipoint TECommand or Action Purpose
router mld Enters router MLD configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# router mld
Step 2
RP/0/RSP0/CPU0:router(config-mld)#
vrf vrf-name Configures a virtual private network (VRF) instance.
Example:
RP/0/RSP0/CPU0:router(config-mld)#vrf default
Step 3
RP/0/RSP0/CPU0:router(config-mld-default)#
interface tunnel-mte tunnel-id Configures an MPLS-TE P2MP tunnel interface.
Example:
RP/0/RSP0/CPU0:router(config-mld-default)#interface
Step 4
tunnel-mte 1
RP/0/RSP0/CPU0:router(config-mld-default-if)#
Configures the multicast group address in the
Source-Specific Multicast (SSM) addressrange (ff35::/16)
for the IPv6 address prefix.
static-group group-address
Example:
RP/0/RSP0/CPU0:router(config-mld-default-if)#
Step 5
static-group ff35::1 2000::1
Step 6 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-mld-default-if)# end
? Entering yessaves configuration changesto the
running configuration file, exits the
configuration session, and returns the router to
EXEC mode.
or
RP/0/RSP0/CPU0:router(config-mld-default-if)# commit
? Entering no exitsthe configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
236 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring Point-to-Multipoint TECommand or Action Purpose
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
show mrib ipv6 route source-address Verifies the multicast static mapping.
Example:
RP/0/RSP0/CPU0:router# show mrib ipv6 route ff35::1
Step 7
Related Topics
Enabling Multicast Routing on the Router, on page 232
Configuring Destinations for the Tunnel Interface
Perform this task to configure three destinations for the tunnel interface for Point-to-Multipoint (P2MP).
These variations are listed to ensure that the destination and path option configurations are separate from the
tunnel interface.
Different path option is used for different destinations. This task shows three destinations.
Explicit path option is based on an ID or a name.
Default path option is similar to the Point-to-Point (P2P) LSP.
Before You Begin
These prerequisites are required to configure destinations for the tunnel interface.
Multicast routing must be enabled on both the tunnel-mte interface and customer-facing interface from
the source.
Static-group must be configured on the tunnel-mte interface to forward specified multicast traffic over
P2MP LSP.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 237
Implementing MPLS Traffic Engineering
Configuring Point-to-Multipoint TESUMMARY STEPS
1. configure
2. interface tunnel-mte tunnel-id
3. destination ip-address
4. path-option preference-priority explicit identifier path-number
5. path-option preference-priority dynamic
6. exit
7. destination ip-address
8. path-option preference-priority explicit name pathname
9. path-option preference-priority dynamic
10. exit
11. destination ip-address
12. path-option preference-priority explicit name pathname [verbatim]
13. Use one of these commands:
end
commit
14. show mpls traffic-eng tunnels [brief] [p2mp tunnel-number]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
interface tunnel-mte tunnel-id Configures an MPLS-TE P2MP tunnel interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface
Step 2
tunnel-mte 10
RP/0/RSP0/CPU0:router(config-if)#
Sets the destination address for tunnel-mte 10 to
172.16.255.1. This destination usesthe explicit path identified
destination ip-address
Example:
RP/0/RSP0/CPU0:router(config-if)# destination
Step 3
by explicit path ID 10. If destination 172.16.255.1 cannot
come with explicit path ID 10, the fall back path option is
dynamic.
172.16.255.1
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
238 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring Point-to-Multipoint TECommand or Action Purpose
path-option preference-priority explicit identifier Configures the path number of the IP explicit path.
path-number
Step 4
Example:
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#
path-option 1 explicit identifier 10
Specifies that label switched paths (LSP) are dynamically
calculated.
path-option preference-priority dynamic
Example:
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#
Step 5
path-option 2 dynamic
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# exit
Step 6
RP/0/RSP0/CPU0:router(config-if)#
Sets the destination address for tunnel-mte 10 to
172.16.255.2.
destination ip-address
Example:
RP/0/RSP0/CPU0:router(config-if)# destination
Step 7
172.16.255.2
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#
Specifies the path name of the IP explicit path. Destination
172.16.255.2 uses the explicit path that is identified by the
explicit path name "how-to-get-to-172.16.255.2."
path-option preference-priority explicit name pathname
Example:
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#
Step 8
path-option 1 explicit name
how-to-get-to-172.16.255.2
Setsthe fall back path option as dynamic when the destination
cannot come to the explicit path.
path-option preference-priority dynamic
Example:
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#
Step 9
path-option 2 dynamic
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# exit
Step 10
RP/0/RSP0/CPU0:router(config-if)#
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 239
Implementing MPLS Traffic Engineering
Configuring Point-to-Multipoint TECommand or Action Purpose
Specifies that destination 172.16.255.3 uses only the
dynamically computed path.
destination ip-address
Example:
RP/0/RSP0/CPU0:router(config-if)# destination
Step 11
172.16.255.3
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#
Specifiesthat destination 172.16.255.3 usesthe explicit path
identified by the explicit path name
"how-to-get-to-172.16.255.3" in verbatim mode.
path-option preference-priority explicit name pathname
[verbatim]
Example:
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#
Step 12
path-option 1 explicit name
how-to-get-to-172.16.255.3 verbatim
Step 13 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# end
? Entering yes saves configuration changes to the
running configuration file, exitsthe configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#
? Entering no exits the configuration session and
returns the router to EXEC mode without
commit committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Displays the brief summary of the P2MP tunnel status and
configuration.
show mpls traffic-eng tunnels [brief] [p2mp
tunnel-number]
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
Step 14
tunnels brief p2mp 10
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
240 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring Point-to-Multipoint TERelated Topics
Enabling Multicast Routing on the Router, on page 232
Configuring the Static Group for the Point-to-Multipoint Interface, on page 235
Disabling Destinations
Perform this task to disable the given destination for the Point-to-Multipoint (P2MP) tunnel interface.
SUMMARY STEPS
1. configure
2. interface tunnel-mte tunnel-id
3. ipv4 unnumbered type interface-path-id
4. destination ip-address
5. disable
6. path-option preference-priority dynamic
7. path-option preference-priority explicit name pathname
8. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
interface tunnel-mte tunnel-id Configures an MPLS-TE P2MP tunnel interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface tunnel-mte
Step 2
101
RP/0/RSP0/CPU0:router(config-if)#
Assigns a source address so that forwarding can be
performed on the new tunnel. Loopback is commonly
used as the interface type.
ipv4 unnumbered type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4 unnumbered
Step 3
Loopback0
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 241
Implementing MPLS Traffic Engineering
Configuring Point-to-Multipoint TECommand or Action Purpose
Sets the destination address for tunnel-mte 10 to
140.140.140.140.
destination ip-address
Example:
RP/0/RSP0/CPU0:router(config-if)# destination
Step 4
140.140.140.140
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#
Disables destination 140.140.140.140 for tunnel-mte
10.
disable
Example:
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#disable
Step 5
Specifies that label switched paths (LSP) are
dynamically calculated.
path-option preference-priority dynamic
Example:
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#path-option
Step 6
1 dynamic
Specifies that destination 140.140.140.140 uses the
explicit path identified by the explicit path name "to4."
path-option preference-priority explicit name pathname
Example:
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#path-option
Step 7
2 explicit name to4
Step 8 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# end
? Entering yessaves configuration changesto
the running configuration file, exits the
or
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)# commit
configuration session, and returnsthe router
to EXEC mode.
? Entering no exits the configuration session
and returns the router to EXEC mode
without committing the configuration
changes.
? Entering cancel leaves the router in the
current configuration session without exiting
or committing the configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
242 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring Point-to-Multipoint TECommand or Action Purpose
Use the commit command to save the
configuration changesto the running configuration
file and remain within the configuration session.
Logging Per Destinations for Point-to-Multipoint
Perform this task to log destinations for Point-to-Multipoint (P2MP).
SUMMARY STEPS
1. configure
2. interface tunnel-mte tunnel-id
3. ipv4 unnumbered type interface-path-id
4. destination ip-address
5. logging events lsp-status state
6. logging events lsp-status reroute
7. path-option preference-priority explicit name pathname
8. exit
9. fast-reroute
10. Use one of these commands:
end
commit
11. show mpls traffic-eng tunnels [p2mp]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
interface tunnel-mte tunnel-id Configures an MPLS-TE P2MP tunnel interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface
Step 2
tunnel-mte 1000
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 243
Implementing MPLS Traffic Engineering
Configuring Point-to-Multipoint TECommand or Action Purpose
RP/0/RSP0/CPU0:router(config-if)#
Configures the MPLS-TE tunnel to use the IPv4 address on
loopback interface 0.
ipv4 unnumbered type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-if)# ipv4
Step 3
unnumbered loopback0
Sets the destination address for tunnel-mte from 1000 to
100.0.0.3.
destination ip-address
Example:
RP/0/RSP0/CPU0:router(config-if)# destination
Step 4
100.0.0.3
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#
Sends out the log message when the tunnel LSP goes up or
down when the software is enabled.
logging events lsp-status state
Example:
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#
Step 5
logging events lsp-status state
Sends out the log message when the tunnel LSP is rerouted
due to an FRR event when the software is enabled.
logging events lsp-status reroute
Example:
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#
Step 6
logging events lsp-status reroute
Specifies the path name of the IP explicit path. Destination
100.0.0.3 uses the explicit path that is identified by the explicit
path name "path123."
path-option preference-priority explicit name
pathname
Example:
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#
Step 7
path-option 1 explicit name path123
exit Exits the current configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-if-p2mp-dest)#
Step 8
exit
RP/0/RSP0/CPU0:router(config-if)#
fast-reroute Enables fast-reroute (FRR) protection for a P2MP TE tunnel.
Example:
RP/0/RSP0/CPU0:router(config-if)# fast-reroute
Step 9
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
244 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring Point-to-Multipoint TECommand or Action Purpose
Step 10 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)?
[cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
or session, and returns the router to EXEC mode.
RP/0/RSP0/CPU0:router(config-if)# commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
show mpls traffic-eng tunnels [p2mp] Displays the information for all P2MP tunnels.
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
Step 11
tunnels p2mp
Enabling Soft-Preemption on a Node
Perform this task to enable the soft-preemption feature in the MPLS TE configuration mode. By default, this
feature is disabled. You can configure the soft-preemption feature for each node. It hasto be explicitly enabled
for each node.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 245
Implementing MPLS Traffic Engineering
Enabling Soft-Preemption on a NodeSUMMARY STEPS
1. configure
2. mpls traffic-eng
3. soft-preemption
4. timeout seconds
5. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls traffic-eng
Step 2
Step 3 soft-preemption Enables soft-preemption on a node.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
soft-preemption
If soft-preemption is enabled, the head-end node tracks
whether an LSP desires the soft-preemption treatment.
However, when a soft-preemption feature is disabled on
a node, this node continues to track all LSPs desiring
soft-preemption. This is needed in a case when
soft-preemption is re-enabled, TE will have the property
of the existing LSPs without any re-signaling.
Note
Specifies the timeout for the soft-preempted LSP, in seconds. The
range is from 1 to 300.
timeout seconds
Example:
RP/0/RSP0/CPU0:router(config-soft-preemption)#
timeout 20
Step 4
Step 5 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
246 OL-26056-02
Implementing MPLS Traffic Engineering
Enabling Soft-Preemption on a NodeCommand or Action Purpose
? Entering yessaves configuration changesto the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
Soft-Preemption, on page 151
Enabling Soft-Preemption on a Tunnel
Perform this task to enable the soft-preemption feature on a MPLS TE tunnel. By default, this feature is
disabled. It has to be explicitly enabled.
SUMMARY STEPS
1. configure
2. interface tunnel-te tunnel-id
3. soft-preemption
4. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 247
Implementing MPLS Traffic Engineering
Enabling Soft-Preemption on a TunnelCommand or Action Purpose
interface tunnel-te tunnel-id Configures an MPLS-TE tunnel interface.
Example:
RP/0/RSP0/CPU0:router# interface
tunnel-te 10
Step 2
Step 3 soft-preemption Enables soft-preemption on a tunnel.
Example:
RP/0/RSP0/CPU0:router(config-if)#
soft-preemption
When soft preemption is enabled on a tunnel, these actions occur:
A path-modify message issent for the current LSP with the soft preemption
desired property.
A path-modify message is sent for the reopt LSP with the soft preemption
desired property.
A path-modify message is sent for the path protection LSP with the soft
preemption desired property.
A path-modify message is sent for the current LSP in FRR active state with
the soft preemption desired property.
The soft-preemption is not available in the interface tunnel-mte and
interface tunnel-gte configuration modes.
Note
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)#
end
? Entering yes saves configuration changes to the running configuration
file, exits the configuration session, and returns the router to EXEC
or mode.
RP/0/RSP0/CPU0:router(config)#
commit
? Entering no exits the configuration session and returns the router to
EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration session
without exiting or committing the configuration changes.
Use the commit command to save the configuration changesto the running
configuration file and remain within the configuration session.
Related Topics
Soft-Preemption, on page 151
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
248 OL-26056-02
Implementing MPLS Traffic Engineering
Enabling Soft-Preemption on a TunnelConfiguring Attributes within a Path-Option Attribute
Perform this task to configure attributes within a path option attribute-set template.
SUMMARY STEPS
1. configure
2. mpls traffic-eng
3. attribute-set path-option attribute-set-name
4. affinity affinity-value mask mask-value
5. signalled-bandwidth kbps class-type class-type number
6. Use one of these commands:
end
commit
7. show mpls traffic-eng attribute-set
8. show mpls traffic-eng tunnelsdetail
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls traffic-eng
Step 2
Step 3 attribute-set path-option attribute-set-name Enters attribute-set path option configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
attribute-set path-option myset
The configuration at the path-option level takes
precedence over the values configured at the level of
the tunnel, and therefore is applied.
Note
Configures affinity attribute under a path option attribute-set.
The attribute values that are required for links to carry this
tunnel.
affinity affinity-value mask mask-value
Example:
RP/0/RSP0/CPU0:router(config-te-attribute-set)#
affinity 0xBEEF mask 0xBEEF
Step 4
Configures the bandwidth attribute required for an MPLS-TE
tunnel under a path option attribute-set.
signalled-bandwidth kbps class-type class-type number
Example:
RP/0/RSP0/CPU0:router(config-te-attribute-set)#
signalled-bandwidth 1000 class-type 0
Step 5
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 249
Implementing MPLS Traffic Engineering
Configuring Attributes within a Path-Option AttributeCommand or Action Purpose
You can configure the class type of the tunnel
bandwidth request. The class-type 0 is strictly
equivalent to global-pool and class-type 1 is strictly
equivalent to subpool.
Note
Step 6 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and
returnsthe router to EXEC mode without committing
the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changesto the running configuration file and remain within
the configuration session.
Displays the attributes that are defined in the attribute-set for
the link.
show mpls traffic-eng attribute-set
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
attribute-set
Step 7
Displays the attribute-set path option information on a specific
tunnel.
show mpls traffic-eng tunnelsdetail
Example:
RP/0/RSP0/CPU0:router# show mpls traffic-eng
tunnels detail
Step 8
Related Topics
Path Option Attributes, on page 151
Configuration Hierarchy of Path Option Attributes, on page 152
Traffic Engineering Bandwidth and Bandwidth Pools, on page 152
Path Option Switchover, on page 153
Path Option and Path Protection, on page 153
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
250 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring Attributes within a Path-Option AttributeConfiguring Auto-Tunnel Mesh Tunnel ID
Perform this activity to configure the tunnel ID range that can be allocated to Auto-tunnel mesh tunnels.
SUMMARY STEPS
1. configure
2. mpls traffic-eng
3. auto-tunnel mesh
4. tunnel-id min value max value
5. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng Enters MPLS TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
traffic-eng
Step 2
Enters auto-tunnel mesh configuration mode. You can configure
auto-tunnel mesh related options from this mode.
auto-tunnel mesh
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
auto-tunnel mesh
Step 3
Specifies the minimum and maximum number of auto-tunnel mesh
tunnels that can be created on this router. The range of tunnel ID is
from 0 to 65535.
tunnel-id min value max value
Example:
RP/0/RSP0/CPU0:router(config-te-auto-mesh)#
tunnel-id min 10 max 50
Step 4
Step 5 Use one of these commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 251
Implementing MPLS Traffic Engineering
Configuring Auto-Tunnel Mesh Tunnel IDCommand or Action Purpose
When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
end
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Related Topics
Auto-Tunnel Mesh, on page 154
Destination List (Prefix-List), on page 154
Configuring Auto-tunnel Mesh Unused Timeout
Perform this task to configure a global timer to remove unused auto-mesh tunnels.
SUMMARY STEPS
1. configure
2. mpls traffic-eng
3. auto-tunnel mesh
4. timer removal unused timeout
5. Use one of these commands:
end
commit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
252 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring Auto-tunnel Mesh Unused TimeoutDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls traffic-eng
Step 2
auto-tunnel mesh Enables auto-tunnel mesh groups globally.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
auto-tunnel mesh
Step 3
Specifies a timer, in minutes, after which a down auto-tunnel
mesh gets deleted whose destination was not in TE topology.
The default value for this timer is 60.
timer removal unused timeout
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-auto-mesh)#
timers removal unused 10
Step 4
The timer gets started when these conditions are met:
Tunnel destination node is removed from the topology
Tunnel is in down state
The unused timer runs per tunnel because the same
destination in different mesh-groups may have different
tunnels created.
Note
Step 5 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and
returnsthe router to EXEC mode without committing
the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 253
Implementing MPLS Traffic Engineering
Configuring Auto-tunnel Mesh Unused TimeoutCommand or Action Purpose
Use the commit command to save the configuration
changesto the running configuration file and remain within
the configuration session.
Related Topics
Auto-Tunnel Mesh, on page 154
Destination List (Prefix-List), on page 154
Configuring Auto-Tunnel Mesh Group
Perform this task to configure an auto-tunnel mesh group globally on the router.
SUMMARY STEPS
1. configure
2. mpls traffic-eng
3. auto-tunnel mesh
4. group value
5. disable
6. attribute-setname
7. destination-list
8. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls traffic-eng
Step 2
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
254 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring Auto-Tunnel Mesh GroupCommand or Action Purpose
auto-tunnel mesh Enables auto-tunnel mesh groups globally.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# auto-tunnel mesh
Step 3
Specifiesthe membership of auto-tunnel mesh. The range
is from 0 to 4294967295.
group value
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-auto-mesh)# group
65
Step 4
When the destination-list is not supplied,
head-end will automatically build destination
list belonging for the given mesh-group
membership using TE topology.
Note
Disables the meshgroup and deletes all tunnels created
for this meshgroup.
disable
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-auto-mesh-group)#
disable
Step 5
Specifies the attributes used for all tunnels created for
the meshgroup. If it is not defined, this meshgroup does
not create any tunnel.
attribute-setname
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-auto-mesh-group)#
attribute-set am-65
Step 6
This is a mandatory configuration under a meshgroup.
If a given destination-list is not defined as a prefix-list,
destination-list
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-auto-mesh-group)#
destination-list dl-65
Step 7
this meshgroup create tunnels to all nodes available in
TE topology.
Step 8 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system
prompts you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to
the running configuration file, exits the
or
RP/0/RSP0/CPU0:router(config)# commit
configuration session, and returns the router
to EXEC mode.
? Entering no exits the configuration session
and returnsthe router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the
current configuration session without exiting
or committing the configuration changes.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 255
Implementing MPLS Traffic Engineering
Configuring Auto-Tunnel Mesh GroupCommand or Action Purpose
Use the commit command to save the
configuration changesto the running configuration
file and remain within the configuration session.
Related Topics
Auto-Tunnel Mesh, on page 154
Destination List (Prefix-List), on page 154
Configuring Tunnel Attribute-Set Templates
Perform this task to define attribute-set templates for auto-mesh tunnels.
SUMMARY STEPS
1. configure
2. mpls traffic-eng
3. attribute-set auto-mesh attribute-set-name
4. affinity value mask mask-value
5. signalled-bandwidth kbps class-type class-type number
6. autoroute announce
7. fast-reroute protect bandwidth node
8. auto-bw collect-bw-only
9. logging events lsp-status {state | insufficient-bandwidth | reoptimize | reroute }
10. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
256 OL-26056-02
Implementing MPLS Traffic Engineering
Configuring Tunnel Attribute-Set TemplatesCommand or Action Purpose
mpls traffic-eng Enters MPLS-TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls traffic-eng
Step 2
attribute-set auto-mesh attribute-set-name Specifies name of the attribute-set of auto-mesh type.
Example:
RP/0/RSP0/CPU0:router(config-te)# attribute-set
auto-mesh attribute-set-mesh
Step 3
Configures the affinity properties the tunnel requires in its links
for an MPLS-TE tunnel under an auto-mesh attribute-set.
affinity value mask mask-value
Example:
RP/0/RSP0/CPU0:router(config-te)# affinity 0101
mask 320
Step 4
Configures the bandwidth attribute required for an MPLS-TE
tunnel under an auto-mesh attribute-set. Because the default
signalled-bandwidth kbps class-type class-type number
Example:
RP/0/RSP0/CPU0:router(config-te-attribute-set)#
signalled-bandwidth 1000 class-type 0
Step 5
tunnel priority is 7, tunnels use the default TE class map
(namely, class-type 0, priority 7).
You can configure the class type of the tunnel
bandwidth request. The class-type 0 is strictly
equivalent to global-pool and class-type 1 is strictly
equivalent to subpool.
Note
autoroute announce Enables parameters for IGP routing over tunnel.
Example:
RP/0/RSP0/CPU0:router(config-te-attribute-set)#
autoroute announce
Step 6
Enables fast-reroute bandwidth protection and node protection
for auto-mesh tunnels.
fast-reroute protect bandwidth node
Example:
RP/0/RSP0/CPU0:router(config-te-attribute-set)#
fast-reroute
Step 7
Enables automatic bandwidth collection frequency, and controls
the manner in which the bandwidth for a tunnel collects output
rate information, but does not adjust the tunnel bandwidth.
auto-bw collect-bw-only
Example:
RP/0/RSP0/CPU0:router(config-te-attribute-set)#
auto-bw collect-bw-only
Step 8
Sends out the log message when the tunnel LSP goes up or down
when the software is enabled.
logging events lsp-status {state |
insufficient-bandwidth | reoptimize | reroute }
Step 9
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 257
Implementing MPLS Traffic Engineering
Configuring Tunnel Attribute-Set TemplatesCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-te-attribute-set)#
logging events lsp-status state
Sends out the log message when the tunnel LSP undergoessetup
or reoptimize failure due to bandwidth issues.
Sends out the log message for the LSP reoptimize change alarms.
Sends out the log message for the LSP reroute change alarms.
Step 10 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and
returnsthe router to EXEC mode without committing
the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changesto the running configuration file and remain within
the configuration session.
Related Topics
Auto-Tunnel Mesh, on page 154
Destination List (Prefix-List), on page 154
Enabling LDP on Auto-Tunnel Mesh
Perform this task to enable LDP on auto-tunnel mesh group.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
258 OL-26056-02
Implementing MPLS Traffic Engineering
Enabling LDP on Auto-Tunnel MeshSUMMARY STEPS
1. configure
2. mpls ldp
3. traffic-eng auto-tunnel mesh
4. groupidall
5. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls ldp Enters MPLS LDP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-ldp)# mpls ldp
Step 2
Enters auto-tunnel mesh configuration mode. You can configure
TE auto-tunnel mesh groups from this mode.
traffic-eng auto-tunnel mesh
Example:
RP/0/RSP0/CPU0:router(config-ldp-te-auto-mesh)#
traffic-eng auto-tunnel mesh
Step 3
Configures an auto-tunnel mesh group of interfacesin LDP. You
can enable LDP on all TE meshgroup interfaces or you can
groupidall
Example:
RP/0/RSP0/CPU0:router(config-ldp-te-auto-mesh)#
group all
Step 4
specify the TE mesh group ID on which the LDP is enabled. The
range of group ID is from 0 to 4294967295.
Step 5 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 259
Implementing MPLS Traffic Engineering
Enabling LDP on Auto-Tunnel MeshCommand or Action Purpose
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration
changesto the running configuration file and remain within
the configuration session.
Related Topics
Auto-Tunnel Mesh, on page 154
Destination List (Prefix-List), on page 154
Configuration Examples for Cisco MPLS-TE
These configuration examples are used for MPLS-TE:
Build MPLS-TE Topology and Tunnels: Example
The following examples show how to build an OSPF and IS-IS topology:
(OSPF)
...
configure
mpls traffic-eng
interface pos 0/6/0/0
router id loopback 0
router ospf 1
router-id 192.168.25.66
area 0
interface pos 0/6/0/0
interface loopback 0
mpls traffic-eng router-id loopback 0
mpls traffic-eng area 0
rsvp
interface pos 0/6/0/0
bandwidth 100
commit
show mpls traffic-eng topology
show mpls traffic-eng link-management advertisement
!
(IS-IS)
...
configure
mpls traffic-eng
interface pos 0/6/0/0
router id loopback 0
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
260 OL-26056-02
Implementing MPLS Traffic Engineering
Configuration Examples for Cisco MPLS-TErouter isis lab
address-family ipv4 unicast
mpls traffic-eng level 2
mpls traffic-eng router-id Loopback 0
!
interface POS0/0/0/0
address-family ipv4 unicast
!
The following example shows how to configure tunnel interfaces:
interface tunnel-te1
destination 192.168.92.125
ipv4 unnumbered loopback 0
path-option l dynamic
bandwidth 100
commit
show mpls traffic-eng tunnels
show ipv4 interface brief
show mpls traffic-eng link-management admission-control
!
interface tunnel-te1
autoroute announce
route ipv4 192.168.12.52/32 tunnel-te1
commit
ping 192.168.12.52
show mpls traffic autoroute
!
interface tunnel-te1
fast-reroute
mpls traffic-eng interface pos 0/6/0/0
backup-path tunnel-te 2
interface tunnel-te2
backup-bw global-pool 5000
ipv4 unnumbered loopback 0
path-option l explicit name backup-path
destination 192.168.92.125
commit
show mpls traffic-eng tunnels backup
show mpls traffic-eng fast-reroute database
!
rsvp
interface pos 0/6/0/0
bandwidth 100 150 sub-pool 50
interface tunnel-te1
bandwidth sub-pool 10
commit
Related Topics
Building MPLS-TE Topology, on page 155
Creating an MPLS-TE Tunnel, on page 158
How MPLS-TE Works, on page 121
Configure IETF DS-TE Tunnels: Example
The following example shows how to configure DS-TE:
rsvp
interface pos 0/6/0/0
bandwidth rdm 100 150 bc1 50
mpls traffic-eng
ds-te mode ietf
interface tunnel-te 1
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 261
Implementing MPLS Traffic Engineering
Configure IETF DS-TE Tunnels: Examplebandwidth 10 class-type 1
commit
configure
rsvp interface 0/6/0/0
bandwidth mam max-reservable-bw 400 bc0 300 bc1 200
mpls traffic-eng
ds-te mode ietf
ds-te model mam
interface tunnel-te 1bandwidth 10 class-type 1
commit
Related Topics
Configuring a Prestandard DS-TE Tunnel, on page 176
Prestandard DS-TE Mode, on page 127
Configure MPLS-TE and Fast-Reroute on OSPF: Example
CSPF areas are configured on a per-path-option basis. The following example shows how to use the
traffic-engineering tunnels (tunnel-te) interface and the active path for the MPLS-TE tunnel:
configure
interface tunnel-te 0
path-option 1 explicit id 6 ospf 126 area 0
path-option 2 explicit name 234 ospf 3 area 7 verbatim
path-option 3 dynamic isis mtbf level 1 lockdown
commit
Configure the Ignore IS-IS Overload Bit Setting in MPLS-TE: Example
This example shows how to configure the IS-IS overload bit setting in MPLS-TE:
This figure illustrates the IS-IS overload bit scenario:
Figure 18: IS-IS overload bit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
262 OL-26056-02
Implementing MPLS Traffic Engineering
Configure MPLS-TE and Fast-Reroute on OSPF: ExampleConsider a MPLS TE topology in which usage of nodes that indicated an overload situation was restricted.
In this topology, the router R7 exhibits overload situation and hence this node can not be used during TE
CSPF. To overcome this limitation, the IS-IS overload bit avoidance (OLA) feature was introduced. This
feature allows network administrators to prevent RSVP-TE label switched paths (LSPs) from being disabled
when a router in that path has its Intermediate System-to-Intermediate System (IS-IS) overload bit set.
The IS-IS overload bit avoidance feature is activated at router R1 using this command:
mpls traffic-eng path-selection ignore overload
configure
mpls traffic-eng
path-selection ignore overload
commit
Related Topics
Configuring the Ignore Integrated IS-IS Overload Bit Setting in MPLS-TE, on page 187
Ignore Intermediate System-to-Intermediate System Overload Bit Setting in MPLS-TE, on page 131
Configure Flexible Name-based Tunnel Constraints: Example
The following configuration shows the three-step process used to configure flexible name-based tunnel
constraints.
R2
line console
exec-timeout 0 0
width 250
!
logging console debugging
explicit-path name mypath
index 1 next-address loose ipv4 unicast 3.3.3.3 !
explicit-path name ex_path1
index 10 next-address loose ipv4 unicast 2.2.2.2 index 20 next-address loose ipv4 unicast
3.3.3.3 !
interface Loopback0
ipv4 address 22.22.22.22 255.255.255.255 !
interface tunnel-te1
ipv4 unnumbered Loopback0
signalled-bandwidth 1000000
destination 3.3.3.3
affinity include green
affinity include yellow
affinity exclude white
affinity exclude orange
path-option 1 dynamic
!
router isis 1
is-type level-1
net 47.0001.0000.0000.0001.00
nsf cisco
address-family ipv4 unicast
metric-style wide
mpls traffic-eng level-1
mpls traffic-eng router-id Loopback0
!
interface Loopback0
passive
address-family ipv4 unicast
!
!
interface GigabitEthernet0/1/0/0
address-family ipv4 unicast
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 263
Implementing MPLS Traffic Engineering
Configure Flexible Name-based Tunnel Constraints: Example!
!
interface GigabitEthernet0/1/0/1
address-family ipv4 unicast
!
!
interface GigabitEthernet0/1/0/2
address-family ipv4 unicast
!
!
interface GigabitEthernet0/1/0/3
address-family ipv4 unicast
!
!
!
rsvp
interface GigabitEthernet0/1/0/0
bandwidth 1000000 1000000
!
interface GigabitEthernet0/1/0/1
bandwidth 1000000 1000000
!
interface GigabitEthernet0/1/0/2
bandwidth 1000000 1000000
!
interface GigabitEthernet0/1/0/3
bandwidth 1000000 1000000
!
!
mpls traffic-eng
interface GigabitEthernet0/1/0/0
attribute-names red purple
!
interface GigabitEthernet0/1/0/1
attribute-names red orange
!
interface GigabitEthernet0/1/0/2
attribute-names green purple
!
interface GigabitEthernet0/1/0/3
attribute-names green orange
!
affinity-map red 1
affinity-map blue 2
affinity-map black 80
affinity-map green 4
affinity-map white 40
affinity-map orange 20
affinity-map purple 10
affinity-map yellow 8
!
Related Topics
Assigning Color Names to Numeric Values, on page 188
Associating Affinity-Names with TE Links, on page 190
Associating Affinity Constraints for TE Tunnels, on page 192
Flexible Name-based Tunnel Constraints, on page 132
Configure an Interarea Tunnel: Example
The following configuration example shows how to configure a traffic engineering interarea tunnel. .
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
264 OL-26056-02
Implementing MPLS Traffic Engineering
Configure an Interarea Tunnel: ExampleNote Specifying the tunnel tailend in the loosely routed path is optional.
configure
interface Tunnel-te1
ipv4 unnumbered Loopback0
destination 192.168.20.20
signalled-bandwidth 300
path-option 1 explicit name path-tunnel1
explicit-path name path-tunnel1
index 10 next-address loose ipv4 unicast 192.168.40.40
index 20 next-address loose ipv4 unicast 192.168.60.60
index 30 next-address loose ipv4 unicast 192.168.20.20
Generally for an interarea tunnel you should configure multiple loosely routed path options that specify
different combinations of ABRs (for OSPF) or level-1-2 boundary routers (for IS-IS) to increase the
likelihood that the tunnel issuccessfully signaled. In thissimple topology there are no other loosely routed
paths.
Note
Configure Forwarding Adjacency: Example
The following configuration example shows how to configure an MPLS-TE forwarding adjacency on tunnel-te
68 with a holdtime value of 60:
configure
interface tunnel-te 68
forwarding-adjacency holdtime 60
commit
Related Topics
Configuring MPLS-TE Forwarding Adjacency, on page 199
MPLS-TE Forwarding Adjacency Benefits, on page 136
Configure PCE: Example
The following configuration example illustrates a PCE configuration:
configure
mpls traffic-eng
interface pos 0/6/0/0
pce address ipv4 192.168.25.66
router id loopback 0
router ospf 1
router-id 192.168.25.66
area 0
interface pos 0/6/0/0
interface loopback 0
mpls traffic-eng router-id loopback 0
mpls traffic-eng area 0
rsvp
interface pos 0/6/0/0
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 265
Implementing MPLS Traffic Engineering
Configure Forwarding Adjacency: Examplebandwidth 100
commit
The following configuration example illustrates PCC configuration:
configure
interface tunnel-te 10
ipv4 unnumbered loopback 0
destination 1.2.3.4
path-option 1 dynamic pce
mpls traffic-eng
interface pos 0/6/0/0
router id loopback 0
router ospf 1
router-id 192.168.25.66
area 0
interface pos 0/6/0/0
interface loopback 0
mpls traffic-eng router-id loopback 0
mpls traffic-eng area 0
rsvp
interface pos 0/6/0/0
bandwidth 100
commit
Related Topics
Configuring a Path Computation Client, on page 200
Configuring a Path Computation Element Address, on page 202
Configuring PCE Parameters, on page 203
Path Computation Element, on page 136
Configure Tunnels for Path Protection: Example
The path protection feature is configured only on the source router. The dynamic path option is a prerequisite
to configure a path protection.
interface tunnel-te150
ipv4 unnumbered Loopback150
autoroute announce
destination 151.151.151.151
affinity 11 mask 11
path-protection
path-option 2 explicit name p2mp3-p2mp4-p2mp5_1 protected-by 10
path-option 10 dynamic
Related Topics
Enabling Path Protection for an Interface, on page 206
Assigning a Dynamic Path Option to a Tunnel, on page 208
Forcing a Manual Switchover on a Path-Protected Tunnel, on page 210
Configuring the Delay the Tunnel Takes Before Reoptimization, on page 210
Path Protection, on page 138
Prerequisites for Path Protection, on page 138
Restrictions for Path Protection, on page 139
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
266 OL-26056-02
Implementing MPLS Traffic Engineering
Configure Tunnels for Path Protection: ExampleConfigure Automatic Bandwidth: Example
The following configuration example illustrates an automatic bandwidth configuration:
configure
interface tunnel-te6
auto-bw
bw-limit min 10000 max 500000
overflow threshold 50 min 1000 limit 3
adjustment-threshold 20 min 1000
application 180
Related Topics
Configuring the Collection Frequency, on page 212
Configuring the Automatic Bandwidth Functions, on page 215
MPLS-TE Automatic Bandwidth Overview, on page 139
Configure the MPLS-TE Shared Risk Link Groups: Example
The following configuration example shows how to specify the SRLG value of each link that has a shared
risk with another link:
config t
srlg
interface POS0/4/0/0
value 10
value 11
|
interface POS0/4/0/1
value 10
|
The following example shows the SRLG values configured on a specific link.
RP/0/RSP0/CPU0:router# show mpls traffic-eng topology brief
My_System_id: 100.0.0.2 (OSPF 0 area 0)
My_System_id: 0000.0000.0002.00 (IS-IS 1 level-1)
My_System_id: 0000.0000.0002.00 (IS-IS 1 level-2)
My_BC_Model_Type: RDM
Signalling error holddown: 10 sec Global Link Generation 389225
IGP Id: 0000.0000.0002.00, MPLS TE Id: 100.0.0.2 Router Node (IS-IS 1 level-1)
IGP Id: 0000.0000.0002.00, MPLS TE Id: 100.0.0.2 Router Node (IS-IS 1 level-2)
Link[1]:Broadcast, DR:0000.0000.0002.07, Nbr Node Id:21, gen:389193
Frag Id:0, Intf Address:51.2.3.2, Intf Id:0
Nbr Intf Address:51.2.3.2, Nbr Intf Id:0
TE Metric:10, IGP Metric:10, Attribute Flags:0x0
Attribute Names:
SRLGs: 1, 4, 5
Switching Capability:, Encoding:
BC Model ID:RDM
Physical BW:1000000 (kbps), Max Reservable BW Global:10000 (kbps)
Max Reservable BW Sub:10000 (kbps)
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 267
Implementing MPLS Traffic Engineering
Configure Automatic Bandwidth: ExampleThe following example shows the configured tunnels and associated SRLG values.
RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels
Signalling Summary:
LSP Tunnels Process: running
RSVP Process: running
Forwarding: enabled
Periodic reoptimization: every 3600 seconds, next in 1363 seconds
Periodic FRR Promotion: every 300 seconds, next in 181 seconds
Auto-bw enabled tunnels: 0 (disabled)
Name: tunnel-te1 Destination: 100.0.0.3
Status:
Admin: up Oper: up Path: valid Signalling: recovered
path option 1, type explicit path123 (Basis for Setup, path weight 2)
OSPF 0 area 0
G-PID: 0x0800 (derived from egress interface properties)
SRLGs excluded: 2,3,4,5
6,7,8,9
Bandwidth Requested: 0 kbps CT0
The following example shows all the interfaces associated with SRLG.
RP/0/RSP0/CPU0:router# show mpls traffic-eng topo srlg
My_System_id: 100.0.0.5 (OSPF 0 area 0)
My_System_id: 0000.0000.0005.00 (IS-IS 1 level-2)
My_System_id: 0000.0000.0005.00 (IS-IS ISIS-instance-123 level-2)
SRLG Interface Addr TE Router ID IGP Area ID
__________ ______________ ____________ _______________
10 50.4.5.5 100.0.0.5 IS-IS ISIS-instance-123 level-2
11 50.2.3.3 100.0.0.3 IS-IS 1 level-2
12 50.2.3.3 100.0.0.3 IS-IS 1 level-2
30 50.4.5.5 100.0.0.5 IS-IS ISIS-instance-123 level-2
77 50.4.5.5 100.0.0.5 IS-IS ISIS-instance-123 level-2
88 50.4.5.5 100.0.0.5 IS-IS ISIS-instance-123 level-2
1500 50.4.5.5 100.0.0.5 IS-IS ISIS-instance-123 level-2
10000000 50.4.5.5 100.0.0.5 IS-IS ISIS-instance-123 level-2
4294967290 50.4.5.5 100.0.0.5 IS-IS ISIS-instance-123 level-2
4294967295 50.4.5.5 100.0.0.5 IS-IS ISIS-instance-123 level-2
The following example shows the NHOP and NNHOP backup tunnels with excluded SRLG values.
RP/0/RSP0/CPU0:router# show mpls traffic-eng topology path dest 100.0.0.5 exclude-srlg
ipaddr
Path Setup to 100.0.0.2:
bw 0 (CT0), min_bw 0, metric: 30
setup_pri 7, hold_pri 7
affinity_bits 0x0, affinity_mask 0xffff
Exclude SRLG Intf Addr : 50.4.5.5
SRLGs Excluded : 10, 30, 1500, 10000000, 4294967290, 4294967295
Hop0:50.5.1.5
Hop1:50.5.1.1
Hop2:50.1.3.1
Hop3:50.1.3.3
Hop4:50.2.3.3
Hop5:50.2.3.2
Hop6:100.0.0.2
The following example shows an extract of explicit-path set to protect a specific interface.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
268 OL-26056-02
Implementing MPLS Traffic Engineering
Configure the MPLS-TE Shared Risk Link Groups: ExampleRP/0/RSP0/CPU0:router#sh mpls traffic-eng topology path dest 10.0.0.5 explicit-path name
name
Path Setup to 100.0.0.5:
bw 0 (CT0), min_bw 9999, metric: 2
setup_pri 7, hold_pri 7
affinity_bits 0x0, affinity_mask 0xffff
SRLGs Excluded: 10, 30, 77, 88, 1500, 10000000
4294967290, 4294967295
Hop0:50.3.4.3
Hop1:50.3.4.4
Hop2:50.4.5.4
Hop3:50.4.5.5
Hop4:100.0.0.5
Related Topics
Configuring the SRLG Values of Each Link that has a Shared Risk with Another Link, on page 218
Creating an Explicit Path With Exclude SRLG, on page 220
Using Explicit Path With Exclude SRLG, on page 222
Creating a Link Protection on Backup Tunnel with SRLG Constraint, on page 226
Creating a Node Protection on Backup Tunnel with SRLG Constraint, on page 229
MPLS Traffic Engineering Shared Risk Link Groups, on page 146
Explicit Path, on page 147
Fast ReRoute with SRLG Constraints, on page 148
Importance of Protection, on page 149
Delivery of Packets During a Failure, on page 150
Multiple Backup Tunnels Protecting the Same Interface , on page 150
SRLG Limitations, on page 150
Configure the MPLS-TE Auto-Tunnel Backup: Example
The following example shows the auto-tunnel backup configuration for core or edge routers.
RP/0/RSP0/CPU0:router(config)#
mpls traffic-eng
auto-tunnel backup
tunnel-id min 60000 max 61000
interface pos 0/1/0/0
auto-tunnel backup
attribute-set ab
The following example shows the protection (NNHOP and SRLG) that was set on the auto-tunnel backup.
RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels 1
Signalling Summary:
LSP Tunnels Process: running
RSVP Process: running
Forwarding: enabled
Periodic reoptimization: every 3600 seconds, next in 2524 seconds
Periodic FRR Promotion: every 300 seconds, next in 49 seconds
Auto-bw enabled tunnels: 1
Name: tunnel-te1 Destination: 200.0.0.3 (auto backup)
Status:
Admin: up Oper: up Path: valid Signalling: connected
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 269
Implementing MPLS Traffic Engineering
Configure the MPLS-TE Auto-Tunnel Backup: Examplepath option 10, type explicit (autob_nnhop_srlg_tunnel1) (Basis for Setup, path weight
11)
path option 20, type explicit (autob_nnhop_tunnel1)
G-PID: 0x0800 (derived from egress interface properties)
Bandwidth Requested: 0 kbps CT0
Creation Time: Fri Jul 10 01:53:25.581 PST (1h 25m 17s ago)
Config Parameters:
Bandwidth: 0 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff
Metric Type: TE (default)
AutoRoute: disabled LockDown: disabled Policy class: not set
Forwarding-Adjacency: disabled
Loadshare: 0 equal loadshares
Auto-bw: disabled
Fast Reroute: Disabled, Protection Desired: None
Path Protection: Not Enabled
Auto Backup:
Protected LSPs: 4
Protected S2L Sharing Families: 0
Protected S2Ls: 0
Protected i/f: Gi0/1/0/0 Protected node: 20.0.0.2
Protection: NNHOP+SRLG
Unused removal timeout: not running
History:
Tunnel has been up for: 00:00:08
Current LSP:
Uptime: 00:00:08
Prior LSP:
ID: path option 1 [545]
Removal Trigger: configuration changed
Path info (OSPF 0 area 0):
Hop0: 10.0.0.2
Hop1: 100.0.0.2
Hop2: 100.0.0.3
Hop3: 200.0.0.3
The following example shows automatically created path options for this backup auto-tunnel.
RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels 1 detail
Signalling Summary:
LSP Tunnels Process: running
RSVP Process: running
Forwarding: enabled
Periodic reoptimization: every 3600 seconds, next in 2524 seconds
Periodic FRR Promotion: every 300 seconds, next in 49 seconds
Auto-bw enabled tunnels: 1
Name: tunnel-te1 Destination: 200.0.0.3 (auto backup)
Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 10, type explicit (autob_nnhop_srlg_tunnel1) (Basis for Setup, path weight
11)
path option 20, type explicit (autob_nnhop_tunnel1)
G-PID: 0x0800 (derived from egress interface properties)
Bandwidth Requested: 0 kbps CT0
Creation Time: Fri Jul 10 01:53:25.581 PST (1h 25m 17s ago)
Config Parameters:
Bandwidth: 0 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff
Metric Type: TE (default)
AutoRoute: disabled LockDown: disabled Policy class: not set
Forwarding-Adjacency: disabled
Loadshare: 0 equal loadshares
Auto-bw: disabled
Fast Reroute: Disabled, Protection Desired: None
Path Protection: Not Enabled
Auto Backup (NNHOP+SRLG):
Protected LSPs: 4
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
270 OL-26056-02
Implementing MPLS Traffic Engineering
Configure the MPLS-TE Auto-Tunnel Backup: ExampleProtected S2L Sharing Families: 0
Protected S2Ls: 0
Protected i/f: Gi0/1/0/0 Protected node: 20.0.0.2
Protection: NNHOP+SRLG
Unused removal timeout: not running
Path Options Details:
10: Explicit Path Name: (autob_nnhop_srlg_te1)
1: exclude-srlg 50.0.0.1
2: exclude-address 50.0.0.2
3: exclude-node 20.0.0.2
20: Explicit Path Name: (autob_nnhop_te1)
1: exclude-address 50.0.0.1
2: exclude-address 50.0.0.2
3: exclude-node 20.0.0.2
History:
Tunnel has been up for: 00:00:08
Current LSP:
Uptime: 00:00:08
Prior LSP:
ID: path option 1 [545]
Removal Trigger: configuration changed
Path info (OSPF 0 area 0):
Hop0: 10.0.0.2
Hop1: 100.0.0.2
Hop2: 100.0.0.3
Hop3: 200.0.0.3
This example shows the automatically created backup tunnels.
RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels brief
TUNNEL NAME DESTINATION STATUS STATE
tunnel-te0 200.0.0.3 up up
tunnel-te1 200.0.0.3 up up
tunnel-te2 200.0.0.3 up up
tunnel-te50 200.0.0.3 up up
*tunnel-te60 200.0.0.3 up up
*tunnel-te70 200.0.0.3 up up
*tunnel-te80 200.0.0.3 up up
RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels tabular
Tunnel LSP Destination Source FRR LSP Path
Name ID Address Address State State Role Prot
------------------ ------ --------------- --------------- ------- ------- ------ -----
tunnel-te0 549 200.0.0.3 200.0.0.1 up Inact Head InAct
tunnel-te1 546 200.0.0.3 200.0.0.1 up Inact Head InAct
tunnel-te2 6 200.0.0.3 200.0.0.1 up Inact Head InAct
tunnel-te50 6 200.0.0.3 200.0.0.1 up Active Head InAct
tunnel-te60 4 200.0.0.3 200.0.0.1 up Active Head InAct
tunnel-te70 4 200.0.0.3 200.0.0.1 up Active Head InAct
tunnel-te80 3 200.0.0.3 200.0.0.1 up Active Head InAct
This example shows the auto-tunnel backup details.
RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels auto-tunnel backup detail
Name: tunnel-te400 Destination: 1.1.1.1 (auto-tunnel backup)
Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 20, type explicit (autob_nnhop_te400) (Basis for Setup, path weight 2)
path option 10, type explicit (autob_nnhop_srlg_te400) [disabled]
G-PID: 0x0800 (derived from egress interface properties)
Bandwidth Requested: 0 kbps CT0
Creation Time: Thu Aug 16 18:30:41 2012 (00:01:28 ago)
Config Parameters:
Bandwidth: 0 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff
Metric Type: TE (default)
Metric Type: TE (default)
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 271
Implementing MPLS Traffic Engineering
Configure the MPLS-TE Auto-Tunnel Backup: ExampleHop-limit: disabled
AutoRoute: disabled LockDown: disabled Policy class: not set
Forwarding-Adjacency: disabled
Loadshare: 0 equal loadshares
Auto-bw: disabled
Fast Reroute: Disabled, Protection Desired: None
Path Protection: Not Enabled
Soft Preemption: Disabled
Auto Backup:
Protected LSPs: 1
Protected S2L Sharing Families: 0
Protected S2L: 0
Protected i/f: Gi0/1/0/3 Protected node: 3.3.3.3
Attribute-set: ab1
Protection: NNHOP
Unused removal timeout: not running
Path Option Details:
10: Explicit Path Name: (autob_nnhop_srlg_te400)
1: exclude-srlg 34.9.0.4
2: exclude-address 34.9.0.3
3: exclude-node 3.3.3.3
20: Explicit Path Name: (autob_nnhop_te400)
1: exclude-address 34.9.0.4
2: exclude-address 34.9.0.3
3: exclude-node 3.3.3.3
SNMP Index: 221
History:
Tunnel has been up for: 00:00:34 (since Thu Aug 16 18:31:35 EST 2012)
Current LSP:
Uptime: 00:00:34 (since Thu Aug 16 18:31:35 EST 2012)
Current LSP Info:
Instance: 2, Signaling Area: OSPF 100 area 1.2.3.4
Uptime: 00:00:34 (since Thu Aug 16 18:31:35 EST 2012)
Outgoing Interface: GigabitEthernet0/1/0/2, Outgoing Label: 16000
Router-IDs: local 4.4.4.4
downstream 2.2.2.2
Soft Preemption: None
Path Info:
Outgoing:
Explicit Route:
Strict, 24.9.0.2
Strict, 12.9.1.1
Strict, 1.1.1.1
Record Route: Empty
Tspec: avg rate=0 kbits, burst=1000 bytes, peak rate=0 kbits
Session Attributes: Local Prot: Not Set, Node Prot: Not Set, BW Prot: Not Set
Soft Preemption Desired: Not Set
Resv Info:
Record Route:
IPv4 24.9.0.2, flags 0x0
IPv4 12.9.1.1, flags 0x0
Fspec: avg rate=0 kbits, burst=1000 bytes, peak rate=0 kbits
Displayed 1 (of 104) heads, 0 (of 0) midpoints, 0 (of 201) tails
Displayed 1 up, 0 down, 0 recovering, 0 recovered heads
This example shows the automatically created backup tunnels.
RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels auto-tunnel backup tabular
Tunnel LSP Destination Source Tun FRR LSP Path
Name ID Address Address State State Role Prot
----------------- ----- --------------- --------------- ------ ------ ---- -----
*tunnel-te400 2 1.1.1.1 4.4.4.4 up Inact Head Inact
*tunnel-te401 2 3.3.3.3 4.4.4.4 up Inact Head Inact
* = automatically created backup tunnel
RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels auto-tunnel backup brief
TUNNEL NAME DESTINATION STATUS STATE
*tunnel-te400 1.1.1.1 up up
*tunnel-te401 3.3.3.3 up up
* = automatically created backup tunnel
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
272 OL-26056-02
Implementing MPLS Traffic Engineering
Configure the MPLS-TE Auto-Tunnel Backup: ExampleDisplayed 2 (of 104) heads, 0 (of 0) midpoints, 0 (of 201) tails
Displayed 2 up, 0 down, 0 recovering, 0 recovered heads
This example shows the attribute-set for auto-backup tunnels.
RP/0/RSP0/CPU0:router# show mpls traffic-eng attribute-set auto-backup
Attribute Set Name: ab (Type: auto-backup)
Number of affinity constraints: 2
Include bit map : 0x4
Include name : blue
Exclude bit map : 0x2
Exclude name : red
Priority: 7 7 (Default)
Record-route: Enabled
Policy-class: 1
Logging: reoptimize, state
List of protected interfaces (count 1)
POS0_3_0_1
List of tunnel IDs (count 1)
3000
This example shows the attribute-set for auto-mesh tunnels.
RP/0/RSP0/CPU0:router# show mpls traffic-eng attribute-set auto-mesh
Attribute Set Name: am (Type: auto-mesh)
Bandwidth: 100 kbps (CT0)
Number of affinity constraints: 2
Include bit map : 0x8
Include name : yellow
Exclude bit map : 0x2
Exclude name : red
Priority: 2 2
Interface Bandwidth: 0 kbps (Default)
AutoRoute Announce: Disabled
Auto-bw: Disabled
Soft Preemption: Disabled
Fast Reroute: Enabled, Protection Desired: Node, Bandwidth
Record-route: Enabled
Policy-class: 0 (Not configured)
Logging: None
List of Mesh Groups (count 1)
1
This example shows the details about the tunnel that is using auto-backup type of attribute-set.
RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels attribute-set auto-backup ab
Name: tunnel-te3000 Destination: 1.1.1.1 (auto-tunnel backup)
Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 20, type explicit (autob_nhop_te3000) (Basis for Setup, path weight 2)
path option 10, type explicit (autob_nhop_srlg_te3000) [disabled]
G-PID: 0x0800 (derived from egress interface properties)
Bandwidth Requested: 0 kbps CT0
Creation Time: Tue Aug 14 23:24:27 2012 (00:05:28 ago)
Config Parameters:
Bandwidth: 0 kbps (CT0) Priority: 7 7
Number of affinity constraints: 2
Include bit map : 0x4
Include name : blue
Exclude bit map : 0x2
Exclude name : red
Metric Type: TE (default)
Hop-limit: disabled
AutoRoute: disabled LockDown: disabled Policy class: 1
Forwarding-Adjacency: disabled
Loadshare: 0 equal loadshares
Auto-bw: disabled
Fast Reroute: Disabled, Protection Desired: None
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 273
Implementing MPLS Traffic Engineering
Configure the MPLS-TE Auto-Tunnel Backup: ExamplePath Protection: Not Enabled
Soft Preemption: Disabled
Auto Backup:
Protected LSPs: 2
Protected S2L Sharing Families: 0
Protected S2L: 0
Protected i/f: PO0/3/0/1
Attribute-set: ab
Protection: NHOP
Unused removal timeout: not running
History:
Tunnel has been up for: 00:04:57 (since Tue Aug 14 23:24:58 EST 2012)
Current LSP:
Uptime: 00:04:57 (since Tue Aug 14 23:24:58 EST 2012)
Path info (OSPF 100 area 16909060):
Node hop count: 2
Hop0: 23.9.0.2
Hop1: 12.9.0.2
Hop2: 12.9.0.1
Hop3: 1.1.1.1
Displayed 1 (of 7) heads, 0 (of 3) midpoints, 0 (of 0) tails Displayed 1 up, 0 down, 0
recovering, 0 recovered heads
This example shows the protected interface for auto-backup auto-tunnels.
RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels backup protected-interface
Interface: Gi0/2/0/1 (auto-tunnel backup)
SRLG: N/A, NHOP-only: No
Attribute-set: Not configured
Auto-tunnel backup recreate time remaining: timer not running
No backup tunnel found
Interface: Gi0/2/0/3
tunnel-te340 PROTECTED : out i/f: PO0/3/0/2 Admin: up Oper: up
Interface: PO0/3/0/1 (auto-tunnel backup)
SRLG: N/A, NHOP-only: No
Attribute-set: ab
Auto-tunnel backup recreate time remaining: timer not running
*tunnel-te3000 NHOP : out i/f: Gi0/2/0/2 Admin: up Oper: up
* = automatically created backup tunnel
This example shows the details about all the tunnels that are using auto-mesh type of attribute-set.
RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels attribute-set auto-mesh all
Name: tunnel-te3501 Destination: 1.1.1.1 (auto-tunnel mesh)
Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 10, type dynamic (Basis for Setup, path weight 2)
G-PID: 0x0800 (derived from egress interface properties)
Bandwidth Requested: 100 kbps CT0
Creation Time: Tue Aug 14 23:25:41 2012 (00:06:13 ago)
Config Parameters:
Bandwidth: 100 kbps (CT0) Priority: 2 2
Number of affinity constraints: 2
Include bit map : 0x8
Include name : yellow
Exclude bit map : 0x2
Exclude name : red
Metric Type: TE (default)
Hop-limit: disabled
AutoRoute: disabled LockDown: disabled Policy class: not set
Forwarding-Adjacency: disabled
Loadshare: 0 equal loadshares
Auto-bw: disabled
Fast Reroute: Enabled, Protection Desired: Node, Bandwidth
Path Protection: Not Enabled
Attribute-set: am (type auto-mesh)
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
274 OL-26056-02
Implementing MPLS Traffic Engineering
Configure the MPLS-TE Auto-Tunnel Backup: ExampleSoft Preemption: Disabled
Auto-tunnel Mesh:
Group ID: 1
Destination list: blah
Unused removal timeout: not running
History:
Tunnel has been up for: 00:06:13 (since Tue Aug 14 23:25:41 EST 2012)
Current LSP:
Uptime: 00:06:13 (since Tue Aug 14 23:25:41 EST 2012)
Path info (OSPF 100 area 16909060):
Node hop count: 2
Hop0: 23.9.0.2
Hop1: 12.9.0.2
Hop2: 12.9.0.1
Hop3: 1.1.1.1
Name: tunnel-te3502 Destination: 2.2.2.2 (auto-tunnel mesh)
Status:
Admin: up Oper: up Path: valid Signalling: connected
path option 10, type dynamic (Basis for Setup, path weight 1)
G-PID: 0x0800 (derived from egress interface properties)
Bandwidth Requested: 100 kbps CT0
Creation Time: Tue Aug 14 23:25:41 2012 (00:06:13 ago)
Config Parameters:
Bandwidth: 100 kbps (CT0) Priority: 2 2
Number of affinity constraints: 2
Include bit map : 0x8
Include name : yellow
Exclude bit map : 0x2
Exclude name : red
Metric Type: TE (default)
Hop-limit: disabled
AutoRoute: disabled LockDown: disabled Policy class: not set
Forwarding-Adjacency: disabled
Loadshare: 0 equal loadshares
Auto-bw: disabled
Fast Reroute: Enabled, Protection Desired: Node, Bandwidth
Path Protection: Not Enabled
Attribute-set: am (type auto-mesh)
Soft Preemption: Disabled
Auto-tunnel Mesh:
Group ID: 1
Destination list: blah
Unused removal timeout: not running
History:
Tunnel has been up for: 00:06:13 (since Tue Aug 14 23:25:41 EST 2012)
Current LSP:
Uptime: 00:06:13 (since Tue Aug 14 23:25:41 EST 2012)
Path info (OSPF 100 area 16909060):
Node hop count: 1
Hop0: 23.9.0.2
Hop1: 2.2.2.2
Name: tunnel-te3503 Destination: 4.4.4.4 (auto-tunnel mesh)
Status:
Admin: up Oper: down Path: not valid Signalling: Down
path option 10, type dynamic
Last PCALC Error: Tue Aug 14 23:31:26 2012
Info: No path to destination, 4.4.4.4 (affinity)
G-PID: 0x0800 (derived from egress interface properties)
Bandwidth Requested: 100 kbps CT0
Creation Time: Tue Aug 14 23:25:41 2012 (00:06:13 ago)
Config Parameters:
Bandwidth: 100 kbps (CT0) Priority: 2 2
Number of affinity constraints: 2
Include bit map : 0x8
Include name : yellow
Exclude bit map : 0x2
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 275
Implementing MPLS Traffic Engineering
Configure the MPLS-TE Auto-Tunnel Backup: ExampleExclude name : red
Metric Type: TE (default)
Hop-limit: disabled
AutoRoute: disabled LockDown: disabled Policy class: not set
Forwarding-Adjacency: disabled
Loadshare: 0 equal loadshares
Auto-bw: disabled
Fast Reroute: Enabled, Protection Desired: Node, Bandwidth
Path Protection: Not Enabled
Attribute-set: am (type auto-mesh)
Soft Preemption: Disabled
Auto-tunnel Mesh:
Group ID: 1
Destination list: blah
Unused removal timeout: not running
Displayed 3 (of 7) heads, 0 (of 3) midpoints, 0 (of 0) tails Displayed 2 up, 1 down, 0
recovering, 0 recovered heads
Related Topics
Enabling an AutoTunnel Backup, on page 169
Removing an AutoTunnel Backup, on page 170
Establishing MPLS Backup AutoTunnels to Protect Fast Reroutable TE LSPs, on page 172
Establishing Next-Hop Tunnels with Link Protection, on page 174
Backup AutoTunnels, on page 123
Configure Point-to-Multipoint TE: Examples
These configuration examples show how to configure Point-to-Multipoint TE:
P2MP Topology Scenario: Example
Thissection describes a typicalscenario of point-to-multipoint traffic engineering toplogy. Thisfigure illustrates
the P2MP toplogy.
Figure 19: P2MP Topology
This head router describes the configuration at head node. This router does the imposition of MPLS at head
node.
interface tunnel-mte1
ipv4 unnumbered Loopback0
destination 1.1.1.1
path-option 1 explicit name path-to-tail1
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
276 OL-26056-02
Implementing MPLS Traffic Engineering
Configure Point-to-Multipoint TE: Examples!
destination 2.2.2.2
path-option 1 explicit name path-to-tail2
!
fast-reroute
mpls traffic-eng
interface GigabitEthernet0/1/3/0
!
interface GigabitEthernet0/1/3/7
!
multicast-routing
address-family ipv4
nsf
interface all enable
!
address-family ipv6
nsf
interface all enable
!
!
!
router igmp
vrf default
interface tunnel-mte1
static-group 232.0.0.1 192.168.10.1
!
This mid router describesthe configuration at mid node. Thisrouter performsthe role of MPLS label replication
at mid node.
mpls traffic-eng
interface POS0/2/0/0
!
interface POS0/2/0/1
backup-path tunnel-te 1000
!
interface TenGigE0/3/0/3
!
interface GigabitEthernet0/2/5/0
!
!
This tail router describes the configuration at tail node. This router performs the role of MPLS disposition at
tail node.
mpls traffic-eng
interface POS0/0/3/0
!
!
multicast-routing
address-family ipv4
interface all enable
!
core-tree-protocol rsvp-te group-list lsm
static-rpf 192.168.10.1 32 mpls 5.5.5.5
!
!
This configuration describes the Fast Reroute configuration in the MPLS network.
explicit-path name backup-path-to-tail1
index 1 next-address strict 198.1.1.2
index 2 next-address strick 198.1.2.2
!
interface tunnel-te1000 <<< backup p2p tunnel
ipv4 unnumbered Loopback0
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 277
Implementing MPLS Traffic Engineering
Configure Point-to-Multipoint TE: Examplesdestination 140.140.140.140
path-option 1 explicit name backup-path-to-tail1
!
mpls traffic-eng
interface POS0/2/0/0
!
interface POS0/2/0/1
backup-path tunnel-te 1000
!
interface TenGigE0/5/0/4
!
Configure Point-to-Multipoint for the Source: Example
At the source, multicast routing must be enabled on both the tunnel-mte interface and customer-facing interface.
Then, the static-group must be configured on the tunnel-mte interface to forward specified multicast traffic
over P2MP LSP.
The multicast group address, which is in Source-Specific Multicast (SSM) address range (ff35::/16), must
be used on the static-group configuration because Cisco IOS XR software supports only SSM for Label
Switch Multicast (LSM). Additionally, the customer-facing interface must have an IPv6 address.
Note
multicast-routing
address-family ipv6
interface tunnel-mte 1
enable
!
interface GigabitEthernet0/2/0/3
enable
!
!
!
router mld
vrf default
interface tunnel-mte 1
static-group ff35::1 2000::1 3eFF::A
!
!
!
interface tunnel-mte 1
ipv4 unnumbered Loopback0
destination 3.3.3.3
path-option 1 dynamic
destination 4.4.4.4
path-option 1 dynamic
!
!
Related Topics
Point-to-Multipoint Traffic-Engineering Overview, on page 142
Point-to-Multipoint RSVP-TE , on page 144
Configure the Point-to-Multipoint Tunnel: Example
There is no difference between logging events at the tunnel level for both P2P and P2MP. The P2MP tunnel
reoptimizes only at the per tunnel level.
interface tunnel-mte1
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
278 OL-26056-02
Implementing MPLS Traffic Engineering
Configure Point-to-Multipoint TE: Examplesipv4 unnumbered Loopback0
destination 60.60.60.60
logging events lsp-status state
logging events lsp-status reroute
path-option 10 explicit name toR6_via_R2andR3
!
logging events lsp-status reoptimize
logging events lsp-status state
logging events lsp-status reroute
fast-reroute
record-route
!
explicit-path name PATH7
index 1 next-address strict ipv4 unicast 192.168.7.2
index 2 next-address strict ipv4 unicast 192.168.7.1
index 3 next-address strict ipv4 unicast 192.168.16.1
index 4 next-address strict ipv4 unicast 192.168.16.2
!
Related Topics
Path Option for Point-to-Multipoint RSVP-TE, on page 145
Point-to-Multipoint Traffic-Engineering Overview, on page 142
Disable a Destination: Example
From the tunnel-mte interface, you can disable the destination.
interface tunnel-mte101
ipv4 unnumbered Loopback0
destination 150.150.150.150
disable
path-option 10 dynamic
!
destination 150.150.150.150
path-option 2 dynamic
!
!
Related Topics
Point-to-Multipoint Traffic-Engineering Overview, on page 142
Configure the Point-to-Multipoint Solution: Example
Requirements for MPLS-TE Configuration
Before the Point-to-Multipoint (P2MP) tunnel is defined, these MPLS-TE requirements must be configured:
Multiprotocol Label Switching traffic engineering (MPLS-TE)
Resource ReSerVation Protocol (RSVP)
Open Shortest Path First (OSPF)
This example shows the entire P2MP solution:
Source is the location where the P2MP-TE tunnel interface is created.
Tunnel contains multiple destinations. For example, the P2MP-TE tunnel is configured with two leaf
node destinations by using the dynamic and explicit path options.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 279
Implementing MPLS Traffic Engineering
Configure Point-to-Multipoint TE: Examples Fast-Reroute (FRR) is specified on the P2MP tunnel.
All regular TE tunnel options such as affinity or bandwidth are configured.
Static mapping of the group address to the P2MP tunnel is done in IGMP.
Internet Group Management Protocol (IGMP).
The P2MP-TE midpoint configuration requires only TE and Interior Gateway Protocol (IGP) information.
The P2MP-TE receiver configuration requires a static group and RPF map.
!
explicit-path name g2-r2-r1
index 1 next-address strict ipv4 unicast 10.2.15.1
!
explicit-path name g2-r2-r3
index 1 next-address strict ipv4 unicast 10.2.25.1
index 2 next-address strict ipv4 unicast 10.2.23.2
!
explicit-path name g2-r2-r4
index 1 next-address strict ipv4 unicast 10.2.25.1
index 2 next-address strict ipv4 unicast 10.2.24.2
!
ipv4 access-list ssm
10 permit ipv4 232.1.0.0/16 any
20 permit ipv4 232.3.0.0/16 any
30 permit ipv4 232.4.0.0/16 any
!
ipv4 access-list ssm-test
10 permit ipv4 235.0.0.0/8 any
!
interface Loopback0
ipv4 address 192.168.1.2 255.255.255.255
!
interface tunnel-mte221
ipv4 unnumbered Loopback0
destination 192.168.1.1
path-option 1 dynamic
!
destination 192.168.1.3
path-option 1 dynamic
!
destination 192.168.1.4
path-option 1 dynamic
!
!
interface tunnel-mte222
ipv4 unnumbered Loopback0
destination 192.168.1.1
path-option 1 explicit name g2-r2-r1
!
destination 192.168.1.3
path-option 1 explicit name g2-r2-r3
!
destination 192.168.1.4
path-option 1 explicit name g2-r2-r4
!
signalled-bandwidth 1000
!
interface MgmtEth0/RP0/CPU0/0
ipv4 address 172.20.163.12 255.255.255.128
!
interface MgmtEth0/RP1/CPU0/0
shutdown
!
interface GigabitEthernet0/0/0/0
ipv4 address 172.2.1.2 255.255.255.0
load-interval 30
!
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
280 OL-26056-02
Implementing MPLS Traffic Engineering
Configure Point-to-Multipoint TE: Examplesinterface GigabitEthernet0/0/0/1
ipv4 address 10.1.15.2 255.255.255.0
!
interface GigabitEthernet0/0/0/1.2
ipv4 address 10.2.15.2 255.255.255.0
dot1q vlan 2
!
interface GigabitEthernet0/0/0/2
ipv4 address 10.1.25.2 255.255.255.0
!
interface GigabitEthernet0/0/0/2.2
ipv4 address 10.2.25.2 255.255.255.0
dot1q vlan 2
!
interface GigabitEthernet0/0/0/3
shutdown
!
interface GigabitEthernet0/0/0/4
shutdown
!
interface GigabitEthernet0/0/0/5
shutdown
!
interface GigabitEthernet0/0/0/6
shutdown
!
interface GigabitEthernet0/0/0/7
shutdown
!
router static
address-family ipv4 unicast
0.0.0.0/0 1.56.0.1
0.0.0.0/0 172.20.163.1
!
!
router ospf 100
nsr
router-id Loopback0
area 0
mpls traffic-eng
interface Loopback0
!
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/1
!
interface GigabitEthernet0/0/0/1.2
!
interface GigabitEthernet0/0/0/2
!
interface GigabitEthernet0/0/0/2.2
!
!
mpls traffic-eng router-id Loopback0
!
mpls oam
!
rsvp
interface GigabitEthernet0/0/0/0
bandwidth 20000
!
interface GigabitEthernet0/0/0/1
bandwidth 20000
!
interface GigabitEthernet0/0/0/2
bandwidth 20000
!
interface GigabitEthernet0/0/0/1.2
bandwidth 20000
!
interface GigabitEthernet0/0/0/2.2
bandwidth 20000
!
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 281
Implementing MPLS Traffic Engineering
Configure Point-to-Multipoint TE: Examples!
mpls traffic-eng
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/1
!
interface GigabitEthernet0/0/0/2
!
interface GigabitEthernet0/0/0/1.2
!
interface GigabitEthernet0/0/0/2.2
!
!
mpls ldp
router-id 192.168.1.2
nsr
graceful-restart
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/1
!
interface GigabitEthernet0/0/0/1.2
!
interface GigabitEthernet0/0/0/2
!
interface GigabitEthernet0/0/0/2.2
!
!
multicast-routing
address-family ipv4
core-tree-protocol rsvp-te
ssm range ssm
static-rpf 172.1.1.1 32 mpls 192.168.1.1
static-rpf 172.3.1.1 32 mpls 192.168.1.3
static-rpf 172.4.1.1 32 mpls 192.168.1.4
interface all enable
!
!
router igmp
!
interface tunnel-mte221
static-group 232.2.2.1 172.2.1.1
!
interface tunnel-mte222
static-group 232.2.2.2 172.2.1.1
!
interface GigabitEthernet0/0/0/0
static-group 232.1.2.1 172.1.1.1
static-group 232.1.2.2 172.1.1.1
static-group 232.3.2.1 172.3.1.1
static-group 232.3.2.2 172.3.1.1
static-group 232.4.2.1 172.4.1.1
static-group 232.4.2.2 172.4.1.1
!
!
end
Related Topics
Point-to-Multipoint Traffic-Engineering Overview, on page 142
Point-to-Multipoint RSVP-TE , on page 144
Path Option for Point-to-Multipoint RSVP-TE, on page 145
Point-to-Multipoint Traffic-Engineering Overview, on page 142
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
282 OL-26056-02
Implementing MPLS Traffic Engineering
Configure Point-to-Multipoint TE: ExamplesAdditional References
For additional information related to implementing MPLS-TE, refer to the following references:
Related Documents
Related Topic Document Title
MPLS Traffic Engineering Commands on Cisco ASR
9000 Series Router module in
CiscoASR9000SeriesAggregationServicesRouterMPLS
Command Reference
MPLS-TE commands
CiscoASR9000SeriesAggregationServicesRouterGetting
Started Guide
Getting started material
Standards
Standards Title
No new or modified standards are supported by this
feature, and support for existing standards has not
been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the
following URL and choose a platform under the Cisco
Access Products menu: http://cisco.com/public/
sw-center/netmgmt/cmtk/mibs.shtml
RFCs
RFCs Title
Protocol Extensions for Support of Diffserv-aware
MPLS Traffic Engineering, F. Le Faucheur, Ed. June
2005.
(Format: TXT=79265 bytes) (Status: PROPOSED
STANDARD)
RFC 4124
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 283
Implementing MPLS Traffic Engineering
Additional ReferencesRFCs Title
Maximum Allocation Bandwidth Constraints Model
for Diffserv-aware MPLS Traffic Engineering, F. Le
Faucheur, W. Lai. June 2005.
(Format: TXT=22585 bytes) (Status:
EXPERIMENTAL)
RFC 4125
Russian Dolls Bandwidth Constraints Model for
Diffserv-aware MPLS Traffic Engineering, F. Le
Faucheur, Ed. June 2005.
(Format: TXT=23694 bytes) (Status:
EXPERIMENTAL)
RFC 4127
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical content,
including links to products, technologies, solutions,
technical tips, and tools. Registered Cisco.com users
can log in from this page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
284 OL-26056-02
Implementing MPLS Traffic Engineering
Additional ReferencesC H A P T E R 5
Implementing MPLS OAM
This module describes Multiprotocol Label Switching (MPLS) P2MP Ping and Traceroute features. These
feature provide a means to check connectivity, isolate failure point, thus providing the MPLS Operations,
Administration, and Maintenance (OAM) solution.
For detailed information about MPLS commands and examples, see Cisco ASR 9000 Series Aggregation
Services Router MPLS Command Reference.
Feature History for Implementing MPLS OAM
Release Modification
Release 4.1.0 This feature was introduced.
Prerequisites for MPLS LSP Ping and Traceroute for P2MP, page 285
MPLS Network Management with MPLS LSP Ping and MPLS LSP Traceroute, page 286
Roles of Various Routers, page 286
P2MP Ping, page 287
P2MP Traceroute, page 288
Configure the Ping and Traceroute: Example, page 288
Prerequisites for MPLS LSP Ping and Traceroute for P2MP
Before you use the MPLS LSP Ping and Traceroute for P2MP feature, you should have the support for
following:
Cisco IOS XR software Release 4.1.0or a later release
Configure Resource Reservation Protocol (RSVP) features on the headend, midpoint, and tailend routers
in the MPLS network
Configure traffic engineering features on the headend, midpoint, and tailend routersin the MPLS network
Enable MPLS OAM using the mpls oam command on all routers in the MPLS network
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 285MPLS Network Management with MPLS LSP Ping and MPLS
LSP Traceroute
To manage an MPLS network, you must have the ability to monitor LSPs and quickly isolate MPLS forwarding
problems. You need ways to characterize the liveliness of an LSP and reliably detect when an LSP fails to
deliver user traffic.
You can use MPLS LSP ping to verify the LSP that is used to transport packets. You can use MPLS LSP
traceroute to trace LSPs that are used to carry packets destined for P2MP LSP.
An MPLS echo request is sent through an LSP to validate it. A TTL expiration or LSP breakage causes the
transit router to processthe echo request before it gets to the intended destination. The router returns an MPLS
echo reply that contains an explanatory reply code to the originator of the echo request.
The successful echo request is processed at the egress of the LSP. The echo reply is sent through an IP path,
an MPLS path, or a combination of both, back to the originator of the echo request.
Roles of Various Routers
A P2MP TE network contains the following elements:
Headend Router
The headend router, also called the source or ingress router, is responsible for initiating the signaling
messages that set up the P2MP TE LSP. The headend router can also be a branch point, which means
the router performs packet replication and the sub-LSPs split into different directions.
Midpoint Router
The midpoint router is where the sub-LSP signaling is processed. The midpoint router can be a branch
point.
Tailend Router
The tailend router, also called the destination, egress, or leaf-node router, is where sub-LSP signaling
ends. The router which is one of potentially many destinations of the P2MP TE LSP.
Bud Router
A bud router is a midpoint and tailend router at the same time. An LSR that is an egress LSR, but also
has one or more directly connected downstream LSRs.
Branch Router
A branch router is either a midpoint or tailend router at any given time.
Transit Router
A transit router is an LSR that is not an egress router, but also has one or more directly connected
downstream routers.
A P2MP tunnel consists of one or more sub-LSPs.All sub-LSPs belonging to the same P2MP tunnel
employ the same constraints, protection policies, and so on, which are configured at the headend router.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
286 OL-26056-02
Implementing MPLS OAM
MPLS Network Management with MPLS LSP Ping and MPLS LSP TracerouteFigure 20: Elements of P2MP TE Network illustrates the elements of P2MP TE network.
Figure 20: Elements of P2MP TE Network
P2MP TE tunnels build on the features that exist in basic point-to-point TE tunnels. The P2MP TE tunnels
have the following characteristics:
There is one source (headend) but more than one destination (tailend).
They are unidirectional.
They are explicitly routed.
Multiple sub-LSPs connect the headend router to various tailend routers.
P2MP Ping
The P2MP ping feature is used to check the connectivity between Ingress LSR and egress LSR, along a P2MP
LSP. The Ingress LSR sends the P2MP echo request message along the specified P2MP LSP. All egress LSRs
which receive the P2MP echo request message from the ingress LSR must send a P2MP echo reply message
to the ingress LSR, according to the reply mode specified in the P2MP echo request message.
MPLS LSP ping uses MPLS echo request and reply packets to validate an LSP. You can use MPLS LSP ping
to validate RSVP P2MP IPv4 FECs by using appropriate keywords and arguments with the ping mpls
command.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 287
Implementing MPLS OAM
P2MP PingThe MPLS echo request packet issent to a target router through the use of the appropriate labelstack associated
with the LSP to be validated. Use of the label stack causes the packet to be forwarded over the LSP itself.
The destination IP address of the MPLS echo request packet is different from the address used to select the
label stack. The destination IP address is defined as a 127.x.y.z/8 address. The 127.x.y.z/8 address prevents
the IP packet from being IP switched to its destination, if the LSP is broken.
An MPLS echo reply is sent in response to an MPLS echo request. The reply is sent as an IP packet and it is
forwarded using IP, MPLS, or a combination of both types of switching. The source address of the MPLS
echo reply packet is an address obtained from the router generating the echo reply. The destination address
is the source address of the router that originated the MPLS echo request packet.
The MPLS echo reply destination port is set to the echo request source port.
Only P2MP TE LSP IPv4 is supported. If the Responder Identifier TLV is missing, the echo request
requests information from all responder-ids.
Note
Jitter
Jitter is used to reduce the load on the LSR where the ping is performed. By adding a jitter, the replying routers
will space their reply time based on a random number between 0 and the jitter value, Jitter TLV, specified in
the packet.
P2MP Traceroute
The P2MP traceroute feature is used to isolate the failure point of a P2MP LSP. It is used for hop-by-hop fault
localization and path tracing. The traceroute feature relies on the expiration of the TTL of the packet that
carries the echo request. When the P2MP echo request message hits a transit node, it checks the TTL and if
it is expired, the packet is punted to the control plane, else the message is forwarded or replicated. If punted
to the control plane, a reply message is build based on the contents of the request message.
Traceroute can be applied to all nodes in the P2MP tree. However, you can select a specific traceroute target
through the P2MP Responder Identifier TLV. An entry in this TLV represents an responder-id or a transit
node. This is only the case for P2MP TE LSPs.
Only P2MP TE LSP IPv4 is supported. If the Responder Identifier TLV is missing, the echo request
requests information from all responder-ids.
Note
Jitter
Jitter is used to reduce the load on the LSR where the traceroute is performed. By adding a jitter, the replying
routers will space their reply time based on a random number between 0 and the jitter value, , Jitter TLV,
specified in the packet.
For more information about ping and traceroute commands, see MPLS OAM commands chapter in the
Cisco ASR 9000 Series Aggregation Services Router MPLS Command Reference.
Configure the Ping and Traceroute: Example
This section contains examples of the ping and traceroute commands, based on this topology.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
288 OL-26056-02
Implementing MPLS OAM
P2MP TracerouteThis example shows multiple destinations set on the assigned LSP path.
RP/0/RSP0/CPU0:router# show run int tunnel-mte 10
interface tunnel-mte10
ipv4 unnumbered Loopback0
destination 11.0.0.1
path-option 1 dynamic
!
destination 12.0.0.1
path-option 1 dynamic
!
destination 13.0.0.1
path-option 1 dynamic
!
!
This example shows an extract of the ping command.
# ping mpls traffic-eng tunnel-mte 10
Sending 1, 100-byte MPLS Echos to tunnel-mte10,
timeout is 2.2 seconds, send interval is 0 msec, jitter value is 200 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0, 'd' - DDMAP
Type escape sequence to abort.
Request #1
! reply addr 192.168.222.2
! reply addr 192.168.140.2
! reply addr 192.168.170.1
Success rate is 100 percent (3 received replies/3 expected replies),
round-trip min/avg/max = 154/232/302 ms
This example shows an extract of the ping command with the jitter option.
RP/0/RSP0/CPU0:router# ping mpls traffic-eng tunnel-mte 10 jitter 300
Sending 1, 100-byte MPLS Echos to tunnel-mte10,
timeout is 2.3 seconds, send interval is 0 msec, jitter value is 300 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0, 'd' - DDMAP
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 289
Implementing MPLS OAM
Configure the Ping and Traceroute: ExampleType escape sequence to abort.
Request #1
! reply addr 192.168.222.2
! reply addr 192.168.140.2
! reply addr 192.168.170.1
Success rate is 100 percent (3 received replies/3 expected replies),
round-trip min/avg/max = 148/191/256 ms
This example shows an extract of the ping command with the ddmap option.
RP/0/RSP0/CPU0:router# ping mpls traffic-eng tunnel-mte 10 ddmap
Sending 1, 100-byte MPLS Echos to tunnel-mte10,
timeout is 2.2 seconds, send interval is 0 msec, jitter value is 200 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0, 'd' - DDMAP
Type escape sequence to abort.
Request #1
! reply addr 192.168.222.2
! reply addr 192.168.140.2
! reply addr 192.168.170.1
Success rate is 100 percent (3 received replies/3 expected replies),
round-trip min/avg/max = 105/178/237 ms
RP/0/RSP0/CPU0:router# show mpls traffic-eng tunnels p2mp 10
Mon Apr 12 12:13:55.075 EST
Signalling Summary:
LSP Tunnels Process: running
RSVP Process: running
Forwarding: enabled
Periodic reoptimization: every 3600 seconds, next in 654 seconds
Periodic FRR Promotion: every 300 seconds, next in 70 seconds
Auto-bw enabled tunnels: 0 (disabled)
Name: tunnel-mte10
Status:
Admin: up Oper: up (Up for 12w4d)
Config Parameters:
Bandwidth: 0 kbps (CT0) Priority: 7 7 Affinity: 0x0/0xffff
Metric Type: TE (default)
Fast Reroute: Not Enabled, Protection Desired: None
Record Route: Not Enabled
Destination summary: (3 up, 0 down, 0 disabled) Affinity: 0x0/0xffff
Auto-bw: disabled
Destination: 11.0.0.1
State: Up for 12w4d
Path options:
path-option 1 dynamic [active]
Destination: 12.0.0.1
State: Up for 12w4d
Path options:
path-option 1 dynamic [active]
Destination: 13.0.0.1
State: Up for 12w4d
Path options:
path-option 1 dynamic [active]
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
290 OL-26056-02
Implementing MPLS OAM
Configure the Ping and Traceroute: ExampleHistory:
Reopt. LSP:
Last Failure:
LSP not signalled, identical to the [CURRENT] LSP
Date/Time: Thu Jan 14 02:49:22 EST 2010 [12w4d ago]
Current LSP:
lsp-id: 10002 p2mp-id: 10 tun-id: 10 src: 10.0.0.1 extid: 10.0.0.1
LSP up for: 12w4d
Reroute Pending: No
Inuse Bandwidth: 0 kbps (CT0)
Number of S2Ls: 3 connected, 0 signaling proceeding, 0 down
S2L Sub LSP: Destination 11.0.0.1 Signaling Status: connected
S2L up for: 12w4d
Sub Group ID: 1 Sub Group Originator ID: 10.0.0.1
Path option path-option 1 dynamic (path weight 1)
Path info (OSPF 1 area 0)
192.168.222.2
11.0.0.1
S2L Sub LSP: Destination 12.0.0.1 Signaling Status: connected
S2L up for: 12w4d
Sub Group ID: 2 Sub Group Originator ID: 10.0.0.1
Path option path-option 1 dynamic (path weight 2)
Path info (OSPF 1 area 0)
192.168.222.2
192.168.140.3
192.168.140.2
12.0.0.1
S2L Sub LSP: Destination 13.0.0.1 Signaling Status: connected
S2L up for: 12w4d
Sub Group ID: 3 Sub Group Originator ID: 10.0.0.1
Path option path-option 1 dynamic (path weight 2)
Path info (OSPF 1 area 0)
192.168.222.2
192.168.170.3
192.168.170.1
13.0.0.1
Reoptimized LSP (Install Timer Remaining 0 Seconds):
None
Cleaned LSP (Cleanup Timer Remaining 0 Seconds):
None
Displayed 1 (of 16) heads, 0 (of 0) midpoints, 0 (of 0) tails
Displayed 1 up, 0 down, 0 recovering, 0 recovered heads
RP/0/RSP0/CPU0:router# ping mpls traffic-eng tunnel-mte 10 lsp id 10002
Mon Apr 12 12:14:04.532 EST
Sending 1, 100-byte MPLS Echos to tunnel-mte10,
timeout is 2.2 seconds, send interval is 0 msec, jitter value is 200 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0, 'd' - DDMAP
Type escape sequence to abort.
Request #1
! reply addr 192.168.222.2
! reply addr 192.168.170.1
! reply addr 192.168.140.2
Success rate is 100 percent (3 received replies/3 expected replies),
round-trip min/avg/max = 128/153/167 ms
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 291
Implementing MPLS OAM
Configure the Ping and Traceroute: ExampleThis example shows an extract of the ping command with the responder-id of R3.
RP/0/RSP0/CPU0:router# ping mpls traffic-eng tunnel-mte 10 responder-id 13.0.0.1
Mon Apr 12 12:15:34.205 EST
Sending 1, 100-byte MPLS Echos to tunnel-mte10,
timeout is 2.2 seconds, send interval is 0 msec, jitter value is 200 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0, 'd' - DDMAP
Type escape sequence to abort.
Request #1
! reply addr 192.168.170.1
Success rate is 100 percent (1 received reply/1 expected reply),
round-trip min/avg/max = 179/179/179 ms
This example shows an extract of the traceroute command with the ttl option.
RP/0/RSP0/CPU0:router# traceroute mpls traffic-eng tunnel-mte 10 ttl 4
Mon Apr 12 12:16:50.095 EST
Tracing MPLS MTE Label Switched Path on tunnel-mte10, timeout is 2.2 seconds
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0, 'd' - DDMAP
Type escape sequence to abort.
! 1 192.168.222.2 186 ms [Estimated Role: Bud]
[L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0]
[L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0]
! 2 192.168.222.2 115 ms [Estimated Role: Bud]
[L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0]
[L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0]
! 2 192.168.140.2 213 ms [Estimated Role: Egress]
! 2 192.168.170.1 254 ms [Estimated Role: Egress]
! 3 192.168.222.2 108 ms [Estimated Role: Bud]
[L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0]
[L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0]
! 3 192.168.170.1 164 ms [Estimated Role: Egress]
! 3 192.168.140.2 199 ms [Estimated Role: Egress]
! 4 192.168.170.1 198 ms [Estimated Role: Egress]
! 4 192.168.222.2 206 ms [Estimated Role: Bud]
[L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0]
[L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500
This example shows an extract of the traceroute command with the responder-id option.
RP/0/RSP0/CPU0:router# traceroute mpls traffic-eng tunnel-mte 10 responder-id 13.0.0.1
Mon Apr 12 12:18:01.994 EST
Tracing MPLS MTE Label Switched Path on tunnel-mte10, timeout is 2.2 seconds
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
292 OL-26056-02
Implementing MPLS OAM
Configure the Ping and Traceroute: ExampleCodes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0, 'd' - DDMAP
Type escape sequence to abort.
d 1 192.168.222.2 113 ms [Estimated Role: Branch]
[L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0]
[L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0]
d 2 192.168.222.2 118 ms [Estimated Role: Branch]
[L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0]
[L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0]
! 2 192.168.170.1 244 ms [Estimated Role: Egress]
d 3 192.168.222.2 141 ms [Estimated Role: Branch]
[L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0]
[L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0]
! 3 192.168.170.1 204 ms [Estimated Role: Egress]
d 4 192.168.222.2 110 ms [Estimated Role: Branch]
[L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0]
[L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0]
! 4 192.168.170.1 174 ms [Estimated Role: Egress]
This example shows an extract of the traceroute command with the jitter option.
RP/0/RSP0/CPU0:router# traceroute mpls traffic-eng tunnel-mte 10 responder-id 13.0.0.1 ttl
4 jitter 500
Mon Apr 12 12:19:00.292 EST
Tracing MPLS MTE Label Switched Path on tunnel-mte10, timeout is 2.5 seconds
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0, 'd' - DDMAP
Type escape sequence to abort.
d 1 192.168.222.2 238 ms [Estimated Role: Branch]
[L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0]
[L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0]
d 2 192.168.222.2 188 ms [Estimated Role: Branch]
[L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0]
[L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0]
! 2 192.168.170.1 290 ms [Estimated Role: Egress]
d 3 192.168.222.2 115 ms [Estimated Role: Branch]
[L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0]
[L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0]
! 3 192.168.170.1 428 ms [Estimated Role: Egress]
d 4 192.168.222.2 127 ms [Estimated Role: Branch]
[L] DDMAP 0: 192.168.140.2 192.168.140.2 MRU 1500 [Labels: 16001 Exp: 0]
[L] DDMAP 1: 192.168.170.1 192.168.170.1 MRU 1500 [Labels: 16000 Exp: 0]
! 4 192.168.170.1 327 ms [Estimated Role: Egress]
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 293
Implementing MPLS OAM
Configure the Ping and Traceroute: Example Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
294 OL-26056-02
Implementing MPLS OAM
Configure the Ping and Traceroute: ExampleC H A P T E R 6
Implementing MPLS Transport Profile
This module describes how to implement MPLS transport profile (MPLS-TP) on the router. MPLS-TP
supported by IETF enables the migration of transport networks to a packet-based network that efficiently
scale to support packetservicesin a simple and cost-effective way. MPLS-TP combinesthe necessary existing
capabilities of MPLS with additional minimal mechanisms in order that it can be used in a transport role.
MPLS transport profile enables you to create tunnels that provide the transport network service layer over
which IP and MPLS traffic traverse.
Feature History for Implementing MPLS Transport Profile
Release Modification
Release 4.2.0 This feature was introduced.
Restrictions for MPLS-TP, page 295
Information About Implementing MPLS Transport Profile, page 296
How to Implement MPLS Transport Profile, page 300
Restrictions for MPLS-TP
Penultimate hop popping is not supported. Only ultimate hop popping is supported, because label
mappings are configured at the MPLS-TP endpoints.
MPLS-TP links must be configured with IP addresses.
IPv6 addressing is not supported.
L2VPN Restrictions
Pseudowire ID Forward Equivalence Class(FEC) (type 128) issupported, but generalized ID FEC (type
129) is not supported.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 295 BFD over pseudowire is not supported. Static pseudowire OAM protocol is used to signal fault on static
pseudowire placed over TP tunnels using pseudowire status.
Only Ethernet pseudowire type is supported.
Information About Implementing MPLS Transport Profile
To implement MPLS-TP, you should understand these concepts:
MPLS Transport Profile
MPLS Transport Profile (TP) enables you to create tunnels that provide the transport network service layer
over which IP and MPLS traffic traverse. MPLS-TP tunnels enable a transition from Synchronous Optical
Networking (SONET) and Synchronous Digital Hierarchy (SDH) time-division multiplexing (TDM)
technologies to packet switching, to support services with high bandwidth utilization and low cost. Transport
networks are connection oriented,statically provisioned, and have long-lived connections. Transport networks
usually avoid control protocolsthat change identifierslike labels. MPLS-TP tunnels provide thisfunctionality
through statically provisioned bidirectional label switched paths (LSPs). This figure shows the MPLS-TP
tunnel:
Figure 21: MPLS Transport Profile Tunnel
MPLS-TP combines the necessary existing capabilities of MPLS with additional minimal mechanisms in
order that it can be used in a transport role. You can set up MPLS-TP through a CLI or a network management
system.
MPLS-TP tunnels have these characteristics:
An MPLS-TP tunnel can be associated with working LSP, protect LSP, or both LSP
Statically provisioned bidirectional MPLS-TP label switched paths (LSPs)
Symmetric or asymmetric bandwidth reservation
1:1 path protection with revertive mode for MPLS-TP LSP with revertive mode for MPLS-TP LSP
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
296 OL-26056-02
Implementing MPLS Transport Profile
Information About Implementing MPLS Transport Profile Use of Generic Alert Label (GAL) and Generic Associated Channel Header (G-ACH) to transport control
packets; for example, BFD packets and pseudowire OAM packets
BFD is used as a continuity check (CC) mechanism over MPLS-TP LSP
Remote Defect Indication (RDI) based on BFD
Fault OAM functions
These services are supported over MPLS-TP tunnels:
Dynamic spoke pseudowire (for H-VPLS) over static MPLS-TP tunnels.
Static spoke pseudowire (for H-VPLS) over static MPLS-TP tunnels.
MS-PW services where static and dynamic pseudowire segments can be concatenated.
MPLS ping and traceroute over MPLS TP LSP and PW.
Static routes over MPLS-TP tunnels.
Pseudowire redundancy for static pseudowire.
VPWS using static or dynamic pseudowire pinned down to MPLS-TP tunnels.
VPLS and H-VPLS using static or dynamic pseudowire pinned down to MPLS-TP tunnels.
Bidirectional LSPs
MPLS transport profile (MPLS-TP) LSPs are bidirectional and congruent where LSPs traverse the same path
in both directions. An MPLS-TP tunnel can be associated with either working MPLS-TP LSP, protect MPLS-TP
LSP, or both. The working LSP is the primary LSP backed up by the protect LSP. When a working LSP goes
down, protect LSP is automatically activated. In order for an MPLS-TP tunnel to be operationally up, it must
be configured with at least one LSP.
MPLS-TP Path Protection
Path protection provides an end-to-end failure recovery mechanism (that is, full path protection) for MPLS-TP
tunnels. MPLS-TP LSPs support 1:1 path protection. You can configure the working and protect LSPs as part
of configuring the MPLS-TP tunnel. The working LSP is the primary LSP used to route traffic, while the
protect LSP is a backup for a working LSP. If the working LSP fails, traffic is switched to the protect LSP
until the working LSP is restored, at which time traffic forwarding reverts back to the working LSP (revertive
mode).
Fault OAM Support
The fault OAM protocols and messages support the provisioning and maintenance of MPLS-TP tunnels and
bidirectional LSPs:
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 297
Implementing MPLS Transport Profile
Bidirectional LSPs Generic Associated Channel
Generic Associated Channel (G-ACh) is the control channel mechanism associated with MPLS
LSPs in addition to MPLS pseudowire. The G-ACh Label (GAL) (Label 13) is a generic alert
label to identify the presence of the G-ACh in the label packet. It istaken from the reserved MPLS
label space.
G-ACh or GAL is used to support in-band OAMs of MPLS-TP LSPs and pseudowires. The OAM
messages are used for fault management, connection verification, continuity check and other
functions.
These messages are forwarded along the specified MPLS LSP:
OAM Fault Management: Alarm Indication Signal (AIS), Link Down Indication (LDI), and
Lock Report (LKR) messages (GAL with fault-OAM channel)
OAM Connection Verification: Ping and traceroute messages (GAL with IP channel)
BFD messages (GAL with BFD channel)
These messages are forwarded along the specified pseudowire:
Static pseudowire OAM messages (static pseudowire status)
Pseudowire ping and traceroute messages
Fault Management: Alarm Indication Signal (AIS), Link Down Indication (LDI), and Lock
Report (LKR) messages
LDI messages are generated at midpoint nodes when a failure is detected. The midpoint sends
the LDI message to the endpoint that is reachable with the existing failure. The midpoint node
also sends LKR messages to the reachable endpoint, when an interface is administratively down.
AIS messages are not generated by Cisco platforms, but are processed if received. By default, the
reception of LDI and LKR on the active LSP at an endpoint will cause a path protection switchover,
while AIS will not.
Fault Management: Emulated Protection Switching for LSP Lockout
You can implement a form of Emulated Protection Switching in support of LSP Lockout using
customized fault messages. When a Cisco Lockout message is sent, it does not cause the LSP to
be administratively down. The Cisco Lockout message causes a path protection switchover and
prevents data traffic from using the LSP. The LSP's data path remains up so that BFD and other
OAM messages can continue to traverse it. Maintenance of the LSP can take place such as
reconfiguring or replacing a midpoint LSR. BFD state over LSP must be up and MPLS ping and
traceroute can be used to verify the LSP connectivity, before the LSP is put back into service by
removing the lockout. You cannot lockout working and protect LSPs simultaneously.
LSP ping and traceroute
For MPLS-TP connectivity verification, you can use ping mpls traffic-eng tunnel-tp and
traceroute mpls traffic-eng tunnel-tp commands. You can specify that the echo requests be sent
along the working LSP or the protect LSP. You can also specify that the echo request be sent on
a locked out MPLS-TP tunnel LSP (either working or protect) if the working or protect LSP is
explicitly specified.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
298 OL-26056-02
Implementing MPLS Transport Profile
Fault OAM Support Continuity Check through BFD
BFD session is automatically created on MPLS-TP LSPs with default parameters. You can override
the default BFD parameters either through global commands or per-tunnel commands. Furthermore,
you can optionally specify different BFD parameters for standby LSPs. For example, when an
LSP is in standby, BFD hello messages can be sent at smaller frequency to reduce line-card CPU
usage. However, when a standby LSP becomes active (for example, due to protection switching),
nominal BFD parameters are used for that LSPs(for example, to run BFD hello messages at higher
frequency). For more information about BFD, see the Configuring Bidirectional Forwarding
Detection on the Cisco ASR 9000 Series Router in the Cisco ASR 9000 Series Aggregation
Services Router Interface and Hardware Component Configuration Guide.
MPLS-TP Links and Physical Interfaces
MPLS-TP link IDs may be assigned to physical interfaces only. Bundled interfaces and virtual interfaces are
not supported for MPLS-TP link IDs.
The MPLS-TP link is used to create a level of indirection between the MPLS-TP tunnel and midpoint LSP
configuration and the physical interface. The MPLS-TP link-id command is used to associate an MPLS-TP
link ID with a physical interface and next-hop node address.
Multiple tunnels and LSPs may then refer to the MPLS-TP link to indicate they are traversing that interface.
You can move the MPLS-TP link from one interface to another without reconfiguring all the MPLS-TP tunnels
and LSPs that refer to the link.
Link IDs must be unique on the router or node. For more information, see the Configuring MPLS-TP Links
and Physical Interfaces section.
Tunnel LSPs
Tunnel LSPs, whether endpoint or midpoint, use the same identifying information. However, it is entered
differently.
A midpoint consists of a forward LSP and a reverse LSP. A MPLS-TP LSP mid point is identified by
its name, and forward LSP, reverse LSP, or both are configured under a submode.
At the midpoint, determining which end is source and which is destination is arbitrary. That is, if you
are configuring a tunnel between your router and a coworker's router, then your router is the source.
However, your coworker considers his or her router to be the source. At the midpoint, either router could
be considered the source. At the midpoint, the forward direction is from source to destination, and the
reverse direction is from destination to source. For more information, see the Configuring MPLS-TP
LSPs at Midpoints section.
At the midpoint, the LSP number does not assume default values, and hence must be explicitly configured.
At the endpoint, the local information (source) either comes from the global node ID and global ID, or
from locally configured information using the source command after you enter the interface tunnel-tp
number command, where number is the local or source tunnel-number.
At the endpoint, the remote information (destination) is configured using the destination command after
you enter the interface tunnel-tp number command. The destination command includesthe destination
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 299
Implementing MPLS Transport Profile
MPLS-TP Links and Physical Interfacesnode ID, optionally the global ID, and optionally the destination tunnel number. If you do not specify
the destination tunnel number, the source tunnel number is used.
MPLS-TP IP-less support
Generally,MPLS-TP functionality can be deployed with or without an IP address. However, the main motivation
for the IP-less model is this: an LSR can be inserted into an MPLS-TP network without changing the
configurations on adjacent LSRs. In the past Cisco IOS-XR MPLS-TP release, if an interface does not have
a valid IP address, BFD packets cannot be transmitted over that link, and hence MPLS-TP LSP cannot be
brought up on that link. In this release, the IP-less TP link operates only in a point-to-point mode.
This feature, therefore, makes the need for an IP address on a TP link optional. You may deploy LSRs running
Cisco IOS-XR in MPLS-TP networks with or without an IP address. With such extra flexibility, LSRsrunning
Cisco IOS-XR can be easily deployed not only with LSRs running IOS, but with LSRs from other vendors
too.
How to Implement MPLS Transport Profile
MPLS Transport Profile (MPLS-TP) supported by IETF enables the migration of transport networks to a
packet-based network that efficiently scale to support packet services in a simple and cost effective way.
These procedures are used to implement MPLS-TP:
Configuring the Node ID and Global ID
Perform this task to configure node ID and global ID on the router.
SUMMARY STEPS
1. configure
2. mpls traffic-eng
3. tp
4. node-id node-id
5. global-id num
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
300 OL-26056-02
Implementing MPLS Transport Profile
MPLS-TP IP-less supportCommand or Action Purpose
mpls traffic-eng Enters MPLS TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls
traffic-eng
Step 2
Enters MPLS transport profile (TP) configuration mode. You can
configure MPLS TP specific parameters for the router from this
mode.
tp
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
mpls tp
Step 3
Specifiesthe default MPLS TP node ID, which is used asthe default
source node ID for all MPLS TP tunnels configured on the router.
node-id node-id
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-tp)#
node-id 10.0.0.1
Step 4
The node ID is a 32-bit number represented in IPv4 address
format, and can be optionally assigned to each node.
Note
Specifies the default global ID used for all endpoints and midpoints.
This command makesthe node ID globally unique in a multi-provider
tunnel. Otherwise, the node ID is only locally meaningful.
global-id num
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-tp)#
global-id 10
Step 5
The global ID is a 32-bit number, and can be assigned to
each node.
Note
Configuring Pseudowire OAM Attributes
Perform this task to configure pseudowire OAM attributes.
SUMMARY STEPS
1. configure
2. l2vpn
3. pw-oam refresh transmit value
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 301
Implementing MPLS Transport Profile
Configuring Pseudowire OAM AttributesCommand or Action Purpose
l2vpn Enters L2VPN configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 2
pw-oam refresh transmit value Specifies the OAM timeout refresh intervals.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# pw-oam refresh
transmit 20
Step 3
Configuring the Pseudowire Class
When you create the pseudowire class, you specify the parameters of the pseudowire, such as the use of the
control word and preferred path.
SUMMARY STEPS
1. configure
2. l2vpn
3. pw-class name
4. encapsulation mpls
5. preferred-path interface tunnel-tp tunnel-number
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
l2vpn Enters L2VPN configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# l2vpn
Step 2
Creates a pseudowire OAM class named foo and
enters pseudowire OAM class configuration mode.
pw-class name
Example:
RP/0/RSP0/CPU0:router(config-l2vpn)# pw-class foo
Step 3
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
302 OL-26056-02
Implementing MPLS Transport Profile
Configuring the Pseudowire ClassCommand or Action Purpose
encapsulation mpls Sets pseudowire encapsulation to MPLS.
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-pwc)#
encapsulation mpls
Step 4
Specifies TP tunnel interface 10 for the
preferred-path.
preferred-path interface tunnel-tp tunnel-number
Example:
RP/0/RSP0/CPU0:router(config-l2vpn-pwc-mpls)#
preferred-path interface tunnel-tp 10
Step 5
Configuring the Pseudowire
Perform this task to configure the pseudowire.
SUMMARY STEPS
1. configure
2. interface type interface-path-id
3. pseudowire-class class-name
4. encapsulation mpls
5. preferred-path interface tunnel-tp tunnel-number
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters MPLS transport protocol tunnel interface
configuration mode.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)# interface tunnel-tp
20
Step 2
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 303
Implementing MPLS Transport Profile
Configuring the PseudowireCommand or Action Purpose
Creates a pseudowire class and enters pseudowire class
configuration mode.
pseudowire-class class-name
Example:
RP/0/RSP0/CPU0:router(config-if)# pseudowire-class
foo
Step 3
encapsulation mpls Specifies the encapsulation type.
Example:
RP/0/RSP0/CPU0:router# encapsulation mpls
Step 4
Step 5 preferred-path interface tunnel-tp tunnel-number Specifies TP tunnel interface 10 for the preferred-path.
Example:
RP/0/RSP0/CPU0:router# preferred-path interface
tunnel-tp 10
When a PW class with tunnel-tp interface as a
preferred path is defined, this specified class can
be associated with any PW.
Note
Configuring the MPLS TP Tunnel
On the endpoint routers, create an MPLS TP tunnel and configure its parameters.
SUMMARY STEPS
1. configure
2. interface tunnel-tp number
3. description tunnel-desc
4. bandwidth num
5. source source node-ID
6. destination destination node-ID [global-id destination global ID] tunnel-id destination tunnel ID]
7. working-lsp
8. in-label num
9. out-label mpls label out-link link ID
10. lsp-number value
11. exit
12. protect-lsp
13. in-label num
14. out-label mpls label out-link link ID
15. lsp-number value
16. exit
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
304 OL-26056-02
Implementing MPLS Transport Profile
Configuring the MPLS TP TunnelDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters tunnel tp interface configuration mode. The
range is from 0 to 65535.
interface tunnel-tp number
Example:
RP/0/RSP0/CPU0:router(config)# interface tunnel-tp
10
Step 2
description tunnel-desc Specifies a tunnel tp description.
Example:
RP/0/RSP0/CPU0:router(config-if)# description
head-end tunnel
Step 3
Specifies the tunnel bandwidth in kbps. The range
is from 0 to 4294967295.
bandwidth num
Example:
RP/0/RSP0/CPU0:router(config-if)# tp bandwidth 1000
Step 4
source source node-ID Specifies the source node of the tunnel.
Example:
RP/0/RSP0/CPU0:router(config-if)# source 10.0.0.1
Step 5
destination destination node-ID [global-id destination global Specifies the destination node of the tunnel.
ID] tunnel-id destination tunnel ID]
Step 6
Example:
RP/0/RSP0/CPU0:router(config-if)# destination
10.0.0.1 global-id 10 tunnel-id 2
Specifies a working LSP, also known asthe primary
LSP. This LSP is used to route traffic.
working-lsp
Example:
RP/0/RSP0/CPU0:router(config-if)# working-lsp
Step 7
in-label num Specifies the in-label.
Example:
RP/0/RSP0/CPU0:router(config-if-work)# in-label 111
Step 8
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 305
Implementing MPLS Transport Profile
Configuring the MPLS TP TunnelCommand or Action Purpose
out-label mpls label out-link link ID Specifies the out-label.
Example:
RP/0/RSP0/CPU0:router(config-if-work)# out-label
111 out-link 10
Step 9
lsp-number value Specifies the LSP ID of the working LSP.
Example:
RP/0/RSP0/CPU0:router(config-if-work)# lsp-number
10
Step 10
Exits from working LSP interface configuration
mode.
exit
Example:
RP/0/RSP0/CPU0:router(config-if-work)# exit
Step 11
Specifies a backup for a working LSP. If the
working LSP fails, traffic is switched to the protect
protect-lsp
Example:
RP/0/RSP0/CPU0:router(config-if)# protect-lsp
Step 12
LSP until the working LSP isrestored, at which time
traffic forwarding reverts back to the working LSP.
in-label num Specifies the in-label.
Example:
RP/0/RSP0/CPU0:router(config-if-protect)# in-label
113
Step 13
out-label mpls label out-link link ID Specifies the out-label and out-link.
Example:
RP/0/RSP0/CPU0:router(config-if-protect)# out-label
112 out-link 2
Step 14
lsp-number value Specifies the LSP ID of the protect LSP.
Example:
RP/0/RSP0/CPU0:router(config-if-protect)# lsp-number
10
Step 15
exit Exitsfrom protect LSP interface configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-if-protect)# exit
Step 16
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
306 OL-26056-02
Implementing MPLS Transport Profile
Configuring the MPLS TP TunnelConfiguring MPLS-TP LSPs at Midpoint
Perform this task to configure the MPLS-TP LSPs at the midpoint router.
When configuring the LSPs at the midpoint routers, make sure that the configuration does not reflect
traffic back to the originating node.
Note
SUMMARY STEPS
1. configure
2. mpls traffic-eng
3. tp mid name
4. tunnel-name name
5. lsp-number value
6. source node -ID tunnel-id number
7. destination node -ID tunnel-id number
8. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng Enters MPLS TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# mpls traffic-eng
Step 2
tp mid name Specifies the MPLS-TP tunnel mid-point identifier.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)# tp mid foo
Step 3
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 307
Implementing MPLS Transport Profile
Configuring MPLS-TP LSPs at MidpointCommand or Action Purpose
Specifies the name of the tunnel whose mid point is being
configured.
tunnel-name name
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-tp-mid)#
tunnel-name midtunnel
Step 4
lsp-number value Specifies the LSP ID.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-tp-mid)#
lsp-number 10
Step 5
source node -ID tunnel-id number Specifies the source node ID and tunnel ID.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-tp-mid-fwd)#
source 10.0.0.1 tunnel-id 12
Step 6
destination node -ID tunnel-id number Specifies the destination node ID and tunnel ID.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-tp-mid-rev)#
source 10.0.0.2 tunnel-id 12
Step 7
Step 8 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the
running configuration file, exitsthe configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and
returns the router to EXEC mode without
committing the configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or
committing the configuration changes.
Use the commit command to save the configuration
changes to the running configuration file and remain
within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
308 OL-26056-02
Implementing MPLS Transport Profile
Configuring MPLS-TP LSPs at MidpointConfiguring MPLS-TP Links and Physical Interfaces
MPLS-TP link IDs may be assigned to physical interfaces only.
Note Bundled interfaces and virtual interfaces are not supported for MPLS-TP link IDs.
SUMMARY STEPS
1. configure
2. mpls traffic-eng
3. interface type interface-path-id
4. link-id value next-hop address
5. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
mpls traffic-eng Enters MPLS TE configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
mpls traffic-eng
Step 2
Configures an interface type and path ID to be associated with a MPLS
TE mode.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config-mpls-te)#
interface POS 0/6/0/0
Step 3
Configures an interface type and path ID to be associated with a MPLS
TE mode.
link-id value next-hop address
Example:
RP/0/RSP0/CPU0:router(config-mpls-te-if)#
link-id 22 next-hop 10.1.1.2
Step 4
You must provide the next-hop IP
address.
Note
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 309
Implementing MPLS Transport Profile
Configuring MPLS-TP Links and Physical InterfacesCommand or Action Purpose
You can define a link ID once. If you attempt to use the same
MPLS-TP link ID with different interface or next-hop address,
the configuration getsrejected. You have to remove the existing
link ID configuration before using the same link ID with a
different interface or next-hop address.
Note
Step 5 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
310 OL-26056-02
Implementing MPLS Transport Profile
Configuring MPLS-TP Links and Physical InterfacesI N D E X
A
access-lists, extended 70
ACK (hello acknowledgment) 69
objects 69
RSVP messages 69
ACL match, how to return implicit deny 81
ACL-based prefix filtering 70, 80
ACL-based prefix filtering, RSVP 70
active targeted hellos, how to configure 20
active targeted hellos, prerequisites 20
Additional References command 63, 116, 283
advertisement, label 10
auto-tunnel mesh 258
automatic bandwidth, configuring 212
automatic bandwidth, MPLS-TE 141
restrictions 141
B
backbone 121
bandwidth 76, 128
constraint models 128
control channel, how to configure 76
data channel, how to configure 76
pools 128
Bandwidth Configuration (MAM) 104
Example command 104
Bandwidth Configuration (Prestandard) 104
Example command 104
Bandwidth Configuration (RDM) 105
Example command 105
bandwidth constraints 127
bandwidth pools 152
bandwidth, how to configure 76
benefits 121
bidirectional LSP 297
Build MPLS-TE Topology and Tunnels 260
Example command 260
C
changing restart time 107
class and attributes 129
class mapping 129
compliance 66
concepts 121
configuration 66, 76, 78, 80, 81, 83
ACL-based prefix filtering 80
diffserv TE bandwidth 76
graceful restart 78
how to verify 83
interface-based graceful restart 78
O-UNI LSP 66
Packet dropping 81
Configuration Examples for Cisco MPLS-TE 260
Configuration Examples for RSVP Authentication command 108
Configuration Examples for RSVP command 104
Configure an Interarea Tunnel 264
Example command 264
Configure Automatic Bandwidth 267
Example command 267
Configure Flexible Name-based Tunnel Constraints 263
Example command 263
Configure Forwarding Adjacency 265
Example command 265
Configure IETF DS-TE Tunnels 261
Example command 261
Configure IP LDP Fast Reroute Loop Free Alternate 59
Example 59
Configure MPLS-TE and Fast-Reroute on OSPF 262
Example command 262
Configure PCE 265
Example command 265
Configure the Ignore IS-IS Overload Bit Setting inMPLS-TE 262
Example command 262
Configure Tunnels for Path Protection 266
Example command 266
configuring 4, 187, 218
Configuring ACL-based Prefix Filtering 107
Example command 107
configuring global ID 300
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 IN-1Configuring Graceful Restart 106
Example command 106
configuring LDP downstream on demand mode 50
configuring MPLS TP links 309
configuring MPLS TP LSPs 307
configuring MPLS TP tunnel 304
configuring node ID 300
configuring physical interfaces 309
configuring pseudowire 303
configuring PW class 302
configuring PW OAM attributes 301
configuring SRLG 218
constraint models 128
RDM and MAM 128
overview 128
control 10
control channel, how to configure 76
control communication failure 8
control message 3
with LDP 3
control messages 3
control plane 3, 7, 115
failure 7
Control Protocol (example) 3
control state recovery 8
control, LDP 10
creating 158
D
data channel, how to configure 76
data plane services 115
data plane services, about 115
defining 2, 131
description 65, 119, 295
Diff-Serv 127
RDM (russian doll model) and MAM (maximum allocation
model) 127
Russian Doll Model (RDM) and Maximum Allocation Model
(MAM) 127
Differentiated Services Traffic-Engineering 76, 127
bandwidth, how to configure 76
bandwidth constraints 127
overview 127
diffserv TE bandwidth 76
diffserv-TE bandwidth, how to confirm 76
discovery 17, 20, 22
active targeted hellos, how to configure 20
parameters, configuring 17
passive targeted hellos, how to configure 22
discovery over a link 19
how to configure 19
discovery over a link (continued)
prerequisites 19
downstream on demand 15
DS-TE modes, prestandard and IETF 76
dynamic path setup 2
E
enable soft-preemption 247
engineering a backbone 121
exchanging 4
explicit-null 16
extended access-lists 70
extensions 66, 121
generalized label request 66
generalized UNI attribute 66
New Error Spec sub-codes 66
UNI session 66
extensions, MPLS TE 121
F
failure 7
failure recovery 9
failure recovery, graceful restart 9
fast reroute 130
fault handling 67
flooding 129, 130
thresholds 130
MPLS-TE 129
thresholds 130
triggers 129
flooding thresholds 130
flooding triggers 129
for active targeted hellos 20
for passive targeted hellos 22
FRR (fast reroute) 130, 131
link protection 130
over link bundles 131
with MPLS TE 130
FRR (Fast Reroute) 131
over link bundles 131
G
generalized label request 66
generalized UNI attribute 66
graceful restart 6, 8, 9, 13, 31, 67, 78
failure recovery 9
how to set up LDP NSF 31
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
IN-2 OL-26056-02
Indexgraceful restart (continued)
LDP 6, 31
mechanism 8
NSR 13
phases 8
RSVP 67
session parameters 6
graceful restart, how to enable 78
H
head node 67
hello discovery mechanism 3
hello interval, how to change 107
hello messages 69
high availability 67
high availability, RSVP 67
high-availability 67
hop-by-hop 2
how to buildi 155
how to configure 4, 19, 24, 29, 76, 187
tunnel bandwidth, engineering 76
how to define 2, 13, 131
how to exchange 4
how to set up 5
how to set up LDP NSF 31
how to verify 83
I
IETF DS-TE mode 127
Ignore Intermediate System-to-Intermediate System (IS-IS) 131,
187
overload bit setting 131, 187
Ignore IS-IS 187
overload bit setting 187
IGP (interior gateway protocols) 2, 3, 12
prefixes 3
routing protocols 2
synchronizing with LDP 12
IGP (Interior Gateway Protocols) 1, 2, 3
prefixes 3
routing protocols 2
with LDP 1
IGP prefixes 3
IGP synchronization 12
implementation 16
implementing 75
implicit-null 16
implicit-null-override 16
interface-based graceful restart 78
IP LDP Fast Reroute Loop Free Alternate 14
IP Time to Live (TTL) 69
IS-IS (ignore intermediate system-to-intermediate system) 131
overload bit setting 131
K
keepalive mechanism 3
L
Label Acceptance (Inbound Filtering), example 57
label advertisement 10, 24
control 10
control, LDP 10
how to configure 24
prerequisites 24
Label Advertisement (Outbound Filtering), example 55
label bindings 4
configuring 4
exchanging 4
how to configure 4
how to exchange 4
ldp 258
LDP 2, 3, 4, 6, 13, 31, 115
control messages 3
control plane 3
Control Protocol (example) 3
dynamic path setup 2
hello discovery mechanism 3
hop-by-hop 2
IGP prefixes 3
keepalive mechanism 3
local and remote label binding 3
LSPs, setting up 4
neighbors 3
NSR 13
LDP (label distribution protocol) 3, 4, 6, 8, 9, 10, 11, 13, 16, 17, 19,
20, 22, 31, 54
configuration examples 54
control communication failure 8
control state recovery 8
discovery 17, 20, 22
discovery over a link 19
failure recovery 9
graceful restart 31
IGP prefixes 3
implementation 16
keepalive mechanism 3
label advertisement 10
local and remote label binding 3
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 IN-3
IndexLDP (label distribution protocol) (continued)
local label advertisement control 10
local label allocation control 11
LSPs, setting up 4
neighbors 3
NSF services 6
NSR 13
peer control plane 8
persistent forwarding 8
session protection 11
LDP (label distribution protocol) forwarding 29
how to configure 29
prerequisites 29
LDP Auto-Configuration, example 59
LDP Discovery for Targeted Hellos, example 55
LDP discovery prerequisites 19, 20, 22
for active targeted hellos 20
for passive targeted hellos 22
over a link 19
LDP Discovery, example 54
LDP forwarding 5
how to set up 5
LDP Forwarding, example 56
LDP IGP SynchronizationISIS, example 58
LDP IGP SynchronizationOSPF, example 58
LDP label advertisement 10
LDP Link, example 54
LDP Neighbors, example 56
LDP neighbors, how to set up 26
LDP Nonstop Forwarding with Graceful Restart, example 56
LDP NSF graceful restart prerequisites 31
LDP Session Protection, example 58
LDP with Graceful Restart, example 54
LDP(label distribution protocol) 2, 3, 7, 12
control messages 3
control plane 7
Control Protocol (example) 3
dynamic path setup 2
hello discovery mechanism 3
hop-by-hop 2
IGP synchronization 12
prerequisites 2
link management module 121
link protection 130
local and remote label binding 3
local label advertisement control 10
local label advertisement control, LDP 10
local label allocation control 11
Local Label Allocation Control, example 57
local label allocation control, LDP 11
local label binding 3
loose hop reoptimization 135
LSP 2, 121
defining 2
LSP (continued)
how to define 2
MPLS-TE 121
with LDP 2
LSPs, setting up 4
M
MAM (maximum allocation model), constraint characteristics 128
MAM, how to configure 76
Maximum Allocation Model (MAM), constraint
characteristics 128
mechanism 8
message rate limiting 66
MFI (MPLS forwarding infrastructure) 115
control plane 115
data plane services 115
LDP 115
TE 115
MFI (MPLS Forwarding Infrastructure) 115
control plane 115
data plane services, about 115
LDP 115
TE 115
midpoint 307
MPLS forwarding forms 115
MPLS-TE 120, 121, 129, 130, 155, 158
backbone 121
benefits 121
concepts 121
engineering a backbone 121
extensions 121
fast reroute 130
flooding 129, 130
flooding thresholds 130
flooding triggers 129
link management module 121
overview 121
path calculation module 121
prerequisites 120
topology 155
tunnels 158
with label switching forwarding 121
with RSVP 121
MPLS-TP 295, 296, 297, 299
bidirectional LSP 297
fault OAM support 297
links 299
overview 296
path protection 297
physical interfaces 299
restrictions 295
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
IN-4 OL-26056-02
IndexMPLS-TP (continued)
tunnel endpoint 299
tunnel midpoint 299
MPLS-TP ip-less 300
N
neighbors 3
support for 3
New Error Spec sub-codes 66
node failure 69
NSF (nonstop forwarding) 67
high-availability 67
with RSVP 67
NSF (Nonstop Forwarding) 67, 78
graceful restart, how to enable 78
high-availability 67
with RSVP 67
NSF services 6
NSR 13
NSR (non-stop routing) 13
graceful restart 13
how to define 13
LDP 13
O
O-UNI LSP 66
objects 69
over a link 19
over link bundles 131
overload bit setting 131, 187
configuring 187
defining 131
how to configure 187
how to define 131
overview 66, 121, 127, 128
P
P2MP FRR 144
P2MP LSP 144
P2MP RSVP TE 144
Packet dropping 81
parameters, configuring 17
passive targeted hellos, how to configure 22
path calculation module 121
path calculation module, MPLS-TE 121
path option 145
path option attributes 152
configuration hierarchy 152
path option switchover 153
path protection 153
peer control plane 8
persistent forwarding 8
phases 8
Point-to-Multipoint Traffic-Engineering 142
pools 128
prefixes 3
prerequisites 2, 19, 24, 29, 66, 120, 158
Prestandard DS-TE mode 127
protocol-based CLI 126
R
RDM (russian doll model) and MAM (maximum allocation
model) 127
RDM and MAM 128
RDM bandwidth constraint model 128
RDM, how to configure 76
recovery time 69
refresh interval, how to change 105
refresh reduction 66
Refresh Reduction and Reliable Messaging Configuration 105
Example command 105
remote label binding 3
Resource Reservation Protocol (RSVP) 70
Management Information Base (MIB) 70
restart time 69
restart time, how to change 107
restrictions 141
routing protocols 2
RSVP 65, 66, 67, 69, 70, 75, 76, 78, 80, 81, 83
ACL-based prefix filtering 70
compliance 66
configuration 66, 76, 78, 80, 81, 83
description 65
diffserv-TE bandwidth, how to confirm 76
extensions 66
fault handling 67
graceful restart 67
head node 67
hello messages 69
high availability 67
how to configure 76
implementing 75
message rate limiting 66
node failure 69
overview 66
prerequisites 66
recovery time 69
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
OL-26056-02 IN-5
IndexRSVP (continued)
refresh reduction 66
restart time 69
support for graceful restart 66
tail node 67
topology 83
with O-UNI LSP, configuring 66
RSVP Authentication by Using All the Modes 110
Example command 110
RSVP Authentication for an Interface 109
Example command 109
RSVP Authentication Global Configuration Mode 108
Example command 108
RSVP messages 69
RSVP Neighbor Authentication 109
Example command 109
RSVP nodes 67
head node 67
tail node 67
Russian Doll Model (RDM) and Maximum Allocation Model
(MAM) 127
RVSP node failure 69
S
session parameters 6
session protection 11
session protection, LDP 11
Setting DSCP for RSVP Packets 107
Example command 107
setting implicit-null-override 52
soft-preemption 151
SRLG (shared-risk link group) 218
configuring 218
summary refresh message size, how to change 106
support for 3
support for graceful restart 66
synchronizing with LDP 12
T
tail node 67
TE 115, 119, 129
class and attributes 129
class mapping 129
description 119
thresholds 130
thresholds, flooding 130
topology 83, 155
how to build 155
TP 295
description 295
triggers 129
triggers, flooding 129
TTL 69
RSVP 69
with graceful restart 69
tunnel bandwidth 76
MAM, how to configure 76
RDM, how to configure 76
tunnel bandwidth, engineering 76
tunnels 158
creating 158
prerequisites 158
U
UNI session 66
V
Verify IP LDP Fast Reroute Loop Free Alternate 61
Example 61
W
with graceful restart 69
with label switching forwarding 121
with LDP 1, 2, 3
with MPLS TE 130
with O-UNI LSP, configuring 66
with RSVP 67, 121
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide, Release 4.2.x
IN-6 OL-26056-02
Index
Cisco ASR 9000 Series Aggregation Services Router Modular
Quality of Service Configuration Guide, Release 4.2.x
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Text Part Number: OL-26077-02THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are shown
for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
© 2012 Cisco Systems, Inc. All rights reserved.C O N T E N T S
P r e f a c e Preface xiii
Changes to this document xiii
Obtaining Documentation and Submitting a Service Request xiii
C H A P T E R 1 Modular QoS Overview 1
Information About Modular Quality of Service Overview 1
Benefits of Cisco IOS XR QoS Features 2
QoS Techniques 2
Packet Classification and Marking 2
Default Marking Behavior 3
Congestion Management 4
Congestion Avoidance 4
Differentiated Service Model for Cisco IOS XR Software 4
Access Node Control Protocol 5
Additional Cisco IOS XR QoS Supported Features 5
Modular QoS Command-Line Interface 5
Fabric QoS 5
Where to Go Next 5
Additional References 6
Related Documents 6
Standards 6
MIBs 6
RFCs 7
Technical Assistance 7
C H A P T E R 2 Configuring Access Node Control Protocol 9
Prerequisites for Configuring ANCP 10
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 iiiRestrictions for Configuring ANCP 10
Information About Configuring ANCP 10
ANCP Adjacencies 10
Neighbor Adjacency Timing 10
ANCP Messages 11
Port Mapping 11
Rate Adjustment 11
Prioritization of ANCP Traffic 12
Process Restart 12
ANCP and QoS Interaction 12
Multi Chassis Link Aggregation 12
ANCP over MC-LAG 13
How to Configure ANCP on Cisco 14
Enabling ANCP 14
Configuring ANCP Server Sender Name 15
Configuring ANCP Neighbors 16
Mapping AN Ports to VLAN Subinterfaces 18
Configuring ANCP Rate Adjustment 21
Configuration Examples for Configuring ANCP contains the following examples: 22
Configuring ANCP Server Sender Name: Example 22
Configuring ANCP Neighbors: Example 22
Mapping AN ports to VLAN Subinterfaces: Example 25
Configuring ANCP Rate Adjustment: Example 26
ANCP and QoS Interaction: Example 26
QoS Policy Inconsistency on an Interface: Example 29
ANCP Rate Change 31
Port Speed Change 32
The show qos inconsistency Command: Example 33
Additional References 34
Related Documents 34
Standards 34
MIBs 34
RFCs 35
Technical Assistance 35
Configuring Access Node Control Protocol 35
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
iv OL-26077-02
ContentsC H A P T E R 3 Configuring Modular QoS Congestion Avoidance 37
Prerequisites for Configuring Modular QoS Congestion Avoidance 38
Information About Configuring Modular QoS Congestion Avoidance 38
Random Early Detection and TCP 38
Queue-limit for WRED 38
Tail Drop and the FIFO Queue 39
Configuring Random Early Detection 39
Configuring Random Early Detection 42
Configuring Weighted Random Early Detection 44
Configuring Tail Drop 47
Additional References 51
Related Documents 51
Standards 51
MIBs 52
RFCs 52
Technical Assistance 52
C H A P T E R 4 Configuring Modular QoS Congestion Management 53
Prerequisites for Configuring QoS Congestion Management 54
Information about Configuring Congestion Management 55
Congestion Management Overview 55
Modified Deficit Round Robin 55
Low-Latency Queueing with Strict Priority Queueing 56
Configured Accounting 56
QoS for IPv6 ACLs 57
Traffic Shaping 57
Regulation of Traffic with the Shaping Mechanism 57
Traffic Policing 58
Regulation of Traffic with the Policing Mechanism 59
Single-Rate Policer 59
Two-Rate Policer 60
Committed Bursts and Excess Bursts 62
Committed Bursts 62
Committed Burst Calculation 63
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 v
ContentsExcess Bursts 63
Excess Burst Calculation 63
Deciding if Packets Conform or Exceed the Committed Rate 64
Two-Rate Three-Color (2R3C) Policer 64
Hierarchical Policing 65
Multiple Action Set 65
Packet Marking Through the IP Precedence Value, IP DSCP Value, and the MPLS
Experimental Value Setting 65
Policer Granularity and Shaper Granularity 66
Congestion Management Using DEI 66
How to Configure QoS Congestion Management 66
Configuring Guaranteed and Remaining Bandwidths 66
Configuring Guaranteed Bandwidth 70
Configuring Bandwidth Remaining 73
Configuring Low-Latency Queueing with Strict Priority Queueing 76
Configuring Traffic Shaping 78
Configuring Traffic Policing (Two-Rate Color-Blind) 81
Configuring Traffic Policing (2R3C) 84
Configuring Hierarchical Policing 87
Configuration Examples for configuring congestion management 89
Traffic Shaping for an Input Interface: Example 89
Traffic Policing for a Bundled Interface: Example 90
2R3C Traffic Policing: Example 90
ATM QoS: Example 92
Hierarchical Policing: Example 92
Additional References 92
Related Documents 92
Standards 92
MIBs 93
RFCs 93
Technical Assistance 93
C H A P T E R 5 Configuring Modular QoS Service Packet Classification 95
Prerequisites for Configuring Modular QoS Packet Classification 96
Information About Configuring Modular QoS Packet Classification 97
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
vi OL-26077-02
ContentsPacket Classification Overview 97
Traffic Class Elements 97
Traffic Policy Elements 98
Default Traffic Class 98
Bundle Traffic Policies 98
Shared Policy Instance 99
Policy Inheritance 99
Port Shape Policies 99
Class-based Unconditional Packet Marking Feature and Benefits 100
Specification of the CoS for a Packet with IP Precedence 101
IP Precedence Bits Used to Classify Packets 101
IP Precedence Value Settings 102
Classification Based on DEI 102
Default DEI Marking 103
IP Precedence Compared to IP DSCP Marking 103
QoS Policy Propagation Using Border Gateway Protocol 103
QoS on the Satellite System 104
Auto QoS 104
In-Place Policy Modification 106
Modifications That Can Trigger In-Place Policy Modifications 106
Modifications to QoS Policies 106
Modifications to Class Maps 106
Modifications to Access Lists Used in Class Maps 107
Recommendations for Using In-Place Policy Modification 107
Dynamic Modification of Interface Bandwidth 107
Policy States 107
How to Configure Modular QoS Packet Classification 107
Creating a Traffic Class 107
Creating a Traffic Policy 111
Attaching a Traffic Policy to an Interface 113
Attaching a Shared Policy Instance to Multiple Subinterfaces 115
Attaching a Shared Policy Instance to Bundle Interfaces or EFP Bundles 116
Configuring Class-based Unconditional Packet Marking 118
Configuring QoS Policy Propagation Using Border Gateway Protocol 123
Policy Propagation Using BGP Configuration Task List 123
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 vii
ContentsOverview of Tasks 123
Defining the Route Policy 123
Applying the Route Policy to BGP 125
Configuring QPPB on the Desired Interfaces 126
QPPB scenario 127
Configuring Hierarchical Ingress Policing 127
Configuration Examples for Configuring Modular QoS Packet Classification 129
Traffic Classes Defined: Example 129
Traffic Policy Created: Example 130
Traffic Policy Attached to an Interface: Example 130
Traffic Policy Attached to Multiple Subinterfaces: Example 130
Traffic Policy Attached to a Bundle Interface: Example 131
EFP Load Balancing with Shared Policy Instance: Example 131
|Configuring a Bundle Interface: Example 131
Configuring Two Bundle EFPs with the Load Balance Options: Example 131
Default Traffic Class Configuration: Example 132
class-map match-any Command Configuration: Example 132
Class-based, Unconditional Packet Marking Examples 132
IP Precedence Marking Configuration: Example 132
IP DSCP Marking Configuration: Example 133
QoS Group Marking Configuration: Example 133
CoS Marking Configuration: Example 133
MPLS Experimental Bit Imposition Marking Configuration: Example 134
MPLS Experimental Topmost Marking Configuration: Example 134
In-Place Policy Modification: Example 134
Additional References 135
Related Documents 135
Standards 136
MIBs 136
RFCs 136
Technical Assistance 137
C H A P T E R 6 Modular QoS Deployment Scenarios 139
802.1ad DEI 140
Mark DEI Based on a Policing Action: Example 141
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
viii OL-26077-02
ContentsMark DEI Based on Incoming Fields: Example 141
Congestion Management Using DEI: Example 141
Frame Relay QoS 141
Frame Relay DLCI Classification 142
Frame Relay DE Classification 142
Frame Relay DE Marking 142
Frame Relay QoS: Example 143
IP Header Compression QoS 145
IP Header Compression QoS: Example 146
L2VPN QoS 146
Frame Relay <-> Frame Relay Over Pseudowire: Example 146
Frame Relay <-> Ethernet Over Pseudowire: Example 148
MLPPP QoS/MLFR QoS 149
Multiclass MLPPP with QoS 150
MLPPP QoS/MLFR QoS: Example 151
MPLS QoS 151
MPLS Uniform Mode 152
MPLS Pipe Mode 152
MPLS Short Pipe Mode 153
Uniform, Pipe, Short Pipe Modes: Ingress PE Example 153
Uniform Mode: Egress PE Example 154
Pipe Mode: Egress PE Example 154
Short Pipe Mode: Egress PE Example 155
QoS on Multicast VPN 156
ASR 9000 Ethernet Line Cards 156
QoS on Multicast VPN: Example 156
Unconditional Marking 157
Conditional Marking 157
SIP 700 for the ASR 9000 157
QoS on Multicast VPN: Example 157
QoS on NxDS0 Interfaces 158
One-Level Policy Applied to Main Interface: Example 158
Two-Level Policy Applied to a Subinterface: Example 158
VPLS and VPWS QoS 159
VPLS and VPWS QoS: Example 160
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 ix
ContentsRelated Information 161
C H A P T E R 7 Configuring Hierarchical Modular QoS 163
How to Configure Hierarchical QoS 164
Configuring the Three-Parameter Scheduler 164
ASR 9000 Ethernet Line Cards 165
SIP 700 for the ASR 9000 167
Attaching Hierarchical Policies to Physical and Virtual Links 169
Configuring Enhanced Hierarchical Ingress Policing 171
Two-Level Hierarchical Queueing Policy: Example 173
Three-Level Hierarchical Queueing Policy: Examples 174
Three-Level Hierarchical Queueing Policy: Examples 174
SIP 700 for the ASR 9000 175
Three-Parameter Scheduler: Examples 177
Three-Parameter Scheduler: Examples 177
SIP 700 for the ASR 9000 177
Hierarchical Policing: Examples 178
Hierarchical Policing: Examples 178
SIP 700 for the ASR 9000 178
Attaching Service Policies to Physical and Virtual Links: Examples 179
Physical Link: Example 179
Virtual Link: Example 179
Enhanced Hierarchical Ingress Policing: Example 179
Verifying the Configuration of Hierarchical Policies 180
Additional References 181
Related Documents 181
Standards 181
MIBs 181
RFCs 182
Technical Assistance 182
C H A P T E R 8 Configuring Modular QoS on Link Bundles 183
Link Bundling Overview 183
Load Balancing 184
Layer 3 Load Balancing on Link Bundles 184
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
x OL-26077-02
ContentsQoS and Link Bundling 185
QoS for POS link bundling 185
Input QoS Policy setup 185
Output QoS Policy setup 185
Additional References 186
Related Documents 186
Standards 186
MIBs 187
RFCs 187
Technical Assistance 187
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 xi
Contents Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
xii OL-26077-02
ContentsPreface
This guide describesthe IOS XR QoS configurations. The preface for the Cisco ASR 9000 Series Aggregation
Services Router Modular Quality of Service Configuration Guidecontains the following sections:
Changes to this document, page xiii
Obtaining Documentation and Submitting a Service Request, page xiii
Changes to this document
Table 1 lists the technical changes made to this document since it was first printed.
Table 1: Changes to This Document
Revision Date Change Summary
Republished with documentation updates for Cisco
IOS XR Release 4.2.1.
OL-26077-02 June 2012
OL-26077-01 December 2011 Initial release of this document.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation,submitting a service request, and gathering additional information,
see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco
technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS version 2.0.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 xiii Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
xiv OL-26077-02
Preface
Obtaining Documentation and Submitting a Service RequestC H A P T E R 1
Modular QoS Overview
Quality of Service (QoS) is the technique of prioritizing traffic flows and providing preferential forwarding
for higher-priority packets. The fundamental reason for implementing QoS in your network is to provide
betterservice for certain traffic flows. A traffic flow can be defined as a combination ofsource and destination
addresses, source and destination socket numbers, and the session identifier. A traffic flow can more broadly
be described as a packet moving from an incoming interface that is destined for transmission to an outgoing
interface. The traffic flow must be identified, classified, and prioritized on all routers and passed along the
data forwarding path throughout the network to achieve end-to-end QoS delivery. The terms traffic flow and
packet are used interchangeably throughout this module.
To implement QoS on a network requires the configuration of QoS features that provide better and more
predictable network service by supporting bandwidth allocation, improving loss characteristics, avoiding
and managing network congestion, metering network traffic, or setting traffic flow priorities across the
network.
This module contains overview information about modular QoS features within a service provider network.
Information About Modular Quality of Service Overview, page 1
Where to Go Next, page 5
Additional References, page 6
Information About Modular Quality of Service Overview
Before configuring modular QoS on your network, you should understand the following concepts:
Benefits of Cisco IOS XR QoS Features
QoS Techniques
Differentiated Service Model for Cisco IOS XR Software, page QC-4
Access Node Control Protocol, page QC-5
Additional Cisco IOS XR QoS Supported Features, page QC-5
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 1Benefits of Cisco IOS XR QoS Features
The Cisco IOS XR QoS features enable networks to control and predictably service a variety of networked
applications and traffic types. Implementing Cisco IOS XR QoS in your network promotes the following
benefits:
Control over resources. You have control over which resources (bandwidth, equipment, wide-area
facilities, and so on) are being used. For example, you can limit bandwidth consumed over a backbone
link by FTP transfers or give priority to an important database access.
Tailored services. If you are an Internet Service Provider (ISP), the control and visibility provided by
QoS enables you to offer carefully tailored grades of service differentiation to your customers.
Coexistence of mission-critical applications. Cisco IOS XR QoS features make certain of the following
conditions:
? That your WAN is used efficiently by mission-critical applications that are most important to your
business.
? That bandwidth and minimum delaysrequired by time-sensitive multimedia and voice applications
are available.
? That other applications using the link get their fair service without interfering with mission-critical
traffic.
QoS Techniques
QoS on Cisco IOS XR software relies on the following techniques to provide for end-to-end QoS delivery
across a heterogeneous network:
Packet classification and marking
Congestion management
Congestion avoidance
Before implementing the QoS features for these techniques, you should identify and evaluate the traffic
characteristics of your network because not all techniques are appropriate for your network environment.
Packet Classification and Marking
Packet classification and marking techniques identify the traffic flow, and provide the capability to partition
network traffic into multiple priority levels or classes of service. After classification is complete, any other
QoS actions can be performed.
Identification of a traffic flow can be performed by using several methods within a single router, such as
access control lists(ACLs), protocol match, IP precedence, IP differentiated service code point (DSCP), MPLS
EXP bit, or Class of Service (CoS).
Marking of a traffic flow is performed by:
Setting IP Precedence or DSCP bits in the IP Type of Service (ToS) byte.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
2 OL-26077-02
Modular QoS Overview
Benefits of Cisco IOS XR QoS Features Setting CoS bits in the Layer 2 headers.
Setting EXP bits within the imposed or the topmost Multiprotocol Label Switching (MPLS) label.
Setting qos-group and discard-class bits.
Marking can be carried out:
UnconditionallyAs part of the class-action.
ConditionallyAs part of a policer-action.
Combination of conditionally and unconditionally.
For detailed conceptual and configuration information about packet marking, see the Configuring Modular
Quality of Service Packet Classification on Cisco ASR 9000 Series Routers module in this guide for
unconditional marking, and the Configuring Modular Quality of Service Congestion Management on
Cisco ASR 9000 Series Routers module in this guide for conditional marking.
Default Marking Behavior
When an ingress or egress interface adds VLAN tags or MPLS labels, it requires a default value for the CoS
and EXP values that go into those tags and labels. The default value can be then overridden based on the
policy map. The default value for CoS and EXP is based on a trusted field in the packet upon ingress to the
system. The router implements an implicit trust of certain fields based on the packet type and ingress interface
forwarding type (Layer 2 or Layer 3).
By default, the router does not modify the IP precedence or DSCP without a policy-map being configured.
The default behavior is described below.
On an ingress or egress Layer 2 interface, such as xconnect or bridge-domain, the outermost CoS value is
used for any field that gets added in the ingress interface. If there is a VLAN tag that gets added due to a
Layer 2 rewrite, the incoming outermost CoS value is used for the new VLAN tag. If an MPLS label is added,
the CoS value would be used for the EXP bits in the MPLS tag.
On an ingress or egress Layer 3 interface (routed or label weighted for IPv4 or IPv6 packets), the three DSCP
and precedence bits are identified in the incoming packet. For MPLS packets, the outermost labels EXP bit
is identified, and this value is used for any new field that gets added at the ingress interface. If an MPLS label
is added, then the identified precedence, DSCP, or MPLS EXP value is used for the EXP bits in the newly
added MPLS tag.
Provider Backbone Bridge (PBB) Configuration
In a PBB configuration, when a packet goes from a customer network to a service provider network using
PBB encapsulation, the class of service (CoS) and discard eligibility indicator (DEI) used in the backbone
VLAN tag (B-tag) and service instance tag (I-tag) of the PBB header is by default the CoS and DEI in the
topmost tag of the incoming packet.
When a packet goes from a service provider to a customer network, the PBB header is removed and the I-tag
CoS and DEI is used by default on any tags that are imposed on the customer interface. The default marking
occurs only on imposed tags, and not on existing or translated tags.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 3
Modular QoS Overview
QoS TechniquesCongestion Management
Congestion management techniques control congestion after it has occurred. One way that network elements
handle an overflow of arriving traffic is to use a queueing algorithm to sort the traffic, then determine some
servicing method of prioritizing it onto an output link.
Cisco IOS XR software implements the low-latency Queueing (LLQ) feature, which brings strict priority
queueing (PQ) to the Modified Deficit Round Robin (MDRR) scheduling mechanism. LLQ with strict PQ
allows delay-sensitive data,such as voice, to be dequeued and sent before packetsin other queues are dequeued.
Cisco IOS XR software includestraffic policing capabilities available on a per-class basis as well as class-based
shaping.
The traffic policing feature limitsthe input or output transmission rate of a class of traffic based on user-defined
criteria, and can mark packets by setting values such as IP Precedence, QoS group, or DSCP value.
Traffic shaping allows control over the traffic that leaves an interface to match its flow to the speed of the
remote target interface and ensure that the traffic conforms to the policies contracted for it. Thus, traffic
adhering to a particular profile can be shaped to meet downstream requirements, thereby eliminating bottlenecks
in topologies with data-rate mismatches.
Cisco IOS XRsoftware supports a class-based traffic shaping method through a CLI mechanism in which
parameters are applied per class.
For detailed conceptual and configuration information about congestion management, see the Configuring
Modular Quality of Service Congestion Management on Cisco ASR 9000 Series Routers module.
Congestion Avoidance
Congestion avoidance techniques monitor network traffic flowsin an effort to anticipate and avoid congestion
at common network and internetwork bottlenecks before problems occur. These techniques are designed to
provide preferential treatment for traffic (such as a video stream) that has been classified as real-time critical
under congestion situations while concurrently maximizing network throughput and capacity utilization and
minimizing packet loss and delay. Cisco IOS XR software supports the Random Early Detection (RED),
Weighted RED (WRED), and tail drop QoS congestion avoidance features.
For detailed conceptual and configuration information about congestion avoidance techniques, see the
Configuring Modular Quality of Service Congestion Management on Cisco ASR 9000 Series Routers
module in this guide.
Differentiated Service Model for Cisco IOS XR Software
Cisco IOS XR software supports a differentiated service that is a multiple-service model that can satisfy
different QoS requirements. However, unlike in the integrated service model, an application using differentiated
service does not explicitly signal the router before sending data.
For differentiated service, the network tries to deliver a particular kind of service based on the QoS specified
by each packet. Thisspecification can occur in different ways, for example, using the IP Precedence bitsettings
in IP packets or source and destination addresses. The network uses the QoS specification to classify, mark,
shape, and police traffic, and to perform intelligent queueing.
The differentiated service model is used for several mission-critical applications and for providing end-to-end
QoS. Typically, this service model is appropriate for aggregate flows because it performs a relatively coarse
level of traffic classification.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
4 OL-26077-02
Modular QoS Overview
Differentiated Service Model for Cisco IOS XR SoftwareAccess Node Control Protocol
Access Node Control Protocol (ANCP) creates a control plane between a service-oriented aggregation device
and an access node (AN) (for example, a DSLAM) in order to perform QoS-related, service-related, and
subscriber-related operations. An ANCP Network Access Server (NAS) accepts and maintains ANCP
adjacencies (sessions with an ANCP neighbor), and sending and receiving ANCP messages.
ANCP allows static mapping between AN ports and VLAN subinterfaces so that DSL rate updates for a
specific subscriber received by the ANCP server are applied to the QoS configuration corresponding to that
subscriber. DSL train rates received via ANCP are used to alter shaping rates on subscriber-facing interfaces
and subinterfaces on the router.
Additional Cisco IOS XR QoS Supported Features
The following sections describe the additional features that play an important role in the implementation of
QoS on Cisco IOS XR software.
Modular QoS Command-Line Interface
In Cisco IOS XR software, QoS features are enabled through the Modular QoS command-line interface (MQC)
feature. The MQC is a command-line interface (CLI) structure that allows you to create policies and attach
these policies to interfaces. A traffic policy contains a traffic class and one or more QoS features. A traffic
class is used to classify traffic, whereas the QoS features in the traffic policy determine how to treat the
classified traffic. One of the main goals of MQC is to provide a platform-independent interface for configuring
QoS across Cisco platforms.
For detailed conceptual and configuration information about the MQC feature, see the Configuring Modular
Quality of Service Packet Classification on Cisco ASR 9000 Series Routers module in this guide.
Fabric QoS
There is no separate configuration for fabric QoS. The fabric priority is derived from the priority action in
the ingress service policy.
Where to Go Next
To configure the packet classification features that involve identification and marking of traffic flows, see the
Configuring Modular Quality of Service Packet Classification on Cisco ASR 9000 Series Routers module
in this guide.
To configure the queueing, scheduling, policing, and shaping features, see the Configuring Modular Quality
of Service Congestion Management on Cisco ASR 9000 Series Routers module in this guide.
To configure the WRED and RED features, see the Configuring Modular QoS Congestion Avoidance on
Cisco ASR 9000 Series Routers module in this guide.
To configure Access Node Control Protocol (ANCP) features, see the Configuring Access Node Control
Protocol on Cisco ASR 9000 Series Routers module in this guide.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 5
Modular QoS Overview
Access Node Control ProtocolAdditional References
The following sections provide references related to implementing QoS.
Related Documents
Related Topic Document Title
Cisco ASR 9000 Series Aggregation Services Router Getting
Started Guide
Initial system bootup and configuration
Cisco ASR 9000 Series Aggregation Services Router Master
Command Listing
Master command reference
Cisco ASR 9000 Series Aggregation Services Router
Modular Quality of Service Command Reference
QoS commands
Configuring AAA Services on Cisco ASR 9000 Series
Router module of Cisco Cisco ASR 9000 Series
Aggregation Services Router System Security Configuration
Guide
User groups and task IDs
Standards
Standards Title
No new or modified standards are supported by
this feature, and support for existing standards
has not been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the following
URL and choose a platform under the Cisco Access
Products menu: http://cisco.com/public/sw-center/netmgmt/
cmtk/mibs.shtml
CISCO-CLASS-BASED-QOS-MIB
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
6 OL-26077-02
Modular QoS Overview
Additional ReferencesRFCs
RFCs Title
No new or modified RFCs are supported by this
feature, and support for existing RFCs has not
been modified by this feature.
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical
content, including links to products,
technologies,solutions, technical tips, and tools.
Registered Cisco.com users can log in from this
page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 7
Modular QoS Overview
RFCs Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
8 OL-26077-02
Modular QoS Overview
Technical AssistanceC H A P T E R 2
Configuring Access Node Control Protocol
Access Node Control Protocol (ANCP) creates a control plane between a service-oriented aggregation device
and an access node (AN) (for example, a DSLAM) in order to perform QoS-related, service-related, and
subscriber-related operations. An ANCP server accepts and maintains ANCP adjacencies (sessions with an
ANCP neighbor), and sending and receiving ANCP messages. ANCP allows static mapping between ANCP
ports and VLAN subinterfaces so that DSL rate updates for a specific subscriber received by the ANCP
server are applied to the QoS configuration corresponding to that subscriber. DSL train rates received via
ANCP are used to alter shaping rates on subscriber-facing interfaces and subinterfaces on the router. ANCP
runs as a single process on the route processor (RP).
This module provides the conceptual and configuration information for implementing ANCP.
Line Card, SIP, and SPA Support
Feature ASR 9000 Ethernet Line Cards SIP 700 for the ASR 9000
Access Node Control Protocol yes no
Feature History for Configuring Access Node Protocol on Cisco ASR 9000 Series Routers
Release Modification
Release 3.7.2 The Access Node Control Protocol feature was introduced.
Release 3.9.0 Mapping of ANCP portsto VLAN interfaces over Ethernet bundles was added.
Release 4.0.0 ANCP over Multi Chassis Link Aggregation was introduced.
Prerequisites for Configuring ANCP, page 10
Restrictions for Configuring ANCP, page 10
Information About Configuring ANCP, page 10
How to Configure ANCP on Cisco, page 14
Configuration Examples for Configuring ANCP contains the following examples:, page 22
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 9 Additional References, page 34
Configuring Access Node Control Protocol, page 35
Prerequisites for Configuring ANCP
Restrictions for Configuring ANCP
The following restrictions apply when configuring ANCP on your network:
Only Rate Adaptive Mode is supported in Cisco IOS XR Release 3.7.2.
VPN routing and forwarding (VRF) awareness is not supported in Cisco IOS XR Release 3.7.2. All IP
interfaces receiving ANCP traffic should be in default VRF.
ANCP over IPv6 is not supported for Cisco IOS XR Release 3.7.2.
Only VLAN subinterfaces over Ethernet and Ethernet bundle ports can be mapped to AN ports using
ANCP.
Information About Configuring ANCP
To implement ANCP, you must understand the following concepts:
ANCP Adjacencies
The ANCP server accepts TCP connections from access nodes. An ANCP neighbor is any access node that
establishes an adjacency with an ANCP server. ANCP is configured globally, and as long as it is IP-enabled,
there is no restriction on whether ANCP messages are received on the physical or logical interface.
TCP creates a separate connection socket for each access node. Because access nodes are not identified
explicitly in ANCP messages, the TCP socket serves as the ANCP neighbor identifier for the ANCP server.
Once the TCP connection between ANCP neighbors has been made, the ANCP adjacency protocol establishes
an ANCP session over that connection and negotiates ANCP capabilities. There is a single ANCP session per
ANCP neighbor. ANCP session information becomes a subset of the information of a corresponding neighbor.
ANCP protocol supports dynamic neighbor detection so no configuration of access nodes is required. ANCP
neighbors can also be statically preconfigured on the ANCP server. In such a case, access nodes are explicitly
identified by their IDs, which then must match the sender-name field in the ANCP adjacency protocol
messages.
Neighbor Adjacency Timing
The adjacency timer defines the maximum delay between different stages of ANCP session establishment
and the period of ANCP keepalive.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
10 OL-26077-02
Configuring Access Node Control Protocol
Prerequisites for Configuring ANCPANCP adjacency lifetime is governed by the adjacency protocol. If synchronization with the peer access node
is lost (for example, if the adjacency dead timer expires), the ANCP server removes the adjacency, and the
underlying TCP connection is closed.
ANCP Messages
Two ANCP message types are processed by the ANCP server: Port Up and Port Down. Port Up messages
contain DSL rate information; Port Down messages indicate that the corresponding access line is no longer
available. DSL rate updates from Port Up messages are made available to the QoS subsystem. Port Down
messages are used to internally track the ANCP port state.
These messages can only be received by the server after the ANCP adjacency is established. However, once
a Port Up message is received, the DSL rate information it contains is considered valid indefinitely, provided
AN-port-to-interface mapping is configured for that port. It is stored in the AN port database until it is
overwritten by another Port Up message for this port or is cleared manually. The removal of an adjacency or
the reception of a Port Down message is reflected in the database for display and troubleshooting purposes,
but DSL rate information is not invalidated.
Port Mapping
AN ports are statically mapped to VLAN subinterfaces, referred to as AN-port-to-interface mapping. This
implies that there is at least one VLAN subinterface configured per subscriber line. There is no limit to the
number of interfaces that can be mapped to an AN port.
VLAN subinterfaces mapped to an AN port can be created or removed. When mapping is configured, VLAN
subinterfaces are referenced in the ANCP module by name. This name is used for notifications of interface
creation and deletion and provides the information that is used in updating the DSL rate.
An AN port database is maintained for all ports learned from Port Up messages. This database also contains
the AN-port-to-interface mapping database. If a Port Up message for an AN port arrives but no interface is
mapped to that port, the rate information is stored in the AN port database but not published. When a mapping
for that port is configured, the AN port database is scanned to identify any ANCP messagesthat were received
on this port prior to the mapping configuration. If there were, the known rate is published.
Rate Adjustment
ANCP can apply a correction factor to the DSL line rate reported in Port Up messages before publishing the
rate update to the system. This correction factor or rate adjustment is configurable in the global configuration
mode per DSL type and access encapsulation type (ATM or Ethernet). DSL type and encapsulation type are
provided in mandatory type, length, and value (TLV) data in the Port Up message.
To use the rate adjustment feature for non-default loop types (Ethernet), DSLAMs must support the
optional Access Loop Encapsulation sub-TLV.
Note
ANCP rate-adaptive mode information is processed by the ANCP module to determine the maximum bandwidth
(shape rate) available for a given subscriber line. A fixed correction factor is then applied to the ANCP
bandwidth based on the DSL type to account for the overhead of different DSL technologies. For example,
a given subscribers ANCP bandwidth may be 15 Mbps, but due to the DSL technology overhead, the effective
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 11
Configuring Access Node Control Protocol
ANCP Messagesbandwidth for that subscriber should be limited to 80 percent of 15 Mbps, which is 12 Mbps. This corrected
effective bandwidth is conveyed to QoS modules to limit the maximum rate for the subscribers traffic.
The ANCP rate is used as a QoS shaping rate only if the ANCP rate is greater than the currently configured
QoS shaping rate. (The ANCP rate used by QoS is rounded down to the nearest 128 kbps.)
Note
Prioritization of ANCP Traffic
In case of congestion, the Cisco ASR 9000 Series Router marks ANCP messages as high priority so that the
aggregation network between the Network Access Server (NAS) and the access node (AN) can prioritize the
ANCP messages ahead of other traffic.
Process Restart
During a process restart, TCP connections with ANCP neighbors normally drop. When the ANCP server
comes back, TCP connections and ANCP sessions are reestablished by the neighbors. Upon reconnecting to
the server, DSLAMs send Port Up messages for every active port. Any published rate information received
prior to restart is restored in the ANCP configuration. If the restart occurred due to a crash, conflicts between
published data and configuration data are detected and published data is corrected.
ANCP and QoS Interaction
When the ANCP value is applied correctly, it overrides the configured QoS shaper value. For an example of
an ANCP value applied incorrectly and an example of the interaction with QoS when the ANCP value is
applied correctly, see ANCP and QoS Interaction: Example.
Multi Chassis Link Aggregation
Multi Chassis Link Aggregation (MC-LAG) provides a simple redundancy mechanism for a Digital Subscriber
Line Access Multiplier (DSLAM) to Cisco ASR 9000 Series Router connection. The redundancy is achieved
by allowing a dual-homed connection to two routers. There is no added software complexity on the DSLAM,
because the DSLAMviewsthe dual-homed connection as a single LAG. The DSLAMis known as a dual-homed
device (DHD), and each router is known as a point of attachment (PoA) in MC-LAG terminology. For more
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
12 OL-26077-02
Configuring Access Node Control Protocol
Prioritization of ANCP Trafficdetailed information about MC-LAG, see the Cisco ASR 9000 Series Aggregation Services Router L2VPN
and Ethernet Services Configuration Guide.
Figure 1: MC-LAG connects DSLAM to ASR 9000 Series Routers
ANCP over MC-LAG
Access Node Control Protocol (ANCP) is required to support a network topology that includes MC-LAG
connections to DSLAMs. CPE circuits connect to DSLAMs and adjust line speeds based on signal quality
with Rate Adaptive DS. Uplinks connect DSLAMs to routers. If the line speed of a circuit adjusts to a lower
data rate than the uplink, subscriber data can be lost on the DSLAM. To prevent data loss, a DSLAM notifies
the router of the new DSL rate with ANCP, and downstream shaping is dynamically applied on the router
such that the data rate of the uplink does not exceed the CPE circuit data rate.
ANCP applies DSLAM subscriber circuit DSL rate data it learns, to MC-LAG VLAN subinterfaces that are
mapped to the subscriber circuit. The rates are applied to QoS shapers. The DSL rates that ANCP has applied
to the MC-LAG VLAN subinterfaces are distributed by the ANCP application running on the active PoA for
the MC-LAG to the ANCP application that is running on the standby PoA for the MC-LAG, using ICCP
(Inter-Chassis Communication Protocol). ANCP on the standby PoA for the MC-LAG applies the DSL rate
data to the corresponding MC-LAG VLAN subinterfaces. When an event occursthat causes one of the standby
PoAs to assume the active role for the MC-LAG, the ANCP application on the newly active PoA has already
applied the DSL rates to shapers on the MC-LAG VLAN subinterfaces, so the correct DSL rates are applied
when this LAG goes active and congestion and subsequent data loss does not occur at the DSLAM.
A DSLAM establishes an ANCP adjacency with a router over a TCP connection. The DSL rates for the
DSLAM subscriber circuits are communicated over this TCP connection. The DSL rates are applied to Layer
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 13
Configuring Access Node Control Protocol
ANCP and QoS Interaction2 VLAN subinterfaces that are mapped to the subscriber circuits. The ANCP TCP connection that is used to
send DSL rates for Layer 2 VLAN subinterfaces on an MC-LAG must be on a Layer 3 VLAN subinterface
that is in the same MC-LAG as the L2VLAN subinterfaces. Note that this constraint implies that there is one
ANCP TCP connection between the DSLAM and router per MC-LAG.
Figure 2: ANCP over MC-LAG VLAN Subinterfaces
When an active PoA for a MC-LAG becomes the standby, the DSLAM ANCP TCP connection is terminated.
The DSLAM re-establishes the ANCP TCP connection with the PoA that assumes the active role for the
MC-LAG.
How to Configure ANCP on Cisco
This section contains instructions for the following tasks:
Enabling ANCP
Configuring ANCP Server Sender Name
Configuring ANCP Neighbors
Mapping AN Ports to VLAN Subinterfaces
Configuring ANCP Rate Adjustment
Enabling ANCP
To enable ANCP, use the ancp command in global configuration mode.
Prerequisites
To use this command, you must be in a user group associated with a task group that includes the proper task
IDs for ANCP.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
14 OL-26077-02
Configuring Access Node Control Protocol
How to Configure ANCP on CiscoSUMMARY STEPS
1. configure RP/0/RSP0/CPU0:router# configure RP/0/RSP0/CPU0:router(config)#
2. ancp RP/0/RSP0/CPU0:router(config)# ancp
3. end
4. or commit
5. show ancp summary [statistics][detail] RP/0/RSP0/CPU0:router# show ancp summary
DETAILED STEPS
Command or Action Purpose
configure RP/0/RSP0/CPU0:router# Enters global configuration mode.
configure RP/0/RSP0/CPU0:router(config)#
Step 1
Step 2 ancp RP/0/RSP0/CPU0:router(config)# ancp Enables ANCP.
Step 3 end
Step 4 or commit Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-ancp)#
end
When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before exiting
(yes/no/cancel)? [cancel]:
or
RP/0/RSP0/CPU0:router(config-ancp)#
commit
Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the
router to EXEC mode.
Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
Entering cancel leavesthe router in the current configuration session
without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
(Optional) Displays ANCP summary and general configuration
information.
show ancp summary [statistics][detail]
RP/0/RSP0/CPU0:router# show ancp
summary
Step 5
Configuring ANCP Server Sender Name
The ANCP server sender name is used by the ANCP server in adjacency protocol messages to DSLAMs.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 15
Configuring Access Node Control Protocol
Configuring ANCP Server Sender NameSUMMARY STEPS
1. configure RP/0/RSP0/CPU0:router# configure RP/0/RSP0/CPU0:router(config)#
2. ancp server sender-name {H.H.H | A.B.C.D} RP/0/RSP0/CPU0:router(config)# ancp server sender-name
0013.1aff.c2bd
3. end
4. or commit
DETAILED STEPS
Command or Action Purpose
configureRP/0/RSP0/CPU0:router# configure Enters global configuration mode.
RP/0/RSP0/CPU0:router(config)#
Step 1
ancp server sender-name {H.H.H | A.B.C.D} Configures a local sender name.
RP/0/RSP0/CPU0:router(config)# ancp server
sender-name 0013.1aff.c2bd
Step 2
Step 3 end
Step 4 or commit Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-ancp)#
end
When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before exiting
(yes/no/cancel)? [cancel]:
or
RP/0/RSP0/CPU0:router(config-ancp)#
commit
Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the
router to EXEC mode.
Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
Entering cancel leavesthe router in the current configuration session
without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Configuring ANCP Neighbors
The TCP connection from any neighbor is accepted on any interface. To match a neighbor configuration to
a respective TCP connection, ANCP neighbors are identified by a sender name that must match the
corresponding field in adjacency protocol messages. Optionally, a description string can be supplied to identify
the ANCP neighbor on the system and an adjacency timer interval configured.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
16 OL-26077-02
Configuring Access Node Control Protocol
Configuring ANCP NeighborsSUMMARY STEPS
1. configure
2. ancp neighbor sender-name {H.H.H | A.B.C.D}[description string]
3. ancp neighbor sender-name {H.H.H | A.B.C.D} [adjacency-timer interval]
4. end or commit
5. show ancp neighbor {description description-string| sender-name {H.H.H | A.B.C.D}} [statistics][detail]
RP/0/RSP0/CPU0:router# show ancp neighbor sender-name 0006.2aaa.281b
6. show ancp neighbor summary [statistics][detail] RP/0/RSP0/CPU0:router# show ancp neighbor summary
7. clear ancp neighbor {all | description description-string |sender-name {H.H.H | A.B.C.D}}[state |statistics]
RP/0/RSP0/CPU0:router# clear ancp neighbor all
8. clear ancp summary [statistics | detail] RP/0/RSP0/CPU0:router# clear ancp summary statistics
9. show ancp neighbor [all] [statistics] RP/0/RSP0/CPU0:router# show ancp neighbor statistics
10. show ancp neighbor state [none | synsent | synrcvd | estab} [statistics] RP/0/RSP0/CPU0:router# show
ancp neighbor none
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)#
Step 1
ancp neighbor sender-name {H.H.H | Sets neighbor description parameter to easily identify DSLAMs.
A.B.C.D}[description string]
Step 2
Example:
RP/0/RSP0/CPU0:router(config)# ancp neighbor
sender-name oo13.1aff.c2bd description vendorA1
Sets neighbor adjacency timer parameter. If a neighbor session
is already established, it will be reset so this timer can take
affect.
ancp neighbor sender-name {H.H.H | A.B.C.D}
[adjacency-timer interval]
Example:
RP/0/RSP0/CPU0:router(config)# ancp neighbor
sender-name 0013.1aff.c2bd adjacency-timer 20
Step 3
Note Configured ports are placed in a down state while
unconfigured ports are released.
Step 4 end or commit Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-ancp)# end
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changesfound, commit them before exiting
(yes/no/cancel)? [cancel]:
or
RP/0/RSP0/CPU0:router(config-ancp)# commit
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 17
Configuring Access Node Control Protocol
Configuring ANCP NeighborsCommand or Action Purpose
Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
Entering no exits the configuration session and returns the
router to EXEC mode without committing the
configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration
changesto the running configuration file and remain within
the configuration session.
(Optional) Displays data or message statistics associated with
individual ANCP adjacencies or sets of adjacencies.
show ancp neighbor {description description-string|
sender-name {H.H.H | A.B.C.D}} [statistics][detail]
RP/0/RSP0/CPU0:router# show ancp neighbor
sender-name 0006.2aaa.281b
Step 5
show ancp neighbor summary [statistics][detail] (Optional) Displays adjacency counts by state.
RP/0/RSP0/CPU0:router# show ancp neighborsummary
Step 6
(Optional) Clears ANCP neighbors, either all or individually.
Configured ports are placed in a down state while releasing
clear ancp neighbor {all | description description-string
| sender-name {H.H.H | A.B.C.D}}[state | statistics]
RP/0/RSP0/CPU0:router# clear ancp neighbor all
Step 7
unconfigured ports. If state is selected, the adjacency is reset
without clearing the TCP socket.
(Optional) Clears aggregate message statistics only, without
modifying individual neighbor or port statistics.
clear ancp summary [statistics | detail]
RP/0/RSP0/CPU0:router# clear ancp summary statistics
Step 8
show ancp neighbor [all] [statistics] (Optional) Displays ANCP neighbor information.
RP/0/RSP0/CPU0:router# show ancp neighborstatistics
Step 9
show ancp neighbor state [none | synsent | synrcvd | (Optional) Displays adjacency protocol state information.
estab} [statistics] RP/0/RSP0/CPU0:router# show ancp
neighbor none
Step 10
Mapping AN Ports to VLAN Subinterfaces
Port mapping associates DSLAM access ports or customer premises equipment (CPE) clients of a DSLAM
with VLAN subinterfaces. The VLANs can be IEEE 802.1Q or QinQ hierarchical VLANs. To map AN ports
to VLAN subinterfaces, use the ancp an-port command in global configuration mode.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
18 OL-26077-02
Configuring Access Node Control Protocol
Mapping AN Ports to VLAN SubinterfacesSUMMARY STEPS
1. configure
2. ancp an-port circuit-id Access-Loop-Circuit-ID [interface type interface-path-id | interface Bundle-Ether
bundle-id] RP/0/RSP0/CPU0:router(config)# ancp an-port circuit-id circuit1 interface gigabitethernet
2/0/1/1.1
3. end or commit
4. show ancp an-port {circuit-id Access-Loop-Circuit-ID | interface type interface-path-id | interface
Bundle-Ether bundle-id | mapping} [statistics | detail]
5. show ancp an-port [configured | dynamic-only][statistics]
6. show ancp an-port summary [statistics][detail]
7. clear ancp an-port {all | circuit-id Access-Loop-Circuit-Id | interface type interface-path-id | interface
Bundle-Ether bundle-id | neighbor {description string | sender-name {H.H.H | A.B.C.D}}[statistics]
8. show ancp an-port {description description-string | sender-name {H.H.H | A.B.C.D}}
9. show ancp an-port state [up | down | none] [statistics]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)#
Step 1
Defines a unique access node ID. This ID information is
included in the ANCP Port Up and Port Down messages.
ancp an-port circuit-id Access-Loop-Circuit-ID
[interface type interface-path-id | interface
Step 2
Bundle-Ether bundle-id]
The Circuit ID must be supplied before the access node port
configuration can be committed.
RP/0/RSP0/CPU0:router(config)# ancp an-port circuit-id
circuit1 interface gigabitethernet 2/0/1/1.1
When using a shared policy instance in subinterfaces with
ANCP, the same AN port circuit ID must be mapped to all
subinterfaces that have the same shared policy instance.
Step 3 end or commit Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-ancp)# end
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changesfound, commit them before exiting
(yes/no/cancel)? [cancel]:
or
RP/0/RSP0/CPU0:router(config-ancp)# commit Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
Entering no exits the configuration session and returns the
router to EXEC mode without committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 19
Configuring Access Node Control Protocol
Mapping AN Ports to VLAN SubinterfacesCommand or Action Purpose
Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration
changesto the running configuration file and remain within
the configuration session.
(Optional) Displays information about the association of
DSLAM access ports(or CPE clients of a DSLAM) with VLAN
subinterfaces.
show ancp an-port {circuit-id Access-Loop-Circuit-ID |
interface type interface-path-id | interface
Bundle-Ether bundle-id | mapping} [statistics | detail]
Example:
RP/0/RSP0/CPU0:router# show ancp an-port
gigabitethernet 2/0/1/1.1
Step 4
(Optional) Displayssummary data orstatisticsfor AN portsthat
are or are not mapped to interfaces.
show ancp an-port [configured | dynamic-only][statistics]
Example:
RP/0/RSP0/CPU0:router# show ancp an-port
configured
Step 5
show ancp an-port summary [statistics][detail] (Optional) Displays port counts by state.
Example:
RP/0/RSP0/CPU0:router# show ancp an-port summary
Step 6
(Optional) Clears AN ports of dynamic data or statistics either
individually or in groups. Published information is cleared and
information learned from the DSLAM is cleared.
clear ancp an-port {all | circuit-id Access-Loop-Circuit-Id
| interface type interface-path-id | interface
Bundle-Ether bundle-id | neighbor {description string
| sender-name {H.H.H | A.B.C.D}}[statistics]
Step 7
Example:
RP/0/RSP0/CPU0:router# clear ancp an-port all
show ancp an-port {description description-string | (Optional) Displays AN port information.
sender-name {H.H.H | A.B.C.D}}
Step 8
Example:
RP/0/RSP0/CPU0:router# show ancp an-port
description vendor3b
show ancp an-portstate [up | down | none] [statistics] (Optional) Displays AN port state information.
Example:
RP/0/RSP0/CPU0:router# show ancp an-port state
up
Step 9
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
20 OL-26077-02
Configuring Access Node Control Protocol
Mapping AN Ports to VLAN SubinterfacesConfiguring ANCP Rate Adjustment
Use the ancp rate-adjustment command to apply a mathematical correction to the ANCP rate update prior
to applying it as a shaper rate.
SUMMARY STEPS
1. configure RP/0/RSP0/CPU0:router# configure RP/0/RSP0/CPU0:router(config)#
2. ancp rate-adjustment dsl-type access-loop-type percent-factor factor
3. end or commit
4. show ancp summary detail RP/0/RSP0/CPU0:router# show ancp summary detail
DETAILED STEPS
Command or Action Purpose
configure RP/0/RSP0/CPU0:router# Enters global configuration mode.
configure
RP/0/RSP0/CPU0:router(config)#
Step 1
Sets the parameters for the ANCP shaper percent factor. dsl-type and
access-loop-type are compared to appropriate values in optional type-length
ancp rate-adjustment dsl-type
access-loop-type percent-factor factor
Example:
RP/0/RSP0/CPU0:router(config)# ancp
Step 2
values (TLVs) in the ANCP Port Up message and the ANCP rate is adjusted
by a configured factor in case of a match.
dsl-type(Required) Sets DSL type code:
rate-adjustment adsl2 ethernet
percent-factor 90 adsl1 adsl2 adsl2+ vdsl1 vdsl2 sdsl
access-loop-type(Required) Sets access-loop-type to ATMor Ethernet.
percent-factor factor(Required) A percent value to be applied to the
ANCP reported rate update prior to configuring it as a shaping rate.
Step 3 end or commit Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config)# end
When you issue the end command, the system prompts you to commit
changes:
Uncommitted changesfound, commit them before exiting (yes/no/cancel)?
[cancel]:
or
RP/0/RSP0/CPU0:router(config)#
commit
Entering yes saves configuration changes to the running configuration
file, exitsthe configuration session, and returnsthe router to EXEC mode.
Entering no exitsthe configuration session and returnsthe router to EXEC
mode without committing the configuration changes.
Entering cancel leaves the router in the current configuration session
without exiting or committing the configuration changes.
Use the commit command to save the configuration changesto the running
configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 21
Configuring Access Node Control Protocol
Configuring ANCP Rate AdjustmentCommand or Action Purpose
(Optional) Shows generic ANCP configuration information along with rate
adjustment configuration information.
show ancp summary detail
RP/0/RSP0/CPU0:router# show ancp
summary detail
Step 4
Configuration Examples for Configuring ANCP contains the
following examples:
Configuring ANCP Server Sender Name: Example
Configuring ANCP Neighbors: Example
Mapping AN ports to VLAN Subinterfaces: Example
Configuring ANCP Rate Adjustment: Example
ANCP and QoS Interaction: Example
QoS Policy Inconsistency on an Interface: Example
Configuring ANCP Server Sender Name: Example
Configuring ANCP Neighbors: Example
The following example shows how to set ANCP neighbor parameters:
configure
ancp neighbor sender-name 0001.2222.3333 description VendorA-1
ancp neighbor sender-name 0001.2222.3333 adjacency-timer 20
commit
The following example shows the output from a specific neighbor using the sender-name MAC address:
show ancp neighbor sender-name 0006.2aaa.281b
ANCP Neighbor Data
-------------------------------------------
Sender Name 0006.2aaa.281b
Description first
State ESTAB
Capability Topology Discovery
Ports:
State Up 25
State Down 5
Total 30
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
22 OL-26077-02
Configuring Access Node Control Protocol
Configuration Examples for Configuring ANCP contains the following examples:The following example showsthe same command with the addition of the detail keyword,showing a summary
of AN ports that were reported by that neighbor:
show ancp neighbor sender-name 0006.2aaa.281b detail
ANCP Neighbor Data
-------------------------------------------
Sender Name 0006.2aaa.281b
Description first
State ESTAB
Capability Topology Discovery
Ports:
State Up 4
State Down 0
Total 4
Remote IP Addr/TCP Port 209.165.200.225/11126
Local IP Addr/TCP Port 209.165.200.250/6068
Server Sender Name 0013.1aff.c2bd
Remote Timeout 25500 msec
Local Timeout 10000 msec
Adjacency Uptime 01:25:20
Time Since Last Port Msg 00:00:04
Remote Port 0
Remote Instance 1
Local Instance 1
Remote Partition ID 0
List of AN port data for neighbor sender name 0006.2aaa.281b
------------------------------ ----- ---------- -------- ---- ------------
Line Num Adjusted DS
Circuit-id State Uptime State Intf Rate (kbps)
------------------------------ ----- ---------- -------- ---- ------------
circuit1 UP 00:27:49 SHOWTIME 3 2250
circuit2 UP 00:00:49 SHOWTIME 2 2250
circuit3 UP 00:00:49 SHOWTIME 2 2250
circuit4 UP 00:00:49 SHOWTIME 0 2250
The following example shows the same command, this time with the addition of the statistics keyword,
showing a summary of message statistics for the selected neighbor:
show ancp neighbor sender-name 0006.2aaa.281b statistics
ANCP Neighbor Message Statistics
for Sender-name -, Description 0006.2aaa.281b
-----------------------------------------------
Sent Received
SYN 1 2
SNYACK 1 0
ACK 589 238
RSTACK 0 0
Port Up - 10
Port Down - 0
Drops 0 0
Total 600 250
The following example shows how to display generic information about ANCP configuration, along with
neighbor and port counts by state:
show ancp summary
ANCP Summary Information
----------------------------------------------
Capability: Topology Discovery
Server sender-name: 0013:1aff.c2bd
Neighbor count by state:
- 0
SYNSENT 0
SUNRCVD 0
ESTAB 1
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 23
Configuring Access Node Control Protocol
Configuring ANCP Neighbors: Example----------------------------------
Total 1
Port count by state:
State Up 1
State Down 0
State Unknown 0
----------------------------------
Total 1
No. configured ports 1
No. mapped sub-interfaces 4
The following example shows how to display rate adjustment configuration information in addition to the
generic information shown in the previous example:
show ancp summary detail
ANCP Summary Information
----------------------------------------------
Capability: Topology Discovery
Server sender-name: 0013:1aff.c2bd
Neighbor count by state:
- 0
SYNSENT 0
SUNRCVD 0
ESTAB 1
----------------------------------
Total 1
Port count by state:
State Up 1
State Down 0
State Unknown 0
----------------------------------
Total 1
No. configured ports 1
No. mapped sub-interfaces 4
Rate adjustment configuration:
-------------------------------------------
DSL Type Loop Type Percent-Factor
-------------------------------------------
ADSL1 ETHERNET 90
ADSL2 ETHERNET 100
ADSL2PLUS ETHERNET 100
VDSL1 ETHERNET 100
VDSL2 ETHERNET 100
SDSL ETHERNET 100
ADSL1 ATM 100
ADSL2 ATM 100
ADSL2PLUS ATM 100
VDSL1 ATM 100
VDSL2 ATM 100
SDSL ATM 100
The following example shows how to display a summary of ANCP message statistics:
show ancp summary statistics
ANCP Summary Message Statistics
--------------------------------------
Sent Received
SYN 3 6
SYNACK 4 0
ACK 7105 2819
RSTACK 2 0
Port Up - 6
Port Down - 0
Drops 0 0
Total 7114 2831
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
24 OL-26077-02
Configuring Access Node Control Protocol
Configuring ANCP Neighbors: ExampleThe following example shows how to clear all neighbor data and statistics:
clear ancp neighbor all
The following example shows how to clear a specific neighbor:
clear ancp neighbor description vendor1a
The following example shows how to clear aggregate message statistics:
clear ancp summary statistics
Mapping AN ports to VLAN Subinterfaces: Example
The following example shows a unique access node ID being defined:
configure
ancp an-port circuit-id circuit1 interface gigabitethernet 2/0/1/1.1
The following example shows how to display information for a port identified by its subinterface:
show ancp an-port interface gigabitethernet 0/0/0/37.1
AN port circuit-id ccc1:
State UP
UPtime 02:23:45
Time Since Last Message 00:00:00
Encap Type ETHERNET
DSL type ADSL1
DSL Line State SHOWTIME
Number of Mapped Interfaces 3
Neighbor sender-name 0006.2aaa.281b
Neighbor description 7200-client
Configured Rate Adjustment 90%
Actual Downstream Data Rate (kbps) 2500
Effective Downstream Data Rate (kbps) 2250
The following example shows how use the detail keyword to display port information as well as a list of the
interfaces mapped to that port.
show ancp an-port circuit-id ccc1 detail
AN port circuit-id ccc1:
State UP
UPtime 02:31:36
Time Since Last Message 00:00:00
Encap Type ETHERNET
DSL type ADSL1
DSL Line State SHOWTIME
Number of Mapped Interfaces 3
Neighbor sender-name 0006.2aaa.281b
Neighbor description 7200-client
Configured Rate Adjustment 90%
Actual Downstream Data Rate (kbps) 2500
Effective Downstream Data Rate (kbps) 2250
Actual Data Rate Upstream/Downstream (kbps) 2500/2500
Minimum Data Rate Upstream/Downstream (kbps) 0/0
Attainable Data Rate Upstream/Downstream (kbps) 0/0
Maximum Data Rate Upstream/Downstream (kbps) 0/0
Minimum Low Power Data Rate Upstream/Downstream (kbps) 0/0
Maximum Interleaving delay Upstream/Downstream (ms) 0/0
Actual Interleaving Delay Upstream/Downstream (ms) 0/0
Sub-interface Summary: total 3
-----------------------------------------------
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 25
Configuring Access Node Control Protocol
Mapping AN ports to VLAN Subinterfaces: ExampleSub-interface Name ifhandle
--------------------------------- ----------
GigabitEthernet0/0/0/37.1 0x0
GigabitEthernet0/0/0/37.11 0x0
GigabitEthernet0/0/0/38.10 0xb80
The following example uses the statistics keyword to display port message statistics for a specific AN port:
show ancp an-port circuit-id ccc1 statistics
Port message statistics for circuit-id ccc1:
Port Up 5
Port Down 0
The following example shows how to display port counts by state:
show ancp an-port summary
AN Port Count Summary
------------------------------
State UP 4
State DOWN 0
Config only ports 0
Total 4
# Configured ports 1
# Mapped sub-interfaces 4
The following example shows how to clear message statistics for all AN ports:
clear ancp an-port all statistics
The following example shows how to clear dynamic data for all AN ports:
clear ancp an-port all
The following example show how to clear dynamic data for a specific interface:
clear ancp an-port interface gigabitethernet 0/1/0/10.5
Configuring ANCP Rate Adjustment: Example
ANCP and QoS Interaction: Example
The following example shows a hierarchical QoS policy configuration with and without an ANCP value
applied:
policy-map child-3play
class 3play-voip
priority level 1
police rate 65 kbps
!
!
class 3play-video
priority level 2
police rate 128 kbps
!
random-detect cos 3 10 ms 100 ms
random-detect cos 4 20 ms 200 ms
!
class 3play-premium
bandwidth percent 100
!
class class-default
!
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
26 OL-26077-02
Configuring Access Node Control Protocol
Configuring ANCP Rate Adjustment: Exampleend-policy-map
!
policy-map parent-3play-subscriber-line
class class-default
service-policy child-3play
shape average 1 mbps
!
end policy-map
!
A policy is applied on an interface without ANCP:
interface GigabitEthernet 0/1/0/0.1 l2transport
encapsulation dot1q 2
service-policy output parent-3play-subscriber-line
!
The show qos command verifies that ANCP has not been applied (ANCP is shown as 0 kbps).
RP/0/RSP0/CPU0:router# show qos interface GigabitEthernet 0/1/0/0.1 out
Interface: GigabitEthernet0_1_0_0.1 output Bandwidth: 1000000 kbps
ANCP: 0 kbps
Policy: parent-3-play-subscriber-line Total number of classes: 5
---------------------------------------------------------------------------
Level: 0 Policy: parent-3-play-subscriber-line Class: class-default
QueueID: N/A
Shape Profile: 1 CIR: 960 kbps CBS: 1024 bytes PIR: 960 kbps PBS: 13312 bytes
WFQ Profile: 1 Committed Weight: 1 Excess Weight: 1
Bandwidth: 0 kbps, BW sum for Level 0: 1000000 kbps, Excess Ratio: 1
---------------------------------------------------------------------------
Level: 1 Policy: child-3play Class: 3play-voip
Parent Policy: parent-3play-subscriber-line Class: class-default
QueueID: 8 (Priority 1)
Queue Limit: 16 kbytes Profile: 3 Scale Profile: 0
Policer Profile: 0 (Single)
Conform: 65 kbps (65 kbps) Burst: 1598 bytes (0 Default)
Child Policer Conform: TX
Child Policer Exceed: DROP
Child Policer Violate: DROP
---------------------------------------------------------------------------------
Level: 1 Policy: child-3play Class: 3play-video
Parent Policy: parent-3play-subscriber-line Class: class-default
QueueID: 9 (Priority 2)
Queue Limit: 8 kbytes (11 Unknown) Profile: 4 Scale Profile: 0
Policer Profile: 24 (Single)
Conform: 128 kbps (128 kbps) Burst: 1598 bytes (0 Default)
Child Policer Conform: TX
Child Policer Exceed: DROP
Child Policer Violate: DROP
WRED Type: COS based Table: 0 Profile: 4 Scale Profile: 0 Curves: 3
Default RED Curve Thresholds Min : 8 kbytes Max: 8 kbytes
WRED Curve: 1 Thresholds Min : 8 kbytes Max: 8kbytes
Match: 3
WRED Curve: 2 Thresholds Min : 8 kbytes Max: 8 kbytes
Match: 4
---------------------------------------------------------------------------------
Level: 1 Policy: child-3play Class: 3-play-premium
Parent Policy: parent-3play-subscriber-line Class: class-default
QueueID: 10 (Priority Normal)
Queue Limit: 16 kbytes Profile: 1 Scale Profile: 1
WFQ Profile: 4 Committed Weight: 100 Excess Weight: 100
Bandwidth: 1000 kbps, BW sum for Level 1: 1000 kbps, Excess Ratio: 1
---------------------------------------------------------------------------------
Level: 1 Policy: child-3play Class: class-default
Parent Policy: parent-3play-subscriber-line Class: class-default
QueueID: 11 (Priority Normal)
Queue Limit: 8 kbytes Profile: 1 Scale Profile: 0
WFQ Profile: 5 Committed Weight: 1 Excess Weight: 1
Bandwidth: 0 kbps, BW sum for Level 1: 1000 kbps, Excess Ratio: 1
--------------------------------------------------------------------------------
RP/0/RSP0/CPU0:router#
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 27
Configuring Access Node Control Protocol
ANCP and QoS Interaction: ExampleANCP AN-Port to Interface Mapping is applied:
RP/0/RSP0/CPU0:router# configure
RP/0/RSP0/CPU0:router(config)# ancp an-port circuit-id dslam1_port1 interface GigabitEthernet
0/1/0/0.1
The show ancp an-port interface command shows the ANCP rate for the interface:
RP/0/RSP0/CPU0:router# show ancp an-port interface GigabitEthernet 0/1/0/0.1 detail
AN port circuit-id dlsam1_port1:
State UP
Uptime 00:00:32
Time Since Last Message 00:00:32
Encap Type ATM
DSL Type ADSL1
DSL Line State SHOWTIME
Number of Mapped Sub-interfaces 1
Neighbor sender-name 0000.0000.1bec
Neighbor description -
Configured Rate Adjustment 100%
Actual Downstream Data Rate (kbps) 2000
Effective Downstream Data Rate (kbps) 2000
Actual Data Rate Upstream/Downstream (kbps) 2000/2000
Minimum Data Rate Upstream/Downstream (kbps) 0/0
Attainable Data Rate Upstream/Downstream (kbps) 0/0
Maximum Data Rate Upstream/Downstream (kbps) 0/0
Minimum Low Power Data Rate Upstream/Downstream (kbps) 0/0
Maximum Interleaving Delay Upstream/Downstream (ms) 0/0
Actual Interleaving Delay Upstream/Downstream (ms) 0/0
Sub-interface Summary: total 1
------------------------------------------------------
Sub-interface name ifhandle
---------------------------------- ----------
GigabitEthernet0/1/0.1 0x215e042
The show qos command verifies that ANCP has been applied (ANCP is now shown as 1920 kbps).
RP/0/RSP0/CPU0/router# show qos interface GigabitEthernet 0/1/0.1 out
Interface GigabitEthernet0_1_0_0.1 output Bandwidth: 1000000 kbps
ANCP: 1920 kbps
Policy: parent-3play-subscriber-line Total number of classes: 5
--------------------------------------------------------------------
Level: 0 Policy: parent-3-play-subscriber-line Class: class-default
QueueID: N/A
Shape Profile: 1 CIR: 1920 kbps CBS: 1024 bytes PIR: 1920 kbps PBS: 13312 bytes
WFQ Profile: 1 Committed Weight: 1 Excess Weight: 1
Bandwidth: 0 kbps, BW sum for Level 0: 1000000 kbps, Excess Ratio: 1
---------------------------------------------------------------------------
Level: 1 Policy: child-3play Class: 3play-voip
Parent Policy: parent-3play-subscriber-line Class: class-default
QueueID: 8 (Priority 1)
Queue Limit: 16 kbytes Profile: 3 Scale Profile: 0
Policer Profile: 0 (Single)
Conform: 65 kbps (65 kbps) Burst: 1598 bytes (0 Default)
Child Policer Conform: TX
Child Policer Exceed: DROP
Child Policer Violate: DROP
---------------------------------------------------------------------------------
Level: 1 Policy: child-3play Class: 3play-video
Parent Policy: parent-3play-subscriber-line Class: class-default
QueueID: 9 (Priority 2)
Queue Limit: 8 kbytes (11 Unknown) Profile: 4 Scale Profile: 0
Policer Profile: 24 (Single)
Conform: 128 kbps (128 kbps) Burst: 1598 bytes (0 Default)
Child Policer Conform: TX
Child Policer Exceed: DROP
Child Policer Violate: DROP
WRED Type: COS based Table: 0 Profile: 4 Scale Profile: 0 Curves: 3
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
28 OL-26077-02
Configuring Access Node Control Protocol
ANCP and QoS Interaction: ExampleDefault RED Curve Thresholds Min : 8 kbytes Max: 8 kbytes
WRED Curve: 1 Thresholds Min : 8 kbytes Max: 8kbytes
Match: 3
WRED Curve: 2 Thresholds Min : 8 kbytes Max: 8 kbytes
Match: 4
---------------------------------------------------------------------------------
Level: 1 Policy: child-3play Class: 3-play-premium
Parent Policy: parent-3play-subscriber-line Class: class-default
QueueID: 10 (Priority Normal)
Queue Limit: 24 kbytes Profile: 1 Scale Profile: 8
WFQ Profile: 4 Committed Weight: 100 Excess Weight: 100
Bandwidth: 1920 kbps, BW sum for Level 1: 1920 kbps, Excess Ratio: 1
---------------------------------------------------------------------------------
Level: 1 Policy: child-3play Class: class-default
Parent Policy: parent-3play-subscriber-line Class: class-default
QueueID: 11 (Priority Normal)
Queue Limit: 8 kbytes Profile: 1 Scale Profile: 0
WFQ Profile: 5 Committed Weight: 1 Excess Weight: 1
Bandwidth: 0 kbps, BW sum for Level 1: 1920 kbps, Excess Ratio: 1
---------------------------------------------------------------------------------
QoS Policy Inconsistency on an Interface: Example
A valid QoS policy with absolute or percentage values must satisfy the following requirement:
interface speed > ANCP rate > QoS parent shaper rate
A Qos policy successfully applied to an interface can become invalid due to two possible external factors.
These two factors are an ANCP rate change or a port speed change:
ANCP Rate ChangeIf the ANCP rate falls, or the ANCP rate adjustment factor makes the ANCP rate
fall below the shaper rate of the top-most QoS policy map, the QoS policy on the interface becomes
invalid.
Port Speed ChangeThe port of a GigabitEthernet interface can be configured to 10 Mbps or 100 Mbps
mode from the default of 1000 Mbps. When this happens, the interface speed drops to less than the
ANCP rate and QoS parent shaper rate. The QoS policy on the interface becomes invalid.
When either of these changes occur, the QoS policy on the interface is placed in the inconsistency state. To
recover from the inconsistency state, perform one of the following tasks:
Remove the QoS policy from the interface, adjust the QoS policy values, then reapply the QoS policy
to the interface.
If the ANCP adjustment rate or the ANCP rate has been modified, update the ANCP rate to satisfy the
QoS policy rate requirement.
If port speed has been modified, update the speed to satisfy the QoS policy rate requirement.
Following are examples of the effects of an ANCP rate change and a port speed change have on the following
QoS policy configuration on a Gigabit Ethernet interface:
policy-map child-3play
class 3play-voip
priority level 1
police rate 65 kbps
!
!
class 3play-video
priority level 2
police rate 128 kbps
!
random-detect cos 3 10 ms 100 ms
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 29
Configuring Access Node Control Protocol
QoS Policy Inconsistency on an Interface: Examplerandom-detect cos 4 20 ms 200 ms
!
class 3play-premium
bandwidth percent 100
!
Class class-default
!
end-policy-map
!
policy-map parent-3play-subscriber-line
class class-default
service-policy child-3play
bandwidth 200 mbps
bandwidth remaining percent 100
shape average 800 mbps
!
end-policy-map
!
If the ANCP rate value 999936 kbps, and the ANCP rate factor is 100 percent, the ANCP rate value of 999936
is applied to the interface. This satisfies the requirement:
Interface speed (1000000 kbps) > ANCP rate (999936 kbps) > QoS parent shaper rate (800000 kbps)
This is a successful application of the policy as shown by the following show qos interface command output:
show qos interface gig0/0/0/11.1 output
Wed Mar 18 18:25:20.140 UTC
Interface: GigabitEthernet0_0_0_11.1 output Bandwidth: 1000000 kbps ANCP: 999936 kbps
Policy: parent-3play-subscriber-line Total number of classes: 5
----------------------------------------------------------------------
Level: 0 Policy: parent-3play-subscriber-line Class: class-default
QueueID: N/A
Shape Profile: 1 CIR: 200000 kbps (200 mbps)
CBS: 100352 bytes PIR: 999936 kbps PBS: 12517376 bytes
WFQ Profile: 1 Committed Weight: 51 Excess Weight: 100
Bandwidth: 200000 kbps, BW sum for Level 0: 1000000 kbps, Excess Ratio: 100
----------------------------------------------------------------------
Level: 1 Policy: child-3play Class: 3play-voip
Parent Policy: parent-3play-subscriber-line Class: class-default
QueueID: 136 (Priority 1)
Queue Limit: 16 kbytes Profile: 3 Scale Profile: 0
Policer Profile: 0 (Single)
Conform: 65 kbps (65 kbps) Burst: 1598 bytes (0 Default)
Child Policer Conform: TX
Child Policer Exceed: DROP
Child Policer Violate: DROP
----------------------------------------------------------------------
Level: 1 Policy: child-3play Class: 3play-video
Parent Policy: parent-3play-subscriber-line Class: class-default
QueueID: 137 (Priority 2)
Queue Limit: 8 kbytes (11 Unknown) Profile: 4 Scale Profile: 0
Policer Profile: 24 (Single)
Conform: 128 kbps (128 kbps) Burst: 1598 bytes (0 Default)
Child Policer Conform: TX
Child Policer Exceed: DROP
Child Policer Violate: DROP
WRED Type: COS based Table: 0 Profile: 4 Scale Profile: 0 Curves: 3
Default RED Curve Thresholds Min : 8 kbytes Max: 8 kbytes
WRED Curve: 1 Thresholds Min : 8 kbytes Max: 8 kbytes
Match: 3
WRED Curve: 2 Thresholds Min : 8 kbytes Max: 8 kbytes
Match: 4
----------------------------------------------------------------------
Level: 1 Policy: child-3play Class: 3play-premium
Parent Policy: parent-3play-subscriber-line Class: class-default
QueueID: 138 (Priority Normal)
Queue Limit: 2097 kbytes Profile: 2 Scale Profile: 0
WFQ Profile: 6 Committed Weight: 1020 Excess Weight: 1020
Bandwidth: 200000 kbps, BW sum for Level 1: 200000 kbps, Excess Ratio: 1
----------------------------------------------------------------------
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
30 OL-26077-02
Configuring Access Node Control Protocol
QoS Policy Inconsistency on an Interface: ExampleLevel: 1 Policy: child-3play Class: class-default
Parent Policy: parent-3play-subscriber-line Class: class-default
QueueID: 139 (Priority Normal)
Queue Limit: 65 kbytes Profile: 1 Scale Profile: 3
WFQ Profile: 0 Committed Weight: 1 Excess Weight: 1020
Bandwidth: 0 kbps, BW sum for Level 1: 200000 kbps, Excess Ratio: 1
----------------------------------------------------------------------
ANCP Rate Change
If the ANCP rate falls below the QoS parent shaper rate for example, to 300000 kbps, and the ANCP rate
adjustment factor remains at 100 percent, the ANCP rate is no longer greater than the QoS parent shaper rate
of 800000 kbps. This causes the QoS policy on the interface to be placed in the inconsistency state as shown
by the following show qos interface command output:
show qos interface gig0/0/0/11.1 output
Wed Mar 18 18:21:11.180 UTC
Interface: GigabitEthernet0_0_0_11.1 output Bandwidth: 1000000 kbps ANCP: 299904 kbps
*Inconsistency* : ANCP - Downstream Rate less than Shaper Rate
Policy: parent-3play-subscriber-line Total number of classes: 5
----------------------------------------------------------------------
Level: 0 Policy: parent-3play-subscriber-line Class: class-default
QueueID: N/A
Shape Profile: 2 CIR: 200000 kbps (200 mbps)
CBS: 100352 bytes PIR: 800000 kbps PBS: 10027008 bytes
WFQ Profile: 1 Committed Weight: 51 Excess Weight: 100
Bandwidth: 200000 kbps, BW sum for Level 0: 1000000 kbps, Excess Ratio: 100
----------------------------------------------------------------------
Level: 1 Policy: child-3play Class: 3play-voip
Parent Policy: parent-3play-subscriber-line Class: class-default
QueueID: 136 (Priority 1)
Queue Limit: 16 kbytes Profile: 3 Scale Profile: 0
Policer Profile: 0 (Single)
Conform: 65 kbps (65 kbps) Burst: 1598 bytes (0 Default)
Child Policer Conform: TX
Child Policer Exceed: DROP
Child Policer Violate: DROP
----------------------------------------------------------------------
Level: 1 Policy: child-3play Class: 3play-video
Parent Policy: parent-3play-subscriber-line Class: class-default
QueueID: 137 (Priority 2)
Queue Limit: 8 kbytes (11 Unknown) Profile: 4 Scale Profile: 0
Policer Profile: 24 (Single)
Conform: 128 kbps (128 kbps) Burst: 1598 bytes (0 Default)
Child Policer Conform: TX
Child Policer Exceed: DROP
Child Policer Violate: DROP
WRED Type: COS based Table: 0 Profile: 4 Scale Profile: 0 Curves: 3
Default RED Curve Thresholds Min : 8 kbytes Max: 8 kbytes
WRED Curve: 1 Thresholds Min : 8 kbytes Max: 8 kbytes
Match: 3
WRED Curve: 2 Thresholds Min : 8 kbytes Max: 8 kbytes
Match: 4
----------------------------------------------------------------------
Level: 1 Policy: child-3play Class: 3play-premium
Parent Policy: parent-3play-subscriber-line Class: class-default
QueueID: 138 (Priority Normal)
Queue Limit: 2097 kbytes Profile: 2 Scale Profile: 0
WFQ Profile: 6 Committed Weight: 1020 Excess Weight: 1020
Bandwidth: 200000 kbps, BW sum for Level 1: 200000 kbps, Excess Ratio: 1
----------------------------------------------------------------------
Level: 1 Policy: child-3play Class: class-default
Parent Policy: parent-3play-subscriber-line Class: class-default
QueueID: 139 (Priority Normal)
Queue Limit: 65 kbytes Profile: 1 Scale Profile: 3
WFQ Profile: 0 Committed Weight: 1 Excess Weight: 1020
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 31
Configuring Access Node Control Protocol
QoS Policy Inconsistency on an Interface: ExampleBandwidth: 0 kbps, BW sum for Level 1: 200000 kbps, Excess Ratio: 1
----------------------------------------------------------------------
Once the ANCP rate returns to the configured value, the inconsistency is automatically cleared, which can be
confirmed by issuing the show qos interface command.
If the ANCP rate has been configured to a value less than the shape rate, the inconsistency is not
automatically cleared, and the policy must be modified and reapplied. To prevent this from occurring, be
sure to configure the policy-map shape rate to the minimum value of all ANCP rates for a given service
level.
Note
Port Speed Change
If the port speed is configured to less than the QoS parent shaper rate for example to 100 Mbps (100000 kbps),
the requirement is no longer met since the port speed is no longer greater than the QoS parent shaper rate of
800000 kbps.
RP/0/RSP0/CPU0:ro-node1#conf
RP/0/RSP0/CPU0:ro-node1(config)#int gigabitEthernet 0/0/0/1
RP/0/RSP0/CPU0:ro-node1(config-if)#speed 100
RP/0/RSP0/CPU0:ro-node1(config-if)#commit
LC/0/0/CPU0:Nov 4 05:36:55.041 : qos_ma_ea[197]: %QOS-QOS_EA_MODIFY_FAIL-3-ERROR :
inconsistency detected due to ANCP or Bandwidth modification. Execute show qos inconsistency,
to obtain information. Policy resolution failure
RP/0/RSP0/CPU0:ro-node1(config-if)#end
This causes the QoS policy on the interface to be placed in the inconsistency state as shown by the following
show qos interface command output:
RP/0/RSP0/CPU0:ro-node1#sh qos int gigabitEthernet 0/0/0/1.1 output
Interface: GigabitEthernet0_0_0_1.1 output Bandwidth: 1000000 kbps ANCP: 0 kbps
*Inconsistency* : Port speed modify fails on Policy
Policy: parent-3play-subscriber-line Total number of classes: 5
----------------------------------------------------------------------
Level: 0 Policy: parent-3play-subscriber-line Class: class-default
QueueID: N/A
Shape Profile: 1 CIR: 200000 kbps (200 mbps)
CBS: 100352 bytes PIR: 800000 kbps PBS: 10027008 bytes
WFQ Profile: 1 Committed Weight: 51 Excess Weight: 100
Bandwidth: 200000 kbps, BW sum for Level 0: 1000000 kbps, Excess Ratio: 100
----------------------------------------------------------------------
Level: 1 Policy: child-3play Class: 3play-voip
Parent Policy: parent-3play-subscriber-line Class: class-default
QueueID: 640 (Priority 1)
Queue Limit: 16 kbytes Profile: 3 Scale Profile: 0
Policer Profile: 0 (Single)
Conform: 65 kbps (65 kbps) Burst: 1598 bytes (0 Default)
Child Policer Conform: TX
Child Policer Exceed: DROP
Child Policer Violate: DROP
----------------------------------------------------------------------
Level: 1 Policy: child-3play Class: 3play-video
Parent Policy: parent-3play-subscriber-line Class: class-default
QueueID: 641 (Priority 2)
Queue Limit: 8 kbytes Profile: 4 Scale Profile: 0
Policer Profile: 24 (Single)
Conform: 128 kbps (128 kbps) Burst: 1598 bytes (0 Default)
Child Policer Conform: TX
Child Policer Exceed: DROP
Child Policer Violate: DROP
WRED Type: COS based Table: 2 Profile: 4 Scale Profile: 0 Curves: 3
Default RED Curve Thresholds Min : 8 kbytes Max: 8 kbytes
WRED Curve: 1 Thresholds Min : 8 kbytes Max: 8 kbytes
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
32 OL-26077-02
Configuring Access Node Control Protocol
QoS Policy Inconsistency on an Interface: ExampleMatch: 3
WRED Curve: 2 Thresholds Min : 8 kbytes Max: 8 kbytes
Match: 4
----------------------------------------------------------------------
Level: 1 Policy: child-3play Class: 3play-premium
Parent Policy: parent-3play-subscriber-line Class: class-default
QueueID: 642 (Priority Normal)
Queue Limit: 4194 kbytes Profile: 2 Scale Profile: 1
WFQ Profile: 3 Committed Weight: 1020 Excess Weight: 1020
Bandwidth: 200000 kbps, BW sum for Level 1: 200000 kbps, Excess Ratio: 1
----------------------------------------------------------------------
Level: 1 Policy: child-3play Class: class-default
Parent Policy: parent-3play-subscriber-line Class: class-default
QueueID: 643 (Priority Normal)
Queue Limit: 4194 kbytes Profile: 2 Scale Profile: 1
WFQ Profile: 4 Committed Weight: 1 Excess Weight: 1
Bandwidth: 0 kbps, BW sum for Level 1: 200000 kbps, Excess Ratio: 1
----------------------------------------------------------------------
To resolve this issue, the port speed must be set back to 1000 Mbps (1000000 kbps) using the no speed
command.
RP/0/RSP0/CPU0:ro-node1#conf
RP/0/RSP0/CPU0:ro-node1(config)#int gigabitEthernet 0/0/0/1
RP/0/RSP0/CPU0:ro-node1(config-if)#no speed
RP/0/RSP0/CPU0:ro-node1(config-if)#commit
LC/0/0/CPU0:Nov 4 05:37:39.171 : ifmgr[144]: %PKT_INFRA-LINEPROTO-5-UPDOWN : Line protocol
on Interface GigabitEthernet0/0/0/1, changed state to Up
The clearing of the inconsistency can be verified by again issuing the show qos interface command.
The show qos inconsistency Command: Example
A command related to show qosinterface command provides additional detail about QoS policy inconsistency:
RP/0/RSP0/CPU0:RO2#show qos inconsistency detail 0 location 0/7/CPU0
Interface Lists with QoS Inconsistency Warning:
=========================================================
Node 0/7/CPU0
---------------------------------------------------------
Interfaces with QoS Inconsistency: ANCP - No Shaper at top policymap
==========================================================================
Interface Direction Policy Name SPI Name
--------------------------------------------------------------------------
GigabitEthernet0/7/0/1.5 output parent-none
Interfaces with QoS Inconsistency: ANCP - Downstream Rate less than Shaper Rate
==========================================================================
Interface Direction Policy Name SPI Name
--------------------------------------------------------------------------
GigabitEthernet0/7/0/1 output parent SPI1
GigabitEthernet0/7/0/1.2 output parent
GigabitEthernet0/7/0/1 output normal-policy-name normal-spi-name
RP/0/RSP0/CPU0:RO2#
RP/0/RSP0/CPU0:RO2#show qos inconsistency summary location 0/7/CPU0
Summary Counts of QoS Inconsistency Warnings:
=========================================================
Node 0/7/CPU0
Inconsistency Warning Type Count
--------------------------------------------------------
ANCP - No Shaper at top policymap: 1
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 33
Configuring Access Node Control Protocol
QoS Policy Inconsistency on an Interface: ExampleANCP - Downstream Rate less than Shaper Rate: 4
RP/0/RSP0/CPU0:RO2#
Additional References
The following sections provide references related to implementing ANCP.
Related Documents
Related Topic Document Title
Cisco ASR 9000 Series Aggregation Services Router Getting
Started Guide
Initial system bootup and configuration
Cisco ASR 9000 Series Aggregation Services Router Master
Command Listing
Master command reference
Cisco ASR 9000 Series Aggregation Services Router
Modular Quality of Service Command Reference
QoS commands
Configuring AAA Services on Cisco ASR 9000 Series
Router module of Cisco Cisco ASR 9000 Series
Aggregation Services Router System Security Configuration
Guide
User groups and task IDs
Standards
Standards Title
No new or modified standards are supported by
this feature, and support for existing standards
has not been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the following
URL and choose a platform under the Cisco Access
Products menu: http://cisco.com/public/sw-center/netmgmt/
cmtk/mibs.shtml
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
34 OL-26077-02
Configuring Access Node Control Protocol
Additional ReferencesRFCs
RFCs Title
No new or modified RFCs are supported by this
feature, and support for existing RFCs has not
been modified by this feature.
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical
content, including links to products,
technologies,solutions, technical tips, and tools.
Registered Cisco.com users can log in from this
page to access even more content.
Configuring Access Node Control Protocol
Access Node Control Protocol (ANCP) creates a control plane between a service-oriented aggregation device
and an access node (AN) (for example, a DSLAM) in order to perform QoS-related, service-related, and
subscriber-related operations. An ANCP server accepts and maintains ANCP adjacencies (sessions with an
ANCP neighbor), and sending and receiving ANCP messages. ANCP allows static mapping between ANCP
ports and VLAN subinterfaces so that DSL rate updates for a specific subscriber received by the ANCP server
are applied to the QoS configuration corresponding to that subscriber. DSL train rates received via ANCP are
used to alter shaping rates on subscriber-facing interfaces and subinterfaces on the router. ANCP runs as a
single process on the route processor (RP).
This module provides the conceptual and configuration information for implementing ANCP.
Line Card, SIP, and SPA Support
Feature ASR 9000 Ethernet Line Cards SIP 700 for the ASR 9000
Access Node Control Protocol yes no
Feature History for Configuring Access Node Protocol on Cisco ASR 9000 Series Routers
Release Modification
Release 3.7.2 The Access Node Control Protocol feature was introduced.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 35
Configuring Access Node Control Protocol
RFCsRelease 3.9.0 Mapping of ANCP portsto VLAN interfaces over Ethernet bundles was added.
Release 4.0.0 ANCP over Multi Chassis Link Aggregation was introduced.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
36 OL-26077-02
Configuring Access Node Control Protocol
Configuring Access Node Control ProtocolC H A P T E R 3
Configuring Modular QoS Congestion Avoidance
Congestion avoidance techniques monitor traffic flow in an effort to anticipate and avoid congestion at
common network bottlenecks. Avoidance techniques are implemented before congestion occurs as compared
with congestion management techniques that control congestion after it has occurred.
Congestion avoidance is achieved through packet dropping. Cisco IOS XR software supports the following
quality of service (QoS) congestion avoidance techniques that drop packets:
Random early detection (RED
Weighted random early detection (WRED)
Tail drop
The module describes the concepts and tasks related to these congestion avoidance techniques.
Line Card, SIP, and SPA Support
Feature ASR 9000 Ethernet Line Cards SIP 700 for the ASR 9000
Random Early Detection yes yes
Weighted Random Early Detection yes yes
Tail Drop yes yes
Feature History for Configuring Modular QoS Congestion Avoidance on Cisco ASR 9000 Series Routers
Release Modification
The Congestion Avoidance feature was introduced on ASR 9000 Ethernet
Line Cards.
The Random Early Detection, Weighted Random Early Detection, and Tail
Drop features were introduced on ASR 9000 Ethernet Line Cards.
Release 3.7.2
The Random Early Detection, Weighted Random Early Detection, and Tail
Drop features were supported on the SIP 700 for the ASR 9000.
Release 3.9.0
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 37 Prerequisites for Configuring Modular QoS Congestion Avoidance, page 38
Information About Configuring Modular QoS Congestion Avoidance, page 38
Additional References, page 51
Prerequisites for Configuring Modular QoS Congestion
Avoidance
The following prerequisite is required for configuring QoS congestion avoidance on your network:
You must be in a user group associated with a task group that includes the proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment is
preventing you from using a command, contact your AAA administrator for assistance.
Information About Configuring Modular QoS Congestion
Avoidance
To configure QoS congestion avoidance techniques in this document you must understand the following
concepts:
Random Early Detection and TCP
The RED congestion avoidance technique takes advantage of the congestion control mechanism of TCP. By
randomly dropping packets prior to periods of high congestion, RED tells the packet source to decrease its
transmission rate. Assuming the packet source is using TCP, it decreases its transmission rate until all packets
reach their destination, indicating that the congestion is cleared. You can use RED as a way to cause TCP to
slow transmission of packets. TCP not only pauses, but it also restarts quickly and adapts its transmission rate
to the rate that the network can support.
RED distributes losses in time and maintains normally low queue depth while absorbing traffic bursts. When
enabled on an interface, RED begins dropping packets when congestion occurs at a rate you select during
configuration.
Queue-limit for WRED
Queue-limit is used to fine-tune the number of buffers available for each queue. It can only be used on a
queuing class. Default queue limit is 100 ms of the service rate for the given queue. The service rate is the
sum of minimum guaranteed bandwidth and bandwidth remaining assigned to a given class either implicitly
or explicitly.
The queue-limit is rounded up to one of the following values: 8 KB, 16 KB, 24 KB, 32 KB, 48 KB, 64 KB,
96 KB, 128 KB, 192 KB, 256 KB, 384 KB, 512 KB, 768 KB, 1024 KB, 1536 KB, 2048 KB, 3072 KB, 4196
KB, 8192 KB, 16394 KB, 32768 KB, 65536 KB, 131072 KB, or 262144 KB.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
38 OL-26077-02
Configuring Modular QoS Congestion Avoidance
Prerequisites for Configuring Modular QoS Congestion AvoidanceTail Drop and the FIFO Queue
Tail drop is a congestion avoidance technique that drops packets when an output queue is full until congestion
is eliminated. Tail drop treats all traffic flow equally and does not differentiate between classes of service. It
manages the packets that are unclassified, placed into a first-in, first-out (FIFO) queue, and forwarded at a
rate determined by the available underlying link bandwidth.
See the Default Traffic Class section of the Configuring Modular Quality of Service Packet Classification
and Marking on Cisco ASR 9000 Series Routers
Configuring Random Early Detection
This configuration task issimilar to that used for WRED except that the random-detect precedence command
is not configured and the random-detect command with the default keyword must be used to enable RED.
Restrictions
If you configure the random-detect default command on any classincluding class-default, you must configure
one of the following commands:
shape average
bandwidth
bandwidth remaining
SUMMARY STEPS
1. configure
2. policy-map policy-map-name
3. class class-name
4. random-detect {cos value | default | discard-class value | dscp value | exp value | precedence value |
min-threshold [units] max-threshold [units] }
5. bandwidth {bandwidth [units] | percent value} or bandwidth remaining [percent value | ratio ratio-value
6. shape average {percent percentage | value [units]}
7. exit
8. exit
9. interface type interface-path-id
10. service-policy {input | output} policy-map
11. Use one of these commands:
end
commit
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 39
Configuring Modular QoS Congestion Avoidance
Tail Drop and the FIFO QueueDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 policy-map policy-map-name Enters policy map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# policy-map
policy1
Creates or modifies a policy map that can be attached to
one or more interfaces to specify a service policy.
Step 3 class class-name Enters policy map class configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap)# class
class1
Specifies the name of the class whose policy you want to
create or change.
random-detect {cos value | default | discard-class Enables RED with default minimum and maximum thresholds.
value | dscp value | exp value | precedence value |
min-threshold [units] max-threshold [units] }
Step 4
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
random-detect default
(Optional) Specifiesthe bandwidth allocated for a class belonging
to a policy map.
bandwidth {bandwidth [units] | percent value} or
bandwidth remaining [percent value | ratio
ratio-value
Step 5
or
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
bandwidth percent 30
(Optional) Specifies how to allocate leftover bandwidth to various
classes.
Note One of these configurations is required for a
or non-default class.
RP/0/RSP0/CPU0:router(config-pmap-c)#
bandwidth remaining percent 20
(Optional) Shapes traffic to the specified bit rate or a percentage
of the available bandwidth.
shape average {percent percentage | value [units]}
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# shape
average percent 50
Step 6
exit Returns the router to policy map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# exit
Step 7
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
40 OL-26077-02
Configuring Modular QoS Congestion Avoidance
Configuring Random Early DetectionCommand or Action Purpose
exit Returns the router to global configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap)# exit
Step 8
interface type interface-path-id Enters configuration mode and configures an interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface
TenGigE 0/2/0/0
Step 9
Attaches a policy map to an input or output interface to be used
as the service policy for that interface.
service-policy {input | output} policy-map
Example:
RP/0/RSP0/CPU0:router(config-if)#
service-policy output policy1
Step 10
In this example, the traffic policy evaluates all traffic leaving
that interface.
Step 11 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
? Entering yes saves configuration changes to the
running configuration file, exits the configuration
session, and returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-if)# commit
? Entering no exitsthe configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing
the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 41
Configuring Modular QoS Congestion Avoidance
Configuring Random Early DetectionConfiguring Random Early Detection
SUMMARY STEPS
1.
2. policy-map policy-name
3. class class-name
4. random-detect {cos value | default | discard-class value | dscp value | exp value | precedence value |
min-threshold [units] max-threshold [units] }
5. random-detect {discard-class value | dscp value | exp value | precedence value | min-threshold [units]
max-threshold [units] }
6. bandwidth {bandwidth [units] | percent value}
7. bandwidth remaining percent value
8. shape average {percent percentage | value [units]}
9. exit
10. exit
11. interface type interface-path-id
12. end or commit
DETAILED STEPS
Command or Action Purpose
Enters global configuration mode.
Example:
RP/0//CPU0:router# configure
Step 1
Step 2 policy-map policy-name Enters policy map configuration mode.
Example:
RP/0//CPU0:router(config)# policy-map policy1
Creates or modifies a policy map that can be attached to
one or more interfaces to specify a service policy.
Step 3 class class-name Enters policy map class configuration mode.
Example:
RP/0//CPU0:router(config-pmap)# class class1
Specifies the name of the class whose policy you want to
create or change.
random-detect {cos value | default | discard-class Enables RED with minimum and maximum thresholds.
value | dscp value | exp value | precedence value |
min-threshold [units] max-threshold [units] }
Step 4
Example:
RP/0/RP0/CPU0:router(config-pmap-c)#
random-detect default
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
42 OL-26077-02
Configuring Modular QoS Congestion Avoidance
Configuring Random Early DetectionCommand or Action Purpose
random-detect {discard-class value | dscp value | Enables RED with default minimum and maximum thresholds.
exp value | precedence value | min-threshold [units]
max-threshold [units] }
Step 5
Example:
RP/0/0/CPU0:router(config-pmap-c)#
random-detect 1000000 2000000
(Optional) Specifiesthe bandwidth allocated for a class belonging
to a policy map.
bandwidth {bandwidth [units] | percent value}
Example:
RP/0//CPU0:router(config-pmap-c)# bandwidth
percent 30
Step 6
(Optional) Specifies how to allocate leftover bandwidth to
various classes.
bandwidth remaining percent value
Example:
RP/0//CPU0:router(config-pmap-c)# bandwidth
remaining percent 20
Step 7
(Optional) Shapes traffic to the specified bit rate or a percentage
of the available bandwidth.
shape average {percent percentage | value [units]}
Example:
RP/0//CPU0:router(config-pmap-c)# shape
average percent 50
Step 8
exit Returns the router to policy map configuration mode.
Example:
RP/0//CPU0:router(config-pmap-c)# exit
Step 9
exit Returns the router to global configuration mode.
Example:
RP/0//CPU0:router(config-pmap)# exit
Step 10
Step 11 interface type interface-path-id Enters configuration mode and configures an interface.
Example:
RP/0//CPU0:router(config)# interface pos
0/2/0/0
Attaches a policy map to an input or output interface to be used
as the service policy for that interface.
In this example, the traffic policy evaluates all traffic
leaving that interface.
Example:
RP/0//CPU0:router(config-if)# service-policy
output policy1
Step 12 end or commit Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 43
Configuring Modular QoS Congestion Avoidance
Configuring Random Early DetectionCommand or Action Purpose
Example:
RP/0//CPU0:router(config-cmap)# end
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)? [cancel]:
or
RP/0//CPU0:router(config-cmap)# commit
Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration
changesto the running configuration file and remain within
the configuration session.
Configuring Weighted Random Early Detection
WRED drops packets selectively based on any specified criteria, such as CoS, DSCP, EXP, discard-class, or
precedence . WRED uses these matching criteria to determine how to treat different types of traffic.
Configure WRED using the random-detect command and different CoS, DSCP, EXP, and discard-class
values. The value can be range or a list of values that are valid for that field. You can also use minimum and
maximum queue thresholds to determine the dropping point.
When a packet arrives, the following actions occur:
If the queue size is less than the minimum queue threshold, the arriving packet is queued.
If the queue size is between the minimum queue threshold for that type of traffic and the maximum
threshold for the interface, the packet is either dropped or queued, depending on the packet drop
probability for that type of traffic.
If the queue size is greater than the maximum threshold, the packet is dropped.
Restrictions
When configuring the random-detect dscp command, you must configure one of the following commands:
shape average, bandwidth, and bandwidth remaining.
Only two minimum and maximum thresholds (each with different match criteria) can be configured per class.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
44 OL-26077-02
Configuring Modular QoS Congestion Avoidance
Configuring Weighted Random Early DetectionSUMMARY STEPS
1. configure
2. policy-map policy-name
3. class class-name
4. random-detect dscp dscp-value min-threshold [units] max-threshold [units]
5. bandwidth {bandwidth [units] | percent value} or bandwidth remaining [percent value | ratio
ratio-value]
6. bandwidth {bandwidth [units] | percent value}
7. bandwidth remaining percent value
8. shape average {percent percentage | value [units]}
9. queue-limit value [units] RP/0/RSP0/CPU0:router(config-pmap-c)# queue-limit 50 ms
10. exit
11. interface type inteface-path-id
12. service-policy {input | output} policy-map
13. end or commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 policy-map policy-name Enters policy map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)#
policy-map policy1
Creates or modifies a policy map that can be attached to one or
more interfaces to specify a service policy.
Step 3 class class-name Enters policy map class configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap)#
class class1
Specifies the name of the class whose policy you want to create or
change.
Changes the minimum and maximum packet thresholds for the DSCP
value.
random-detect dscp dscp-value min-threshold
[units] max-threshold [units]
Step 4
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
Enables WRED.
dscp-valueNumber from 0 to 63 that sets the DSCP value.
Reserved keywords can be specified instead of numeric values.
random-detect dscp af11 1000000 bytes
2000000 bytes
min-thresholdMinimum threshold in the specified units. When
the average queue length reaches the minimum threshold, WRED
randomly drops some packets with the specified DSCP value.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 45
Configuring Modular QoS Congestion Avoidance
Configuring Weighted Random Early DetectionCommand or Action Purpose
max-thresholdMaximum threshold in the specified units. When
the average queue length exceeds the maximum threshold, WRED
drops all packets with the specified DSCP value.
unitsUnits of the threshold value. This can be bytes, gbytes,
kbytes, mbytes, ms(milliseconds), packets, or us(microseconds).
The default is packets.
This example shows that for packets with DSCP AF11, the WRED
minimum threshold is 1,000,000 bytes and maximum threshold is
2,000,000 bytes.
(Optional) Specifies the bandwidth allocated for a class belonging to a
policy map.
bandwidth {bandwidth [units] | percent value}
or bandwidth remaining [percent value |
ratio ratio-value]
Step 5
or
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
bandwidth percent 30
(Optional) Specifies how to allocate leftover bandwidth to various classes.
Note One of these configurations is required for a
non-default class.
or
RP/0/RSP0/CPU0:router(config-pmap-c)#
bandwidth remaining percent 20
(Optional) Specifies the bandwidth allocated for a class belonging to a
policy map.
bandwidth {bandwidth [units] | percent value}
Example:
RP/0//CPU0:router(config-pmap-c)#
bandwidth percent 30
Step 6
This example guarantees 30 percent of the interface bandwidth to
class class1.
Step 7 bandwidth remaining percent value (Optional) Specifies how to allocate leftover bandwidth to various classes.
Example:
RP/0//CPU0:router(config-pmap-c)#
bandwidth remaining percent 20
The remaining bandwidth of 70 percent is shared by all configured
classes.
In this example, class class1 receives 20 percent of the 70 percent.
(Optional) Shapes traffic to the specified bit rate or a percentage of the
available bandwidth.
shape average {percent percentage | value
[units]}
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
shape average percent 50
Step 8
(Optional) Changes queue-limit to fine-tune the amount of buffers
available for each queue. The default queue-limit is 100 ms of the service
rate for a given queue class.
queue-limit value [units]
RP/0/RSP0/CPU0:router(config-pmap-c)#
queue-limit 50 ms
Step 9
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
46 OL-26077-02
Configuring Modular QoS Congestion Avoidance
Configuring Weighted Random Early DetectionCommand or Action Purpose
exit Returns the router to global configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap)# exit
Step 10
interface type inteface-path-id Enters configuration mode and configures an interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface
gigabitethernet 0/2/0/0
Step 11
Attaches a policy map to an input or output interface to be used as the
service policy for that interface.
service-policy {input | output} policy-map
Example:
RP/0/RSP0/CPU0:router(config-if)#
service-policy output policy1
Step 12
In this example, the traffic policy evaluates all traffic leaving that
interface.
Ingress policies are not valid; the bandwidth and bandwidth
remaining commands cannot be applied to ingress policies.
Step 13 end or commit Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-cmap)# end
When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)? [cancel]:
or
RP/0/RSP0/CPU0:router(config-cmap)#
commit
Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the
router to EXEC mode.
Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
Entering cancel leavesthe router in the current configuration session
without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Configuring Tail Drop
Packets satisfying the match criteria for a class accumulate in the queue reserved for the class until they are
serviced. The queue-limit command is used to define the maximum threshold for a class. When the maximum
threshold is reached, enqueued packets to the class queue result in tail drop (packet drop).
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 47
Configuring Modular QoS Congestion Avoidance
Configuring Tail DropThe queue-limit value uses the guaranteed service rate (GSR) of the queue as the reference value for the
queue_bandwidth. If the class has bandwidth percent associated with it, the queue-limit isset to a proportion
of the bandwidth reserved for that class.
If the GSR for a queue is zero, use the following to compute the default queue-limit:
1 percent of the interface bandwidth for queues in a nonhierarchical policy.
1 percent of minimum parent shape and interface rate for queues within a hierarchical policy.
default queue limit (in packets) = (200 ms * (queue bandwidth or shaper rate) / 8) / average packet size, which
is 250 bytes
The default queue-limit is set to bytes of 100 ms of queue bandwidth. The following formula is used to
calculate the default queue limit (in bytes):??bytes = (100 ms / 1000 ms) * queue_bandwidth kbps)) / 8
Note
Restrictions
When configuring the queue-limit command in a class, you must configure one of the following
commands: priority, shape average, bandwidth, or bandwidth remaining, except for the default
class.
SUMMARY STEPS
1. configure
2. policy-map policy-name
3. class class-name
4. queue-limit value [units]
5. class class-name
6. bandwidth {bandwidth [units] | percent value}
7. bandwidth remaining percent value
8. exit
9. exit
10. interface type interface-path-id
11. service-policy {input | output} policy-map
12. Use one of these commands:
end
commit
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
48 OL-26077-02
Configuring Modular QoS Congestion Avoidance
Configuring Tail DropDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 policy-map policy-name Enters policy map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# policy-map
policy1
Creates or modifies a policy map that can be attached to one or
more interfaces to specify a service policy.
Step 3 class class-name Enters policy map class configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap)# class
class1
Specifies the name of the class whose policy you want to create
or change.
Specifies or modifies the maximum the queue can hold for a class
policy configured in a policy map. The default value of the units
argument is packets.
queue-limit value [units]
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
queue-limit 1000000 bytes
Step 4
In this example, when the queue limit reaches 1,000,000 bytes,
enqueued packets to the class queue are dropped.
Example:
RP/0//CPU0:router(config-pmap-c)#
priority level 1
Specifies priority to a class of traffic belonging to a policy map.
Configures traffic policing.
Example:
RP/0//CPU0:router(config-pmap-c)# police
rate percent 30
Specifies the name of the class whose policy you want to create or
change.
class class-name
Example:
RP/0/RSP0/CPU0:router(config-pmap)# class
class2
Step 5
In this example, class2 is configured.
(Optional) Specifies the bandwidth allocated for a class belonging to
a policy map.
bandwidth {bandwidth [units] | percent value}
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
bandwidth percent 30
Step 6
This example guarantees 30 percent of the interface bandwidth
to class class2.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 49
Configuring Modular QoS Congestion Avoidance
Configuring Tail DropCommand or Action Purpose
(Optional) Specifies how to allocate leftover bandwidth to various
classes.
bandwidth remaining percent value
Example:
RP/0//CPU0:router(config-pmap-c)#
bandwidth remaining percent 20
Step 7
This example allocates 20 percent of the leftover interface
bandwidth to class class2.
exit Returns the router to policy map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
exit
Step 8
exit Returns the router to global configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap)# exit
Step 9
interface type interface-path-id Enters configuration mode, and configures an interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface
pos 0/2/0/0
Step 10
Attaches a policy map to an input or output interface to be used as
the service policy for that interface.
service-policy {input | output} policy-map
Example:
RP/0/RSP0/CPU0:router(config-if)#
service-policy output policy1
Step 11
In this example, the traffic policy evaluates all traffic leaving
that interface.
Step 12 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exitsthe configuration session and returnsthe
router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
50 OL-26077-02
Configuring Modular QoS Congestion Avoidance
Configuring Tail DropCommand or Action Purpose
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Additional References
The following sections provide references related to implementing QoS congestion avoidance.
Related Documents
Related Topic Document Title
Cisco ASR 9000 Series Aggregation Services Router Getting
Started Guide
Initial system bootup and configuration
Cisco ASR 9000 Series Aggregation Services Router Master
Command Listing
Master command reference
Cisco ASR 9000 Series Aggregation Services Router
Modular Quality of Service Command Reference
QoS commands
Configuring AAA Services on Cisco ASR 9000 Series
Router module of Cisco Cisco ASR 9000 Series
Aggregation Services Router System Security Configuration
Guide
User groups and task IDs
Standards
Standards Title
No new or modified standards are supported by
this feature, and support for existing standards
has not been modified by this feature.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 51
Configuring Modular QoS Congestion Avoidance
Additional ReferencesMIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the following
URL and choose a platform under the Cisco Access
Products menu: http://cisco.com/public/sw-center/netmgmt/
cmtk/mibs.shtml
RFCs
RFCs Title
No new or modified RFCs are supported by this
feature, and support for existing RFCs has not
been modified by this feature.
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical
content, including links to products,
technologies,solutions, technical tips, and tools.
Registered Cisco.com users can log in from this
page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
52 OL-26077-02
Configuring Modular QoS Congestion Avoidance
MIBsC H A P T E R 4
Configuring Modular QoS Congestion
Management
Congestion management controls congestion after it has occurred on a network. Congestion is managed on
Cisco IOS XR software by using packet queueing methods and by shaping the packet flow through use of
traffic regulation mechanisms.
The types of traffic regulation mechanisms supported are:
Traffic shaping:
? Modified Deficit Round Robin (MDRR)
? Low-latency queueing (LLQ) with strict priority queueing (PQ)
Traffic policing:
? Color blind
? Color-aware (ingress direction)
Line Card, SIP, and SPA Support
The following table lists the features that are supported on the ASR 9000 Ethernet Line Cards and SIP 700
for the ASR 9000.
Feature ASR 9000 Ethernet Line Cards SIP 700 for the ASR 9000
Congestion Management Using DEI no yes
Guaranteed and Remaining yes yes
Bandwidth
Low-Latency Queueing with Strict yes yes
Priority Queueing
Traffic Policing yes yes
Traffic Shaping yes yes
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 53Feature History for Configuring Modular QoS Congestion Management on Cisco ASR 9000 Series Router
Release Modification
The Congestion Avoidance feature was introduced on ASR 9000 Ethernet
Line Cards..
The Guaranteed and Remaining Bandwidth, Low-Latency Queueing with Strict
Priority Queueing, Traffic Policing, and Traffic Shaping features were
introduced on ASR 9000 Ethernet Line Cards.
Release 3.7.2
The Guaranteed and Remaining Bandwidth, Low-Latency Queueing with Strict
Priority Queueing, Traffic Policing, and Traffic Shaping features were
supported on the SIP 700 for the ASR 9000.
Release 3.9.0
The Congestion Management Using DEI feature wasintroduced on ASR 9000
Ethernet Line Cards.
Release 4.0.0
The police rate command was updated to include packet-based specifications
of policing rates and burst sizes.
Release 4.0.1
The 2-rate 3-color policer feature was added, including the conform-color
and exceed-color commands. This feature is applicable to the SIP 700 line
cards, ingress side.
Release 4.1.0
Release 4.2.1 The Configured Accounting and QoS for IPv6ACLs features were added.
Prerequisites for Configuring QoS Congestion Management, page 54
Information about Configuring Congestion Management, page 55
How to Configure QoS Congestion Management, page 66
Configuration Examples for configuring congestion management, page 89
Additional References, page 92
Prerequisites for Configuring QoS Congestion Management
The following prerequisites are required for configuring QoS congestion management on your network:
You must be in a user group associated with a task group that includesthe proper task IDs. The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
You must be familiar with Cisco IOS XR QoS configuration tasks and concepts.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
54 OL-26077-02
Configuring Modular QoS Congestion Management
Prerequisites for Configuring QoS Congestion ManagementInformation about Configuring Congestion Management
To configure congestion management, you need to understand the following concepts:
Congestion Management Overview
Congestion management features allow you to control congestion by determining the order in which a traffic
flow (or packets) is sent out an interface based on priorities assigned to packets. Congestion management
entails the creation of queues, assignment of packets to those queues based on the classification of the packet,
and scheduling of the packets in a queue for transmission. The congestion management features in
Cisco IOS XR software allow you to specify creation of a different number of queues, affording greater or
lesser degree of differentiation of traffic, and to specify the order in which that traffic is sent.
During periods with light traffic flow, that is, when no congestion exists, packets are sent out the interface as
soon as they arrive. During periods of transmit congestion at the outgoing interface, packets arrive faster than
the interface can send them. If you use congestion management features, packets accumulating at an interface
are queued until the interface is free to send them; they are then scheduled for transmission according to their
assigned priority and the queueing method configured for the interface. The router determines the order of
packet transmission by controlling which packets are placed in which queue and how queues are serviced
with respect to each other.
In addition to queueing methods, QoS congestion management mechanisms, such as policers and shapers,
are needed to ensure that a packet adheres to a contract and service. Both policing and shaping mechanisms
use the traffic descriptor for a packet.
Policers and shapers usually identify traffic descriptor violations in an identical manner through the token
bucket mechanism, but they differ in the way they respond to violations. A policer typically dropstraffic flow;
whereas, a shaper delays excess traffic flow using a buffer, or queueing mechanism, to hold the traffic for
transmission at a later time.
Traffic shaping and policing can work in tandem. For example, a good traffic shaping scheme should make
it easy for nodes inside the network to detect abnormal flows.
Modified Deficit Round Robin
MDRR is a class-based composite scheduling mechanism that allowsfor queueing of up to eight traffic classes.
It operates in the same manner as class-based weighted fair queueing (CBWFQ) and allows definition of
traffic classes based on customer match criteria (such as access lists); however, MDRR does not use the
weighted fair queueing algorithm.
When MDRR is configured in the queueing strategy, nonempty queues are served one after the other. Each
time a queue is served, a fixed amount of data is dequeued. The algorithm then services the next queue. When
a queue is served, MDDR keeps track of the number of bytes of data that were dequeued in excess of the
configured value. In the next pass, when the queue is served again, less data is dequeued to compensate for
the excess data that was served previously. As a result, the average amount of data dequeued per queue is
close to the configured value. In addition, MDRR allows for a strict priority queue for delay-sensitive traffic.
Each queue within MDRR is defined by two variables:
Quantum valueAverage number of bytes served in each round.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 55
Configuring Modular QoS Congestion Management
Information about Configuring Congestion Management Deficit counterNumber of bytes a queue has sent in each round. The counter is initialized to the
quantum value.
Packets in a queue are served as long as the deficit counter is greater than zero. Each packet served decreases
the deficit counter by a value equal to its length in bytes. A queue can no longer be served after the deficit
counter becomes zero or negative. In each new round, the deficit counter for each nonempty queue is
incremented by its quantum value.
Low-Latency Queueing with Strict Priority Queueing
The LLQ feature bringsstrict priority queueing (PQ) to the MDRR scheduling mechanism. PQ in strict priority
mode ensures that one type of traffic is sent, possibly at the expense of all others. For PQ, a low-priority queue
can be detrimentally affected, and, in the worst case, never allowed to send its packets if a limited amount of
bandwidth is available or the transmission rate of critical traffic is high.
Strict PQ allows delay-sensitive data, such as voice, to be dequeued and sent before packets in other queues
are dequeued.
LLQ enables the use of a single, strict priority queue within MDRR at the class level, allowing you to direct
traffic belonging to a class. To rank class traffic to the strict priority queue, you specify the named class within
a policy map and then configure the priority command for the class. (Classes to which the priority command
is applied are considered priority classes.) Within a policy map, you can give one or more classes priority
status. When multiple classes within a single policy map are configured as priority classes, all traffic from
these classes is enqueued to the same, single, strict priority queue.
Through use of the priority command, you can assign a strict PQ to any of the valid match criteria used to
specify traffic. These methods of specifying traffic for a class include matching on access lists, protocols, IP
precedence, and IP differentiated service code point (DSCP) values. Moreover, within an access list you can
specify that traffic matches are allowed based on the DSCP value that is set using the first six bits of the IP
type of service (ToS) byte in the IP header.
Configured Accounting
Configured Accounting controls the overhead (packet length) for policing and shaping. The account option
can be specified with a service-policy when applying a policy to an interface. For bundle interfaces, the
configured accounting option is applied to all member interfaces.
The configured accounting option is available on ingress and egress policing, queuing and statistics for
CRS-MSC-140G. In CRS-MSC-40G, the configured accounting option is not available for queuing.
Prerequisites and Restrictions
Allows packet size accounting tuning to match the QoS treatment provided at the connected interface.
Supported on ASR 9000 Ethernet Linecards and Enhanced Ethernet Linecards.
Supported accounting values are, from -48 to +48.
Ingress shaping accounting is not supported (Ingress and egress policing accounting and egress shaping
accounting are supported).
Dynamic changing of accounting overhead after application on policy is not supported
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
56 OL-26077-02
Configuring Modular QoS Congestion Management
Low-Latency Queueing with Strict Priority QueueingQoS for IPv6 ACLs
The Modular Weapon-X line cards support classification of IPv6 properties based on Source IP, Destination
IP, Source Port, Destination Port, Protocol, TOS, Hop Limit, and ACL-based classification.
The supported interfaces are indicated below.
Supported Interface Ethernet Linecard Enhanced Ethernet Linecard
L3 main interface yes yes
L3 sub-interface yes yes
L3 bundle-interface/ sub-interface yes yes
L2 main interface no yes
L2 sub-interface no yes
L2 bundle-interface/ sub-interface no yes
Traffic Shaping
Traffic shaping allows you to control the traffic flow exiting an interface to match itstransmission to the speed
of the remote target interface and ensure that the traffic conforms to policies contracted for it. Traffic adhering
to a particular profile can be shaped to meet downstream requirements, thereby eliminating bottlenecks in
topologies with data-rate mismatches.
To match the rate of transmission of data from the source to the target interface, you can limit the transfer of
data to one of the following:
A specific configured rate
A derived rate based on the level of congestion
The rate of transfer depends on these three components that constitute the token bucket: burst size, mean rate,
and time (measurement) interval. The mean rate is equal to the burst size divided by the interval.
When traffic shaping is enabled, the bit rate of the interface does not exceed the mean rate over any integral
multiple of the interval. In other words, during every interval, a maximum of burst size can be sent. Within
the interval, however, the bit rate may be faster than the mean rate at any given time.
When the peak burst size equals 0, the interface sends no more than the burst size every interval, achieving
an average rate no higher than the mean rate. However, when the peak burst size is greater than 0, the interface
can send as many as the burst size plus peak burst bits in a burst, if in a previous time period the maximum
amount was not sent. Whenever less than the burst size is sent during an interval, the remaining number of
bits, up to the peak burst size, can be used to send more than the burst size in a later interval.
Regulation of Traffic with the Shaping Mechanism
When incoming packets arrive at an interface, the packets are classified using a classification technique, such
as an access control list (ACL) or the setting of the IP Precedence bits through the Modular QoS CLI (MQC).
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 57
Configuring Modular QoS Congestion Management
QoS for IPv6 ACLsIf the packet matches the specified classification, the traffic-shaping mechanism continues. Otherwise, no
further action is taken.
Figure 1 illustrates how a traffic shaping mechanism regulates traffic flow.
Figure 3: How a Traffic Shaping Mechanism Regulates Traffic
Packets matching the specified criteria are placed in the token bucket. The maximum size of the token bucket
is the confirm burst (Bc) size plus the Be size. The token bucket is filled at a constant rate of Bc worth of
tokens at every Tc. This is the configured traffic shaping rate.
If the traffic shaping mechanism is active (that is, packets exceeding the configured traffic shaping rate already
exist in a transmission queue) at every Tc, the traffic shaper checks to see if the transmission queue contains
enough packets to send (that is, up to either Bc [or Bc plus Be] worth of traffic).
If the traffic shaper is not active (that is, there are no packets exceeding the configured traffic shaping rate in
the transmission queue), the traffic shaper checks the number of tokens in the token bucket. One of the
following occurs:
If there are enough tokens in the token bucket, the packet is sent (transmitted).
If there are not enough tokensin the token bucket, the packet is placed in a shaping queue for transmission
at a later time.
Traffic Policing
In general, traffic policing allows you to control the maximum rate of traffic sent or received on an interface
and to partition a network into multiple priority levels or class of service (CoS).
Traffic policing manages the maximum rate of traffic through a token bucket algorithm. The token bucket
algorithm uses user-configured values to determine the maximum rate of traffic allowed on an interface at a
given moment in time. The token bucket algorithm is affected by all traffic entering or leaving the interface
(depending on where the traffic policy with traffic policing is configured) and is useful in managing network
bandwidth in cases where several large packets are sent in the same traffic stream.
Traffic policing is often configured on interfaces at the edge of a network to limit the rate of traffic entering
or leaving the network. In the most common traffic policing configurations, traffic that conforms to the CIR
is sent and traffic that exceeds is sent with a decreased priority or is dropped. Users can change these
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
58 OL-26077-02
Configuring Modular QoS Congestion Management
Traffic Policingconfiguration optionsto suit their network needs. Traffic policing also provides a certain amount of bandwidth
management by allowing you to set the burst size (Bc) for the committed information rate (CIR). When the
peak information rate (PIR) is supported, a second token bucket is enforced and then the traffic policer is
called a two-rate policer.
Regulation of Traffic with the Policing Mechanism
This section describes the single-rate and two-rate policing mechanisms.
Single-Rate Policer
A single-rate, two-action policer provides one token bucket with two actionsfor each packet: a conform action
and an exceed action.
Figure 2 illustrates how a single-rate token bucket policer marks packets as either conforming or exceeding
a CIR, and assigns an action.
Figure 4: Marking Packets and Assigning ActionsSingle-Rate Policer
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 59
Configuring Modular QoS Congestion Management
Regulation of Traffic with the Policing MechanismThe time interval between token updates (Tc) to the token bucket is updated at the CIR value each time a
packet arrives at the traffic policer. The Tc token bucket can contain up to the Bc value, which can be a certain
number of bytes or a period of time. If a packet of size B is greater than the Tc token bucket, then the packet
exceeds the CIR value and a configured action is performed. If a packet of size B is less than the Tc token
bucket, then the packet conforms and a different configured action is performed.
Two-Rate Policer
The two-rate policer manages the maximum rate of traffic by using two token buckets: the committed token
bucket and the peak token bucket. The dual-token bucket algorithm uses user-configured values to determine
the maximum rate of traffic allowed on a queue at a given moment. In this way, the two-rate policer can meter
traffic at two independent rates: the committed information rate (CIR) and the peak information rate (PIR).
The committed token bucket can hold bytes up to the size of the committed burst (bc) before overflowing.
This token bucket holds the tokens that determine whether a packet conforms to or exceeds the CIR as the
following describes:
A traffic stream is conforming when the average number of bytes over time does not cause the committed
token bucket to overflow. When this occurs, the token bucket algorithm marks the traffic stream green.
A traffic stream is exceeding when it causes the committed token bucket to overflow into the peak token
bucket. When this occurs, the token bucket algorithm marks the traffic stream yellow. The peak token
bucket is filled as long as the traffic exceeds the police rate.
The peak token bucket can hold bytes up to the size of the peak burst (be) before overflowing. This token
bucket holds the tokens that determine whether a packet violates the PIR. A traffic stream is violating when
it causes the peak token bucket to overflow. When this occurs, the token bucket algorithm marks the traffic
stream red.
The dual-token bucket algorithm provides users with three actions for each packeta conform action, an
exceed action, and an optional violate action. Traffic entering a queue with the two-rate policer configured is
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
60 OL-26077-02
Configuring Modular QoS Congestion Management
Regulation of Traffic with the Policing Mechanismplaced into one of these categories. Within these three categories, users can decide packet treatments. For
instance, packets that conform can be configured to be sent; packets that exceed can be configured to be sent
with a decreased priority; and packets that violate can be configured to be dropped.
Figure 3 shows how the two-rate policer marks a packet and assigns a corresponding action to the packet.
Figure 5: Marking Packets and Assigning Actions2-Rate Policer
For example, if a data stream with a rate of 250 kbps arrives at the two-rate policer, and the CIR is 100 kbps
and the PIR is 200 kbps, the policer marks the packet in the following way:
100 kbps conforms to the rate
100 kbps exceeds the rate
50 kbps violates the rate
The router updates the tokens for both the committed and peak token buckets in the following way:
The router updatesthe committed token bucket at the CIR value each time a packet arrives at the interface.
The committed token bucket can contain up to the committed burst (bc) value.
The router updates the peak token bucket at the PIR value each time a packet arrives at the interface.
The peak token bucket can contain up to the peak burst (be) value.
When an arriving packet conforms to the CIR, the router takes the conform action on the packet and
decrements both the committed and peak token buckets by the number of bytes of the packet.
When an arriving packet exceeds the CIR, the router takes the exceed action on the packet, decrements
the committed token bucket by the number of bytes of the packet, and decrements the peak token bucket
by the number of overflow bytes of the packet.
When an arriving packet exceeds the PIR, the router takes the violate action on the packet, but does not
decrement the peak token bucket.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 61
Configuring Modular QoS Congestion Management
Regulation of Traffic with the Policing MechanismCommitted Bursts and Excess Bursts
Unlike a traffic shaper, a traffic policer does not buffer excess packets and transmit them later. Instead, the
policer executes a send or do not send policy without buffering. During periods of congestion, proper
configuration of the excess burst parameter enables the policer to drop packets less aggressively. Therefore,
it is important to understand how policing uses the committed (normal) and excess burst values to ensure the
router reaches the configured committed information rate (CIR).
Burst parameters are based on a generic buffering rule for routers, which recommends that you configure
buffering to be equal to the round-trip time bit-rate to accommodate the outstanding TCP windows of all
connections in times of congestion.
The following sections describe committed bursts and excess bursts, and the recommended formula for
calculating each of them:
Committed Bursts
Excess Bursts
Deciding if Packets Conform or Exceed the Committed Rate
Committed Bursts
The committed burst (bc) parameter of the police command implements the first, conforming (green) token
bucket that the router uses to meter traffic. The bc parameter sets the size of this token bucket. Initially, the
token bucket is full and the token count is equal to the committed burst size (CBS). Thereafter, the meter
updates the token counts the number of times per second indicated by the committed information rate (CIR).
The following describes how the meter uses the conforming token bucket to send packets:
Ifsufficient tokens are in the conforming token bucket when a packet arrives, the meter marksthe packet
green and decrements the conforming token count by the number of bytes of the packet.
If there are insufficient tokens available in the conforming token bucket, the meter allows the traffic
flow to borrow the tokens needed to send the packet. The meter checks the exceeding token bucket for
the number of bytes of the packet. If the exceeding token bucket has a sufficient number of tokens
available, the meter marks the packet:
Green and decrements the conforming token count down to the minimum value of 0.
Yellow, borrows the remaining tokens needed from the exceeding token bucket, and decrements the
exceeding token count by the number of tokens borrowed down to the minimum value of 0.
If an insufficient number of tokens is available, the meter marks the packet red and does not decrement
either of the conforming or exceeding token counts.
When the meter marks a packet with a specific color, there must be a sufficient number
of tokens of that color to accommodate the entire packet. Therefore, the volume of green
packetsis neversmaller than the committed information rate (CIR) and committed burst
size (CBS). Tokens of a given color are always used on packets of that color.
Note
The default committed burst size is the greater of 2 milliseconds of bytes at the police rate or the network
maximum transmission unit (MTU).
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
62 OL-26077-02
Configuring Modular QoS Congestion Management
Regulation of Traffic with the Policing MechanismCommitted Burst Calculation
To calculate committed burst, use the following formula:
bc = CIR bps * (1 byte) / (8 bits) * 1.5 seconds
Note 1.5 seconds is the typical round-trip time.
For example, if the committed information rate is 512000 bps, then using the committed burst formula, the
committed burst is 96000 bytes.
bc = 512000 * 1/8 * 1.5
bc = 64000 * 1.5 = 96000
When the be value equals 0, we recommend that you set the egress bc value to be greater than or equal to
the ingress bc value plus 1. Otherwise, packet loss can occur. For example: be = 0 egress bc >= ingress
bc + 1
Note
Excess Bursts
The excess burst (be) parameter of the police command implements the second, exceeding (yellow) token
bucket that the router uses to meter traffic. The exceeding token bucket is initially full and the token count is
equal to the excess burst size (EBS). Thereafter, the meter updates the token counts the number of times per
second indicated by the committed information rate (CIR).
The following describes how the meter uses the exceeding token bucket to send packets:
When the first token bucket (the conforming bucket) meets the committed burst size (CBS), the meter
allows the traffic flow to borrow the tokens needed from the exceeding token bucket. The meter marks
the packet yellow and then decrements the exceeding token bucket by the number of bytes of the packet.
If the exceeding token bucket does not have the required tokens to borrow, the meter marks the packet
red and does not decrement the conforming or the exceeding token bucket. Instead, the meter performs
the exceed-action configured in the police command (for example, the policer drops the packets).
Excess Burst Calculation
To calculate excess burst, use the following formula:
be = 2 * committed burst
For example, if you configure a committed burst of 4000 bytes, then using the excess burst formula, the excess
burst is 8000 bytes.
be = 2 * 4000 = 8000
The default excess burst size is 0.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 63
Configuring Modular QoS Congestion Management
Regulation of Traffic with the Policing MechanismDeciding if Packets Conform or Exceed the Committed Rate
Policing uses normal or committed burst (bc) and excess burst (be) values to ensure that the configured
committed information rate (CIR) is reached. Policing decides if a packet conforms or exceeds the CIR based
on the burst values you configure. Several factors can influence the policers decision, such as the following:
Low burst valuesIf you configure burst values too low, the achieved rate might be much lower than
the configured rate.
Temporary burstsThese bursts can have a strong adverse impact on throughput of Transmission Control
Protocol (TCP) traffic.
It isimportant that you set the burst values high enough to ensure good throughput. If your router drops packets
and reports an exceeded rate even though the conformed rate is less than the configured CIR, use the show
interface command to monitor the current burst, determine whether the displayed value is consistently close
to the committed burst (bc) and excess burst (be) values, and if the actual rates (the committed rate and
exceeded rate) are close to the configured committed rate. If not, the burst values might be too low. Try
reconfiguring the burst rates using the suggested calculations in the Committed Burst Calculation and the
Excess Burst Calculation.
Two-Rate Three-Color (2R3C) Policer
For the SIP 700 card, a two-rate, three-color (2R3C) policer is supported on policy maps for ingress Layer 2
interfaces. The policer reads a preexisting markingthe frame-relay discard-eligibility (FRDE) bit in the
packet headerthat was set by a policer on a previous network node. By default the FRDE bit is set to 0. At
the receiving node, the system uses this bit to determine the appropriate color-aware policing action for the
packet:
To classify the FRDE bit value 0 as conform color, create a conform-color class-map for frde=0 packets.
This causes packets to be classified as color green, and the system applies the conform action.
To classify the FRDE bit value 1 as exceed color, create an exceed-color class-map for frde=1 packets.
This causes packets to be classified as color yellow, and the system applies the exceed action.
Note Color-aware policing is not supported for heirarchical QoS.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
64 OL-26077-02
Configuring Modular QoS Congestion Management
Regulation of Traffic with the Policing MechanismThe 2R3C policing process is shown in Figure 4.
Figure 6: 2R3C Policing Process Flowchart
Hierarchical Policing
The Hierarchical Policing feature is an MQC-based solution that supports hierarchical policing on both the
ingress and egress interfaces on Cisco ASR 9000 Series Router.
Thisfeature allows enforcement ofservice level agreements(SLA) while applying the classification submodel
for different QoS classes on the inbound interface.
Hiearchical policing provides support at two levels:
Parent level
Child level
Multiple Action Set
set-mpls-exp-imp, set-clp
Packet Marking Through the IP Precedence Value, IP DSCP Value, and the MPLS Experimental
Value Setting
In addition to rate-limiting, traffic policing allows you to independently mark (or classify) the packet according
to whether the packet conforms or violates a specified rate. Packet marking also allows you to partition your
network into multiple priority levels or CoS. Packet marking as a policer action is conditional marking.
Use the traffic policer to set the IP precedence value, IP DSCP value, or Multiprotocol Label Switching
(MPLS) experimental value for packets that enter the network. Then networking devices within your network
can use this setting to determine how the traffic should be treated. For example, the Weighted Random Early
Detection (WRED) feature uses the IP precedence value to determine the probability that a packet is dropped.
If you want to mark traffic but do not want to use traffic policing, see the Class-based, Unconditional Packet
Marking Examples section to learn how to perform packet classification.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 65
Configuring Modular QoS Congestion Management
Regulation of Traffic with the Policing MechanismNote Marking IP fields on an MPLS-enabled interface results in non-operation on that particular interface.
Policer Granularity and Shaper Granularity
Policer granularity can be configured in the ingress and egress directions. The policer granularity is specified
as a perimissible percentage variation between the user-configured policer rate, and the hardware programmed
policer rate.
Congestion Management Using DEI
You can manage congestion based on the Drop Eligible Indicator (DEI) bit that is present in 802.1ad frames
and 802.1ah frames. Random early detection based on the DEI value is supported on 802.1ad packets for:
Layer 2 subinterfaces
Layer 2 main interfaces
Layer 3 main interfaces
Ingress and egress
If there are any marking actions in the policy, the marked values are used for doing
WRED.
Note
How to Configure QoS Congestion Management
This contains the following tasks:
Configuring Guaranteed and Remaining Bandwidths
The bandwidth command allows you to specify the minimum guaranteed bandwidth to be allocated for a
specific class of traffic. MDRR is implemented as the scheduling algorithm.
The bandwidth remaining command specifies a weight for the class to the MDRR. The MDRR algorithm
derives the weight for each class from the bandwidth remaining value allocated to the class. If you do not
configure the bandwidth remaining command for any class, the leftover bandwidth is allocated equally to
all classes for which bandwidth remaining is not explicitly specified.
Guaranteed Service rate of a queue is defined as the bandwidth the queue receives when all the queues are
congested. It is defined as:
Guaranteed Service Rate = minimum bandwidth + excess share of the queue
Restrictions
The amount of bandwidth configured should be large enough to also accommodate Layer 2 overhead.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
66 OL-26077-02
Configuring Modular QoS Congestion Management
Policer Granularity and Shaper GranularityThe bandwidth command is supported only on policies configured on outgoing interfaces.
SUMMARY STEPS
1.
2. policy-map policy-name
3. class class-name
4. bandwidth {rate [units]| percent value}
5. bandwidth remaining percent value
6. exit
7. class class-name
8. bandwidth {rate [units] | percent value}
9. bandwidth remaining percent value
10. exit
11. exit
12. interface type interface-path-id
13. service-policy {input | output} policy-map
14. end or commit
15. show policy-map interface type interface-path-id [input | output]
DETAILED STEPS
Command or Action Purpose
Enters global configuration mode.
Example:
RP/0//CPU0:router# configure
Step 1
Step 2 policy-map policy-name Enters policy map configuration mode.
Example:
RP/0//CPU0:router(config)# policy-map
policy1
Creates or modifies a policy map that can be attached to one or
more interfaces to specify a service policy.
Specifies the name of the class whose policy you want to create or
change.
class class-name
Example:
RP/0/RP0/CPU0:router(config-pmap)# class
class1
Step 3
Step 4 bandwidth {rate [units]| percent value} Enters policy map class configuration mode.
Example:
RP/0//CPU0:router(config-pmap-c)#
bandwidth percent 50
Specifies the bandwidth allocated for a class belonging to a
policy map.
In this example, class class1 is guaranteed 50 percent of the
interface bandwidth.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 67
Configuring Modular QoS Congestion Management
Configuring Guaranteed and Remaining BandwidthsCommand or Action Purpose
Step 5 bandwidth remaining percent value Specifies how to allocate leftover bandwidth to various classes.
Example:
RP/0//CPU0:router(config-pmap-c)#
bandwidth remaining percent 20
The remaining bandwidth of 40 percent isshared by class class1
and class2 (see Steps 8 and 9) in a 20:80 ratio: class class1
receives 20 percent of the 40 percent, and class class2 receives
80 percent of the 40 percent.
exit Returns the router to policy map configuration mode.
Example:
RP/0//CPU0:router(config-pmap-c)# exit
Step 6
Specifiesthe name of a different class whose policy you want to create
or change.
class class-name
Example:
RP/0//CPU0:router(config-pmap)# class
class2
Step 7
Specifies the bandwidth allocated for a class belonging to a policy
map.
bandwidth {rate [units] | percent value}
Example:
RP/0//CPU0:router(config-pmap-c)#
bandwidth percent 10
Step 8
In this example, class class2 is guaranteed 10 percent of the
interface bandwidth.
Step 9 bandwidth remaining percent value Specifies how to allocate leftover bandwidth to various classes.
Example:
RP/0//CPU0:router(config-pmap-c)#
bandwidth remaining percent 80
The remaining bandwidth of 40 percent isshared by class class1
(see Steps 4 and 5) and class2 in a 20:80 ratio: class class1
receives 20 percent of the 40 percent, and class class2 receives
80 percent of the 40 percent.
exit Returns the router to policy map configuration mode.
Example:
RP/0//CPU0:router(config-pmap-c)# exit
Step 10
exit Returns the router to global configuration mode.
Example:
RP/0//CPU0:router(config-pmap)# exit
Step 11
interface type interface-path-id Enters interface configuration mode and configures an interface.
Example:
RP/0//CPU0:router(config)# interface POS
0/2/0/0
Step 12
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
68 OL-26077-02
Configuring Modular QoS Congestion Management
Configuring Guaranteed and Remaining BandwidthsCommand or Action Purpose
Attaches a policy map to an input or output interface to be used as the
service policy for that interface.
service-policy {input | output} policy-map
Example:
RP/0//CPU0:router(config-if)#
service-policy output policy1
Step 13
In this example, the traffic policy evaluates all traffic leaving
that interface.
Step 14 end or commit Saves configuration changes.
Example:
RP/0//CPU0:router(config-if)# end
When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)? [cancel]:
or
RP/0//CPU0:router(config-if)# commit Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
Entering no exitsthe configuration session and returnsthe router
to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
(Optional) Displays policy configuration information for all classes
configured for all service policies on the specified interface.
show policy-map interface type
interface-path-id [input | output]
Example:
RP/0//CPU0:router# show policy-map
interface POS 0/2/0/0
Step 15
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 69
Configuring Modular QoS Congestion Management
Configuring Guaranteed and Remaining BandwidthsConfiguring Guaranteed Bandwidth
SUMMARY STEPS
1. configure
2. policy-map policy-name
3. class class-name
4. bandwidth {rate [units]| percent percentage-value}
5. exit
6. class class-name
7. bandwidth {rate [units]| percent percentage-value}
8. exit
9. class class-name
10. bandwidth {rate [units]| percent percentage-value}
11. exit
12. exit
13. interface type interface-path-id
14. service-policy {input | output} policy-map
15. end or commit
16. show policy-map interface type interface-path-id [input | output]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 policy-map policy-name Enters policy map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# policy-map
policy1
Creates or modifies a policy map that can be attached to one
or more interfaces to specify a service policy.
Specifies the name of the class whose policy you want to create or
change.
class class-name
Example:
RP/0/RSP0/CPU0:router(config-pmap)# class
class1
Step 3
bandwidth {rate [units]| percent Enters policy map class configuration mode.
percentage-value}
Step 4
Specifies the bandwidth allocated for a class belonging to a
policy map.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
70 OL-26077-02
Configuring Modular QoS Congestion Management
Configuring Guaranteed and Remaining BandwidthsCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
bandwidth percent 40
In this example, class class1 is guaranteed 40 percent of the
interface bandwidth.
exit Returns the router to policy map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# exit
Step 5
Specifies the name of the class whose policy you want to create or
change.
class class-name
Example:
RP/0/RSP0/CPU0:router(config-pmap)# class
class2
Step 6
bandwidth {rate [units]| percent Enters policy map class configuration mode.
percentage-value}
Step 7
Specifies the bandwidth allocated for a class belonging to a
policy map.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
bandwidth percent 40
In this example, class class2 is guaranteed 40 percent of the
interface bandwidth.
exit Returns the router to policy map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# exit
Step 8
Specifies the name of the class whose policy you want to create or
change.
class class-name
Example:
RP/0/RSP0/CPU0:router(config-pmap)# class
class-default
Step 9
bandwidth {rate [units]| percent Enters policy map class configuration mode.
percentage-value}
Step 10
Specifies the bandwidth allocated for a class belonging to a
policy map.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
bandwidth percent 20
In this example, class class-default is guaranteed 20 percent
of the interface bandwidth.
exit Returns the router to policy map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# exit
Step 11
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 71
Configuring Modular QoS Congestion Management
Configuring Guaranteed and Remaining BandwidthsCommand or Action Purpose
exit Returns the router to global configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap)# exit
Step 12
interface type interface-path-id Enters interface configuration mode and configures an interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface
gigabitethernet 0/2/0/0
Step 13
Attaches a policy map to an input or output interface to be used as
the service policy for that interface.
service-policy {input | output} policy-map
Example:
RP/0/RSP0/CPU0:router(config-if)#
service-policy output policy1
Step 14
In this example, the traffic policy evaluates all traffic leaving
that interface.
Step 15 end or commit Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-if)# end
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)? [cancel]:
or
RP/0/RSP0/CPU0:router(config-if)# commit Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
(Optional) Displays policy configuration information for all classes
configured for all service policies on the specified interface.
show policy-map interface type interface-path-id
[input | output]
Example:
RP/0/RSP0/CPU0:router# show policy-map
interface gigabitethernet 0/2/0/0
Step 16
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
72 OL-26077-02
Configuring Modular QoS Congestion Management
Configuring Guaranteed and Remaining BandwidthsConfiguring Bandwidth Remaining
SUMMARY STEPS
1. configure
2. policy-map policy-name
3. class class-name
4. bandwidth remaining percent percentage-value
5. exit
6. class class-name
7. bandwidth remaining percent percentage-value
8. exit
9. class class-name
10. bandwidth remaining percent percentage-value
11. exit
12. exit
13. interface type interface-path-id
14. service-policy {input | output} policy-map
15. end or commit
16. show policy-map interface type interface-path-id [input | output]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 policy-map policy-name Enters policy map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# policy-map
policy1
Creates or modifies a policy map that can be attached to
one or more interfaces to specify a service policy.
Specifies the name of the class whose policy you want to create
or change.
class class-name
Example:
RP/0/RSP0/CPU0:router(config-pmap)# class
class1
Step 3
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 73
Configuring Modular QoS Congestion Management
Configuring Guaranteed and Remaining BandwidthsCommand or Action Purpose
bandwidth remaining percent percentage-value Specifies how to allocate leftover bandwidth for class class1.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
bandwidth remaining percent 40
Step 4
exit Returns the router to policy map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# exit
Step 5
Specifies the name of the class whose policy you want to create
or change.
class class-name
Example:
RP/0/RSP0/CPU0:router(config-pmap)# class
class2
Step 6
bandwidth remaining percent percentage-value Specifies how to allocate leftover bandwidth for class class2.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
bandwidth remaining percent 40
Step 7
exit Returns the router to policy map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# exit
Step 8
Specifies the name of the class whose policy you want to create
or change.
class class-name
Example:
RP/0/RSP0/CPU0:router(config-pmap)# class
class-default
Step 9
Specifies how to allocate leftover bandwidth for class
class-default.
bandwidth remaining percent percentage-value
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
bandwidth remaining percent 20
Step 10
exit Returns the router to policy map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# exit
Step 11
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
74 OL-26077-02
Configuring Modular QoS Congestion Management
Configuring Guaranteed and Remaining BandwidthsCommand or Action Purpose
exit Returns the router to global configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap)# exit
Step 12
interface type interface-path-id Entersinterface configuration mode and configures an interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface
gigabitethernet 0/2/0/0
Step 13
Attaches a policy map to an input or output interface to be used
as the service policy for that interface.
service-policy {input | output} policy-map
Example:
RP/0/RSP0/CPU0:router(config-if)#
service-policy output policy1
Step 14
In this example, the traffic policy evaluates all traffic
leaving that interface.
Step 15 end or commit Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-if)# end
When you issue the end command, the system prompts
you to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)? [cancel]:
or
RP/0/RSP0/CPU0:router(config-if)# commit Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration
changesto the running configuration file and remain within
the configuration session.
(Optional) Displays policy configuration information for all
classes configured for all service policies on the specified
interface.
show policy-map interface type interface-path-id
[input | output]
Example:
RP/0/RSP0/CPU0:router# show policy-map
interface gigabitethernet 0/2/0/0
Step 16
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 75
Configuring Modular QoS Congestion Management
Configuring Guaranteed and Remaining BandwidthsConfiguring Low-Latency Queueing with Strict Priority Queueing
The priority command configures low-latency queueing (LLQ), providing strict priority queueing (PQ). Strict
PQ allows delay-sensitive data, such as voice, to be dequeued and sent before packets in other queues are
dequeued.When a class is marked as high priority using the priority command, we recommend that you
configure a policer to limit the priority traffic. This configuration ensures that the priority traffic does not
starve all of the other traffic on the line card, which protectslow priority traffic from starvation. Use the police
command to explicitly configure the policer.
Two levels of priority are supported: priority level 1 and priority level 2. If no priority level is configured,
the default is priority level 1.
Note
Restrictions
Within a policy map, you can give one or more classes priority status. When multiple classes within a
single policy map are configured as priority classes, all traffic from these classes is queued to the same
single priority queue.
SUMMARY STEPS
1. configure
2. policy-map policy-name
3. class class-name
4. police rate {value [units] | percent percentage} [burst burst-size [burst-units]] [peak-burst peak-burst
[burst-units]] [peak-rate value [units]]
5. exceed-action action
6. priority [level priority-level] RP/0/RSP0/CPU0:router(config-pmap-c)# priority
7. exit
8. exit
9. interface type interface-path-id
10. service-policy {input | output} policy-map
11. end or commit
12. show policy-map interface type interface-path-id [input | output]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 policy-map policy-name Enters policy map configuration mode.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
76 OL-26077-02
Configuring Modular QoS Congestion Management
Configuring Low-Latency Queueing with Strict Priority QueueingCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config)# policy-map
voice
Creates or modifies a policy map that can be attached to one
or more interfaces to specify a service policy.
Step 3 class class-name Enters policy map class configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap)# class
voice
Specifies the name of the class whose policy you want to
create or change.
Configures traffic policing and enters policy map police
configuration mode.
police rate {value [units] | percent percentage}
[burst burst-size [burst-units]] [peak-burst
peak-burst [burst-units]] [peak-rate value [units]]
Step 4
In this example, the low-latency queue is restricted to 250
kbps to protect low-priority traffic from starvation and to
release bandwidth.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# police
rate 250
Step 5 exceed-action action Configuresthe action to take on packetsthat exceed the rate limit.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c-police)#
exceed-action drop
Specifies priority to a class of traffic belonging to a policy map.
exit
Returns the router to policy map class configuration mode.
Example:
RP/0//CPU0:router(config-pmap-c)# priority
Example:
RP/0/RSP0/CPU0:router(config-pmap-c-police)#
exit
priority [level priority-level] Specifies priority to a class of traffic belonging to a policy map.
RP/0/RSP0/CPU0:router(config-pmap-c)# priority
Step 6
Note If no priority level is configured, the default is
priority 1.
exit Returns the router to policy map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# exit
Step 7
exit Returns the router to global configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap)# exit
Step 8
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 77
Configuring Modular QoS Congestion Management
Configuring Low-Latency Queueing with Strict Priority QueueingCommand or Action Purpose
interface type interface-path-id Enters interface configuration mode, and configures an interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface
gigabitethernet 0/2/0/0
Step 9
Attaches a policy map to an input or output interface to be used
as the service policy for that interface.
service-policy {input | output} policy-map
Example:
RP/0/RSP0/CPU0:router(config-if)#
service-policy output policy1
Step 10
In this example, the traffic policy evaluates all traffic leaving
that interface.
Step 11 end or commit Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-if)# end
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)? [cancel]:
or
RP/0/RSP0/CPU0:router(config-if)# commit Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
(Optional) Displays policy configuration information for all classes
configured for all service policies on the specified interface.
show policy-map interface type interface-path-id
[input | output]
Example:
RP/0/RSP0/CPU0:router# show policy-map
interface gigabitethernet 0/2/0/0
Step 12
Configuring Traffic Shaping
Traffic shaping allows you to control the traffic exiting an interface to match its transmission to the speed of
the remote target interface and ensure that the traffic conforms to policies contracted for it.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
78 OL-26077-02
Configuring Modular QoS Congestion Management
Configuring Traffic ShapingShaping performed on incoming and outgoing interfaces is done at the Layer 2 level and includes the Layer
2 header in the rate calculation.
Restrictions
The bandwidth, priority, and shape average commands should not be configured together in the same class.
SUMMARY STEPS
1. configure
2. policy-map policy-name
3. class class-name
4. shape average {percent value | rate [units]}
5. exit
6. exit
7. interface type interface-path-id
8. service-policy {input | output} policy-map
9. end or commit
10. show policy-map interface type interface-path-id [input | output]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 policy-map policy-name Enters policy map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# policy-map
policy1
Creates or modifies a policy map that can be attached to one
or more interfaces to specify a service policy.
Step 3 class class-name Enters policy map class configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap)# class
class1
Specifiesthe name of the class whose policy you want to create
or change.
Shapes traffic to the indicated bit rate according to average rate
shaping in the specified units or as a percentage of the bandwidth.
shape average {percent value | rate [units]}
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
shape average percent 50
Step 4
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 79
Configuring Modular QoS Congestion Management
Configuring Traffic ShapingCommand or Action Purpose
exit Returns the router to policy map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# exit
Step 5
exit Returns the router to global configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap)# exit
Step 6
interface type interface-path-id Enters interface configuration mode and configures an interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface
gigabitethernet 0/2/0/0
Step 7
Attaches a policy map to an input or output interface to be used as
the service policy for that interface.
service-policy {input | output} policy-map
Example:
RP/0/RSP0/CPU0:router(config-if)#
service-policy output policy1
Step 8
In this example, the traffic policy evaluates all traffic leaving
that interface.
Step 9 end or commit Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-if)# end
When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)? [cancel]:
or
RP/0/RSP0/CPU0:router(config-if)# commit Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
Entering no exitsthe configuration session and returnsthe router
to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
(Optional) Displays policy configuration information for all classes
configured for all service policies on the specified interface.
show policy-map interface type interface-path-id
[input | output]
Example:
RP/0/RSP0/CPU0:router# show policy-map
interface gigabitethernet 0/2/0/0
Step 10
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
80 OL-26077-02
Configuring Modular QoS Congestion Management
Configuring Traffic ShapingConfiguring Traffic Policing (Two-Rate Color-Blind)
Traffic policing allows you to control the maximum rate of traffic sent or received on an interface. Thissection
provides the procedure for configuring two-rate color-blind traffic policing.
SUMMARY STEPS
1. configure
2. policy-map policy-name
3. class class-name
4. police rate {value [units] | percent percentage} [burst burst-size [burst-units]] [peak-burst peak-burst
[burst-units]] [peak-rate value [units]]
5. conform-action action
6. exceed-action action
7. exit
8. exit
9. exit
10. interface type interface-path-id
11. service-policy {input | output} policy-map
12. end or commit
13. show policy-map interface type interface-path-id [input | output]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 policy-map policy-name Enters policy map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# policy-map
policy1
Creates or modifies a policy map that can be attached to one
or more interfaces to specify a service policy.
Step 3 class class-name Enters policy map class configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap)# class
class1
Specifies the name of the class whose policy you want to
create or change.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 81
Configuring Modular QoS Congestion Management
Configuring Traffic Policing (Two-Rate Color-Blind)Command or Action Purpose
Configures traffic policing and enters policy map police
configuration mode. The traffic policing feature works with a token
bucket algorithm.
police rate {value [units] | percent percentage}
[burst burst-size [burst-units]] [peak-burst
peak-burst [burst-units]] [peak-rate value [units]]
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# police
rate 250000
Step 4
Configures the action to take on packets that conform to the rate
limit. The action argument is specified by one of these keywords:
conform-action action
Example:
RP/0/RSP0/CPU0:router(config-pmap-c-police)#
Step 5
dropDrops the packet.
setHas these keywords and arguments:
conform-action set mpls experimental topmost
3
discard-class valueSets the discard class value. Range is
0 to 7.
dscp Sets the differentiated services code point (DSCP)
value and sends the packet.
mpls experimental {topmost | imposition} valueSetsthe
experimental (EXP) value of the Multiprotocol Label
Switching (MPLS) packet topmost label or imposed label.
Range is 0 to 7.
precedence Sets the IP precedence and sends the packet.
qos-groupSets the QoS group value. Range is 0 to 63.
transmitTransmits the packets.
Configures the action to take on packets that exceed the rate limit.
The action argument is specified by one of the keywords specified
in Step 5 .
exceed-action action
Example:
RP/0/RSP0/CPU0:router(config-pmap-c-police)#
Step 6
exceed-action set mpls experimental topmost
4
exit Returns the router to policy map class configuration mode.
Example:
Step 7
RP/0/RSP0/CPU0:router(config-pmap-c-police)#
exit
exit Returns the router to policy map configuration mode.
Example:
Step 8
RP/0/RSP0/CPU0:router(config-pmap-c)# exit
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
82 OL-26077-02
Configuring Modular QoS Congestion Management
Configuring Traffic Policing (Two-Rate Color-Blind)Command or Action Purpose
exit Returns the router to global configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap)# exit
Step 9
interface type interface-path-id Enters configuration mode and configures an interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface
gigabitethernet 0/5/0/0
Step 10
Attaches a policy map to an input or output interface to be used as
the service policy for that interface.
service-policy {input | output} policy-map
Example:
RP/0/RSP0/CPU0:router(config-if)#
service-policy output policy1
Step 11
In this example, the traffic policy evaluates all traffic leaving
that interface.
Step 12 end or commit Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-if)# end
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)? [cancel]:
or
RP/0/RSP0/CPU0:router(config-if)# commit Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
(Optional) Displays policy configuration information for all classes
configured for all service policies on the specified interface.
show policy-map interface type interface-path-id
[input | output]
Example:
RP/0/RSP0/CPU0:router# show policy-map
interface gigabitethernet 0/2/0/0
Step 13
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 83
Configuring Modular QoS Congestion Management
Configuring Traffic Policing (Two-Rate Color-Blind)Configuring Traffic Policing (2R3C)
This section provides the procedure for configuring two-rate three-color traffic policing. It is applicable to
SIP 700 line cards on the ingress side only.
SUMMARY STEPS
1. configure
2. class-map [match-all][match-any] class-map-name
3. match [not] fr-de fr-de-bit-value
4. policy-map policy-name
5. class class-name
6. police rate {value [units] | percent percentage} [burst burst-size [burst-units]] [peak-burst peak-burst
[burst-units]] [peak-rate value [units]]
7. conform-color class-map-name
8. exceed-color class-map-name
9. conform-action action
10. exceed-action action
11. exit
12. exit
13. exit
14. interface type interface-path-id
15. service-policy policy-map
16. end or commit
17. show policy-map interface type interface-path-id
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 class-map [match-all][match-any] class-map-name (Use with SIP 700 line card, ingress only)
Example:
RP/0/RSP0/CPU0:router(config)# class-map
match-all match-not-frde
Enters class map configuration mode.
Creates or modifies a class map that can be attached to one
or more interfaces to specify a matching policy.
Step 3 match [not] fr-de fr-de-bit-value (Use with SIP 700 line card, ingress only)
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
84 OL-26077-02
Configuring Modular QoS Congestion Management
Configuring Traffic Policing (2R3C)Command or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config)# match not
fr-de 1
Specifies the matching condition:
Match not fr-de 1 istypically used to specify a conform-color
packet.
Match fr-de 1 is typically used to specify an exceed-color
packet.
Step 4 policy-map policy-name Enters policy map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# policy-map
policy1
Creates or modifies a policy map that can be attached to one
or more interfaces to specify a service policy.
Step 5 class class-name Enters policy map class configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap)# class
class1
Specifies the name of the class whose policy you want to
create or change.
Configures traffic policing and enters policy map police
configuration mode. The traffic policing feature works with a
token bucket algorithm.
police rate {value [units] | percent percentage}
[burst burst-size [burst-units]] [peak-burst
peak-burst [burst-units]] [peak-rate value [units]]
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# police
Step 6
rate 768000 burst 288000 peak-rate 1536000
peak-burst 576000
Step 7 conform-color class-map-name (Use with SIP 700 line card, ingress only)
Example:
RP/0/RSP0/CPU0:router(config-pmap-c-police)#
conform-color match-not-frde
Configuresthe class-map name to assign to conform-color packets.
Step 8 exceed-color class-map-name (Use with SIP 700 line card, ingress only)
Example:
RP/0/RSP0/CPU0:router(config-pmap-c-police)#
exceed-color match-frde
Configuresthe class-map name to assign to exceed-color packets.
Configures the action to take on packets that conform to the rate
limit. The action argument is specified by one of these keywords:
conform-action action
Example:
RP/0/RSP0/CPU0:router(config-pmap-c-police)#
Step 9
dropDrops the packet.
setHas these keywords and arguments:
conform-action set mpls experimental topmost
3
discard-class valueSets the discard class value. Range is
0 to 7.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 85
Configuring Modular QoS Congestion Management
Configuring Traffic Policing (2R3C)Command or Action Purpose
dscp valueSets the differentiated services code point
(DSCP) value and sends the packet.
mpls experimental {topmost | imposition} valueSets
the experimental (EXP) value of the Multiprotocol Label
Switching (MPLS) packet topmost label or imposed label.
Range is 0 to 7.
precedence precedenceSets the IP precedence and sends
the packet.
qos-groupSets the QoS group value. Range is 0 to 63.
transmitTransmits the packets.
Configures the action to take on packets that exceed the rate limit.
The action argument isspecified by one of the keywordsspecified
in Step 5 .
exceed-action action
Example:
RP/0/RSP0/CPU0:router(config-pmap-c-police)#
Step 10
exceed-action set mpls experimental topmost
4
exit Returns the router to policy map class configuration mode.
Example:
Step 11
RP/0/RSP0/CPU0:router(config-pmap-c-police)#
exit
exit Returns the router to policy map configuration mode.
Example:
Step 12
RP/0/RSP0/CPU0:router(config-pmap-c)# exit
exit Returns the router to global configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap)# exit
Step 13
interface type interface-path-id Enters configuration mode and configures an interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface pos
0/5/0/0
Step 14
Attaches a policy map to an input interface to be used asthe service
policy for that interface.
service-policy policy-map
Example:
RP/0/RSP0/CPU0:router(config-if)#
service-policy policy1
Step 15
Step 16 end or commit Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
86 OL-26077-02
Configuring Modular QoS Congestion Management
Configuring Traffic Policing (2R3C)Command or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config-if)# end
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)? [cancel]:
or
RP/0/RSP0/CPU0:router(config-if)# commit
Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
(Optional) Displays policy configuration information for all classes
configured for all service policies on the specified interface.
show policy-map interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router# show policy-map
interface POS0/2/0/0
Step 17
Configuring Hierarchical Policing
Hierarchical policing provides support at two levels:
Parent level
Child level
SUMMARY STEPS
1. configure
2. policy-map policy-name
3. class class-name
4. service-policy policy-map-name
5. police rate percent percentage
6. conform-action action
7. exceed-action action
8. end or commit
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 87
Configuring Modular QoS Congestion Management
Configuring Hierarchical PolicingDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 policy-map policy-name Enters policy map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# policy-map
policy1
Creates or modifies a policy map that can be attached to one
or more interfaces to specify a service policy.
Step 3 class class-name Enters policy map class configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap)# class
class1
Specifies the name of the class whose policy you want to
create or change.
Attaches a policy map to an input or output interface to be used
as the service policy for that interface.
service-policy policy-map-name
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
service-policy child
Step 4
Configures traffic policing and enters policy map police
configuration mode.
police rate percent percentage
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# police
rate percent 50
Step 5
Configures the action to take on packets that conform to the rate
limit. The allowed action is:
conform-action action
Example:
RP/0/RSP0/CPU0:router(config-pmap-c-police)#
conform-action transmit
Step 6
transmitTransmits the packets.
Configures the action to take on packets that exceed the rate limit.
The allowed action is:
exceed-action action
Example:
RP/0/RSP0/CPU0:router(config-pmap-c-police)#
exceed-action drop
Step 7
dropDrops the packet.
Step 8 end or commit Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-if)# end
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)? [cancel]:
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
88 OL-26077-02
Configuring Modular QoS Congestion Management
Configuring Hierarchical PolicingCommand or Action Purpose
or
RP/0/RSP0/CPU0:router(config-if)# commit
Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Configuration Examples for configuring congestion management
Here are some examples for congestion management.
Traffic Shaping for an Input Interface: Example
The following example shows how to configure a policy map on an input interface:
policy-map p2
class voip
shape average 20 mbps
!
interface GigabitEthernet0/4/0/24
service-policy input p2
commit
RP/0/RSP0/CPU0:Jun 8 16:55:11.819 : config[65546]: %MGBL-LIBTARCFG-6-COMMIT : Configuration
committed by user 'cisco'. Use 'show configuration commit changes 1000006140' to view the
changes.
The following example shows the display output for the previous policy map configuration:
RP/0/RSP0/CPU0:router# show policy-map interface GigabitEthernet 0/4/0/24 input
GigabitEthernet0/4/0/24 input: p2
Class voip
Classification statistics (packets/bytes) (rate - kbps)
Matched : 0/0 0
Transmitted : 0/0 0
Total Dropped : 0/0 0
Queueing statistics
Queue ID : 268435978
High watermark (Unknown)
Inst-queue-len (packets) : 0
Avg-queue-len (Unknown)
Taildropped(packets/bytes) : 0/0
Queue(confirm) : 0/0
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 89
Configuring Modular QoS Congestion Management
Configuration Examples for configuring congestion managementQueue(exceed) : 0/0
RED random drops(packets/bytes) : 0/0
Class class-default
Classification statistics (packets/bytes) (rate - kbps)
Matched : : 0/0 0
Transmitted : Un-determined
Total Dropped : Un-determined
Traffic Policing for a Bundled Interface: Example
The following example shows how to configure a policy map for a bundled interface:
policy-map p2
class voip
police rate percent 20
commit
RP/0/RSP0/CPU0:Jun 8 16:51:51.679 : config[65546]: %MGBL-LIBTARCFG-6-COMMIT : Configuration
committed by user 'cisco'. Use 'show configuration commit changes 1000006135' to view
the changes.
exit
exit
interface bundle-ether 1
service-policy input p2
commit
RP/0/RSP0/CPU0:Jun 8 16:52:02.650 : config[65546]: %MGBL-LIBTARCFG-6-COMMIT : Configuration
committed by user 'cisco'. Use 'show configuration commit changes 1000006136' to view
the changes.
The following example shows the display output for the policy map configuration in which policing was
configured in percentage:
RP/0/RSP0/CPU0:router# show policy-map interface bundle-ether 1
Bundle-ether1 input: p2
Class voip
Classification statistics (packets/bytes) (rate - kbps)
Matched : 0/0 0
Policing statistics (packets/bytes) (rate - kbps)
Policed(conform) : 0/0 0
Policed(exceed) : 0/0 0
Policed(violate) : 0/0 0
Policed and dropped : 0/0
Class default
Classification statistics (packets/bytes) (rate - kbps)
Matched : 0/0 0
Transmitted : 0/0 0
Total Dropped : 0/0 0
Queueing statistics
Vital (packets) : 0
Queueing statistics
Queue ID : 36
High watermark (packets) : 0
Inst-queue-len (bytes) : 0
Avg-queue-len (bytes) : 0
TailDrop Threshold(bytes) : 239616000
Taildropped(packets/bytes) : 0/0
2R3C Traffic Policing: Example
These commands create the color-aware policy.
!
class-map match-any match-frde-0
match not fr-de 1
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
90 OL-26077-02
Configuring Modular QoS Congestion Management
Traffic Policing for a Bundled Interface: Exampleend-class-map
!
class-map match-any match-frde-1
match fr-de 1
end-class-map
!
!
policy-map color-aware-policer
class class-default
police rate 1000 kbps peak-rate 2000 kbps
conform-color match-frde-0
exceed-color match-frde-1
conform-action set qos-group 10
exceed-action set qos-group 20
violate-action drop
!
!
end-policy-map
!
!
interface POS0/1/0/0
encapsulation frame-relay
pos
crc 32
!
frame-relay lmi disable
!
interface POS0/1/0/0.1 l2transport
pvc 100
service-policy input color-aware-policer
!
!
This command displays the current configuration commands for the policy.
RP/0/RSP0/CPU0:router# show run policy-map color-aware-policer
Thu Apr 14 09:25:04.752 UTC
policy-map color-aware-policer
class class-default
police rate 1000 kbps peak-rate 2000 kbps
conform-color match-frde-0
exceed-color match-frde-1
conform-action set qos-group 10
exceed-action set qos-group 20
violate-action drop
!
!
end-policy-map
!
This command displays the color-aware policy.
/0/RSP0/CPU0:router# show policy-map interface pos 0/1/0/0.1 input
Thu Apr 14 09:24:10.487 UTC
POS0/1/0/0.1 input: color-aware-policer
Class class-default
Classification statistics (packets/bytes) (rate - kbps)
Matched : 66144900/8201967600 498245
Transmitted : N/A
Total Dropped : 65879175/8169017700 496245
Policing statistics (packets/bytes) (rate - kbps)
Policed(conform) : 132863/16475012 1000
Policed(exceed) : 132863/16475012 1000
Policed(violate) : 65879175/8169017700 496245
Policed and dropped : 65879175/8169017700
Conform Color
Policed(conform) : 132863/16475012 1000
Policed(exceed) : 51367/6369508 389
Policed(violate) : 46186826/5727166424 347907
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 91
Configuring Modular QoS Congestion Management
2R3C Traffic Policing: ExampleExceed Color
Policed(exceed) : 81496/10105504 611
Policed(violate) : 19692349/2441851276 148338
Violate Color
Policed(violate) : 0/0 0
ATM QoS: Example
Hierarchical Policing: Example
Additional References
The following sections provide references related to implementing QoS congestion management.
Related Documents
Related Topic Document Title
Cisco ASR 9000 Series Aggregation Services Router Getting
Started Guide
Initial system bootup and configuration
Cisco ASR 9000 Series Aggregation Services Router Master
Command Listing
Master command reference
Cisco ASR 9000 Series Aggregation Services Router
Modular Quality of Service Command Reference
QoS commands
Configuring AAA Services on Cisco ASR 9000 Series
Router module of Cisco Cisco ASR 9000 Series
Aggregation Services Router System Security Configuration
Guide
User groups and task IDs
Standards
Standards Title
No new or modified standards are supported by
this feature, and support for existing standards
has not been modified by this feature.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
92 OL-26077-02
Configuring Modular QoS Congestion Management
ATM QoS: ExampleMIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the following
URL and choose a platform under the Cisco Access
Products menu: http://cisco.com/public/sw-center/netmgmt/
cmtk/mibs.shtml
RFCs
RFCs Title
No new or modified RFCs are supported by this
feature, and support for existing RFCs has not
been modified by this feature.
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical
content, including links to products,
technologies,solutions, technical tips, and tools.
Registered Cisco.com users can log in from this
page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 93
Configuring Modular QoS Congestion Management
MIBs Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
94 OL-26077-02
Configuring Modular QoS Congestion Management
Technical AssistanceC H A P T E R 5
Configuring Modular QoS Service Packet
Classification
Packet classification identifies and marks traffic flows that require congestion management or congestion
avoidance on a data path. The Modular Quality of Service (QoS) command-line interface (MQC) is used to
define the traffic flows that should be classified, where each traffic flow is called a class of service, or class.
Subsequently, a traffic policy is created and applied to a class. All traffic not identified by defined classes
falls into the category of a default class.
This module provides the conceptual and configuration information for QoS packet classification.
Line Card, SIP, and SPA Support
Feature ASR 9000 Ethernet Line Cards SIP 700 for the ASR 9000
Classification Based on DEI yes no
Class-Based Unconditional Packet yes yes
Marking
In-Place Policy Modification yes yes
IPv6 QoS yes yes
Packet Classification and Marking yes yes
Policy Inheritance yes yes
Port Shape Policies yes no
Shared Policy Instance yes no
Feature History for Configuring Modular QoS Packet Classification and Marking on
Cisco ASR 9000 Series Routers
Release Modification
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 95The Class-Based Unconditional Packet Marking feature was introduced on
ASR 9000 Ethernet Line Cards.
The IPv6 QoS feature wasintroduced on ASR 9000 Ethernet Line Cards. (QoS
matching on IPv6 ACLs is not supported.)
The Packet Classification and Marking feature was introduced on ASR 9000
Ethernet Line Cards.
Release 3.7.2
The Class-Based Unconditional Packet Marking feature was supported on the
SIP 700 for the ASR 9000.
The Packet Classification and Marking feature was supported on the SIP 700
for the ASR 9000.
The Policy Inheritance feature was introduced on ASR 9000 Ethernet Line
Cards and on the SIP 700 for the ASR 9000.
The Shared Policy Instance feature was introduced on ASR 9000 Ethernet
Line Cards.
Release 3.9.0
The Classification Based on DEI feature wasintroduced on ASR 9000 Ethernet
Line Cards.
The In-Place PolicyModification feature wasintroduced on ASR 9000 Ethernet
Line Cards and on the SIP 700 for the ASR 9000.
The IPv6 QoS feature was supported on the SIP 700 for the ASR 9000.
Support for three stand-alone marking actions and three marking actions as
part of a policer action in the same class was added on the SIP 700 for the ASR
9000. (ASR 9000 Ethernet Line Cardssupport two stand-alone marking actions
and two marking actions as part of a policer action in the same class.)
Release 4.0.0
Support for the port shape policies feature was introduced on ASR 9000
Ethernet Line Cards.
Release 4.0.1
Release 4.2.1 QoS on satellite feature was added.
Prerequisites for Configuring Modular QoS Packet Classification, page 96
Information About Configuring Modular QoS Packet Classification, page 97
How to Configure Modular QoS Packet Classification, page 107
Configuration Examples for Configuring Modular QoS Packet Classification, page 129
Additional References, page 135
Prerequisites for Configuring Modular QoS Packet Classification
The following prerequisites are required for configuring modular QoS packet classification and marking on
your network:
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
96 OL-26077-02
Configuring Modular QoS Service Packet Classification
Prerequisites for Configuring Modular QoS Packet Classification You must be in a user group associated with a task group that includes the proper task IDs.The command
reference guides include the task IDs required for each command. If you suspect user group assignment
is preventing you from using a command, contact your AAA administrator for assistance.
You must be familiar with Cisco IOS XR QoS configuration tasks and concepts.
Information About Configuring Modular QoS Packet
Classification
To implement QoS packet classification featuresin this document, you must understand the following concepts:
Packet Classification Overview
Packet classification involves categorizing a packet within a specific group (or class) and assigning it a traffic
descriptor to make it accessible for QoS handling on the network. The traffic descriptor contains information
about the forwarding treatment (quality of service) that the packet should receive. Using packet classification,
you can partition network traffic into multiple priority levels or classes of service. The source agrees to adhere
to the contracted terms and the network promises a quality of service. Traffic policers and traffic shapers use
the traffic descriptor of a packet to ensure adherence to the contract.
Traffic policers and traffic shapers rely on packet classification features, such as IP precedence, to select
packets (or traffic flows) traversing a router or interface for different types of QoS service. For example, by
using the three precedence bits in the type of service (ToS) field of the IP packet header, you can categorize
packets into a limited set of up to eight traffic classes. After you classify packets, you can use other QoS
features to assign the appropriate traffic handling policies including congestion management, bandwidth
allocation, and delay bounds for each traffic class.
Note IPv6-based classification is supported only on Layer 3 interfaces.
Traffic Class Elements
The purpose of a traffic class is to classify traffic on your router. Use the class-map command to define a
traffic class.
A traffic class contains three major elements: a name, a series of match commands, and, if more than one
match command exists in the traffic class, an instruction on how to evaluate these match commands. The
traffic class is named in the class-map command. For example, if you use the word cisco with the class-map
command, the traffic class would be named cisco.
The match commands are used to specify various criteria for classifying packets. Packets are checked to
determine whether they match the criteria specified in the match commands. If a packet matches the specified
criteria, that packet is considered a member of the class and is forwarded according to the QoS specifications
set in the traffic policy. Packets that fail to meet any of the matching criteria are classified as members of the
default traffic class. See the Default Traffic Class.
The instruction on how to evaluate these match commands needs to be specified if more than one match
criterion exists in the traffic class. The evaluation instruction is specified with the class-map match-any
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 97
Configuring Modular QoS Service Packet Classification
Information About Configuring Modular QoS Packet Classificationcommand. If the match-any option is specified as the evaluation instruction, the traffic being evaluated by
the traffic class must match at least one of the specified criteria. If the match-all option is specified, the traffic
must match all of the match criteria.
The function of these commands is described more thoroughly in the Cisco ASR 9000 Series
Aggregation Services Routers Modular Quality of Service Command Reference. The traffic class configuration
task is described in the Creating a Traffic Class.
Traffic Policy Elements
The purpose of a traffic policy is to configure the QoS features that should be associated with the traffic that
has been classified in a user-specified traffic class or classes. The policy-map command is used to create a
traffic policy. A traffic policy contains three elements: a name, a traffic class (specified with the class
command), and the QoS policies. The name of a traffic policy is specified in the policy map Modular Quality
of Service (MQC) (for example, the policy-map policy1 command creates a traffic policy named policy1).
The traffic classthat is used to classify traffic to the specified traffic policy is defined in class map configuration
mode. After choosing the traffic class that is used to classify traffic to the traffic policy, the user can enter the
QoS features to apply to the classified traffic.
The MQC does not necessarily require that users associate only one traffic class to one traffic policy. When
packets match to more than one match criterion, as many as 1024 traffic classes can be associated to a single
traffic policy. The 1024 class maps include the default class and the classes of the child policies, if any.
The order in which classes are configured in a policy map is important. The match rules of the classes are
programmed into the TCAM in the order in which the classes are specified in a policy map. Therefore, if a
packet can possibly match multiple classes, only the first matching class is returned and the corresponding
policy is applied.
The function of these commands is described more thoroughly in the Cisco ASR 9000 Series Aggregation
Services Router Modular Quality of Service Command Reference.
The traffic policy configuration task is described in Creating a Traffic Policy.
Default Traffic Class
Unclassified traffic (traffic that does not meet the match criteria specified in the traffic classes) is treated as
belonging to the default traffic class.
If the user does not configure a default class, packets are still treated as members of the default class. However,
by default, the default class has no enabled features. Therefore, packets belonging to a default class with no
configured features have no QoS functionality. These packets are then placed into a first in, first out (FIFO)
queue and forwarded at a rate determined by the available underlying link bandwidth. This FIFO queue is
managed by a congestion avoidance technique called tail drop. For further information about congestion
avoidance techniques, such as tail drop, see the Configuring Modular QoS Congestion Avoidance on
Cisco ASR 9000 Series Routers module in this guide
Bundle Traffic Policies
When a policy is bound to a bundle, the same policy is programmed on every bundle member (port). For
example, if there is a policer or shaper rate, the same rate is configured on every port. Traffic is scheduled to
bundle members based on the load balancing algorithm.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
98 OL-26077-02
Configuring Modular QoS Service Packet Classification
Traffic Policy ElementsA policy can be bound to:
Bundles
Bundle Layer 3 subinterfaces
Bundle Layer 2 subinterfaces (Layer 2 transport)
Both ingress and egress traffic is supported. Percentage-based policies and absolute rate-based policies are
supported. However, for ease of use, it is recommended to use percentage-based policies.
Shared Policy Instance
After the traffic class and traffic policy have been created, Shared Policy Instance (SPI) can optionally be
used to allow allocation of a single set of QoS resources and share them across a group of subinterfaces,
multiple Ethernet flow points (EFPs), or bundle interfaces.
Using SPI, a single instance of qos policy can be shared across multiple subinterfaces, allowing for aggregate
shaping of the subinterfaces to one rate. All of the subinterfaces that share the instance of a QoS policy must
belong to the same physical interface. The number of subinterfaces sharing the QoS policy instance can range
from 2 to the maximum number of subinterfaces on the port.
For bundle interfaces, hardware resources are replicated per bundle member. All subinterfaces that use a
common shared policy instance and are configured on a Link Aggregation Control Protocol (LAG) bundle
must be load-balanced to the same member link.
When a policy is configured on a bundle EFP, one instance of the policy is configured on each of the bundle
member links. When using SPI across multiple bundle EFPs of the same bundle, one shared instance of the
policy is configured on each of the bundle member links. By default, the bundle load balancing algorithm
uses hashing to distribute the traffic (that needs to be sent out of the bundle EFPs) among its bundle members.
The traffic for single or multiple EFPs can get distributed among multiple bundle members. If multiple EFPs
have traffic that needsto be shaped or policed together usingSPI, the bundle load balancing hasto be configured
to select the same bundle member (hash-select) for traffic to all the EFPs that belong the same shared instance
of the policy. This ensures that traffic going out on all the EFPs with same shared instance of the policy use
the same policer/shaper Instance.
This is normally used when the same subscriber has many EFPs, for example, one EFP for each service type,
and the provider requires shaping and queuing to be implemented together for all the subscriber EFPs.
Policy Inheritance
When a policy map is applied on a physical port, the policy is enforced for all Layer 2 and Layer 3 subinterfaces
under that physical port.
Port Shape Policies
When a port shaping policy is applied to a main interface, individual regular service policies can also be
applied on its subinterfaces. Port shaping policy maps have the following restrictions:
class-default is the only allowed class map.
The shape class action is the only allowed class action.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 99
Configuring Modular QoS Service Packet Classification
Shared Policy Instance They can only be configured in the egress direction.
They can only be applied to main interfaces, not to subinterfaces.
Two- and three- level policies are not supported. Only one level or flat policies are supported.
If any of the above restrictions are violated, the configured policy map isapplied as a regular policy, not a port
shaping policy.
Class-based Unconditional Packet Marking Feature and Benefits
The Class-based, Unconditional Packet Marking feature provides users with a means for efficient packet
marking by which the users can differentiate packets based on the designated markings.
The Class-based, Unconditional Packet Marking feature allows users to perform the following tasks:
Mark packets by setting the IP precedence bits or the IP differentiated services code point (DSCP) in
the IP ToS byte.
Mark Multiprotocol Label Switching (MPLS) packets by setting the EXP bits within the imposed or
topmost label.
Mark packets by setting the Layer 2 class-of-service (CoS) value.
Mark packets by setting inner and outer CoS tags for an IEEE 802.1Q tunneling (QinQ) configuration.
Mark packets by setting the value of the qos-group argument.
Mark packets by setting the value of the discard-class argument.
Note qos-group and discard-class are variables internal to the router, and are not transmitted.
Unconditional packet marking allows you to partition your network into multiple priority levels or classes of
service, as follows:
Use QoS unconditional packet marking to set the IP precedence or IP DSCP values for packets entering
the network. Routers within your network can then use the newly marked IP precedence values to
determine how the traffic should be treated.
For example, weighted random early detection (WRED), a congestion avoidance technique, can be used
to determine the probability that a packet is dropped. In addition, low-latency queueing (LLQ) can then
be configured to put all packets of that mark into the priority queue.
Use QoS unconditional packet marking to assign packetsto a QoS group. To set the QoS group identifier
on MPLS packets, use the set qos-group command in policy map class configuration mode.
Setting the QoS group identifier does not automatically prioritize the packets for
transmission. You must first configure an egress policy that uses the QoS group.
Note
Use CoS unconditional packet marking to assign packets to set the priority value of IEEE 802.1p/
Inter-Switch Link (ISL) packets. The router uses the CoS value to determine how to prioritize packets
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
100 OL-26077-02
Configuring Modular QoS Service Packet Classification
Class-based Unconditional Packet Marking Feature and Benefitsfor transmission and can use this marking to perform Layer 2-to-Layer 3 mapping. To set the Layer 2
CoS value of an outgoing packet, use the set cos command in policy map configuration mode.
The configuration task is described in the Configuring Class-based Unconditional Packet Marking.
Unless otherwise indicated, the class-based unconditional packet marking for Layer 3 physical interfaces
applies to bundle interfaces.
Note
Specification of the CoS for a Packet with IP Precedence
Use of IP precedence allows you to specify the CoS for a packet. You use the three precedence bits in the
ToS field of the IP version 4 (IPv4) header for this purpose. Figure 1 shows the ToS field.
Figure 7: IPv4 Packet Type of Service Field
Using the ToS bits, you can define up to eight classes of service. Other features configured throughout the
network can then use these bits to determine how to treat the packet in regard to the ToS to grant it. These
other QoS features can assign appropriate traffic-handling policies, including congestion managementstrategy
and bandwidth allocation. For example, queueing features such as LLQ can use the IP precedence setting of
the packet to prioritize traffic.
By setting precedence levels on incoming traffic and using them in combination with the Cisco IOS XR QoS
queueing features, you can create differentiated service.
So that each subsequent network element can provide service based on the determined policy, IP precedence
is usually deployed as close to the edge of the network or administrative domain as possible. This allows the
rest of the core or backbone to implement QoS based on precedence.
The configuration task is described in the Configuring Class-based Unconditional Packet Marking.
IP Precedence Bits Used to Classify Packets
Use the three IP precedence bits in the ToS field of the IP header to specify the CoS assignment for each
packet. As mentioned earlier, you can partition traffic into a maximum of eight classes and then use policy
maps to define network policies in terms of congestion handling and bandwidth allocation for each class.
For historical reasons, each precedence corresponds to a name. These names are defined in RFC 791. Table 5
lists the numbers and their corresponding names, from least to most important.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 101
Configuring Modular QoS Service Packet Classification
Specification of the CoS for a Packet with IP PrecedenceTable 2: IP Precedence Values
Number Name
0 routine
1 priority
2 immediate
3 flash
4 flash-override
5 critical
6 internet
7 network
Note IP precedence bit settings 6 and 7 are reserved for network control information, such as routing updates.
IP Precedence Value Settings
By default, Cisco IOS XR software leaves the IP precedence value untouched. This preserves the precedence
value set in the header and allows all internal network devices to provide service based on the IP precedence
setting. This policy followsthe standard approach stipulating that network traffic should be sorted into various
types of service at the edge of the network and that those types of service should be implemented in the core
of the network. Routers in the core of the network can then use the precedence bits to determine the order of
transmission, the likelihood of packet drop, and so on.
Because traffic coming into your network can have the precedence set by outside devices, we recommend
that you reset the precedence for all traffic entering your network. By controlling IP precedence settings, you
prohibit users that have already set the IP precedence from acquiring better service for their traffic simply by
setting a high precedence for all of their packets.
The class-based unconditional packet marking, LLQ, and WRED features can use the IP precedence bits.
Classification Based on DEI
You can classify traffic based on the Drop Eligible Indicator (DEI ) bit that is present in 802.1ad frames and
in 802.1ah frames. Default DEI marking is supported. The set DEI action in policy maps is supported on
802.1ad packets for:
Ingress and egress
Layer 2 subinterfaces
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
102 OL-26077-02
Configuring Modular QoS Service Packet Classification
Classification Based on DEI Layer 2 main interfaces
Layer 3 main interfaces
The set DEI action isignored for traffic on interfacesthat are not configured for 802.1ad
encapsulation.
Note
Default DEI Marking
Incoming Packet Default DEI on Imposed 802.1ad Headers
802.1q packet None 0
802.1ad packet None DEI of top-most tag of the incoming packet
0 or 1
Based on DEI value in the set action
802.1q packet translated to set dei {0 | 1}
802.1ad packet
or
802.1ad packet
IP Precedence Compared to IP DSCP Marking
If you need to mark packets in your network and all your devices support IP DSCP marking, use the IP DSCP
marking to mark your packets because the IP DSCP markings provide more unconditional packet marking
options. If marking by IP DSCP is undesirable, however, or if you are unsure if the devices in your network
support IP DSCP values, use the IP precedence value to mark your packets. The IP precedence value is likely
to be supported by all devices in the network.
You can set up to 8 different IP precedence markings and 64 different IP DSCP markings.
QoS Policy Propagation Using Border Gateway Protocol
Packet classification identifies and marks traffic flows that require congestion management or congestion
avoidance on a data path. Quality-of-service Policy Propagation Using Border Gateway Protocol (QPPB)
allows you to classify packets by Qos Group ID, based on access lists (ACLs), Border Gateway Protocol
(BGP) community lists, BGP autonomous system (AS) paths, Source Prefix address, or Destination Prefix
address. After a packet has been classified, you can use other QoS features such as policing and weighted
random early detection (WRED) to specify and enforce policies to fit your business model.
QoS Policy Propagation Using BGP (QPPB) allows you to map BGP prefixes and attributes to Cisco Express
Forwarding (CEF) parameters that can be used to enforce traffic policing. QPPB allows BGP policy set in
one location of the network to be propagated using BGP to other parts of the network, where appropriate QoS
policies can be created.
QPPB allows you to classify packets based on the following:
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 103
Configuring Modular QoS Service Packet Classification
IP Precedence Compared to IP DSCP Marking Access lists.
BGP community lists. You can use community lists to create groups of communities to use in a match
clause of a route policy. As with access lists, you can create a series of community lists.
BGP autonomous system paths. You can filter routing updates by specifying an access list on both
incoming and outbound updates, based on the BGP autonomous system path.
Source Prefix address. You can classify a set of prefixes coming from the address of a BGP neighbor(s).
Destination Prefix address. You can classify a set of BGP prefixes.
Classification can be based on the source or destination address of the traffic. BGP and CEF must be enabled
for the QPPB feature to be supported.
QoS on the Satellite System
AutoQoS which automates consistent deployment of QoS features is enabled on the satellite system. All the
user-configured Layer2 and Layer3 QoS features are applied on the ASR9000 and no separate Qos configuration
required for the satellite system. Auto-Qos handles the over-subscription of the ICL links. All other QoS
features, including broadband QoS, on regular ports are supported on satellite ports as well. System congestion
handling between the ASR9000 Series Router and satellite ports is setup to maintain priority and protection.
AutoQoS Provide sufficient differentiation between different classes of traffic that flow on the satellite ICLs
between the ASR9000 Series Router and the Satellite box.
Note Queueing on an ingress service-policy is not supported on satellite interfaces.
Auto QoS
Traffic from the satellite system to the Cisco IOS XR ASR9000 series router and traffic from the ASR9000
series router to the satellite system have been discussed.
Satellite to ASR9000 series router
Traffic is handled using the trusted port model.
Automatic packet classification rules determine whether a packet is control packet (LACP, STP, CDP,
CFM, ARP, OSPF etc), high priority data (VLAN COS 5,6,7, IP prec 5, 6, 7) or normal priority data
and queued accordingly.
Protocol types auto-prioritized by the satellite - all IEEE control protocols (01 80 C2 xx xx xx), LACP,
802.3ah, CFM, STP, CDP, LLDP, ARP, OSPF, RIP, BGP, IGMP, RSVP, HSRP, VRRP p2 q.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
104 OL-26077-02
Configuring Modular QoS Service Packet Classification
QoS on the Satellite System User data packets auto-prioritized by the satellite - VLAN COS 5, 6, 7, IP precedence 5, 6, 7 MPLS
EXP 5, 6, 7.
Figure 8: AutoQoS, satellite to host
ASR9000 series router to satellite
Traffic targeted to a satellite egress port is shaped on ASR9K to match downstream access port speed.
Traffic is streamed based on the full 3-level egress queuing hierarchy.
Each remotely managed satellite access GigE port is auto-shaped to match access line speed.
Figure 9: AutoQoS, host to satellite
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 105
Configuring Modular QoS Service Packet Classification
QoS on the Satellite SystemIn-Place Policy Modification
The In-Place Policy Modification feature allows you to modify a QoS policy even when the QoS policy is
attached to one or more interfaces. When you modify the QoS policy attached to one or more interfaces, the
QoS policy is automatically modified on all the interfaces to which the QoS policy is attached. A modified
policy is subject to the same checks that a new policy is subject to when it is bound to an interface.
If the policy-modification is successful, the modified policy takes effect on all the interfaces to which the
policy is attached. The configuration session is blocked until the policy modification is complete.
However, if the policy modification fails on any one of the interfaces, an automatic rollback is initiated to
ensure that the pre-modification policy is in effect on all the interfaces. The configuration session is blocked
until the rollback is complete on all affected interfaces.
If unrecoverable errors occur during in-place policy modification, the policy is put into an inconsistent state
on target interfaces. Use the show qos inconsistency command to view inconsistency in each location. (This
command is supported only on ASR 9000 Ethernet Line Cards). The configuration session is blocked until
the modified policy is effective on all interfaces that are using the policy. No new configuration is possible
until the configuration session is unblocked.
When a QoS policy attached to an interface is modified, there might not be any policy in effect on the interfaces
in which the modified policy is used for a short period of time.
The QoS statistics for the policy that is attached to an interface are lost (reset to 0) when the policy is
modified.
Note
Modifications That Can Trigger In-Place Policy Modifications
Modifications to QoS Policies
Add new actions, such as bandwidth or police
Add new service policies (increasing the hierarchy level)
Remove existing actions
Modify existing actions
Remove service-policies (decreasing the hierarchy level)
Add new classes along with new actions
Add or remove multiple classes in the policy
Modify a child policy
Modifications to Class Maps
Add new match statements
Remove existing match statements
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
106 OL-26077-02
Configuring Modular QoS Service Packet Classification
In-Place Policy Modification Change the match type (from match-all to match-any, and vice versa)
Modify existing match statements
Modifications to Access Lists Used in Class Maps
Add new access control entries (ACEs)
Remove ACEs
Modify ACEs
Recommendations for Using In-Place Policy Modification
For a short period of time while a QoS policy is being modified, there might not be any policy in effect on
the interfaces in which the modified policy is used. For this reason, modify QoS policies that affect the fewest
number of interfaces at a time. Use the show policy-map targets command to identify the number of interfaces
that will be affected during policy map modification.
Dynamic Modification of Interface Bandwidth
This section describes the dynamic modification of interface bandwidth feature.
Policy States
VerificationThis state indicates an incompatibility of the configured QoS policy with respect to the
new interface bandwidth value. The system handles traffic on a best-efforts basis and some traffic drops
can occur.
How to Configure Modular QoS Packet Classification
This section contains instructions for the following tasks:
Creating a Traffic Class
To create a traffic class containing match criteria, use the class-map command to specify the traffic class
name, and then use the following match commands in class-map configuration mode, as needed.
For conceptual information, see the Traffic Class Elements.
Restrictions
All match commands specified in this configuration task are considered optional, but you must configure at
least one match criterion for a class.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 107
Configuring Modular QoS Service Packet Classification
Dynamic Modification of Interface BandwidthSUMMARY STEPS
1. configure
2. class-map [type qos] [match-any] [match-all] class-map-name
3. match access-group [ipv4 | ipv6] access-group-name
4. match [not] cos [cos-value] [cos-value0 ... cos-value7]
5. match [not] cos inner [inner-cos-value] [inner-cos-value0...inner-cos-value7]
6. match destination-address mac destination-mac-address
7. match source-address mac source-mac-address
8. match [not] discard-class discard-class-value [discard-class-value1 ... discard-class-value6]
9. match [not] dscp [ipv4 | ipv6] dscp-value [dscp-value ... dscp-value]
10. match [not] mpls experimental topmost exp-value [exp-value1 ... exp-value7]
11. match [not] precedence [ipv4 | ipv6] precedence-value [precedence-value1 ... precedence-value6]
12. match [not] protocol protocol-value [protocol-value1 ... protocol-value7]
13. match [not] qos-group [qos-group-value1 ... qos-group-value8]
14. match vlan [inner] vlanid [vlanid1 ... vlanid7]
15. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
class-map [type qos] [match-any] [match-all] Enters class map configuration mode.
class-map-name
Step 2
Creates a class map to be used for matching packets to the
class whose name you specify.
Example:
RP/0/RSP0/CPU0:router(config)# class-map
class201
If you specific match-any, one of the match criteria must be
met for traffic entering the traffic class to be classified as part
of the traffic class. Thisisthe default. If you specify match-all,
the traffic must match all the match criteria.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
108 OL-26077-02
Configuring Modular QoS Service Packet Classification
Creating a Traffic ClassCommand or Action Purpose
(Optional) Configures the match criteria for a class map based on
the specified access control list (ACL) name.
match access-group [ipv4 | ipv6]
access-group-name
Example:
RP/0/RSP0/CPU0:router(config-cmap)# match
access-group ipv4 map1
Step 3
match [not] cos [cos-value] [cos-value0 ... (Optional) Specifies a cos-value in a class map to match packets.
cos-value7]
Step 4
cos-value arguments are specified as an integer from 0 to 7.
Example:
RP/0/RSP0/CPU0:router(config-cmap)# match
cos 5
(Optional) Specifies an inner-cos-value in a class map to match
packets.
match [not] cos inner [inner-cos-value]
[inner-cos-value0...inner-cos-value7]
Step 5
Example:
RP/0/RSP0/CPU0:router match cos inner 7
inner-cos-value arguments are specified as an integer from 0
to 7.
(Optional) Configures the match criteria for a class map based on
the specified destination MAC address.
match destination-address mac
destination-mac-address
Example:
RP/0/RSP0/CPU0:router(config-cmap)# match
destination-address mac 00.00.00
Step 6
(Optional) Configures the match criteria for a class map based on
the specified source MAC address.
match source-address mac source-mac-address
Example:
RP/0/RSP0/CPU0:router(config-cmap)# match
source-address mac 00.00.00
Step 7
(Optional) Specifies a discard-class-value in a class map to match
packets.
match [not] discard-class discard-class-value
[discard-class-value1 ... discard-class-value6]
Step 8
Example:
RP/0/RSP0/CPU0:router(config-cmap)# match
discard-class 5
discard-class-value argument is specified as an integer from
0 to 7.
The match discard-class command is supported only for an egress
policy.
match [not] dscp [ipv4 | ipv6] dscp-value (Optional) Identifies a specific DSCP value as a match criterion.
[dscp-value ... dscp-value]
Step 9
Value range is from 0 to 63.
Example:
RP/0/RSP0/CPU0:router(config-cmap)# match
dscp ipv4 15
Reserved keywords can be specified instead of numeric values.
Up to eight values or ranges con be used per match statement.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 109
Configuring Modular QoS Service Packet Classification
Creating a Traffic ClassCommand or Action Purpose
(Optional) Configure a class map so that the three-bit experimental
field in the topmost Multiprotocol Label Switching (MPLS) labels
are examined for experimental (EXP) field values.
match [not] mpls experimental topmost exp-value
[exp-value1 ... exp-value7]
Example:
RP/0/RSP0/CPU0:router(config-cmap)# match
mpls experimental topmost 3
Step 10
The value range is from 0 to 7.
match [not] precedence [ipv4 | ipv6] (Optional) Identifies IP precedence values as match criteria.
precedence-value [precedence-value1 ...
precedence-value6]
Step 11
Value range is from 0 to 7.
Example:
RP/0/RSP0/CPU0:router(config-cmap)# match
precedence ipv4 5
Reserved keywords can be specified instead of numeric values.
(Optional) Configuresthe match criteria for a class map on the basis
of the specified protocol.
match [not] protocol protocol-value
[protocol-value1 ... protocol-value7]
Example:
RP/0/RSP0/CPU0:router(config-cmap)# match
protocol igmp
Step 12
(Optional) Specifies service (QoS) group values in a class map to
match packets.
match [not] qos-group [qos-group-value1 ...
qos-group-value8]
Step 13
Example:
RP/0/RSP0/CPU0:router(config-cmap)# match
qos-group 1 2 3 4 5 6 7 8
qos-group-value identifier argument is specified as the exact
value or range of values from 0 to 63.
Up to eight values (separated by spaces) can be entered in one
match statement.
match qos-group command is supported only for an egress
policy.
(Optional) Specifies a VLAN ID or range of VLAN IDs in a class
map to match packets.
match vlan [inner] vlanid [vlanid1 ... vlanid7]
Example:
RP/0/RSP0/CPU0:router(config-cmap)# match
vlan vlanid vlanid1
Step 14
vlanid is specified as an exact value or range of values from
1 to 4094.
Total number of supported VLAN values or ranges is 8.
Step 15 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
110 OL-26077-02
Configuring Modular QoS Service Packet Classification
Creating a Traffic ClassCommand or Action Purpose
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Creating a Traffic Policy
To create a traffic policy, use the policy-map global configuration command to specify the traffic policy
name.
The traffic class is associated with the traffic policy when the class command is used. The class command
must be issued after you enter the policy map configuration mode. After entering the class command, the
router is automatically in policy map class configuration mode, which is where the QoS policies for the traffic
policy are defined.
The following class-actions are supported:
bandwidthConfigures the bandwidth for the class. See the Configuring Modular Quality of Service
Congestion Management on Cisco ASR 9000 Series Routers module in this guide.
policePolice traffic. See the Configuring Modular Quality of Service Congestion Management on
Cisco ASR 9000 Series Routers module in this guide.
priorityAssigns priority to the class. See the Configuring Modular Quality of Service Congestion
Management on Cisco ASR 9000 Series Routers module in this guide.
queue-limitConfigures queue-limit (tail drop threshold) for the class. See the Configuring Modular
QoS Congestion Avoidance on Cisco ASR 9000 Series Routers module in this guide.
random-detectEnables Random Early Detection. See the Configuring Modular QoS Congestion
Avoidance on Cisco ASR 9000 Series Routers module in this guide.
service-policyConfigures a child service policy.
setConfigures marking for this class. See the Class-based Unconditional Packet Marking Feature and
Benefits.
shapeConfigures shaping for the class. See the Configuring Modular Quality of Service Congestion
Management on Cisco ASR 9000 Series Routers module in this guide.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 111
Configuring Modular QoS Service Packet Classification
Creating a Traffic PolicyFor additional commands that can be entered as match criteria, see the Cisco ASR 9000 Series Aggregation
Services Router Modular Quality of Service Command Reference.
For conceptual information, see Traffic Policy Elements.
SUMMARY STEPS
1. configure
2. policy-map [type qos] policy-name
3. class class-name
4. set precedence
5. end or commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 policy-map [type qos] policy-name Enters policy map configuration mode.
Example:
Creates or modifies a policy map that can be attached to one or more
interfaces to specify a service policy.
RP/0/RSP0/CPU0:router(config)# policy-map
policy1
class class-name Specifiesthe name of the class whose policy you want to create or change.
Example:
RP/0/RSP0/CPU0:router(config-pmap)#
class class1
Step 3
set precedence Sets the precedence value in the IP header.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
set precedence 3
Step 4
Step 5 end or commit Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
end
When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)? [cancel]:
or
RP/0/RSP0/CPU0:router(config-pmap-c)#
commit
Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns the
router to EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
112 OL-26077-02
Configuring Modular QoS Service Packet Classification
Creating a Traffic PolicyCommand or Action Purpose
Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
Entering cancel leavesthe router in the current configuration session
without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Attaching a Traffic Policy to an Interface
After the traffic class and traffic policy are created, you must use the service-policy interface configuration
command to attach a traffic policy to an interface, and to specify the direction in which the policy should be
applied (either on packets coming into the interface or packets leaving the interface).
For additional commands that can be entered in policy map class configuration mode, see the
Cisco ASR 9000 Series Aggregation Services RoutersModular Quality of Service Command Reference..
Prerequisites
A traffic class and traffic policy must be created before attaching a traffic policy to an interface.
Restrictions
None
SUMMARY STEPS
1. configure
2. interface type interface-path-id
3. service-policy {input | output} policy-map
4. Use one of these commands:
end
commit
5. show policy-map interface type interface-path-id [input | output]
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 113
Configuring Modular QoS Service Packet Classification
Attaching a Traffic Policy to an InterfaceDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
interface type interface-path-id Enters interface configuration mode and configures an interface.
Example:
RP/0/RSP0/CPU0:router(config)# interface
gigabitethernet 0/1/0/9
Step 2
Attaches a policy map to an input or output interface to be used as the
service policy for that interface.
service-policy {input | output} policy-map
Example:
RP/0/RSP0/CPU0:router(config-if)#
service-policy output policy1
Step 3
In this example, the traffic policy evaluates all traffic leaving that
interface.
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
show policy-map interface type (Optional) Displays statistics for the policy on the specified interface.
interface-path-id [input | output]
Step 5
Example:
RP/0/RSP0/CPU0:router# show policy-map
interface gigabitethernet 0/1/0/9
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
114 OL-26077-02
Configuring Modular QoS Service Packet Classification
Attaching a Traffic Policy to an InterfaceAttaching a Shared Policy Instance to Multiple Subinterfaces
After the traffic class and traffic policy are created, you can optionally use the service-policy (interface)
configuration command to attach a shared policy instance to multiple subinterfaces, and to specify the direction
in which the policy should be applied (either on packets coming into or leaving the subinterface).
Note A shared policy can include a combination of Layer 2 and Layer 3 subinterfaces.
For additional commands that can be entered in policy map class configuration mode, see the
Cisco ASR 9000 Series Aggregation Services Routers Modular Quality of Service Command Reference.
Prerequisites
A traffic class and traffic policy must be created before attaching a shared policy instance to a subinterface.
Restrictions
Shared policy instance across multiple physical interfaces is not supported.
SUMMARY STEPS
1. configure
2. interface type interface-path-id
3. service-policy {input | output} policy-map [shared-policy-instance instance-name]
4. Use one of these commands:
end
commit
5. show policy-map shared-policy-instance instance-name [input | output] location rack/slot/module
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
interface type interface-path-id Enters interface configuration mode and configures a subinterface.
Example:
RP/0/RSP0/CPU0:router(config)# interface
gigabitethernet 0/1/0/0.1
Step 2
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 115
Configuring Modular QoS Service Packet Classification
Attaching a Traffic Policy to an InterfaceCommand or Action Purpose
Attaches a policy map to an input or output subinterface to be used
as the service policy for that subinterface.
service-policy {input | output} policy-map
[shared-policy-instance instance-name]
Step 3
Example:
RP/0/RSP0/CPU0:router(config-if)#
In this example, the traffic policy evaluates all traffic leaving
that interface.
service-policy output policy1
shared-policy-instance Customer1
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
(Optional) Displays statistics for the policy on the specified shared
policy instance subinterface.
show policy-map shared-policy-instance
instance-name [input | output] location
rack/slot/module
Step 5
Example:
RP/0/RSP0/CPU0:router# show policy-map
shared-policy-instance Customer1 location
0/1/0/7.1
Attaching a Shared Policy Instance to Bundle Interfaces or EFP Bundles
After the traffic class and traffic policy are created, you can optionally use the service-policy (interface)
configuration command to attach a shared policy instance to bundle interfaces and to bundle EFPs, and to
specify the direction in which the policy should be applied (either on packets coming into or leaving the
subinterface).
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
116 OL-26077-02
Configuring Modular QoS Service Packet Classification
Attaching a Traffic Policy to an InterfaceFor additional commands that can be entered in policy map class configuration mode, see the
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Command Reference.
Prerequisites
A traffic class and traffic policy must be created before attaching a shared policy instance to bundle interfaces
or EFP bundles.
Restrictions
Shared policy instance across multiple physical interfaces is not supported.
SUMMARY STEPS
1. configure
2. interface Bundle-Ether bundle-id
3. service-policy {input | output} policy-map [shared-policy-instance instance-name]
4. Use one of these commands:
end
commit
5. show policy-map shared-policy-instance instance-name [input | output] location location-id
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters interface configuration mode and configures a bundle
interface.
interface Bundle-Ether bundle-id
Example:
RP/0/RP1/CPU0:router(config)# interface
Bundle-Ether 100.1 l2transport
Step 2
Attaches a policy map to an input or output bundle interface to be
used as the service policy for that subinterface.
service-policy {input | output} policy-map
[shared-policy-instance instance-name]
Step 3
Example:
RP/0/RSP0/CPU0:router(config-if)#
In this example, the traffic policy evaluates all traffic leaving
that interface.
service-policy output policy1
shared-policy-instance Customer1
Step 4 Use one of these commands: Saves configuration changes.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 117
Configuring Modular QoS Service Packet Classification
Attaching a Traffic Policy to an InterfaceCommand or Action Purpose
When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
end
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit ? Entering no exits the configuration session and returns
the router to EXEC mode without committing the
configuration changes.
? Entering cancel leaves the router in the current
configuration session without exiting or committing the
configuration changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
(Optional) Displays statistics for the policy at the specified shared
policy instance location.
show policy-map shared-policy-instance
instance-name [input | output] location location-id
Example:
RP/0/RSP0/CPU0:router# show policy-map
Step 5
shared-policy-instance Customer1 location
0/rsp0/cpu0
Configuring Class-based Unconditional Packet Marking
This configuration task explains how to configure the following class-based, unconditional packet marking
features on your router:
IP precedence value
IP DSCP value
QoS group value (ingress only)
CoS value ( egress only on Layer 3 subinterfaces)
MPLS experimental value
Discard class
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
118 OL-26077-02
Configuring Modular QoS Service Packet Classification
Configuring Class-based Unconditional Packet MarkingIPv4 and IPv6 QoS actions applied to MPLS tagged packets are not supported. The configuration is
accepted, but no action is taken.
Note
Note Choose only two set commands per class.
SUMMARY STEPS
1. configure
2. policy-map policy-name
3. class class-name
4. set precedence
5. set dscp
6. set qos-group qos-group-value
7. set cos cos-value
8. set cos [inner] cos-value
9. set mpls experimental {imposition | topmost} exp-value
10. set srp-priority priority-value
11. set discard-class discard-class-value
12. set atm-clp
13. exit
14. exit
15. interface type interface-path-id
16. service-policy {input | output]} policy-map
17. Use one of these commands:
end
commit
18. show policy-map interface type interface-path-id [input | output]
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 policy-map policy-name Enters policy map configuration mode.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 119
Configuring Modular QoS Service Packet Classification
Configuring Class-based Unconditional Packet MarkingCommand or Action Purpose
Example:
RP/0/RSP0/CPU0:router(config)#
policy-map policy1
Creates or modifies a policy map that can be attached to one or more
interfaces to specify a service policy.
Step 3 class class-name Enters policy class map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap)#
class class1
Specifies the name of the class whose policy you want to create or
change.
Choose one set command per class
Step 4 set precedence Sets the precedence value in the IP header.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
set precedence 1
The tunnel keyword sets the IP precedence on the outer IP header.
This option is available only on a Cisco XR 12000 Series Router
with IPSec installed and configured.
Step 5 set dscp Marks a packet by setting the DSCP in the ToS byte.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
set dscp 5
The tunnel keyword sets the IP DSCP on the outer IP header. This
option is available only on a Cisco XR 12000 Series Router with
IPSec installed and configured.
Step 6 set qos-group qos-group-value Sets the QoS group identifiers on IPv4 or MPLS packets.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
set qos-group 31
The set qos-group command is supported only on an ingress policy.
Sets the specific IEEE 802.1Q Layer 2 CoS value of an outgoing packet.
Values are from 0 to7.
set cos cos-value
Example:
RP/0/RP0/CPU0:router(config-pmap-c)#
set cos 7
Step 7
Sets the Layer 2 CoS value of an outgoing packet.
This command should be used by a router if a user wants to mark
a packet that is being sent to a switch. Switches can leverage Layer
2 header information, including a CoS value marking.
Packets entering an interface cannot be set with a CoS value.
Sets the specific IEEE 802.1Q Layer 2 CoS value of an outgoing packet.
Values are from 0 to7.
set cos [inner] cos-value
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
set cos 7
Step 8
Sets the Layer 2 CoS value of an outgoing packet.
This command should be used by a router if a user wants to mark
a packet that is being sent to a switch. Switches can leverage Layer
2 header information, including a CoS value marking.
For Layer 2 interfaces, the set cos command:
Is rejected on ingress or egress policies on a main interface.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
120 OL-26077-02
Configuring Modular QoS Service Packet Classification
Configuring Class-based Unconditional Packet MarkingCommand or Action Purpose
Is accepted but ignored on ingress policies on a subinterface.
Is supported on egress policies on a subinterface.
For Layer 3 interfaces, the set cos command:
Is ignored on ingress policies on a main interface.
Is rejected on ingress policies on a subinterface.
Issupported on egress policies on main interfaces and subinterfaces.
Sets the experimental value of the MPLS packet top-most or imposition
labels.
set mpls experimental {imposition |
topmost} exp-value
Step 9
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
set mpls experimental imposition 3
imposition can be used only in service policies that are attached in
the ingress policy.
Step 10 set srp-priority priority-value Sets the spatial reuse protocol (SRP) priority value of an outgoing packet.
Example:
RP/0//CPU0:router(config-pmap-c)# set
srp-priority 3
This command can be used only in service policiesthat are attached
in the output direction of an interface.
Sets the discard class on IP Version 4 (IPv4) or Multiprotocol Label
Switching (MPLS) packets.
set discard-class discard-class-value
Example:
RP/0//CPU0:router(config-pmap-c)# set
discard-class 3
Step 11
This command can be used only in service policiesthat are attached
in the ingress policy.
set atm-clp Sets the cell loss priority (CLP) bit.
Example:
RP/0/0/CPU0:router(config-pmap-c)# set
atm-clp
Step 12
exit Returns the router to policy map configuration mode.
Example:
Step 13
RP/0/RSP0/CPU0:router(config-pmap-c)#
exit
exit Returns the router to global configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap)#
exit
Step 14
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 121
Configuring Modular QoS Service Packet Classification
Configuring Class-based Unconditional Packet MarkingCommand or Action Purpose
interface type interface-path-id Enters interface configuration mode and configures an interface.
Example:
RP/0/RSP0/CPU0:router(config)#
interface pos 0/2/0/0
Step 15
Attaches a policy map to an input or output interface to be used as the
service policy for that interface.
service-policy {input | output]} policy-map
Example:
RP/0/RSP0/CPU0:router(config-if)#
service-policy output policy1
Step 16
In this example, the traffic policy evaluates all traffic leaving that
interface.
Step 17 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config-if)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config-if)#
commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
(Optional) Displays policy configuration information for all classes
configured for all service policies on the specified interface.
show policy-map interface type
interface-path-id [input | output]
Example:
RP/0/RSP0/CPU0:router# show policy-map
interface pos 0/2/0/0
Step 18
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
122 OL-26077-02
Configuring Modular QoS Service Packet Classification
Configuring Class-based Unconditional Packet MarkingConfiguring QoS Policy Propagation Using Border Gateway Protocol
This section explains how to configure Policy Propagation Using Border Gateway Protocol (BGP) on a router
based on BGP community lists, BGP autonomoussystem paths, accesslists,source prefix address, or destination
prefix address.
Policy Propagation Using BGP Configuration Task List
Policy propagation using BGP allows you to classify packets by IP precedence and/or QoS group ID, based
on BGP community lists, BGP autonomous system paths, access lists, source prefix address and destination
prefix address. After a packet has been classified, you can use other quality-of-service featuressuch as weighted
random early detection (WRED) to specify and enforce policies to fit your business model.
Overview of Tasks
To configure Policy Propagation Using BGP, perform the following basic tasks:
Configure BGP and Cisco Express Forwarding (CEF). To configure BGP, see Cisco IOS XR Routing
Configuration Guide. To configure CEF, see Cisco IOS XR IP Address and Services Configuration
Guide .
Configure a BGP community list or access list.
Define the route policy. Set the IP precedence and/or QoS group ID, based on the BGP community list,
BGP autonomous system path, access list, source prefix address or destination prefix address.
Apply the route policy to BGP.
Configure QPPB on the desired interfaces.
Configure and enable a QoS Policy to use the above classification (IP precedence or QoS group ID). To
configure committed access rate (CAR), WRED and tail drop, see the Configuring Modular QoS
Congestion Avoidance on Cisco IOS XR Software module.
Defining the Route Policy
This task defines the route policy used to classify BGP prefixes with IP precedence or QoS group ID.
Prerequisites
Configure the BGP community list, or access list, for use in the route policy.
Restrictions
IPv4 and IPv6 QPPB with egress QoS policy is supported on all Ethernet and SIP-700 line cards.
IPv4 QPPB with ingress QoS policy is supported on the first generation ASR9000 Ethernet line cards.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 123
Configuring Modular QoS Service Packet Classification
Configuring QoS Policy Propagation Using Border Gateway ProtocolSUMMARY STEPS
1. configure
2. route-policy name
3. set qos-groupqos-group-value
4. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters route policy configuration mode and specifies the name of the route
policy to be configured.
route-policy name
Example:
RP/0/RSP0/CPU0:router(config)#
route-policy r1
Step 2
Sets the QoS group identifiers. The set qos-group command is supported
only on an ingress policy.
set qos-groupqos-group-value
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)
# set qos-group 30
Step 3
Step 4 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exitsthe configuration session and returnsthe router
to EXEC mode without committing the configuration changes.
? Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
124 OL-26077-02
Configuring Modular QoS Service Packet Classification
Defining the Route PolicyCommand or Action Purpose
Applying the Route Policy to BGP
This task applies the route policy to BGP.
Prerequisites
Configure BGP and CEF.
SUMMARY STEPS
1. configure
2. router bgpas-number
3. address-familyaddress-prefix
4. table-policypolicy-name
5. Use one of these commands:
end
commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 router bgpas-number Enters BGP configuration mode.
Example:
RP/0/RSP0/CPU0:router(config) # router
bgp 120
Enters address-family configuration mode, allowing you to configure
an address family.
address-familyaddress-prefix
Example:
RP/0/RSP0/CPU0:router(config-bgp) #
address-family ipv4 unicast
Step 3
Step 4 table-policypolicy-name Applying a routing policy.
Example:
RP/0/RSP0/CPU0:router(config-bgp-af) #
table-policy qppb a1
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 125
Configuring Modular QoS Service Packet Classification
Applying the Route Policy to BGPCommand or Action Purpose
Step 5 Use one of these commands: Saves configuration changes.
end When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them
before exiting(yes/no/cancel)? [cancel]:
commit
Example:
RP/0/RSP0/CPU0:router(config)# end
? Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
or
RP/0/RSP0/CPU0:router(config)# commit
? Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
? Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuring QPPB on the Desired Interfaces
This task applies QPPB to a specified interface. The traffic begins to be classified, based on matching prefixes
in the route policy. The source or destination IP address of the traffic can be used to match the route policy.
SUMMARY STEPS
1. configure
2. interface type interface-path-id
3. ipv4 | ipv6 bgp policy propagation input {ip-precedence | qos-group} {destination [ip-precedence
{destination | source}] | source [ip-precedence {destination | source}] }
RP/0/RSP0/CPU0:router(config)#ipv4 bgp policy propagation input qos-group destination
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
126 OL-26077-02
Configuring Modular QoS Service Packet Classification
Configuring QPPB on the Desired InterfacesDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Enters interface configuration mode and
associates one or more interfacesto the VRF.
interface type interface-path-id
Example:
RP/0/RSP0/CPU0:router(config)#interface POS 0/0/0/0
Step 2
ipv4 | ipv6 bgp policy propagation input {ip-precedence | qos-group} Enables QPPB on an interface
{destination [ip-precedence {destination | source}] | source
Step 3
[ip-precedence {destination | source}] }
RP/0/RSP0/CPU0:router(config)#ipv4 bgp policy propagation input
qos-group destination
QPPB scenario
Consider a scenario where in traffic is moving from Network1 to Network2 through (a single) router port1
and port2. If QPPB is enabled on port1, then,
for qos on ingress: attach an ingress policy on the interface port1.
for qos on egress: attach an egress policy on interface port2.
Configuring Hierarchical Ingress Policing
SUMMARY STEPS
1.
2. policy-map policy-name
3. class class-name
4. service-policy policy-name
5. police rate percent percentage
6. conform-action action
7. exceed-action action
8. end or commit
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 127
Configuring Modular QoS Service Packet Classification
QPPB scenarioDETAILED STEPS
Command or Action Purpose
Enters global configuration mode.
Example:
RP/0//CPU0:router# configure
Step 1
Step 2 policy-map policy-name Enters policy map configuration mode.
Example:
RP/0//CPU0:router(config)# policy-map
parent
Creates or modifies a policy map that can be attached to one or more
interfaces to specify a service policy
Step 3 class class-name Enters policy map class configuration mode.
Example:
RP/0//CPU0:router(config-pmap)# class
class-default
Specifies the name of the class whose policy you want to create or
change.
service-policy policy-name Attaches a policy map to an input or output interface.
Example:
RP/0//CPU0:router(config-pmap-c)#
service-policy child
Step 4
Configurestraffic policing and enters policy map police configuration
mode.
police rate percent percentage
Example:
RP/0//CPU0:router(config-pmap-c)# police
rate percent 50
Step 5
Configures the action to take on packets that conform to the rate limit.
The allowed action is:
conform-action action
Example:
RP/0//CPU0:router(config-pmap-c-police)#
conform-action transmit
Step 6
transmitTransmits the packets.
Configures the action to take on packets that exceed the rate limit. The
allowed action is:
exceed-action action
Example:
RP/0//CPU0:router(config-pmap-c-police)#
exceed-action drop
Step 7
dropDrops the packet.
Step 8 end or commit Saves configuration changes.
Example:
RP/0//CPU0:router(config-pmap-c-police)#
end
When you issue the end command, the system prompts you to
commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)? [cancel]:
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
128 OL-26077-02
Configuring Modular QoS Service Packet Classification
Configuring Hierarchical Ingress PolicingCommand or Action Purpose
or
RP/0//CPU0:router(config-pmap-c-police)#
commit
Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and returns
the router to EXEC mode.
Entering no exits the configuration session and returns the router
to EXEC mode without committing the configuration changes.
Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to
the running configuration file and remain within the configuration
session.
Configuration Examples for Configuring Modular QoS Packet
Classification
This section contains the following examples:
Traffic Classes Defined: Example
In the following example, two traffic classes are created and their match criteria are defined. For the first
traffic class called class1, ACL 101 is used as the match criterion. For the second traffic class called class2,
ACL 102 is used as the match criterion. Packets are checked against the contents of these ACLs to determine
if they belong to the class.
class-map class1
match access-group ipv4 101
exit
!
class-map class2
match access-group ipv4 102
exit
Use the not keyword with the match command to perform a match based on the values of a field that are not
specified. The following example includes all packets in the class qos_example with a DSCP value other than
4, 8, or 10.
class-map match-any qos_example
match not dscp 4 8 10
!
end
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 129
Configuring Modular QoS Service Packet Classification
Configuration Examples for Configuring Modular QoS Packet ClassificationTraffic Policy Created: Example
In the following example, a traffic policy called policy1 is defined to contain policy specifications for the two
classesclass1 and class2. The match criteria for these classes were defined in the traffic classes created in
the Traffic Classes Defined: Example.
For class1, the policy includes a bandwidth allocation request and a maximum byte limit for the queue reserved
for the class. For class2, the policy specifies only a bandwidth allocation request.
policy-map policy1
class class1
bandwidth 3000
queue-limit bytes 1000000000
exit
!
class class2
bandwidth 2000
exit
policy-map policy1
class class1
bandwidth 3000 kbps
queue-limit 1000 packets
!
class class2
bandwidth 2000 kbps
!
class class-default
!
end-policy-map
!
end
Traffic Policy Attached to an Interface: Example
The following example shows how to attach an existing traffic policy to an interface (see the Traffic Classes
Defined: Example). After you define a traffic policy with the policy-map command, you can attach it to one
or more interfaces to specify the traffic policy for those interfaces by using the service-policy command in
interface configuration mode. Although you can assign the same traffic policy to multiple interfaces, each
interface can have only one traffic policy attached at the input and only one traffic policy attached at the
output.
interface gigabitethernet 0/1/0/9
service-policy output policy1
exit
!
interface TenGigE 0/5/0/1
service-policy output policy1
exit
Traffic Policy Attached to Multiple Subinterfaces: Example
The following example shows how to attach an existing traffic policy to multiple subinterfaces. After you
define a traffic policy with the policy-map command, you can attach it to one or more subinterfaces using
the service policy command in subinterface configuration mode.
interface gigabitethernet 0/1/0/0.1
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
130 OL-26077-02
Configuring Modular QoS Service Packet Classification
Traffic Policy Created: Exampleservice-policy input policy1 shared-policy-instance ethernet101
exit
!
interface gigabitethernet 0/1/0/0.2
service-policy input policy1 shared-policy-instance ethernet101
exit
Traffic Policy Attached to a Bundle Interface: Example
The following example shows how to attach an existing traffic policy to a bundle interface. After you define
a traffic policy with the policy-map command, you can attach it to one or more bundle subinterfaces using
the service policy command in subinterface configuration mode.
interface Bundle-Ether 100.1
service-policy tripleplaypolicy shared-policy-instance subscriber1
exit
!
interface Bundle-Ether 100.2
service-policy output tripleplaypolicy shared-policy instance subscriber1
exit
EFP Load Balancing with Shared Policy Instance: Example
The following examples show how to configure load balancing of an EFP when SPI is implemented. For
additional information on EFP load balancing on link bundles, see the Cisco IOS XR Interface and Hardware
Component Configuration Guide.
|Configuring a Bundle Interface: Example
interface Bundle-Ether 50
interface gigabitethernet 0/1/0/5
bundle id 50 mode active
interface gigabitethernet 0/1/0/8
bundle id 50 mode active
Configuring Two Bundle EFPs with the Load Balance Options: Example
This example configures the traffic for two bundle EFPs go over the same physical member link.
interface Bundle-Ether 50.25 l2transport
encapsulation dot1q 25
bundle load-balance hash-select 2
!
interface Bundle-Ether 50.36 l2transport
encapsulation dot1q 36
bundle load-balance hash-select 2
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 131
Configuring Modular QoS Service Packet Classification
Traffic Policy Attached to a Bundle Interface: ExampleDefault Traffic Class Configuration: Example
The following example shows how to configure a traffic policy for the default class of the traffic policy called
policy1. The default class is named class-default, consists of all other traffic, and is being shaped at 60 percent
of the interface bandwidth.
policy-map policy1
class class-default
shape average percent 60
class-map match-any Command Configuration: Example
The following example illustrates how packets are evaluated when multiple match criteria exist. Only one
match criterion must be met for the packet in the class-map match-any command to be classified as a member
of the traffic class (a logical OR operator). In the example, protocol IP OR QoS group 4 OR access group 101
have to be successful match criteria:
class-map match-any class1
match protocol ipv4
match qos-group 4
match access-group ipv4 101
In the traffic class called class1, the match criteria are evaluated consecutively until a successful match criterion
islocated. Each matching criterion is evaluated to see if the packet matchesthat criterion. If the packet matches
at least one of the specified criteria, the packet is classified as a member of the traffic class.
Note The match qos-group command is supported only on egress policies.
Class-based, Unconditional Packet Marking Examples
The following are typical class-based, unconditional packet marking examples:
IP Precedence Marking Configuration: Example
In the following example, a service policy called policy1 is created. This service policy is associated to a
previously defined class map called class1 through the use of the class command, and then the service policy
is attached to the output POS interface 0/1/0/0. The IP precedence bit in the ToS byte is set to 1:
policy-map policy1
class class1
set precedence 1
!
interface pos 0/1/0/0
service-policy output policy1
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
132 OL-26077-02
Configuring Modular QoS Service Packet Classification
Default Traffic Class Configuration: ExampleIP DSCP Marking Configuration: Example
In the following example, a service policy called policy1 is created. This service policy is associated to a
previously defined class map through the use of the class command. In this example, it is assumed that a class
map called class1 was previously configured.
In the following example, the IP DSCP value in the ToS byte is set to 5:
policy-map policy1
class class1
set dscp 5
class class2
set dscp ef
After you configure the settings shown for voice packets at the edge, all intermediate routers are configured
to provide low-latency treatment to the voice packets, as follows:
class-map voice
match dscp ef
policy-map qos-policy
class voice
priority level 1
police rate percent 10
QoS Group Marking Configuration: Example
In the following example, a service policy called policy1 is created. This service policy is associated to a class
map called class1 through the use of the class command, and then the service policy is attached in the input
direction on a GigabitEthernet interface 0/1/0/9. The qos-group value is set to 1.
class-map match-any class1
match protocol ipv4
match access-group ipv4 101
policy-map policy1
class class1
set qos-group 1
!
interface gigabitethernet 0/1/0/9
service-policy input policy1
Note The set qos-group command is supported only on an ingress policy.
CoS Marking Configuration: Example
In the following example, a service policy called policy1 is created. This service policy is associated to a class
map called class1 through the use of the class command, and then the service policy is attached in the output
direction on a 10-Gigabit Ethernet interface, TenGigE0/1/0/0. The IEEE 802.1p (CoS) bits in the Layer 2
header are set to 1.
class-map match-any class1
match protocol ipv4
match access-group ipv4 101
policy-map policy1
class class1
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 133
Configuring Modular QoS Service Packet Classification
Class-based, Unconditional Packet Marking Examplesset cos 1
!
interface TenGigE0/1/0/0
interface TenGigE0/1/0/0.100
service-policy output policy1
MPLS Experimental Bit Imposition Marking Configuration: Example
In the following example, a service policy called policy1 is created. This service policy is associated to a class
map called class1 through the use of the class command, and then the service policy is attached in the input
direction on a 10-Gigabit Ethernet interface, TenGigE0/1/0/0. The MPLS EXP bits of all imposed labels are
set to 1.
class-map match-any class1
match protocol ipv4
match access-group ipv4 101
policy-map policy1
class class1
set mpls exp imposition 1
!
interface TenGigE0/1/0/0
service-policy input policy1
Note The set mpls exp imposition command is supported only on an ingress policy.
MPLS Experimental Topmost Marking Configuration: Example
In the following example, a service policy called policy1 is created. This service policy is associated to a class
map called class1 through the use of the class command, and then the service policy is attached in the output
direction on a 10-Gigabit Ethernet interface, TenGigE0/1/0/0. The MPLS EXP bits on the TOPMOST label
are set to 1:
class-map match-any class1
match mpls exp topmost 2
policy-map policy1
class class1
set mpls exp topmost 1
!
interface TenGigE0/1/0/0
service-policy output policy1
In-Place Policy Modification: Example
In this example, the precedence is changed from 3 to 5 after the policy is defined and attached to an interface:
Define a class:
class-map match-any class1
match cos 7
end-class-map
Define a policy map that uses the class:
policy-map policy1
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
134 OL-26077-02
Configuring Modular QoS Service Packet Classification
In-Place Policy Modification: Exampleclass class1
set precedence 3
Attach the policy map to an interface:
interface gigabitethernet 0/6/0/1
service-policy output policy1
commit
Modify the precedence value of the policy map:
policy-map policy1
class class1
set precedence 5
commit
The modified policy policy1 takes effect on all the interfaces to which the policy is attached. Also, you
can modify any class map used in the policy map. The changes made to the class map take effect on all
the interfaces to which the policy is attached.
Note
Output from the show policy-map targets command indicates that the Gigabit Ethernet interface 0/1/0/0 has
one policy map attached as a main policy (as opposed to being attached to a child policy in a hierarchical QoS
configuration). Outgoing traffic on this interface is affected if the policy is modified:
show policy-map targets
Fri Jul 16 16:38:24.789 DST
1) Policymap: policy1 Type: qos
Targets (applied as main policy):
GigabitEthernet0/1/0/0 output
Total targets: 1
Targets (applied as child policy):
Total targets: 0
Additional References
The following sections provide references related to implementing packet classification.
Related Documents
Related Topic Document Title
Cisco ASR 9000 Series Aggregation Services Router Getting
Started Guide
Initial system bootup and configuration
Cisco ASR 9000 Series Aggregation Services Router Master
Command Listing
Master command reference
Cisco ASR 9000 Series Aggregation Services Router
Modular Quality of Service Command Reference
QoS commands
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 135
Configuring Modular QoS Service Packet Classification
Additional ReferencesRelated Topic Document Title
Configuring AAA Services on Cisco ASR 9000 Series
Router module of Cisco Cisco ASR 9000 Series
Aggregation Services Router System Security Configuration
Guide
User groups and task IDs
Standards
Standards Title
No new or modified standards are supported by
this feature, and support for existing standards
has not been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the following
URL and choose a platform under the Cisco Access
Products menu: http://cisco.com/public/sw-center/netmgmt/
cmtk/mibs.shtml
RFCs
RFCs Title
No new or modified RFCs are supported by this
feature, and support for existing RFCs has not
been modified by this feature.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
136 OL-26077-02
Configuring Modular QoS Service Packet Classification
StandardsTechnical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical
content, including links to products,
technologies,solutions, technical tips, and tools.
Registered Cisco.com users can log in from this
page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 137
Configuring Modular QoS Service Packet Classification
Technical Assistance Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
138 OL-26077-02
Configuring Modular QoS Service Packet Classification
Technical AssistanceC H A P T E R 6
Modular QoS Deployment Scenarios
This module provides deployment scenarios use cases for specific QoS features or for QoS implementations
of features that are described in other technology guides, such as L2VPN or MPLS.
Line Card, SIP, and SPA Support
Feature ASR 9000 Ethernet Line Cards SIP 700 for the ASR 9000
802.1ad DEI yes no
Frame Relay QoS no yes
2-Port Channelized OC-12c/DS0
SPA only
IPHC QoS no
L2VPN QoS yes yes
2-Port Channelized OC-12c/DS0
SPA only
MLPPP/MLFR QoS no
MPLS QoS yes yes
QoS on Multicast VPN yes yes
2-Port Channelized OC-12c/DS0
SPA only
QoS on NxDS0 Interfaces no
Feature History for QoS Deployment Scenarios on Cisco ASR 9000 Series Routers
Release Modification
The L2VPN QoS feature was introduced on ASR 9000 Ethernet Line Cards.
The MPLS QoS feature was introduced on ASR 9000 Ethernet Line Cards.
Release 3.7.2
Release 3.9.0 The MLPPP QoS feature was introduced on the SIP 700 for the ASR 9000.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 139The QoS on Multicast VPN feature was introduced on ASR 9000 Ethernet
Line Cards.
Release 3.9.1
The 802.1ad DEI feature was introduced on the SIP 700 for the ASR 9000.
The Frame Relay QoS feature was introduced on the SIP 700 for the ASR
9000.
The IP Header Compression QoS feature was introduced on the SIP 700 for
the ASR 9000.
The L2VPN QoS feature was supported on the SIP 700 for the ASR 9000.
The MLFR QoS feature was introduced on the SIP 700 for the ASR 9000.
The suspend/resume approach was added for MLPPP and MLFR interfaces.
The MPLS QoS feature was supported on the SIP 700 for the ASR 9000.
The QoS on NxDS0 Interfaces feature was introduced on the SIP 700 for the
ASR 9000.
Release 4.0.0
Release 4.1.0 The VPLS and VPWS QoS feature was introduced.
802.1ad DEI, page 140
Frame Relay QoS, page 141
IP Header Compression QoS, page 145
L2VPN QoS, page 146
MLPPP QoS/MLFR QoS, page 149
MPLS QoS, page 151
QoS on Multicast VPN, page 156
QoS on NxDS0 Interfaces, page 158
VPLS and VPWS QoS, page 159
Related Information, page 161
802.1ad DEI
You can classify traffic based on the Drop Eligible Indicator (DEI) bit that is present in 802.1ad frames and
in 802.1ah frames. DEI support includes the ability to:
Police to a certain rate and, based on whether the traffic is conforming or exceeding, mark the DEI as
0 or 1.
On ingress, police and set up the discard class (even on an interface that is not configured for 802.1ad
encapsulation).
On egress, mark the DEI based on the discard class value (802.1ad interfaces only).
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
140 OL-26077-02
Modular QoS Deployment Scenarios
802.1ad DEIYou can manage congestion based on the Drop Eligible Indicator (DEI) bit that is present in 802.1ad frames
and 802.1ah frames. DEI support includes the ability to:
Do weighted random early detection (WRED) based on the value of the DEI bit.
Do active queue management during traffic congestion on an interface by giving preferential treatment
to traffic (bigger thresholds) or set up smaller thresholds for out-of-profile traffic based on a DEI value.
Mark DEI Based on a Policing Action: Example
In this example, the police rate is set to 5 Mbps. Conforming traffic is marked with a DEI value of 0; traffic
that exceeds the police rate is marked with a DEI value of 1.
policy-map 1ad-mark-dei
class c1
police rate 5 mbps
conform-action set dei 0
exceed-action set dei 1
end-policy-map
Mark DEI Based on Incoming Fields: Example
In this example, 802.1ad CoS plus DEI is derived from the incoming 802.1q CoS. Packets with a CoS value
of 0 are remarked with a DEI value of 1.
class-map match-any remark-cos
match cos 0
end-class-map
policy-map p1
class remark-cos
set dei 1
end-policy-map
interface GigabitEthernet0/4/0/39.1 l2transport
encapsulation dot1q 1
rewrite ingress tag push dot1ad 5 symmetric
service-policy input p1
!
Congestion Management Using DEI: Example
In this example, congestion is managed by dropping packets with a DEI value of 1 before dropping packets
with a DEI value of 0.
policy-map dei-sample
class class-default
random-detect dei 1 1000 6000
random-detect dei 0 5000 10000
end-policy-map
Frame Relay QoS
The main difference between Frame Relay QoS and other interface types is that you can perform:
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 141
Modular QoS Deployment Scenarios
Mark DEI Based on a Policing Action: Example Frame Relay DLCI classification
Frame Relay DE classification
Frame Relay DE marking
A QoS policy can be applied only to a PVC under a Frame Relay subinterface; it cannot
be applied directly to a Frame Relay subinterface.
Note
Frame Relay DLCI Classification
This configuration allows users to match on the Frame Relay DLCI value of packets encapsulated in Frame
Relay. Packets that are not Frame Relay encapsulated do not match this configuration.
class-map foo
match frame-relay list of dlci-values
The list of DLCI values can contain ranges as well as individual values, as in this example:
class-map foo
match frame-relay dlci 1-100 150 200-300
Note DLCI matching is supported only on main interfaces.
Frame Relay DE Classification
This configuration allows the user to match Frame Relay packets that have the discard eligible (DE) bit set
in the Frame Relay header:
class-map fr_class
match fr-de 1
To match Frame Relay DE bit 0, use this configuration:
class-map match-not-fr-de
match not fr-de 1
Note DE bit classification is not supported on Layer 3 interfaces.
Frame Relay DE Marking
In this example, the fr-de bit is set when traffic exceeds the policing committed information rate, so the
downward system (when experiencing congestion) discards traffic with the fr-de bit set to 1.
policy-map fr_de_marking
class class-default
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
142 OL-26077-02
Modular QoS Deployment Scenarios
Frame Relay DLCI Classificationpolice rate percent 50
conform-action transmit
exceed-action set fr-de 1
!
!
end-policy-map
Note DE bit marking is not supported on Layer 3 interfaces.
Frame Relay QoS: Example
In this example, parent_policy is applied to the Multilink Frame Relay main interface. There are two classes
in parent_policy, which match on Frame Relay DLCIs. The Multilink Frame Relay main interface has two
Frame Relay PVCs configured (DLCI 16, DLCI 17).
show run int multi 0/2/1/0/1
Mon Aug 2 11:34:31.019 UTC
interface Multilink0/2/1/0/1
service-policy output parent_policy
encapsulation frame-relay
frame-relay intf-type dce
!
show run policy-map parent_policy
Mon Aug 2 11:34:36.118 UTC
policy-map parent_policy
class parentQ_1
service-policy child_queuing_policy
shape average 64 kbps
!
class parentQ_2
service-policy child_queuing_policy
shape average 1 mbps
!
class class-default
!
end-policy-map
!
show run class-map parentQ_1 <----- class map parent class dlci=16
Mon Aug 2 11:34:43.363 UTC
class-map match-any parentQ_1
match frame-relay dlci 16
end-class-map
!
show run class-map parentQ_2 <----- class map parent class dlci=17
Mon Aug 2 11:34:45.647 UTC
class-map match-any parentQ_2
match frame-relay dlci 17
end-class-map
!
show run int multi 0/2/1/0/1.16 <------ dlci 16 pvc config
Mon Aug 2 11:34:53.988 UTC
interface Multilink0/2/1/0/1.16 point-to-point
ipv4 address 192.1.1.1 255.255.255.0
pvc 16
encap cisco
!
!
show run int multi 0/2/1/0/1.17 <------ dlci 17 pvc config
Mon Aug 2 11:34:56.862 UTC
interface Multilink0/2/1/0/1.17 point-to-point
ipv4 address 192.1.2.1 255.255.255.0
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 143
Modular QoS Deployment Scenarios
Frame Relay QoS: Examplepvc 17
encap cisco
!
!
show run policy-map child_queuing_policy <--------- child policy-map
Mon Aug 2 11:35:05.821 UTC
policy-map child_queuing_policy
class voice-ip
priority level 1
police rate percent 20
!
!
class video
bandwidth percent 40
!
class premium
service-policy gchild_policy
bandwidth percent 10
random-detect discard-class 2 10 ms 100 ms
random-detect discard-class 3 20 ms 200 ms
queue-limit 200 ms
!
class best-effort
bandwidth percent 20
queue-limit 200 ms
!
class class-default
!
end-policy-map
!
show run policy-map gchild_policy <-------- grandchild policy map
Mon Aug 2 11:35:15.428 UTC
policy-map gchild_policy
class premium_g1
police rate percent 10
!
set discard-class 2
!
class premium_g2
police rate percent 50
!
set discard-class 3
!
class class-default
!
end-policy-map
!
show run class-map <----------- shows all class map configs
Mon Aug 2 11:35:19.479 UTC
class-map match-any video
match precedence 1
end-class-map
!
class-map match-any premium
match precedence 2 3
end-class-map
!
class-map match-any voice-ip
match precedence 0
end-class-map
!
class-map match-any parentQ_1
match frame-relay dlci 16
end-class-map
!
class-map match-any parentQ_2
match frame-relay dlci 17
end-class-map
!
class-map match-any premium_g1
match precedence 2
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
144 OL-26077-02
Modular QoS Deployment Scenarios
Frame Relay QoS: Exampleend-class-map
!
class-map match-any premium_g2
match precedence 3
end-class-map
!
class-map match-any best-effort
match precedence 4
end-class-map
!
IP Header Compression QoS
An IP Header Compression (IPHC) profile can be enabled on an interface so that the IPHC profile applies
only to packets that match a QoS service policy. In this case, the QoS service-policy class attributes determine
which packets are compressed. This allows users to fine tune IPHC with greater granularity.
Policy maps are attached to an interface using the service-policy command. IPHC action applies only to output
service policies. IPHC is not supported on input service policies. (IPHC is supported in the input direction
but there is no use case to configure IPHC in an input policy.)
You can configure IPHC using QoS as follows:
Create a QoS policy with the compress header ip action.
Attach the IPHC profile to the interface using the ipv4 iphc profile profile_name mode service-policy
command.
Attach the QoS policy with compress header ip action using the service-policy output command.
You can also display IPHC statistics using the show policy-map interface command, asshown in the following
example:
show policy-map interface Serial0/0/3/0/3:0 output
show policy-map int Serial0/0/3/0/3:0 output
Mon May 18 22:06:14.698 UTC
Serial0/0/3/0/3:0 output: p1
Class class-default
Classification statistics (packets/bytes) (rate - kbps)
Matched : 0/0 0
Transmitted : 0/0 0
Total Dropped : 0/0 0
Queueing statistics
Queue ID : 0
High watermark (Unknown) : 0
Inst-queue-len (packets) : 0
Avg-queue-len (packets) : 0
Taildropped(packets/bytes) : 0/0
Compression Statistics
Header ip rtp
Sent Total (packets) : 880
Sent Compressed (packets) : 877
Sent full header (packets) : 342
Saved (bytes) : 31570
Sent (bytes) : 24750
Efficiency improvement factor : 2.27
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 145
Modular QoS Deployment Scenarios
IP Header Compression QoSIP Header Compression QoS: Example
In this example, IPHC is configured through QoS as an action under the class map using the compress header
ip command.
The packets are classified according to the criteria in the class maps. The policy map specifies which behavior
to apply to which classes. IPHC is enabled using the compress header ip action for the class. An IPHC profile
with a QoS service policy is attached to a serial interface.
class-map match-all voice1
match precedence 2
class-map match-all voice2
match access-group acl_iphc
access-list acl_iphc permit udp any range lower-bound src udp port 5000 upper-bound src udp
port15000 any lower-bound udp dst port 5000 upper-bound dst udp port 15000
ipv4 access-list acl_iphc permit udp any range 5000 15000 any range 5000 15000
policy-map iphc_policy
class iphc_class_1
compress header ip
class iphc_class_2
compress header ip
interface serial 0/1/0/1:1
ipv4 iphc profile Profile_3 mode service-policy
service-policy output iphc_policy
interface Serial 0/2/0/0/1/1/1:1
ipv4 address 10.0.0.1 255.255.255.252
ipv4 iphc profile Profile_3 mode service-policy
service-policy output iphc_policy
encapsulation ppp
L2VPN QoS
This section describes the following Frame Relay L2VPN deployment scenarios:
Frame Relay <-> Frame Relay over pseudowire
Frame Relay <-> Ethernet over pseudowire
There are local-connect variants of these scenarios that do not go over a pseudowire.
This discussion focuses on the pseudowire scenarios.
Note
Frame Relay <-> Frame Relay Over Pseudowire: Example
This example shows that you can match based on the Frame Relay DLCI on the ingress Frame Relay interface
on router PE1 and set the fr-de value. This configuration is carried over the L2VPN pseudowire. When the
Frame Relay packet exits router PE2 through the Frame Relay l2transport interface, the fr-de value is intact.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
146 OL-26077-02
Modular QoS Deployment Scenarios
IP Header Compression QoS: ExampleThis configuration allows you to manipulate and carry over the Frame Relay QoS values across L2VPN.
Figure 2 shows the network topology.
Figure 10: Frame Relay Over MPLS
CE1
interface pos0/2/0/0.26
pvc 26
ipv4 add 10.0.0.1 255.0.0.0
PE1
interface pos0/2/0/0.26 l2transport
pvc 26
l2vpn
xconnect group frfr
p2p p1
interface pos0/2/0/0.26
neighbor y.y.y.y pw-id 1001
!QoS Policy
class-map matchdlci
match frame-relay dlci 26
policy-map setde1
class matchdlci
set fr-de 1
interface pos0/2/0/0
service-policy input setde1
PE2
interface pos0/3/0/0.26 l2transport
pvc 26
l2vpn
xconnect group frfr
p2p p1
interface pos0/3/0/0.26
neighbor x.x.x.x pw-id 1001
CE2
interface pos0/3/0/0.26
pvc 26
ipv4 add 10.0.0.2 255.0.0.0
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 147
Modular QoS Deployment Scenarios
Frame Relay <-> Frame Relay Over Pseudowire: ExampleFrame Relay <-> Ethernet Over Pseudowire: Example
This example shows that you can match based on the fr-de value on the ingress Frame Relay l2transport
interface on router PE1 and set a specific MPLS EXP value. When the MPLS packet exits the PE1 core
interface, this EXP value is set. When the packet exits router PE2 through the Ethernet l2transport interface,
this value is part of the Ethernet packet CoS field.
This configuration allows you to carry over or map the QoS field from the Frame Relay network to the Ethernet
network. Figure 3 shows the network topology.
Figure 11: IP Interworking Over MPLS
CE1
interface pos0/2/0/0.26
pvc 26
ipv4 add 10.0.0.1 255.0.0.0
PE1
interface pos0/2/0/0.26 l2transport
pvc 26
l2vpn
xconnect group freth
p2p p1
interface pos0/2/0/0.26
neighbor y.y.y.y pw-id 1001
interworking ipv4
!QoS Policy
class-map matchfrde
match fr-de 1
policy-map setexp
class matchfrde
set mpls exp imposition 5
interface pos0/2/0/0.26 l2transport
pvc 26
service-policy input setexp
PE2
interface gig0/4/0/0.26 l2transport
encapsulation dot1q 100
l2vpn
xconnect group freth
p2p p1
interface gig0/4/0/0.26
neighbor x.x.x.x pw-id 1001
interworking ipv4
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
148 OL-26077-02
Modular QoS Deployment Scenarios
Frame Relay <-> Ethernet Over Pseudowire: ExampleCE2
interface gig0/4/0/0.26
encapsulation dot1q 100
ipv4 add 10.0.0.2 255.0.0.0
MLPPP QoS/MLFR QoS
Multilink provides a mechanism for aggregating multiple serial links into a bundle. Bundles support more
bandwidth, load balancing between links, and improved service availability by protecting against single points
of failure. The service allows users to increase bandwidth by aggregating multiple low speed links, which can
be more cost-effective than upgrading to a single higher speed link. This provides a cost-effective solution
for users requiring leased line service with bandwidth greater than T1 rates but below T3 rates.
Multilink interfaces can be configured with PPP encapsulation (MLPPP) or with Frame Relay encapsulation
(MLFR). When a multilink interface is configured with Frame Relay encapsulation, subinterfaces can be
configured below it.
The total bandwidth available for the multilink interface can change dynamically when links are added or
removed to or from a multilink interface. The total bandwidth available can also change if the member links
change state operationally to up or down, or by modifying the suspended condition of the policy. QoS policies
applied on such interfaces need to be updated based on the bandwidth changes. In this case, one of the following
actions is taken:
Suspend the policyPolicy is suspended if the bandwidth requirements of the attached policy are more
than the available bandwidth (which is reduced due to a member link going operationally down). Once
the policy is suspended, any incoming or outgoing packets on that interface are not subject to QoS.
A policy is suspended on ingress under these conditions:
? In Enhanced Hierarchical Ingress Policing, when the sum of child police rates is greater than the
parent police conform rate
? Police peak rate is less than the police conform rate
A policy is suspended on egress under these conditions:
? Minimum bandwidth rate + priority class police rate is greater than the interface rate
? Shape rate is less than the minimum bandwidth rate
? Priority class police conform rate is greater than the interface rate
? Priority class police peak rate is greater than the interface rate
? Police peak rate is less than the police conform rate
Resume the policyPolicy is resumed if the bandwidth requirements of the attached policy are less
than or equal to the available bandwidth, which increased due to a member link going operationally up.
A suspended policy can also be resumed by modifying the suspended condition of the policy map without
any change in the member link status.
Update the policyActive policy rates are updated to reflect the new available bandwidth. The available
bandwidth could have increased or decreased, but the applied policy's bandwidth requirements can still
be satisfied.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 149
Modular QoS Deployment Scenarios
MLPPP QoS/MLFR QoSQoS statistics are not retained for the policy that transitions from an active state to a suspended state. If the
policy is reactivated, all the previously collected statistics are lost and only the packets that pass through the
interface after the reactivation are counted. The suspended policy can be modified to reduce its bandwidth
requirements, so that it can be reactivated. A suspended policy can be modified while still attached to the
interface.
Multiclass MLPPP with QoS
Multiclass Multilink Point-to-Point Protocol (MLPPP) can be used with QoS and configured using the
encap-sequence command under a classin a policy map. The encap-sequence command specifiesthe MLPPP
MCMP class ID for the packets in an MQC defined class.
The valid values for the encap-sequence ID number are none, 1, 2, or 3. The none value is applicable only
when the priority level is 1 and indicates that there is no MLPPP encapsulation. The values 1, 2, or 3 can be
used with priority 1 or 2 classes or other classes with queuing actions. An encap-sequence ID number of zero
(0) is used by the system and is reserved for the default class; it cannot be specified in any other classes.
The encap-sequence ID numbers must be configured in numeric order. For example, you cannot assign
an ID number of 3 unless you have already assigned 1 and 2.
Note
The number of encap-sequence ID numbers must be lessthan the number of MLPPP classesthat are negotiated
between the peers via the multilink header. The user must ensure that the configuration is consistent as the
system does not verify this.
The ppp multilink multiclass remote apply command provides a way to ensure this. You can ensure that
the number of classes using an encap-sequence ID number (including the default of 0) is less than the
min-number value in the ppp multilink multiclass remote apply command. For example, if the min-number
value is 4, you can only have three or fewer classes with encap-sequence ID numbers.
The QoS policy validates the following conditions. If these conditions are not met, the policy is rejected:
The encap-sequence ID number is within the allowed values of 1 to 3.
When encap-sequence is configured for any class in a policy map, all classes in that policy map with
priority level 1 must also contain an encap-sequence ID number.
The encap-sequence none configuration is restricted to classes with priority level 1.
The class-default does not contain an encap-sequence configuration.
Only classes containing a queuing action have the encap-sequence configuration.
Note Classes that share the same encap-sequence ID number must have the same priority.
A QoS policy map is configured as follows:
config
policy-map type qos policy-name class class-name action action action
. . .
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
150 OL-26077-02
Modular QoS Deployment Scenarios
Multiclass MLPPP with QoSThe following example shows how to configure a policy map for MLPPP:
config
policy-map foo
class ip-prec-1
encap-sequence none
police rate percent 10
priority level 1
!
class ip-prec-2
encap-sequence 1
shape average percent 80
!
class ip-prec-3
encap-sequence 1
bandwidth percent 10
!
class class-default
!
end-policy-map
!
MLPPP QoS/MLFR QoS: Example
Because a bundle interface dynamically changes its bandwidth as the member links go up or down, QoS
policies applied on such interfaces need to be updated based on the bandwidth changes.
MPLS QoS
The introductory text and topology diagrams are taken from MPLS Fundamentals, Luc De Ghein,
Copyright 2007, Cisco Systems, Inc.
Note
For MPLS QoS, there are three deployment scenarios based on tunneling model: uniform mode, pipe mode,
and short pipe mode. Table 2 shows an overview of the tunneling models.
Tunneling Mode IP-to-Label Label-to-Label Label-to-IP
Copy MPLS EXP to IP
precedence/DiffServ
Copy IP precedence /DiffServ MPLS EXP copied
to MPLS EXP
Uniform
Preserve IP precedence
/DiffServ
Forwarding treatment based on
MPLS EXP
MPLS EXP set according to MPLS EXP copied
service provider policy
Pipe
Preserve IP precedence
/DiffServ
Forwarding treatment based on
IP precedence/DiffServ
MPLS EXP set according to MPLS EXP copied
service provider policy
Short Pipe
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 151
Modular QoS Deployment Scenarios
MLPPP QoS/MLFR QoS: ExampleMPLS Uniform Mode
In uniform mode (shown in Figure 4), there is only one DiffServ marking that is relevant for a packet when
traversing the MPLS network. If the DiffServ marking of the packet is modified within the MPLS network,
the updates information is the one considered meaningful at the egress of the LSP. Any changes to the packet
marking within the MPLS network are permanent and get propagated when the packet leaves the MPLS
network.
Figure 12: Uniform Mode
MPLS Pipe Mode
In pipe mode (shown in Figure 5), two markings are relevant for a packet when traversing the MPLS network.
First, the marking used by intermediate nodes along the LSP span including the egress LSR. Second, the
original marking carried by the packet before entering the MPLS network that will continue to be used once
the packet leaves the MPLS network. Any changes to the packet marking within the MPLS network are not
permanent and do not get propagated when the packet leaves the MPLS network.
Note that the egress LSR still uses the marking that was used by intermediate LSRs. However, the egress LSR
has to remove all labels imposed on the original packet. In order to preserve this marking carried in the labels,
the edge LSR keeps an internal copy of the marking before removing the labels. This internal copy is used to
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
152 OL-26077-02
Modular QoS Deployment Scenarios
MPLS Uniform Modeclassify the packet on the outbound interface (facing the CE) once the labels are removed. This is usually
achieved using the set qos-group and match qos-group commands.
Figure 13: Pipe Mode
MPLS Short Pipe Mode
The short pipe mode (shown in Figure 6), is a slight variation of the pipe mode. The only difference is that
the egress LSR uses the original packet marking instead of using the marking used by the intermediate LSRs.
Figure 14: Short Pipe Mode
Uniform, Pipe, Short Pipe Modes: Ingress PE Example
This example shows how to implement the MPLS DiffServ and demonstrates the configuration needed on
the ingress PE. Only precedence 4 is being matched. Precedence 4 is mapped to EXP bits value 4 by the
policer, unless the bandwidth is exceeded, in which case the EXP bits are recolored to the value 2. The egress
interface configuration is not needed for the MPLS DiffServ uniform model, but it is added to show how to
perform QoS on the EXP bits.
!Ingress interface:
class-map prec4
match precedence 4
!
policy-map set-MPLS-PHB
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 153
Modular QoS Deployment Scenarios
MPLS Short Pipe Modeclass prec4
police rate 8000 kbps
conform-action set mpls experimental imposition 4
exceed-action set mpls experimental imposition 2
!
interface GigabitEthernet0/0/0/1
service-policy input set-MPLS-PHB
!Egress interface:
class-map exp2and4
match mpls experimental topmost 2 4
!
policy-map output-qos
class exp2and4
bandwidth percent 40
random-detect default
!
interface GigabitEthernet0/0/0/2
service-policy output output-qos
Uniform Mode: Egress PE Example
On the egress PE, the EXP bits are copied to the precedence bits using the set qos-group and match qos-group
commands.
!Ingress interface:
class-map exp2
match mpls experimental topmost 2
!
class-map exp4
match mpls experimental topmost 4
!
policy-map policy2
class exp2
set qos-group 2
class exp4
set qos-group 4
!
interface GigabitEthernet0/0/0/2
service-policy input policy2
!Egress interface:
class-map qos2
match qos-group 2
class-map qos4
match qos-group 4
!
policy-map policy3
class qos2
set precedence 2
bandwidth percent 20
random-detect default
class qos4
set precedence 4
bandwidth percent 20
random-detect default
!
interface GigabitEthernet0/0/0/1
service-policy output policy3
Pipe Mode: Egress PE Example
This example shows the configuration of the egress PE for the MPLS DiffServ pipe mode. The egress LSR
does not copy the EXP bits to the precedence bits of the outgoing IP packet. The scheduling of the packets
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
154 OL-26077-02
Modular QoS Deployment Scenarios
Uniform Mode: Egress PE Exampleon the egress interface is done indirectly on the EXP bits using the set qos-group and match qos-group
commands.
!Ingress interface:
class-map exp2
match mpls experimental topmost 2
!
class-map exp4
match mpls experimental topmost 4
!
policy-map policy2
class exp2
set qos-group 2
class exp4
set qos-group 4
!
interface GigabitEthernet0/0/0/2
service-policy input policy2
!Egress interface:
class-map qos2
match qos-group 2
class-map qos4
match qos-group 4
!
policy-map policy3
class qos2
bandwidth percent 20
random-detect default
class qos4
bandwidth percent 20
random-detect default
!
interface GigabitEthernet0/0/0/1
service-policy output policy3
Short Pipe Mode: Egress PE Example
This example shows the configuration of the egress PE for the MPLS DiffServ short pipe mode. The egress
LSR forwards the packet based on the precedence or differentiated services code point (DSCP) bits of the IP
packet after removing the labels. The egress LSR does not copy the EXP bits to the precedence bits of the
outgoing IP packet.
! Configuration is not needed for ingress interface
!Egress interface:
class-map prec4
match precedence 4
!
policy-map policy3
class prec4
bandwidth percent 40
random-detect precedence 4 100 ms 200 ms
!
interface GigabitEthernet0/0/0/1
service-policy output policy3
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 155
Modular QoS Deployment Scenarios
Short Pipe Mode: Egress PE ExampleQoS on Multicast VPN
ASR 9000 Ethernet Line Cards
The support for QoS services on a multicast VPN (mVPN) enabled network involves the marking of DSCP
or precedence bits on the tunnel IP header. Thisfeature enables MPLS carriersto offer QoS on mVPN services.
The mVPN network uses generic routing encapsulation (GRE) tunnels between provider edge (PE) devices.
Multicast packets are placed in GRE tunnels for transmission across the MPLS core network.
The ingress interfaces use the set precedence tunnel and set dscp tunnel commands (both conditional and
unconditional) within an ingress policy applied to the ingressinterface.shows a typical mVPN network. When
an IP packet arrives at PE1 on the ingress interface E1, the packet is sent out of the tunnel interface E2 into
the core network by encapsulating the IP packet inside a GRE tunnel.
Figure 15: mVPN Network
If the set dscp tunnel command or the set precedence tunnel command is configured on the ingress interface
E1, the DSCP or precedence values are set in the GRE tunnel header of the encapsulated packet being sent
out of the interface E2. As a result:
The set dscp command or the set precedence command (conditional or unconditional) marks the DSCP
or precedence values within the IP header.
The set dscp tunnel or the set precedence tunnel command (conditional or unconditional) marks the
DSCP or precedence values within the GRE header.
QoS on Multicast VPN: Example
Supporting QoS in an mVPN-enabled network requires conditional and unconditional marking of the DSCP
or precedence bits onto the tunnel header. Unconditional marking marks the DSCP or precedence tunnel as
a policy action. Conditional marking marks the DSCP or precedence values on the tunnel header as a policer
action (conform, exceed, or violate).
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
156 OL-26077-02
Modular QoS Deployment Scenarios
QoS on Multicast VPNUnconditional Marking
class-map c1
match vlan 1-10
policy-map p1
class c1
set precedence tunnel 3
Conditional Marking
policy-map p2
class c1
police rate percent 50
conform action set dscp tunnel af11
exceed action set dscp tunnel af12
SIP 700 for the ASR 9000
The set precendence tunnel and set dscp tunnel commands are not supported but general Multicast VPN is
supported, as shown in the following example.
QoS on Multicast VPN: Example
In this example, there are three services offered across the network: mobile, enterprise, and other services.
Mobile traffic is classified as broadband 2G mobile traffic and 3G mobile traffic.
Control traffic needs the highest priority and has priority level 1. Broadband 2G mobile traffic has priority
level 2. A priority queue is associated with each of these traffic classes. Traffic in these classes is policed at
a rate of 100 percent, which means that full line rate bandwidth is dedicated to these traffic classes.
Remaining bandwidth is distributed across the Mcast_BBTV_Traffic class, Enterprise_Traffic class, and
Enterprise_Low_Traffic class.
policy-map CompanyA-Profile
class Control_Traffic
priority level 1
police rate percent 100
!
!
class BB_2GMobile_Traffic
priority level 2
police rate percent 100
!
!
class Mcast_BBTV_Traffic
bandwidth remaining ratio 1000
!
class 3GMobile_Traffic
bandwidth remaining ratio 100
!
class Enterprise_Traffic
bandwidth remaining ratio 10
!
class Enterprise_Low_Traffic
bandwidth remaining ratio 1
!
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 157
Modular QoS Deployment Scenarios
SIP 700 for the ASR 9000class class-default
!
end-policy-map
QoS on NxDS0 Interfaces
For QoS on NxDS0 interfaces, the shape, police, and queuing minimum rate is 8 kbps and granularity is 1
kbps. When QoS is applied to a low speed NxDS0 link, frame relay fragmentation (frf12) configuration is
also recommended in order to provide low delay for real-time priority traffic. The common configurations on
NxDS0 interfaces are:
One-level policy applied to a main interface without Frame Relay configured
Two-level policy applied to a subinterface with Frame Relay configured
One-Level Policy Applied to Main Interface: Example
show run int Serial0/2/1/0/1/1:0
Mon Aug 9 11:29:50.721 UTC
interface Serial0/2/1/0/1/1:0
service-policy output fractional_T1_E1_policy ?--------policy applied to serial interface
encapsulation frame-relay
!
RP/0/RSP1/CPU0:viking-1#show run policy-map
policy-map fractional_T1_E1_policy
class Conversational
priority level 1
police rate 64 kbps
!
!
class Streaming-Interactive
bandwidth remaining percent 35
!
class Background
bandwidth remaining percent 15
!
class TCP-traffic
bandwidth remaining percent 10
!
class class-default
bandwidth remaining percent 40
!
end-policy-map
Two-Level Policy Applied to a Subinterface: Example
show run int Serial0/2/1/0/1/1:0
Mon Aug 9 11:29:50.721 UTC
interface Serial0/2/1/0/1/1:0
encapsulation frame-relay
frame-relay intf-type dce
!
Mon Aug 9 11:29:37.150 UTC
interface Serial0/2/1/0/1/1:0.16 point-to-point
ipv4 address 192.1.1.1 255.255.255.0
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
158 OL-26077-02
Modular QoS Deployment Scenarios
QoS on NxDS0 Interfacespvc 16
service-policy output parent_policy ?--------policy applied to serial subinterface
encap cisco
fragment end-to-end 350 ?-------------------frf12 enabled
!
!
!
show run policy-map
policy-map parent_policy
class class-default
shape average rate 768 kbps
show run policy-map
policy-map fractional_T1_E1_policy
class Conversational
priority level 1
police rate 64 kbps
!
!
class Streaming-Interactive
bandwidth remaining percent 35
!
class Background
bandwidth remaining percent 15
!
class TCP-traffic
bandwidth remaining percent 10
!
class class-default
bandwidth remaining percent 40
!
end-policy-map
VPLS and VPWS QoS
To support QoS on virtual private LAN service (VPLS)-enabled and virtual private wire service
(VPWS)-enabled networks, packets can be classified based on these match criteria:
Match on vpls broadcast (applicable to VPLS)
Match on vpls multicast (applicable to VPLS)
Match on vpls control (applicable to VPLS)
Match on ethertype arp (applicable to both VPLS and VPWS)
VPLS-specific and VPWS-specific classification are performed only in the ingress
direction.
Note
These guidelines apply to the VPLS and VPWS QoS feature:
Supported on ingress Layer 2 bundle and nonbundle subinterfaces.
Not supported on Layer 3 subinterfaces, but supported on ports with port inheritance policy. The system
ignores VPLS classification on Layer 3 subinterfaces associated with the port.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 159
Modular QoS Deployment Scenarios
VPLS and VPWS QoS Match VPLS and match ethertype arp can be applied on a Layer 2
interface regardless of the Layer 2 service type, however VPLS
classification is ignored on a non-VPLS Layer 2 interface type.
Figure 9 illustrates a typical VPLS topology. The VPLS network is a mesh of pseudowires(PWs) interconnected
to bridge domains in the routers. Each of the provider edge (PE) routers has a bridge domain. Each PW is a
bridge port into the bridge domain. The customer edge (CE) connection into each PE router is an attachment
circuit (AC) bridge port into the same bridge domain. QoS configuration commands are applied to the AC
that connects to the CE router on the one end and the bridge domain of the PE router on the other.
Figure 16: Typical VPLS Network Topology
VPLS and VPWS QoS: Example
This section contains a configuration example based on the components shown in Figure 9, and explains how
the network matches packets based on the configured values.
The policy-map and PE-to-CE connection are configured as follows on the PE1 router:
class c1
match vpls multicast
!
class c2
match vpls broadcast
!
class c3
match vpls control
!
class c4
match ethertype arp
!
policy-map p1
class c1
set qos-group 3
set mpls experimental imposition 4
shape average percent 40
!
class c2
bandwidth remaining percent 10
set mpls experimental imposition 5
!
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
160 OL-26077-02
Modular QoS Deployment Scenarios
VPLS and VPWS QoS: Exampleclass c3
police rate percent 10
set mpls experimental imposition 6
!
class c4
bandwidth remaining percent 10
set mpls experimental imposition 7
!
class class-default
!
end policy-map
interface GigabitEthernet0/2/0/0 l2transport
description PE to CE connection
service-policy input p1
!
l2vpn
bridge group examples
bridge-domain vpls-bridge
interface GigabitEthernet0/2/0/0
!
vfi pe12link
neighbor 10.0.0.2 pw-id 12
!
!
vfi pe13link
neighbor 10.0.0.3 pw-id 13
!
!
!
!
!
In the network designed and configured according to this example, and with VPLS and VPWS enabled, the
packets that meet the match criteria receive QoS treatment according to the policy actions defined in the
policy:
If a VPLS multicast packet arrives on the ingress interface of the PE router, it matches class c1.
If a VPLS broadcast packet arrives on the ingress interface of the PE router, it matches class c2.
If a VPLS control packet arrives on the ingress interface of the PE router with MAC address ranging
from 01-80-C2-00-00-00 to 01-80-C2-00-00-3F, it matches class c3.
If an ARP packet arrives on the ingress interface of the PE router, it matches class c4.
Related Information
The information in this module focuses on the QoS implementation of features that are described in other
technology guides. The following table indicates the guides where you can find more information about these
features.
Feature Guide
Configuring Modular QoS Packet Classification and Marking and Configuring
Modular QoS Congestion Management in this guide
802.1ad DEI
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 161
Modular QoS Deployment Scenarios
Related InformationFeature Guide
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware
Component Configuration Guide
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware
Component Command Reference
Frame Relay
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware
Component Configuration Guide
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware
Component Command Reference
IP HeaderCompression
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
Configuration Guide
Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services
Command Reference
L2VPN
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware
Component Configuration Guide
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware
Component Command Reference
MLPPP/MLFR
Cisco ASR 9000 Series Aggregation Services Router MPLS Configuration Guide
Cisco ASR 9000 Series Aggregation Services Router MPLS Command Reference
MPLS
Cisco ASR 9000 Series Aggregation Services Router Multicast Configuration Guide
Cisco ASR 9000 Series Aggregation Services Router Multicast Command Reference
QoS on Multicast VPN
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware
Component Configuration Guide
Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware
Component Command Reference
QoS on NxDS0
Interfaces
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
162 OL-26077-02
Modular QoS Deployment Scenarios
Related InformationC H A P T E R 7
Configuring Hierarchical Modular QoS
Hierarchical QoS allows you to specify QoS behavior at multiple policy levels, which provides a high degree
of granularity in traffic management.
Line Card, SIP, and SPA Support
Feature ASR 9000 Ethernet Line Cards SIP 700 for the ASR 9000
Enhanced Hierarchical Ingress no yes
Policing
Hierarchical Policing yes yes
Hierarchical QoS yes yes
Three-Parameter Scheduler yes yes
Feature History for Hierarchical QoS on Cisco ASR 9000 Series Routers
Release Modification
The Hierarchical Policing feature was introduced on
Cisco ASR 9000 Series Routers on ASR 9000 Ethernet Line Cards.
The Hierarchical QoS feature was introduced on
Cisco ASR 9000 Series Routers on ASR 9000 Ethernet Line Cards.
The Three-Parameter Scheduler feature was introduced on
Cisco ASR 9000 Series Routers on ASR 9000 Ethernet Line Cards.
Release 3.7.1
The Hierarchical QoS feature wassupported on the SIP 700 for the ASR 9000.
(two-level policies only)
Release 3.9.0
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 163The Enhanced Hierarchical Ingress Policing feature was introduced on
Cisco ASR 9000 Series Routers on the SIP 700 for the ASR 9000.
The Hierarchical Policing feature was supported on
Cisco ASR 9000 Series Routers on the SIP 700 for the ASR 9000.
For the Hierarchical QoS feature, support was added for three-level policies
on the SIP 700 for the ASR 9000.
The Three-Parameter Scheduler feature was supported on the SIP 700 for the
ASR 9000.
Release 4.0.0
How to Configure Hierarchical QoS, page 164
Verifying the Configuration of Hierarchical Policies, page 180
Additional References, page 181
How to Configure Hierarchical QoS
When configuring hierarchical QoS, consider the following guidelines:
When defining polices,start at the bottom level of the hierarchy. For example, for a two-level hierarchical
policy, define the bottom-level policy and then the top-level policy. For a three-level hierarchical policy,
define the bottom-level policy, the middle-level policy, and then the top-level policy.
Do not specify the input or output keyword in the service-policy command when configuring a
bottom-level policy within a top-level policy.
Configure bottom-level policies only in middle-level and top-level policies.
Configuring the Three-Parameter Scheduler
When configuring the Three-Parameter Scheduler, consider the following guidelines:
To use the three-parameter scheduler, a queueing class must be enabled. To enable a queueing class,
you must configure at least one of the three parameters. When at least one parameter is configured, a
queue is assigned to the class.
If you configure only one parameter, the scheduler uses default values for the other two parameters.
You can configure all 3 parameters in the same class.
Minimum bandwidth must be less than maximum bandwidth.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
164 OL-26077-02
Configuring Hierarchical Modular QoS
How to Configure Hierarchical QoSASR 9000 Ethernet Line Cards
SUMMARY STEPS
1. configure
2. policy-map policy-name
3. class class-name
4. shape average {percent percentage | rate [units]}
5. exit
6. policy-map policy-name
7. class class-default
8. bandwidth {rate [units] | percent percentage-value} or bandwidth remaining [percent percentage-value
| ratio ratio-value] or shape average {percent percentage | rate [units]}
9. service-policy policy-map-name
10. end
11. or commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
policy-map policy-name Creates or modifies the bottom-level policy.
Example:
RP/0/RSP0/CPU0:router(config)# policy-map
bottom-child
Step 2
Assignsthe traffic classthat you specify to the policy map. Enters
policy map class configuration mode.
class class-name
Example:
RP/0/RSP0/CPU0:router(config-pmap)# class
Bronze
Step 3
shape average {percent percentage | rate [units]} Shapes traffic to the indicated bit rate.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# shape
average 1 mbps
Step 4
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 165
Configuring Hierarchical Modular QoS
Configuring the Three-Parameter SchedulerCommand or Action Purpose
exit Exits policy map class configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# exit
Step 5
policy-map policy-name Creates or modifies the top-level policy.
Example:
RP/0/RSP0/CPU0:router(config-pmap)#
policy-map Top-Parent
Step 6
Step 7 class class-default Configures or modifies the parent class-default class.
Example:
RP/0/RSP0/CPU0:router(config-pmap)# class
class-default
Note You can configure only the class-default class in
a parent policy. Do not configure any other traffic
class.
Specifies the minimum bandwidth allocated to a class as a
percentage of link bandwidth.
bandwidth {rate [units] | percent percentage-value}
or bandwidth remaining [percent percentage-value
Step 8
| ratio ratio-value] or shape average {percent
percentage | rate [units]}
Specifies how to allocate excess bandwidth to a class.
Specifies maximum bandwidth as a percentage of link bandwidth
(when other classes are not using all of their bandwidth share).
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
Note You must configure at least one of the three
bandwidth percent 30 parameters.
or
RP/0/RSP0/CPU0:router(config-pmap-c)#
bandwidth remaining percent 80
or
RP/0/RSP0/CPU0:router(config-pmap-c)# shape
average percent 50
service-policy policy-map-name Applies a bottom-level policy to the top-level class-default class.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
service-policy Bottom-Child
Step 9
Step 10 end
Step 11 or commit Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# end
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before exiting
(yes/no/cancel)? [cancel]:
or
RP/0/RSP0/CPU0:router(config-pmap-c)# commit Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
166 OL-26077-02
Configuring Hierarchical Modular QoS
Configuring the Three-Parameter SchedulerCommand or Action Purpose
Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
SIP 700 for the ASR 9000
SUMMARY STEPS
1. configure
2. policy-map policy-name
3. class class-name
4. bandwidth {rate [units] | percent percentage-value} or bandwidth remaining [percent percentage-value
| ratio ratio-value] or shape average {percent percentage | rate [units]}
5. exit
6. policy-map policy-name
7. class class-default
8. shape average {percent percentage | rate [units]}
9. service-policy policy-map-name
10. end
11. or commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 167
Configuring Hierarchical Modular QoS
Configuring the Three-Parameter SchedulerCommand or Action Purpose
policy-map policy-name Creates or modifies the bottom-level policy.
Example:
RP/0/RSP0/CPU0:router(config)# policy-map
bottom-child
Step 2
Assignsthe traffic classthat you specify to the policy map. Enters
policy map class configuration mode.
class class-name
Example:
RP/0/RSP0/CPU0:router(config-pmap)# class
Bronze
Step 3
Specifies the minimum bandwidth allocated to a class as a
percentage of link bandwidth.
bandwidth {rate [units] | percent percentage-value}
or bandwidth remaining [percent percentage-value
Step 4
| ratio ratio-value] or shape average {percent
percentage | rate [units]}
Specifies how to allocate excess bandwidth to a class.
Specifies maximum bandwidth as a percentage of link bandwidth
(when other classes are not using all of their bandwidth share).
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
Note You must configure at least one of the three
bandwidth percent 30 parameters.
or
RP/0/RSP0/CPU0:router(config-pmap-c)#
bandwidth remaining percent 80
or
RP/0/RSP0/CPU0:router(config-pmap-c)# shape
average percent 50
exit Exits policy map class configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# exit
Step 5
policy-map policy-name Creates or modifies the top-level policy.
Example:
RP/0/RSP0/CPU0:router(config-pmap)#
policy-map Top-Parent
Step 6
Step 7 class class-default Configures or modifies the parent class-default class.
Example:
RP/0/RSP0/CPU0:router(config-pmap)# class
class-default
Note You can configure only the class-default class in
a parent policy. Do not configure any other traffic
class.
shape average {percent percentage | rate [units]} (Optional) Shapes traffic to the indicated bit rate.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# shape
average 1 mbps
Step 8
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
168 OL-26077-02
Configuring Hierarchical Modular QoS
Configuring the Three-Parameter SchedulerCommand or Action Purpose
service-policy policy-map-name Applies a bottom-level policy to the top-level class-default class.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
service-policy Bottom-Child
Step 9
Step 10 end
Step 11 or commit Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# end
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before exiting
(yes/no/cancel)? [cancel]:
or
RP/0/RSP0/CPU0:router(config-pmap-c)# commit Entering yes saves configuration changes to the running
configuration file, exits the configuration session, and
returns the router to EXEC mode.
Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
Entering cancel leavesthe router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Attaching Hierarchical Policies to Physical and Virtual Links
To attach hierarchical policies to interfaces, subinterfaces, virtual circuits, and virtual LANs, use the
service-policy {input | output} policy-map-name command.
SUMMARY STEPS
1. configure
2. interface type interface-path-id
3. service-policy {input | output} policy-map-name
4. end
5. or commit
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 169
Configuring Hierarchical Modular QoS
Attaching Hierarchical Policies to Physical and Virtual LinksDETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
interface type interface-path-id Specifies the interface to attach the hierarchical policy.
Example:
RP/0/RSP0/CPU0:router(config)#
interface pos 0/2/0/0
Step 2
service-policy {input | output} Attaches the policy map you specify.
policy-map-name
Step 3
inputApply the QoS policy to inbound packets.
Example:
RP/0/RSP0/CPU0:router(config-if)#
service-policy input All_Traffic
outputApply the QoS policy to outbound packets.
policy-map-nameName of a previously configured top-level policy
map
Step 4 end
Step 5 or commit Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
end
When you issue the end command, the system prompts you to commit
changes:
Uncommitted changes found, commit them before exiting
(yes/no/cancel)? [cancel]:
or
RP/0/RSP0/CPU0:router(config-pmap-c)#
commit
Entering yessaves configuration changesto the running configuration
file, exits the configuration session, and returns the router to EXEC
mode.
Entering no exits the configuration session and returns the router to
EXEC mode without committing the configuration changes.
Entering cancel leavesthe router in the current configuration session
without exiting or committing the configuration changes.
Use the commit command to save the configuration changes to the
running configuration file and remain within the configuration
session.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
170 OL-26077-02
Configuring Hierarchical Modular QoS
Attaching Hierarchical Policies to Physical and Virtual LinksConfiguring Enhanced Hierarchical Ingress Policing
The difference between configuring enhanced hierarchical ingress policing and configuring hierarchical ingress
policing is the addition of the child-conform-aware command.
When used in the parent policer, the child-conform-aware command preventsthe parent policer from dropping
any ingress traffic that conforms to the maximum rate specified in the child policer.
Restrictions
Enhanced Hierarchical Ingress Policing has the following limitations:
Ingress direction only.
Sum of all child policer rates cannot be greater than the parent policer rate.
Single-rate two-color policer (color blind) only.
Configurations that specify burst size in the police rate command are supported; configurations that
specify peak burst become single-rate three-color policers and are therefore rejected.
Configure the child-conform-aware command only in the parent policer.
SUMMARY STEPS
1. configure
2. policy-map policy-name
3. class class-name
4. service-policy policy-map-name
5. police rate {value [units] | percent percentage} [burst burst-size [burst-units]] [peak-rate value [units]]
[peak-burst peak-burst [burst-units]]
6. child-conform-aware
7. conform-action [drop | set options | transmit]
8. exceed-action [drop | set options | transmit]
9. end or commit
DETAILED STEPS
Command or Action Purpose
configure Enters global configuration mode.
Example:
RP/0/RSP0/CPU0:router# configure
Step 1
Step 2 policy-map policy-name Enters policy map configuration mode.
Example:
RP/0/RSP0/CPU0:router(config)# policy-map
parent
Creates or modifies a policy map that can be attached to one or
more interfaces to specify a service policy.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 171
Configuring Hierarchical Modular QoS
Configuring Enhanced Hierarchical Ingress PolicingCommand or Action Purpose
Step 3 class class-name Enters policy map class configuration mode.
Example:
RP/0/RSP0/CPU0:router(config-pmap)# class
class-default
Specifies the name of the class whose policy you want to create
or change.
Applies the bottom-level policy map to the parent class-default
class.
service-policy policy-map-name
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)#
service-policy child
Step 4
Note Do not specify an input or output
keyword.
Configures traffic policing and enters policy map police
configuration mode.
police rate {value [units] | percent percentage}
[burst burst-size [burst-units]] [peak-rate value
[units]] [peak-burst peak-burst [burst-units]]
Step 5
Example:
RP/0/RSP0/CPU0:router(config-pmap-c)# police
rate percent 50
Prevents the parent policer from dropping any ingress traffic that
conforms to the maximum rate specified in a child policer.
child-conform-aware
Example:
RP/0/RSP0/CPU0:router(config-pmap-c-police)#
child-conform-aware
Step 6
Configures the action to take on packets that conform to the rate
limit. The allowed action is:
conform-action [drop | set options | transmit]
Example:
RP/0/RSP0/CPU0:router(config-pmap-c-police)#
conform-action transmit
Step 7
transmitTransmits the packets.
Configures the action to take on packets that exceed the rate limit.
The allowed action is:
exceed-action [drop | set options | transmit]
Example:
RP/0/RSP0/CPU0:router(config-pmap-c-police)#
exceed-action drop
Step 8
dropDrops the packet.
Step 9 end or commit Saves configuration changes.
Example:
RP/0/RSP0/CPU0:router(config-pmap-c-police)#
end
When you issue the end command, the system prompts you
to commit changes:
Uncommitted changes found, commit them before
exiting(yes/no/cancel)? [cancel]:
or
RP/0/RSP0/CPU0:router(config-pmap-c-police)#
commit
Entering yes saves configuration changes to the running
configuration file, exitsthe configuration session, and returns
the router to EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
172 OL-26077-02
Configuring Hierarchical Modular QoS
Configuring Enhanced Hierarchical Ingress PolicingCommand or Action Purpose
Entering no exits the configuration session and returns the
router to EXEC mode without committing the configuration
changes.
Entering cancel leaves the router in the current configuration
session without exiting or committing the configuration
changes.
Use the commit command to save the configuration changes
to the running configuration file and remain within the
configuration session.
Two-Level Hierarchical Queueing Policy: Example
The following example shows a two-level policy applied at the Multilink Frame Relay main interface. The
same policy can be applied at Multilink PPP main interface.
class-map match-any video
match precedence 1
end-class-map
!
class-map match-any premium
match precedence 2 3
end-class-map
!
class-map match-any voice-ip
match precedence 0
end-class-map
!
class-map match-any best-effort
match precedence 4
end-class-map
policy-map parent_shape
class class-default
service-policy child_policy
shape average percent 90
!
end-policy-map
!
policy-map child_policy
class voice-ip
priority level 1
police rate percent 20
!
!
class video
bandwidth percent 40
!
class premium
bandwidth percent 10
random-detect precedence 2 10 ms 100 ms
random-detect precedence 3 20 ms 200 ms
queue-limit 200 ms
!
class best-effort
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 173
Configuring Hierarchical Modular QoS
Two-Level Hierarchical Queueing Policy: Examplebandwidth percent 20
queue-limit 200 ms
!
class class-default
!
end-policy-map
!
interface Multilink0/2/1/0/1
service-policy output parent_shape
encapsulation frame-relay
frame-relay intf-type dce
Three-Level Hierarchical Queueing Policy: Examples
Three-Level Hierarchical Queueing Policy: Examples
In this example, policy grand-parent is applied to the main Ethernet interface. The grand-parent policy limits
all outbound traffic of the interface up to 500 Mbps. The parent policy has class vlan1 and vlan2, and traffic
in vlan1 or vlan2 is limited to 40 percent of 500 Mbps. The policy child_policy classifies traffic based on
different services and allocates bandwidth for each class accordingly.
class-map match-any video
match precedence 1
end-class-map
!
class-map match-any premium
match precedence 2 3
end-class-map
!
class-map match-any voice-ip
match precedence 0
end-class-map
!
class-map match-any best-effort
match precedence 4
end-class-map
class-map match-any vlan1
match vlan 1
end-class-map
class-map match-any vlan2
match vlan 2
end-class-map
policy-map grand-parent
class class-default
shape average 500 Mbps
service-policy parent
!
end-policy-map
policy-map parent
class vlan1
service-policy child_policy
shape average percent 40
!
class vlan2
service-policy child_policy
shape average percent 40
!
end-policy-map
!
policy-map child_policy
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
174 OL-26077-02
Configuring Hierarchical Modular QoS
Three-Level Hierarchical Queueing Policy: Examplesclass voice-ip
priority level 1
police rate percent 20
!
!
class video
bandwidth percent 40
!
class premium
bandwidth percent 10
random-detect precedence 2 10 ms 100 ms
random-detect precedence 3 20 ms 200 ms
queue-limit 200 ms
!
class best-effort
bandwidth percent 20
queue-limit 200 ms
!
class class-default
!
end-policy-map
interface GigabitEthernet0/0/0/9
service-policy output grand-parent
SIP 700 for the ASR 9000
In this example, the policy parent_policy is applied to the Multilink Frame Relay main interface. The policy
parent_policy hastwo classes, which match on Frame Relay DLCIs. The Multilink Frame Relay main interface
has two Frame Relay PVCs configured (DLCI 16, DLCI 17).
interface Multilink0/2/1/0/1
mtu 1504
service-policy output parent_policy
encapsulation frame-relay
frame-relay intf-type dce
!
policy-map parent_policy
class parentQ_1
service-policy child_queuing_policy
shape average 64 kbps
!
class parentQ_2
service-policy child_queuing_policy
shape average 1 mbps
!
class class-default
!
end-policy-map
!
class-map match-any parentQ_1 <----- class map parent class dlci=16
match frame-relay dlci 16
end-class-map
!
class-map match-any parentQ_2 <----- class map parent class dlci=17
match frame-relay dlci 17
end-class-map
!
interface Multilink0/2/1/0/1.16 point-to-point <------ dlci 16 pvc config
ipv4 address 192.1.1.1 255.255.255.0
pvc 16
encap cisco
!
!
interface Multilink0/2/1/0/1.17 point-to-point <------ dlci 17 pvc config
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 175
Configuring Hierarchical Modular QoS
Three-Level Hierarchical Queueing Policy: Examplesipv4 address 192.1.2.1 255.255.255.0
pvc 17
encap cisco
!
!
policy-map child_queuing_policy <--------- child policy map
class voice-ip
priority level 1
police rate percent 20
!
!
class video
bandwidth percent 40
!
class premium
service-policy gchild_policy
bandwidth percent 10
random-detect discard-class 2 10 ms 100 ms
random-detect discard-class 3 20 ms 200 ms
queue-limit 200 ms
!
class best-effort
bandwidth percent 20
queue-limit 200 ms
!
class class-default
!
end-policy-map
!
policy-map gchild_policy <-------- grandchild policy map
class premium_g1
police rate percent 10
!
set discard-class 2
!
class premium_g2
police rate percent 50
!
set discard-class 3
!
class class-default
!
end-policy-map
!
show run class-map <----------- shows all class-map configs
Mon Aug 2 11:35:19.479 UTC
class-map match-any video
match precedence 1
end-class-map
!
class-map match-any premium
match precedence 2 3
end-class-map
!
class-map match-any voice-ip
match precedence 0
end-class-map
!
class-map match-any parentQ_1
match frame-relay dlci 16
end-class-map
!
class-map match-any parentQ_2
match frame-relay dlci 17
end-class-map
!
class-map match-any premium_g1
match precedence 2
end-class-map
!
class-map match-any premium_g2
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
176 OL-26077-02
Configuring Hierarchical Modular QoS
Three-Level Hierarchical Queueing Policy: Examplesmatch precedence 3
end-class-map
!
class-map match-any best-effort
match precedence 4
end-class-map
Three-Parameter Scheduler: Examples
Three-Parameter Scheduler: Examples
This example shows how to configure a three-parameter scheduler in a two-level hierarchical policy.
policy-map Bottom-ChildA
class A1
shape average 400 kbps
class A2
shape average 400 kbps
policy-map Bottom-ChildB
class B1
shape average 250 kbps
class B2
shape average 450 kbps
policy-map Top-Parent
class parentA
shape average 500 kbps
bandwidth percent 30
bandwidth remaining percent 80
service-policy Bottom-ChildA
class parentB
shape average 500 kbps
bandwidth percent 60
bandwidth remaining percent 10
service-policy Bottom-ChildB
SIP 700 for the ASR 9000
This example shows how to configure a three-parameter scheduler in a two-level hierarchical policy.
policy-map Bottom-Child
class A
bandwidth percent 30
bandwidth remaining percent 80
shape average percent 50
class B
bandwidth percent 60
bandwidth remaining percent 10
class class-default
exit
policy-map Top-Parent
class-default
shape average 1 mbps
service-policy Bottom-Child
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 177
Configuring Hierarchical Modular QoS
Three-Parameter Scheduler: ExamplesHierarchical Policing: Examples
Hierarchical Policing: Examples
This example shows a two-level policy with police actions at each level. There are two classes in the top level,
one for each customer. Aggregated traffic from each customer is subject to a rate limit as specified by the
police rate command in the top level. Traffic in different classesin the bottom level islimited by an additional
set of police actions to control different types of traffic for each customer.
class-map match-any customera
match vlan 10-14
class-map match-any customerb
match vlan 15-19
class-map match-any prec1
match precedence 1
class-map match-any prec3
match precedence 3
policy-map parent
class customera
service-policy childa
bandwidth remaining ratio 10
police rate percent 50
conform-action transmit
exceed-action drop
class customerb
service-policy childb
bandwidth remaining ratio 100
police rate percent 70
conform-action transmit
exceed-action drop
policy-map childa
class prec1
police rate percent 25
conform-action transmit
exceed-action drop
class prec3
police rate percent 25
conform-action transmit
exceed-action drop
policy-map childb
class prec1
police rate percent 30
conform-action transmit
exceed-action drop
class prec3
police rate percent 30
conform-action transmit
exceed-action drop
SIP 700 for the ASR 9000
In this example, policers are specified in the policy child in class Prec1 and class Prec3, and also in the
class-default in the policy parent. The policers in the child policy, police traffic in class Prec1 at 30 percent
(of 50 percent), police traffic in class Prec3 at 60 percent (of 50 percent) and police any other traffic at 10
percent (of 50 percent). Cumulatively, all traffic on the interface is policed at 50 percent of the interface rate
by the policer in the parent policy.
class-map match-any prec1
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
178 OL-26077-02
Configuring Hierarchical Modular QoS
Hierarchical Policing: Examplesmatch precedence 1
class-map match-any prec3
match precedence 3
policy-map parent
class class-default
service-policy child
police rate percent 50
conform-action transmit
exceed-action drop
policy-map child
class prec1
police rate percent 30
conform-action transmit
exceed-action drop
class prec3
police rate percent 60
conform-action transmit
exceed-action drop
class class-default
police rate percent 10
conform-action transmit
exceed-action drop
Attaching Service Policies to Physical and Virtual Links: Examples
Physical Link: Example
In this example, the p1 policy is applied to a Gigabit Ethernet interface:
interface gigabitethernet 0/2/0/0
service-policy input p1
Virtual Link: Example
In this example, the p2 policy is applied to the private virtual circuit (PVC) under a multilink Frame Relay
subinterface. A QoS policy can be applied only to a PVC under a Frame Relay subinterface; it cannot be
applied directly to a Frame Relay subinterface.
interface Multilink0/2/1/0/1.16 point-to-point
encapsulation frame-relay
ipv4 address 192.1.1.1 255.255.255.0
pvc 16
service-policy output p2
encap cisco
Enhanced Hierarchical Ingress Policing: Example
This example shows parent and child policies in which two classes are defined in the child policy. In class
AF1, the exceed action is set to an action other than to drop traffic.
If the child-conform-aware command were not configured in the parent policy, the parent policer would drop
traffic that matches the conform rate of the child policer but exceeds the conform rate of the parent policer.
When used in the parent policer, the child-conform-aware command preventsthe parent policer from dropping
any ingress traffic that conforms to the committed rate specified in the child policer.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 179
Configuring Hierarchical Modular QoS
Attaching Service Policies to Physical and Virtual Links: ExamplesIn this example, class EF in the child policy is configured with a committed rate of 1 Mbps, a conform action
and an exceed action. The traffic that is below 1 Mbps is presented to the parent policer with the MPLS EXP
bit set to 4, and traffic that exceeds 1 Mbps is dropped.
Class AF1 in the child policy is configured with a committed rate of 1 Mbps, a conform action and an exceed
action. The traffic that is below 1 Mbps is presented to the parent policer with the MPLS EXP bit set to 3,
and traffic that exceeds 1 Mbps is presented to the parent policer with the MPLS EXP bit set to 2.
With this child policy configuration, the parent policer sees traffic from the child classes as exceeding its
committed rate of 2 Mbps. Without the child-conform-aware command in the parent policer, the parent
polices to 2 Mbps, which can result into dropping some conformed traffic from class EF in the child policy.
When the child-conform-aware command is configured in the parent policer, the parent policer does not
drop any traffic that conforms under the child policy.
policy-map parent
class class-default
service-policy child
police rate 2 mbps
child-conform-aware
conform-action transmit
exceed-action drop
policy-map child
class EF
police rate 1 mbps
conform-action set mpls experimental imposition 4
exceed-action drop
class AF1
police rate 1 mbps
conform-action set mpls experimental imposition 3
exceed-action set mpls experimental imposition 2
Verifying the Configuration of Hierarchical Policies
To verify hierarchical policies, enter any of the following commands in privileged EXEC mode:
Displays policy configuration information for all
classes configured for all service policies on the
specified interface.
show policy-map interface
Displays QoS information for all classesin the service
policy that is attached to the specified interface.
show qos interface
Displays the configuration of all class maps
configured on the router.
show running-config class-map
Displays the configuration of all policy maps
configured on the router.
show running-config policy-map
Displays the configuration of all classes contained in
the policy map you specify.
show running-config policy-map policy-map-name
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
180 OL-26077-02
Configuring Hierarchical Modular QoS
Verifying the Configuration of Hierarchical PoliciesAdditional References
The following sections provide references related to implementing Hierarchical QoS.
Related Documents
Related Topic Document Title
Cisco ASR 9000 Series Aggregation Services Router Getting
Started Guide
Initial system bootup and configuration
Cisco ASR 9000 Series Aggregation Services Router Master
Command Listing
Master command reference
Cisco ASR 9000 Series Aggregation Services Router
Modular Quality of Service Command Reference
QoS commands
Configuring AAA Services on Cisco ASR 9000 Series
Router module of Cisco Cisco ASR 9000 Series
Aggregation Services Router System Security Configuration
Guide
User groups and task IDs
Standards
Standards Title
No new or modified standards are supported by
this feature, and support for existing standards
has not been modified by this feature.
MIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the following
URL and choose a platform under the Cisco Access
Products menu: http://cisco.com/public/sw-center/netmgmt/
cmtk/mibs.shtml
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 181
Configuring Hierarchical Modular QoS
Additional ReferencesRFCs
RFCs Title
No new or modified RFCs are supported by this
feature, and support for existing RFCs has not
been modified by this feature.
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical
content, including links to products,
technologies,solutions, technical tips, and tools.
Registered Cisco.com users can log in from this
page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
182 OL-26077-02
Configuring Hierarchical Modular QoS
RFCsC H A P T E R 8
Configuring Modular QoS on Link Bundles
A link bundle is a group of one or more ports that are aggregated together and treated as a single link. This
module describes QoS on link bundles.
Line Card, SIP, and SPA Support
Feature ASR 9000 Ethernet Line Cards SIP 700 for the ASR 9000
QoS on Link Bundles yes yes
Feature History for Configuring QoS on Link Bundles on Cisco ASR 9000 Series Routers
Release Modification
The QoS on Link Bundles feature was introduced on ASR 9000 Ethernet Line
Cards.
Release 3.9.0
Link Bundling Overview, page 183
Load Balancing, page 184
QoS and Link Bundling, page 185
Additional References, page 186
Link Bundling Overview
The Link Bundling feature allows you to group multiple point-to-point links together into one logical link
and provide higher bidirectional bandwidth, redundancy, and load balancing between two routers. A virtual
interface is assigned to the bundled link. The component links can be dynamically added and deleted from
the virtual interface.
The virtual interface istreated as a single interface on which one can configure an IP address and othersoftware
features used by the link bundle. Packetssent to the link bundle are forwarded to one of the linksin the bundle.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 183A link bundle is simply a group of ports that are bundled together and act as a single link. The advantages of
link bundles are as follows:
Multiple links can span several line cards to form a single interface. Thus, the failure of a single link
does not cause a loss of connectivity.
Bundled interfaces increase bandwidth availability, because traffic is forwarded over all available
members of the bundle. Therefore, traffic can flow on the available links if one of the links within a
bundle fails. Bandwidth can be added without interrupting packet flow.
All the individual links within a single bundle must be of the same type and the same speed.
Cisco IOS XR software supports the following methods of forming bundles of Ethernet interfaces:
IEEE 802.3adStandard technology that employs a Link Aggregation Control Protocol (LACP) to
ensure that all the member links in a bundle are compatible. Links that are incompatible or have failed
are automatically removed from a bundle.
EtherChannel Cisco proprietary technology that allows the user to configure links to join a bundle,
but has no mechanisms to check whether the links in a bundle are compatible.
Load Balancing
Load balancing is supported on all links in the bundle. Load balancing function is a forwarding mechanism
to distribute traffic over multiple links based on layer 3 routing information in the router. There are two types
of load balancing schemes:
Per-Destination Load Balancing
Per-Packet Load Balancing
When a traffic stream arrives at the router, per-packet load balancing allows the traffic to be evenly distributed
among multiple equal cost links. Per-packet schemes make routing decision based on round-robin techniques,
regardless of the individual source-destination hosts.
Only Per-Destination Load Balancing is supported.
Per-destination load balancing allows the router to distribute packets over one of the links in the bundle to
achieve load sharing. The scheme isrealized through a hash calculating based on the source-destination address
and user sessions.
When the per-destination load balancing is enabled, all packets for a certain source-destination pair will go
through the same link, though there are multiple links available. In other words, per-destination load balancing
can ensure that packets for a certain source-destination pair could arrive in order.
Layer 3 Load Balancing on Link Bundles
By default, load balancing on Layer 2 link bundles is done based on the MAC SA/DA fields in the packet
header. Layer 3 load balancing for link bundles is done on Ethernet Flow Points (EFPs) and is based on the
IPv4 source and destination addressesin the packet.When Layer 3 service-specific load balancing is configured,
all egressing bundles are load balanced based on the IPv4 source and destination addresses. When packets do
not have IPv4 addresses, default load-balancing is used.
Layer 3 load balancing for link bundles is enabled globally, using the following command:
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
184 OL-26077-02
Configuring Modular QoS on Link Bundles
Load Balancinghw-module load-balance bundle l2-service l3-params
QoS and Link Bundling
All Quality of Service (QoS) features, currently supported on physical interfaces and subinterfaces, are also
supported on all Link Bundle interfaces and subinterfaces. QoS is configured on Link Bundles in the same
way that it is configured on individual interfaces. However, the following points should be noted:
When a QoS policy is applied on a bundle (ingress or egress directions), the policy is applied at each
member interface. Any queues and policers in the policy map (ingress or egress directions) will be
replicated on each bundle member.
If a QoS policy is not applied to a bundle interface or bundle VLAN, both the ingress and egress traffic
will use the per link members port default queue.
Link bundle members may appear across multiple Network Processing Units and linecards. The shape
rate specified in the bundle policymap is not an aggregate for all bundle members. The shape rate applied
to the bundle will depend on the load balancing of the links. For example, if a policy map with a shape
rate of 10 Mbps is applied to a bundle with two member links, and if the traffic is always load-balanced
to the same member link, then an overall rate of 10 Mbps will apply to the bundle. However, if the traffic
is load-balanced evenly between the two links, the overall shape rate for the bundle will be 20 Mbps.
Example 1 shows how a traffic policy is applied on an Ethernet link bundle, in the ingress direction. The
policy is applied to all interfaces that are members of the Ethernet link bundle.
Example 1 Applying a Traffic Policy to an Ethernet Link Bundle
interface Bundle-Ether bundle-id
service-policy input policy-1
end
QoS for POS link bundling
For POS link bundles, percentage based bandwidth is supported for policers and output queues. Time based
queue limit is supported for output queues.
Input QoS Policy setup
For input QoS, queuing is not supported and thus bandwidth is used for policer only. As a member link is
added or removed from a bundle with input QoS configured, the aggregate bundle bandwidth for that affected
line card will change. One input QoS policy instance is assigned for each SIP 700 line card that is part of the
POS link bundle.
Output QoS Policy setup
When a member link is added to a bundle with output QoS configured, the policy-map of the bundle is applied
to the member link.
Example 2 shows the output QoS policy supported on POS link bundles.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 185
Configuring Modular QoS on Link Bundles
QoS and Link BundlingExample 2 Output QoS policy supported on POS link bundles
policy-map out-sample
class voice
priority level 1
police rate percent 10
class premium
bandwidth percent 30
queue-limit 100 ms
class class-default
queue-limit 100 ms
Additional References
The following sections provide references related to implementing QoS on Link Bundles.
Related Documents
Related Topic Document Title
Cisco ASR 9000 Series Aggregation Services Router Getting
Started Guide
Initial system bootup and configuration
Configuring Link Bundling on the Cisco ASR 9000 Series
Router module of Cisco ASR 9000 Series Aggregation
Services Router Interface and Hardware Component
Configuration Guide
Link Bundling
Cisco ASR 9000 Series Aggregation Services Router Master
Command Listing
Master command reference
Cisco ASR 9000 Series Aggregation Services Router
Modular Quality of Service Command Reference
QoS commands
Configuring AAA Services on Cisco ASR 9000 Series
Router module of Cisco Cisco ASR 9000 Series
Aggregation Services Router System Security Configuration
Guide
User groups and task IDs
Standards
Standards Title
No new or modified standards are supported by
this feature, and support for existing standards
has not been modified by this feature.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
186 OL-26077-02
Configuring Modular QoS on Link Bundles
Additional ReferencesMIBs
MIBs MIBs Link
To locate and download MIBs using Cisco IOS XR
software, use the Cisco MIB Locator found at the following
URL and choose a platform under the Cisco Access
Products menu: http://cisco.com/public/sw-center/netmgmt/
cmtk/mibs.shtml
RFCs
RFCs Title
No new or modified RFCs are supported by this
feature, and support for existing RFCs has not
been modified by this feature.
Technical Assistance
Description Link
The Cisco Technical Support website contains http://www.cisco.com/techsupport
thousands of pages of searchable technical
content, including links to products,
technologies,solutions, technical tips, and tools.
Registered Cisco.com users can log in from this
page to access even more content.
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 187
Configuring Modular QoS on Link Bundles
MIBs Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
188 OL-26077-02
Configuring Modular QoS on Link Bundles
Technical AssistanceI N D E X
802.1ad DEI 140
A
AN ports 11
ANCP 11
ANCP adjacencies 9, 35
ANCP Adjacencies 10
ancp command 14
ANCP neighbors 16
ANCP Neighbors 22
ANCP Rate Adjustment 21, 26
ancp rate-adjustment command 21
ANCP Server Sender Name 22
B
bandwidth command 67, 70, 71
Be 63
calculating 63
metering 63
See also excess burst.[Be 63
zzz] 63
bundle interfaces 101
C
calculating 63
committed burst 63
excess burst 63
CBS, See committed burst. 62
class-based packet marking 118, 119, 120
configuring 118
set qos-group command 119, 120
class-map command 108
classification 2, 100, 101
QoS group 100
See IP precedence 101
classification (continued)
summary 2
clear ancp neighbor 17, 18
clear ancp summary statistics 17, 18
commands 64
show interface 64
committed burst 62, 63
burst size 62
calculating 63
Configuring ANCP 10
conforming traffic 62
metering and conforming token bucket 62
congestion avoidance 4, 37
description 37
summary 4
CoS (class of service), defining classes 101
D
default marking behavior 3
default traffic class 98
summary 98
tail drop 98
DEI 66, 102, 103
classification 102
congestion management 66
default marking 103
differentiated service model, classification 101
E
EBS, See excess burst size. 63
Enabling ANCP 14
enhanced hierarchical ingress policing 171
configuring 171
exceeding token bucket 63
excess burst 63
calculation of 63
default size 63
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 IN-1excess burst (continued)
police command 63
size 63
F
Frame Relay QoS 141
G
granularity 66
policer 66
H
hierarchical ingress policing 65, 92
example 92
hierarchical policies 169, 180
attaching 169
verifying 180
I
in-place policy modification 106, 134
(examples) 134
description 106
interface submode 113, 114, 115, 116, 117
service-policy command 113, 114, 115, 116, 117
interfaces 183
Link Bundling 183
IP header compression 145
IP precedence 100, 101, 102
QoS features supported 102
reset recommendation 102
default 102
edge router function 101
low-latency queueing (LLQ) 100
packet classification 101
IPv6 ACLs, QoS matching 96
L
L2VPN QoS 146
M
mapping 11
Mapping AN ports 18, 25
match access-group command 108, 109
match cos command 108, 109
match discard-class command 108, 109
match dscp command 108, 109
match precedence command 108, 110
match protocol command 108, 110
match qos-group command 108, 110
match vlan command 108, 110
MC-LAG 12
MLFR QoS 149
monitoring 64
bursts 64
MPLS QoS 151
MQC (modular QoS command-line interface), description 5
Multicast VPN 156
multiclass MLPPP with QoS 150
N
Neighbor Adjacency Timing 10
NxDS0 interfaces 158
P
packets 64
conforming or exceeding, determining 64
partitioning network, QoS packet marking 100
policers and shapers, description 55
policing 63
excess burst 63
policy map class submode 45, 46, 67, 70, 71, 119, 120, 121
bandwidth command 67, 70, 71
set cos command 119, 120, 121
set discard-class command 119, 121
set srp-priority command 119, 121
shape average command 45, 46
Port Down messages 11
Port Mapping 11
process restart 12
provider backbone bridge 3
default marking behavior 3
Q
QoS (Quality of Service) 1, 2, 4, 55, 100
benefits 2
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
IN-2 OL-26077-02
IndexQoS (Quality of Service) (continued)
characteristics 1
congestion mechanisms, policers and shapers 55
features 4, 100
class-based packet marking 100
traffic policing 4
traffic shaping 4
techniques 4, 55
congestion management 4, 55
queueing 55, 56
scheduling mechanism 55
strict priority 56
R
Rate Adjustment 11
RFC 791, Internet Protocol 101
S
service models, end-to-end, differentiated service 4
service-policy command 113, 114, 115, 116, 117
set cos command 119, 120, 121
set discard-class command 119, 121
set srp-priority command 119, 121
shape average command 45, 46
shape rate 11
show ancp neighbor 17, 18
show ancp neighbor summary 17, 18
show interface command 64
show policy-map interface command 113, 114, 115, 116, 117, 118
T
token bucket 62
traffic class 97, 107
creating 107
major elements 97
traffic policer 58, 59, 64, 65
single-rate, two color policer 59
two-rate, three-color policer 64
peak information rate (PIR) 58
purpose 65
traffic policers and traffic shapers, use of traffic descriptor 97
traffic policing 4, 58, 59, 65
single-rate token bucket 59
description 58
packet marking 65
summary 4
traffic policy 98, 111, 113
attaching to an interface 113
creating 111
maximum number of traffic classes 98
purpose 98
traffic shaping 57
description 57
enabled 57
V
verifying 180
hierarchical policies 180
VLAN subinterfaces 18
VPLS QoS 159
Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release 4.2.x
OL-26077-02 IN-3
Index Cisco ASR 9000 Series Aggregation Services Router Modular Quality of Service Configuration Guide, Release
4.2.x
IN-4 OL-26077-02
Index
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
Cisco IOS XR XML API Guide
Cisco IOS XR Software Release 4.1
April 2011
Text Part Number: OL-24657-01THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED
WITH THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED
WARRANTY, CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCBs public domain version
of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED AS IS WITH ALL
FAULTS. CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE
PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Cisco and the Cisco Logo are trademarks of Cisco Systems, Inc. and/or its affiliates in the U.S. and other countries. A listing of Cisco's trademarks can be found at
www.cisco.com/go/trademarks. Third party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship
between Cisco and any other company. (1005R)
Any Internet Protocol (IP) addresses used in this document are not intended to be actual addresses. Any examples, command display output, and figures included in the document are
shown for illustrative purposes only. Any use of actual IP addresses in illustrative content is unintentional and coincidental.
Cisco IOS XR XML API Guide
© 2011 Cisco Systems, Inc. All rights reserved.1
Cisco IOS XR XML API Guide
OL-24657-01
C O N T E N T S
Preface ix
Changes to This Document ix
Obtaining Documentation and Submitting a Service Request ix
C H A P T E R 1 Cisco XML API Overview 1-1
Introduction 1-1
Definition of Terms 1-1
Cisco Management XML Interface 1-2
Cisco XML API and Router System Features 1-3
Cisco XML API Tags 1-3
Basic XML Request Content 1-4
Top-Level Structure 1-4
XML Declaration Tag 1-5
Request and Response Tags 1-5
ResultSummary Tag 1-5
Maximum Request Size 1-6
Minimum Response Content 1-6
Operation Type Tags 1-8
Native Data Operation Tags 1-8
Configuration Services Operation Tags 1-9
CLI Operation Tag 1-9
GetNext Operation Tag 1-9
Alarm Operation Tags 1-10
XML Request Batching 1-10
C H A P T E R 2 Cisco XML Router Configuration and Management 2-13
Target Configuration Overview 2-13
Configuration Operations 2-14
Additional Configuration Options Using XML 2-14
Locking the Running Configuration 2-15
Browsing the Target or Running Configuration 2-15
Getting Configuration Data 2-16
Browsing the Changed Configuration 2-17
Loading the Target Configuration 2-19Contents
2
Cisco IOS XR XML API Guide
OL-24657-01
Setting the Target Configuration Explicitly 2-20
Saving the Target Configuration 2-21
Committing the Target Configuration 2-22
Commit Operation 2-22
Commit Errors 2-25
Loading a Failed Configuration 2-27
Unlocking the Running Configuration 2-28
Additional Router Configuration and Management Options Using XML 2-28
Getting Commit Changes 2-29
Loading Commit Changes 2-30
Clearing a Target Session 2-32
Rolling Back Configuration Changes to a Specified Commit Identifier 2-33
Rolling Back the Trial Configuration Changes Before the Trial Time Expires 2-33
Rolling Back Configuration Changes to a Specified Number of Commits 2-34
Getting Rollback Changes 2-35
Loading Rollback Changes 2-36
Getting Configuration History 2-38
Getting Configuration Commit List 2-41
Getting Configuration Session Information 2-43
Clear Configuration Session 2-44
Replacing the Current Running Configuration 2-45
Clear Configuration Inconsistency Alarm 2-46
C H A P T E R 3 Cisco XML Operational Requests and Fault Management 3-49
Operational Get Requests 3-49
Action Requests 3-50
Cisco XML and Fault Management 3-51
Configuration Change Notification 3-51
C H A P T E R 4 Cisco XML and Native Data Operations 4-53
Native Data Operation Content 4-53
Request Type Tag and Namespaces 4-54
Object Hierarchy 4-54
Main Hierarchy Structure 4-55
Dependencies Between Configuration Items 4-58
Null Value Representations 4-58
Operation Triggering 4-58
Native Data Operation Examples 4-59
Set Configuration Data Request: Example 4-60Contents
3
Cisco IOS XR XML API Guide
OL-24657-01
Get Request: Example 4-62
Get Request of Nonexistent Data: Example 4-63
Delete Request: Example 4-65
GetDataSpaceInfo Request Example 4-66
C H A P T E R 5 Cisco XML and Native Data Access Techniques 5-67
Available Set of Native Data Access Techniques 5-67
XML Request for All Configuration Data 5-68
XML Request for All Configuration Data per Component 5-68
XML Request for All Data Within a Container 5-69
XML Request for Specific Data Items 5-71
XML Request with Combined Object Class Hierarchies 5-72
XML Request Using Wildcarding (Match Attribute) 5-75
XML Request for Specific Object Instances (Repeated Naming Information) 5-79
XML Request Using Operation Scope (Content Attribute) 5-82
Limiting the Number of Table Entries Returned (Count Attribute) 5-83
Custom Filtering (Filter Element) 5-85
XML Request Using the Mode Attribute 5-86
C H A P T E R 6 Cisco XML and Encapsulated CLI Operations 6-91
XML CLI Command Tags 6-91
CLI Command Limitations 6-92
C H A P T E R 7 Cisco XML and Large Data Retrieval 7-93
Iterators 7-93
Usage Guidelines 7-93
Examples Using Iterators to Retrieve Data 7-94
Large Response Division 7-97
Terminating an Iterator 7-97
Throttling 7-98
CPU Throttle Mechanism 7-99
Memory Throttle Mechanism 7-99
Streaming 7-99
Usage Guidelines 7-99
C H A P T E R 8 Cisco XML Security 8-101
Authentication 8-101
Authorization 8-101Contents
4
Cisco IOS XR XML API Guide
OL-24657-01
Retrieving Task Permissions 8-102
Task Privileges 8-102
Task Names 8-103
Authorization Failure 8-104
Management Plane Protection 8-104
Inband Traffic 8-104
Out-of-Band Traffic 8-104
VRF 8-105
Access Control List 8-105
C H A P T E R 9 Cisco XML Schema Versioning 9-107
Major and Minor Version Numbers 9-107
Run-Time Use of Version Information 9-108
Placement of Version Information 9-109
Version Lag with the AllowVersionMisMatch Attribute Set as TRUE 9-110
Version Lag with the AllowVersionMismatch Attribute Set as FALSE 9-111
Version Creep with the AllowVersionMisMatch Attribute Set as TRUE 9-112
Version Creep with the AllowVersionMisMatch Attribute Set as FALSE 9-113
Retrieving Version Information 9-113
Retrieving Schema Detail 9-115
C H A P T E R 10 Alarms 10-117
Alarm Registration 10-117
Alarm Deregistration 10-118
Alarm Notification 10-119
C H A P T E R 11 Error Reporting in Cisco XML Responses 11-121
Types of Reported Errors 11-121
Error Attributes 11-122
Transport Errors 11-122
XML Parse Errors 11-122
XML Schema Errors 11-123
Operation Processing Errors 11-125
Error Codes and Messages 11-126Contents
5
Cisco IOS XR XML API Guide
OL-24657-01
C H A P T E R 12 Summary of Cisco XML API Configuration Tags 12-127
C H A P T E R 13 XML Transport and Event Notifications 13-129
TTY-Based Transports 13-129
Enabling the TTY XML Agent 13-129
Enabling a Session from a Client 13-129
Sending XML Requests and Receiving Responses 13-130
Configuring Idle Session Timeout 13-130
Ending a Session 13-130
Errors That Result in No XML Response Being Produced 13-130
Dedicated Connection Based Transports 13-131
Enabling the Dedicated XML Agent 13-131
Enabling a Session from a Client 13-131
Sending XML Requests and Receiving Responses 13-132
Configuring Idle Session Timeout 13-132
Ending a Session 13-132
Errors That Result in No XML Response Being Produced 13-132
SSL Dedicated Connection based Transports 13-132
Enabling the SSL Dedicated XML Agent 13-133
Enabling a Session from a Client 13-133
Sending XML Requests and Receiving Responses 13-133
Configuring Idle Session Timeout 13-133
Ending a Session 13-134
Errors That Result in No XML Response Being Produced 13-134
C H A P T E R 14 Cisco XML Schemas 14-135
XML Schema Retrieval 14-135
Common XML Schemas 14-136
Component XML Schemas 14-136
Schema File Organization 14-136
Schema File Upgrades 14-137
C H A P T E R 15 Network Configuration Protocol 15-139
Starting a NETCONF Session 15-139
Ending a NETCONF Agent Session 15-140
Starting an SSH NETCONF Session 15-140
Ending an SSH NETCONF Agent Session 15-141
Configuring a NETCONF agent 15-141Contents
6
Cisco IOS XR XML API Guide
OL-24657-01
Limitations of NETCONF in Cisco IOS XR 15-142
Configuration Datastores 15-142
Configuration Capabilities 15-142
Transport (RFC4741 and RFC4742) 15-142
Subtree Filtering (RFC4741) 15-142
Protocol Operations (RFC4741) 15-144
Event Notifications (RFC5277) 15-145
C H A P T E R 16 Cisco IOS XR Perl Scripting Toolkit 16-147
Cisco IOS XR Perl Scripting Toolkit Concepts 16-148
Security Implications for the Cisco IOS XR Perl Scripting Toolkit 16-148
Prerequisites for Installing the Cisco IOS XR Perl Scripting Toolkit 16-148
Installing the Cisco IOS XR Perl Scripting Toolkit 16-149
Using the Cisco IOS XR Perl XML API in a Perl Script 16-150
Handling Types of Errors for the Cisco IOS XR Perl XML API 16-150
Starting a Management Session on a Router 16-150
Closing a Management Session on a Router 16-152
Sending an XML Request to the Router 16-152
Using Response Objects 16-153
Using the Error Objects 16-154
Using the Configuration Services Methods 16-154
Using the Cisco IOS XR Perl Data Object Interface 16-157
Understanding the Perl Data Object Documentation 16-158
Generating the Perl Data Object Documentation 16-158
Creating Data Objects 16-159
Specifying the Schema Version to Use When Creating a Data Object 16-161
Using the Data Operation Methods on a Data Object 16-161
get_data Method 16-161
find_data Method 16-162
get_keys Method 16-162
get_entries Method 16-163
set_data Method 16-163
delete_data Method 16-164
Using the Batching API 16-164
batch_start Method 16-164
batch_send Method 16-165
Displaying Data and Keys Returned by the Data Operation Methods 16-165
Specifying the Session to Use for the Data Operation Methods 16-166Contents
7
Cisco IOS XR XML API Guide
OL-24657-01
Cisco IOS XR Perl Notification and Alarm API 16-166
Registering for Alarms 16-166
Deregistering an Existing Alarm Registration 16-167
Deregistering All Registration on a Particular Session 16-167
Receiving an Alarm on a Management Session 16-167
Using the Debug and Logging Facilities 16-168
Debug Facility Overview 16-168
Logging Facility Overview 16-169
Examples of Using the Cisco IOS XR Perl XML API 16-170
Configuration Examples 16-171
Setting the IP Address of an Interface 16-171
Configuring a Simple BGP Neighbor 16-172
Adding a List of Neighbors to a BGP Neighbor Group 16-172
Displaying the Members of Each BGP Neighbor Group 16-173
Setting Up ISIS on an Interface 16-173
Finding the Circuit Type That is Currently Configured for an Interface for ISIS 16-173
Configuring a New Instance, Area, and Interface for OSPF 16-175
Getting a List of the Usernames That are Configured on the Router 16-175
Finding the IP Address of All Interfaces That Have IP Configured 16-175
Adding an Entry to the Access Control List 16-176
Denying Access to a Set of Interfaces from a Particular IP Address 16-176
Configuring a New Static Route Entry 16-177
Operational Examples 16-177
Retrieving the Operational Information for All Interfaces on the Router 16-178
Retrieving the Link State Database for a Particular Level for ISIS 16-178
Getting a List of All Interfaces on the System 16-179
Retrieving the Combined Interface and IP Information for Each Interface 16-179
Listing the Hostname and Interface for Each ISIS Neighbor 16-180
Recreating the Output of the show ip interfaces CLI Command 16-180
Producing a Textual Output Similar to the show bgp neighbors CLI Command 16-180
Displaying Tabular XML Data in a Generic HTML Table Using XSLT 16-181
Displaying the Interface State in a Customized HTML Table 16-182
Displaying the BGP Neighbor Operational Data in a Complex HTML Format 16-182
Performing Actions Whenever Certain Events Occur 16-183
Sample BGP Configuration 17-185
GL O S S A R Y
I N D E XContents
8
Cisco IOS XR XML API Guide
OL-24657-01ix
Cisco IOS XR XML API Guide
OL-24657-01
Preface
The XML application programming interface (API) is available for use on any Cisco platform running
Cisco IOS XR software. This document describes the XML API provided to developers of external
management applications. The XML interface provides a mechanism for router configuration and
monitoring using XML formatted request and response streams.
The XML schemas referenced in this guide are used by the management application developer to
integrate client applications with the router programmable interface.
The preface contains these sections:
Changes to This Document, page ix
Obtaining Documentation and Submitting a Service Request, page ix
Changes to This Document
Table 1 lists the technical changes made to this document since it was first published.
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional
information, see the monthly Whats New in Cisco Product Documentation, which also lists all new and
revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the Whats New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed
and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free
service and Cisco currently supports RSS Version 2.0.
Table 1 Changes to This Document
Revision Date Change Summary
OL-24657-01 April 2011 Initial release of this document.x
Cisco IOS XR XML API Guide
OL-24657-01
PrefaceC H A P T E R
1-1
Cisco IOS XR XML API Guide
OL-24657-01
1
Cisco XML API Overview
This chapter contains these sections:
Introduction, page 1-1
Cisco Management XML Interface, page 1-2
Cisco XML API and Router System Features, page 1-3
Cisco XML API Tags, page 1-3
Introduction
This Cisco IOS XR XML API Guide explains how to use the Cisco XML API to configure routers or
request information about configuration, management, or operation of the routers. The goal of this guide
is to help management application developers write client applications to interact with the Cisco XML
infrastructure on the router, and to use the Management XML API to build custom end-user interfaces
for configuration and information retrieval and display.
The XML application programming interface (API) provided by the router is an interface used for
development of client applications and perl scripts to manage and monitor the router. The XML interface
is specified by XML schemas. The XML API provides a mechanism, which exchanges XML formatted
request and response streams, for router configuration and monitoring.
Client applications can be used to configure the router or to request status information from the router,
by encoding a request in XML API tags and sending it to the router. The router processes the request
and sends the response to the client by again encoding the response in XML API tags. This guide
describes the XML requests that can be sent by external client applications to access router management
data, and also details the responses to the client by the router.
Customers use a variety of vendor-specific CLI scripts to manage their routers because no alternative
programmatic mechanism is available. In addition, a common framework has not been available to
develop CLI scripts. In response to this need, the XML API provides the necessary common framework
for development, deployment, and maintenance of router management.
Note The XML API code is available for use on any Cisco platform that runs Cisco IOS XR software.1-2
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 1 Cisco XML API Overview
Cisco Management XML Interface
Definition of Terms
Table 1-1 defines the words, acronyms, and actions used throughout this guide.
Cisco Management XML Interface
These topics, which are covered in detail in the sections that follow, outline information about the Cisco
Management XML interface:
High-level structure of the XML request and response streams
Operation tag types and usage, including their XML format and content
Configuring the router using:
the twostage target configuration mechanism provided by the configuration manager
features such as locking, loading, browsing, modifying, saving, and committing the
configuration
Accessing the operational data of the router with XML
Table 1-1 Definition of Terms
Term Description
AAA Authentication, authorization, and accounting.
CLI Command-line interface.
SSH Secure Shell.
SSL Secure Sockets Layer.
XML Extensible markup language.
XML agent Process on the router that receives XML requests by XML clients,
and is responsible to carry out the actions contained in the request
and to return an XML response to the client.
XML client External application that sends XML requests to the router and
receives XML responses to those requests.
XML operation Portion of an XML request that specifies an operation that the XML
client wants the XML agent to perform.
XML operation provider Code that carries out a particular XML operation including parsing
the operation XML, performing the operation, and assembling the
operation XML response.
XML request XML document sent to the router containing a number of requested
operations to be carried out.
XML response Response to an XML request.
XML schema XML document specifying the structure and possible contents of
XML elements that can be contained in an XML document.1-3
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 1 Cisco XML API Overview
Cisco XML API and Router System Features
Working with native management data object class hierarchies to:
represent native data objects in XML
use techniques, including the use of wildcards and filters, for structuring XML requests that
access the management data of interest,
Encapsulating CLI commands in XML
Error reporting to the client application
Using iterators for large scale data retrieval
Handling event notifications with XML
Enforcing authorization of client requests
Versioning of XML schemas
Generation and packaging of XML schemas
Transporting options that enable corresponding XML agents on the router
Using the Cisco IOS XR Perl Scripting Toolkit to manage a Cisco IOS XR router
Cisco XML API and Router System Features
Using the XML API, an external client application sends XML encoded management requests to an
XML agent running on the router. The XML API readily supports available transport layers including
terminal-based protocols such as Telnet, Secure Shell (SSH), dedicated-TCP connection, and Secure
Sockets Layer (SSL) dedicated TCP connection.
Before an XML session is established, the XML transport and XML agent must be enabled on the router.
For more information, see Chapter 13, XML Transport and Event Notifications.
A client request sent to the router must specify the different types of operations that are to be carried out.
Three general types of management operations supported through XML are:
Native data access (get, set, delete, and so on) using the native management data model.
Configuration services for advanced configuration management through the Configuration
Manager.
Traditional CLI access where CLI commands and command responses are encapsulated in XML.
When a client request is received by an XML agent on the router, the request is routed to the appropriate
XML operation provider in the internal Cisco XML API library for processing. After all the requested
operations are processed, the XML agent receives the result and sends the XML encoded response
stream on to the client.
Cisco XML API Tags
An external client application can access management data on the router through an exchange of
well-structured XML-tagged request and response streams. The XML tagged request and response
streams are described in these sections:
Basic XML Request Content, page 1-4
XML Declaration Tag, page 1-5
Operation Type Tags, page 1-81-4
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 1 Cisco XML API Overview
Cisco XML API Tags
XML Request Batching, page 1-10
Basic XML Request Content
This section describes the specific content and format of XML data exchanged between the client and
the router for the purpose of router configuration and monitoring.
Top-Level Structure
The top level of every request sent by a client application to the router must begin with an XML
declaration tag, followed by a request tag and one or more operation type tags. Similarly, every response
returned by the router begins with an XML declaration tag followed by a response tag, one or more
operation type tags, and a result summary tag with an error count. Each request contains operation tags
for each supported operation type; these operation type tags can be repeated. The operation type tags
contained in the response corresponds to those contained in the client request.
Sample XML Request from Client Application
.
.
.
Operation-specific content goes here
.
.
.
Sample XML Response from Router
.
.
.
Operation-specific response data returned here
.
.
.
Note All examples in this document are formatted with line breaks and white space to aid readability. Actual
XML request and response streams that are exchanged with the router do not include such line breaks
and white space characters. This is because these elements would add significantly to the size of the
XML data and impact the overall performance of the XML API. 1-5
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 1 Cisco XML API Overview
Cisco XML API Tags
XML Declaration Tag
Each request and response exchanged between a client application and the router must begin with an
XML declaration tag indicating which version of XML and (optionally) which character set is being
used:
Table 1-2 defines the attributes of the XML declaration that are defined by the XML specification.
Request and Response Tags
Following the XML declaration tag, the client application must enclose each request stream within a pair
of start and end tags. Also, the system encloses each XML response within a pair
of start and end tags. Major and minor version numbers are carried on the
and elements to indicate the overall XML API version in use by the client
application and router respectively.
The XML API presents a synchronous interface to client applications. The and tags
are used by the client to correlate request and response streams. A client application issues a request after
which, the router returns a response. The client then issues another request, and so on. Therefore, the
XML session between a client and the router consist of a series of alternating requests and response
streams.
The client application optionally includes a ClientID attribute within the tag. The value of
the ClientID attribute must be an unsigned 32-bit integer value. If the tag contains a ClientID
attribute, the router includes the same ClientID value in the corresponding tag. The
ClientID value is treated as opaque data and ignored by the router.
ResultSummary Tag
The system adds a tag immediately before the end tag to indicate the
overall result of the operation performed. This tag contains the attribute ErrorCount to indicate the total
number of errors encountered. A value of 0 indicates no errors. If applicable, the ItemNotFound or
ItemNotFoundBelow attributes are also included. See Table 1-3 for explanations of these attributes.
Sample XML Response with ResultsSummary Tag
.
.
Table 1-2 Attributes for XML Declaration
Name Description
Version Specifies the version of XML to be used. Only Version 1.0 is supported by the router.
Note The version attribute is required.
Encoding Specifies the standardized character set to be used. Only UTF-8 is supported by the
router. The router includes the encoding attribute in a response only if it is specified in
the corresponding request.
Note The encoding attribute is optional.1-6
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 1 Cisco XML API Overview
Cisco XML API Tags
Maximum Request Size
The maximum size of an XML request or response is determined by the restrictions of the underlying
transports. For more information on transport-specific limitations of request and response sizes, see
Chapter 13, XML Transport and Event Notifications.
Minimum Response Content
If a or request has nothing to return, the router returns the original request and an
appropriate empty operation type tag. The minimum response returned by the router with a single
operation or and no result data, is shown in these examples:
Sample XML Request from Client Application
.
.
.
Operation-specific content goes here
.
.
.
Sample XML Minimum Response from a Router
If a request has nothing to return, the router returns the original request with an ItemNotFound
attribute at the level.
If a request has some not found elements to return, the router returns the original request with
an ItemNotFoundBelow attribute at the level. For each requested element that is not found, the
router returns a NotFound attribute at the element level. For each requested element that is present, it
returns the corresponding data.
Table 1-3 defines the attributes when the request does not have any elements to return.
Sample XML Request from Client Application (ItemNotFound)
Table 1-3 Attributes for Elements Not Found
Attribute Description
ItemNotFound Empty response at the level.
ItemNotFoundBelow Response with some requested elements that are not found at the
level.
NotFound Requested element is not found at the element level.1-7
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 1 Cisco XML API Overview
Cisco XML API Tags
act
Loopback1
Sample XML Minimum Response from a Router (ItemNotFound)
act
Loopback1
Sample XML Request from Client Application (ItemNotFoundBelow)
act
Loopback0
Sample XML Minimum Response from a Router (ItemNotFoundBelow)
1-8
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 1 Cisco XML API Overview
Cisco XML API Tags
act
Loopback0
desc-loop0
1.1.1.1
255.255.0.0
Operation Type Tags
Following the tag, the client application must specify the operations to be carried out by the
router. Three general types of operations are supported along with the operation for large
responses.
Native Data Operation Tags
Native data operations provide basic access to the native management data model. Table 1-4 describes
the native data operation tags.
The XML schema definitions for the native data operation type tags are contained in the schema file
native_data_operations.xsd. The native data operations are described further in Chapter 5, Cisco XML
and Native Data Access Techniques.
Table 1-4 Native Data Operation Tags
Native Data Tag Description
Gets the value of one or more configuration, operational, or action
data items.
Creates or modifies one or more configuration or action data items.
Deletes one or more configuration data items.
Gets the major and minor version numbers of one or more
components.
Retrieves native data branch names.1-9
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 1 Cisco XML API Overview
Cisco XML API Tags
Configuration Services Operation Tags
Configuration services operations provide more advanced configuration management functions through
the Configuration Manager. Table 1-5 describes the configuration services operation tags.
The XML schema definitions for the configuration services operation type tags are contained in the
schema file config_services_operations.xsd (see Chapter 14, Cisco XML Schemas).
The configuration services operations are described further in Chapter 2, Cisco XML Router
Configuration and Management.
CLI Operation Tag
CLI access provides support for XML encapsulated CLI commands and responses. For CLI access, a
single tag is provided. The operation tag issues the request as a CLI command.
The XML schema definitions for the CLI tag are contained in the schema file cli_operations.xsd (see
Chapter 14, Cisco XML Schemas).
The CLI operations are described further in Chapter 6, Cisco XML and Encapsulated CLI Operations.
GetNext Operation Tag
The tag is used to retrieve the next portion of a large response. It can be used as required to
retrieve an oversize response following a request using one of the other operation types. The
operation tag gets the next portion of a response. Iterators are supported for large requests.
The XML schema definition for the operation type tag is contained in the schema file
xml_api_protocol.xsd (see Chapter 14, Cisco XML Schemas). For more information about the
operation, see Chapter 7, Cisco XML and Large Data Retrieval.
Table 1-5 Configuration Services Operation Tags
Tag Description
Locks the running configuration.
Unlocks the running configuration.
Loads the target configuration from a binary file previously
saved using the tag.
Saves the target configuration to a binary file.
Promotes the target configuration to the running configuration.
Aborts or clears the current target configuration session.
Rolls back the running configuration to a previous configuration
state.
Gets a list of configuration events.
Gets a list of the user sessions currently configuring the box.
Gets a list of commits that were made to the running
configuration and can be rolled back.
Clears a particular configuration session.
Clears a configuration inconsistency alarm.1-10
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 1 Cisco XML API Overview
Cisco XML API Tags
Alarm Operation Tags
The operation tag registers, unregisters, and receives alarm notifications. Table 1-6 lists the
alarm operation tags.
The XML schema definitions for the alarm operation tags are contained in the schema file
alarm_operations.xsd (see Chapter 14, Cisco XML Schemas).
XML Request Batching
The XML interface supports the combining of several requests or operations into a single request. When
multiple operations are specified in a single request, the response contains the same operation tags and
in the same order as they appeared in the request.
Batched requests are performed as a best effort. For example, in a case where operations 1 through 3
are in the request, even if operation 2 fails, operation 3 is attempted.
If you want to perform two or more operations, and if the first one might return a large amount
of data that is potentially larger than the size of one iterator chunk, you must place the subsequent
operations within a separate XML request. If the operations are placed in the same request within the
same tags, for example, potentially sharing part of the hierarchies with the first request, an error
attribute that informs you that the operations cannot be serviced is returned on the relevant tags.
For more information, see Chapter 5, Cisco XML and Native Data Access Techniques.
This example shows a simple request containing six different operations:
Sample XML Client Batched Requests
.
.
.
Get operation content goes here
.
.
.
.
.
.
Set operation content goes here
.
.
Table 1-6 List of Alarm Operation Tags
Tag Description
Registers to receive alarm notifications.
Cancels a previous alarm notification registration.1-11
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 1 Cisco XML API Overview
Cisco XML API Tags
.
.
.
.
Get operation content goes here
.
.
.
Sample XML Response from the Router
.
.
.
.
.
.
.
.
.
Get response content returned here
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Get response content returned here
.
.
.
.1-12
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 1 Cisco XML API Overview
Cisco XML API Tags
.
.
.
.
.
C H A P T E R
2-13
Cisco IOS XR XML API Guide
OL-24657-01
2
Cisco XML Router Configuration and
Management
This chapter reviews the basic XML requests and responses used to configure and manage the router.
The use of XML to configure the router is essentially an abstraction of a configuration editor in which
client applications can load, browse, and modify configuration data without affecting the current running
(that is, active) configuration on the router. This configuration that is being modified is called the "target
configuration and is not the running configuration on the router. The routers running configuration can
never be modified directly. All changes to the running configuration must go through the target
configuration.
Note Each client application session has its own target configuration, which is not visible to other client
sessions.
This chapter contains these sections:
Target Configuration Overview, page 2-13
Configuration Operations, page 2-14
Additional Router Configuration and Management Options Using XML, page 2-27
Target Configuration Overview
The target configuration is effectively the current running configuration overlaid with the client-entered
configuration. In other words, the target configuration is the client-intended configuration if the client
were to commit changes. In terms of implementation, the target configuration is an operating system
buffer that contains just the changes (set and delete) that are performed within the configuration session.
A client session is synonymous with dedicated TCP, Telnet, Secure Shell (SSH) connection, or SSL
dedicated connection and authentication, authorization, and accounting (AAA) login. The target
configuration is created implicitly at the beginning of a client application session and must be promoted
(that is, committed) to the running configuration explicitly by the client application in order to replace
or become the running configuration. If the client session breaks, the current target configuration is
aborted and any outstanding locks are released.2-14
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Configuration Operations
Note Only the syntax of the target configuration is checked and verified to be compatible with the installed
software image on the router. The semantics of the target configuration is checked only when the target
configuration is promoted to the running configuration.
Configuration Operations
Note Only the tasks in the Committing the Target Configuration section are required to change the
configuration on the router (that is, modifying and committing the target configuration).
Use these configuration options from the client application to configure or modify the router with XML:
Locking the Running Configuration, page 2-14
Browsing the Target or Running Configuration, page 2-15
Getting Configuration Data, page 2-15
Browsing the Changed Configuration, page 2-16
Loading the Target Configuration, page 2-19
Setting the Target Configuration Explicitly, page 2-20
Saving the Target Configuration, page 2-21
Committing the Target Configuration, page 2-22
Loading a Failed Configuration, page 2-26
Unlocking the Running Configuration, page 2-27
Locking the Running Configuration
The client application uses the operation to obtain an exclusive lock on the running
configuration in order to prevent modification by other users or applications.
If the lock operation is successful, the response contains only the tag. If the lock operation fails,
the response also contains ErrorCode and ErrorMsg attributes that indicates the cause of the lock failure.
This example shows a request to lock the running configuration. This request corresponds to the
command-line interface (CLI) command configure exclusive.
Sample XML Request from the Client Application
Sample XML Response from the Router
2-15
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Configuration Operations
These conditions apply when the running configuration is locked:
The scope of the lock is the entire configuration namespace.
Only one client application can hold the lock on the running configuration at a time. If a client
application attempts to lock the configuration while another application holds the lock, an error is
returned.
If a client application has locked the running configuration, all other client applications can only
read the running configuration, but cannot modify it (that is, they cannot commit changes to it).
No mechanism is provided to allow a client application to break the lock of another user.
If a client session is terminated, any outstanding locks are automatically released.
The XML API does not support timeouts for locks.
The operation is used to identify the user session holding the lock.
Browsing the Target or Running Configuration
The client application browses the target or current running configuration using the operation
along with the request type tags. The client application optionally uses CLI commands
encoded within XML tags to browse the configuration.
The tag supports the optional Source attribute, which is used to specify the source of
the configuration information returned from a operation.
Getting Configuration Data
Table 2-1 describes the Source options.
Table 2-1 Source Options
Option Description
ChangedConfig Reads only from the changes made to the target configuration for the current
session. This option effectively gets the configuration changes made from the
current session since the last configuration commit.
This option corresponds to the CLI command show configuration.
CurrentConfig Reads from the current active running configuration.
This option corresponds to the CLI command show configuration running.
MergedConfig Reads from the target configuration for this session. This option should provide
a view of the resultant running configuration if the current target configuration is
committed without errors. For example, in the case of the best effort commit,
some portions of the commit could fail, while others could succeed.
MergedConfig is the default when the Source attribute is not specified on the
operation.
This option corresponds to the CLI command show configuration merge.2-16
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Configuration Operations
If the operation fails, the response contains one or more ErrorCode and ErrorMsg attributes
indicating the cause of the failure.
This example shows a request used to browse the current Border Gateway Protocol (BGP)
configuration:
Sample XML Client Request to Browse the Current BGP Configuration
Sample XML Response from the Router
..
.
.
response data goes here
.
.
.
Browsing the Changed Configuration
When a client application issues a request with a Source type of ChangedConfig, the response
contains the OperationType attribute to indicate whether the returned changes to the target configuration
were a result of or operations.
Use to browse uncommitted target configuration changes.
CommitChanges Reads from the commit database for the specified commit ID.
This operation corresponds to the CLI command show configuration commit
changes.
RollbackChanges Reads from a set of rollback changes.
This operation corresponds to the CLI command show configuration
rollback-changes.
Table 2-1 Source Options (continued)
Option Description2-17
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Configuration Operations
This example shows and operations that modify the BGP configuration followed by a
request to browse the uncommitted BGP configuration changes. These requests correspond to
these CLI commands:
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# router bgp 3
RP/0/RP0/CPU0:router(config-bgp)# default-metric 10
RP/0/RP0/CPU0:router(config-bgp)# no neighbor 10.0.101.8
RP/0/RP0/CPU0:router(config-bgp)# exit
RP/0/RP0/CPU0:router# show configuration
Sample XML to Modify the BGP Configuration
0
3
10
0
3
10.0.101.8
2-18
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Configuration Operations
Sample XML Response from the Router
Sample XML Client Request to Browse Uncommitted Target Configuration Changes
Sample Secondary XML Response from the Router
0
3
true
10
0
3
2-19
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Configuration Operations
10.0.101.8
Loading the Target Configuration
The client application uses the operation along with the tag to populate the target
configuration with the contents of a binary configuration file previously saved on the router using the
operation.
Note At the current time, a configuration file saved using CLI is not loadable with XML . The
configuration should have been saved using the XML operation. Using the operation is
strictly optional. It can be used alone or with the and operations, as described in the
section Setting the Target Configuration Explicitly section on page 2-20.
Use the tag to name the file from which the configuration is to be loaded. When you use the
tag to name the file from which the configuration is to be loaded, specify the complete path of
the file to be loaded.
If the load operation is successful, the response contains both the and tags. If the load
operation fails, the response contains the ErrorCode and ErrorMsg attributes that indicate the cause of
the load failure.
This example shows a request to load the target configuration from the contents of the file my_bgp.cfg:
Sample XML Client Request to Load the Target Configuration from a Named File
disk0:/my_bgp.cfg
Sample XML Response from the Router
disk0:/my_bgp.cfg2-20
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Configuration Operations
See also the Setting the Target Configuration Explicitly section on page 20.
Setting the Target Configuration Explicitly
The client application modifies the target configuration as required using the and
operations.
Note There are no separate Create and Modify operations, because a operation for an item can
result in the creation of the item if it does not already exist in the configuration, and can result in the
modification of the item if it does already exist.
The client application can optionally use CLI commands encoded within XML tags to modify the target
configuration.
If the operation to modify the target configuration is successful, the response contains only the
or tag. If the operation fails, the response includes the element or object hierarchy passed in the
request along with one or more ErrorCode and ErrorMsg attributes indicating the cause of the failure.
A syntax check is performed whenever the client application writes to the target configuration. A
successful write to the target configuration, however, does not guarantee that the configuration change
can succeed when a subsequent commit of the target configuration is attempted. For example, errors
resulting from failed verifications may be returned from the commit.
This example shows how to use a request to set the default metric and routing timers and disable
neighbor change logging for a particular BGP autonomous system. This request corresponds to these
CLI commands:
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# router bgp 3
RP/0/RP0/CPU0:router(config-bgp)# default-metric 10
RP/0/RP0/CPU0:router(config-bgp)# timers bgp 60 180
RP/0/RP0/CPU0:router(config-bgp)# exit
Sample XML Client Request to Set Timers and Disable Neighbor Change Logging for a BGP Configuration
3
3
10
60
1802-21
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Configuration Operations
Sample XML Response from the Router
To replace a portion of the configuration, the client application should use a operation to
remove the unwanted portion of the configuration followed by a operation to add the new
configuration. An explicit replace option is not supported.
For more information on replacing the configuration, see the Replacing the Current Running
Configuration section on page 2-44.
Saving the Target Configuration
The client application uses the operation along with the tag to save the contents of the
target configuration to a binary file on the router.
Use the tag to name the file to which the configuration is to be saved. You must specify the
complete path of the file to be saved when you use the tag. If the file already exists on the router,
then an error is returned, unless the optional Boolean attribute Overwrite is included on the tag
with a value of true.
Note No mechanism is provided by the XML interface for browsing through the file directory structure.
If the save operation is successful, the response contains both the and tags. If the save
operation fails, the response also contains the ErrorCode and ErrorMsg attributes that indicate the cause
of the failure.
This example shows a request to save the contents of the target configuration to the file named
my_bgp.cfg on the router:
Sample XML Client Request to Save the Target Configuration to a File
disk0:/my_bgp.cfg
Sample XML Response from the Router
2-22
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Configuration Operations
disk0:/my_bgp.cfg
Committing the Target Configuration
In order for the configuration in the target area to become part of the running configuration, the target
configuration must be explicitly committed by the client application using the operation.
Commit Operation
Table 2-2 describes the six optional attributes that are specified with the operation.
Table 2-2 Commit Operation Attributes
Attribute Description
Mode Use the Mode attribute to specify whether the target configuration should be
committed on an Atomic or a BestEffort basis. In the case of a commit with the
Atomic option, the entire configuration in the target area is committed only if
the application of all of the configuration in the target area to the running
configuration succeeds. If any errors occur, the commit operation is rolled back
and the errors are returned to the client application. In the case of commit with
the BestEffort option, the configuration is committed even if some
configuration items fail during the commit operation. In this case too, the errors
are returned to the client application. By default, the commit operation is
performed on an Atomic basis.
KeepFailedConfig Use this Boolean attribute to specify whether any configuration that fails
during the commit operation should remain in the target configuration buffer.
The default value for KeepFailedConfig is false. That is, by default the target
configuration buffer is cleared after each commit. If a commit operation is
performed with a KeepFailedConfig value of false, the user can then use the
operation to load the failed configuration back into the target
configuration buffer. The use of the KeepFailedConfig attribute makes sense
only for the BestEffort commit mode. In the case of an Atomic commit, if
something fails, the entire target configuration is kept intact (because nothing
is committed).
Label Use the Label attribute instead of the commit identifier wherever a commit
identifier is expected, such as in the operation. The Label attribute
is a unique user-specified label that is associated with the commit in the
commit database. If specified, the label must begin with an alphabetic character
and cannot match any existing label in the commit database.
Comment Use the Comment attribute as a user-specified comment to be associated with
the commit in the router commit database.2-23
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Configuration Operations
If the commit operation is successful, the response contains only the tag, along with a unique
CommitID and any other attributes specified in the request. If the commit operation fails, the failed
configuration is returned in the response.
This example shows a request to commit the target configuration using the Atomic option. The request
corresponds to the commit label BGPUpdate1 comment BGP config update CLI command.
Sample XML Client Request to Commit the Target Configuration Using the Atomic Option
Sample XML Response from the Router
This example shows a request to commit for a 50-second period. The request corresponds to the commit
confirmed 50 CLI command.
Confirmed Use the Confirmed attribute as a commit request, which sends the target
configuration to a trial commit. The confirmed request has a value of 30 to 300
seconds. If the user sends a commit request without the Confirmed attribute
within the specified period, the changes are committed; otherwise, the changes
are rolled back after the specified period is over. If the user sends a commit
request again with the Confirmed attribute, the target configuration is sent to
the trial commit.
Replace Use this boolean attribute to specify whether the commit operation should
replace the entire configuration running on the router with the contents of the
target configuration buffer. The default value for Replace is false. The Replace
attribute should be used with caution.
Caution The new configuration must contain the necessary configuration to
maintain the XML session, for example, xml agent or xml agent
tty along with the configuration for the management interface.
Otherwise, the XML session is terminated.
IgnoreOtherSessions Use this boolean attribute to specify whether the commit operation should be
allowed to go through without an error when one or more commits have
occurred from other configuration sessions since the current session started or
since the last commit was made from this session. The default value for
IgnoreOtherSessions is false.
Table 2-2 Commit Operation Attributes (continued)
Attribute Description2-24
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Configuration Operations
Sample XML Client Request to Commit for a 50-second Period
Sample XML Response from the Router
These points should be noted with regard to committing the target configuration:
After each successful commit operation, a commit record is created in the router commit database.
The router maintains up to 100 entries in the commit database corresponding to the last 100
commits. Each commit is assigned a unique identifier, such as 1000000075, which is saved with
the commit information in the database. The commit identifier is used in subsequent operations such
as commit changes or to a previous commit (using the tag).
Configuration changes in the target configuration are merged with the running configuration when
committed. If a client application is to perform a replace of the configuration, the client must first
remove the unwanted configuration using a operation and then add the new configuration
using a operation. An explicit replace option is not supported. For more information on
replacing the configuration, see the Replacing the Current Running Configuration section on
page 2-44.
Applying the configuration for a trial period (try-and-apply) is not supported for this release.
If the client application never commits, the target configuration is automatically destroyed when the
client session is terminated. No other timeouts are supported.
To confirm the commit with the Confirmed attribute, the user has to send an explicit
without the Confirmed attribute or send a without the Confirmed attribute along with
any other configurations.
Commit Errors
If any configuration entered into the target configuration fails to makes its way to the running
configuration as the result of a operation (for example, the configuration contains a semantic
error and is therefore rejected by a back-end applications verifier function), all of the failed
configuration is returned in the response along with the appropriate ErrorCode and
ErrrorMsg attributes indicating the cause of each failure.
The OperationType attribute is used to indicate whether the failure was a result of a requested or
operation. In the case of a operation failure, the value to be set is included in the commit
response.
This example shows and operations to modify the BGP configuration followed by a
request resulting in failures for both requested operations. This request corresponds to these
CLI commands:
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# router bgp 4
RP/0/RP0/CPU0:router(config-bgp)# default-metric 10
RP/0/RP0/CPU0:router(config-bgp)# exit
RP/0/RP0/CPU0:router(config)# commit best-effort2-25
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Configuration Operations
Sample XML Client Request to Modify the Target Configuration
0
4
10
Sample XML Response from the Router
Sample Request to Commit the Target Configuration
Sample XML Response from the Router Showing Failures for Both Requested Operations
4
4
2-26
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Configuration Operations
10
For more information, see the Loading a Failed Configuration section on page 2-26.
Loading a Failed Configuration
The client application uses the operation along with the tag to populate the
target configuration with the failed configuration from the most recent operation. Loading
the failed configuration in this way is equivalent to specifying a true value for the KeepFailedConfig
attribute in the operation.
If the load operation is successful, the response contains both the and tags. If
the load fails, the response can also contain the ErrorCode and ErrorMsg attributes that indicate the
cause of the load failure.
This example shows a request to load and display the failed configuration from the last
operation. This request corresponds to the show configuration failed CLI command.
Sample XML Client Request to Load the Failed Configuration from the Last Operation
Sample XML Response from the Router
0
4
true
2-27
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Additional Router Configuration and Management Options Using XML
10
Unlocking the Running Configuration
The client application must use the operation to release the exclusive lock on the running
configuration for the current session prior to terminating the session.
If the unlock operation is successful, the response contains only the tag. If the unlock
operation fails, the response can also contain the ErrorCode and ErrorMsg attributes that indicate the
cause of the unlock failure.
This example shows a request to unlock the running configuration. This request corresponds to the exit
CLI command when it is used after the configuration mode is entered through the configure exclusive
CLI command.
Sample XML Client Request to Unlock the Running Configuration
Sample XML Response from the Router
Additional Router Configuration and Management Options
Using XML
These sections describe the optional configuration and router management tasks available to the client
application:
Getting Commit Changes, page 2-28
Loading Commit Changes, page 2-29
Clearing a Target Session, page 2-31
Rolling Back Configuration Changes to a Specified Commit Identifier, page 2-32
Rolling Back the Trial Configuration Changes Before the Trial Time Expires, page 2-32
Rolling Back Configuration Changes to a Specified Number of Commits, page 2-332-28
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Additional Router Configuration and Management Options Using XML
Getting Rollback Changes, page 2-34
Loading Rollback Changes, page 2-35
Getting Configuration History, page 2-37
Getting Configuration Commit List, page 2-40
Getting Configuration Session Information, page 2-42
Clear Configuration Session, page 2-43
Replacing the Current Running Configuration, page 2-44
Clear Configuration Inconsistency Alarm, page 2-45
Getting Commit Changes
When a client application successfully commits the target configuration to the running configuration,
the configuration manager writes a single configuration change event to the system message logging
(syslog). As a result, an event notification is written to the Alarm Channel and subsequently forwarded
to any registered configuration agents.
Table 2-3 describes the event notification.
This example shows a configuration change notification:
RP/0/1/CPU0:Jul 25 18:23:21.810 : config[65725]: %MGBL-CONFIG-6-DB_COMMIT :
Configuration committed by user 'lab'. Use 'show configuration commit changes
1000000001' to view the changes
Upon receiving the configuration change notification, a client application can then use the
operation to load and browse the changed configuration.
The client application can read a set of commit changes using the operation along with the
request type tag when it includes the Source attribute option CommitChanges. One of
the additional attributes, either ForCommitID or SinceCommitID, must also be used to specify the
commit identifier or commit label for which the commit changes should be retrieved.
This example shows the use of the ForCommitID attribute to show the commit changes for a specific
commit. This request corresponds to the show configuration commit changes 1000000075 CLI
command.
Sample XML Request to Show Specified Commit Changes Using the ForCommitID Attribute
Table 2-3 Event Notification
Notification Description
userid Name of the user who performed the commit operation.
timestamp Date and time of the commit.
commit Unique ID associated with the commit.2-29
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Additional Router Configuration and Management Options Using XML
Sample XML Response from the Router
.
.
changed config returned here
.
.
.
This example shows the use of the SinceCommitID attribute to show the commit changes made since a
specific commit. This request corresponds to the show configuration commit changes since
1000000072 CLI command.
Sample XML Request to Show Specified Commit Changes Using the SinceCommitID Attribute
Sample XML Response from the Router
OperationType=....>
.
.
changed config returned here
.
.
.
Loading Commit Changes
The client application can load a set of commit changes into the target configuration buffer using the
Load operation and CommitChanges tag along with one of the additional tags ForCommitID,
SinceCommitID, or Previous. After the completion of the Load operation, the client application can then
modify and commit the commit changes like any other configuration.
If the load succeeds, the response contains both the Load and CommitChanges tags. If the load fails, the
response also contains the ErrorCode and ErrorMsg attributes indicating the cause of the load failure.2-30
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Additional Router Configuration and Management Options Using XML
This example shows the use of the Load operation and CommitChanges tag along with the ForCommitID
tag to load the commit changes for a specific commit into the target configuration buffer. This request
corresponds to the load commit changes 1000000072 CLI command.
Sample XML Request to Load Commit Changes with the ForCommitID tag
1000000072
Sample XML Response from the Router
1000000072
This example shows the use of the Load operation and CommitChanges tag along with the
SinceCommitID tag to load the commit changes since (and including) a specific commit into the target
configuration buffer. This request corresponds to the load commit changes since 1000000072 CLI
command.
Sample XML Request to Load Commit Changes with the SinceCommitID tag
1000000072
Sample XML Response from the Router
1000000072
2-31
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Additional Router Configuration and Management Options Using XML
This example shows the use of the Load operation and CommitChanges tag along with the Previous tag
to load the commit changes for the most recent four commits into the target configuration buffer. This
request corresponds to the load commit changes last 4 CLI command.
Sample XML Request to Load Commit Changes with the Previous tag
4
Sample XML Response from the Router
4
Clearing a Target Session
Prior to committing the target configuration to the active running configuration, the client application
can use the operation to clear the target configuration session. This operation has the effect of
clearing the contents of the target configuration, thus removing any changes made to the target
configuration since the last commit. The clear operation does not end the target configuration session,
but results in the discarding of any uncommitted changes from the target configuration.
If the clear operation is successful, the response contains just the tag. If the clear operation
fails, the response can also contain the ErrorCode and ErrorMsg attributes that indicate the cause of the
clear failure.
This example shows a request to clear the current target configuration session. This request corresponds
to the clear CLI command.
Sample XML Request to Clear the Current Target Configuration Session
Sample XML Response from a Router
2-32
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Additional Router Configuration and Management Options Using XML
Rolling Back Configuration Changes to a Specified Commit Identifier
The client application uses the operation with the tag to roll back the
configuration changes made since (and including) the commit by specifying a commit identifier or
commit label.
If the roll back operation is successful, the response contains both the and
tags. If the roll back operation fails, the response can also contain the ErrorCode and ErrorMsg attributes
that indicate the cause of the roll back failure.
Table 2-4 describes the optional attributes that are specified with the operation by the client
application when rolling back to a commit identifier.
This example shows a request to roll back the configuration changes to a specified commit identifier.
This request corresponds to the rollback configuration to 1000000072 CLI command.
Sample XML Request to Roll Back the Configuration Changes to a Specified Commit Identifier
1000000072
Sample XML Response from the Router
1000000072
Note The commit identifier can also be obtained by using the operation described
in the section Getting Configuration History section on page 2-37.
Rolling Back the Trial Configuration Changes Before the Trial Time Expires
When the user sends a commit request with the Confirmed attribute, a trial configuration session is
created. If the user then sends a confirmed commit, the trial configuration changes are committed. If the
user wants to roll back the trial configuration changes before the trial time expires, the user can use the
operation.
Table 2-4 Optional Attributes for Rollback Operation (Commit Identifier)
Attribute Description
Label Unique user-specified label to be associated with the rollback in the router commit
database. If specified, the label must begin with an alphabetic character and cannot
match any existing label in the router commit database.
Comment User-specified comment to be associated with the rollback in the router commit
database.2-33
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Additional Router Configuration and Management Options Using XML
Note No optional attributes can be used when is specified.
This example shows a request to roll back the trial configuration changes:
Sample XML Request to Roll Back the Trial Configuration Before the Trial Time Expires
Sample XML Response from the Router
Rolling Back Configuration Changes to a Specified Number of Commits
The client application uses the operation with the tag to roll back the
configuration changes made during the most recent [x] commits, where [x] is a number ranging from 0
to the number of saved commits in the commit database. If the value is specified as 0,
nothing is rolled back. The target configuration must be unlocked at the time the operation
is requested.
If the roll back operation is successful, the response contains both the and tags.
If the roll back operation fails, the response can also contain the ErrorCode and ErrorMsg attributes that
indicate the cause of the rollback failure.
Table 2-5 describes the optional attributes that are specified with the operation by the client
application when rolling back a specified number of commits.
This example shows a request to roll back the configuration changes made during the previous three
commits. This request corresponds to the rollback configuration last 3 CLI command.
Table 2-5 Optional Attributes for Rollback Operation (Number of Commits)
Attribute Description
Label Unique user-specified label to be associated with the rollback in the router commit
database. If specified, the label must begin with an alphabetic character and cannot
match any existing label in the router commit database.
Comment User-specified comment to be associated with the rollback in the router commit
database.2-34
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Additional Router Configuration and Management Options Using XML
Sample XML Request to Roll Back Configuration Changes to a Specified Number of Commits
3
Sample XML Response from the Router
3
Getting Rollback Changes
The client application can read a set of rollback changes using the operation along with the
request type tag when it includes both the Source attribute option RollbackChanges and
one of the additional attributes ToCommitID or PreviousCommits.
The set of roll back changes are the changes that are applied when the operation is
performed using the same parameters. It is recommended that the client application read or verify the
set of roll back changes before performing the roll back.
This example shows the use of the ToCommitID attribute to get the rollback changes for rolling back to
a specific commit. This request corresponds to the show configuration rollback-changes to
1000000072 CLI command.
Sample XML Client Request to Get Rollback Changes Using the ToCommitID Attribute
Sample XML Response from the Router
OperationType=....>
.
.
rollback changes returned here
.
.
.
2-35
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Additional Router Configuration and Management Options Using XML
This example shows the use of the PreviousCommits attribute to get the roll back changes for rolling
back a specified number of commits. This request corresponds to the show configuration
rollback-changes last 4 CLI command.
Sample XML Client Request to Get Roll Back Changes Using the PreviousCommits Attribute
Sample XML Response from the Router
OperationType=....>
.
.
rollback changes returned here
.
.
.
< ResultSummary ErrorCount="0"/>
Loading Rollback Changes
The client application can load a set of rollback changes into the target configuration buffer using the
Load operation and RollbackChanges tag along with one of the additional tags ForCommitID,
ToCommidID, or Previous. After the completion of the Load operation, the client application can then
modify and commit the rollback changes like with any other configuration.
If the load succeeds, the response contains both the Load and RollbackChanges tags. If the load fails,
the response also contains the ErrorCode and ErrorMsg attributes indicating the cause of the load failure.
This example shows the use of the Load operation and RollbackChanges tag along with the
ForCommitID tag to load the rollback changes for a specific commit into the target configuration buffer.
This request corresponds to the load rollback changes 1000000072 CLI command.
Sample XML Client to Load Rollback Changes with the ForCommitID tag
1000000072
2-36
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Additional Router Configuration and Management Options Using XML
Sample XML Response from the Router
1000000072
This example shows the use of the Load operation and RollbackChanges tag along with the ToCommitID
tag to load the rollback changes up to (and including) a specific commit into the target configuration
buffer. This request corresponds to the load rollback changes to 1000000072 CLI command.
Sample XML Client to Load Rollback Changes with the ToCommitID tag
1000000072
Sample XML Response from the Router
1000000072
This example shows the use of the Load operation and RollbackChanges tag along with the Previous tag
to load the rollback changes for the most recent four commits into the target configuration buffer. This
request corresponds to the load rollback changes last 4 CLI command.
Sample XML Client to Load Rollback Changes with the Previous tag
4
2-37
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Additional Router Configuration and Management Options Using XML
Sample XML Response from the Router
4
Getting Configuration History
The client application uses the operation to get information regarding these
configuration events:
Commit
Online insertion and removal (OIR) events, also known as remove and replace
Router shutdown synchronization
cfs check rebuild of persistent configuration from running configuration
Startup application of admin and SDR configuration, noting alternate configuration fallback
specification
Configuration inconsistency including failed configuration or other similar reasons
Table 2-6 describes the optional attributes available with the operation.
The operation corresponds to the show configuration history CLI
command.
This example shows a request to list the information associated with the previous three commits. This
request corresponds to the show configuration commit history first 6 detail CLI command.
Table 2-6 Optional Attributes to Get Configuration History
Attribute Description
Maximum Maximum number of entries to be returned from the commit history file. The range
of entries that can be returned are from 0 to 1500. If the Maximum attribute is not
included in the request, or if the value of the Maximum attribute is greater than the
actual number of entries in the commit history file, all entries in the commit history
files are returned. The commit entries are returned with the most recent commit
history information appearing first in the list.
EventType Type of event records to be displayed from the configuration history file. If this
attribute is not included in the request, all types of event records are returned. The
EventType attribute expects one of these values: All, Alarm, CFS-Check, Commit,
OIR, Shutdown, or Startup.
Reverse Reverse attribute has a value of true. If it is specified, the most recent records are
displayed first; otherwise, the oldest records are displayed first.
Details Used to display detailed information. The Detail attribute has a value of either true
or false and the default is false.2-38
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Additional Router Configuration and Management Options Using XML
Sample XML Request to List Configuration History Information for the Previous Three Commits
Sample XML Response from the Router
CFS-Check
1300262221
lab
vty2
Commit
1300262224
1000000627
lab
vty2
CLI
Commit
1300262231
2-39
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Additional Router Configuration and Management Options Using XML
1000000628
lab
vty0
CLI
Commit
1300262239
1000000629
lab
vty0
CLI
Commit
1300262246
1000000630
lab
vty0
CLI
2-40
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Additional Router Configuration and Management Options Using XML
Commit
1300262255
1000000631
lab
vty0
CLI
Getting Configuration Commit List
The client application can use the operation to get information
regarding the most recent commits to the running configuration.
Table 2-7 describes the information that is returned for each configuration commit session.
Table 2-7 Returned Session Information
Name Description
Unique ID associated with the commit.
<2-42
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Additional Router Configuration and Management Options Using XML
Getting Configuration Session Information
The client application uses the operation to get the list of all users
configuring the router. In the case where the configuration is locked, the list identifies the user holding
the lock.
Table 2-8 describes the information that is returned for each configuration session.
The Detail attribute can be specified with . This attribute specifies whether
the detailed information is required. False is the default value.
Table 2-9 describes the additional information that is returned when the Detail attribute is used.
This example shows a request to get the list of users currently configuring the router. This request
corresponds to the show configuration sessions detail CLI command.
Sample XML Request to Get List of Users Configuring the Router
Sample XML Response from the Router
00000000-0005f109-00000000
Table 2-8 Returned Session Information
Returned Session Information Session Information Description
Unique autogenerated ID for the configuration session.
Name of the user who created the configuration session.
Line used to connect to the router.
User-friendly name of the client application that created the
configuration session.
Date and time of the creation of the configuration session.
Boolean operation indicating whether the session has an exclusive
lock on the running configuration.
Table 2-9 Returned Session Information with the Detail Attribute
Returned Session Information Session Information Description
Process name
Process ID
Node ID
Session time elapsed, in seconds.2-43
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Additional Router Configuration and Management Options Using XML
lab
con0_0_CPU0
1303317929
false
false
CLI
389385
config
0
0
CPU0
2183
Clear Configuration Session
The client application can use the operation to clear a particular
configuration session. The SessionID attribute specifies the session to be cleared.
This example shows a request to clear a configuration session. This request corresponds to the clear
configuration sessions 00000000-000a00c9-00000000 CLI command.2-44
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Additional Router Configuration and Management Options Using XML
Sample XML Request to Get List of Users Configuring the Router
Sample XML Response from the Router
Replacing the Current Running Configuration
A client application replaces the current running configuration on the router with a users configuration
file. Performg these operations in sequence:
1. Lock the configuration.
2. Load the desired off-the-box configuration into the target configuration using one or more
operations (assuming that the entire desired configuration is available in XML format, perhaps from
a previous of the entire configuration). As an alternative, use an appropriate copy command
enclosed within tags.
3. Commit the target configuration specifying the Replace attribute with a value of true.
These examples illustrate these steps:
Sample XML Request to Lock the Current Running Configuration
Sample XML Response from the Router
2-45
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Additional Router Configuration and Management Options Using XML
Sample XML Request to Set the Current Running Configuration
.
.
.
configuration data goes here
.
.
.
Sample XML Response from the Router
Sample XML Request to Commit the Target Configuration
Sample XML Response from the Router
Clear Configuration Inconsistency Alarm
The client application uses the operation to clear a bi-state
configuration inconsistency alarm.
If the clear operation is successful, the response contains only the
tag. If the clear operation fails, the response also contains the ErrorCode and ErrorMsg attributes,
indicating the cause of the clear failure.
This example shows a request to clear the configuration inconsistency alarm in user mode. This request
corresponds to the clear configuration inconsistency CLI command.
Sample XML Request to Clear the Configuration Inconsistency Alarm
2-46
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 2 Cisco XML Router Configuration and Management
Additional Router Configuration and Management Options Using XML
Sample XML Response from the Router
C H A P T E R
3-49
Cisco IOS XR XML API Guide
OL-24657-01
3
Cisco XML Operational Requests and Fault
Management
A client application can send an XML request to get router operational information using either a native
data request along with the tag, or the equivalent CLI command. Although the CLI
is more familiar to users, the advantage of using the request is that the response data is encoded
in XML format instead of being only uninterpreted text enclosed within tags.
This chapter contains these sections:
Operational Get Requests, page 3-49
Action Requests, page 3-50
Operational Get Requests
The content and format of operational requests are described in additional detail in Chapter 4,
Cisco XML and Native Data Operations.
This example shows a request to retrieve the global Border Gateway Protocol (BGP) process
information. This request returns BGP process information similar to that displayed by the show ip bgp
process detail CLI command.
Sample XML Client Request to Get BGP Information
Sample XML Response from the Router
3-50
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 3 Cisco XML Operational Requests and Fault Management
Action Requests
0
0
....
more response content here
...
Action Requests
A client application can send a request along with the tag to trigger unique actions on
the router. For example, an object may be set with an action request to inform the router to clear a
particular counter or reset some functionality. Most often this operation involves setting the value of a
Boolean object to true.
This example shows an action request to clear the BGP performance statistics information. This request
is equivalent to the clear bgp performance-statistics CLI command.
Sample XML Request to Clear BGP Performance Statistics Information
true
3-51
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 3 Cisco XML Operational Requests and Fault Management
Action Requests
Sample XML Response from the Router
In addition, this example shows an action request to clear the peer drop information for all BGP
neighbors. This request is equivalent to the clear bgp peer-drops * CLI command.
Sample XML Request to Clear Peer Drop Information for All BGP Neighbors
true
Sample XML Response from the Router
Cisco XML and Fault Management
When a client application successfully commits the target configuration to the routers running
configuration, the configuration manager writes a single configuration change event to system message
logging (syslog). As a result, a fault management event notification is written to the Alarm Channel and
subsequently forwarded to any registered configuration agents.
Configuration Change Notification
Table 3-1 provides event notification for configuration changes information.
Table 3-1 Event Notifications for Configuration Changes
Event Notification Description
userid Name of the user who performed the commit operation.3-52
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 3 Cisco XML Operational Requests and Fault Management
Action Requests
This example shows a configuration change notification:
RP/0/RP0/CPU0:Sep 18 09:43:42.747 : %CLIENTLIBCFGMGR-6-CONFIG_CHANGE : A configuration
commit by user root occurred at Wed Sep 18 09:43:42 2004 . The configuration changes are
saved on the router in file: 010208180943.0
Upon receiving the configuration change notification, a client application can then use the and
operations to load and browse the changed configuration.
timestamp Date and time of the commit.
commit Unique ID associated with the commit.
Table 3-1 Event Notifications for Configuration Changes (continued)
Event Notification DescriptionC H A P T E R
4-53
Cisco IOS XR XML API Guide
OL-24657-01
4
Cisco XML and Native Data Operations
Native data operations , , and provide basic access to configuration and
operational data residing on the router.
This chapter describes the content of native data operations and provides an example of each operation
type.
Native Data Operation Content
The content of native data operations includes the request type and relevant object class hierarchy as
described in these sections:
Request Type Tag and Namespaces, page 4-54
Object Hierarchy, page 4-54
Dependencies Between Configuration Items, page 4-58
Null Value Representations, page 4-58
Operation Triggering, page 4-58
Native Data Operation Examples, page 4-59
This example shows a native data operation request:
Sample XML Client Native Data Operation Request
.
.
.
object hierarchy goes here
.
.
.
4-54
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 4 Cisco XML and Native Data Operations
Native Data Operation Content
Sample XML Response from the Router
.
.
.
response content returned here
.
.
.
Request Type Tag and Namespaces
The request type tag must follow the operation type tag within a native data operation request.
Table 4-1 describes the type of request that must be specified as applying to one of the namespaces.
Object Hierarchy
A hierarchy of elements is included to specify the items to get, set, or delete, and so on, after the request
type tag is specified. The precise hierarchy is defined by the XML component schemas.
Note You should use only the supported XML schema objects; therefore, do not attempt to write a request for
other objects.
The XML schema information is mapped to the XML instance.
Table 4-1 Namespace Descriptions
Namespace Description
Provides access to the router configuration data analogous to CLI
configuration commands. The allowed operations on configuration data are
, , and .
Provides access to the router operational data and is analogous to CLI show
commands. The only operation allowed on operational data is .
Provides access to the action data, for example, the clear commands. The
only allowed operation on action data is .
Provides access to the router administration operational data. The only
operation allowed on administration operational data is .
Provides access to the router administration action data; for example, the
clear commands. The only allowed operation on administration action data
is .4-55
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 4 Cisco XML and Native Data Operations
Native Data Operation Content
Main Hierarchy Structure
The main structure of the hierarchy consists of the native data model organized as a tree of nodes, where
related data items appear in the same branch of the tree. At each level of the tree, a node is a container
of further, more specific, sets of related data, or a leaf that holds an actual value.
For example, the first element in the configuration data model is , which contains all
possible configuration items. The children of this element are more specific groups of configuration,
such as for Border Gateway Protocol (BGP) configuration and for Intermediate
System-to-Intermediate System (ISIS) configuration. Beneath the element, data is further
compartmentalized with the element for global BGP configuration and element
for per-entity BGP configuration. This compartmentalization continues down to the elements that hold
the values, the values being the character data of the element.
This example shows the main hierarchy structure:
.
.
.
.
.
.
10
.
.
.
.
.
.
.
.
.
.
.
.
Data can be retrieved at any level in the hierarchy. One particular data item can be examined, or all of
the data items in a branch of the tree can be returned in one request.
Similarly, configuration data can be deleted at any granularityone item can be deleted, or a whole
branch of related configuration can be deleted. So, for example, all BGP configuration can be deleted in
one request, or just the value of the default metric.
Hierarchy Tables
One special type of container element is a table. Tables can hold any number of keyed entries, and are
used when there can be multiple instances of an entity. For example, BGP has a table of multiple
neighbors, each of which has a unique IP address "key" to identify it. In this case, the table element is 4-56
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 4 Cisco XML and Native Data Operations
Native Data Operation Content
, and its child element signifying a particular neighbor is . To specify the
key, an extension to the basic parent-child hierarchy is used, where a element appears under
the child element, containing the key to the table entry.
This example shows hierarchy tables:
.
.
.
10.0.101.6
0
6
10.0.101.7
0
6
.
.
.
.
.
.
Use tables to access a specific data item for an entry (for example, getting the remote autonomous system
number for neighbor 10.0.101.6), or all data for an entry, or even all data for all entries.
Tables also provide the extra feature of allowing the list of entries in the table to be returned.
Returned entries from tables can be used to show all neighbors configured; for example, without
showing all their data.4-57
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 4 Cisco XML and Native Data Operations
Native Data Operation Content
Tables in the operational data model often have a further feature when retrieving their entries. The tables
can be filtered on particular criteria to return just the set of entries that fulfill those criteria. For instance,
the table of BGP neighbors can be filtered on address family or autonomous system number or update
group, or all three. To apply a filter to a table, use another extension to the basic parent-child hierarchy,
where a element appears under the table element, containing the criteria to filter on.
This example shows table filtering:
one
IPv4Unicast
Leaf Nodes
The leaf nodes hold values and are generally simple one-value items where the element representing the
leaf node uses character data to specify the value (as in 10 in the
example in the Main Hierarchy Structure section on page 4-55. In some cases there may be more than
one value to specifyfor example, when you configure the administrative distance for an address family
(the element), three values must be given together. Specifying more than one value is
achieved by adding further child elements to the leaf, each of which indicates the particular value being
configured.
This example shows leaf nodes:
.
.
.
20
250
200
.
.
.
4-58
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 4 Cisco XML and Native Data Operations
Native Data Operation Content
Sometimes there may be even more structure to the values (with additional levels in the hierarchy
beneath the tag as a means for grouping the related parts of the data together), although they
are still only setable or getable as one entity. The extreme example of this is that in some of the
information returned from the operational data model, all the values pertaining to the status of a
particular object may be grouped as one leaf. For example, a request to retrieve a particular BGP path
status returns all the values associated with that path.
Dependencies Between Configuration Items
Dependencies between configuration items are not articulated in the XML schema nor are they enforced
by the XML infrastructure; for example, if item A is this value, then item B must be one of these values,
and so forth. The back-end for the Cisco IOS XR applications is responsible for preventing inconsistent
configuration from being set. In addition, the management agents are responsible for carrying out the
appropriate operations on dependent configuration items through the XML interface.
Null Value Representations
The standard attribute xsi:nil is used with a value of true when a null value is specified for an
element in an XML request or response document.
This example shows how to specify a null value for the element :
60
Any element that can be set to nil in an XML instance has the attribute nillable set to true in the
XML schema definition for that element. For example:
Any XML instance document that uses the nil mechanism must declare the XML Schema for Instance
Documents namespace, which contains the xsi:nil definition. Responses to native data operations
returned from the router declares the namespace in the operation tag. For example:
Operation Triggering
When structuring an XML request, the user should remember the general rule regarding what to specify
in the XML for an operation to take place: As a client XML request is parsed by the router, the specified
operation takes place whenever a closing tag is encountered after a series of one or more opening tags
(but only when the closing tag is not the tag).
This example shows a request to get the confederation peer information for a particular BGP autonomous
system. In this example, the operation is triggered when the tag
is encountered.
Sample XML Client Request to Trigger a Operation for BGP Timer Values
4-59
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 4 Cisco XML and Native Data Operations
Native Data Operation Content
0
3
Sample XML Response from the Router
0
3
0
10
true
4-60
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 4 Cisco XML and Native Data Operations
Native Data Operation Content
Native Data Operation Examples
These sections provide examples of the basic , , and operations:
Set Configuration Data Request: Example, page 4-60
Get Request: Example, page 4-62
Get Request of Nonexistent Data: Example, page 4-63
Delete Request: Example, page 4-65
GetDataSpaceInfo Request Example, page 4-66
Set Configuration Data Request: Example
This example shows a native data request to set several configuration values for a particular BGP
neighbor. Because the operation in this example is successful, the response contains only the
operation and request type tags.
This request is equivalent to these CLI commands:
router bgp 3
address-family ipv4 unicast!
address-family ipv4 multicast!
neighbor 10.0.101.6
remote-as 6
ebgp-multihop 255
address-family ipv4 unicast
orf route-policy BGP_pass all
capability orf prefix both
!
address-family ipv4 multicast
orf route-policy BGP_pass all
!
!
!
Sample XML Client Request to Configuration Values for a BGP Neighbor
0
3
true
IPv4Unicast
true
4-61
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 4 Cisco XML and Native Data Operations
Native Data Operation Content
IPv4Multicast
true
10.0.101.6
0
6
255
false
IPv4Unicast
true
BGP_pass_all
Both
IPv4Multicast
true
BGP_pass_all
Sample XML Response from the Router
4-62
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 4 Cisco XML and Native Data Operations
Native Data Operation Content
Get Request: Example
This example shows a native data request to get the address independent configuration values for a
specified BGP neighbor (using the same values set in the previous example).
Sample XML Client Request to Configuration Values for a BGP Neighbor
0
3
10.0.101.6
Sample XML Response from the Router
0
3
10.0.101.6
4-63
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 4 Cisco XML and Native Data Operations
Native Data Operation Content
0
6
255
false
IPv4Unicast
true
BGP_pass_all
Both
IPv4Multicast
true
BGP_pass_all
Get Request of Nonexistent Data: Example
This example shows a native data request to get the configuration values for a particular BGP neighbor;
this is similar to the previous example. However, in this example the client application is requesting the
configuration for a nonexistent neighbor. Instead of returning an error, the router returns the requested
object class hierarchy, but without any data.
Note Whenever an application attempts to get nonexistent data, the router does not treat this as an error and
returns the empty object hierarchy in the response.
Sample XML Client Request to Configuration Data for a Nonexistent BGP Neighbor
0
4-64
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 4 Cisco XML and Native Data Operations
Native Data Operation Content
3
10.0.101.99
Sample XML Response from the Router
0
3
10.0.101.99
4-65
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 4 Cisco XML and Native Data Operations
Native Data Operation Content
Delete Request: Example
This example shows a native data request to delete the address-independent configuration for a particular
BGP neighbor. Note that if a request is made to delete an item that does not exist in the current
configuration, an error is not returned to the client application. So in this example, the returned result is
the same as in the previous example: the empty tag, whether or not the specified BGP
neighbor exists.
This request is equivalent to these CLI commands:
router bgp 3
no neighbor 10.0.101.9
exit
Sample XML Client Request to the Address-Independent Configuration Data for a BGP Neighbor
0
3
10.0.101.6
Sample XML Response from the Router
4-66
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 4 Cisco XML and Native Data Operations
Native Data Operation Content
GetDataSpaceInfo Request Example
This example shows a operation used to retrieve the native data branch names
dynamically. This is useful, for example, for writing a client application that can issue a
operation without having to hardcode the branch names. The
operation can be invoked instead to retrieve the branch names. The returned branch names can then be
included in a subsequent request.
Sample XML Client Request to Retrieve Native Data
Sample XML Response from the Router
C H A P T E R
5-67
Cisco IOS XR XML API Guide
OL-24657-01
5
Cisco XML and Native Data Access Techniques
This chapter describes the various techniques or strategies you can use to structure native data operation
requests to access the information needed within the XML schema object class hierarchy.
Available Set of Native Data Access Techniques
The available native data access techniques are:
Request all data in the configuration hierarchy. See the XML Request for All Configuration Data
section on page 5-68.
Request all configuration data for a component. See the XML Request for All Configuration Data
per Component section on page 5-68.
Request all data within a container. See the XML Request for Specific Data Items section on
page 5-71.
Combine object class hierarchies within a request. See the XML Request with Combined Object
Class Hierarchies section on page 5-72.
Use wildcards in order to apply an operation to a set of entries within a table (Match attribute). See
the XML Request Using Wildcarding (Match Attribute) section on page 5-75.
Repeat naming information in order to apply an operation to multiple instances of an object. See the
XML Request for Specific Object Instances (Repeated Naming Information) section on
page 5-80.
Perform a one-level in order to list the naming information for each entry within a table
(Content attribute). See the XML Request Using Operation Scope (Content Attribute) section on
page 5-82.
Specify the maximum number of table entries to be returned in a response (Count attribute). See the
Limiting the Number of Table Entries Returned (Count Attribute) section on page 5-83.
Use custom filters to filter table entries (Filter element). See the Custom Filtering (Filter Element)
section on page 5-85.
Use the Mode attribute. See the XML Request Using the Mode Attribute section on page 5-86
The actual data returned in a request depends on the value of the Source attribute.
Note The term container is used in this document as a general reference to any grouping of related data, for
example, all of the configuration data for a particular Border Gateway Protocol (BGP) neighbor. The
term table is used more specifically to denote a type of container that holds a list of named 5-68
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
homogeneous objects. For example, the BGP neighbor address table contains a list of neighbor
addresses, each of which is identified by its IP address. All table entries in the XML API are identified
by the unique value of their element.
XML Request for All Configuration Data
Use the empty tag to retrieve the entire configuration object class hierarchy.
This example shows how to get the entire configuration hierarchy by specifying the empty
tag:
Sample XML Client Request to the Entire Configuration Object Class Hierarchy
Sample XML Response from the Router
.
.
.
response data goes here
.
.
.
XML Request for All Configuration Data per Component
All the configuration data for a component is retrieved by specifying the highest level tag for the
component.
In this example, all the configuration data for BGP is retrieved by specifying the empty tag:
Sample XML Client Request for All BGP Configuration Data
5-69
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
Sample XML Response from the Router
.
.
.
response data goes here
.
.
.
XML Request for All Data Within a Container
All data within a container is retrieved by specifying the configuration or operational object class
hierarchy down to the containers of interest, including any naming information as appropriate.
This example shows how to retrieve the configuration for the BGP neighbor with address 10.0.101.6:
Sample XML Client Request to Get All Address Family-Independent Configuration Data Within a BGP Neighbor
Container
0
3
5-70
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
10.0.101.6
Sample XML Response from the Router
0
3
10.0.101.6
0
6
255
false
IPv4Unicast
true
oBGP_pass_all
Both
IPv4Multicast
true
BGP_pass_all
5-71
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
XML Request for Specific Data Items
The value of a specific data item (leaf object) can be retrieved by specifying the configuration or
operational object class hierarchy down to the item of interest, including any naming information as
appropriate.
This example shows how to retrieve the values of the two data items and
for the BGP neighbor with address 10.0.101.6:
Sample XML Client Request for Two Specific Data Items: RemoteAS and EBGPMultihop
0
3
10.0.101.6
Sample XML Response from the Router
5-72
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
0
3
10.0.101.6
255
XML Request with Combined Object Class Hierarchies
Multiple object class hierarchies can be specified in a request. For example, a portion of the hierarchy
can be repeated, and multiple instances of a child object class can be included under a parent.
The object class hierarchy may also be compressed into the most efficient XML. In other words, it is
not necessary to repeat hierarchies within a request.
Before combining multiple operations inside one tag, these limitations should be noted for
Release 3.0. Any operations that request multiple items of data must be sent in a separate XML request.
They include:
An operation to retrieve all data beneath a container. For more information, See theXML Request
for All Data Within a Container section on page 5-69.
An operation to retrieve the list of entries in a table. For more information, See the XML Request
Using Operation Scope (Content Attribute) section on page 5-82.
An operation which includes a wildcard. For more information, See the XML Request Using
Wildcarding (Match Attribute) section on page 5-75.
If an attempt is made to make such an operation followed by another operation within the same request,
this error is returned:
XML Service Library detected the fatal condition. The XML document which led to this
response contained a request for a potentially large amount of data, which could return a
set of iterators. The document also contained further requests for data, but these must be
sent in a separate XML document, in order to ensure that they are serviced.
The error indicates that the operations must be separated out into separate XML requests.5-73
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
These two examples illustrate two different object class hierarchies that retrieve the same data: the value
of the leaf object and for the BGP neighbor with the address 10.0.101.6
and all of the configuration data for the BGP neighbor with the address 10.0.101.7:
Example 1: Verbose Form of a Request Using Duplicated Object Class Hierarchies
Sample XML Client Request for Specific Configuration Data Values
0
3
10.0.101.6
0
AS>3
10.0.101.7
5-74
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
Sample XML Response from the Router
.
.
.
response data returned here for
neighbor 10.0.101.6
.
.
.
.
.
.
response data returned here
neighbor 10.0.101.7
.
.
.
Example 2: Compact Form of a Request Using Compressed Object Class Hierarchies
Sample XML Client Request
0
3
10.0.101.6
5-75
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
10.0.101.7
Sample XML Response from the Router
.
.
.
response data returned here for both
neighbors
.
.
.
XML Request Using Wildcarding (Match Attribute)
Wildcarding of naming information is provided by means of the Match attribute. Match=* can be used
on any Naming attribute within a or operation to effectively specify a wildcarded value
for that attribute. The operation applies to all instances of the requested objects.
If no match is found, the response message contains MatchFoundBelow=false in the class, and
MatchFound=false in the class that specified Match=* and no match found. These attributes are not
added (with a value of true) in the response if a match is found.
Note Although partial wildcarding of NodeIDs is not available in XML, each element of the NodeID has to
be wildcarded, similar to the support on the CLI of */*/* as the only wildcards supported for locations.
This example shows how to use the Match attribute to get the value for all configured BGP
neighbors:
Sample XML Client Request Using the Match Attribute Wildcarding
5-76
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
0
3
Sample XML Response from the Router
0
3
10.0.101.1
1
10.0.101.2
2
10.0.101.3
3
...
data for more neighbors
returned here
...5-77
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
This example shows the response message when there is no match found for the request with
wildcarding:
Sample XML Client Request for No Match Found with Wildcarding
3
3
Sample XML Response from the Router
3
3
5-78
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
Regular expression matching of naming information is provided by means of the Match attribute.
Match= can be used on any Naming attribute within a operation to specify
a filtering criteria to filter table entries.
These rules apply to the filtering criteria:
The character, * , is treated same as the .* character. (matches everything)
Meta character ^ (beginning of line) and $ (end of line) are always attached to the regular
expression string specified by Match attribute.
A regular expression string without any meta characters is treated as an exact match.
Sample Request of the Configured ACL Entries That End With SAA:
ACL entries that match this request: TCLSAA, 100SAA, SAA
ACL entries that do NOT match this request: TCLSAA1
Sample Request That Returns all of the Configured GigabitEthernet Ports in Slot 5:
act
5-79
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
Interface names that match this request: GigabitEthernet0/5/0/0, GigabitEthernet0/5/0/1, and so
forth.
Interface names that do not match this request: GigabitEthernet0/4/0/0
Sample Request That Returns the Configured Loopback Interfaces Between Loopback100 and Loopback199:
act
Interface names that match this request: Loopback100,
,Loopback199
Interface names that do not match this request: Loopback1000, Loopback1990
Sample Request That Returns Only Loopback1 (if it is configured):
act
Interface names that match this request: Loopback1
Interface names that do not match this request: Loopback10, Loopback100, and so forth
The request above, thus, is equivalent to this request:
act
Loopback1
5-80
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
Limitation: Regular expression matching can only be specified in the first table of an XML request.
XML Request for Specific Object Instances (Repeated Naming Information)
Wildcarding allows the client application to effectively specify all instances of a particular object.
Similarly, the client application might have a need to specify only a limited set of instances of an object.
Specifying object instances can be done by simply repeating the naming information in the request.
This example shows how to retrieve the address independent configuration for three different BGP
neighbors; that is, the neighbors with addresses 10.0.101.1, 10.0.101.6, and 10.0.101.8, by repeating the
naming information, once for each desired instance:
Sample XML Client Request Using Repeated Naming Information for BGP Instances
0
3
10.0.101.1
10.0.101.6
10.0.101.8
5-81
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
Sample XML Response from the Router
0
3
10.0.101.1
...
data returned for 1st neighbor
...
10.0.101.6
...
data returned for 2nd neighbor
...
10.0.101.6
...
data returned for 3rd neighbor
...
5-82
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
XML Request Using Operation Scope (Content Attribute)
The Content attribute is used on any table element in order to specify the scope of a operation.
Table 5-1 describes the content attribute values are supported.
If the Content attribute is specified on a nontable element, it is ignored. Also, note that the Content and
Count attributes can be used together on the same table element.
This example displays the Content attribute that is used to list all configured BGP neighbors:
Sample XML Client Request Using the All Content Attribute
0
3
Sample XML Response from the Router
0
Table 5-1 Content Attributes
Content Attribute Description
All Used to get all leaf items and their values. All is the default when the Content
attribute is not specified on a table element.
Entries Used to get the Naming information for each entry within a specified table object
class. Entries provides a one-level get capability.5-83
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
3
10.0.101.1
10.0.101.2
10.0.101.3
10.0.101.4
...
more neighbors returned here
...
Limiting the Number of Table Entries Returned (Count Attribute)
The Count attribute is used on any table element within a operation to specify the maximum
number of table entries to be returned in a response. When the Count attribute is specified, the naming
information within the request is used to identify the starting point within the table, that is, the first table
entry of interest. If no naming information is specified, the response starts at the beginning of the table.
For a table whose entries are containers, the Count attribute can be used only if the Content attribute is
also specified with a value of Entries. This restriction does not apply to a table whose children are leaf
nodes.
As an alternative to the use of the Count attribute, the XML interface supports the retrieval of large XML
responses in blocks through iterators. 5-84
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
This example shows how to use the Count attribute to retrieve the configuration information for the first
five BGP neighbors starting with the address 10.0.101.1:
Sample XML Client Request Using the Count Attribute
0
3
10.0.101.1
Sample XML Response from the Router
0
3
10.0.101.1
5-85
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
10.0.101.2
...
data returned for remaining
neighbors here
...
Custom Filtering (Filter Element)
Some of the tables from the operational namespace support the selection of rows of interest based on
predefined filtering criteria. Filters can be applied to such tables in order to reduce the number of table
entries retrieved in a request.
Client applications specify filtering criteria for such tables by using the tag and including the
filter specific parameters as defined in the XML schema definition for that table. If no table entries
match the specified filter criteria, the response contains the object class hierarchy down to the specified
table, but does not include any table entries. The Content attribute can be used with a filter to specify
the scope of a request.
In this example, the filter is used to retrieve operational information for all neighbors
in autonomous system 6:
Sample XML Client Request Using Filtering
one
6
5-86
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
Sample Filtered XML Response from the Router
one
6
...
data for 1st neighbor returned here
...
...
data for 2nd neighbor returned here
returned here
...
...
data for remaining neighbors
returned here
...
XML Request Using the Mode Attribute
The client application modifies the target configuration as needed using the and
operations. The XML interface supports the combining of several operations into a single request. When
multiple configuring operations are specified in a single request, they are performed on a best effort
basis by default. For example, in a case where configuring operations 1 through 3 are in the request and
even if operation 2 fails, operation 3 is attempted and operation 1 result remains in the target
configuration.
To perform the request on an atomic basis, use the Mode attribute with the value Atomic in the
. If any errors occur, the target configuration is cleared and the errors are returned to the client
application.5-87
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
Sample XML Client Request with the Attribute Mode=Atomic
20
Sample XML Response from the Router
Sample XML Client Request with an Invalid Set Operation (Best-Effort)
20
<--- This is an invalid XML set operation
Sample XML Response from the Router
5-88
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
Note This request is performed on a best effort basis. The SNMP timeout configuration has no error and is
committed.
Sample XML Request and Response of Commit Change for ForCommitID="1000000443"
20
Sample XML Client Request with the Attribute Mode=Atomic and with an Invalid Set Operation
20
5-89
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access Techniques
<--- This is an invalid XML set operation
Sample XML Response from the Router
Note The target configuration buffer is cleared and no configuration is committed.5-90
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 5 Cisco XML and Native Data Access Techniques
Available Set of Native Data Access TechniquesC H A P T E R
6-91
Cisco IOS XR XML API Guide
OL-24657-01
6
Cisco XML and Encapsulated CLI Operations
XML interface for the router provides support for XML encapsulated CLI commands and responses.
This chapter provides information on XML CLI command tags.
XML CLI Command Tags
A client application can request a CLI command by encoding the text for the command within a pair of
start and end tags, tags, and tags. The router responds with
the uninterpreted CLI text result.
Note XML encapsulated CLI commands use the same target configuration as the corresponding XML
operations , , and .
When used for CLI operations, the tag supports the optional Operation attribute, which
can take one of the values listed in Table 6-1.
This example uses the operation tag:
Sample XML Client Request for CLI Command Using CLI Tags
router bgp 3
Table 6-1 Operational Attribute Values
Operational Attribute Value Operational Attribute Value Description
Apply Specifies that the commands should be executed or applied (default).
Help Gets help on the last command in the list of commands sent in the
request. There should not be any empty lines after the last command
(because the last command is considered to be the one on the last line).
CommandCompletion Completes the last keyword of the last command. Apart from not
allowing empty lines at the end of the list of commands sent in the
request, when this option is used, there should not be any white spaces
after the partial keyword to be completed.6-92
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 6 Cisco XML and Encapsulated CLI Operations
XML CLI Command Tags
default-metric 10
timers bgp 80 160
exit
commit
sh config commit changes last 1
Sample XML Response from the Router
Building configuration...
router bgp 3
timers bgp 80 160
default-metric 10
end
CLI Command Limitations
The CLI commands, which are supported through XML, are limited to CLI configuration commands and
EXEC mode show commands (and responses) that are wrapped in tags.
These commands and conditions are not supported:
The do configuration mode command.
EXEC mode commands other than show commands except for these items:
show history
show user
show users
show terminal
Administration EXEC mode commands
Iterators for responses to commands issued through XML. For example, iterators are not
supported for the output of the show run and show configuration commands.
Sending a request in format and getting back an XML encoded response.
Sending an XML encoded request and getting back a response in format.
Only one XML request can be issued at a time across all client sessions on the router.C H A P T E R
7-93
Cisco IOS XR XML API Guide
OL-24657-01
7
Cisco XML and Large Data Retrieval
XML for the router supports the retrieval of large XML responses in blocks (for example, chunks or
sections).
These sections provide information about large data retrieval:
Iterators, page 7-93
Throttling, page 7-98
Streaming, page 7-99
Iterators
When a client application makes a request, the resulting response data size is checked to determine
whether it is larger than a predetermined block size.
If the response data is not larger than the predetermined block size, the complete data is returned in a
normal response.
If the response data is larger than the block size, the first set of data is returned according to the block
size along with a decremented iterator ID included as the value of the IteratorID attribute. The client
must then send requests including the iterator ID until all data is retrieved. The client
application knows that all data is retrieved when it receives a response that does not contain an IteratorID
attribute.
Usage Guidelines
These points should be noted by the client application when iterators are used:
The block size is a configurable value specific to each transport mechanism on the router; that is,
the XML agent for the dedicated TCP connection and Secure Shell (SSH), Telnet, or Secure Sockets
Layer (SSL) dedicated TCP connection.
Use this command to configure the iteration size:
xml agent [tty | ssl] iteration on size <1-100000>
Specify the iteration size in KB. The default is 48 KB.7-94
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 7 Cisco XML and Large Data Retrieval
Iterators
Note The iteration command includes the option to turn off the XML response iterator. However,
we do not recommend turning off the iterator because of the large memory usage that occurs
temporarily.
The block size refers to the entire XML response, not just the payload portion of the response.
Large responses are divided based on the requested block size, not the contents. However, each
response is always a complete XML document.
Requests containing multiple operations are treated as a single entity when the block size and
IteratorID are applied. As a result, the IteratorID is an attribute of the tag, never of an
individual operation.
If the client application sends a request that includes an operation resulting in the need for an iterator
to return all the response data, any further operations contained within that request are rejected. The
rejected operations are resent in another request.
The IteratorID is an unsigned 32-bit value that should be treated as opaque data by the client
application. Furthermore, the client application should not assume that the IteratorID is constant
between operations.
To reduce memory overhead and avoid memory starvation of the router, these limitations are placed on
the number of allowed iterators:
The maximum number of iterators allowed at any one time on a given client session is 10.
The maximum number of iterators allowed at any one time for all client sessions is 100.
If a request is issued that results in an iterated response, it is counted as one iterator,
regardless of the number of operations required to retrieve all of the response data.
For example, a request may require 10, 100, or more operations to retrieve all the
associated data, but during this process only one iterator is being used.
Also, an iterator is considered to be in use until all of the response data associated with that iterator
(the original request) is retrieved or the iterator is terminated with the Abort attribute.
Examples Using Iterators to Retrieve Data
This example shows a client request that utilizes an iterator to retrieve all global Border Gateway
Protocol (BGP) configuration data for a specified autonomous system:
Sample XML Client Request to Retrieve All BGP Configuration Data
0
3
7-95
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 7 Cisco XML and Large Data Retrieval
Iterators
Sample XML Response from the Router Containing the First Block of Retrieved Data
0
3
...
1st block of data returned here
...
Second XML Client Request Using the Iterator to Retrieve the Next Block of BGP Configuration Data
Sample XML Response from the Router Containing the Second Block of Retrieved Data
0
3
7-96
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 7 Cisco XML and Large Data Retrieval
Iterators
Third XML Client Request Using the Iterator to Retrieve the Next Block of BGP Configuration Data
Sample XML Response from the Router Containing Third Block of Retrieved Data
0
3
...
3rd block of data returned here
...
Final XML Client Request Using the Iterator to Retrieve the Last Block of BGP Configuration Data
Final XML Response from the Router Containing the Final Block of Retrieved Data
0
3
...
Final block of data returned here
...
7-97
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 7 Cisco XML and Large Data Retrieval
Iterators
Large Response Division
The default behavior for large response division is that large responses are divided based on the
requested block size.
To specify a different basis for the division, use the IterateAtFirstTableGet attribute in the tag.
Sample XML Request with attribute IterateAtFirstTable
Terminating an Iterator
A client application may terminate an iterator without retrieving all of the response data by including an
Abort attribute with a value of true on the operation. A client application that does not
complete or terminate its requests risks running out of iterators.
This example shows a client request using the Abort attribute to terminate an iterator:
Sample XML Request
0
7-98
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 7 Cisco XML and Large Data Retrieval
Throttling
3
Sample XML Response from the Router
0
3
...
1st block of data returned here
...
Sample XML Request Using the Abort Attribute to Terminate an Iterator
Sample XML Response from the Router
Throttling
XML response data could be large resulting in high CPU utilization or high memory usage when
constructing the XML response. Throttling mechanisms in the XML agent provide a means for external
users or an NMS to control the impact to the system.7-99
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 7 Cisco XML and Large Data Retrieval
Streaming
CPU Throttle Mechanism
The CPU throttle mechanism in the XML agent controls the number of tags to process per second. The
higher the number of tags that are specified, the higher the CPU utilization and faster response. The
lower number of tags means less CPU utilization and slower response.
To configure the number of tags, use this command:
xml agent [tty | ssl] throttle process-rate <1000-30000>
Memory Throttle Mechanism
The memory throttle mechanism in the XML agent controls the maximum XML response size in MB. If
this size is exceeded, this error message is returned in the XML response.
> XML>
>
To configure the size of the memory usage per session, use this command:
xml agent [tty | ssl] throttle memory <100-600>
The default is 300 MB.
Streaming
As the XML agent retrieves the data from the source, the output of a response is streamed. This process
is similar to iterators, but the XML client does not run the GetNext IteratorID to handle large response
data size.
Usage Guidelines
Use these guidelines when streaming is used by the client application:
Iteration must be off.
xml agent [tty | ssl] iteration off
The sub-response block size is a configurable value specific to each transport mechanisms on the
router: the XML agent for the dedicated TCP connection and Secure Shell (SSH), Telnet, or Secure
Sockets Layer (SSL) dedicated TCP connection.
Use this command to configure the streaming size. Specify the streaming size in KB. The default is
48 KB.
xml agent [tty | ssl] streaming on size <1-100000>7-100
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 7 Cisco XML and Large Data Retrieval
StreamingC H A P T E R
8-101
Cisco IOS XR XML API Guide
OL-24657-01
8
Cisco XML Security
Specific security privileges are required for a client application requesting information from the router.
This chapter contains these sections:
Authentication, page 8-101
Authorization, page 8-101
Retrieving Task Permissions, page 8-102
Task Privileges, page 8-102
Task Names, page 8-103
Authorization Failure, page 8-104
Management Plane Protection, page 8-104
VRF, page 8-105
Access Control List, page 8-105
Authentication
User authentication through authentication, authorization, and accounting (AAA) is handled on the
router by the transport-specific XML agent and is not exposed through the XML interface.
Authorization
Every operation request by a client application is authorized. If the client is not authorized to perform an
operation, the operation is not performed by the router and an error is returned.
Authorization of client requests is handled through the standard AAA task permissions mechanism.
The XML agent caches the AAA user credentials obtained from the user authentication process, and then
each client provides these to the XML infrastructure on the router. As a result, no AAA information
needs to be passed in the XML request from the client application.
Each object class in the schema has a task ID associated with it. A client applications capabilities and
privileges in terms of task IDs are exposed by AAA through a show command. A client application can
use the XML interface to retrieve the capabilities prior to sending configuration requests to the router.
A client application requesting an operation through the XML interface must have the appropriate task
privileges enabled or assigned for any objects accessed in the operation:8-102
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 8 Cisco XML Security
Retrieving Task Permissions
operations require AAA read privileges.
and operations require AAA write privileges.
The configuration services operations through configuration manager can also require the appropriate
predefined task privileges.
If an operation requested by a client application fails authorization, an appropriate element is
returned in the response sent to the client. For native data operations, the element is associated
with the specific element or object classes where the authorization error occurred.
Retrieving Task Permissions
A client applications capabilities and privileges in terms of task permissions are exposed by AAA
through CLI show commands. A client application can also use the XML interface to programatically
retrieve the current AAA capabilities from the router. This retrieval can be done by issuing the
appropriate request to the component.
This example shows a request to retrieve all of the AAA configuration from the router:
Sample XLM Request to Retrieve AAA Configuration Information
Sample XML Response from the Router
.
.
.
AAA configuration returned here
.
.
.
Task Privileges
A client application requesting a native data operation through the XML interface must have the
appropriate task privileges enabled or assigned for any items accessed in the operation:
, , and operations require AAA read privileges.
and operations require AAA write privileges.8-103
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 8 Cisco XML Security
Task Names
The configuration services operations through the configuration manager can also require the
appropriate predefined task privileges.
Task Names
Each object (that is, data item or table) exposed through the XML interface and accessible to the client
application has one or more task names associated with it. The task names are published in the XML
schema documents as annotations.
For example, the complex type definition for the top-level element in the Border Gateway Protocol
(BGP) configuration schema contains this annotation:
Container
18
0
bgp
native_data_operations
Configuration
Here is another example from a different component schema. This annotation includes a list of task
names.
1
0
ouni
mpls-te
Task names indicate what permissions are required to access the data below the object. In the example,
the task names ouni and mpls-te are specified for the object. The task names apply to the object and are
inherited by all the descendants of the object in the schema. In other words, the task names that apply to
a particular object are the task names specified for the object and the task names of all ancestors for
which there is a task name specified in the schema.
The TaskGrouping attribute specifies the logical relationship among the task names when multiple task
names are specified for a particular object. For example, for a client application to issue a request
for the object containing the preceding annotation, the corresponding AAA user credentials must have
read permissions set for both the ouni and mpls-te tasks (and any tasks inherited by the object). The
possible values for the TaskGrouping attribute are And, Or, and Single. The value Single is used when
there is only a single task name specified for the object.8-104
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 8 Cisco XML Security
Authorization Failure
Authorization Failure
If an operation requested by a client application fails authorization, an appropriate element is
returned in the response sent to the client. For native data operations, the element is associated
with the specific element or object where the authorization error occurred.
If a client application issues a request to retrieve all data below a container object, and if any
subsections of that data require permissions that the user does not have, then an error is not returned.
Instead, the subsection of data is not included in the response.
Management Plane Protection
Management Plane Protection (MPP) provides a mechanism for securing management traffic on the
router. Without MPP, a management services traffic can come through any interface with a network
address, which could be a security risk.
MPP is effective when XML is configured.
Inband Traffic
To configure the MPP for inband traffic, use the command in this example:
RP/0/0/CPU0:router(config)#control-plane management-plane inband interface [interface
type] allow [protocol|all]
where the protocol is XML.
RP/0/RSP0/CPU0:PE44_ASR-9010(config)#$Ethernet 0/0/0/0 allow XML ?
peer Configure peer address on this interface
RP/0/RSP0/CPU0:PE44_ASR-9010(config)#$Ethernet 0/0/0/0 allow XML peer ?
address Configure peer address on this interface
RP/0/RSP0/CPU0:PE44_ASR-9010(config)#$Ethernet 0/0/0/0 allow XML peer address ?
ipv4 Configure peer IPv4 address on this interface
ipv6 Configure peer IPv6 address on this interface
RP/0/RSP0/CPU0:PE44_ASR-9010(config)#$Ethernet 0/0/0/0 allow XML peer address
Out-of-Band Traffic
To configure the MPP for out-of-band traffic, use the command in this example:
RP/0/0/CPU0:router(config)#control-plane management-plane out-of-band interface
[interface type] allow [protocol|all]
where the protocol is XML.
RP/0/RSP0/CPU0:PE44_ASR-9010(config)#$gabitEthernet 0/0/0/1 allow XML ?
peer Configure peer address on this interface
RP/0/RSP0/CPU0:PE44_ASR-9010(config)#$gabitEthernet 0/0/0/1 allow XML peer ?
address Configure peer address on this interface
8-105
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 8 Cisco XML Security
VRF
RP/0/RSP0/CPU0:PE44_ASR-9010(config)#$ XML peer address ?
ipv4 Configure peer IPv4 address on this interface
ipv6 Configure peer IPv6 address on this interface
RP/0/RSP0/CPU0:PE44_ASR-9010(config)#$ XML peer address
VRF
XML agents can be configured to virtual route forwarding (VRF) aware.
To configure the dedicated agent [ssl] to receive or send messages through VRF, use this command:
RP/0/0/CPU0:router(config)#xml agent [ssl] vrf
To configure the dedicated [ssl] agent NOT to receive or send messages through the default VRF,
use this command:
RP/0/0/CPU0:Router(config)#xml agent [ssl] vrf default shutdown
Access Control List
To configure an access control list (ACL) for XML agents, use this command:
RP/0/0/CPU0:router(config)#xml agent [ssl] vrf access-list
IPv6 Access List Example
xml agent [ssl]
vrf
ipv6 access-list
IPv4 and IPv6 Access Lists Example
xml agent [ssl]
vrf
ipv4 access-list
ipv6 access-list
!
!
Note This method to configure an IPv4 access-list is still supported (for backward compatibility) but
hidden from CLI help.
xml agent [ssl]
vrf
access-list
!
!8-106
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 8 Cisco XML Security
Access Control ListC H A P T E R
9-107
Cisco IOS XR XML API Guide
OL-24657-01
9
Cisco XML Schema Versioning
Before the router can carry out a client application request, it must verify version compatibility between
the client request and router component versions.
Major and minor version numbers are included on the and elements to indicate
the overall XML application programming interface (API) version in use by the client application and
router. In addition, each component XML schema exposed through the XML API has a major and minor
version number associated with it.
This chapter describes the format of the version information exchanged between the client application
and the router, and how the router uses this information at run time to check version compatibility.
This chapter contains these sections:
Major and Minor Version Numbers, page 9-107
Run-Time Use of Version Information, page 9-108
Retrieving Version Information, page 9-113
Retrieving Schema Detail, page 9-115
Major and Minor Version Numbers
The top-level or root object (that is, element) in each component XML schema carries the major and
minor version numbers for that schema. A minor version change is defined as an addition to the XML
schema. All other changes, including deletions and semantic changes, are considered major version
changes.
The version numbers are documented in the header comment contained in the XML schema file. They
are also available as annotations included as part of the complex type definition for the
top-level schema element. This enables you to programmatically extract the version numbers from the
XML schema file to include in XML request instances sent to the router. The version numbers are carried
in the XML instances using the MajorVersion and MinorVersion attributes.
This example shows the relevant portion of the complex type definition for an element that carries
version information:
BGP Configuration Commands
Container
24
0
9-108
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 9 Cisco XML Schema Versioning
Run-Time Use of Version Information
bgp
native_data_operations
Configuration
.
.
.
.
.
..
The attribute group VersionAttributeGroup is defined as:
Common version information attributes
Run-Time Use of Version Information
Each XML request must contain the major and minor version numbers of the client at the appropriate
locations in the XML. These version numbers are compared to the version numbers running on the
router.
The behavior of the router, whether the request is accepted or rejected, depends on the value set for the
AllowVersion MisMatch attribute.
All requests are accepted when the AllowVersionMismatch attribute is set as TRUE. The request is then
accepted or rejected based on these rules when the AllowVersionMismatch attribute is set as FALSE:
If there is a major version discrepancy, then the request fails.
If there is a minor version lag, that is, the client minor version is behind that of the router, then the
request is attempted.
If there is a minor version creep, that is, the client minor version is ahead of that of the router, then
the request fails.
If the version information has not been included in the request, then the request fails.
The default value is used when the request does not specify the AllowVersionMismatch attribute.
The default value is currently set as TRUE.
Each XML response can also contain the version numbers at the appropriate locations in the XML.9-109
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 9 Cisco XML Schema Versioning
Run-Time Use of Version Information
Note If the client minor version is behind that of the router, then the response may contain elements that are
not recognized by the client application. The client application must be able to handle these additional
elements.
Placement of Version Information
This example shows the placement of the MajorVersion and MinorVersion attributes within a client
request to retrieve the global BGP configuration data for a specified autonomous system:
Sample Client Request Showing Placement of Version Information
0
3
Sample XML Response from the Router
0
3
...
data returned here
...
9-110
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 9 Cisco XML Schema Versioning
Run-Time Use of Version Information
Version Lag with the AllowVersionMisMatch Attribute Set as TRUE
The example shows a request and response with a version mismatch. In this case, because the
AllowVersionMismatch attribute is set as TRUE, the request is attempted. This is also the default
behavior when AllowVersionMismatch attribute is not specified in the request. The router attempts the
request and if the request is successful returns a VersionMismatchExists attribute at the appropriate
point within the response along with a VersionMismatchExistsBelow attribute on the operation
tag.
Note The version number, which is returned in the response, is the version running on the router. The versions
in this example are hypothetical.
Sample XML Client Request with a Version Mismatch
0
3
Sample XML Response from the Router
VersionMismatchExists=true>
0
3
...
data returned here
...
9-111
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 9 Cisco XML Schema Versioning
Run-Time Use of Version Information
Version Lag with the AllowVersionMismatch Attribute Set as FALSE
The example shows a request and response with a version mismatch, but the request specifies the
AllowVersionMisMatch attribute as FALSE.
In this case, the client minor version is behind the router, so the request is still attempted, but
VersionMismatchExists and VersionMismatchExistsBelow attributes are not returned in the response.
Note The version number returned is the response is the version number running on the router. The versions
in this example are hypothetical.
Sample XML Client Request with the AllowVersionMismatch Attribute Set as False
0
3
Sample XML Response from the Router
0
3
...
data returned here
...
9-112
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 9 Cisco XML Schema Versioning
Run-Time Use of Version Information
Version Creep with the AllowVersionMisMatch Attribute Set as TRUE
The example shows a request and response with a version mismatch. In this case, the client is the
AllowVersionMismatch attribute and is set as TRUE. The request is attempted.
Note The version number returned is the response is the version number running on the router. The versions
in this example are hypothetical.
Sample XML Request with an AllowVersion Mismatch Attribute Set as TRUE
0
3
Sample XML Response from the Router
VersionMismatchExists=true>
0
3
...
data returned here
...
9-113
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 9 Cisco XML Schema Versioning
Retrieving Version Information
Version Creep with the AllowVersionMisMatch Attribute Set as FALSE
The example shows a request and response with a version mismatch. In this case, the client minor
version is ahead of the router minor version, which results in an error response.
Sample XML Request with an AllowVersion Mismatch Attribute Set as FALSE
Sample XML Response from the Router
ErrorMsg="'XML Service Library' detected the 'warning'
condition 'An error was encountered in the XML beneath this operation
tag'" >
Retrieving Version Information
The version of the XML schemas running on the router can be retrieved using the tag
followed by the appropriate tags identifying the names of the desired components.
In this example, the tag is used to retrieve the major and minor version numbers for
the BGP component configuration schema:
Sample XML Request to Retrieve Major and Minor Version Numbers
Sample XML Response from the Router
9-114
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 9 Cisco XML Schema Versioning
Retrieving Version Information
This example shows how to retrieve the version information for all configuration schemas available on
the router:
Sample XML Request to Retrieve Version Information for All Configuration Schemas
Sample XML Response from the Router
....
....
...
9-115
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 9 Cisco XML Schema Versioning
Retrieving Schema Detail
Retrieving Schema Detail
The SchemaDetail boolean attribute can now be specified on the operation to instruct
the router to return additional schema detail in the response. If the SchemaDetail attribute is specified
in the request, each schema entity in the response contains three additional boolean
attributes listed in Table 9-1.
This example shows a request and response with the SchemaDetail attribute:
Sample XML Client Request for Schema Detail
Sample XML Response from the Router
...
. ..
Table 9-1 Content Attributes
Content Attribute Description
ContainsNaming Indicates whether or not the schema entity contains naming information.
Getable Indicates whether or not operations are supported for this schema.
Setable Indicates whether or not operations are supported for this schema.9-116
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 9 Cisco XML Schema Versioning
Retrieving Schema Detail
C H A P T E R
10-117
Cisco IOS XR XML API Guide
OL-24657-01
10
Alarms
The Cisco IOS XR XML API supports the registration and receipt of notifications; for example,
asynchronous responses such as alarms, over any transport. The system supports alarms and event
notifications over XML/SSH.
An asynchronous registration request is followed by a synchronous response and any number of
asynchronous responses. If a client wants to stop receiving a particular set of asynchronous responses at
a later stage, the client sends a deregistration request.
One type of notification that is supported by the Cisco IOS XR XML API is alarms; for example, syslog
messages. The alarms that are received are restricted by a filter, which is specified in the registration
request. An alarm registration request is followed by a synchronous response. If successful, the
synchronous response contains a RegistrationID, which is used by the client to uniquely identify the
applicable registration. A client can make many alarm registrations. If a client wants to stop receiving a
particular set of alarms at a later stage, the client can send a deregistration request for the relevant
RegistrationID or all Registration IDs for the session.
When an asynchronous response is received that contains an alarm, the registration that resulted in the
alarm is determined from the RegistrationID.
These sections describe the XML used for every operation:
Alarm Registration, page 10-117
Alarm Deregistration, page 10-118
Alarm Notification, page 10-119
Alarm Registration
Alarm registration and deregistration requests and responses and alarm notifications use the
operation tag to distinguish them from other types of XML operations. A registration request contains
the tag, which is followed by several tags that specify the filter requirement. If registration
for all alarms is required, no filter is specified. These filter criteria are listed:
SourceID
Category
Group
Context
Code10-118
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 10 Alarms
Alarm Deregistration
Severity
BiStateOnly
If it succeeds, the response contains a tag with a RegistrationID attribute. If it fails, the filter
tag that caused the error appears with an error message attribute. This example shows a registration
request to receive all alarms for configuration change; for example, commit notifications:
Sample XML Request from the Client Application
CONFIG
DB_COMMIT
Sample XML Response from the Router
Response MajorVersion="1" MinorVersion="0">
Note If a second registration is made with the same filter, or if the filters with two registrations overlap, these
alarms that match both registrations are received twice. In general, each alarm is received once for each
registration that it matches.
If a session ends (for example, the connection is dropped), all registrations are automatically canceled.
Alarm Deregistration
An alarm deregistration request consists of the operation tag followed by the tag,
with the optional attribute RegistrationID. If RegistrationID is specified, the value must be that returned
from a previous registration request. The registration with that ID must not have already been
deregistered or an error is returned. If it is not specified, the request results in all alarm registrations for
that session being deregistered.
This example shows a deregistration request for the RegistrationID returned from the registration
request example:
Sample XML Request from the Client Application
10-119
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 10 Alarms
Alarm Notification
Sample XML Response from the Router
Alarm Notification
Alarm notifications are contained within a pair of tags to distinguish them from normal
responses. Each notification contains one or more alarms, each of which is contained within a pair of
tags. The tags have an attribute RegistrationID, where the value is the RegistrationID returned
in the registration that resulted in the alarm.
The tags contain these fields for the alarm:
SourceID
EventID
Timestamp
Category
Group
Code
Severity
State
CorrelationID
AdditionalText
This example shows the configuration commit alarm notification:
RP/0/0/CPU0
84
1077270612
MGBL
CONFIG
DB_COMMIT
Informational
NotAvailable
0
config[65704]: %MGBL-CONFIG-6-DB_COMMIT : Configuration committed
by user 'admin'. Use 'show commit changes 1000000490' to view
the changes.
10-120
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 10 Alarms
Alarm NotificationC H A P T E R
11-121
Cisco IOS XR XML API Guide
OL-24657-01
11
Error Reporting in Cisco XML Responses
The XML responses returned by the router contains error information as appropriate, including the
operation, object, and cause of the error when possible. The error codes and messages returned from the
router may originate in the XML agent or in one of the other infrastructure layers; for example, the XML
Service Library, XML Parser Library, or Configuration Manager.
Types of Reported Errors
Table 11-1 lists the types of potential errors in XML Responses.
These error categories are described in these sections:
Error Attributes, page 11-122
Transport Errors, page 11-122
XML Parse Errors, page 11-122
XML Schema Errors, page 11-123
Table 11-1 Reported Error Types
Error Type Description
Transport errors Transport-specific errors are detected within the XML agent (and
include failed authentication attempts).
XML parse errors XML format or syntax errors are detected by the XML Parser
Library (and include errors resulting from malformed XML,
mismatched XML tags, and so on).
XML schema errors XML schema errors are detected by the XML operation provider
within the infrastructure (and include errors resulting from invalid
operation types, invalid object hierarchies, values out of range, and
so on).
Operation processing errors Operation processing errors are errors encountered during the
processing of an operation, typically as a result of committing the
target configuration (and include errors returned from
Configuration Manager and the infrastructure such as failed
authorization attempts, and invalid configuration errors returned
from the back-end Cisco IOS XR applications). 11-122
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 11 Error Reporting in Cisco XML Responses
Types of Reported Errors
Operation Processing Errors, page 11-125
Error Codes and Messages, page 11-126
Error Attributes
If one or more errors occur during the processing of a requested operation, the corresponding XML
response includes error information for each element or object class in error. The error information is
included in the form of ErrorCode and ErrorMsg attributes providing a relevant error code and error
message respectively.
If one or more errors occur during the processing of an operation, error information is included for each
error at the appropriate point in the response. In addition, error attributes are added at the operation
element level. As a result, the client application does not have to search through the entire response to
determine if an error has occurred. However, the client can still search through the response to identify
each of the specific error conditions.
Transport Errors
Transport-specific errors, including failed authentication attempts, are handled by the appropriate XML
agent.
XML Parse Errors
This general category of errors includes those resulting from malformed XML and mismatched XML
tags.
The router checks each XML request, but does not validate the request against an XML schema. If the
XML contains invalid syntax and thus fails the well-formedness check, the error indication is returned
in the form of error attributes placed at the appropriate point in the response. In such cases, the response
may not contain the same XML as was received in the request, but just the portions to the point where
the syntax error was encountered.
In this example, the client application sends a request to the router that contains mismatched tags, that
is, the opening tag is not paired with a closing tag. This example illustrates
the format and placement of the error attributes.
Note The actual error codes and messages might be different than what is shown in this example. Also, the
actual error attributes does not contain new line characters.
Sample XML Client Request Containing Mismatched Tags
0
311-123
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 11 Error Reporting in Cisco XML Responses
Types of Reported Errors
Sample XML Response from the Router
XML Schema Errors
XML schema errors are detected by the XML operation providers. This general category of errors
includes those resulting from invalid operation types, invalid object hierarchies, and invalid naming or
value elements. However, some schema errors may go undetected because, as previously noted, the
router does not validate the request against an XML schema.
In this example, the client application has requested a operation specifying an object
that does not exist at this location in the Border Gateway Protocol (BGP) component
hierarchy. This example illustrates the format and placement of the error attributes.
Note The actual error codes and messages may be different than those shown in the example.
Sample XML Client Request Specifying an Invalid Object Hierarchy
0
3
10
11-124
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 11 Error Reporting in Cisco XML Responses
Types of Reported Errors
Sample XML Response from the Router
0
3
This example also illustrates a schema error. In this case, the client application has requested a
operation specifying a value for the object that is not within the range of valid
values for this item.
Sample XML Request Specifying an Invalid Object Value Range
0
3
6000
11-125
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 11 Error Reporting in Cisco XML Responses
Types of Reported Errors
Sample XML Response from the Router
0
3
Operation Processing Errors
Operation processing errors include errors encountered during the processing of an operation, typically
as a result of committing the target configuration after previous or operations. While
processing an operation, errors are returned from Configuration Manager and the infrastructure, failed
authorization attempts occur, and invalid configuration errors are returned from the back-end Cisco
IOS XR applications.
This example illustrates an operation processing error resulting from a request specifying an
unrecognized iterator ID:
Sample XML Client Request and Processing Error
Sample XML Response from the Router
11-126
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 11 Error Reporting in Cisco XML Responses
Types of Reported Errors
Error Codes and Messages
The error codes and messages returned from the router may originate in any one of several components.
The error codes (cerrnos) returned from these layers are 32-bit integer values. In general, for a given
error condition, the error message returned in the XML is the same as the error message displayed on
the CLI.C H A P T E R
12-127
Cisco IOS XR XML API Guide
OL-24657-01
12
Summary of Cisco XML API Configuration Tags
Table 12-1 provides the CLI to XML application programming interface (API) tag mapping for the
router target configuration.
Table 12-1 CLI Command or Operation to XML Tag Mapping
CLI Command or Operation XML Tag
To end, abort, or exit
1
(from top
config mode)
2
clear
show config with
show config running with
show config merge with
show config failed with followed by with
configure exclusive
3
4
To change the selected config with
To delete the selected config with
commit best-effort
commit
show config failed with
show commit changes commitid with
show commit changes since commitid with
rollback configuration to commitid with
rollback configuration last number with
show rollback changes to commitid with
show rollback changes last number with 12-128
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 12 Summary of Cisco XML API Configuration Tags
show rollback points
show configuration sessions
1. These CLI operations end the configuration session and unlock the running configuration session if it is locked.
2. This XML tag releases the lock on a running configuration but does not end the configuration session.
3. This CLI command starts a new configuration session and locks the running configuration.
4. This XML tag locks the running configuration from a configuration session that is already in progress.
Table 12-1 CLI Command or Operation to XML Tag Mapping (continued)
CLI Command or Operation XML TagC H A P T E R
13-129
Cisco IOS XR XML API Guide
OL-24657-01
13
XML Transport and Event Notifications
This chapter contains these sections:
TTY-Based Transports, page 13-129
Dedicated Connection Based Transports, page 13-131
SSL Dedicated Connection based Transports, page 13-133
TTY-Based Transports
These sections describe how to use the TTY-based transports:
Enabling the TTY XML Agent, page 13-129
Enabling a Session from a Client, page 13-130
Sending XML Requests and Receiving Responses, page 13-130
Configuring Idle Session Timeout, page 13-132
Ending a Session, page 13-130
Errors That Result in No XML Response Being Produced, page 13-131
Enabling the TTY XML Agent
To enable the TTY agent on the router, which is ready to handle incoming XML sessions over Telnet
and Secured Shell (SSH), enter the xml agent tty command, as shown in this example:
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# xml agent tty
RP/0/RP0/CPU0:router(config)# commit
RP/0/RP0/CPU0:router(config)# exit
For more information about the xml agent tty command, see Cisco IOS XR System Management
Configuration Guide.
TTY (SSH) agent is telnet based, so IPv6 addressing is supported.13-130
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 13 XML Transport and Event Notifications
TTY-Based Transports
Enabling a Session from a Client
To enable a session from a remote client, invoke SSH or Telnet to establish a connection with the
management port on the router. When prompted by the transport protocol, enter a valid username and
password. After you have successfully logged on, enter xml at the router prompt to be in XML mode.
A maximum of 50 XML sessions total can be started over a dedicated port, TTY, SSH, and Secure
Sockets Layer (SSL) dedicated port.
Note You should use, if configured, either the management port or any of the external interfaces rather than
a connection to the console or auxiliary port. The management port can have a significantly higher
bandwidth and offer better performance.
Sending XML Requests and Receiving Responses
To send an XML request, write the request to the Telnet/SSH session. The session can be used
interactively; for example, typing or pasting the XML at the XML> prompt from a window.
Note The XML request must be followed by a new-line character; for example, press Return, before the
request is processed.
Any responses, either synchronous or asynchronous, are also displayed in the session window. The end
of a synchronous response is always represented with and asynchronous responses (for
example), notifications, end with .
The client application is single threaded in the context of one session and sends requests synchronously;
for example, requests must not be sent until the response to the previous request is received.
Configuring Idle Session Timeout
When a session times out, the resource from that session is reclaimed. By default, XML agents do not
have an idle session timeout.
To configure the idle session timeout in minutes for the XML agents, use this command:
xml agent [tty | ssl] session timeout <1-1440>
Ending a Session
If you are using a session interactively from a terminal window, you can close the window. To manually
exit the session, at the prompt:
1. Enter the exit command to end XML mode.
2. Enter the exit command to end the Telnet/SSH session.13-131
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 13 XML Transport and Event Notifications
Dedicated Connection Based Transports
Errors That Result in No XML Response Being Produced
If the XML infrastructure is unable to return an XML response, the TTY agent returns an error code and
message in the this format:
ERROR: 0x%x %s\n
Dedicated Connection Based Transports
These sections describe how to use the dedicated connection-based transports:
Enabling the Dedicated XML Agent, page 13-131
Enabling a Session from a Client, page 13-132
Sending XML Requests and Receiving Responses, page 13-132
Configuring Idle Session Timeout, page 13-132
Ending a Session, page 13-132
Errors That Result in No XML Response Being Produced, page 13-132
Enabling the Dedicated XML Agent
To enable the dedicated agent on the router, which is ready to handle incoming XML sessions over a
dedicated TCP port (38751), enter the xml agent command, as shown in the following example:
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# xml agent
RP/0/RP0/CPU0:router(config)# aaa authorization exec default local
RP/0/RP0/CPU0:router(config)# commit
RP/0/RP0/CPU0:router(config)# exit
For more information about the xml agent command, see Cisco IOS XR System Management
Configuration Guide.
The default addressing protocol for the XML dedicated agent is
IPv4 enabled
IPv6 disabled
To configure a dedicated agent to receive and send messages through IPv6 protocol:
xml agent ipv6 enable
To configure dedicated agent to disable IPv4 protocol
xml agent ipv4 disable
To receive and send messages only through IPv6 protocol:
xml agent ipv4 disable
xml agent ipv6 enable13-132
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 13 XML Transport and Event Notifications
Dedicated Connection Based Transports
Enabling a Session from a Client
To enable a session from a remote client, establish a TCP connection with the dedicated port (38751) on
the router. When prompted, enter a valid username and password. After you have successfully logged
on, the session is in XML mode and is ready to receive XML requests.
A maximum of 50 XML sessions total can be started over dedicated port, TTY, SSH, and SSL dedicated
port.
Sending XML Requests and Receiving Responses
To send an XML request, write the request to the established session. The session can be used
interactively; for example, typing or pasting the XML at the XML> prompt from a window.
Note The XML request must be followed by a new-line character; for example, press Return, before the
request is processed.
Any responses, either synchronous or asynchronous, are also displayed in the session window. The end
of a synchronous response is always represented with and asynchronous responses (for
example), notifications, end with .
The client application is single threaded in the context of one session and sends requests synchronously;
for example, requests must not be sent until the response to the previous request is received.
Configuring Idle Session Timeout
When a session times out, the resource from that session is reclaimed. By default, XML agents do not
have an idle session timeout.
To configure the idle session timeout in minutes for the XML agents, use this command:
xml agent [tty | ssl] session timeout <1-1440>
Ending a Session
If you are using a session interactively from a terminal window, you can close the window. To manually
exit the session, at the prompt:
1. Enter the exit command to end XML mode.
2. Enter the exit command to end the Telnet/SSH session.
Errors That Result in No XML Response Being Produced
If the XML infrastructure is unable to return an XML response, the TTY agent returns an error code and
message in this format:
ERROR: 0x%x %s\n13-133
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 13 XML Transport and Event Notifications
SSL Dedicated Connection based Transports
SSL Dedicated Connection based Transports
These sections describe how to use the dedicated connection based transports:
Enabling the SSL Dedicated XML Agent, page 13-133
Enabling a Session from a Client, page 13-133
Sending XML Requests and Receiving Responses, page 13-133
Configuring Idle Session Timeout, page 13-134
Ending a Session, page 13-134
Errors That Result in No XML Response Being Produced, page 13-134
Enabling the SSL Dedicated XML Agent
To enable the SSL dedicated agent on the router, which is ready to handle incoming XML sessions over
dedicated TCP port (38752), enter the xml agent command, as shown in this example:
RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# xml agent ssl
RP/0/RP0/CPU0:router(config)# aaa authorization exec default local
RP/0/RP0/CPU0:router(config)# commit
RP/0/RP0/CPU0:router(config)# exit
Note The k9sec package is required to use the SSL agent. The configuration is rejected during a commit when
the k9sec package is not active on the system. When the k9sec package is deactivated after configuring
the SSL agent, the agent is not available.
The SSL dedicated agent uses IPSec, so IPv6 addressing is supported.
Enabling a Session from a Client
To enable a session from a remote client, establish a TCP connection with the dedicated port (38752) on
the router. When prompted, enter a valid username and password. After you have successfully logged
on, the session is in XML mode and is ready to receive XML requests.
A maximum of 50 XML sessions can be started over a dedicated port, TTY, SSH, and a SSL dedicated
port.
Sending XML Requests and Receiving Responses
To send an XML request, write the request to the established session. The session can be used
interactively; for example, typing or pasting the XML at the XML> prompt from a window.
The XML request must be followed by a new-line character. For example, press Return before the
request is processed.
Any responses, either synchronous or asynchronous, are also displayed in the session window. The end
of a synchronous response is always represented with . Asynchronous responses end with
. 13-134
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 13 XML Transport and Event Notifications
SSL Dedicated Connection based Transports
The client application is single threaded in the context of one session and sends requests synchronously.
Requests must not be sent until the response to the previous request is received.
Configuring Idle Session Timeout
When a session times out, the resource from that session is reclaimed. By default, XML agents do not
have an idle session timeout.
To configure the idle session timeout in minutes for the XML agents, use this command:
xml agent [tty | ssl] session timeout <1-1440>
Ending a Session
If you are using a session interactively from a terminal window, you can close the window. To manually
exit the session, at the prompt:
1. Enter the exit command to end XML mode.
2. Enter the exit command to end the Telnet/SSH session.
Errors That Result in No XML Response Being Produced
If the XML infrastructure is unable to return an XML response, the SSL dedicated agent returns an error
code and message in this format:
ERROR: 0x%x %s\n C H A P T E R
14-135
Cisco IOS XR XML API Guide
OL-24657-01
14
Cisco XML Schemas
This chapter contains information about common XML schemas. The structure and allowable content of
the XML request and response instances supported by the Cisco IOS XR XML application programming
interface (API) are documented by means of XML schemas (.xsd files).
The XML schemas are documented using the standard World Wide Web Consortium (W3C) XML
schema language, which provides a much more powerful and flexible mechanism for describing schemas
than can be achieved using Document Type Definitions (DTDs). The set of XML schemas consists of a
small set of common high-level schemas and a larger number of component-specific schemas as
described in this chapter.
For more information on the W3C XML Schema standard, see this URL:
http://www.w3.org/XML/Schema
This chapter contains these sections:
XML Schema Retrieval, page 14-135
Common XML Schemas, page 14-136
Component XML Schemas, page 14-136
XML Schema Retrieval
The XML schemas that belong to the features in a particular package are obtained as a .tar file from
cisco.com. To retrieve the XML schemas, you must:
1. Click this URL to display the Downloads page:
http://tools.cisco.com/support/downloads/go/Redirect.x?mdfid=268437899
Note Select Downloads. Only customer or partner viewers can access the Download Software page.
Guest users will get an error.
2. Select Cisco IOS XR Software.
3. Select IOS XR XML Schemas.
4. Select the XML schema for your platform.
Once untarred, all the XML schema files appear as a flat directory of .xsd files and can be opened with
any XML schema viewing application, such as XMLSpy.14-136
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 14 Cisco XML Schemas
Common XML Schemas
Common XML Schemas
Among the .xsd files that belong to a BASE package are the common Cisco IOS XR XML schemas that
include definitions of the high-level XML request and response instances, operations, and common
datatypes. These common XML schemas are listed:
alarm_operations.xsd
config_services_operations.xsd
cli_operations.xsd
common_datatypes.xsd
xml_api_common.xsd
xml_api_protocol.xsd
native_data_common.xsd
native_data_operations.xsd
Component XML Schemas
In addition to the common XML schemas, component XML schemas (such as native data) are provided
and contain the data model for each feature. There is typically one component XML schema for each
major type of data supported by the componentconfiguration, operational, action, administration
operational, and administration action dataplus any complex data type definitions in the operational
space.
Note Sometimes common schema files exist for a component that contain resources used by the components
other schema files (for example, the data types to be used by both configuration data and operational
data).
You should use only the XML objects that are defined in the XML schema files. You should not use any
unpublished objects that may be shown in the XML returned from the router.
Schema File Organization
There is no hard link from the high-level XML request schemas (namespace_types.xsd) and the
component schemas. Instead, links appear in the component schemas in the form of include elements
that specify the file in which the parent element exists. The name of the component .xsd file also
indicates where in the hierarchy the files contents reside. If the file ends with _cfg.xsd, it appears as a
child of Configuration; if it ends with _if_cfg.xsd, it appears as a child of InterfaceConfiguration,
and so on. In addition, the comment header in each .xsd file names the parent object of each top level
object in the schema.14-137
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 14 Cisco XML Schemas
Component XML Schemas
Schema File Upgrades
If a new version of a schema file becomes available (or has to be uploaded to the router as part of an
upgrade), the new version of the file can replace the old version of the file in a straight swap. All other
files are unaffected. Therefore, if a component is replaced, only the .xsd files pertaining to that
component is replaced.14-138
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 14 Cisco XML Schemas
Component XML SchemasC H A P T E R
15-139
Cisco IOS XR XML API Guide
OL-24657-01
15
Network Configuration Protocol
Network Configuration Protocol (NETCONF) defines an XML-based interface between a network
device and a network management system to provide a mechanism to manage, configure, and monitor a
network device.
In Cisco IOS-XR, NMS applications use defined XML schemas to manage network devices from
multiple vendors. These capabilities are supported from a Cisco IOS XR agent to a client:
TTY NETCONF sessionLogon through telnet and then enter the netconf command.
SSH NETCONF sessionLogon through SSH and then enter the netconf command.
This example shows a message that the agent sends to a client:
urn:ietf:params:netconf:base:1.0
urn:ietf:params:netconf:capability:candidate:1.0
4
These sections about NETCONF are covered:
Starting a NETCONF Session, page 15-139
Ending a NETCONF Agent Session, page 15-140
Starting an SSH NETCONF Session, page 15-140
Ending an SSH NETCONF Agent Session, page 15-141
Configuring a NETCONF agent, page 15-141
Limitations of NETCONF in Cisco IOS XR, page 15-142
Starting a NETCONF Session
To start a NETCONF session, enter the netconf command from the exec prompt (through telnet or SSH).
This example shows how to start a TTY NETCONF agent session:
client(/users/ore)> telnet 1.66.32.82
Trying 1.66.32.82...
Connected to 1.66.32.82.15-140
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 15 Network Configuration Protocol
Ending a NETCONF Agent Session
Escape character is '^]'.
User Access Verification
Username:
Password:
RP/0/1/CPU0:Router# netconf echo format
urn:ietf:params:netconf:base:1.0
urn:ietf:params:netconf:capability:candidate:1.0
4
]]>]]>
When a new session is created, the NETCONF agent immediately sends out a message with
capabilities. At the end of each message transmission, the NETCONF agent sends the EOD marker
]]>]]>
The NETCONF agent does not display a prompt like the XML agent does (XML>).
The NETCONF TTY agent does not echo back the received messages and does not format returning
messages by default. These capabilities can be added by using the echo and format options.
The client is also required to send a message with capabilities.
Ending a NETCONF Agent Session
Unlike the XML agent, the client ends the session by sending a request.
]]>]]>
The agent replies with an tag and then closes the session.
]]>]]>
Starting an SSH NETCONF Session
This example shows how to start an SSH NETCONF agent session:
client(/users/ore)> ssh lab@1.66.32.82
lab@1.66.32.82's password:
RP/0/1/CPU0:gsrb#netconf echo format
15-141
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 15 Network Configuration Protocol
Ending an SSH NETCONF Agent Session
urn:ietf:params:netconf:base:1.0
urn:ietf:params:netconf:capability:candidate:1.0
4
]]>]]>
The client can also directly start a NETCONF session by specifying the netconf command on the ssh
command line:
client(/users/ore)> ssh lab@1.66.32.82 netconf echo format
lab@1.66.32.82's password:
urn:ietf:params:netconf:base:1.0
urn:ietf:params:netconf:capability:candidate:1.0
4
]]>]]>
Ending an SSH NETCONF Agent Session
This example shows how to end an SSH NETCONF agent session:
]]>]]>
The agent replies with an tag and then closes the session.
]]>]]>
Configuring a NETCONF agent
To configure a NETCONF TTY agent, use the netconf agent tty command.
Use the throttle and session timeout parameters as you would with the XML TTY agent.
netconf agent tty
throttle (memory | process-rate)
session timeout
To enable the NETCONF SSH agent, use this command:
ssh server v2
netconf agent tty15-142
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 15 Network Configuration Protocol
Limitations of NETCONF in Cisco IOS XR
Limitations of NETCONF in Cisco IOS XR
This sections identifies the limitations of NETCONF in Cisco IOS XR Software.
Configuration Datastores
Cisco IOS XR supports these configuration datastores:
Cisco IOS XR does not support the configuration datastore.
Configuration Capabilities
Cisco IOS XR supports these configuration capabilities:
Candidate Configuration Capability
urn:ietf:params:netconf:capability:candidate:1.0
Cisco IOS XR does not support these configuration capabilities:
Writable-Running Capability
urn:ietf:params:netconf:capability:writable-running:1.0
Confirmed Commit Capability
urn:ietf:params:netconf:capability:confirmed-commit:1.0
Transport (RFC4741 and RFC4742)
These transport operations are supported:
Connection-oriented operation
Authentication
SSH TransportShell based SSH. IANA-assigned TCP port <830> for NETCONF SSH is not
supported.
Other transport
Subtree Filtering (RFC4741)
NETCONF has these subtree filtering limitations in Cisco IOS XR:
Namespace SelectionFiltering based on specified namespace. This is not supported because Cisco
IOS XR does not publish schema name spaces.
Attribute Match ExpressionsFiltering is done by matching a specified attribute value. This
filtering with the Match attribute can be specified only in Table classes. See this example:
15-143
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 15 Network Configuration Protocol
Limitations of NETCONF in Cisco IOS XR
act
Containment NodesFiltering is done by specifying nodes (classes) that have child nodes (classes).
This filtering is by specifying container classes. See this example:
Selection NodesFiltering is done by specifying leaf nodes. This filtering specifies leaf classes.
See this example:
act
GigabitEthernet0/3/0/1
Content Match NodesFiltering is done by exactly matching the content of a leaf node. This
filtering is done by specifying naming the class value for table classes. See this example:
15-144
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 15 Network Configuration Protocol
Limitations of NETCONF in Cisco IOS XR
act
Loopback0
According to the RFC, a request using an empty content match node should return all
elements of all entries of the table.
For example, for this request, the response should return elements of all the entries of
:
In Cisco IOS XR, this request is not supported and is errored out.
Protocol Operations (RFC4741)
These protocol operations are supported in Cisco IOS XR:
getRoot level query that returns both the entire configuration and state data is not supported
get-config
edit-config
lock
unlock
close-session
commit (by the Candidate Configuration Capability)
discard-change (by the Candidate Configuration Capability) 15-145
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 15 Network Configuration Protocol
Limitations of NETCONF in Cisco IOS XR
Event Notifications (RFC5277)
Event notifications are not supported in Cisco IOS XR.15-146
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 15 Network Configuration Protocol
Limitations of NETCONF in Cisco IOS XRC H A P T E R
16-147
Cisco IOS XR XML API Guide
OL-24657-01
16
Cisco IOS XR Perl Scripting Toolkit
This chapter describes the Cisco IOS XR Perl Scripting Toolkit as an alternative method to existing
router management methods. This method enables the router to be managed by a Perl script running on
a separate machine. Management commands and data are sent to, and from, the router in the form of
XML over either a Telnet or an SSH connection. The well-defined and consistent structure of XML,
which is used for both commands and data, makes it easy to write scripts that can interactively manage
the router, display information returned from the router in the format required, or manage multiple
routers at once.
These sections describe how to use the Cisco IOS XR Perl Scripting Toolkit:
Cisco IOS XR Perl Scripting Toolkit Concepts, page 16-148
Security Implications for the Cisco IOS XR Perl Scripting Toolkit, page 16-148
Prerequisites for Installing the Cisco IOS XR Perl Scripting Toolkit, page 16-148
Installing the Cisco IOS XR Perl Scripting Toolkit, page 16-149
Using the Cisco IOS XR Perl XML API in a Perl Script, page 16-150
Handling Types of Errors for the Cisco IOS XR Perl XML API, page 16-150
Starting a Management Session on a Router, page 16-150
Closing a Management Session on a Router, page 16-152
Sending an XML Request to the Router, page 16-152
Using Response Objects, page 16-153
Using the Error Objects, page 16-154
Using the Configuration Services Methods, page 16-154
Using the Cisco IOS XR Perl Data Object Interface, page 16-157
Cisco IOS XR Perl Notification and Alarm API, page 16-166
Examples of Using the Cisco IOS XR Perl XML API, page 16-17016-148
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 16 Cisco IOS XR Perl Scripting Toolkit
Cisco IOS XR Perl Scripting Toolkit Concepts
Cisco IOS XR Perl Scripting Toolkit Concepts
Table 16-1 describes the toolkit concepts. Some sample scripts are modified and show how to use the
API in your own scripts.
Security Implications for the Cisco IOS XR Perl Scripting Toolkit
Similar to using the CLI over a Telnet or Secured Shell (SSH) connection, all authentication and
authorization are handled by authentication, authorization, and accounting (AAA) on the router. A script
prompts you to enter a password at run time, which ensures that passwords never get stored on the client
machine. Therefore, the security implications for using the toolkit are identical to the CLI over the same
transport.
Prerequisites for Installing the Cisco IOS XR Perl Scripting
Toolkit
To use the toolkit, you must have installed Perl version 5.6 on the client machine that runs UNIX and
Linux. To use the SSH transport option, you must have the SSH client executable installed on the
machine and in your path.
You need to install these specific standard Perl modules to use various functions:
XML::LibXMLThis module is essential for using the Perl XML API and requires that the libxml2
library be installed on the system first. This must be the version that is compatible with the version
of XML::LibXML. The toolkit is tested to work with XML::LibXML version 1.58 and libxml2
version 2.6.6. If you are installing libxml2 from a source, you must apply the included patch file
before compiling.
Term::ReadKey (optional but recommended)This module reads passwords without displaying
them on the screen.
Net::TelnetThis module is needed if you are using the Telnet or SSH transport modules.
If one of the modules is not available in the current version, you are warned during the installation
process. Before installing the toolkit, you should install the current versions of the modules. You can
obtain all modules from this location: http://www.cpan.org/
Table 16-1 List of Concepts for the IOS XR Perl Scripting Toolkit
Concept Definition
Cisco IOS XR Perl XML API Consists of the core of the toolkit and provides the ability to create
management sessions, send management requests, and receive
responses by using Perl objects and methods.
Cisco IOS XR Perl Data Object
API
Allows management requests to be sent and responses received
entirely using Perl objects and data structures without any
knowledge of the underlying XML.
Cisco IOS XR Perl
Notification/Alarm API
Allows a script to register for notifications (for example, alarms),
on a management session and receive the notifications
asynchronously as Perl objects.16-149
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 16 Cisco IOS XR Perl Scripting Toolkit
Installing the Cisco IOS XR Perl Scripting Toolkit
These modules are not necessary for using the API, but are required to run some sample scripts:
XML::LibXSLTThis module is needed for the sample scripts that use XSLT to produce HTML
pages. The module also requires that the libxslt library be installed on the system first. The toolkit
is tested to work with XML::LibXSLT version 1.57 and libxslt version 1.1.3.
Mail::SendThis module is needed only for the notifications sample script.
Installing the Cisco IOS XR Perl Scripting Toolkit
The Cisco IOS XR Perl Scripting Toolkit is distributed in a file named:
Cisco-IOS_XR-Perl-Scripting-Toolkit-.tar.gz.
To install the Cisco IOS XR Perl Scripting Toolkit, perform these steps:
Step 1 Extract the contents from the directory in which the file resides by entering this command:
tar -f Cisco-IOS_XR-Perl-Scripting-Toolkit-.tar.gz -xzC
Table 16-2 defines the parameters.
Step 2 Use the cd command to change to the toolkit installation directory and enter this command:
perl Makefile.PL
If the command gives a warning that one of the prerequisite modules is not found, download and install
the applicable module from the Comprehensive Perl Archive Network (CPAN) before using the API.
Step 3 Use the make command to maintain a set of programs, as shown in this example:
make
Step 4 Use the make install command, as shown in this example:
make install
Ensure that you have the applicable permission requirements for the installation. You may need to have
root privileges.
If you do not encounter any errors, the toolkit is installed successfully. The Perl modules are copied into
the appropriate directory, and you can use your own Perl scripts.
Table 16-2 Toolkit Installation Directory Parameters
Parameter Description
Defines the version of the toolkit to install, for example, version 1.0.
Specifies the existing directory in which to create the toolkit installation directory. A
directory called Cisco-IOS_XR-Perl-Scripting-Toolkit- is created within the
directory along with the extracted contents.16-150
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 16 Cisco IOS XR Perl Scripting Toolkit
Using the Cisco IOS XR Perl XML API in a Perl Script
Using the Cisco IOS XR Perl XML API in a Perl Script
To use the Cisco IOS XR Perl XML API in a Perl application, import the module by including this
statement at the top of the script:
use Cisco::IOS_XR;
If you are using the Data Object interface, you can specify extra import options in the statement. For
more information about the objects, see the Creating Data Objects section on page 16-159.
Handling Types of Errors for the Cisco IOS XR Perl XML API
These types of errors can occur when using the Cisco IOS XR Perl XML API:
Errors returned from the routerSpecify that the errors are produced during the processing of an
XML request and are returned to you in an XML response document. For more information about
how these errors are handled, see the Using the Error Objects section on page 16-154.
Errors produced within the Perl XML API modulesSpecify that the script cannot continue. The
module causes the script to be terminated with the appropriate error message. If the script writer
wants the script to handle these error types, the writer must write the die handlers (for example,
enclose the call to the API function within an eval{} block).
Starting a Management Session on a Router
Before any requests are sent, a management session must be started on the router, which is done by
creating a new object of type named Cisco::IOS_XR. The new object is used for all further requests
during the session, and the session is ended when the object is destroyed. A Cisco::IOS_XR object is
created by calling Cisco::IOS_XR::new.
Table 16-3 lists the optional parameters specified as arguments.
Table 16-3 Argument Definitions
Name Description
use_command_line Controls whether or not the new() method parses the command-line options
given when the script was invoked. If the value of the argument is true, which
is the default, the command-line options specify or override any of the
subsequent arguments and control debug and logging options. The value of 0
defines the value as false.
interactive If the value of the argument is true, the script prompts you for the username
and password if they have not been specified either in the script or on the
command line. The Term::ReadKey module must be installed.
The most secure way of using the toolkit is not to have the input echoed to
the screen, which avoids hard coding or any record of passwords being used.
The default value is false, which means that the script does not ask for user
input. As a command-line option, the interactive argument does not take any
arguments. You can specify -interactive to turn on the interactive mode.16-151
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 16 Cisco IOS XR Perl Scripting Toolkit
Starting a Management Session on a Router
This example shows the arguments given using the standard Perl hash notation:
use Cisco::IOS_XR;
my $session = new Cisco::IOS_XR(transport => 'telnet',
host => 'router1',
port => 7000,
username => 'john',
password => 'smith',
connection_timeout => 3);
Alternatively, the arguments can be specified in a file. For example:
The contents of /usrs/trice/perlxml.cfg:
[myrouter]
transport = telnet
host = router1
username = john
password = smith
connection_timeout = 3
In the script, the file and profile name are specified:
use Cisco : : IOS_XR;
my $session = new Cisco: :IOS_XR(config_file =>
/usrs/trice/perlxml.cfg,
profile => myrouter);
transport Means by which the Perl application should connect to the router, which
defaults to Telnet. If a different value is specified, the new() method searches
for a package called Cisco::IOS_XR::Transport::. If found,
the Perl application uses that package to connect to the router.
ssh_version If the chosen transport option is SSH and the SSH executable on your system
supports SSH v2, specifies which version of SSH you want to use for the
connection. The valid values are 1 and 2. If the SSH executable supports only
version 1, an error is caused by specifying the ssh_version argument.
host Specifies the name or IP address of the router to connect. The router console
or auxiliary ports should not be used because they are likely to cause
problems for the script when logging in and offer significantly lower
performance than a management port.
port Specifies the TCP port for the connection. The default value depends on the
transport being used.
username Specifies the username to log in to the router.
password Specifies the corresponding password.
connection_timeout Specifies the timeout value that is used to connect and log in to the session.
If not specified, the default value is 5 seconds.
response_timeout Specifies the timeout value that is used when waiting for a response to an
XML request. If not specified, the default value is 10 seconds.
prompt Specifies the prompt that is displayed on the router after a successful log in.
The default is #.
Table 16-3 Argument Definitions (continued)
Name Description16-152
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 16 Cisco IOS XR Perl Scripting Toolkit
Closing a Management Session on a Router
Table 16-4 describes the additional command-line options that can be specified.
To use the command-line options when invoking a script, use the -option value (assuming the option
has a value). The option name does not need to be given in full, but must be long enough to be
distinguished from other options. This is displayed:
perl my_script.pl -host my_router -user john -interactive -debug xml
Closing a Management Session on a Router
When an object of type Cisco::IOS_XR is created, the transport connection to the router and any
associated resources on the router are maintained until the object is destroyed and automatically cleaned.
For most scripts, the process should occur automatically when the script ends.
To close a particular session during the course of the script, use the close() method. You can perform
an operation on a large set of routers sequentially, and not keep all sessions open for the duration of the
script, as displayed in this example:
my $session1 = new Cisco::IOS_XR(host => router1, ...);
#do some stuff
$session1->close;
my $session2 = new Cisco::IOS_XR(host => router2, ...);
# do some stuff
...
Sending an XML Request to the Router
Requests and responses pass between the client and router in the form of XML. Depending on whether
the XML is stored in a string or file, you can construct an XML request that is sent to the router using
either the send_req or send_req_file method. Some requests are sent without specifying any XML by
using the configuration services methods; for example, commit and lock or the Data Object interface.
This example shows how to send an XML request in the form of a string:
my $xml_req_string = ...;
my $response = $session->send_req($xml_req_string);
This example shows how to send a request stored in a file:
my $response = $session->send_req_file('request.xml');
Table 16-4 Command-Line Options
Name Description
debug Turns on the specified debug type and can be repeated to turn on more
than one type.
logging Turns on the specified logging type and can be repeated to turn on more
than one type.
log_file Specifies the name of the log file to use.
telnet_input_log Specifies the file used for the Telnet input log, if you are using Telnet.
telnet_dump_log Specifies the file used for the Telnet dump log, if you are using Telnet.16-153
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 16 Cisco IOS XR Perl Scripting Toolkit
Using Response Objects
Using Response Objects
Both of the send_req and send_req_file methods return a Cisco::IOS_XR::Response object, which
contains the XML response returned by the router.
Note Both send methods handle iterators in the background; so if a response consists of many parts, the
response object returned is the result of merging them back together.
Retrieving the Response XML as a String
This example shows how to use the to_string method:
$xml_response_string = $response->to_string;
Writing the Response XML Directly to a File
This example shows how to use the write_file method by specifying the name of the file to be written:
$response->write_file('response.xml');
Retrieving the Data Object Model Tree Representation of the Response
This example shows how to retrieve a Data Object Model (DOM) tree representation for the response:
my $document = $response->get_dom_tree;
You should be familiar with the DOM, which an XML document is represented in an object tree
structure. For more information, see this URL:
http://www.w3.org/DOM/
Note The returned DOM tree type will be of type XML::LibXML::Document, because this is the form in
which the response is held internally. The method is quick, because it does not perform extra parsing
and should be used in preference to retrieving the string form of the XML and parsing it again (unless a
different DOM library is used).
Determining if an Error Occurred While Processing a Request
This example shows how to determine whether an error has occurred while processing a request:
my $error = $response->get_error;
if (defined($error)) {
die $error;
}
Use the get_error method to return one error from the response. This returns an error object that
represents the first error found or is undefined if none are found.
Retrieving a List of All Errors Found in the Response XML
This example shows how to list all errors that occur, rather than just one, by using the get_errors method:
my @errors = $response->get_errors;
The get_errors method returns an array of error objects that represents all errors that were found in the
response XML. For more information, see the Using the Error Objects section on page 16-154.16-154
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 16 Cisco IOS XR Perl Scripting Toolkit
Using the Error Objects
Using the Error Objects
Error objects are returned when calling the get_error and get_errors methods on a response object, and
are used to represent an error encountered in an XML response. Table 16-5 lists the methods for the
object.
Using the Configuration Services Methods
Methods are provided to enable the standard configuration services operations to be performed without
knowledge of the underlying XML. These are the operations that are usually performed at the start or
end of a configuration session, such as locking the running configuration or saving the configuration to
a file.
Committing the Target Configuration
The config_commit() function takes these optional arguments:
mode
label
comment
Replace
KeepFailedConfig
IgnoreOtherSessions
Confirmed
This example shows how to use the config_commit function:
$response = $session->config_commit(Label => 'Example1', Comment => 'Just an example');
A response object is returned from which any errors can be extracted, if desired. To retrieve the commit
ID that was assigned to the commit upon success, you can call the get_commit_id() method on the
response object, as shown in this example:
$commit_id = $response->get_commit_id();
Table 16-5 List of Methods for the Object
Method Description
get_message Returns the error message string that was found in the XML.
get_code Returns the corresponding error code.
get_element Returns the tag name of the XML element in which the error was found.
get_dom_node Returns a reference to the element node in the response DOM1
tree.
1. DOM = Data Object Model.
to_string Returns a string that contains the error message, code, and element name. If the error
object is used in a scalar context, the method is used automatically to convert it to a
string. This example displays all information in an error:
Error encountered in object ConfederationPeerASTable: 'XMLMDA' detected
the 'warning' condition 'The XML request does not conform to the schema.
A child element of the element on which this error appears includes a
non-existent naming, filter, or value element. Please check the request
against the schema.' Error code: 0x4368a00016-155
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 16 Cisco IOS XR Perl Scripting Toolkit
Using the Configuration Services Methods
Locking and Unlocking the Running Configuration
This example shows how to use the config_lock and config_unlock functions, which takes no arguments:
$error = $session->config_lock;
$error = $session->config_unlock;
Loading a Configuration from a File
This example shows how to contain a filename as an argument:
$error = $session->config_load(Filename => 'test_config.cfg');
Loading a Failed Configuration
This example shows how to use the config_load_failed function, which takes no arguments:
$error = $session->config_load_failed;
Saving a Configuration to a File
This example shows how to use two arguments for the config_save() function:
$error = $session->config_save(Filename => 'disk0:/my_config.cfg, Overwrite => 'true');
The first argument shows how to use the filename to which to write and the Boolean overwrite setting.
The filename must be given with a full path. The second argument is optional.
Clearing the Target Configuration
This example shows how to use the config_clear function, which takes no arguments:
$error = $session->config_clear;
Getting a List of Recent Configuration Events
This example shows how to use the config_get_history function that uses the optional arguments
Maximum, EventType, Reverse, and Detail:
$response = $session->config_get_history(EventType => All, Maximum =>10, Detail =>
true);
It returns a Response object, on which the method get entries can be called.
Getting a List of Recent Configuration Commits That Can Be Rolled Back
This example shows how to use the config_get_commitlist function that uses the optional arguments
Maximum and Detail:
$response = $session->config_get_commitlist (Maximum => 10, Detail => true);
It returns a Response object, on which the method get entries can be called. This returns an array of Entry
objects, on which the method get key can be called to retrieve the CommitID, and get data to retrieve
the rest of the fields.16-156
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 16 Cisco IOS XR Perl Scripting Toolkit
Using the Configuration Services Methods
Loading Changes Associated with a Set of Commits
This example shows how to use the config_load_commit_changes function to load into the target
configuration the changes that were made during one or more commits, and it uses one of three possible
arguments: ForCommitID, SinceCommitID, or Previous:
$error = $session ->config_load_commit_changes (ForCommitID => 1000000072);
#Loads the changes that were made in commit 1000000072
$error = $session ->config_load_commit_changes (SinceCommitID => 1000000072);
#Loads the changes made in commits 1000000072, 1000000073...up to latest
$error = $session ->config_load_commit_changes (Previous => 4);
#Loads the changes made in the last 4 commits
Rolling Back to a Previous Configuration
This example shows how to use the config_rollback() function that uses the optional arguments Label
and Comment, and exactly one of the two arguments CommitID or Previous or takes only
TrialConfiguration:
$error = $session->config_rollback(Label => Rollback test, CommitID => 1000000072);
Loading Changes Associated with Rolling Back Configuration
This example shows how to use the config_load_rollback_changes function to load into the target
configuration the changes that would be made if you were to roll back one or more commits. The
function uses one of three arguments: ForCommitID, ToCommitID and Previous. For example:
$error = $session->config_load_rollback_changes (ForCommitID => 1000000072)
# Loads the changes that would be made to rollback commit 1000000072
$error = $session->config_load_rollback_changes (ToCommitID => 1000000072);
# Loads the changes that would be made to rollback all commits up to and including commit
1000000072
Getting a List of Current Configuration Sessions
This example shows how to use the config_get_sessions function that uses the optional argument Detail
to return detailed information about configuration sessions. For example:
$response = $session->config_get_sessions (Detail => true);
It returns a response object in which the method get_entries can be called. This returns an array of entry
objects in which the method get_key can be called to retrieve the session ID, and get_data method to
retrieve the rest of the fields.
Clearing Configuration Session
This example shows how to use config_clear_session function that accepts a configuration session ID
SessionID as argument and clears that configuration session:
$error=$session->config_clear_sessions (SessionID => 00000000-000a00c9-00000000);Sending
a Command-Line Interface Configuration Command
This example shows how to use the config_cli() function, which takes a string argument containing the
CLI format configuration that you want to apply to the router:
$response = $session->config_cli($cli_command);
To retrieve the textual CLI response from the response object returned, use the get_cli_response()
method, as shown in this example:
$response_text = $response->get_cli_response();16-157
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 16 Cisco IOS XR Perl Scripting Toolkit
Using the Cisco IOS XR Perl Data Object Interface
Note Apart from the config_commit, config_get_history, config_get_commitlist, config_get_sessions and
config_cli methods, each of the other methods return a reference to an error object if an error occurs or
is undefined. For more information, see the Using the Error Objects section on page 16-154.
Using the Cisco IOS XR Perl Data Object Interface
Instead of having to specify the XML requests explicitly, the interface allows access to management data
using a Perl notation. The Data Object interface is a Perl representation of the management data
hierarchy stored on the router. It consists of objects of type Cisco::IOS_XR::Data, which corresponds to
items in the IOS_XR management data hierarchy, and a set of methods for performing data operations
on them.
To use the Data Object interface, knowledge of the underlying management data hierarchy is required.
The management data on an Cisco IOS XR router are under one of six root objects, namely
Configuration, Operational, Action, AdminConfiguration, AdminOperational, and AdminAction. The
objects that lie below these objects in the hierarchy, along with definitions of any datatypes or filters that
are used by them, are documented in the Perl Data Object Documentation.
A hash structure is defined to be a scalar (that is, basic) type; for example, string or number, a reference
to a hash whose values are hash structures, or a reference to an array whose values are hash structures.
This standard Perl data structure corresponds naturally to the structure of management data on an Cisco
IOS XR router. This example shows how to use a hash structure:
# basic type
my $struct1 = john;
# reference to a hash of basic types
my $struct2 = {Forename => $struct1, Surname => smith};
# reference to an array of basic types
my $struct3 = (dog, budgie, cat);
# reference to a hash of references and basic types
my $struct4 = {Name => $struct2, Age => 30, Pets => $struct3};
These sections describe how to use the Perl Data Object Documentation:
Understanding the Perl Data Object Documentation, page 16-158
Generating the Perl Data Object Documentation, page 16-158
Creating Data Objects, page 16-159
Specifying the Schema Version to Use When Creating a Data Object, page 16-161
Using Data Operation Methods on a Data Object, page 16-161
Using the Batching API, page 16-164
Displaying Data and Keys Returned by the Data Operation Methods, page 16-165
Specifying the Session to Use for the Data Operation Methods, page 16-16616-158
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 16 Cisco IOS XR Perl Scripting Toolkit
Using the Cisco IOS XR Perl Data Object Interface
Understanding the Perl Data Object Documentation
The Perl Data Object Documentation consists of many files, each containing a subtree of the total
management data hierarchy. The main part of each filename tells you the area of management data to
which that file refers, and the suffix usually tells you below which root object that files data lies. For
example, a file containing configuration data usually ends in _cfg.html. Some files may not contain any
object definitions, but just some datatypes or filter definitions and usually end in _common.html.
For leaf objects, the object definition describes the data that the object contains. For nonleaf objects, the
definition provides a list of the objects children within the tree. More precisely, the object definition
consists of these items:
Name of the object.
Brief description of what data is contained in the object or in the subtree below.
List of the required task IDs that are required to access the data in the object and subtree.
List of parent objects and the files in which they are defined, if the object is the top-level object in
that file.
If the object is a leaf object (for example, data is contained without child objects), and its name is
not unique within that file, parent objects are listed.
If the object is a table entry, a list of the keys that are needed to identify a particular item in that
table. For each key, a name, description, and datatype are given.
If the object is a table, a list of the filters that can be applied to that table.
If the object is a leaf object, a list of the value items that are contained. For each value item, a name,
description, and datatype are given.
If the object is a leaf object, its default value (for example, the values for each of its value items that
would be assumed if the object did not exist), if there is one.
List of the data operation methods, get_data, set_data, and so forth that are applicable to the object.
For more information, see the Specifying the Schema Version to Use When Creating a Data
Object section on page 16-161
Generating the Perl Data Object Documentation
The Perl Data Object Documentation must be generated from the schema distribution tar file
All-schemas-CRS-1-release.tar.gz, where release is the release of the Cisco IOS XR software that
you have installed on the router.
To generate the Perl Data Object Documentation:
Step 1 From the perl subdirectory under the extracted contents of the previously mentioned Schema tarball,
copy all *.dat files into the toolkit installation directory
Cisco-IOS_XR-Perl-Scripting-Toolkit-version/dat (default) or a selected directory for the .dat files.
These .dat files are the XML files that are used to generate the HTML documentation.
Step 2 From the perl subdirectory under the extracted contents of the previously mentioned Schema tarball,
copy all the *.html files into the toolkit installation directory
Cisco-IOS_XR-Perl-Scripting-Toolkit-version/html(default) or a selected directory for the .html.
(The default .html subdirectory already contains two files that were extracted with the toolkit
distribution: root_objects.html and common_datatypes.html. These files are automatically copied to the
selected .html directory, if a non-default directory is selected, upon performing this step).16-159
Cisco IOS XR XML API Guide
OL-24657-01
Chapter 16 Cisco IOS XR Perl Scripting Toolkit
Using the Cisco IOS XR Perl Data Object Interface
Step 3 Run the script generate_html_documentation.pl, which is available in the distribution
Cisco-IOS_XR-Perl-Scripting-Toolkit-version/scripts directory, giving the appropriate directories for
the .dat and .html files, when prompted.
Step 4 If the script fails, indicating any error .dat files, evaluate the .dat file to confirm that it is not of 0 size
and that it has a header as in this example:
home traffic, as effected by the
! following:
access-list natexmpt-inside extended permit ip any 192.168.2.0 255.255.255.0
access-list natexmpt-home extended permit ip any 192.168.1.0 255.255.255.0
nat (inside) 0 access-list natexmpt-inside
nat (home) 0 access-list natexmpt-home
http server enable
http 192.168.1.0 255.255.255.0 inside
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd auto_config outside
dhcpd enable inside
logging asdm informational
ssh 192.168.1.0 255.255.255.0 insideB-35
Cisco Security Appliance Command Line Configuration Guide
OL-10088-02
Appendix B Sample Configurations
Example 15: ASA 5505 Security Plus License with Failover and Dual-ISP Backup
Example 15: ASA 5505 Security Plus License with Failover and
Dual-ISP Backup
This configuration creates five VLANs: inside, outside, dmz, backup-isp and faillink (see Figure B-13).
Figure B-14 Example 15
See the following sections for the configurations for this scenario:
Example 15: Primary Unit Configuration
Example 15: Secondary Unit Configuration
Example 15: Primary Unit Configuration
passwd g00fba11
enable password gen1u$
ASA 5505
with Security Plus
License
Failover
ASA 5505
VLAN 4
Backup ISP
VLAN 2
Primary ISP
VLAN 3
DMZ
VLAN 5: Failover Link
Host Host Printer
Web Server
192.168.2.2
Host
192.168.1.1/24 192.168.1.2/24
mary: 209.165.200.224/27
ackup: 209.165.202.128/27
Primary: 209.165.200.225/27
Backup: 209.165.202.129/27
153836
Switch
VLAN 1
InsideB-36
Cisco Security Appliance Command Line Configuration Guide
OL-10088-02
Appendix B Sample Configurations
Example 15: ASA 5505 Security Plus License with Failover and Dual-ISP Backup
hostname Buster
asdm image disk0:/asdm.bin
boot system disk0:/image.bin
interface vlan 2
description Primary ISP interface
nameif outside
security-level 0
ip address 209.165.200.224 standby 209.165.200.225
backup interface vlan 4
no shutdown
interface vlan 1
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
no shutdown
interface vlan 3
nameif dmz
security-level 50
ip address 192.168.2.1 255.255.255.0
no shutdown
interface vlan 4
description Backup ISP interface
nameif backup-isp
security-level 0
ip address 209.168.202.128 standby 209.168.202.129
no shutdown
interface vlan 5
description LAN Failover Interface
interface ethernet 0/0
switchport access vlan 2
no shutdown
interface ethernet 0/1
switchport access vlan 4
no shutdown
interface ethernet 0/2
switchport access vlan 1
no shutdown
interface ethernet 0/3
switchport access vlan 3
no shutdown
interface ethernet 0/4
switchport access vlan 5
no shutdown
failover
failover lan unit primary
failover lan interface faillink vlan5
failover lan faillink vlan5
failover polltime unit 3 holdtime 10
failover key key1
failover interface ip faillink 10.1.1.1 255.255.255.0 standby 10.1.1.2
nat (inside) 1 0 0
nat (home) 1 0 0
global (outside) 1 interface
! The previous NAT statements match all addresses on inside and home, so you need to
! also perform NAT when hosts access the inside or home networks (as well as the outside).
! Or you can exempt hosts from NAT for inside <--> home traffic, as effected by the
! following:
access-list natexmpt-inside extended permit ip any 192.168.2.0 255.255.255.0
access-list natexmpt-home extended permit ip any 192.168.1.0 255.255.255.0
nat (inside) 0 access-list natexmpt-inside
nat (home) 0 access-list natexmpt-home
sla monitor 123
type echo protocol ipIcmpEcho 209.165.200.234 interface outside
num-packets 2B-37
Cisco Security Appliance Command Line Configuration Guide
OL-10088-02
Appendix B Sample Configurations
Example 16: Network Traffic Diversion
frequency 5
sla monitor schedule 123 life forever start-time now
track 1 rtr 123 reachability
route outside 0 0 209.165.200.234 1 track 1
! This route is for the primary ISP.
route backup-isp 0 0 209.165.202.154 2
! If the link goes down for the primary ISP, either due to a hardware failure
! or unplugged cable, then this route will be used.
http server enable
http 192.168.1.0 255.255.255.0 inside
dhcpd address 192.168.1.2-192.168.1.254 inside
dhcpd auto_config outside
dhcpd enable inside
logging asdm informational
ssh 192.168.1.0 255.255.255.0 inside
Example 15: Secondary Unit Configuration
You only need to configure the secondary security appliance to recognize the failover link. The
secondary security appliance obtains the context configurations from the primary security appliance
upon booting or when failover is first enabled.
interface ethernet 0/4
switchport access vlan 5
no shutdown
failover
failover lan unit secondary
failover lan interface faillink vlan5
failover polltime unit 3 holdtime 10
failover key key1
failover interface ip faillink 10.1.1.1 255.255.255.0 standby 10.1.1.2
Example 16: Network Traffic Diversion
The following configuration example shows the ASA 5500 series adaptive security appliance with
Version 7.2.1 software and the AIP SSM module with IPS software 5.1.1.
Network traffic that traverses the adaptive security appliance includes internal users who access the
Internet, Internet users who access resources protected by an adaptive security appliance in a
demilitarized zone (DMZ), or in an inside network. Network traffic sent to and from the adaptive security
appliance is not sent to the IPS module for inspection. Examples of traffic not sent to the IPS module
include pinging (through ICMP) of the adaptive security appliance interfaces or Telnetting to the
adaptive security appliance.
The required configuration components for the ASA 5510 adaptive security appliance include interfaces,
access lists, network address translation (NAT), and routing. The required configuration components for
the AIP SSM include the network setup, allowed hosts, interface configuration, signature definitions,
and event action rules.
To obtain more information about the commands used in this section, use the Command Lookup Tool
(for registered customers only). B-38
Cisco Security Appliance Command Line Configuration Guide
OL-10088-02
Appendix B Sample Configurations
Example 16: Network Traffic Diversion
Note The IP addressing schemes used in this configuration are not legally routable on the Internet. These
schemes are RFC 1918 addresses that have been used in a test environment.
Figure B-15 shows the network diagram for this configuration example.
Figure B-15 Network Diagram
Figure B-16 on page B-39 and Figure B-17 on page B-41 show the initial configurations for the ASA
5510 adaptive security appliance and AIP SSM.
.254
.254
.254
191027
209.165.200.225
Outside network
209.165.200.224/27
Inside network
10.2.2.0/24
10.2.2.200
Security Appliance
with AIP SSM
DMZ network
192.168.1.0/24
192.168.1.50B-39
Cisco Security Appliance Command Line Configuration Guide
OL-10088-02
Appendix B Sample Configurations
Example 16: Network Traffic Diversion
Figure B-16 Configuration for the ASA 5510 Adaptive Security Appliance
asdm image disk0:/asdm521.bin
no asdm history enable
arp timeout 14400B-40
Cisco Security Appliance Command Line Configuration Guide
OL-10088-02
Appendix B Sample Configurations
Example 16: Network Traffic Diversion
!--- Translation rules are added.
global (outside) 1 172.16.1.100
global (dmz) 1 192.168.1.100
nat (inside) 1 10.2.2.0 255.255.255.0
static (dmz,outside) 172.16.1.50 192.168.1.50 netmask 255.255.255.255
static (inside,dmz) 10.2.2.200 10.2.2.200 netmask 255.255.255.255
!--- Access lists are applied to the interfaces.
access-group acl_outside_in in interface outside
access-group acl_inside_in in interface inside
access-group acl_dmz_in in interface dmz
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout uauth 0:05:00 absolute
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
telnet timeout 5
ssh timeout 5
console timeout 0
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
!--- Out-of-the-box default configuration includes
!--- policy-map global_policy.
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
!
service-policy global_policy global
!--- Out-of-the-box default configuration includes
!--- the service-policy global_policy applied globally.
prompt hostname context
.
: endB-41
Cisco Security Appliance Command Line Configuration Guide
OL-10088-02
Appendix B Sample Configurations
Example 16: Network Traffic Diversion
Figure B-17 Configuration for the AIP SSM
exit
! ------------------------------
service logger
exit
! ------------------------------B-42
Cisco Security Appliance Command Line Configuration Guide
OL-10088-02
Appendix B Sample Configurations
Example 16: Network Traffic Diversion
service network-access
exit
! ------------------------------
service notification
exit
! ------------------------------
service signature-definition sig0
!--- The signature is modified from the default setting for testing purposes.
signatures 2000 0
alert-severity high
engine atomic-ip
event-action produce-alert|produce-verbose-alert
exit
alert-frequency
summary-mode fire-all
summary-key AxBx
exit
exit
status
enabled true
exit
exit
!--- The signature is modified from the default setting for testing purposes.
signatures 2004 0
alert-severity high
engine atomic-ip
event-action produce-alert|produce-verbose-alert
exit
alert-frequency
summary-mode fire-all
summary-key AxBx
exit
exit
status
enabled true
exit
exit
!--- The custom signature is added for testing purposes.
signatures 60000 0
alert-severity high
sig-fidelity-rating 75
sig-description
sig-name Telnet Command Authorization Failure
sig-string-info Command authorization failed
sig-comment signature triggers string command authorization failed
exit
engine atomic-ip
specify-l4-protocol yes
l4-protocol tcp
no tcp-flags
no tcp-mask
exit
specify-payload-inspection yes
regex-string Command authorization failed
exit
exit
exitB-43
Cisco Security Appliance Command Line Configuration Guide
OL-10088-02
Appendix B Sample Configurations
Example 16: Network Traffic Diversion
exit
exit
! ------------------------------
service ssh-known-hosts
exit
! ------------------------------
service trusted-certificates
exit
! ------------------------------
service web-server
enable-tls true
exit
onionlabaip#
Inspecting All Traffic with the AIP SSM
This configuration meets the requirement to monitor all traffic. In addition, you must make two decisions
about how the ASA 5510 and AIP SSM interact.
Is the AIP SSM module to be deployed in promiscuous or inline mode?
Promiscuous mode means that a copy of the data is sent to the AIP SSM while the ASA 5510
forwards the original data to the destination. The AIP SSM in promiscuous mode can be considered
as an intrusion detection system (IDS). In this mode, the trigger packet that causes the alarm can
still reach the destination. Shunning can occur and stop additional packets from reaching the
destination; however, the trigger packet is not stopped.
Inline mode means that the ASA 5510 forwards the data to the AIP SSM for inspection. If the data
passes AIP SSM inspection, the data returns to the ASA 5510 in order to continue being processed
and sent to the destination. The AIP SSM in inline mode can be considered to be an intrusion
prevention system (IPS). Unlike promiscuous mode, an inline mode IPS can actually stop the trigger
packet from reaching the destination.
If the ASA 5510 cannot communicate with the AIP SSM, how should the adaptive security appliance
handle traffic for inspection?
Examples of instances when the ASA 5510 cannot communicate with the AIP SSM include AIP
SSM reloads or whether the module fails and needs replacement. In this case, the adaptive security
appliance can fail-open or fail-closed.
Fail-open allows the adaptive security appliance to continue to pass traffic for inspection to the final
destination if the AIP SSM cannot be reached. Fail-closed blocks traffic for inspection when the
adaptive security appliance cannot communicate with the AIP SSM.
Note Define the traffic for inspection with an access list. In the following example, the access list permits all
IP traffic from any source to any destination. Therefore, traffic for inspection can be anything that passes
through the adaptive security appliance.
ciscoasa(config)#access-list traffic_for_ips permit ip any any
ciscoasa(config)#class-map ips_class_map
ciscoasa(config-cmap)#match access-list traffic_for_ips
!--- The match any
!--- command can be used in place of the match access-list [access-list name]
!--- command. In this example, access-list traffic_for_ips permits
!--- all traffic. The match any command alsoB-44
Cisco Security Appliance Command Line Configuration Guide
OL-10088-02
Appendix B Sample Configurations
Example 16: Network Traffic Diversion
!--- permits all traffic. You can use either configuration.
!--- When you define an access-list, it can ease troubleshooting.
ciscoasa(config)#policy-map global_policy
!--- Note that policy-map global_policy is a part of the
!--- default configuration. In addition, policy-map global_policy is applied
!--- globally using the service-policy command.
ciscoasa(config-pmap)#class ips_class_map
ciscoasa(config-pmap-c)#ips inline fail-open
!--- Two decisions need to be made.
!--- First, does the AIP-SSM function
!--- in inline or promiscuous mode?
!--- Second, does the ASA fail-open or fail-closed?
Inspecting Specific Traffic with the AIP SSM
If you want the AIP SSM to monitor a subset of all traffic, you can modify two independent variables on
the adaptive security appliance:
You can write the access list to include or exclude the necessary traffic.
You can apply a service policy to an interface or globally.
The network diagram in Figure B-15 shows the AIP SSM inspecting all traffic between the outside
network and the DMZ network, as shown in the following example:
ciscoasa#configure terminal
ciscoasa(config)#access-list traffic_for_ips deny ip 10.2.2.0 255.255.255.0 192.168.1.0
255.255.255.0
ciscoasa(config)#access-list traffic_for_ips permit ip any 192.168.1.0 255.255.255.0
ciscoasa(config)#access-list traffic_for_ips deny ip 192.168.1.0 255.255.255.0 10.2.2.0
255.255.255.0
ciscoasa(config)#access-list traffic_for_ips permit ip 192.168.1.0 255.255.255.0 any
ciscoasa(config)#class-map ips_class_map
ciscoasa(config-cmap)#match access-list traffic_for_ips
ciscoasa(config)#policy-map interface_policy
ciscoasa(config-pmap)#class ips_class_map
ciscoasa(config-pmap-c)#ips inline fail-open
ciscoasa(config)#service-policy interface_policy interface dmz
!--- The access-list denies traffic from the inside network to the DMZ network
!--- and traffic to the inside network from the DMZ network.
!--- In addition, the service-policy command is applied to the DMZ interface.
The following example shows how to configure the AIP SSM to monitor traffic from the inside network
to the outside network, but exclude the inside network to the DMZ network.
Note You must have an intermediate understanding of statefulness, TCP, UDP, ICMP, connection, and
connectionless communications to understand the following example.
ciscoasa#configure terminal
ciscoasa(config)#access-list traffic_for_ips deny ip 10.2.2.0 255.255.255.0
192.168.1.0 255.255.255.0
ciscoasa(config)#access-list traffic_for_ips permit ip 10.2.2.0
255.255.255.0 any
ciscoasa(config)#class-map ips_class_map B-45
Cisco Security Appliance Command Line Configuration Guide
OL-10088-02
Appendix B Sample Configurations
Example 16: Network Traffic Diversion
ciscoasa(config-cmap)#match access-list traffic_for_ips
ciscoasa(config)#policy-map interface_policy
ciscoasa(config-pmap)#class ips_class_map
ciscoasa(config-pmap-c)#ips inline fail-open
ciscoasa(config)#service-policy interface_policy interface inside
The access list denies traffic initiated on the inside network destined for the DMZ network. The second
access list line permits or sends traffic initiated on the inside network destined for the outside network
to the AIP SSM. At this point the statefulness of the adaptive security appliance comes into play.
For example, an internal user initiates a TCP connection (Telnet) to a device on the outside network
(router). The user successfully connects to the router and logs in, then issues a router command that is
not authorized. The router responds with the message, Command authorizaton failed. The data packet
that contains the message, Command authorization failed has the outside router as the source and the
inside user as the destination. The source (outside) and destination (inside) do not match the access lists
previously defined. The adaptive security appliance keeps track of stateful connections. As a result, the
returning data packet (outside to inside) is sent to the AIP SSM for inspection. Custom signature 60000
0 (configured on the AIP SSM) alarms.
Note By default, the adaptive security appliance does not maintain state for the ICMP traffic. In the previous
example, the internal user pings (ICMP echo request) the outside router. The router responds with an
ICMP echo-reply. The AIP SSM inspects the echo request packet, but not the echo-reply packet. If ICMP
inspection is enabled on the adaptive security appliance, both the echo request and echo-reply packets
are inspected by the AIP SSM.
Verifying the Recording of Alert Events
To verify that alert events are recorded in the AIP SSM, perform the following steps:
Step 1 Log into the AIP SSM with the administrator user account.
Note The output varies according to signature settings, the type of traffic sent to the AIP SSM, and network
load.
The Output Interpreter Tool (OIT), for registered customers only, supports certain show commands. Use
the OIT to view an analysis of show command output. This tools is one of a set of support tools, available
at http://www.cisco.com/public/support/tac/tools.shtml.
Step 2 Enter the show events alert command.
The following output appears.
evIdsAlert: eventId=1156198930427770356 severity=high vendor=Cisco
originator:
hostId: onionlabaip
appName: sensorApp
appInstanceId: 345
time: 2006/08/24 18:52:57 2006/08/24 13:52:57 UTC
signature: description=Telnet Command Authorization Failure id=60000 version=custom
subsigId: 0
sigDetails: Command authorization failed
interfaceGroup:
vlan: 0
participants: B-46
Cisco Security Appliance Command Line Configuration Guide
OL-10088-02
Appendix B Sample Configurations
Example 16: Network Traffic Diversion
attacker:
addr: locality=OUT 172.16.1.200
port: 23
target:
addr: locality=IN 10.2.2.200
port: 33189
riskRatingValue: 75
interface: ge0_1
protocol: tcp
evIdsAlert: eventId=1156205750427770078 severity=high vendor=Cisco
originator:
hostId: onionlabaip
appName: sensorApp
appInstanceId: 345
time: 2006/08/24 19:46:08 2006/08/24 14:46:08 UTC
signature: description=ICMP Echo Request id=2004 version=S1
subsigId: 0
interfaceGroup:
vlan: 0
participants:
attacker:
addr: locality=OUT 172.16.1.200
target:
addr: locality=DMZ 192.168.1.50
triggerPacket:
000000 00 16 C7 9F 74 8C 00 15 2B 95 F9 5E 08 00 45 00 ....t...+..^..E.
000010 00 3C 2A 57 00 00 FF 01 21 B7 AC 10 01 C8 C0 A8 .<*W....!.......
000020 01 32 08 00 F5 DA 11 24 00 00 00 01 02 03 04 05 .2.....$........
000030 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 ................
000040 16 17 18 19 1A 1B 1C 1D 1E 1F ..........
riskRatingValue: 100
interface: ge0_1
protocol: icmp
evIdsAlert: eventId=1156205750427770079 severity=high vendor=Cisco originator:
hostId: onionlabaip
appName: sensorApp
appInstanceId: 345
time: 2006/08/24 19:46:08 2006/08/24 14:46:08 UTC
signature: description=ICMP Echo Reply id=2000 version=S1
subsigId: 0
interfaceGroup:
vlan: 0
participants:
attacker:
addr: locality=DMZ 192.168.1.50
target:
addr: locality=OUT 172.16.1.200
triggerPacket:
000000 00 16 C7 9F 74 8E 00 03 E3 02 6A 21 08 00 45 00 ....t.....j!..E.
000010 00 3C 2A 57 00 00 FF 01 36 4F AC 10 01 32 AC 10 .<*W....6O...2..
000020 01 C8 00 00 FD DA 11 24 00 00 00 01 02 03 04 05 .......$........
000030 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 ................
000040 16 17 18 19 1A 1B 1C 1D 1E 1F ..........
riskRatingValue: 100
interface: ge0_1
protocol: icmpB-47
Cisco Security Appliance Command Line Configuration Guide
OL-10088-02
Appendix B Sample Configurations
Example 16: Network Traffic Diversion
In these configurations, several IPS signatures are tuned to alarm on test traffic. Signatures 2000 and
2004 are modified. Custom signature 60000 is added. In a network where little data passes through the
adaptive security appliance, you may need to modify signatures in order to trigger events. If the adaptive
security appliance and AIP SSM are deployed in an environment that passes a large amount of traffic,
the default signature settings will probably generate an event.
Troubleshooting the Configuration
To troubleshoot your configuration, perform the following steps:
The OIT (for registered customers only) supports certain show commands. Use the OIT to view an
analysis of show command output.
Step 1 From the ASA 5510, enter these show commands:
a. show moduleShows information about the SSM on the adaptive security appliance as well
as system information.
ciscoasa#show module
Mod Card Type Model Serial No.
--- -------------------------------------------- ------------------ -----------
0 ASA 5510 Adaptive Security Appliance ASA5510 JMX1016K0RN
1 ASA 5500 Series Security Services Module-10 ASA-SSM-10 JAB101502A6
Mod MAC Address Range Hw Version Fw Version Sw Version
--- --------------------------------- ------------ ------------ ---------------
0 0016.c79f.748c to 0016.c79f.7490 1.1 1.0(10)0 7.2(1)
1 0016.c79f.7567 to 0016.c79f.7567 1.0 1.0(10)0 5.1(1)S205.0
Mod SSM Application Name Status SSM Application Version
--- ------------------------------ ---------------- --------------------------
1 IPS Up 5.1(1)S205.0
Mod Status Data Plane Status Compatibility
--- ------------------ --------------------- -------------
0 Up Sys Not Applicable
1 Up Up
!--- Each of the areas highlighted indicate that
!--- the ASA recognizes the AIP-SSM and the AIP-SSM status is up.
b. show runShows the current running configuration on the adaptive security appliance.
ciscoasa#show run
!--- Output is suppressed.
access-list traffic_for_ips extended permit ip any any
...
class-map ips_class_map
match access-list traffic_for_ips
...
policy-map global_policy
...
class ips_class_map
ips inline fail-open
...
service-policy global_policy global
Download the complete book (PDF - 6 MB)