Guest

Cisco IOS Software Releases 12.0 S

Universal Transport Interface (UTI)

  • Viewing Options

  • PDF (442.4 KB)
  • Feedback
Universal Transport Interface (UTI)

Table Of Contents

Universal Transport Interface (UTI)

Feature Overview

UTI Operation in 7000, 10700, and 12000 Series Routers

Tunnel Cards in 12000 Series Internet Routers

Frame Relay Subinterface Support

VLAN Subinterface Support

UTI Header Description

UTI Keepalive

Benefits

Restrictions

Line Cards for UTI Interfaces

Line Cards for UTI Frame Relay Subinterfaces

Line Cards for UTI VLAN Subinterfaces

General Limitations

Limitations Specific to 12000 Series Internet Routers

Frame Relay Subinterface Restrictions

UTI VLAN Subinterface Restrictions

Related Documents

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Define a Loopback Address

Define the Tunnel

Configure the Interface for UTI Operation

Configure Routing

Configure the Tunnel Card (12000 Series Internet Routers Only)

Verify the Route to the Tunnel Destination End Point

Display Statistics for an Interface

Configuration Examples

Configuration Examples for the 7200, 7500, and 10700 Series Routers

Define the Loopback Address

Define the Tunnel

Configure the Interface for UTI

Configure the VLAN subinterface for UTI on a 10700 Router

Configure the TLS for VLAN subinterface for UTI on a 10700 Router

Configure Routing

Configuration Examples for 12000 Series Internet Routers

Define the Loopback Address

Define the Tunnel

Configure the Interface for UTI

Configure Routing

Configure the Tunnel Card

Command Reference

hw-module slot <x> mode server

tunnel mode uti raw

tunnel uti high-key

tunnel uti keepalive old

tunnel uti local-session

tunnel uti remote-session

uti-tunnel Tunnelnumber

Glossary


Universal Transport Interface (UTI)


Feature History

Release
Modification

12.0(18)S

This feature was introduced.

12.0(19)S

Support was added for Frame Relay point-to-point subinterfaces.

Support was added for Ingress Encapsulation and Egress Decapsulation (facing the customer network site) in the following line cards:

1 port Gigabit Ethernet (Engine 1)
3 port Gigabit Ethernet (Engine 2)

12.0(19)SP

This feature was introduced on Cisco 10720 Internet routers.

Support for UTI VLANs was added to Cisco 10720 Internet routers.

12.0(20)SP

Support for UTI VLAN Rewrite was added to Cisco 10720 Internet routers.

12.0(21)S

Support for UTI VLANs was added to Cisco 12000 series Internet routers.

Support for Ingress Encapsulation and Egress Decapsulation facing the customer network site was added for the following Engine 0 line cards:

2 port STM-1/OC-3 Channelized E1/T1 (Engine 0)
6 port Channelized T3 (Engine 0)
6 port DS3
12 port DS3
6 port E3
12 port E3

12.0(21)SP

Support for UTI VLAN rewrite was added to Cisco 10720 Internet routers.

Support for UTI keepalive was added for UTI tunnels configured between a Cisco 10720 Internet router and a Cisco 7000 series or Cisco 12000 series Internet router.



Note The UTI functionality in IOS Release 12.0(18)S is not supported in the 12.0(18)ST release. However, in IOS Release 12.0(19)S and later, all UTI functionality supported in the S train is also supported in the ST train.


This feature module describes the Universal Transport Interface (UTI) and includes the following sections:

Feature Overview

Supported Platforms

Supported Standards, MIBs, and RFCs

Prerequisites

Configuration Tasks

Configuration Examples

Command Reference

Glossary

Feature Overview

The Universal Transport Interface (UTI) feature allows a pair of routers connected via an IP network to provide high-speed transparent Layer 2 connectivity between a pair of interfaces. This functionality can be used to build Layer 2 Virtual Private Networks (VPNs) or to support legacy network migration. UTI tunnels are available with the basic IP package. Frame Relay subinterfaces are supported with Cisco IOS release 12.0(19)S or later.

This section includes information on the following topics:

UTI Operation in 7000, 10700, and 12000 Series Routers

Tunnel Cards in 12000 Series Internet Routers

Frame Relay Subinterface Support

UTI Header Description

UTI Keepalive

UTI Operation in 7000, 10700, and 12000 Series Routers

This document discusses session-based UTI, wherein all traffic between two customer network sites is encapsulated in an IP packet and sent across an IP network. The internal routers of the IP network treat the traffic as any other IP packet and do not need to know anything about the customer networks. This process is known as Layer 2 tunnelling and is represented in Figure 1.

Figure 1 UTI Operation

In Figure 1, Routers R1 and R2 provide UTI services. These routers communicate with each other using the IP protocol through a path comprising the interface int2, the IP network, and interface int3.

In this example, routers R3 and R4 communicate through Packet Over SONET (POS) or Ethernet interfaces using a UTI tunnel. The UTI tunnel tu1is configured between interface int1 on R1 and interface int4 on R2. Any packet arriving on interface int1 on R1 is encapsulated in UTI and sent via the tunnel (tu1) to R2. R2 decapsulates the packet and transmits it on interface int4 to R4. When R4 needs to send a packet to R3, the packet follows the same path in reverse.

Please note the following regarding UTI operation:

All packets received on interface int1 will be forwarded to R4. R3 and R4 cannot see the intervening network.

LAN1 and R1 must be connected via a gateway router (not directly connected). This requirement also applies LAN2 and R2.

In 12000 series Internet routers, the other LAN ports on the card that are not being used for UTI must have a router connected to them: when Content-Addressable Memory (CAM) assisted MAC filtering is turned OFF to allow UTI to work, it is turned OFF on all ports.

This same method is used for Ethernet interfaces: any packet received from LAN1 by R1 on Ethernet interface e1 will be encapsulated in UTI and sent via tunnel tu2 to R2 interface e2 where it will be transmitted on LAN2.

This same method is used for Frame Relay subinterfaces: any packet received from LAN1 by R1 on subinterface will be encapsulated in UTI and sent via tunnel to R2 subinterface where it will be transmitted on LAN2.

In 10720 Internet routers, subinterfaces (VLAN) on an Ethernet interface can be mapped to a UTI tunnel.

Tunnel Cards in 12000 Series Internet Routers

Cisco 12000 series Internet routers require additional tunnel cards for UTI operation. Tunnel cards are not used with 7200, 7500, and 10700 series routers.

Figure 2 UTI Packet Handling Using Tunnel Cards


Note The arrows in Figure 2 represent the flow and direction of a packet in one direction. The actual traffic in the tunnel can flow in either direction.


Actions on the Encapsulation Router

In Figure 2, traffic from the customer network on site 1 is sent to an ingress interface on the provider network edge router. When the interface is configured for UTI tunnelling, all arriving packets are forwarded to the tunnel card. The tunnel card encapsulates the packet with an encapsulation header containing the IP and UTI header information.

The encapsulated packet is then sent to the appropriate egress card, which sends the packet to the IP network as a normal IP packet.

Actions on the Tunnel Decapsulation Router

When an encapsulated UTI packet arrives at the tunnel card, the packet is checked for a valid session ID and a matching UTI key. If any of the two are not correct, the packet is silently dropped (the user is not notified). If the session ID and UTI key are correct, the tunnel card decapsulates the packet (by removing the IP+UTI header) and sends the packet to the egress card. The egress card then sends the packet to the customer network. It does not add a new Layer 2 header (the Layer 2 header is carried from the origin of the tunnel).


Note If the tunnel card receives non-UTI packets (other IP/ICMP packets such as ping "loopback address"), the packets are sent to the line card CPU and to the Route Processor.


Frame Relay Subinterface Support

UTI is supported on Frame Relay point-to-point subinterfaces in the 12000, 7200 and 7500 routers with Cisco IOS release 12.0(19)S or later.

See the following sections for additional information on the features and configuration of subinterfaces:

Feature Overview for descriptions of UTI architecture and operation.

Line Cards for UTI Frame Relay Subinterfaces for specific information on the cards supported.

Frame Relay Subinterface Restrictions for important details on subinterface support.

Configuration Tasks for instruction on configuring UTI in Frame Relay subinterfaces.

Line Card Support for Frame Relay Subinterfaces

UTI is supported on Frame Relay subinterfaces in Engine 0 and Engine 2 line cards only.

Engine 0 Support

Frame Relay subinterfaces on Engine 0 line cards now support three modes of operation: UTI, DLCI switching and IP termination. All three modes can be configured on a single physical port at the same time.

Engine 2 Support

Frame Relay subinterfaces on Engine 2 line cards now support three modes of operation: UTI, DLCI switching and IP termination. However, all three modes can not be configured on a single physical port at the same time.

Table 1 shows the possible combinations of Frame Relay modes that can be configured on the subinterfaces of a single physical port in Engine 2 line cards.

Table 1 Frame Relay Subinterface Modes Supported on Engine 2 Line Cards

UTI-Frame Relay Enabled on the port
DLCI switching supported on the port
Frame Relay/IP Termination supported on the port

X

 

X

 

X

X (slow path)


VLAN Subinterface Support

The UTI VLAN feature extends UTI-Raw tunneling to VLANs for Cisco 10700 and 12000 series Internet routers. This feature allows you to configure a UTI tunnel and bind it to an 802.1Q VLAN subinterface provisioned on an Ethernet port in the router.

For example, in Figure 1, you can configure UTI VLAN subinterfaces on routers R1 and R2. Traffic coming from each VLAN subinterface is transparently tunneled across the IP network to the other end of the tunnel. The UTI tunnel transports 802.1Q ARPA, 802.1Q SAP, and 802.1Q SNAP encapsulated Ethernet frames between the two customer VLAN segments.

On Cisco 10700 series Internet routers with 802.1Q VLAN subinterfaces configured, if you apply a UTI tunnel to the main interface, all 802.1Q VLANs are transparently tunneled across the IP network, resulting in a complete Transparent LAN Services solution.

In Cisco 12000 series Internet routers, UTI VLAN is implemented with a tunnel card. For information about how a tunnel card supports UTI tunneling and encapsulates/decapsulates packets, see Tunnel Cards in 12000 Series Internet Routers.

Cisco 10720 Internet routers with Cisco IOS 12.0(19)SP or later support VLAN-to-UTI mapping on 24-port Fast Ethernet (FE) line cards.

Cisco 10720 Internet routers with Cisco IOS 12.0(20)SP or later support UTI VLAN Rewrite for VLAN ID translation at each end of the tunnel.

Cisco 12000 series Internet routers with Cisco IOS 12.0(21)S or later support UTI on VLAN point-to-point subinterfaces. UTI VLAN is supported on 802.1Q subinterfaces only on 8pFE, 1pGE, and 3pGE line cards.

See the following sections for additional information on the features and configuration of UTI VLAN subinterfaces:

Feature Overview for descriptions of UTI architecture and operation.

Line Cards for UTI VLAN Subinterfaces for specific information on the cards supported.

UTI VLAN Subinterface Restrictions for important details on subinterface support.

Configuration Tasks for instruction on configuring UTI on 802.1Q VLAN subinterfaces.

UTI Header Description

Each UTI packet contains a UTI header that includes a unique tunnel ID representing one tunnel.

The UTI tunnel ID and the UTI session ID are assigned via the Command Line Interface (CLI). Refer to Configuration Tasks for more information on the CLI commands for UTI.

The format of a UTI header is represented in Figure 3.

Figure 3 UTI Session Format

UTI tunnel ID (32 bit field)

UTI tunnel key (64 bit field)


UTI Tunnel ID

The tunnel ID identifies the tunnel context on the decapsulating system. The value of the tunnel ID is selected to optimize the context identification efficiency of the decapsulating system. A decapsulation implementation may therefore elect to support a smaller tunnel identifier bit field. In this implementation this was achieved by setting an upper value for the UTI tunnel identifier of 1023. The UTI Tunnel Identifier value 0 is reserved for use by the protocol.


Note This tunnel ID must be unique on the decapsulating system and is restricted to the least significant 10 bits.


UTI Tunnel Key

The tunnel key is an 8-octet signature that is shared between the two end-points of a UTI tunnel. This tunnel key reduces the chance that contamination of the decapsulated traffic will occur due to error in configuration. This signature is configured at both the source and destination routers and must match or the data will be dropped. The value of the tunnel key should be chosen for maximum opacity.

UTI Keepalive

The keepalive feature is implemented as a request/response mechanism between the interfaces at each end of a UTI tunnel. The keepalive function periodically monitors the status of the UTI tunnel and informs the user about the tunnel status and the reason for any failure.

The keepalive signal is very useful to rapidly detect interface failures. Use the keepalive command to better monitor and maintain UTI tunnel configurations.

If one of the endpoints of a UTI tunnel is a Cisco 10720 Internet Router and the other end is a Cisco 7000 series or Cisco 12000 series router, you must also use the tunnel uti keepalive old command to ensure 10720 and non-10720 interoperability.

Benefits

UTI allows provides a simple to integrate Layer 2 VPN model for both internal and external use. This enables:

The ability to transport non-IP traffic over an IP backbone.

Routing isolation between the service provider and the customer networks.

Operational simplicity.

When configuring UTI on a 10720 Internet router, you can also configure Quality of Service (QoS) parameters, such as:

Police, rate limit, or packet marking on inbound traffic flowing into the UTI tunnel (encapsulating system).

Output queuing or packet marking on outbound traffic flowing out of the UTI tunnel (decapsulating system) to provide differentiated services.

Restrictions

This section contains information on the following:

Line Cards for UTI Interfaces

Line Cards for UTI Frame Relay Subinterfaces

Line Cards for UTI VLAN Subinterfaces

Limitations Specific to 12000 Series Internet Routers

Frame Relay Subinterface Restrictions

UTI VLAN Subinterface Restrictions

Line Cards for UTI Interfaces

This section specifies the line cards that provide interface support for UTI tunnels. For information on the line cards that support subinterfaces, see Line Cards for UTI Frame Relay Subinterfaces.

UTI Interface Support for Line Cards facing the Customer Network Site (Ingress Encapsulation and Egress Decapsulation)

The line cards in Table 2 are used for the interfaces that face the customer network site. These cards provide interface support for UTI tunnels in the 12000 series Internet routers.

Table 2 Interface Support in Line Cards facing the Customer Network Site

Line Card
Engine 0
Engine 1
Engine 2

4 port OC-3 POS

Supported

   

8 port OC-3 POS

   

Supported

16 port OC-3 POS

   

Supported

1 port OC-12 POS

Supported

   

4 port OC-12 POS

   

Supported

8 port Fast Ethernet

 

Supported

 

1 port Gigabit Ethernet

 

Supported*

 

3 port Gigabit Ethernet

   

Supported*

2 port Channelized OC-3/STM-1 (DS1/E1)

Supported**

   

6 port Channelized T3

Supported**

   

6 port DS3

Supported**

   

12 port DS3

Supported**

   

6 port E3

Supported**

   

12 port E3

Supported**

   

* Supported with Cisco IOS 12.0(19)S or later
** Supported with Cisco IOS 12.0(21)S or later



Note UTI is not supported on multilink interfaces on 2 port STM-1/OC-3 Channelized E1/T1 and 6 port Channelized T3 line cards.


Interface Support for Line Cards Facing the Backbone (Egress Encapsulation and Ingress Decapsulation)

The line cards in Table 3 are used for the interfaces that face toward the backbone. These line cards provide interface support for UTI tunnels in 12000 series Internet routers.

Table 3 Interface Support in Line Cards Facing the Backbone

Line Card
Engine 0
Engine 1
Engine 2
Engine 4+

4 port OC-3 POS

Supported

     

8 port OC-3 POS

   

Supported

 

16 port OC-3 POS

   

Supported

 

1 port OC-12 POS

Supported

     

4 port OC-12 POS

   

Supported

 

1 port OC-48 POS

   

Supported

 

4 port OC-48 POS

     

Supported*

1 port OC-192 POS

     

Supported*

4 port OC-3 ATM

Supported

     

1 port OC-12 ATM

Supported

     

4 port OC-12 ATM

   

Supported

 

1 port OC-48 DPT

   

Supported

 

* The Engine 4+ version replaces the initial Engine 4 version, which has reached End of Sale (EOS).

4 port OC-48 POS and 1 port OC-192 POS Engine 4 line cards are supported starting in Cisco IOS 12.0(18)S and later releases.

4 port OC-48 POS and 1 port OC-192 POS Engine 4+ line cards are supported starting in Cisco IOS 12.0(21)S and later releases.


Line Cards for UTI Frame Relay Subinterfaces

This section specifies the line cards that support UTI in Frame Relay subinterfaces. For information on the line cards that support regular interfaces, see Line Cards for UTI Interfaces.

Subinterface Support for Line Cards Facing the Customer Network Site (Ingress Encapsulation and Egress Decapsulation)

The line cards in Table 2 are used for the subinterfaces that face the customer network site. These cards provide sub- interface support for UTI tunnels with Cisco IOS 12.0(19)S or later.

Table 4 Subinterface Support for Line Cards facing the Customer Network Site

Line Card
Engine 0
Engine 1
Engine 2

4 port OC-3 POS

Supported*

   

8 port OC-3 POS

   

Supported*

16 port OC-3 POS

   

Supported*

1 port OC-12 POS

Supported*

   

4 port OC-12 POS

   

Supported*

1 port OC-48 POS

   

Supported*

1 port Gigabit Ethernet

 

Supported*

 

3 port Gigabit Ethernet

   

Supported*

2 port STM-1/OC-3 Channelized E1/T1

Supported**

   

6 port Channelized T3

Supported**

   

* Supported with Cisco IOS 12.0(19)S or later
** Supported with Cisco IOS 12.0(21)S or later


Subinterface Support for Line Cards Facing the Backbone (Egress Encapsulation and Ingress Decapsulation)

The line cards in Table 5 are used for the subinterfaces that face toward the backbone. These line cards provide sub- interface support for UTI tunnels with Cisco IOS 12.0(19)S or later.

Table 5 Subinterface Support for Line Cards Facing the Backbone

Line Card
Engine 0
Engine 1
Engine 2

4 port OC-3 POS

Supported

   

8 port OC-3 POS

   

Supported

16 port OC-3 POS

   

Supported

1 port OC-12 POS

Supported

   

4 port OC-12 POS

   

Supported

1 port OC-48 POS

   

Supported

4 port OC-3 ATM

Supported

   

1 port OC-12 ATM

Supported

   

4 port OC-12 ATM

   

Supported

8 port Fast Ethernet

 

Supported

 

1 port Gigabit Ethernet

 

Supported

 

3 port Gigabit Ethernet

   

Supported


Line Cards for UTI VLAN Subinterfaces

This section specifies the line cards that support UTI VLAN subinterfaces in Cisco 12000 series Internet routers. For information on the line cards that support standard UTI interfaces, see Line Cards for UTI Interfaces.

Subinterface Support for Line Cards Facing the Customer Network Site (Ingress Encapsulation and Egress Decapsulation)

The line cards in Table 6 are used for the subinterfaces that face the customer network site. These cards provide sub- interface support for UTI tunnels with Cisco IOS 12.0(21)S or later.

Table 6 describes the additional memory required by each VLAN 802.1Q line card for packet encapsulation at the ingress interface from the customer network.

Table 6 Additional Memory Consumption for Ingress Encapsulation on 802.1Q Line Cards

VLAN 802.1Q Line Card
Additional CPU Memory Allocated
Additional PSA Memory Allocated

8pFE

389 KB

N/A

1pGE

49 KB

N/A

3pGE

146 KB

48 KB in PLU SDRAM
1.5 KB in SSRAM


8pFE 1pGE Line Cards

For 8pFE and 1pGE line cards, when the first UTI tunnel is bound to a VLAN port interface, the software switching vector of the port is reset to use the UTI VLAN forwarding path. If a packet arriving from the customer network is encapsulated in 802.1Q format with a VLAN ID configured for a UTI tunnel, the packet is forwarded by the UTI VLAN forwarding path to the tunnel card.

All other packets are sent on the normal forwarding path if either of the following are true:

The packet is not 802.1Q encapsulated.

The packet is 802.1Q encapsulated but has no UTI tunnel bound to its VLAN ID.

When UTI VLAN is configured on 8pFE and 1pGE line cards, no significant change takes place in the rate of large packet forwarding.

When the last UTI VLAN tunnel is unbound from a port, the switching vector is restored to the normal forwarding path. There is no further performance impact.

3pGE Line Cards

Before a 3pGE line card is configured for UTI VLAN, packets are forwarded as shown in Table 7.

Table 7 Packet Forwarding on 3pGE Line Cards without UTI VLAN

Port Header Compression
Type of Packet Received
Forwarding Path

L2 Encapsulation

L3 Packet

Header Compressed

On

ARPA
SNAP
SAP
802.1Q ARPA
802.1Q SNAP
802.1Q SAP

IP unicast

Yes

Fast

IP multicast

Yes

Slow

MPLS unicast

Yes

Fast

MPLS unicast

Yes

Slow

Others

No

Slow


After a 3pGE line card is configured for UTI VLAN, packets are forwarded as shown in Table 8.

Table 8 Packet Forwarding on 3pGE Line Cards with UTI VLAN

UTI Active on Port
Port Header Compression
UTI Type
Type of Packet Received
Forwarding Path

L2 Encapsulation

VLAN ID UTI bound

Yes

Off

UTI-Raw for port

All

N/A

Fast

UTI VLAN

ARPA
SNAP
SAP

N/A

Slow

802.1Q ARPA
802.1Q SNAP
802.1Q SAP

Yes

Fast

No

Slow for 802.1Q ARPA

Slow for 802.1Q SAP/SNAP

No

On

Refer to the entries in Table 7.


General Limitations

The number of tunnels is limited logically to 1023.

Management Information Base (MIB) is not supported.

Maximum Transmission Unit (MTU):

The size of IP packets flowing through the IP backbone network is:
20 bytes (IP header) + 12 bytes (UTI header) + x bytes (UTI payload that consists of the complete L2 frame, including the L2 header), where x is one of the following values:

802.1Q ARPA = 18
Ethernet ARPA = 14
Frame Relay = 4
HDLC = 4

The MTU of any link in the IP backbone must therefore be equal to or greater than the IP packet size on the pseudo-wire which is 32 + x bytes, where x is one of the L2 frame values described in the preceding paragraph.

On Cisco 10700 series Internet routers, a new CLI command allows you to configure the MTU to a maximum of 2000 bytes on Fast Ethernet interfaces that act as UTI backbone interfaces.

ISIS configurations may not work with UTI.

For customer networks that use ISIS, the ISIS administrator specifies a guaranteed MTU that can successfully propagate through the network. As a result, the ISIS protocol packs link state information into units of the guaranteed size. If packets cannot traverse the network, ISIS recognizes the link as being unavailable and routes around it.

With respect to UTI, when the encapsulation header is added to the default ISIS packet size of 1492 bytes, the resulting packet size may exceed the MTU of certain networks (or segments) along the backbone. As specified in the previous bulleted item, the backbone MTU must be greater than the MTU on the pseudo-wire. Any packet with a combined size (UTI and L2 headers) that exceeds the backbone MTU will be dropped. For example, if one of the backbone segments is Ethernet (with an MTU of 1500 bytes), and the default ISIS packet size is used, the ISIS/UTI configuration would fail. The packets would not be able to traverse the tunnel and ISIS would recognize the link as being unavailable.

The only workaround is to use the pseudo-wire MTU as the MTU for ISIS packets in the ISIS network.

Limitations Specific to 12000 Series Internet Routers

This section describes the restrictions that apply only to 12000 series Internet routers.

General Limitations

Using loopback addresses assigned to UTI tunnels as destinations for routing protocols is not recommended: this will consume bandwidth on the tunnel card installed in a 12000 series Internet router.

Tunnel Card Support

UTI on 12000 series Internet routers requires a tunnel card. This tunnel card must be an Engine 2 OC-48 POS card. Tunnel cards are not required with on 7200, 7500, and 10700 series routers.

The tunnel card does not run any features.

The tunnel card does not support tag forwarding.

The interface port on the tunnel card is automatically set to loopback internal. Removing this loopback will result in all the tunnels getting dropped.

Feature Support on non-UTI Ports of an Ingress UTI Card

Table 9 summarizes the features supported or not supported on the non-UTI ports of an ingress UTI line card. Please review the comments below for additional descriptions of these restrictions.

Table 9 Feature Support on non-UTI Ports of an Ingress UTI Card

Feature
Engine 0 and Engine 1
Engine 2

Input ACL

Supported

Not supported

BGP policy accounting

Supported

Not supported

IP Color

Supported

Not supported

PIRC

Not supported

Not supported

Frame Relay switching

Supported

Supported in IOS Release 12.0(20)ST and earlier versions (not supported if input or output ACLs are enabled)

Sampled Netflow

Supported

Supported


Configuring input Access Control Lists (ACLs) on any port on an Engine 2 line card that also has UTI tunnels bound to one or more interfaces will cause the UTI microcode on that line card to be swapped out in favor of the ACL microcode (Table 9).

Features such as MPLS VPN, Per Interface Rate Control (PIRC), input ACL, Border Gateway Protocol (BGP) policy accounting, and IP packet coloring will not be supported on an ingress Engine 2 card on the encapsulating router. Configuring any of these features on any other port on the card will cause the UTI tunnel to be dropped permanently (Table 9).

Frame Relay DLCI switching and Sampled Netflow will be available on the other ports of an ingress Engine 2 card on the encapsulating router. Frame Relay switching is supported on non-UTI ports of Engine 2 line cards only in Cisco IOS Release 12.0(20)ST and earlier versions (Table 9).

The 8-Port Fast Ethernet line card should not be connected to a hub or switch when UTI is configured on the ingress side of one or more ports. This will result in the box being flooded with packets. Because CAM filtering is disabled when UTI enabled, this filter mode is shared by all eight ports and all connected ports will receive packets even if they are not supposed to (see Table 9).

Output ACL Support on a Router with Ingress UTI

If Output ACLs are configured on any line card in the router, the ingress UTI on Engine 2 cards will not be supported (see Table 10).

Table 10 Output ACL Support on the Router with Ingress UTI

Feature
Engine 0 and Engine 1
Engine 2

Output ACL

Supported

Not supported


Frame Relay Subinterface Restrictions

UTI is supported on Frame Relay subinterfaces on Cisco 12000 series Internet routers with Cisco IOS 12.0(19)S or later.

See Line Cards for UTI Frame Relay Subinterfaces for additional information on line card support and restrictions.

If a Frame Relay subinterface is configured for tunneling, it must be mapped to a unique UTI tunnel (Each UTI tunnel must have a 1:1 mapping with a FR sub-interface).

The DLCI at the ingress router must be the same DLCI bound at the egress router.

UTI Frame Relay subinterfaces support 10-bit DLCI addresses. Frame Relay Extended Addressing is not supported.

Multi-point DLCIs are not supported.

If BGP, IPcolor, PIRC, input ACLs or output ACLs are configured on any port in a line card that also contains a Frame Relay UTI port, the UTI port will be disabled.

The Frame Relay subinterfaces are supported on Engine 0 and Engine 2 line cards only. Frame Relay subinterfaces on Engine 2 line cards now support three modes of operation: UTI, DLCI switching and IP termination. However, all three modes can not be configured on a single physical port at the same time. See Line Card Support for Frame Relay Subinterfaces for specific information on the supported line cards.

UTI VLAN Subinterface Restrictions

UTI is supported on 802.1Q VLAN subinterfaces:

On Cisco 10700 series Internet routers with Cisco IOS 12.0(19)SP or later.

On Cisco 12000 series Internet routers with Cisco IOS 12.0(19)S or later.

See Line Cards for UTI VLAN Subinterfaces for additional information on Cisco 12000 line card support and restrictions.

If UTI-Raw is configured for a port interface, you cannot create an 802.1Q (8pFE, 1pGE, or 3pGE) subinterface under the port interface. Therefore, you cannot configure a UTI VLAN tunnel.

If an 802.1Q subinterface (with or without UTI tunnel binding) is configured under a port interface on a Cisco 12000 series Internet router, you cannot bind a UTI tunnel to the port interface. You must first remove the subinterface before you can bind a UTI tunnel.

This restriction does not apply to Cisco 10700 series Internet routers. You can apply a UTI tunnel to a 10700 port interface to provide Transparent LAN Services (TLS) across the IP network.

Certain IP and MPLS packets coming from a port on a Cisco 12000 3pGE line card may be punted to the slow path for forwarding. This can result in a performance degradation and occurs when both of the following two conditions are met:

The port has at least one 802.1Q subinterface that is UTI tunnel bound.

The IP or MPLS packet comes from the port interface itself (in this case it is not 802.1Q encapsulated) or from an 802.1Q subinterface that is under the port interface and has no UTI tunnel bound.

An error message is displayed and a traceback may occur if you do any of the following:

Bind a UTI tunnel to an 802.1Q subinterface.

Delete the 802.1Q subinterface.

Re-create the 802.1Q subinterface.

To avoid the error message, first unbind the UTI tunnel before you delete the subinterface.

Related Documents

General Configuration

Cisco IOS Release 12.0 Configuration Fundamentals Configuration Guide

Cisco IOS Release 12.0 Configuration Fundamentals Command Reference

Internetwork Design Guide: refer to the chapter "Internetworking Design Basics" for information on tunnelling.

Cisco Express Forwarding

Cisco Express Forwarding Overview

Cisco Express Forwarding Commands

Configuring Cisco Express Forwarding

IP Routing and Addressing

Cisco IOS IP and IP Routing Configuration Guide

Cisco IOS Release 12.0 Network Protocols Command Reference, Part 1: refer to the "IP Addressing Commands" chapter for information on IP addressing.

Frame Relay

Frame Relay. Includes a general overview.

Configuring Frame Relay, Release 12.0 for Frame Relay configuration.

Frame Relay Commands, Release 12.0.

Interface Configuration

Cisco IOS Interface Command Reference: for complete descriptions of the logical interface commands.

Configuring Logical Interfaces: this document contains information on configuring tunnels and general descriptions of tunnelling technology.

Supported Platforms

7200 series routers

7500 series routers

10700 series Internet routers

12000 series Internet routers

Determining Platform Support Through Feature Navigator

Cisco IOS software is packaged in feature sets that support specific platforms. To get updated information regarding platform support for this feature, access Feature Navigator. Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.

Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image.

To access Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions at http://www.cisco.com/register.

Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Feature Navigator home page at the following URL:

http://www.cisco.com/go/fn

Supported Standards, MIBs, and RFCs

Standards

No new or modified standards are supported by this feature.

MIBs

No new or modified MIBs are supported by this feature.

To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB web site on Cisco Connection Online (CCO) at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.

RFCs

No new or modified RFCs are supported by this feature.

Prerequisites

UTI tunnels are supported with the basic IP package.

UTI support on the 12000 series Internet Router requires implementation of a tunnel card. The tunnel card must be an Engine 2 OC-48 POS card.

The Layer 2 UTI implementation discussed in this document is supported:

On Cisco 10720 Internet routers with Cisco IOS release 12.0(19)SP or later.

On Cisco 12000 series Internet routers with Cisco IOS release 12.0(18)S or later.

UTI on Frame Relay point-to-point subinterfaces is supported with Cisco IOS 12.0(19)S or later.

UTI VLAN on 802.1Q subinterfaces is supported:

On Cisco 10720 Internet routers with Cisco IOS release 12.0(19)SP or later.

On Cisco 12000 series Internet routers with Cisco IOS release 12.0(21)S or later.

Configuration Tasks

See the following sections for configuration tasks for the Universal Transport Interface feature.

Define a Loopback Address (required)

Define the Tunnel (required)

Configure the Interface for UTI Operation (required)

Configure an Ethernet Interface

Configure a POS Interface

Configure a Frame Relay Subinterface

Configure a VLAN Subinterface

Configure Routing (required)

Configure the Tunnel Card (12000 Series Internet Routers Only) (required for 12000 routers only)

Verify the Route to the Tunnel Destination End Point (required)

Define a Loopback Address

Define a loopback address to act as a reference for decapsulation.

 
Command
Purpose

Step 1 

Router1(config)# interface loopbacknumber

Enters interface loopback configuration mode to configure internal loopback on an interface in Router 1

Step 2 

Router1(config-if)# ip address ip address

Specifies the loopback address for Router 1

Step 3 

Router2(config)# interface loopbacknumber

Enters interface loopback configuration mode to configure internal loopback on an interface in Router 2

Step 4 

Router2(config-if)# ip address ip address

Specifies the loopback address for Router 2

Define the Tunnel

The tunnel must be bound to a physical interface, the source and destinations must be identified, and it must be set in UTI.

To define the tunnel, complete the steps below for both routers.

 
Command
Purpose

Step 1 

Router(config)# interface tunnelnumber

Enters interface configuration mode for the specified tunnel.

Step 2 

Router(config-if)# ip unnumbered type slot/port

Use the IP address of the backbone interface as the tunnel interface address. A backbone interface is an interface on a UTI PE (Provider Edge) router. The backbone interface is the interface that faces the service provider backbone network instead of the customer network.

Step 3 

Router(config-if)# no ip directed-broadcast

Note This command is entered by default on the interface and only needs to be entered if previously changed.

Disables directed broadcast-to-physical broadcast translation on the interface.

Step 4 

Router(config-if)# keepalive period retries

Note On 7000, 10700, and 12000 series routers, this step is optional.

Configures the time period (in seconds) used to send a keepalive request, and the number of times that a keepalive request is sent before the system reports a failure in the UTI tunnel.

Step 5 

Router(config-if)# tunnel source loopbacknumber

Sets the tunnel interface's source address. The source address is the router where the traffic is received from the customer network.

Step 6 

Router(config-if)# tunnel destination address

Specifies the destination for the tunnel interface. The destination address is the router that transfers the packet into the receiving customer network.

Step 7 

Router(config-if)# tunnel mode uti raw

Sets the encapsulation mode for the tunnel interface to UTI.

Step 8 

Router(config-if)# tunnel uti local-session value

Sets the tunnel identifier used to map received UTI packets. The value must be unique to the router and be a number between 1 and 1023. Session identifier values of zero and all "1"s are reserved for future use and can not be used.

The remote end will use this value as the tunnel identifier.

Step 9 

Router(config-if)# tunnel uti remote-session value

Sets the tunnel identifier that will be used in the outgoing UTI packets, and at the remote end to obtain tunnel context. This value must match tunnel local session value at the other end of the tunnel.

The remote UTI session identifier must be unique on the remote router, but may not be unique on the local router.

Step 10 

Router(config-if)# tunnel tos value

Note On 7000, 10700, and 12000 series routers, this step is optional.

Set the whole ToS byte value. Value is a decimal number between 0 and 255 The three most significant bits of the ToS byte are called the IP Precedence bits. Most applications and vendors currently support setting and recognizing these three bits.

Example: To set an IP precedence value of 5 critical, then you would need to set the highest three bits of ToS byte with a binary value of 10100000 (which is equivalent to the decimal value of 160 needed in the command value).

Step 11 

Router(config-if)# tunnel ttl value

Note On 7000, 10700, and 12000 series routers, this step is optional.

Sets the time-to-live (TTL) byte value in the transport IP packet header that carries the encapsulated frame. Value is a number between 1 and 255. The time-to-live (TTL) byte value should be set accordingly to make sure it is larger than the expected network diameter. If the value in the time-to-live (TTL) field of a packet falls to zero, the routers will discard the packet.

Step 12 

Router(config-if)# tunnel key value

Sets the value of the least significant longword in the UTI key field.

The tunnel key and tunnel uti high-key commands set the 64-bit UTI tunnel key. This key must be the same at each end of the tunnel.

Step 13 

Router(config-if)# tunnel uti high-key value

Sets the value of the most significant longword in the UTI key field.

The tunnel key and tunnel uti high-key commands set the 64-bit UTI tunnel key. This key must be the same at each end of the tunnel.

Step 14 

Router(config-if)# tunnel uti keepalive old

Note On 7000, 10700, and 12000 series routers, this step is necessary if one endpoint the tunnel is a 10700 series router and the other end is a 7000 series or 12000 series router.

Enables UTI keepalive on one endpoint of a UTI tunnel. You must also enter this command on the other endpoint of the tunnel to ensure interoperability between Cisco 10720 and non-10720 routers.

Configure the Interface for UTI Operation

Follow the instructions in this section to configure UTI operation in the appropriate interface. These steps must be completed for the routers at both ends of the tunnel.

Configure an Ethernet Interface

Configure a POS Interface

Configure a Frame Relay Subinterface

Configure an Ethernet Interface

Follow the steps below to change the selected Ethernet interface to UTI, bind it to the tunnel, and start it

 
Command
Purpose

Step 1 

Router(config)# interface type slot/port

Enters interface configuration mode.

Step 2 

Router(config-if)# no ip address

Removes the specified IP address.

Step 3 

Router(config-if)# no ip directed-broadcast

Note This command is entered by default on the interface and only needs to be entered if previously changed.

Disables directed broadcast-to-physical broadcast translation on the interface.

Step 4 

Router(config-if)# no ip mroute-cache

Note This step is necessary only for the 12000 series Internet Router.

Disables IP multicast fast switching

Step 5 

Router(config-if)# uti-tunnel Tunnelnumber

Bind the physical interface to the logical UTI tunnel interface.

.

Configure a POS Interface

Follow the steps below to change the selected POS interface to UTI, bind it to the tunnel and start it

 
Command
Purpose

Step 1 

Router(config)# interface POS slot/port

Enters interface configuration mode.

Step 2 

Router(config-if)#  ip address ip address

Enters the IP address

Step 3 

Router(config-if)# no ip directed-broadcast

Note This command is entered by default on the interface and only needs to be entered if previously changed.

Disables directed broadcast-to-physical broadcast translation on the interface.

Step 4 

Router(config-if)# no ip mroute-cache

Note This command is no t necessary on 10700 series Internet routers. This step is necessary only on 12000 series Internet routers.

Disables IP multicast fast switching

Step 5 

Router(config-if)# no keepalive

Note This step is necessary only for the 12000 series Internet Router.

Disables the keepalive sequence, which is part of the Local Management Interface (LMI) protocol.

Step 6 

Router(config-if)# clock source internal

Specifies that the interface will clock its transmitted data from the internal clock.

Step 7 

Router(config-if)# uti-tunnel Tunnelnumber

Bind the physical interface to the logical UTI tunnel interface.

.

Configure a Frame Relay Subinterface

To configure a UTI Frame Relay subinterface, the port must first be configured for Frame Relay encapsulation. The sub-interface is then selected, bound to a unique DLCI and to a UTI tunnel.

 
Command
Purpose

Step 1 

Router(config)# ip cef distributed

Note This step is necessary for the 7500 router only. Distributed CEF is enabled on the 12000 series routers by default and cannot be removed.

Enables distributed Cisco Express Forwarding (CEF) which Distributes CEF information to line cards. The line cards perform express forwarding.

Step 2 

Router(config)# interface POS slot/port

Selects the interface and enters interface configuration mode.

Step 3 

Router(config-if)# no ip address

Removes the specified IP address of the interface.

Step 4 

Router(config-if)# encapsulation frame-relay

Sets the encapsulation mode of the interface to Frame Relay.

Step 5 

Router(config-if)# no keepalive

Disables the keepalive sequence.

Step 6 

Router(config-if)# clock source internal

Specifies that the interface will clock transmitted data from the internal clock.

Step 7 

Router(config-if)# interface POS slot/port.channel

Selects the subinterface for configuration.

Step 8 

Router(config-if)# no ip address

Removes the IP address of the subinterface.

Step 9 

Router(config-if)# frame-relay interface dlci dlci

Assigns a data-link connection identifier (DLCI) to the specified Frame Relay subinterface.

Note The DLCI at the ingress router must be the same DLCI bound at the egress router.

Step 10 

Router(config-if)# uti-tunnel Tunnelnumber

Binds the subinterface to the UTI tunnel.

Configure a VLAN Subinterface

To configure a UTI VLAN subinterface, you must first configure a selected Ethernet port for VLAN 802.1Q encapsulation. Then you must bind the interface to a UTI tunnel and start it

 
Command
Purpose

Step 1 

Router(config)# interface FastEthernet slot/port

Selects the interface and enters interface configuration mode.

Step 2 

Router(config-if)# no ip address

Removes the specified IP address of the interface.

Step 3 

Router(config-if)# encapsulation dot1Q vlan_number

Sets the encapsulation mode of the interface to 802.1Q for a logical VLAN.

Step 4 

Router(config-if)# uti-tunnel Tunnelnumber

Binds the physical interface to the logical UTI tunnel interface.

.

Configure Routing

Complete the following steps for the routers at both ends of the tunnel.

 
Command
Purpose

Step 1 

Router(config-if)# ip cef

Enable CEF. CEF must be enabled either globally or on the UTI interface.

Step 2 

Router(config-if)# ip route dest-ip-address mask forwarding interface

Configure routing to the tunnel decapsulation point.

Configure the Tunnel Card (12000 Series Internet Routers Only)

UTI on the 12000 series Internet Router requires a tunnel card. This tunnel card must be an Engine 2 OC-48 POS card. Tunnel cards are not required with 7200, 7500, and 10700 series routers.

The tunnel cards must be configured in both routers. Complete the steps below for the tunnel cards in both routers. For each card, you must disable keepalives and the Cisco Discovery Protocol before the card is configured as a tunnel card. The interface must also be IP enabled with either the ip unnumbered command or the ip address command. Once these steps are complete, the card can be configured as a tunnel card.


Note The tunnel card must use HDLC encapsulation, which is configured by default. In addition, the interface port on the tunnel card is automatically set to loopback internal. Do not remove this loopback or all tunnels will be dropped.


 
Command
Purpose

Step 1 

Router# configure terminal

Enters configuration mode.

Step 2 

Router(config)# interface POS slot/port

Selects the POS interface for configuration.

Step 3 

Router(config-if)# no keepalive

Disables the keepalive sequence.

Step 4 

Router(config-if)# no cdp enable

Disables the Cisco Discovery Protocol.

Step 5 

Router(config-if)# ip unnumbered


or


Router(config-if)# ip address ip address

Enables IP processing without assigning an explicit IP address to the interface.

or

Assigns a specific IP address to the interface.

Note To generate ARP requests and other similar activities, the interface must be IP-capable.

Step 6 

Router(config-if)# hw-module slot <x> mode server

Configure the card in slot <x> as a tunnel card.

Verify the Route to the Tunnel Destination End Point


Step 1 To display the tunnel destination IP address for interfaces, use the show running-config interface tunnel command.

uti-egress#show running-config interface tunnel2000
Building configuration...

Current configuration :262 bytes
!
interface Tunnel2000
 no ip address
 no ip directed-broadcast
 tunnel source Loopback10
 tunnel destination 200.200.200.200
 tunnel mode uti raw
 tunnel key 123457
 tunnel uti high-key 1515870811
 tunnel uti local-session 52
 tunnel uti remote-session 69
end

Step 2 For Frame Relay subinterfaces, use the show running-config interface type slot/port.channel command to display the tunnel destination IP address.

uti-egress#show running-config interface pos 5/2.1
Building configuration...

Current configuration :124 bytes
!
interface POS5/2.1 point-to-point
 no ip directed-broadcast
 frame-relay interface-dlci 31
 uti-tunnel Tunnel1000
end

Step 3 Use the show ip route command to verify the IP routes are valid. There should be a valid entry for the tunnel destination address.

uti-egress#show ip route
Codes:C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR

Gateway of last resort is not set

     200.200.200.0/32 is subnetted, 1 subnets
O       200.200.200.200 [110/2] via 15.0.0.2, 20:30:28, POS5/0
     100.0.0.0/24 is subnetted, 1 subnets
C       100.100.100.0 is directly connected, Loopback10
     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.1.0 is directly connected, Ethernet0
     44.0.0.0/24 is subnetted, 1 subnets
C       44.44.44.0 is directly connected, Loopback0
     15.0.0.0/24 is subnetted, 1 subnets
C       15.0.0.0 is directly connected, POS5/0

Display Statistics for an Interface

Enter the following commands to view statistics and accounting for a UTI interface.


Step 1 To display the physical interface statistics of the customer network facing card, enter the EXEC command show interface type slot/port accounting.

uti-egress# show interface POS6/0 accounting
POS6/0
                Protocol    Pkts In   Chars In   Pkts Out  Chars Out
                      IP          4       1540          0          0
                     CDP          2        620          2        620

Step 2 To display the PVC counter statistics of the customer facing card, enter the EXEC command
show frame-relay pvc dlci.

uti-egress# show frame-relay pvc 31

PVC Statistics for interface POS5/2 (Frame Relay DTE)

DLCI = 31, DLCI USAGE = LOCAL, PVC STATUS = STATIC, INTERFACE = POS5/2.1

  input pkts 0             output pkts 0            in bytes 0
  out bytes 0              dropped pkts 0           in FECN pkts 0
  in BECN pkts 0           out FECN pkts 0          out BECN pkts 0
  in DE pkts 0             out DE pkts 0
  out bcast pkts 0         out bcast bytes 0
  pvc create time 00:01:06, last time pvc status changed 00:01:06

Step 3 To display the tunnel interface counters, enter the EXEC command
show interface tunnelnumber accounting. This command displays the number of packets of each protocol type that have been sent through the interface.

uti-egress#show interface Tunnel1000 accounting
Tunnel1000
                Protocol    Pkts In   Chars In   Pkts Out  Chars Out
                      IP         27       4154         11       1360

Note When a UTI VLAN interface is bound to a UTI tunnel, the packet and byte counters displayed for the specified tunnel are also the input and output statistics for the VLAN subinterface.



Configuration Examples

This section provides the following configuration examples:

Configuration Examples for the 7200, 7500, and 10700 Series Routers

Define the Loopback Address

Define the Tunnel

Configure the Interface for UTI

Configure the VLAN subinterface for UTI on a 10700 Router

Configure the TLS for VLAN subinterface for UTI on a 10700 Router

Configure Routing

Configuration Examples for 12000 Series Internet Routers

Define the Loopback Address

Define the Tunnel

Configure the Interface for UTI

Example for an Ethernet Interface

Example for a Frame Relay Point-To-Point Subinterface

Configure Routing

Configure the Tunnel Card

An example of a basic UTI configuration is shown in Figure 4. Be sure to complete all steps in Configuration Tasks.

Figure 4 Sample of a Basic UTI Configuration

Configuration Examples for the 7200, 7500, and 10700 Series Routers

Define the Loopback Address

This example defines the loopback address to act as a reference for decapsulation.

Router1(config)#interface loopback1
Router1(config-if)#ip address 7.7.7.7 255.255.255.255
Router1(config-if)#end

Router2(config)#interface loopback2
Router2(config-if)#ip address 8.8.8.8 255.255.255.255
Router2(config-if)#end

Define the Tunnel

This example binds the tunnel to a physical interface, identifies the source and destination, and sets the tunnel in UTI.

Router1(config)#interface Tunnel1
Router1(config-if)#ip unnumbered fastethernet 2/1
Router1(config-if)#tunnel source Loopback1
Router1(config-if)#tunnel destination 8.8.8.8
Router1(config-if)#tunnel mode uti raw
Router1(config-if)#tunnel key 123456789
Router1(config-if)#tunnel uti high-key 7654321
Router1(config-if)#tunnel uti local-session 314
Router1(config-if)#tunnel uti remote-session 159

Router2(config)#interface Tunnel2
Router2(config-if)#ip unnumbered fastethernet 2/1
Router2(config-if)#tunnel source Loopback2
Router2(config-if)#tunnel destination 7.7.7.7
Router2(config-if)#tunnel mode uti raw
Router2(config-if)#tunnel key 123456789
Router2(config-if)#tunnel uti high-key 7654321
Router2(config-if)#tunnel uti local-session 159
Router2(config-if)#tunnel uti remote-session 314
end

Configure the Interface for UTI

This example changes the selected interface to UTI, binds it to the tunnel, and starts it. This example is for an Ethernet interface.

Router1(config)#interface FastEthernet3/0
Router1(config-if)#no ip address
Router1(config-if)#uti-tunnel Tunnel1

Router2(config)#interface FastEthernet1/0
Router2(config-if)#no ip address
Router2(config-if)#uti-tunnel Tunnel2
end

Configure the VLAN subinterface for UTI on a 10700 Router

This example changes the selected subinterface to UTI, binds it to the tunnel, and starts it. This example is for a 802.1Q Fast Ethernet subinterface.

Router1(config)#interface FastEthernet2/1.2
Router1(config-if)#encapsulation dot1q 2
Router1(config-if)#no ip address
Router1(config-if)#uti-tunnel Tunnel1

Router2(config)#interface FastEthernet2/3.2
Router2(config-if)#encapsulation dot1q 2
Router2(config-if)#no ip address
Router2(config-if)#uti-tunnel Tunnel2
end

Configure the TLS for VLAN subinterface for UTI on a 10700 Router

This example applies a UTI tunnel to a Fast Ethernet port interface on a Cisco 10700 router so that all 802.1Q VLAN traffic is encapsulated in the UTI tunnel.

Router1(config)#interface FastEthernet2/1.2
Router1(config-if)#encapsulation dot1q 2
Router1(config-if)#no ip address
Router1(config)#interface FastEthernet2/1
Router1(config-if)#no ip address
Router1(config-if)#uti-tunnel Tunnel1

Router2(config)#interface FastEthernet2/3.2
Router2(config-if)#encapsulation dot1q 2
Router2(config-if)#no ip address
Router2(config)#interface FastEthernet2/3
Router2(config-if)#no ip address
Router2(config-if)#uti-tunnel Tunnel2
end

Configure Routing

This example enables CEF and configures routing to provide the tunnel decapsulation point.

Router1(config-if)#ip cef
Router1(config-if)#ip route 8.8.8.8 255.255.255.255 pos1/0

Router2(config-if)#ip cef
Router2(config-if)#ip route 7.7.7.7 255.255.255.255 pos2/0
end

Configuration Examples for 12000 Series Internet Routers

Define the Loopback Address

This example defines the loopback address to act as a reference for decapsulation.

Router1(config)#interface loopback1
Router1(config-if)#ip address 7.7.7.7 255.255.255.255

Router2(config)#interface loopback2
Router2(config-if)#ip address 8.8.8.8 255.255.255.255
end

Define the Tunnel

This example binds the tunnel to a physical interface, identifies the source and destination, and sets the tunnel in UTI.

Router1(config)#interface Tunnel1
Router1(config-if)#ip unnumbered fastethernet 2/1
Router1(config-if)#no ip directed-broadcast
Router1(config-if)#tunnel source Loopback1
Router1(config-if)#tunnel destination 8.8.8.8
Router1(config-if)#tunnel mode uti raw
Router1(config-if)#tunnel key 123456789
Router1(config-if)#tunnel uti high-key 7654321
Router1(config-if)#tunnel uti local-session 314
Router1(config-if)#tunnel uti remote-session 159
Router1(config-if)#tunnel tos 64
Router1(config-if)#tunnel ttl 254
Router1(config-if)#end

Router2(config)#interface Tunnel2
Router2(config-if)#ip unnumbered fastethernet 2/1
Router1(config-if)#no ip directed-broadcast
Router2(config-if)#tunnel source Loopback2
Router2(config-if)#tunnel destination 7.7.7.7
Router2(config-if)#tunnel mode uti raw
Router2(config-if)#tunnel key 123456789
Router2(config-if)#tunnel uti high-key 7654321
Router2(config-if)#tunnel uti local-session 159
Router2(config-if)#tunnel uti remote-session 314
Router2(config-if)#tunnel tos 64
Router2(config-if)#tunnel ttl 254
Router2(config-if)#end

Configure the Interface for UTI

This example changes the selected interface to UTI, binds it to the tunnel, and starts it.

Example for an Ethernet Interface

Router1(config)#interface FastEthernet3/0
Router1(config-if)#no ip address
Router1(config-if)#no ip directed-broadcast
Router1(config-if)#no ip mroute-cache
Router1(config-if)#uti-tunnel Tunnel1
Router1(config-if)#end

Router2(config)#interface FastEthernet1/0
Router2(config-if)#no ip address
Router2(config-if)#no ip directed-broadcast
Router2(config-if)#no ip mroute-cache
Router2(config-if)#uti-tunnel Tunnel2
Router2(config-if)#end

Example for a Frame Relay Point-To-Point Subinterface

Router1(config)# interface POS 5/2
Router1(config-if)# no ip address
Router1(config-if)# encapsulation frame-relay
Router1(config-if)# no keepalive
Router1(config-if)# clock source internal
Router1(config-if)# interface POS 5/2.1
Router1(config-if)# no ip address
Router1(config-if)# frame-relay interface dlci 31
Router1(config-if)# uti-tunnel Tunnel1
Router1(config-if)# end

Router2(config)# interface POS 4/2
Router2(config-if)# no ip address
Router2(config-if)# encapsulation frame-relay
Router2(config-if)# no keepalive
Router2(config-if)# clock source internal
Router2(config-if)# interface POS 4/2.1
Router2(config-if)# no ip address
Router2(config-if)# frame-relay interface dlci 31
Router2(config-if)# uti-tunnel Tunnel2
Router2(config-if)# end

Example for a UTI VLAN Point-To-Point Subinterface

Router1(config)# interface FastEthernet 7/1.200
Router1(config-if)# no ip address
Router1(config-if)# encapsulation dot1Q 3000
Router1(config-if)# frame-relay interface dlci 31
Router1(config-if)# end

Router2(config)# interface FastEthernet 8/1.000
Router2(config-if)# no ip address
Router2(config-if)# encapsulation frame-relay
Router2(config-if)# uti-tunnel Tunnel2
Router2(config-if)# end

Configure Routing

This example enables CEF and configures routing to provide the tunnel decapsulation point.

Router1(config-if)#ip cef
Router1(config-if)#ip route 8.8.8.8 255.255.255.255 pos1/0
Router1(config-if)#end

Router2(config-if)#ip cef
Router2(config-if)#ip route 7.7.7.7 255.255.255.255 pos2/0
Router2(config-if)#end

Configure the Tunnel Card

This example configures the tunnel card s to perform the UTI processing.

Router1# configure terminal
Router1(config)# interface POS 6/0 
Router1(config-if)# no keepalive
Router1(config-if)# no cdp enable
Router1(config-if)1# ip unnumbered
Router1(config-if)1# hw-module slot 6 mode server
Router1(config-if)1# end

Router2# configure terminal
Router2(config)# interface POS 6/0 
Router2(config-if)# no keepalive
Router2(config-if)# no cdp enable
Router2(config-if)1# ip unnumbered
Router2(config-if)1# hw-module slot 6 mode server
Router2(config-if)1# end

Command Reference

This section documents new and modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.0 command reference publications.

hw-module slot <x> mode server

tunnel mode uti raw

tunnel uti high-key

tunnel uti keepalive old

tunnel uti local-session

tunnel uti remote-session

uti-tunnel Tunnelnumber

hw-module slot <x> mode server

To identify the card in slot <x> as a tunnel card, use the hw-module slot <x> mode server command in interface configuration mode. To disable the card as a tunnel card, use the no form of this command.

hw-module slot <x> mode server

no hw-module slot <x> mode server

Syntax Description

x

Identifies the slot where the card is configured as a tunnel card.


Defaults

No default behavior or values.

Command Modes

Interface configuration

Command History

Release
Modification

12.0(18)S

This command was introduced.


Usage Guidelines

This command identifies the card in slot <x> as a tunnel card. This is mandatory on the 12000 series Internet Routers.

Examples

The following example specifies the card in slot 2 as the tunnel card:

hw-module slot 2 mode server

tunnel mode uti raw

To set the encapsulation mode for the tunnel interface, use the tunnel mode uti raw interface configuration command. To disable, use the no form of this command

tunnel mode uti raw

no tunnel mode

Syntax Description

uti raw

Sets the encapsulation mode of the tunnel to UTI, Layer 2 to Layer 2 tunnelling.


Defaults

No default behavior or values.

Command Modes

Interface configuration

Command History

Release
Modification

10.0

The tunnel mode command was introduced.

12.0(18)S

The uti raw keywords were added to support UTI Layer 2 to Layer 2 tunnelling on Cisco 7000 and 12000 series routers.

12.0(19)SP

The uti raw keywords were added to support UTI Layer 2 to Layer 2 tunnelling on Cisco 10720 Internet routers.


Examples

The following example sets the encapsulation mode of the tunnel to UTI:

tunnel mode uti raw

tunnel uti high-key

To set the value of the most significant longword in the UTI key field, use the tunnel uti high-key command in interface configuration mode. To disable, use the no form of this command.

tunnel uti high-key value

no tunnel uti high-key

Syntax Description

value

A value between 0 and (2^32 - 1)


Defaults

No default behavior or values.

Command Modes

Interface configuration

Command History

Release
Modification

12.0(18)S

This command was introduced on Cisco 7000 and 12000 series routers.

12.0(19)SP

This command was introduced on Cisco 10720 Internet routers.


Usage Guidelines

This command sets the value of the most significant longword in the UTI key field. The value of the key field in the UTI packet is:

<tunnel key> + <tunnel uti high-key> * 2 ^ 32

The same key value is used in both directions, and the packet key value must match the received key value in order for the packet to be received.

Packets received on a configured tunnel that fail to match the tunnel key are counted. These mismatched packets may be the result of a misconfiguration, or may be the result of an overt attempt to incorrectly inject traffic into the tunnel output stream.

Examples

The following example sets the UTI high key value as 200:

tunnel uti high-key 200

tunnel uti keepalive old

To enable the UTI keepalive functionality on one endpoint of a UTI tunnel configured between a Cisco 10720 Internet router and a Cisco 7000 series or Cisco 12000 series router, use the tunnel uti keepalive old command in interface configuration mode. To disable, use the no form of this command.

tunnel uti keepalive old

no tunnel uti keepalive old

Syntax Description

This command has no arguments or keywords.

Defaults

No default behavior or values.

Command Modes

Interface configuration

Command History

Release
Modification

12.0(21)SP

This command was introduced on Cisco 10720 Internet routers and Cisco 7000 series and Cisco 12000 series routers.


Usage Guidelines

When you configure a UTI tunnel between a Cisco 10720 Internet router running IOS Release 12.0(21)SP and a Cisco 7000 series or Cisco 12000 series router, use the tunnel uti keepalive old command to ensure interoperability between routers.

You must first use the keepalive command on the interface at each endpoint of the tunnel in order for the tunnel uti keepalive old command to take effect.

Examples

The following example enables UTI keepalive on one endpoint of a UTI tunnel between a Cisco 10720 and a Cisco 7000 or Cisco 12000 series router:

keepalive 10 5
tunnel uti keepalive old

tunnel uti local-session

To set the tunnel identifier used to map received UTI packets, use the tunnel uti local-session command in interface configuration mode. To disable, use the no form of this command.

tunnel uti local-session value

no tunnel uti local-session

Syntax Description

value

A number between 1 and 1023 to identify the tunnel.


Defaults

No default behavior or values.

Command Modes

Interface configuration

Command History

Release
Modification

12.0(18)S

This command was introduced on Cisco 7000 and 12000 series routers.

12.0(19)SP

This command was introduced on Cisco 10720 Internet routers.


Usage Guidelines

This command sets the tunnel identifier the router uses to map received UTI packets. This same value is entered in the remote router using the uti remote session command. The value 0 is reserved.

Examples

The following example sets the value of the UTI tunnel local identifier to 6:

tunnel uti local-session 6

Related Commands

Command
Description

tunnel uti remote-session <value>

Sets the value used in the UTI header tunnel identifier field. This value must match tunnel local session value at the other end of the tunnel.


tunnel uti remote-session

To set the value used in the UTI header tunnel identifier field, use the tunnel uti remote-session command in interface configuration mode. To disable, use the no form of this command.

tunnel uti remote-session value

no tunnel uti remote-session

Syntax Description

value

A number between 1 and 4294967295 used in the UTI header tunnel identifier field.


Defaults

No default behavior or values.

Command Modes

Interface configuration

Command History

Release
Modification

12.0(18)S

This command was introduced on Cisco 7000 and 12000 series routers.

12.0(19)SP

This command was introduced on Cisco 10720 Internet routers.


Usage Guidelines

This command sets the value used in the UTI header tunnel identifier field. It must match tunnel local session value at the other end of the tunnel. The value 0 is reserved.

Examples

The following example sets the UTI header tunnel identifier field to 6:

tunnel uti remote-session 6

Related Commands

Command
Description

tunnel uti local-session value

Sets the tunnel identifier used to map received UTI packets.


uti-tunnel Tunnelnumber

To bind the physical interface to the logical UTI tunnel interface, use the uti-tunnel Tunnelnumber command in interface configuration mode. To disable, use the no form of this command.

uti-tunnel Tunnelnumber

no uti-tunnel Tunnelnumber

Syntax Description

number

Tunnel number.


Defaults

No default behavior or values.

Command Modes

Interface configuration

Command History

Release
Modification

12.0(18)S

This command was introduced on Cisco 7000 and 12000 series routers.

12.0(19)SP

This command was introduced on Cisco 10720 Internet routers.


Usage Guidelines

This command sets an interface in UTI. An interface may be a physical interface or a subinterface.

Examples

The following example sets the interface in UTI:

uti-tunnel Tunnel6

Glossary

ACLAccess Control List

ATM—Asynchronous Transfer Mode

BGP—Border Gateway Protocol

CAM—Content-Addressable Memory

CDP—Cisco Discovery Protocol

CEF—Cisco Express Forwarding

DLCI—Data-link Connection Identifier

FRFrame Relay

GSR—Gigabit Switched Router: previous name for Cisco's 12000 series Internet Routers.

HDLC—High-Level Data Link Control

ICMP—Internet Control Message Protocol: an extension to the Internet Protocol (IP) that allows for the generation of error messages, test packets, and informational messages related to IP.

IP—Internet Protocol

ISIS—Intermediate System to Intermediate System. OSI link-state hierarchical routing protocol based on DECnet Phase V routing, whereby ISs (routers) exchange routing information based on a single metric to determine network topology.

LC—Line Card

LMI—Local Management Interface

MAC—Media Access Control: the lower sublayer of the OSI data link layer. The interface between a node's Logical Link Control and the network's physical layer.

MAC Address— The hardware address of a device connected to a shared network medium.

MIB—Management Information Base

MTU—Maximum Transmission Unit

OIR—Online Insertion and Removal

PIRC—Per Interface Rate Control

PLU—Packet Look Up: a stage in the PSA which performs a lookup on an IP address.

PoP—Post Processor: a stage in the PSA responsible for packet post-processing, such as building the packet buffer header for transmission over the fabric.

POS—Packet Over Sonet

PPP—Point to Point Protocol

pps—Packets per second

PreP—Pre-Processor: a stage in the PSA responsible for packet pre-processing, such as IP header validation.

PSA—Packet Switching ASIC: the ASIC on the performance OC-48 line card which does the "fast path" packet forwarding operations.

SONET—Synchronous Optical Network

TLU—Table Look Up: a stage in the PSA responsible for copying information to the PoP PHB and updating statistics.

TOS—Type Of Service byte of an IP header as it is defined in RFC 791.

TTL—Time To Live byte of an IP header as it is defined in RFC 791.

UTI—Universal Transport Interface

VPN—Virtual Private Network