This documentation has been moved
Cisco IOS XE Service Advertisement Framework Configuration Guide
Downloads: This chapterpdf (PDF - 743.0KB) The complete bookPDF (PDF - 1.65MB) | Feedback

Cisco IOS XE Service Advertisement Framework Configuration Guide

Table Of Contents

Cisco IOS XE Service Advertisement Framework Configuration Guide

Finding Feature Information

Contents

Prerequisites for Cisco SAF

Restrictions for Cisco SAF

Benefits of Cisco SAF

Information About Cisco SAF

Cisco SAF Overview

Cisco SAF Forwarder Overview

Cisco SAF Client Overview

Cisco SAF Client and SAF Forwarder Interaction Overview

Cisco SAF Service Identifier Number Formats

Cisco SAF and Role of Domains in a Network

Cisco SAF Virtual Routers

Cisco SAF Neighbor Relationships

Configuring a Cisco SAF Forwarder

Enabling Cisco SAF

Configuring Interface-Specific Commands for Cisco SAF

Configuring Cisco SAF for Multi-Topology Networks

Configuring Static Neighbor Relationships for Cisco SAF

Configuring Stub Routing for Cisco SAF

Configuring Route Authentication for Cisco SAF

Configuring Logs for Neighbor Changes and Warnings

Configuring the Percentage of Link Bandwidth Used for Cisco SAF

Setting Metric Dampening Intervals for Cisco SAF Interfaces

Change-based Dampening Configuration

Interval-based Dampening Configuration

Adjusting the Interval Between Hello Packets and the Hold Time

Disabling Split Horizon

Setting Metric Maximum Hops

Configuring a Cisco SAF Client

Prerequisites

Restrictions

Configuring a Cisco SAF External Client

Configuring Dynamic Neighbors

Neighbor Types

Remote Neighbor Session Policy

Neighbor Filter List

Maximum Remote Neighbors

Configuration Changes for Neighbor Filter List and Maximum Remote Neighbors

Remote Unicast-Listen (Point-to-Point) Neighbors

Remote Multicast-Group (Multipoint-to-Multipoint) Neighbors

Inheritance and Precedence of the Remote Neighbor Configurations

Prerequisites

Restrictions

Configuring Cisco SAF Dynamic Neighbors

Displaying Cisco SAF Statistics

Deleting Information from a Cisco SAF Configuration

Configuration Examples for Cisco SAF

Enabling Cisco SAF: Example

Configuring Cisco SAF Interfaces: Examples

Configuring Cisco SAF Topology: Example

Configuring Cisco SAF Stub Routing: Example

Configuring Cisco SAF with IP-RIP: Example

Configuring Cisco SAF with OSPF: Example

Configuring Cisco SAF with EIGRP: Example

Configuring Cisco SAF Forwarders Located on Separate LANs: Example

Configuring a Centralized Cisco SAF Forwarder: Example

Configuring a Cisco SAF Client: Examples

Configuring Logs for Neighbor Changes and Warnings: Example

Configuring Cisco Unified Communications Manager as a Cisco SAF Client: Example

Configuring Cisco SAF Dynamic Neighbors: Examples

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance

Feature Information for Cisco Service Advertisement Framework



Cisco IOS XE Service Advertisement Framework Configuration Guide


First Published: July 27, 2010
Last Published: March 28, 2011

Cisco Service Advertisement Framework (SAF) provides a mechanism that allows applications to discover the existence, location, and configuration of networked resources within networks. Cisco SAF allows a timely and reliable awareness of the services within networks, as applications advertise and discover services on networks.

A service is any information that a Cisco SAF Client application wishes to advertise, that can then be used by other Cisco SAF Client applications.

Finding Feature Information

Your software release may not support all the features documented in this configuration guide. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this guide, and to see a list of the releases in which each feature is supported, see the "Feature Information for Cisco Service Advertisement Framework" section.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.

Contents

Prerequisites for Cisco SAF

Restrictions for Cisco SAF

Benefits of Cisco SAF

Information About Cisco SAF

Configuring a Cisco SAF Forwarder

Configuring a Cisco SAF Client

Configuring Dynamic Neighbors

Displaying Cisco SAF Statistics

Deleting Information from a Cisco SAF Configuration

Configuration Examples for Cisco SAF

Additional References

Feature Information for Cisco Service Advertisement Framework

Prerequisites for Cisco SAF

Before configuring Cisco SAF, you should understand the concepts in this guide.

Before configuring neighbor relationships for Cisco SAF Forwarders located on separate LANs, ensure IP routing is configured between each Cisco SAF Forwarder.

Restrictions for Cisco SAF

Using the service-family ipv6 commands requires an IPv6-enabled SAF client, which currently does not exist.

Cisco SAF works independently of Cisco EIGRP routing.

Benefits of Cisco SAF

Traditionally, to locate services on a network, network applications must be configured with the hostname and the network address of the desired service or must use an overlay mechanism such as DNS. Existing protocols that support service advertisement provide periodic-based announcements of resource utilization. These network services are typically LAN-based.

Figure 1 shows a Cisco Unified Communications Manager network requiring a traditional configuration methodology.

Figure 1

Cisco Unified Communications Manager Traditional Configuration Methodology

Cisco SAF provides a framework that allows networking applications to automatically discover the existence, location, and configuration of networked services within networks. This automated discovery of services replaces the manual entry of complex configurations such as dial plans, that often require repetitive configuration changes. Cisco SAF also allows applications to advertise and discover their services. Cisco SAF allows you to create a configuration once, and then have it propagate to all devices that require the information.

Figure 2 shows a Cisco Unified Communications Manager network using Cisco SAF.

Figure 2

Cisco SAF Network Service Discovery Network with Cisco Unified Communications Manager

You can configure a Cisco SAF Client either on the same router as the Cisco SAF Forwarder or on an external router.

Information About Cisco SAF

To deploy Cisco SAF in your network, you should understand the following concepts.

Cisco SAF Overview

Cisco SAF Service Identifier Number Formats

Cisco SAF and Role of Domains in a Network

Cisco SAF Virtual Routers

Cisco SAF Neighbor Relationships

Cisco SAF Overview

Cisco SAF provides a framework that allows applications to discover the existence, location, and configuration of networked resources within networks. Cisco SAF allows a timely and reliable awareness of the services within networks, as applications advertise and discover services on networks. Service information distributes though a network of Cisco SAF cooperative nodes that assume specific functions to efficiently distribute knowledge of services and facilitate their discovery.

A non-SAF node is any node in a network that does not understand SAF. Non-SAF nodes are called "dark nets" and are required to traverse ISPs. Cisco SAF messages are IP-based and therefore are unaffected by dark nets.

These Cisco SAF cooperative network nodes are grouped into two major functional responsibilities:

Cisco SAF Forwarder

Cisco SAF Client

To configure Cisco SAF, you must configure both an SAF Forwarder and an SAF Client.

The flexibility of Cisco SAF allows you to configure a single edge router to act as a Cisco SAF Forwarder and a Cisco SAF Client, if necessary.

This section provides the following information:

Cisco SAF Forwarder Overview

Cisco SAF Client Overview

Cisco SAF Client and SAF Forwarder Interaction Overview

Cisco SAF Forwarder Overview

A Cisco SAF Forwarder receives services advertised by Cisco SAF Clients, distributes the services reliably through the network, and make services available for Cisco SAF Clients to use. A Cisco SAF Forwarder:

Ensures reliable delivery of service advertisements

Maintains knowledge of path redundancy

Is scalable

Minimizes the use of network bandwidth by using targeted multicast and unicast messages.

The Cisco SAF Forwarder can propagate service advertisements to other Cisco SAF Forwarders and can propagate across a LAN, campus network, WAN, or ISP.

A basic Cisco SAF Forwarder provides the relationship between Cisco SAF Clients and the framework. A Cisco SAF Forwarder is normally located at the edges or boundaries of a network. The Cisco SAF Forwarder receives service advertisements and stores a copy before forwarding the advertisement to its neighbor SAF nodes. The Client and forwarder relationship is to maintain the advertisement. If a Client removes a service or disconnects from the forwarder node, the node will inform the framework about the services that are no longer available. When the forwarder node receives advertisements from other forwarder nodes, it will keep a copy of the entire advertisement (Header and opaque data) and forward to other SAF peers.

You can configure a Cisco SAF Forwarder on a LAN to automatically allow dynamic discovery of services to all enabled interfaces, and at the same time, specify interfaces (static configuration) you want blocked to other interfaces attempting to discover their services.

You can configure a Cisco SAF Forwarder across a non-SAF node to automatically allow dynamic discovery of services. For example, Cisco SAF Forwarders join a common peer-group. You can also create static configurations (Unicast) between pairs of Cisco SAF Forwarders.


Note Multicast routing is required to allow dynamic discovery of services.


Cisco SAF Client Overview

A Cisco SAF Client is a producer (advertises to the network) or consumer of services (requests a service from the network), or both. When a Cisco SAF Client sends a register message to a Cisco SAF Forwarder, it establishes a relationship with the Cisco SAF Forwarder. The Cisco SAF Forwarder uses this register message to obtain a unique handle that distinctly identifies this Cisco SAF Client from others connected to it. Only after a Cisco SAF Client registers is it able to advertise (publish) to, or request (subscribe), services. Figure 3 shows a typical Cisco SAF network.

Figure 3

Cisco Service Advertisement Framework Network

When advertising a service, a Cisco SAF Client publishes (sends) advertisements to the Cisco SAF Forwarder that contain information about the service it offers. The Cisco SAF Client can send multiple publish requests, each advertising a distinct service. The Cisco SAF Forwarder advertises all services published by the Cisco SAF Client.

When requesting a service, the Cisco SAF Client sends a request notification of services using a subscribe request. The subscribe request contains a filter that describes the set of services in which the Cisco SAF Client is interested. In response to this request, the Cisco SAF Forwarder sends the current set of services that match the filter to the Cisco SAF Client in a series of notify requests. Multiple notify requests are sent in order to provide flow control; the Cisco SAF Client must respond to each notify request before the Cisco SAF Forwarder sends the next request. As with a publish request, the Cisco SAF Client can generate multiple subscribe requests, each with a different filter. The Cisco SAF Client can also generate an unsubscribe request, which removes one of its existing subscriptions.

Cisco SAF Client and SAF Forwarder Interaction Overview

In most situations, you would configure a Cisco SAF Client application with one or more IP addresses and ports that are used to connect to a Cisco SAF Forwarder. A Cisco SAF Client initiates a TCP connection to a Cisco SAF Forwarder. Once the TCP connection is established, a Cisco SAF Client sends a register message to the Cisco SAF Forwarder. This register message uniquely identifies the Cisco SAF Client from all other Cisco SAF Clients connected to the Cisco SAF Forwarder.

Once a Cisco SAF Client registers, it advertises a service by sending a publish request to a Cisco SAF Forwarder. A Cisco SAF Client can send multiple publish requests, each advertising a distinct service. Services are identified by a unique service ID, sub-service ID, and instance ID, and are described by service data. For more information on service identifiers, refer to "Cisco SAF Service Identifier Number Formats" section.

A Cisco SAF Forwarder advertises all services published by a Cisco SAF Client. Similarly, a Cisco SAF Client can request notification of services using a subscribe request. The subscribe request contains a filter that describes the set of services in which the Cisco SAF Client is interested. In response to this request, the Cisco SAF Forwarder sends to the Cisco SAF Client, in a series of notify requests, the current set of services that match the filter. Multiple notify requests are sent in order to provide flow control. The Cisco SAF Client must respond to each notify request before the Cisco SAF Forwarder will send the next request.

Similar to a publish request, the Cisco SAF Client can generate multiple subscribe requests, each with a different filter. The Cisco SAF Client can also generate an unsubscribe request, which removes one of its existing subscriptions.

A Cisco SAF Client and a Cisco SAF Forwarder use a shared secret for security. This shared secret consists of a username and a password. The username is an index that determines which password to use as the shared secret. When a Cisco SAF Client sends a request, it sends attributes including its username, the actual message contents, and the random password.

When a Cisco SAF Forwarder receives a request, it locates the username attribute and uses it to access its local copy of the password, and then computes similar computations the Cisco SAF Client performed. If the computations match, the Cisco SAF Client is authenticated and the request is known to be integrity protected. A Cisco SAF Forwarder can also elect to reject the request.

A Cisco SAF Forwarder requires verification regarding the liveliness of the Cisco SAF Client to advertise its services into the Cisco SAF network. A Cisco SAF Forwarder and a Cisco SAF Client exchange a liveliness timer at the time of registration. A Cisco SAF Forwarder considers a Cisco SAF Client failed if it has not seen a request from the Cisco SAF Client in a time period equal to the liveliness timer. A Cisco SAF Client ensures that the interval between requests never exceeds this value. If a Cisco SAF Client has no data to send, it generates a register message to refresh the timer on the server.

When a Cisco SAF Forwarder detects that the Cisco SAF Client has failed, it withdraws the services advertised on behalf of that Cisco SAF Client from the network and removes any subscriptions that the Cisco SAF Client had established. If the Cisco SAF Client has not failed, but just had a brief connection outage, it reconnects and re-registers with its previous handle informing the Cisco SAF Forwarder that it is operational. A Cisco SAF Client can be manually unregistered to gracefully cause a Cisco SAF Forwarder to withdraw all services and subscriptions.

Cisco SAF Service Identifier Number Formats

A service is any information that a Cisco SAF Client application wishes to advertise, that can then be used by other Cisco SAF Client applications. A service advertisement consists of service data. Service advertisements are propagated between forwarders using header data. Cisco SAF Clients that are interested in a service receive, and may inspect, service header and service data.

A service identifier number uniquely identifies the service on a network. The following example shows the format of a service identifier number:

service:sub-service:instance.instance.instance.instance

The service identifier is a 16-bit decimal identifier for the major service being advertised. A major service refers to a specific technology area, such as Cisco Unified Communications (UC). Service identifiers are assigned by Cisco to various customers requiring an SAF client.

The following example shows the service ID values for IP Everywhere and Cisco Unified Communications:

Cisco Defined Numbers 
    SAF_SERVICE_ID_IPE            	= 100 	 ! IP Everywhere
    SAF_SERVICE_ID_UC            	 = 101 				 ! Unified Communications

The sub-service identifier is a 16-bit decimal identifier for the minor service being advertised. A sub-service (also referred to as a minor service) refers to the type of service within a technology. For example, within UC:

Sub-service 1 is TDM gateway

Sub-service 2 is hosted-DN

Instance identifies a specific service advertisement for this kind of service. For example, service identifier 101:1:abcd.1234.ef.678 could be an advertisement of a UC (service 101) TDM gateway (sub-service 1) announced by the Communications Manager cluster in a certain location (instance abcd.1234.ef.678).

The instance identifier is a unique 128-bit number that identifies the specific service advertised.

Client teams define the use of sub-service and instance values for their applications. Clients must ensure instance uniqueness within a Cisco SAF domain.

Cisco SAF and Role of Domains in a Network

As the variety and number of network services grows, providing timely and reliable awareness of these services starts to play a more significant role in increasing productivity and efficiency. One of the biggest challenges in propagating service availability awareness over a WAN is one of scalability. As networks grow, the services offered by the devices on these networks increases. Protocols responsible for the service advertisement need to scale to handle this increased load. These protocols also need to react to rapid changes efficiently and propagate the new information in a timely manner.

Cisco SAF is designed to be a scalable solution for enterprise service locations and is capable of spanning LAN and WAN internet segments. As an enterprise solution, you can configure Cisco SAF to use domains to scale for very large networks. Just as Cisco Enhanced Interior Gateway Routing Protocol (EIGRP) defines the concept of an autonomous system in which routes can be searched for in a hierarchical manner, Cisco SAF employs the similar concept of a domain and sub-domains.

Cisco SAF provides a dynamic peer discovery and service advertisement propagation technique known as IP multicast. IP multicast requires the cooperation of IP Cisco SAF Forwarders (the devices that connect IP subnets together to form intranets). IP multicasting, however, may not be completely implemented across some intranets. In the absence of IP multicasting, Cisco SAF operates within the configured subnet, or within the groups of subnets over which IP multicast is supported.

Cisco SAF Forwarders offer two primary types of administrative domains (AD); a domain and a subdomain. A domain and a subdomain function the same with one notable exception; subdomains do not form unique neighbor relationships, but instead rely on a single peering.

Ideally, a network would only require a single domain to use for advertising all services. However, due to scaling and policy issues, some networks require the creation of multiple domains. The recommendation is to use a single domain. Consider using multiple domains when:

More than 30,000 services are registered in a single domain

Logical grouping of services is needed to restrict propagation of services

Closed groups are needed to prevent users from browsing services they are not allowed to access

Service redistribution allows different domains to exchange service information. Services may need to be bound to specific areas of the network, or the number of services in a given network my need to be limited. If you cannot use a single domain, service advertisement redistribution might be the solution.

Each domain on a network is separated into an administrative domain (AD). All Cisco SAF Forwarders in the same AD (running the same domain) have complete knowledge of the entire AS. A
Cisco Forwarder that connects two (or more) administrative domains is known as a border Forwarder. A border Forwarder advertises service information from one AS to another AS. Proper design should also be considered if multiple border Forwarders are used to avoid loops (information learned from one AD being sent back to the same AD).

Cisco SAF Virtual Routers

Cisco EIGRP Service-Family Support extends the named configuration to allow configuration of multiple instances, which operate independently. The addition of a Virtual Router ID (VRID) to the base Cisco EIGRP packet encoding allows for multiple instances.

As each virtual router is created, a VRID is assigned to the top level router and shared with the address families and service families that are configured under it.

Cisco SAF Neighbor Relationships

Cisco SAF Forwarders can operate in networks that do not have routers that support the Cisco SAF Forwarder protocol. These networks are referred to as "dark nets." There are two methods for configuring Cisco SAF Forwarders over IP networks that do not support Cisco SAF (IP clouds); unicast Cisco SAF neighbors and multicast Cisco SAF neighbors.

You can use a unicast configuration to provide a reliable point-to-point adjacency with neighbors. As the number of Cisco SAF Forwarders increases, you can use multicast to provide an efficient transport between multiple Cisco SAF neighbors. A single IP multicast group address can be used for multiple Cisco SAF neighbors to exchange SAF information in a peer-group.

Configuring a Cisco SAF Forwarder

To configure a Cisco SAF Forwarder, perform the tasks described in the following sections:

Enabling Cisco SAF (required)

Configuring Interface-Specific Commands for Cisco SAF (required)

Configuring Cisco SAF for Multi-Topology Networks (required)

Configuring Static Neighbor Relationships for Cisco SAF (required)

Configuring Stub Routing for Cisco SAF (required)

Configuring Route Authentication for Cisco SAF (required)

Configuring Logs for Neighbor Changes and Warnings (optional)

Configuring the Percentage of Link Bandwidth Used for Cisco SAF (optional)

Setting Metric Dampening Intervals for Cisco SAF Interfaces (optional)

Adjusting the Interval Between Hello Packets and the Hold Time (optional)

Disabling Split Horizon (optional)

Setting Metric Maximum Hops (optional)

Enabling Cisco SAF

To enable Cisco SAF and create a Cisco SAF service-discovery process, use the following commands:

SUMMARY STEPS

1. enable

2. configure terminal

3. router eigrp virtual-instance-name

4. service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

5. exit-service-family

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router eigrp virtual-instance-name

Example:

Router(config)# router eigrp saf

Enables an EIGRP virtual instance in global configuration mode.

Step 4 

service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

Example:

Router(config-router)# service-family ipv4 autonomous-system 4453

Enables a Cisco SAF service family for the specified autonomous system on the router.

Step 5 

exit-service-family

Example:

Router(config-router-sf)# exit-service-family

Exits service-family configuration mode.

Configuring Interface-Specific Commands for Cisco SAF

Cisco SAF provides an inheritance precedence for interface-specific commands. Configurations made in sf-interface configuration mode have priority over specific sf-interface and factory default configurations. To configure interface-specific commands under the service-family for Cisco SAF, use the following commands:

SUMMARY STEPS

1. enable

2. configure terminal

3. router eigrp virtual-instance-name

4. service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

5. sf-interface interface-name interface-number

6. sf-interface

7. exit-sf-interface

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router eigrp virtual-instance-name

Example:

Router(config)# router eigrp saf

Enables an EIGRP virtual instance in global configuration mode.

Step 4 

service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

Example:

Router(config-router)# service-family ipv4 autonomous-system 4453

Creates a Cisco SAF service family for the specified autonomous system on the router, which is enabled by default.

Step 5 

sf-interface interface-name interface-number

Example:

Router(config-router-sf)# sf-interface ethernet 0/0

Enables service-family interface configuration mode for the specified interface on the router.

Step 6 

sf-interface .....

Example:

Router(config-router-sf-interface)# sf-interface hello-interval 10

Enter the appropriate interface commands required for your configuration.

Step 7 

exit-sf-interface

Example:

Router(config-router-sf-interface)# exit-sf-interface

Exits service-family interface configuration mode.

Configuring Cisco SAF for Multi-Topology Networks

Use the following configuration to register clients and publish or subscribe services into a named topology. If you configure a second topology using an existing topology name, but with a different ID, it will replace the existing topology, rather than create two IDs for the same topology.

To configure Cisco SAF for multi-topology networks, use the following commands:

SUMMARY STEPS

1. enable

2. configure terminal

3. router eigrp virtual-instance-name

4. service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

5. topology base

6. exit-sf-topology

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router eigrp virtual-instance-name

Example:

Router(config)# router eigrp saf

Enables an EIGRP virtual instance in global configuration mode.

Step 4 

service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

Example:

Router(config-router)# service-family ipv4 autonomous-system 4453

Enables a Cisco SAF service family for the specified Autonomous system on the router.

Step 5 

topology base

Example:

Router(config-router-sf)# topology base

Enables service-family interface topology configuration mode and creates a topology base for the specified interface on the router.

Step 6 

exit-sf-topology

Example:

Router(config-router-sf-topology)# exit-sf-topology

Exits service-family interface topology configuration mode.

Configuring Static Neighbor Relationships for Cisco SAF

Use the following commands to configure static neighbor adjacencies between Cisco SAF Forwarders.

SUMMARY STEPS

1. enable

2. configure terminal

3. router eigrp virtual-instance-name

4. service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

5. neighbor {ip-address {interface-type interface-number | description word | maximum-service} maximum-service number [threshold-value] [dampened | reset-time | restart interval |    restart-count | warning-only]}

6. exit-service-family

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router eigrp virtual-instance-name

Example:

Router(config)# router eigrp saf

Enables an EIGRP virtual instance in global configuration mode.

Step 4 

service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

Example:

Router(config-router)# service-family ipv4 autonomous-system 4453

Enables a Cisco SAF service family for the specified autonomous system on the router.

Step 5 

neighbor {ip-address {interface-type interface-number} | description word | maximum-service} | maximum-service number [threshold-value] [dampened | reset-time | restart interval | restart-count | warning-only]}

Example:

Router(config-router-sf)# neighbor 10.10.10.1 Ethernet 0/0

Enables a Cisco SAF neighbor relationship for the specified interface on the router.

Step 6 

exit-service-family

Example:

Router(config-router-sf)# exit-service-family

Exits service-family configuration mode.

Configuring Stub Routing for Cisco SAF

You can configure a Cisco SAF Forwarder as a stub router. For complete information on Cisco EIGRP stub routing, refer to the Configuring EIGRP module in the Cisco IOS IP Routing: EIGRP Configuration Guide.

To create an Cisco SAF stub router, use the following commands:

SUMMARY STEPS

1. enable

2. configure terminal

3. router eigrp virtual-instance-name

4. service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

5. eigrp stub [receive-only | connected]

6. exit-service-family

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router eigrp virtual-instance-name

Example:

Router(config)# router eigrp saf

Enables an EIGRP virtual instance in global configuration mode.

Step 4 

service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system number

Example:

Router(config-router)# service-family ipv4 autonomous-system 4453

Enables a Cisco SAF service family for the specified autonomous system on the router.

Step 5 

eigrp stub [receive-only | connected]

Example:

Router(config-router-sf)# eigrp stub connected

Configures a stub router for Cisco SAF.

Step 6 

exit-service-family

Example:

Router(config-router-sf)# exit-service-family

Exits service-family configuration mode.

Configuring Route Authentication for Cisco SAF

Cisco SAF route authentication provides Message Digest 5 (MD5) authentication of routing updates from the routing protocol. The MD5 keyed digest in each packet prevents the introduction of unauthorized or false routing messages from unapproved sources. To configure route authentication for Cisco SAF, use the following commands:

SUMMARY STEPS

1. enable

2. configure terminal

3. router eigrp virtual-instance-name

4. service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

5. sf-interface interface-name interface-number

6. authentication key-chain name-of-chain

7. authentication mode {hmac-sha-256 {0 | 7} password | md5}

8. exit-sf-interface

9. exit-service-family

10. exit

11. key chain name-of-chain

12. key key-id

13. key-string text

14. accept-lifetime start-time [local {duration seconds | end-time | infinite}]

15. send-lifetime start-time [local {duration seconds | end-time | infinite}]

16. exit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router eigrp virtual-instance-name

Example:

Router(config)# router eigrp saf

Enables an EIGRP virtual instance in global configuration mode.

Step 4 

service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

Example:

Router(config-router)# service-family ipv4 autonomous-system 4453

Enables a Cisco SAF service family for the specified autonomous system on the router.

Step 5 

sf-interface interface-name interface-number

Example:

Router(config-router-sf)# sf-interface ethernet 0/0

Enables IPv4 service-family interface configuration mode for the specified interface on the router.

Step 6 

authentication key-chain name-of-chain

Example:

Router(config-router-sf-interface)# authentication key-chain example

Specifies an authentication key chain for EIGRP.

Step 7 

authentication mode {hmac-sha-256 {0 | 7} password | md5}

Example:

Router(config-router-sf-interface)# authentication mode md5

Enables IPv4 service-family authentication mode HMAC-SHA-256 or MD5 for the specified interface on the router.

Step 8 

exit-sf-interface

Example:

Router(config-router-sf-interface)# exit-sf-interface

Exits service-family interface configuration mode.

Step 9 

exit-service-family

Example:

Router(config-router-sf)# exit-service-family

Exits service-family configuration mode.

Step 10 

exit

Example:

Router(config-router)# exit

Exits router-configuration mode.

Step 11 

key-chain name-of-chain

Example:

Router(config)# key-chain example

Defines an authentication key chain needed to enable authentication for routing protocols and enters key-chain configuration mode.

Step 12 

key key-id

Example:

Router(config-keychain)# key example

Identifies an authentication string for a key.

Step 13 

key-string text

Example:

Router(config-keychain-key)# key-string example

Specifies the authentication string for a key.

Step 14 

accept-lifetime start-time [local {duration seconds | end-time | infinite}]

Example:

Router(config-router-sf-interface)# accept-lifetime example

Set the time period during that the authentication key in a key chain is received as valid.

Step 15 

send-lifetime start-time [local {duration seconds | end-time | infinite}]

Example:

Router(config-router-sf-interface)# send-lifetime example

Configures a time period during that an authentication key on a key chain is valid to be sent.

Step 16 

exit

Example:

Router(config-router-sf-interface)# exit

Exits service-family interface configuration mode.

Configuring Logs for Neighbor Changes and Warnings

By default, the system logs neighbor adjacency changes to help you monitor the stability of the routing system and detect problems. If you disabled logging of such changes and want to reenable the logging, use the following commands:

SUMMARY STEPS

1. enable

2. configure terminal

3. router eigrp virtual-instance-name

4. service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

5. eigrp log-neighbor-changes

6. eigrp log-neighbor-warnings

7. exit-service-family

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router eigrp virtual-instance-name

Example:

Router(config)# router eigrp saf

Enables an EIGRP virtual instance in global configuration mode.

Step 4 

service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

Example:

Router(config-router)# service-family ipv4 autonomous-system 4453

Enables a Cisco SAF service family for the specified autonomous system on the router.

Step 5 

eigrp log-neighbor-changes

Example:

Router(config-router-sf)# eigrp log-neighbor-changes

Enables the logging of changes in EIGRP service-family neighbor adjacencies.

Step 6 

eigrp log-neighbor-warnings seconds

Example:

Router(config-router-sf)# eigrp log-neighbor-warnings 60

Enables the logging of changes in service-family warning messages.

Step 7 

exit-service-family

Example:

Router(config-router)# exit-service-family

Exits service-family configuration mode.

Configuring the Percentage of Link Bandwidth Used for Cisco SAF

By default, packets consume a maximum of 50 percent of the link bandwidth, as configured with the bandwidth interface configuration command. You may want to change the value if a different level of link utilization is required or if the configured bandwidth does not match the actual link bandwidth (it may have been configured to influence route metric calculations). Use the following commands to configure the percentage of link bandwidth used for Cisco SAF.

SUMMARY STEPS

1. enable

2. configure terminal

3. router eigrp virtual-instance-name

4. service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

5. sf-interface interface-name interface-number

6. bandwidth-percent maximum-bandwidth-percentage

7. exit-sf-interface

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router eigrp virtual-instance-name

Example:

Router(config)# router eigrp saf

Enables an EIGRP virtual instance in global configuration mode.

Step 4 

service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

Example:

Router(config-router)# service-family ipv4 autonomous-system 4453

Enables a Cisco SAF service family for the specified autonomous system on the router.

Step 5 

sf-interface interface-name interface-number

Example:

Router(config-router-sf)# sf-interface ethernet0/0

Enables service-family interface configuration mode for the specified interface on the router.

Step 6 

bandwidth-percent maximum-bandwidth-percentage

Example:

Router(config-router-sf-interface)# bandwidth-percent 75

Configures the maximum percentage of bandwidth used by the link for Cisco SAF.

Step 7 

exit-sf-interface

Example:

Router(config-router-sf-interface)# exit-sf-interface

Exits service-family interface configuration mode.

Setting Metric Dampening Intervals for Cisco SAF Interfaces

Because metric components can be changed rapidly, the frequency of the changes can have an impact on the network. Frequent changes require that prefixes learned though the SAF interface be updated and sent to all adjacencies. This update can result in further updates and in a worst-case scenario, cause network-wide churn. To prevent such effects, metrics can be dampened or thresholds set so that any change that does not exceed the dampening threshold is ignored.

Network changes that cause an immediate update include any change in a metric that results in the router selecting a new nexthop or a down interface or router.

Dampening the metric changes can be configured based on a change or on a time interval.

If the dampening method is:

Change-based, changes in routes learned though a specific interface or in the metrics for a specific interface will not be advertised to adjacencies until the computed metric changes from the last advertised value are significant enough to cause an update to be sent.

Interval-based, changes in routes learned though a specific interface or in the metrics for a specific interface will not be advertised to adjacencies until the specified interval is met or unless the change results in a new route path selection. When the timer expires, routes that have outstanding changes to report are sent. If a route changes and the final metric of the route matches the last updated metric, no updated routes are sent.

Refer to the following sections for information on configuring change-based and interval-based metric dampening configurations.

Change-based Dampening Configuration

Interval-based Dampening Configuration

Change-based Dampening Configuration

Use the following commands to set the maximum change-based dampening percentage for Cisco SAF interfaces.

SUMMARY STEPS

1. enable

2. configure terminal

3. router eigrp virtual-instance-name

4. service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

5. sf-interface interface-name interface-number

6. dampening-change [change-percentage]

7. exit-sf-interface

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router eigrp virtual-instance-name

Example:

Router(config)# router eigrp saf

Enables an EIGRP virtual instance in global configuration mode.

Step 4 

service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

Example:

Router(config-router)# service-family ipv4 autonomous-system 4453

Enables a Cisco SAF service family for the specified autonomous system on the router.

Step 5 

sf-interface interface-name interface-number

Example:

Router(config-router-sf)# sf-interface ethernet0/0

Enables service-family interface configuration mode for the specified interface on the router.

Step 6 

dampening-change [change-percentage]

Example:

Router(config-router-sf-interface)# dampening-change 50

Configures the percentage of change in a route learned through an EIGRP service-family interface that causes an update to be advertised to adjacent peers.

Step 7 

exit-sf-interface

Example:

Router(config-router-sf-interface)# exit-sf-interface

Exits service-family interface configuration mode.

Interval-based Dampening Configuration

Use the following commands to configure the interval-based dampening for Cisco SAF interfaces. The value you configure sets the interval when updates occur for topology changes that affect Cisco SAF interfaces and peers.

SUMMARY STEPS

1. enable

2. configure terminal

3. router eigrp virtual-instance-name

4. service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

5. sf-interface interface-name interface-number

6. dampening-interval [interval]

7. exit-service-family

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router eigrp virtual-instance-name

Example:

Router(config)# router eigrp saf

Enables an EIGRP virtual instance in global configuration mode.

Step 4 

service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

Example:

Router(config-router)# service-family ipv4 autonomous-system 4453

Enables a Cisco SAF service family for the specified autonomous system on the router.

Step 5 

sf-interface interface-name interface-number

Example:

Router(config-router-sf)# sf-interface ethernet0/0

Enables service-family interface configuration mode for the specified interface on the router.

Step 6 

dampening-interval [interval]

Example:

Router(config-router-sf-interface)# dampening-interval 30

Sets the EIGRP interval-based dampening interval.

Step 7 

exit-sf-interface

Example:

Router(config-router-sf-interface)# exit-sf-interface

Exits service-family interface configuration mode.

Adjusting the Interval Between Hello Packets and the Hold Time

Routing devices periodically send hello packets to each other to dynamically learn of other routers on their directly attached networks. This information is used to discover neighbors and to learn when neighbors become unreachable or inoperative.

By default, hello packets are sent every 5 seconds. The exception is on low-speed, nonbroadcast multiaccess (NBMA) media on which the default hello interval is 60 seconds. Low speed is considered to be a rate of T1 or slower as specified in the bandwidth interface configuration command. The default hello interval remains at 5 seconds for high-speed NBMA networks. Note that for the purposes of Frame Relay and Switched Multimegabit Data Service (SMDS), networks may or may not be considered to be NBMA. These networks are considered NBMA if the interface has not been configured to use physical multicasting; otherwise they are not considered NBMA.

The hold time is advertised in hello packets and indicates to neighbors the length of time they should consider the sender valid. The default hold time is three times the hello interval, or 15 seconds. For slow-speed NBMA networks, the default hold time is 180 seconds. On congested and large networks, the default hold time might not be sufficient time for all routers to receive hello packets from their neighbors. In this case, you may want to increase the hold time. Do not adjust the hold time without advising your technical support personnel. To change the hold time on a specific interface for a particular routing process designated by the autonomous system number, use the hold time command.

You can adjust the interval between hello packets and the hold time. To change the interval between hello packets and the hold time, use the following commands in interface configuration mode.

SUMMARY STEPS

1. enable

2. configure terminal

3. router eigrp virtual-instance-name

4. service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system number

5. sf-interface interface-name interface-number

6. hello-interval seconds

7. hold-time seconds

8. exit-sf-interface

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router eigrp virtual-instance-name

Example:

Router(config)# router eigrp saf

Enables an EIGRP virtual instance in global configuration mode.

Step 4 

service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

Example:

Router(config-router)# service-family ipv4 autonomous-system 4453

Enables a Cisco SAF service family for the specified autonomous system on the router.

Step 5 

sf-interface interface-name interface-number

Example:

Router(config-router-sf)# sf-interface ethernet0/0

Enables service-family interface configuration mode for the specified interface on the router.

Step 6 

hello-interval seconds

Example:

Router(config-router-sf-interface)# hello-interval 50

Configures a time period for an EIGRP service-family process.

Step 7 

hold-time seconds

Example:

Router(config-router-sf-interface)# hello-interval 50

Configures a time period for an EIGRP service-family routing process designated by an autonomous system number.

Step 8 

exit-sf-interface

Example:

Router(config-router-sf-interface)# exit-sf-interface

Exits service-family interface configuration mode.

Disabling Split Horizon

When split horizon is enabled on an interface, it blocks route information (such as update and query packets) from being advertised by a router out of any interface from which that information originates. Controlling update and query packets in this manner reduces the possibility of routing loops.

This behavior usually optimizes communications among multiple routing devices, particularly when links are broken. However, with nonbroadcast networks (such as Frame Relay and SMDS), situations can arise for which this behavior is less than ideal. For these situations, including networks in which you have Cisco SAF configured, you may want to disable split horizon.

By default, split horizon is enabled on all interfaces. To disable split horizon, use the no split-horizon command in interface configuration mode.

SUMMARY STEPS

1. enable

2. configure terminal

3. router eigrp virtual-instance-name

4. service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

5. sf-interface interface-name interface-number

6. no split-horizon

7. exit-sf-interface

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router eigrp virtual-instance-name

Example:

Router(config)# router eigrp saf

Enables an EIGRP virtual instance in global configuration mode.

Step 4 

service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

Example:

Router(config-router)# service-family ipv4 autonomous-system 4453

Enables a Cisco SAF service family for the specified autonomous system on the router.

Step 5 

sf-interface interface-name interface-number

Example:

Router(config-router-sf)# sf-interface ethernet0/0

Enables service-family interface configuration mode for the specified interface on the router.

Step 6 

no split-horizon

Example:

Router(config-router-sf-interface)# no split-horizon

Disables split-horizon.

Step 7 

exit-sf-interface

Example:

Router(config-router-sf-interface)# exit-sf-interface

Exits service-family interface configuration mode.

Setting Metric Maximum Hops

Maximum hops limits the number of hops a service can propagate to advertise its service. The default number of maximum hops is 100.

To limit the number of hops used to advertise a service, use the following commands:

SUMMARY STEPS

1. enable

2. configure terminal

3. router eigrp virtual-instance-name

4. service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

5. sf-interface interface-name interface-number

6. metric maximum-hops hop-count

7. exit-sf-interface

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router eigrp virtual-instance-name

Example:

Router(config)# router eigrp saf

Enables an EIGRP virtual instance in global configuration mode.

Step 4 

service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

Example:

Router(config-router)# service-family ipv4 autonomous-system 4453

Enables a Cisco SAF service family for the specified autonomous system on the router.

Step 5 

sf-interface interface-name interface-number

Example:

Router(config-router-sf)# sf-interface ethernet 0/0

Enables service-family interface configuration mode for the specified interface on the router.

Step 6 

metric maximum-hops

Example:

Router(config-router-sf-interface)# metric maximum-hops 5

Specifies a hop count to have the IP routing software advertise as unreachable routes.

Step 7 

exit-sf-interface

Example:

Router(config-router-sf-interface)# exit-sf-interface

Exits service-family interface configuration mode.

Configuring a Cisco SAF Client

This section describes the tasks to configure a Cisco Service Advertisement Framework (Cisco SAF) Client.

Cisco SAF Clients connect to the Cisco SAF network in one of two ways:

Reside on the same router as a Cisco SAF Forwarder, in which case the Cisco SAF Client uses an internal API to connect to a Cisco SAF Forwarder.

Be external to a Cisco SAF Forwarder. In this configuration, the SAF Client is referred to as a Cisco SAF External Client, and it requires a protocol interface for connecting to the Cisco SAF Forwarder.

Prerequisites

Before configuring:

Cisco SAF Clients, you should understand the concepts in the "Cisco SAF Client Overview" section.

Neighbor relationships for Cisco SAF External Clients located on separate LANs, ensure that you have IP routing configured between each Cisco External Client.

Restrictions

Cisco SAF currently supports a maximum of 50 Cisco SAF External Clients.

Configuring a Cisco SAF External Client

To configure a Cisco SAF External Client, use the following commands:

SUMMARY STEPS

1. enable

2. configure terminal

3. router eigrp virtual-instance-name

4. service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

5. topology base

6. external-client client_label

7. exit-sf-topology

8. exit-service-family

9. exit

10. service-family external-client listen {ipv4 | ipv6} tcp_port_number

11. external-client client-label

12. username user-name

13. password password-name

14. keepalive number

15. exit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router eigrp virtual-instance-name

Example:

Router(config)# router eigrp saf

Enables an EIGRP virtual instance in global configuration mode.

Step 4 

service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

Example:

Router(config-router)# service-family ipv4 autonomous-system 4453

Enables a Cisco SAF service family for the specified autonomous system on the router.

Step 5 

topology base

Example:

Router(config-router-sf)# topology base

Enables service-family interface topology configuration mode for the specified interface on the router.

Step 6 

external-client client-label

Example:

Router(config-router-topology)# external-client example

Configures a Cisco SAF External Client with the specified Client label.

Step 7 

exit-sf-topology

Example:

Router(config-router-sf-topology)# exit-sf-topology

Exits service-family topology configuration mode.

Step 8 

exit-service-family

Example:

Router(config-router-sf)# exit-service-family

Exits service-family configuration mode.

Step 9 

exit

Example:

Router(config-router)# exit

Exits router configuration mode.

Step 10 

service-family external-client listen {ipv4 | ipv6} tcp_port_number

Example:

Router(config)# service-family external-client listen ipv4 5050

Configures a Cisco SAF External Client TCP port to use to communicate with a Cisco SAF Forwarder. The valid port range is 1024 to 65536.

Step 11 

external-client client-label basename

Example:

Router(config-external-client)# external-client example basename

Configures a Cisco SAF External Client with the specified client label and optionally, a basename.

Specifying the basename keyword allows SAF external clients to use a naming convention based on the client-label. The naming convention takes the form of client-label@[1-50] where you can specify a maximum of 50 SAF external clients.
For example, if the external-client command specifies a client label of example, then the basename for a SAF external client would be example@1. Another SAF external client would be example@2, and so on up to a maximum of 50 basenames (@50).

Step 12 

username user-name

Example:

Router(config-external-client)# username example

Enables external-client label configuration mode and configures a Cisco SAF External Client with the specified username.

Step 13 

password password-name

Example:

Router(config-external-client-mode)# password examplepass

Configures a password for a Cisco SAF External Client. The minimum password length is 11 characters.

Step 14 

keepalive number

Example:

Router(config-external-client-mode)# keepalive 360000

(Optional) Specifies the keepalive timer for the Cisco SAF External Client. The keepalive value is in milliseconds (msecs). The default is 9600 msecs.

Step 15 

exit

Example:

Router(config-external-client-mode)# exit

Exits external-client label configuration mode.

Configuring Dynamic Neighbors

When neighbors are not adjacent, normal Cisco SAF peering mechanisms cannot be used to exchange SAF information over the networking cloud. The neighbors are often multiple hops away, and separated by dark nets (routers not running SAF).

To support this type of network, SAF provides the neighbor command, which allows remote neighbors to be configured and sessions established though unicast packet transmission. However, as the number of Forwarders needing to exchange SAF information over the networking cloud increases, unicast SAF neighbor definitions may become cumbersome to manage. Each neighbor has to be manually configured, resulting in increased operational costs.

To better accommodate deployment of these topologies, ease configuration management, and reduce operational costs, the Dynamic Neighbors feature provides support for the dynamic discovery of remote unicast and multicast neighbors (referred to as "remote neighbors"). Remote neighbor support allows Cisco SAF peering to one or more remote neighbors, which may not be known at the time the router is configured, thus reducing configuration management.

This section contains the following major topics:

Neighbor Types

Remote Neighbor Session Policy

Remote Unicast-Listen (Point-to-Point) Neighbors

Remote Multicast-Group (Multipoint-to-Multipoint) Neighbors

Inheritance and Precedence of the Remote Neighbor Configurations

Neighbor Types

The following terms are used when describing neighbor types:

Local Neighbor—A neighbor that is adjacent on a shared subnet (or common subnet) and uses a link-local multicast address for packet exchange. This is the default type of neighbor in Cisco SAF.

Static Neighbor—Any neighbor that uses unicast to communicate, is one hop away, is on a common subnet, and whose IP address has been specified using the neighbor ip-address command.

Remote Neighbor—Any neighbor that is multiple hops away, including Remote Static Neighbors.

Remote Static Neighbor—Any neighbor that uses unicast to communicate, is multiple hops away, and whose IP address has been specified using the neighbor ip-address command.

Remote Multicast-Group—Any neighbor that is multiple hops away, but does not have its IP address manually configured using the neighbor ip-address command, and uses a configured multicast group address for packet exchange.

Remote Unicast-listen (or simply Unicast-listen)—Any neighbor that uses unicast to communicate, is multiple hops away, and whose IP address has not been configured using the neighbor ip-address command.

Remote Neighbor Session Policy

When using remote unicast-listen or remote multicast-group neighbor configurations, SAF neighbor IP addresses are not pre-defined, and neighbors may be many hops away. A router with this configuration could peer with any router that sends a valid HELLO packet. Because of security considerations, this open aspect requires policy capabilities to limit peering to valid routers and to restrict the number of neighbors to limit resource consumption. This capability is accomplished using the following manually configured parameters, and takes effect immediately.

Neighbor Filter List

Maximum Remote Neighbors

Configuration Changes for Neighbor Filter List and Maximum Remote Neighbors

Neighbor Filter List

The optional allow-list keyword, available in the remote-neighbors command, enables you to use an access list (Access Control List) to specify the remote IP addresses from which Cisco SAF neighbor connections may be accepted. If you do not use the allow-list keyword, then all IP addresses (permit any) will be accepted.

The Access Control List (ACL) defines a range of IPv4 or IPv6 IP addresses with the following conditions:

Any neighbor that has a source IP address that matches an IP address in the access-list will be allowed (or denied) based on the user configuration.

If the allow-list keyword is not specified, any IP address will be permitted (permit any).

The allow-list keyword is supported only for remote multicast-group and unicast-listen neighbors. It is not available for static, remote static, or local neighbors.

Incoming Cisco SAF packets that do not match the specified access list will be rejected.

Maximum Remote Neighbors

The optional max-neighbors keyword, available in the remote-neighbors command, enables you to specify a maximum number of remote neighbors that Cisco SAF can create using the remote neighbor configurations. When the maximum number of remote neighbors has been created for a configuration, Cisco SAF rejects all subsequent connection attempts for that configuration. This option helps to protect against denial-of-service attacks that attempt to create many remote neighbors in an attempt to overwhelm router resources.

The max-neighbors configuration option has the following conditions:

This option is supported only for remote multicast-group or unicast-listen neighbors. It is not available for local, static, or remote static neighbors.

There is no default maximum. If you do not specify a maximum number of remote neighbors, the number of remote neighbors is limited only by available memory and bandwidth.

Reducing the maximum number of remote neighbors to a number less than the current sessions will result in the neighbors (in no specific order) being dropped until the count reaches the new limit.

Configuration Changes for Neighbor Filter List and Maximum Remote Neighbors

When the allow-list or max-neighbors configurations are changed, any existing remote Cisco SAF sessions that are no longer allowed by the new configuration will be removed automatically and immediately. Pre-existing neighbors that are still allowed by the new configuration will not be affected.

Remote Unicast-Listen (Point-to-Point) Neighbors

For configurations in which multiple remote neighbors peer with a single hub (point-to-point), the hub can be configured for remote unicast-listen peering using the remote-neighbors command to allow the remote neighbors to peer with the hub without having to manually configure the remote neighbor IP addresses on the hub.

When configured with this command, the hub router:

Uses its interface IP address as the source IP address for any unicast transmissions. This IP address must be routable.

Requires neighbors peering with the hub to be configured using the neighbor ip-address loopback loopback-interface-number remote maximum-hops command where ip-address is the unicast address of the local router interface IP address.

Listens for unicast HELLO packets on the interface specified in the remote-neighbor command.

Accepts a unicast HELLO packet if it is in the IP address range configured using the allow-list keyword, or any unicast HELLO packet if an allow list is not defined.

Rejects multicast HELLO packets from any neighbor that is also sending unicast HELLO packets and is permitted by the unicast allow-list (or all neighbors if an allow-list is not defined).

Begins normal neighbor establishment using the IP addresses of the remote neighbors for packet transmission once the neighbor relationship is established.

Remote Multicast-Group (Multipoint-to-Multipoint) Neighbors

Multicast can be used to provide an efficient transport between multiple Cisco SAF neighbors. A single multicast-group address can be used for multiple Cisco SAF neighbors to exchange information within the same multicast-group. To configure multipoint-to-multipoint configurations, use the multicast-group keyword available in the remote neighbors command.

When configured with this command, the router:

Uses the interface IP address as the source IP address for any unicast transmissions. This IP address must be routable.

Uses the configured multicast-group address for all multicast packets sent and received.

Requires all forwarders and routers, which form the multipoint-to-multipoint neighbor relationships, to be configured using the same multicast-group IP address.

Requires multicast forwarding for the defined multicast-group address to be configured and functional for packet delivery.

Inheritance and Precedence of the Remote Neighbor Configurations

Static neighbors configured with the neighbor ip-address or the neighbor ip address remote commands take precedence over the remote neighbors that are created as a result of the remote-neighbors command. If the remote IP address of an incoming unicast Cisco SAF connection matches both a static neighbor and the remote unicast-listen neighbor access list, the static neighbor is used and no remote unicast-listen neighbor is created. If you configure a new static neighbor while a remote neighbor for the same remote IP address already exists, Cisco SAF automatically removes the remote unicast-listen neighbor.

Remote unicast-listen neighbors take precedence over remote multicast-group neighbors. If Cisco SAF is receiving both unicast and multicast HELLOs from the same remote IP address targeted at the same local interface, the neighbor will be treated as unicast (unicast-listen) rather than multicast (multicast-group) for packet exchange.

Prerequisites

Before configuring SAF dynamic neighbors, ensure that when using:

Unicast-listen mode—IP connectivity (reachability) exists between routers that need to do dynamic peering.

Multicast-group mode—Multicast is running on the network.

allow-list keyword—The Access Control List that will specify the remote IP addresses from which EIGRP neighbor connections may be accepted is configured.

Restrictions

The remote-neighbors command requires a loopback as a source interface.

Only named ACLs (Access Control Lists) are permitted with the allow-list keyword. Numbered ACLs configured are not permitted.

Within a service-family:

Only one remote-neighbors unicast-listen command and one remote-neighbors multicast-group command may be configured per interface. (For example, you cannot configure remote-neighbors source Loopback1 multicast-group 224.1.1.1 and remote-neighbors source Loopback1 multicast-group 224.1.1.2.) If you want to configure multiple different multicast-group addresses in the same service-family, you need to use multiple source interfaces.

A multicast-group address may only be associated to a single source interface. (For example, you cannot configure remote-neighbors source Loopback1 multicast-group 224.1.1.1 and remote-neighbors source Loopback2 multicast-group 224.1.1.1.)

Configuring Cisco SAF Dynamic Neighbors

To configure Cisco SAF dynamic neighbors, use the following commands:

SUMMARY STEPS

1. enable

2. configure terminal

3. router eigrp virtual-instance-name

4. service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

5. remote-neighbors source interface {unicast-listen | multicast-group group-address} [allow-list access-list-name] [max-neighbors max-remote-peers]

6. exit-service-family

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

router eigrp virtual-instance-name

Example:

Router(config)# router eigrp saf

Enables an EIGRP virtual instance in global configuration mode.

Step 4 

service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system autonomous-system-number

Example:

Router(config-router)# service-family ipv4 autonomous-system 4453

Enables a Cisco SAF service family for the specified autonomous system on the router.

Step 5 

remote-neighbors source interface {unicast-listen | multicast-group group-address} [allow-list access-list-name] [max-neighbors max-remote-peers]

Example:

Router(config-router-sf-interface)# remote-neighbors source Loopback1 unicast-listen allow-list myNeighborList

Configures a SAF process that enables remote neighbors to accept inbound connections from any remote IP address.

Use the:

allow-list keyword to use an access list (Access Control List) to specify the remote IP addresses from which Cisco SAF neighbor connections may be accepted. If you do not use the allow-list keyword, then all IP addresses (permit any) will be accepted.

max-neighbors keyword to specify the maximum number of remote neighbors. If you do not specify a number, the maximum number of remote neighbors is limited only by available memory and bandwidth.

Step 6 

exit-service-family

Example:

Router(config-router-sf)# exit-service-family

Exits service-family configuration mode.

Displaying Cisco SAF Statistics

To display Cisco SAF statistics, use the following commands in EXEC mode

Command
Purpose

show eigrp service-family {clients [detail] | external-client [name] | subscriptions [detail]}

Example:

Router# show eigrp service-family

Displays information about clients, external clients, or subscriptions configured for Cisco SAF.

show eigrp service-family {ipv4 | ipv6}
[vrf vrf-name] autonomous-system-number accounting

Example:

Router# show eigrp service-family ipv4 4453 accounting

Displays accounting information about Cisco SAF.

show eigrp service-family {ipv4 | ipv6}
[vrf vrf-name] autonomous-system-number clients [detail]

Example:

Router# show eigrp service-family ipv4 4453 clients

Displays information about Cisco SAF Clients.

show eigrp service-family {ipv4 | ipv6}
[vrf vrf-name] autonomous-system-number events [starting-event-number ending-event-number]

Example:

Router# show eigrp service-family ipv4 4453 events

Displays information about Cisco SAF events.

show eigrp service-family {ipv4 | ipv6}
[vrf vrf-name] autonomous-system-number interfaces [interface-type interface-number | detail]

Example:

Router# show eigrp service-family ipv4 4453 interfaces

Displays information about Cisco SAF interfaces.

show eigrp service-family {ipv4 | ipv6}
[vrf vrf-name] autonomous-system-number subscriptions [detail]

Example:

Router# show eigrp service-family ipv4 4453 subscriptions

Displays information about Cisco SAF subscriptions.

show eigrp service-family {ipv4 | ipv6}
[vrf vrf-name] autonomous-system-number timers

Example:

Router# show eigrp service-family ipv4 4453 timers

Displays information about Cisco SAF timers.

show eigrp service-family {ipv4 | ipv6}
[vrf vrf-name] autonomous-system-number summary

Example:

Router# show eigrp service-family ipv4 4453 summary

Displays information about Cisco SAF summaries.

show eigrp service-family {ipv4 | ipv6}
[vrf vrf-name] autonomous-system-number zero-successors

Example:

Router# show eigrp service-family ipv4 4453 zero-successors

Displays information about Cisco SAF zero successors.

show eigrp service-family {ipv4 | ipv6}
[vrf vrf-name] autonomous-system-number topology
[service-instance-number]

Example:

Router# show eigrp service-family ipv4 4453 topology

Displays information about the Cisco SAF topology table.

show eigrp service-family {ipv4 | ipv6}
[vrf vrf-name] autonomous-system-number topology active

Example:

Router# show eigrp service-family ipv4 4453 topology active

Displays only active entries for a Cisco SAF topology table.

show eigrp service-family {ipv4 | ipv6}
[vrf vrf-name] autonomous-system-number topology all-links

Example:

Router# show eigrp service-family ipv4 4453 topology all-links

Displays all active link entries for a Cisco SAF topology table.

show eigrp service-family {ipv4 | ipv6}
[vrf vrf-name] autonomous-system-number topology base [service-instance-number | clients [detail]]

Example:

Router# show eigrp service-family ipv4 4453 topology base clients

Displays information about a Cisco SAF topology base.

show eigrp service-family {ipv4 | ipv6}
[vrf vrf-name] autonomous-system-number topology detail-links

Example:

Router# show eigrp service-family ipv4 4453 topology detail-links

Displays information about Cisco SAF.

show eigrp service-family {ipv4 | ipv6}
[vrf vrf-name] autonomous-system-number topology events [starting-event-number ending-event-number]

Example:

Router# show eigrp service-family ipv4 4453 topology

Displays information about Cisco SAF.

show eigrp service-family {ipv4 | ipv6}
[vrf vrf-name] autonomous-system-number topology pending

Example:

Router# show eigrp service-family ipv4 4453 topology pending

Displays information about Cisco SAF.

show eigrp service-family {ipv4 | ipv6}
[vrf vrf-name] autonomous-system-number topology service-type [connected | external | internal | local | redistributed | summary]

Example:

Router# show eigrp service-family ipv4 4453 topology service-type connected

Displays information about the specified service type for a Cisco SAF topology table.

show eigrp service-family {ipv4 | ipv6}
[vrf vrf-name] autonomous-system-number topology sia-events [starting-event-number ending-event-number]

Example:

Router# show eigrp service-family ipv4 4453 topology sia-events

Displays logged Stuck in Active (SIA) events in the Cisco SAF topology table.

show eigrp service-family {ipv4 | ipv6}
[vrf vrf-name] autonomous-system-number topology sia-statistics [ip-address]

Example:

Router# show eigrp service-family ipv4 4453 topology sia-statistics 10.10.10.1

Displays Stuck in Active (SIA) statistics for a Cisco SAF topology table.

show eigrp service-family {ipv4 | ipv6}
[vrf vrf-name] autonomous-system-number topology summary

Example:

Router# show eigrp service-family ipv4 4453 topology summary

Displays a summary of a Cisco SAF topology table.

show eigrp service-family {ipv4 | ipv6}
[vrf vrf-name] autonomous-system-number topology zero-successors

Example:

Router# show eigrp service-family ipv4 4453 topology zero-successors

Displays information about available services that have zero successors in a Cisco SAF topology table.

.

Deleting Information from a Cisco SAF Configuration

To delete service-family information from a Cisco SAF configuration, use the following commands in EXEC mode.

Command
Purpose

clear eigrp service-family external-client external-client-name

Example:

Router# clear eigrp service-family external-client example

Deletes the specified client.

clear eigrp service-family {ipv4 | ipv6} [vrf vrf-name] autonomous-system-number

Example:

Router# clear eigrp service-family ipv4 4453

Deletes neighbors formed using the IPv4 or IPv6 protocol family for the specified autonomous system.

Optionally, you can delete all virtual routing forwarding (VRF) instance tables or a specific VRF table for an IP address.

Note Using the clear eigrp service-family ipv6 command requires an IPv6-enabled SAF client, which currently does not exist.

clear eigrp service-family neighbors [soft] [neighbors-address | interface-type interface-number]

Example:

Router# clear eigrp service-family neighbors Ethernet 0/0

Deletes neighbors formed using the IPv4 protocol family from the neighbor table.

Optionally, you can resynchronize with a peer without an adjacency reset (soft).

Optionally, you can delete the interface type and number from the neighbor table that contains all entries learned through this interface.

Configuration Examples for Cisco SAF

This section provides the following configuration examples:

Enabling Cisco SAF: Example

Configuring Cisco SAF Interfaces: Examples

Configuring Cisco SAF Topology: Example

Configuring Cisco SAF Stub Routing: Example

Configuring Cisco SAF with IP-RIP: Example

Configuring Cisco SAF with OSPF: Example

Configuring Cisco SAF with EIGRP: Example

Configuring Cisco SAF Forwarders Located on Separate LANs: Example

Configuring a Centralized Cisco SAF Forwarder: Example

Configuring a Cisco SAF Client: Examples

Configuring Logs for Neighbor Changes and Warnings: Example

Configuring Cisco Unified Communications Manager as a Cisco SAF Client: Example

Configuring Cisco SAF Dynamic Neighbors: Examples

Enabling Cisco SAF: Example

The following example enters router configuration mode, configures a Cisco SAF Forwarder, enables the service-family forwarder process, and configures an autonomous system named 4533.

Router(config)# router eigrp saf
Router(config-router)# service-family ipv4 autonomous-system 4533

Configuring Cisco SAF Interfaces: Examples

The following example places the router in service-family configuration mode and enables all interfaces.

Router(config)# router eigrp saf
Router(config-router)# service-family ipv4 autonomous-system 4533
Router(config-router-sf)# sf-interface default
Router(config-router-sf-interface)# no shutdown

The following example places the router in service-family configuration mode and enables Ethernet interface 0/0.

Router(config)# router eigrp saf
Router(config-router)# service-family ipv4 autonomous-system 4533
Router(config-router-sf)# sf-interface ethernet0/0

The following example places the router in service-family configuration mode and enables SAF on all interfaces, except the Ethernet0/0 interface.

Router(config)# router eigrp saf
Router(config-router)# service-family ipv4 autonomous-system 3
Router(config-router-sf)# interface default
Router(config-router-sf)# sf-interface ethernet0/0
Router(config-router-sf-interface)# shutdown
Router(config-router-sf-interface)# end

The following example places the router in service-family configuration mode and enables SAF on the Ethernet2/0 and Ethernet2/1 interfaces and disables all other interfaces.

Router(config)# router eigrp saf
Router(config-router)# service-family ipv4 autonomous-system 2
Router(config-router-sf)# sf-interface default
Router(config-router-sf-interface)# shutdown
Router(config-router-sf-interface)# sf-interface ethernet2/0
Router(config-router-sf-interface)# no shutdown
Router(config-router-sf-interface)# sf-interface ethernet2/1
Router(config-router-sf-interface)# no shutdown
Router(config-router-sf-interface)# end

Configuring Cisco SAF Topology: Example

The following examples configures a Cisco SAF topology base.

Router(config)# router eigrp saf
Router(config-router)# service-family ipv4 autonomous-system 4533
Router(config-router-sf)# sf-interface default
Router(config-router-sf-interface)# no shutdown
Router(config-router-sf-interface)# topology base

Configuring Cisco SAF Stub Routing: Example

The following examples configures a Cisco SAF Forwarder as a stub router.

Router(config)# router eigrp saf
Router(config-router)# service-family ipv4 autonomous-system 4533
Router(config-router-sf)# eigrp stub connected

Configuring Cisco SAF with IP-RIP: Example

The following configuration example enables Cisco SAF with IP-RIP routing on network 10.0.0.0.

Router(config)# router eigrp saf
Router(config-router)# service-family ipv4 autonomous-system 4533
Router(config-router-sf)# topology base
Router(config-router-sf-topology)# exit-sf-topology
Router(config-router-sf)# exit service-family
Router(config-router)# router rip
Router(config-router)# network 10.0.0.0

Configuring Cisco SAF with OSPF: Example

The following configuration example enables Cisco SAF with OSPF routing on network 10.0.0.0, area 0.

Router(config)# router eigrp saf
Router(config-router)# service-family ipv4 autonomous-system 4533
Router(config-router-sf)# topology base
Router(config-router-sf-topology)# exit-sf-topology
Router(config-router-sf)# exit service-family
Router(config-router)# router ospf 787
Router(config-router)# network 10.0.0.0  0.0.0.255 area 0

Configuring Cisco SAF with EIGRP: Example

The following configuration example enables Cisco SAF with EIGRP routing on network 10.0.0.0.

Router(config)# router eigrp saf
Router(config-router)# service-family ipv4 autonomous-system 6476
Router(config-router-sf)# network 10.0.0.0  0.0.0.255
Router(config-router-sf)# topology base
Router(config-router-sf-topology)# exit-af-topology
Router(config-router-sf)# exit-service-family
Router(config-router)# service-family ipv4 autonomous-system 4533
Router(config-router-sf)# topology base

Note There is no requirement to run routing over the same interfaces or networks in which services are distributed, however this could lead to services being distributed to areas where reachability is not guaranteed.


Configuring Cisco SAF Forwarders Located on Separate LANs: Example

The following examples configures two Cisco SAF Forwarders located on separate LANs.


Note Use loopback mode to configure remote neighbors.


Cisco SAF Forwarder 1:

Router(config)# interface loopback1
Router(config-if)# ip address 10.1.1.1 255.255.255.255
Router(config-if)# exit
Router(config)# router eigrp saf
Router(config-router)# service-family ipv4 autonomous-system 1
Router(config-router-sf)# neighbor 10.2.2.2 loopback1 remote 10

Cisco SAF Forwarder 2:

Router(config)# interface loopback1
Router(config-if)# ip address 10.2.2.2 255.255.255.255
Router(config-if)# exit
Router(config)# router eigrp saf
Router(config-router)# service-family ipv4 autonomous-system 1
Router(config-router-sf)# neighbor 10.1.1.1 loopback1 remote 10

Note This example assumes IP routing is configured between the two routers and the routers can ping both loopbacks.


Configuring a Centralized Cisco SAF Forwarder: Example

The following example configures a centralized Cisco SAF Forwarder from which all service advertisements will send to neighbors on IP addresses 10.4.15.5 and 10.4.15.1.

Router(config)# router eigrp saf
Router(config-router)# service-family ipv4 autonomous-system 4533
Router(config-router-sf)# sf-interface loopback0
Router(config-router-sf-interface)# no split-horizon
Router(config-router-sf-interface)# exit-sf-interface
Router(config-router-sf)# topology base
Router(config-router-sf-topology)# exit-sf-topology
Router(config-router-sf)# neighbor 10.4.15.5 Loopback0 remote 20
Router(config-router-sf)# neighbor 10.4.15.1 Loopback0 remote 20
Router(config-router-sf)# exit-service-family

Configuring a Cisco SAF Client: Examples

The following example configures a Cisco SAF External Client named example, with a username of username_example, a password of password_example, and a keepalive setting of 360000 seconds.

Router(config)# router eigrp saf
Router(config-router)# service-family ipv4 autonomous-system 4533
Router(config-router-sf)# topology base
Router(config-router-sf-topology)# external-client example
Router(config-router-sf-topology)# exit-sf-topology
Router(config-router-sf)# exit-service-family
Router(config-router)# exit
Router(config)# service-family external-client listen ipv4 3444
Router(config-external-client)# external-client example
Router(config-external-client-mode)# username username_example
Router(config-external-client-mode)# password password_example
Router(config-external-client-mode)# keepalive 360000

The following example configures eight Cisco SAF External Clients named example1 through example5, with usernames of username_example1 through username_example5, passwords of password_example1 through password_example5, and keepalive settings of 360000 seconds.

Router(config)# router eigrp saf
Router(config-router)# service-family ipv4 autonomous-system 4533
Router(config-router-sf)# topology base
Router(config-router-sf-topology)# external-client example1
Router(config-router-sf-topology)# external-client example2
Router(config-router-sf-topology)# external-client example3
Router(config-router-sf-topology)# external-client example4
Router(config-router-sf-topology)# external-client example5
Router(config-router-sf-topology)# exit-sf-topology
Router(config-router-sf)# exit-service-family
Router(config-router)# exit
Router(config)# service-family external-client listen ipv4 3444
Router(config-external-client)# external-client example1
Router(config-external-client-mode)# username username_example1
Router(config-external-client-mode)# password password_example1
Router(config-external-client-mode)# keepalive 360000
Router(config-external-client-mode)# external-client example2
Router(config-external-client-mode)# username username_example2
Router(config-external-client-mode)# password password_example2
Router(config-external-client-mode)# keepalive 360000
Router(config-external-client-mode)# external-client example3
Router(config-external-client-mode)# username username_example3
Router(config-external-client-mode)# password password_example3
Router(config-external-client-mode)# keepalive 360000
Router(config-external-client-mode)# external-client example4
Router(config-external-client-mode)# username username_example4
Router(config-external-client-mode)# password password_example4
Router(config-external-client-mode)# keepalive 360000
Router(config-external-client-mode)# external-client example5
Router(config-external-client-mode)# username username_example5
Router(config-external-client-mode)# password password_example5
Router(config-external-client-mode)# keepalive 360000

Configuring Logs for Neighbor Changes and Warnings: Example

By default, the system logs neighbor adjacency changes to help you monitor the stability of the routing system and detect problems. If you disabled logging of such changes and want to reenable the logging, use the commands as shown in the following example:

Router(config)# router eigrp saf
Router(config-router)# service-family ipv4 autonomous-system 4453
Router(config-router-sf)# eigrp log-neighbor-changes
Router(config-router-sf)# eigrp log-neighbor-warnings 60
Router(config-router-sf)# exit-service-family

Configuring Cisco Unified Communications Manager as a Cisco SAF Client: Example

The following example configures a Cisco Unified Communications Manager as a Cisco SAF Client.

Router(config)# router eigrp virtual-router
Router(config-router)# service-family ipv4 autonomous-system 4533
Router(config-router-sf)# topology base
Router(config-router-sf-topology)# external-client cucm
Router(config-router-sf-topology)# exit-sf-topology
Router(config-router-sf)# exit service-family
Router(config-router)# exit
Router(config)# service-family external-client listen ipv4 3444
Router(config-router-sf)# topology base
Router(config-router-sf-topology)# external-client cucm basename
Router(config-external-client)# username cucm
Router(config-external-client)# password example
Router(config-external-client)# keepalive 360000

Configuring Cisco SAF Dynamic Neighbors: Examples

The following examples show how to configure both routers involved in the neighbor relationship.

This example uses the unicast-listen keyword to configure remote neighbors to accept inbound connections from IP addresses that match the access list myNeighborList.

Router1(config)# interface Loopback1
Router1(config-if)# ip address 10.1.1.1 255.255.255.255
Router1(config-if)# exit
Router1(config)# ip access-list standard myNeighborList
Router1(config-std-nacl)# permit 10.0.0.0 0.255.255.255
Router1(config-std-nacl)# exit
Router1(config)# router eigrp virtual-name
Router1(config-router)# service-family ipv4 autonomous-system 4453
Router1(config-router-sf)# remote-neighbors source Loopback1 unicast-listen allow-list 
myNeighborList

Router2(config)# interface Loopback2
Router2(config-if)# ip address 10.2.2.2 255.255.255.255
Router2(config-if)# exit
Router2(config)# router eigrp virtual-name
Router2(config-router)# service-family ipv4 autonomous-system 4453
Router2(config-router-sf)# neighbor 10.1.1.1 Loopback2 remote 20

This example uses the multicast-group keyword to use IP multicast to discover remote neighbors and form remote neighbor relationships. It also specifies 30 as the maximum number of inbound connections from remote neighbors that a member of the multicast group may accept.

Router1(config)# interface Loopback1
Router1(config-if)# ip address 10.1.1.1 255.255.255.255
Router1(config-if)# ip pim sparse-mode
Router1(config-if)# exit
Router1(config)# router eigrp virtual-name
Router1(config-router)# service-family ipv4 autonomous-system 4453
Router1(config-router-sf)# remote-neighbors source Loopback1 multicast-group 224.44.56.1 
max-neighbors 30

Router2(config)# interface Loopback2
Router2(config-if)# ip address 10.2.2.2 255.255.255.255
Router2(config-if)# ip pim sparse-mode
Router2(config-if)# exit
Router2(config)# router eigrp virtual-name
Router2(config-router)# service-family ipv4 autonomous-system 4453
Router2(config-router-sf)# remote-neighbors source Loopback2 multicast-group 224.44.56.1 
max-neighbors 30

Additional References

The following sections provide references related to the Service Advertisement Framework technology.

Related Documents

Related Topic
Document Title

Cisco EIGRP technology implementation

The Cisco EIGRP Implementation

Cisco SAF commands: complete command syntax, command mode, defaults, usage guidelines, and examples

Cisco IOS Service Advertisement Framework Command Reference


Standards

Standard
Title

Cisco EIGRP


MIBs

MIB
MIBs Link

No new or modified MIBs are supported by this feature, and support for existing standards has not been modified by this feature.

To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:

http://www.cisco.com/go/mibs


RFCs

RFC
Title

None


Technical Assistance

Description
Link

The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

http://www.cisco.com/cisco/web/support/index.html


Feature Information for Cisco Service Advertisement Framework

Table 1 lists the releases that support SAF and SAF commands.

Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required.


Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature.


Table 1 Feature Information for Cisco Service Advertisement Framework 

Feature Name
Release
Feature Information

Cisco Service Advertisement Framework

Cisco IOS XE Release 2.5, Cisco IOS XE Release 3S

This feature allows applications to discover the existence, location, and configuration of networked resources within networks, and provides a timely and reliable awareness of the services within networks, as applications advertise and discover services on networks.

In Cisco IOS XE Release 2.5, this feature was introduced on the Cisco ASR 1000 Series Aggregation Services Routers.

The following commands were introduced in this feature:

authentication (service-family)

bandwidth-percent

clear eigrp service-family

dampening-change

dampening-interval

default external-client

default (SAF)

debug eigrp service-family

default-metric (EIGRP)

eigrp stub (service-family)

exit-service-family

exit-sf-interface

exit-sf-topology

external-client

keepalive (SAF)

maximum-service (EIGRP)

neighbors (service-family)

password (SAF)

service-family

service-family external-client listen

sf-interface

show eigrp service-family

show eigrp service-family ipv4 topology

show eigrp service-family ipv6 topology

show eigrp tech-support

shutdown

topology

username (SAF)

Cisco Service Advertisement Framework

Cisco IOS XE Release 2.5, Cisco IOS XE Release 3S, Cisco IOS XE Release 3.3S

The following commands were modified in this feature:

accept-lifetime

eigrp log-neighbor-changes

eigrp-log-neighbor-warnings

eigrp router-id

hello-interval

hold-time

key

key chain

key-string (authentication)

metric weights (EIGRP)

next-hop-self

send-lifetime

split-horizon

timers

In Release 3.3S, support was added for the Dynamic Neighbor feature. The following commands were introduced or modified: authentication mode, remote-neighbors source, show eigrp service-family external-client.