Cisco 7600 Series Ethernet Services Plus (ES+) and Ethernet Services Plus T (ES+T) Line Card Configuration Guide
Configuring Layer 3 and Layer 4 Features
Downloads: This chapterpdf (PDF - 1.46MB) The complete bookPDF (PDF - 8.48MB) | Feedback

Table of Contents

Configuring Layer 3 and Layer 4 Features

Layer 3 and Layer 4 Security ACL on Service Instance

Restrictions and Usage Guidelines

Configuring on a Service Instance

Configuring on a Port-Channel

Examples

Verification

Inline Video Monitoring on the Cisco 7600 Router

Media Delivery Index

Support for IP Delay Variation for 7600 Inline Video Monitoring

Internet Protocol-Constant Bit Rate (IP-CBR)

Support MPLS Encapsulation for 7600 Inline Video Monitoring

Configurable MPEG Video PIDs for Inline Video Monitoring

RTP Metrics support for 7600 Inline Video Monitoring

RTP Metrics

Support Switch-Port Interfaces for 7600 Inline Video Monitoring

Support PPPoE Encapsulation for 7600 Inline Video Monitoring

Inline Video Monitoring Support of MDI Metrics for RTP Encapsulated Flows

Inline Video Monitoring Support for Availability Metrics

Inline Video Monitoring Support for Uncompressed Video

Restrictions for Inline Video Monitoring

Supported Interfaces

Ingress and Egress Interfaces

Monitored Video Flows

Alerts and Event Notifications

Media Stop Events

Threshold Crossing Alerts

Flow Monitoring and Metric Computation

Provisioning the Metric

Verifying the Configuration

Troubleshooting the Inline Video Monitoring Implementation

Supported MIBs

IP Tunneling - IPv6 Rapid Deployment

Understanding IPv6 Rapid Deployment

Restriction for IPv6 Rapid Deployment.

Supported Features

Configuring IPv6 Rapid Deployment on the Cisco 7600 series router Platform

Configuring 6RD

Verifying the Configuration

Troubleshooting Tips

VRF aware IPv6 Rapid Deployment (6RD) tunnels

Restriction for VRF aware 6RD tunnels

Configuring VRF aware 6RD tunnel

Configuring IPv6 Overlay Addresses in VRF and IPv4 Transport Addresses in Global RT

Configuring IPv6 overlay addresses in VRF and IPv4 transport addresses in VRF

Verifying the Configuration

Troubleshooting

VRF aware IPv6 Tunnels over IPv4 Transport

Restrictions for VRF aware IPv6 tunnels

Configuring VRF aware IPv6 tunnel

Configure IPv6 overlay addresses in VRF and IPv4 transport addresses in Global RT

Configure IPv6 overlay addresses in VRF and IPv4 transport addresses in VRF

Verifying the Configuration

Troubleshooting Tips

IPv6 over IPv4-GRE Tunnels

Restrictions for IPv6 over IPv4-GRE tunnel

Configuring IPv6 over IPv4-GRE tunnel

Configure IPv6 traffic over IPv4-GRE

Configure VRF Aware IPv6 over IPv4-GRE Tunnel

Verifying the Configuration

Troubleshooting Tips

IPv6 Policy Based Routing

Policy Based Routing

Packet Matching

Packet Forwarding Using Set Statements

Restrictions for IPv6 PBR

Configuring IPv6 PBR

Configuring Layer 3 and Layer 4 Features

This chapter provides information about configuring Layer 3 and Layer 4 features on the Cisco 7600 Series Ethernet Services Plus (ES+) line card family (ES+, ES+T, ES+XT, ES+XC). It includes the following topics:

VRF aware IPv6 Rapid Deployment (6RD) tunnels

For more information about the commands used in this chapter, see the Cisco IOS Release 12.2 SR Command References at http://www.cisco.com/en/US/products/ps6922/prod_command_reference_list.html .


NoteThe information provided in this chapter is applicable to all the ES+ line card family unless specified otherwise.


Layer 3 and Layer 4 Security ACL on Service Instance

An ACL consists of a series of statements called ACL entries that define the network traffic profile. Each entry permits or denies network traffic (inbound and outbound) to the parts of your network specified in the entry. Each entry also contains a filter element that is based on criteria such as the source address, the destination address, the protocol, and protocol-specific parameters such as ports and so on.

The Layer 3 and Layer 4 ACLs on Service Instance feature permits you to configure ACLs under an Ethernet Virtual Circuit (EVC) on the Cisco 7600 Series ES+ line cards. Cisco IOS Release 15.1(1)S supports EVC port-channels.

Restrictions and Usage Guidelines

When configuring the Layer 3 and Layer 4 Security ACL on Service Instance feature on Cisco 7600 Series ES+ line cards, follow these restrictions and usage guidelines:

  • 8000 unique ACLs are supported per NP
  • 8000 ACEs are supported per ACL with only single ACL present
  • 8000 EVCs are supported per NP
  • If TCAM is full, filtering is not supported
  • IPv6 ACLs are not supported
  • Operators for Layer 4 attributes are not supported
  • time-range, dynamic range, and acl log are not supported
  • Layer 2 and Layer 3 ACLs cannot coexist on the same service instance
  • 8000 access control entries (ACEs) per ACL on EVC
  • The number of uniquely defined ACLs on the chassis is not affected by support on service instances
  • ACL configuration with ACEs that contain type of service (ToS) configuration is not supported, but differentiated services code point (DSCP) is supported
  • IP options are not supported.

Configuring on a Service Instance

SUMMARY STEPS

1. enable

2. configure terminal

3. interface gigabitethernet slot/port or interface tengigabitethernet slot/port

4. [no] ip address

5. service instance id ethernet [service-name]

6. ip access-group {access-list-name | access-list-number} {in | out}

DETAILED STEPS

 

Command
Purpose

Step 1

enable

 
Router# enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 3

interface gigabitethernet slot/port

or

interface tengigabitethernet slot/port

 

Router(config)# interface gigabitethernet 4/1

Specifies the Gigabit Ethernet or the Ten Gigabit Ethernet interface to configure, where:

  • slot/port—Specifies the location of the interface.

Step 4

[no] ip address

 

Router(config-if)# no ip address

Assigns an IP address and subnet mask to the EtherChannel.

Step 5

service instance id ethernet [service-name]

 

Router(config-if)# service instance 101 ethernet

Creates a service instance (an instantiation of an EVC) on an interface and sets the device into the config-if-srv submode.

Step 6

ip access-group {access-list-name | access-list-number} {in | out}

 

Router( config-if-srv )# ip access-group 101 out

Applies an IP access list to an interface.

Configuring on a Port-Channel

SUMMARY STEPS

1. enable

2. configure terminal

3. interface port-channel number

4. [no] ip address

5. service instance id ethernet [service-name]

6. ip access-group {access-list-name | access-list-number} {in | out}

DETAILED STEPS

 

Command
Purpose

Step 1

enable

 
Router# enable

Enables privileged EXEC mode.

  • Enter your password if prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 3

interface port-channel number

 

Router(config)# interface port-channel 12

Creates the port-channel interface.

Step 4

[no] ip address

 

Router(config-if)# no ip address

Assigns an IP address and subnet mask to the EtherChannel.

Step 5

service instance id ethernet [service-name]

 

Router(config-if)# service instance 101 ethernet

Creates a service instance (an instantiation of an EVC) on an interface and sets the device into the config-if-srv submode.

Step 6

ip access-group {access-list-name | access-list-number} {in | out}

 

Router(config-if)# ip access-group 101 out

Applies an IP access list to an interface.

Examples

In this example, the Layer 3 access control list below is applied under the EVC and a port-channel on a Cisco ES+ line card.

ip access-list extended l3acl
permit ip 1.1.1.1 255.255.255.255 any
permit ip 2.2.2.2 255.255.255.255 any
 
Router# enable
Router# configure terminal
Router(config)# interface GigabitEthernet 3/1
Router(config-if)# no ip address
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# ip access-group l3acl in/out
 
Router# enable
Router# configure terminal
Router(config)# interface port-channel 3/1
Router(config-if)# no ip address
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# ip access-group l3acl in/out
 

In this example, the Layer 4 access control list below is applied under the EVC and a port-channel on a Cisco ES+ line card.

ip access-list extended l4acl
permit tcp host 1.1.1.1 eq 30 any
 
Router# enable
Router# configure terminal
Router(config)# interface GigabitEthernet 3/1
Router(config-if)# no ip address
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# ip access-group l4acl in/out
 
Router# enable
Router# configure terminal
Router(config)# interface port-channel 3/1
Router(config-if)# no ip address
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# ip access-group l4acl in/out
 

Verification

Use the following commands to verify operation.

 

Command
Purpose

Router# show ethernet service evc [id evc-id | interface interface-id] [detail]

Displays information pertaining to a specific EVC if an EVC ID is specified, or pertaining to all EVCs on an interface if an interface is specified. The detail option provides additional information on the EVC.

Router# show ethernet service instance [id instance-id interface interface-id | interface interface-id] [detail]

Displays information about one or more service instances: If a service instance ID and interface are specified, only data pertaining to that particular service instance is displayed. If only an interface ID is specified, displays data for all service instances on the given interface.

Inline Video Monitoring on the Cisco 7600 Router

IP video is highly sensitive to delay and packet loss. It is estimated that nearly twenty percent of the access lines are of marginal quality, and a three millisecond (ms) packet loss results in a 500-1000 ms video degradation visible to the subscriber. A data loss in a multicast video stream in the core network affects multiple access and aggregation networks, and thousands of subscribers viewing the stream.

This feature provides the funtionality for inline video monitoring. Using the inline video monitoring, you can monitor the video inline in the router without using a video probe. A Video probe is an external device used for video monitoring. Video Monitoring feature enables you to monitor the video data flow in a network. These features are included in Inline Video Monitoring:

Media Delivery Index

The Media Delivery Index (MDI) metric provides a relative indicator of the required buffer depths at the consumer node due to packet jitter. It also gives an indication of the lost packets. MDI provides the Delay Factor (DF) and the Media Loss Rate (MLR) for the video flow. DF is the maximum difference between the arrival of a packet and the drain of the packet. MLR is the number of media packets lost over a certain time interval. Media Discontinuity Count (MDC) is a measure of the number of times discontinuity events occurred resulting in MLR. MDC metric is a Cisco proprietary standard.


NoteIn case of major data loss, the reported MDC & MLR values are capped to 65535 for an interval and reset to zero from the next interval.



NoteThe maximum value for DF is capped to 1000 ms.


Support for IP Delay Variation for 7600 Inline Video Monitoring

Previously, for inline video monitoring, the jitter buffer required by the end devices was calculated using the delay factor (DF) algorithm defined in RFC 4445. This algorithm was effective for constant bit rate (CBR) flows where the flow rate was consistent and helped calculate the DF accurately. However, in a variable bit rate (VBR) flow or inconsistent flow rate, the calculated DF was inaccurate, hence not very helpful to the service provider.

Effective from release 15.1(1)S, video monitoring on the Cisco 7600 Series Routers supports DF computation as IP Delay Variation (IPDV). The IPDV algorithm is independent of configured packet rate and is useful for a service provider to calculate accurate jitter buffer for VBR flows. You can configure either RFC 4445 or IPDV algorithm on a flow to calculate the DF. To configure the delay factor using either of these algorithms, use df algo_type command.


NoteDF computed using RFC4445 algorithm includes the inter-packet gap and hence it is never zero. But IPDV does not include the inter-packet gap and the computed DF can be zero.


These are the characteristics of IPDV configuration:

  • IPDV or MDI-DF on a per class basis with-in a policy-map is supported.
  • IPDV and MDI-DF can coexist within the same policy-map.
  • IPDV cannot co-exist with MDI-DF under the same class-map.
  • IPDV and MDI-DF can be configured under different class-maps under the same policy-map.

Advantages of using IPDV to calculate DF:

  • IPDV algorithm works with both CBR and VBR flows and reports only the network introduced delay. The DF calculation does not include the inter packet delay.
  • IPDV algorithm is independent of packet rate.

Internet Protocol-Constant Bit Rate (IP-CBR)

The Internet Protocol-Constant Bit Rate (IP-CBR) metric provides the Media Rate Variation (MRV) and Delay Factor (DF). MRV is used on CBR flows to isolate the variations in the data transport due to packet loss. The MRV metric indicates the percentage rate of variation of media from the expected metrics calculated rate. MRV is calculated based on the expected bit rate provided by the user and the actual bit rate. Delay factor is the measured difference between the arrival of a packet and the drain of the packet.


NoteThe maximum value for DF is restricted to 1000 milliseconds.


Support MPLS Encapsulation for 7600 Inline Video Monitoring

Inline video monitoring feature monitors MPLS encapsulated video packets on MPLS enabled interfaces. Effective from Cisco IOS release 15.1(1)S, inline video monitoring is also supported for these MPLS scenarios:

  • Tag to Tag: 7600 router configured as Label Switch Router (LSR) to switch MPLS packets.
  • Tag to IP: 7600 router configured as Label Edge Router (LER) to remove the last MPLS tag.
  • IP to Tag: 7600 router configured as LER to add the first MPLS tag.

The following MPLS packet formats are supported for inline video monitoring:

  • L3VPN packet formats: 0x8847, MPLS Labels, IP header, UDP header, and MPEG. (ignore acronyms)
  • L2VPN and VPLS packet formats: Router MAC, 0x8847, MPLS Labels, control word, VLAN Tags, CE MAC, IP, UDP, and MPEG.

Configurable MPEG Video PIDs for Inline Video Monitoring

Until Cisco IOS release15.0(1)S, inline video monitoring learned the first five unique Program Identifiers (PIDs) in an MPEG flow for video, audio, or caption data PIDs. However, monitoring PIDs for audio or caption data is not a priority for a customer implementing inline video monitoring. Effective from Cisco IOS release15.1(1)S, video monitoring provides support to configure the PIDs to monitor. This enables a user to configure only the video PIDs in an MPEG flow on priority. The PIDs to monitor are configured within the monitor metric mdi command mode using the monitor pids pid_value command. You can configure a maximum of five PIDs using this command. The PID value can range from hexadecimal value 2 to 1FFF.


NoteThis feature is supported on flows monitored for MDI metrics.


RTP Metrics support for 7600 Inline Video Monitoring

Real-time Transport Protocol (RTP) provides protocol level support for detecting packet loss and jitter in a network. Packet loss is detected using the 16 bit sequence numbers in the packet header. These numbers provide an accurate measurement of number of packets lost and delayed during transmission. The timestamp information in the RTP packet header is used for calculating jitter in a network data stream. Effective from Release 15.1(2)S, inline video monitoring supports monitoring packet loss and jitter metrics for RTP flows in addition to IP-CBR and MPEG flow.

RTP metrics is enabled on a per class-map basis on the Cisco 7600 series routers. A new RTP flow is created for each RTP Synchronization Source (SSRC) detected in the RTP session matching the class-map classification criteria. Since RTP sessions are dynamically negotiated, they must be validated before learning the RTP flow for monitoring. A RTP header does not contain protocol specific information to identify it as an RTP packets. Currently, these checks are performed to ensure that a particular RTP packet is valid:

  • The RTP version number should be two.
  • The payload type should be known and not equal to SR (Sender Report 200) or RR (Receiver Report 201).
  • When the SSRC identifier is received for the first time, the data packets carrying the identifier are considered invalid until a number of data packets with consecutive sequence numbers are received.
  • The SSRC value should not be zero.

NoteRTP SSRC is a part of flow key along with existing five flow tuples.


RTP Metrics

Apart from the packet loss and jitter metrics, an RTP flow contains additional metrics that provide information about the RTP traffic. Table 13-1 lists the metrics exported and displayed for an RTP flow.

Table 13-1 RTP Reported Metrics

Metric Name
Description
Cumulative/ Interval

total_pkts

Total number of packets monitored for the interval.

Interval + Cumulative

expected_pkts

Total number of packets expected in an interval based on the minimum and maximum sequence numbers.

Interval + Cumulative

lost_pkts

Total number of packets lost in an interval. It is the difference between the expected (expected_pkts) and the actual packets (actual_pkts).

Interval + Cumulative

jitter

Jitter reported for an interval

Interval

max_jitter

Maximum jitter observed in the interval.

Interval

loss_intervals

Number of loss intervals1. A loss interval is an interval when the consecutive RTP packets were lost.

Interval

num_resync

Total number of sequence number re-synchronizations performed in an interval.

Interval + Cumulative

late_pkts

Total number of packets received outside the sliding window defined by maximum reoder (max_reorder) and dropout (max_dropout) parameters.

Interval

reord_pkts

Total number of reordered packets received in a interval.

Interval

lost_fraction

The number of packets lost divided by the number of packets expected. Displayed in percent.

Interval

avg loss duration

The number of packets lost (lost_pkts) divided by the number of loss intervals (loss_intervals).

Interval

valid packets

Difference between the number of packets received and the number of reordered and late packets.

Interval

1.For loss interval calculations any late or reordered packets should also be treated as lost.

Support Switch-Port Interfaces for 7600 Inline Video Monitoring

Effective from Release 15.1(2)S, inline video monitoring feature supports video traffic monitoring on layer 2 and layer 3 interfaces. These layer 2 switch-port interfaces are supported:

  • Trunk interface: When you configure a switch-port mode as trunk, multiple VLANs can be switched on the interface.
  • Access interface: When you configure a switch-port mode as access, a single VLAN can be switched on the interface.
  • Dot1q tunnel: When you configure a switch-port mode on the router as trunk and on the peer as non-trunk or vice-versa.

NoteApart from the five tuple keys, inner and outer VLAN ids can be used as a key to differentiate flows.


Support PPPoE Encapsulation for 7600 Inline Video Monitoring

Point-to-Point Protocol over Ethernet (PPPoE) is a network protocol for encapsulating Point-to-Point Protocol (PPP) frames inside the ethernet frames. This protocol is used for Digital Subscriber Line (DSL) services where a user in a metro ethernet network, connects to the DSL modem. Effective from Release 15.1(2)S, inline video monitoring supports to monitor video traffic from a PPPoE network. Packets with ether type as 0x8864 are considered as the PPPoE packets and included for video monitoring.

These PPPoE encapsulated packet formats arte supported:

  • PPPoE packets

Eth + VLAN + PPPoE + IP

  • L2VPN

Eth + MPLS + Eth + VLAN + PPPoE + IP

Eth + VLAN + MPLS + Eth + VLAN + PPPoE + IP


NoteVideo monitoring for PPPoE encapsulated packets is not supported on a node where the session terminates.


Inline Video Monitoring Support of MDI Metrics for RTP Encapsulated Flows

Effective with Release 15.1(3)S, inline video monitoring supports MDI metrics calculation for MPEG2-Transport Stream (TS) flows encapsulated in RTP (RFC3550) headers. The MDI metric (RFC4445) provides information about the buffer required at the consumer node for packet jitter (DF) and an estimate of the packet loss during the data transmission (MLR/MDC).


NoteCurrently, you can monitor either the MDI or RTP at a time for data flow, not both together.


Inline Video Monitoring Support for Availability Metrics

Effective with Release 15.1(3), inline video monitoring provides an availability metrics named transport-availability, which indicates the availability of a transport stream for a specific period of time. Inline video monitoring computes transport-availability and error-seconds based on either MDI (RFC 4445) or RTP (RFC 3550) metrics. These metrics provide network operators additional troubleshooting information and the option to measure per video flow performance against the defined Service Level Agreements (SLA).


NoteBefore Cisco IOS Release 15.1(3), inline video monitoring provided metrics such as MLR and DF for MDI traffic, and jitter and loss-fraction for RTP traffic. To understand these metrics, a user should have an understanding of technology and standards.


Transport-availability is calculated as the percentage of time a transport stream is available over a measured time interval, and the error-seconds (downtime) is the time interval for which the transport stream in not available for data transmission. The transport-availability is calculated as:

Transport-availability = (Interval duration – Error-seconds) / Interval duration

NoteTwo new react-types,transport-availability and error-seconds, are introduced in the react command to help configure alarms based on the keyword values.



NotePacket drop occurs during the error-seconds interval.



NoteOnly the packet loss is considered for calculating error-seconds; jitter is not considered for error-seconds calculation.


Inline Video Monitoring Support for Uncompressed Video

Effective with Release 15.1(3)S, inline video monitoring supports monitoring of uncompressed video, such as Serial Data Interface (SDI) and High Definition- SDI (HD-SDI). RTP loss metrics are not frequency dependent, and jitter calculation involves frequency. Hence, with the existing default 90kHz frequency, jitter calculation for higher frequencies might display incorrect results. To monitor uncompressed videos, three new RTP clock frequencies: 148.5MHz, 148.5/100, and 27MHz are supported apart from existing support for 90kHz. You can configure the RTP clock frequency using the clock-rate command. This command allows you to map a dynamic Payload Type (PT) value to the corresponding frequency for each class-map in the RTP header. Based on the PT value in the RTP header for a flow, a corresponding frequency is mapped for jitter calculations. For the un-mapped PTs, default frequency of 90kHz is used.


NoteYou can disable jitter calculation for unsupported frequencies. The jitter value for unsupported frequencies is reported as 0.


Restrictions for Inline Video Monitoring

The following restrictions apply to the inline Video Monitoring feature:

  • Video Monitoring is supported only on ES+ line cards.
  • The supported supervisor engines are Sup720 and RSP720 (1 gigabits and 10 gigabits).
  • Up to 1000 video monitoring flows per Line Card and up to 8000 flows per router are supported for inline video monitoring.
  • Only IPv4 ACLs are supported.
  • The video traffic is not monitored up to first two intervals after the flow is learnt.
  • After the LC flow traffic stops and is timed out using the configured timeout value under class-map, some of the system resources are released only after 25 minutes. The learn-delete process may result in delay in monitoring the flows because the system resources are not released immediately.
  • In case of video monitoring on EVC, monitoring is performed for learnt unicast and multicast traffic only. Traffic with unknown unicast destination MAC is not monitored.
  • MDI:DF, MDI:MLR, MDI:MDC, IP-CBR:DF, and IP-CBR:MRV metrics are supported for CBR flows. For VBR flows, only MDI:MLR and MDI:MDC are supported.
  • MDI:DF, MDI:MLR, and MDI:MDC are supported only for MPEG-2 and MPEG-4 transport streams. Both the single program transport streams (SPTS) and multi-program transport streams (MPTS) are supported.
  • Only a flat performance-traffic policy type can be configured in each direction. Hierarchical policies are not supported for Video Monitoring in the performance-traffic typed policy.
  • Video Monitoring is an independent feature and can co-exist with QoS. Though QoS and performance-traffic are policy-map based, both can be applied to the same interface in the same direction to function independently.
  • A maximum of five PIDs can be configured for monitoring.
  • Only the configured PIDs are monitored. For example, if only one PID is configured, no other new PIDs are monitored.
  • These reserved PIDs are not monitored:

0x0000: Reserved for Program Association Table (PAT).

0x0001: Reserved for Conditional Access Table (CAT).

0x0010: Reserved for Network Information Table (NIT).

0x1FFF: Reserved for Null Packets.

  • Duplicate PID values cannot be configured.
  • Layer 3 VPN (L3VPN) and Layer 2 VPN (L2VPN)/Virtual Private LAN Services (VPLS) MPLS encapsulated packet format are supported.
  • Flow from a CE MAC and IP HDR magic pattern is not supported.
  • MPLS labels and EXP values are not supported as part of the flow key. If two different customers using different MPLS labels but same IP address and UDP ports are on the same target, both are mapped to the same video monitoring flow.
  • MDI-DF and IPDV cannot be configured on the same class-map.
  • RTP metric cannot co-exist with MDI or IP-CBR in the same class-map.
  • Clock rate support is limited to 90Khz. Jitter metric computation accuracy is not guaranteed if the clock rate for packets is not 90Khz.
  • Performance-type policy-map is supported on switch-port trunk mode, access mode, and Dot1q tunnel mode.
  • PPPoE control packets are not monitored.
  • These flows are not supported:

Fragmented IPv4 packets

Tunneled GRE, mGRE, L2TPv3, or multicast VPN

  • IPv6 and tunneled IPv6
  • MPEG transport streams where TS header is encrypted
  • The value of error-seconds metrics ranges from 0 to 1000.
  • Transport-availability and error-seconds metrics are not calculated for IP-CBR flows.
  • Static payload types 1 to 95 can only be mapped to the frequency option disable .

Supported Interfaces

Video Monitoring is supported on the routed main interface, subinterfaces, switchports, and EVCs in release 15.0(01)S.

Table 13-2 lists the inline video monitoring interface support for each release:

Table 13-2 Inline Video Monitoring Interface Support Per Release

Cisco IOS Release
Interfaces Supported

12.2(33) ZI

Main-interface, Sub-interface.

15.0(1)

Main-interface, Sub-interface, EVCs.

15.1(1)

Main-interface, Sub-interface, EVCs.

15.1(2)

Main-interface, Sub-interface, EVCs, L2 switch-port interface.


NoteVideo monitoring on EVC enables you to monitor video traffic on layer 2 networks.


Ingress and Egress Interfaces

Video Monitoring can be configured on both ingress and egress interfaces. The following types of monitoring is allowed on these interfaces:

  • Ingress only monitoring
  • Egress only monitoring
  • Ingress and egress for the different flows on different ports.
  • Ingress and egress for the same flow

Monitored Video Flows

Video Monitoring feature supports only UDP traffic in release 15.0(01)S. The following flows are monitored:

  • IP+UDP
  • Single program transport streams (SPTS) and multi-program transport streams (MPTS)
  • MPEG-2 and MPEG-4
  • MPLS+IP+UDP
  • IP+UDP+RTP

Alerts and Event Notifications

Alerts and notifications enable you to track the performance in a system. The flow of video can be tracked and managed using alerts and event notification. Computed metric values are used to generate alerts and event notifications.

Media Stop Events

Media Stop Event is triggered when no packets are received for at least eight seconds on a valid flow for a configured interval. The reason for MSE can be:

  • Media Server failure
  • Upstream network failure
  • Genuine flow ending.

MSE interval causes invalidation of metrics data for up to two subsequent intervals. Metrics from these invalidated intervals do not trigger any traps or reacts.

Threshold Crossing Alerts

Router reports the metric values at the end of the monitoring interval. The computed values are compared with the configured threshold react range and an alarm is triggered if the computed value is not within the configured range. The router relays the alerts to the management station through a SNMP trap notification. The alerts can be immediate or average. An immediate alert is triggered at the end of monitoring interval if the metric value crosses the configured range. An average alert is sent based on the average value, which is computed based on the last n monitored intervals.


NoteIf two alerts are asserted for a same interval, the alert with lower profile-id is asserted. The alert profiles with lower profile-id have higher priority.


Flow Monitoring and Metric Computation

This section describes how to configure the Video Monitoring feature and report the metrics.

Provisioning the Metric

Provisioning the metric involves creating a policy map, defining the filtering criteria, and applying the policy map on an interface. A new policy map type performance-traffic is used for Video Monitoring. The policy map contains a list of actions for the flow monitoring.


NoteThe maximum number of class maps supported in a performance-traffic policy map is 50. The maximum number of policy maps (including QoS and typed policy maps) supported on a router is 1023.


Follow these steps to configure video monitoring on an interface:

SUMMARY STEPS

1. enable

2. configure terminal

3. access-list access-list-number permit ip { host } source destination

4. class-map [match-any] class-map-name

5. match access-group access-group-name | access-group-number

6. exit

7. policy-map type performance-traffic policy-map-name

8. class class-map-name

9. monitor parameters

10. df rfc4445 | ipdv

11. interval duration n-secs

12. timeout n-interval

13. history n-interval

14. exit

15. monitor metric { mdi | ip-cbr|rtp }

16. (optional) clock-rate dynamic-pt frequency

17. (optional) monitor pids pid1 [pid2] [pid3] [pid4] [pid5]

18. rate {media | layer3} {packet n-pps [ pps ] | n {bps | kbps | mbps | gbps}}

19. packet {size media n-bytes | media in-layer3 n-packets }

20. react profile id-value {mdi-df | mdi-mdc | mdi-mlr | ip-cbr-mrv | ip-cbr-df | media-stop | rtp-lost-fraction | rtp-jitter | rtp-max-jitter | rtp-lost-pkts | transport-availability | error-seconds}

21. threshold { range range-value1 range-value2 } | {[gt|ge|lt|le] value3} | {type [immediate | average value4 ]}

22. action {syslog | snmp}

23. alarm severity {none | informational | notification | warning | error | critical | alert | emergency}

24. alarm type discrete

25. description character string

26. interface type number

27. (optional) service instance instance-number ethernet

28. service-policy type performance-traffic {input | output} {policy-map name}

29. exit

DETAILED STEPS

 

Command or Action
Purpose

Step 1

enable

 

Example:

router> enable

Enables privileged EXEC mode.

Step 2

configure terminal

 

Example:

router# configure terminal

Enters global configuration mode.

Step 3

access-list access-list-number permit ip [host ] source destination

 

Example:

router(config)# access-list 101 permit ip host 10.10.2.20 any

Identifies the flow to be monitored.

In this example, the traffic from the host 10.10.2.20 is monitored. Video Monitoring feature supports both standard and extended access-list.


Note Classification based on IP address, precedence, and DSCP values is supported for extended access list.



Note The deny option for access-list command is not supported. If deny option is configured under the access-list command and the class-map configured with the deny condition is part of the performance-traffic policy map, the video traffic is not monitored.


Step 4

class-map match-any class-map-name

 

Example:

router(config)# class-map match-any video-class

 

Defines a class map.

In this example, a class-map named video class is defined with match criteria match any . The packets must meet any of the match criteria in the class map video- class .

Step 5

match access-group access-group-name |access-group-number

 

Example:

router(config-cmap)# match access-group 101

Defines the access-group. Only IPv4 acls are supported for Video Monitoring.

Step 6

exit

 

Example:

router(config-cmap)# exit

Exits class-map configuration mode.

Step 7

policy-map type performance-traffic policy-map name

 

Example:

router(config)# policy-map type performance-traffic video-monitor

Creates a performance-traffic type policy map and enters the policy map configuration mode.

In this example, the type of the policy-map is performance-traffic and the policy-map name is video-monitor .

Step 8

class class-map-name

 

Example:

router(config-pmap)# class video-class

Specifies the traffic (class map) on which an action is to be performed.

In this example, the class map is video-class.

Step 9

monitor parameters

 

Example:

router(config-pmap-c)# monitor parameters

Enters the monitor parameters submode where you can configure the flow related parameters.

Step 10

df rfc4445 | ipdv

 

Example:

router(config-pmap-c-monitor)# df ipdv

Specifies the jitter buffer calculation mechanism.


Note By default, rfc4445 algorithm is selected.


Step 11

interval duration n-secs

 

Example:

router(config-pmap-c-monitor)# interval duration 30

Specifies the monitoring interval. The loss or jitter of packets is calculated at the end of this interval. The configurable range is 30 to 900 seconds. The default value is 30 seconds. The interval value should be a multiple of 5.

Step 12

timeout n-inteval

 

Example:

router(config-pmap-c-monitor)# timeout 200

Specifies the timeout for a flow. If no traffic is transmitted within this interval, the monitoring is stopped. When the flow times out, the resources linked with that flow are released. The default value is 100 intervals.

Step 13

history n-inteval

 

Example:

router(config-pmap-c-monitor)# history 20

Specifies the last n-interval number of intervals that should be maintained in the history table. The range is 1 to 180 intervals. The default value is 10 intervals.

Step 14

exit

 

Example:

router(config-pmap-c-monitor)# exit

Exits the monitor parameter mode.

Step 15

monitor metric {mdi|ip-cbr|rtp}

 

Example:

router(config-pmap-c)# monitor metric mdi

Enters the monitor metric submode where you can configure the metric related parameters.

In this example, the MDI metric is selected.

Step 16

clock-rate dynamic_pt frequency

 

Example:

router(config-pmap-c-metric)# clock-rate 1 96

 

Maps a dynamic PT value to the corresponding frequency for each class-map. The available frequency options are:

  • 148.5/1.001Mhz
  • 148.5Mhz
  • 27Mhz
  • Disable

Step 17

(optional) monitor pids pid1 [pid2] [pid3] [pid4] [pid5]

 

Example:

router(config-pmap-c-metric)# monitor pids 0x0011

Specifies the PIDs to monitor.

Step 18

rate media n (bps | kbps | mbps | gbps)

 

 

 

 

 

 

 

Example:

router(config-pmap-c-metric)# rate media 2500031 bps

Specifies the expected media transfer rate. For the media transfer rate, you have to specify the transfer rate unit. The following units are available:

  • bps : Number of bits per second
  • kbps : Number of kilobits per second
  • mbps : Number of megabits per second
  • gbps : Number of gigabits per second

Note For metric monitoring, you should configure mdi-metric as rate media or ip-cbr metric as rate layer3.


Step 19

packet {size media n-bytes | count media in-layer3 n-packets }

 

 

 

 

 

Example:

router(config-pmap-c-metric)# packet size media 188

Example:

router(config-pmap-c-metric)# packet count media in-layer3 7

Specifies the layer 2 or layer 3 packet behavior. In general, the keyword media refers to layer 2 video or audio frame whereas layer 3 refers to network layer packet such as IP layer packet.

The keyword size media specifies the encoding video or audio frame size in bytes. The valid value is 188.

The keyword count media in-layer3 specifies the number of MPEG frames within a single IP packet. The default value is 7 and valid range is 1 - 7.

Step 20

exit

 

Example:

router(config-pmap-c-metric)# exit

Exits the monitor metric mode.

Step 21

monitor metric {mdi|ip-cbr|rtp}

 

Example:

router(config-pmap-c)# monitor metric ip-cbr

Enters the monitor metric submode for IP-CBR where you can configure the metric related parameters.

Step 22

rate layer3 packet n [pps]

 

 

 

Example:

router(config-pmap-c-metric)# rate layer3 packet 300

Specifies the expected layer 3 transfer rate. The transfer rate is configured in packets per second(pps).

For accurate metric computations, recommended pps configuration should be three precision digits.


Note For metric monitoring, you should configure mdi-metric as rate media or ip-cbr metric as rate layer3. If both the options are configured, ip-cbr metric configuration takes precedence.


Step 23

exit

 

Example:

router(config-pmap-c-metric)# exit

Exits the monitor metric mode.

Step 24

react profile-id {mdi-df | mdi-mdc | mdi-mlr | ip-cbr:mrv | ip-cbr:df | media-stop | rtp | transport-availability | error-seconds}

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

MDI Example:

router(config-pmap-c)# react 100 mdi-df

IP-CBR Example:

router(config-pmap-c)# react 200 ip-cbr-df

Configures the react metrics. At the end of the interval, values are compared with the configured threshold values. If the systems exceeds these configured values, an alarm is triggered.

This command enters the react submode where you can configure the alarms and threshold values.

When the monitored interval for a flow expires, the corresponding metric values are generated. These values are compared to the threshold values you set here, and if the threshold is crossed, an alarm is exported to the management system.

You can specify multiple react commands. Each command is differentiated by the argument operation-id value . The react argument operation-id value should be unique within a policy-map. The range of the argument operational id-value is 1 to 65535. The react types are:

  • mdi-df
  • mdi-mdc
  • mdi-mlr
  • ip-cbr-mrv
  • ip-cbr-df
  • media-stop
  • rtp
  • transport-availability
  • error-seconds

Note If you selected the media-stop option, you cannot configure more than one react profile for a class-map for react type media-stop.


A profile-id once used for a react type can not be reused for any other react type until it is removed using the no react profile-id react-type command.

Step 25

threshold {range range-value1 range-value2 } | {[gt|ge|lt|le] value3 | {type [immediate | average value4 ]}

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Example:

router(config-pmap-c-react)# threshold gt 4

router(config-pmap-c-react)# threshold type average 5

Specifies the threshold related parameters.

  • range : Specifies the threshold range. The unit for this boundary depends on react type in the react command. If the react type is MDI:DF, the unit is msec . If the react type is MDI:MLR, the unit is number of packets lost .
  • gt|ge|lt|le : Specifies the threshold range where gt stands for greater than, ge stands for greater than or equal to, lt stands for less than, and le stands for less than or equal to.

You need to specify one value and threshold parameter. In the following example, the threshold is between 100 and infinity:

threshold range gt 100

 

  • type : Specifies the criteria for alarm assertion. If you select the keyword immediate , an alert is triggered at the end of monitoring interval if the metric value crosses the configured range. If you select the keyword average, the alarm is generated based on the average value which is computed based on the value4 you set. The range of the value4 is between 2 and the number defined in the flow history.

The default type is immediate .

Step 26

action {syslog | snmp}

 

Example:

router(config-pmap-c-react)# action syslog

Enables the management system to log the threshold-crossing events.

Step 27

alarm severity {none | informational | notification | warning | error | critical | alert | emergency}

 

Example:

router(config-pmap-c-react)# alarm severity none

Specifies the alarm severity associated with a particular react command.

The default value is none . The router does not generate syslog message if alarm severity is set to none .

Step 28

alarm type discrete

 

Example:

router(config-pmap-c-react)# alarm type discrete

Specifies that discrete alarms are supported.


Note Alarm groups are not supported for Video Monitoring feature release 15.0(01)S.


Step 29

description character-string

 

Example:

router(config-pmap-c-react)# description critical TCA

Adds the comments for the submodes. Available for all the submodes. The character-string cannot exceed 200 characters.

Step 30

end

 

Example:

router(config-pmap-c-react)#end

Exits the configuration mode.

Step 31

configure terminal

Example:

router# configure terminal

Enters the configuration mode.

Step 32

interface type number

 

Example:

router(config)# interface gig 1/2

Configures the interface type and number.

Step 33

(optional) service instance instance-number Ethernet

 

Example:

router(config)# service instance 1 Ethernet

Configures the service instance for EVC.


Note Applicable while configuring EVC.


Step 34

(optional) service-policy type performance-traffic (input|output) policy-map-name

 

Example:

router(config-if-srv)# service-policy type performance-traffic input video-monitor

 

Attaches the specified policy-map to the target EVC.


Note Applicable while configuring EVC.


Step 35

exit

 

Example:

router(config-if)# exit

Exits the interface configuration mode.

Example

The following example shows how to configure video monitoring feature on an interface:

Router(config)#policy-map type performance-traffic video-monitor
Router(config-pmap)#class video-class
Router(config-pmap-c)# monitor parameters
Router(config-pmap-c-monitor)# df ipdv
Router(config-pmap-c-monitor)#description mon
Router(config-pmap-c-monitor)#interval duration 30
Router(config-pmap-c-monitor)#history 30
Router(config-pmap-c-monitor)#timeout 10
Router(config-pmap-c-monitor)#exit
Router(config-pmap-c)#monitor metric ip-cbr
Router(config-pmap-c-metric)#rate layer3 packet 237.465 pps
Router(config-pmap-c-metric)#exit
Router(config-pmap-c)#monitor metric mdi
Router(config-pmap-c-metric)# monitor pids 0x0011
Router(config-pmap-c-metric)#rate media 2500031 bps
Router(config-pmap-c-metric)#packet count media in-layer3 7
Router(config-pmap-c-metric)#packet size media 188
Router(config-pmap-c-metric)#exit
Router(config-pmap-c)#react 1 ip-cbr-df
Router(config-pmap-c-react)#alarm severity critical
Router(config-pmap-c-react)#threshold type immediate
Router(config-pmap-c-react)#threshold ge 30.000
Router(config-pmap-c-react)#react 2 ip-cbr-mrv
Router(config-pmap-c-react)#alarm severity informational
Router(config-pmap-c-react)#threshold type immediate
Router(config-pmap-c-react)#threshold le -1.00000
Router(config-pmap-c-react)#react 3 mdi-df
Router(config-pmap-c-react)#alarm severity critical
Router(config-pmap-c-react)#threshold type immediate
Router(config-pmap-c-react)#threshold range 20.000 50.000
Router(config-pmap-c-react)#react 4 mdi-mlr
Router(config-pmap-c-react)#alarm severity critical
Router(config-pmap-c-react)#threshold type immediate
Router(config-pmap-c-react)#threshold gt 0
Router(config-pmap-c-react)#react 5 media-stop
Router(config-pmap-c-react)#description for me
Router(config-pmap-c-react)#alarm severity critical
Router(config-pmap-c-react)#react 15 mdi-mdc
Router(config-pmap-c-react)#alarm severity notification
Router(config-pmap-c-react)#threshold type immediate
Router(config-pmap-c-react)#threshold gt 0
Router(config-pmap-c-react)#react 10 ip-cbr-mrv
Router(config-pmap-c-react)#alarm severity informational
Router(config-pmap-c-react)#threshold type immediate
Router(config-pmap-c-react)#threshold ge 1.00000
Router(config-pmap-c-react)#exit
Router(config-pmap-c)#exit
Router(config-pmap)#exit
Router(config)#interface TenGigabitEthernet3/1
Router(config-if)#service-policy type performance-traffic input video-monitor
Router(config-if)#end

 

This example shows how to configure RTP metrics for video monitoring:

Router(config)#policy-map type performance-traffic video-monitor
Router(config-pmap)#class video-class
Router(config-pmap-c)# monitor parameters
Router(config-pmap-c-monitor)#description mon
Router(config-pmap-c-monitor)#interval duration 30
Router(config-pmap-c-monitor)#history 30
Router(config-pmap-c-monitor)#timeout 10
Router(config-pmap-c-monitor)#exit
Router(config-pmap-c)#monitor metric rtp
Router(config-pmap-c-metric)#exit
Router(config-pmap-c)#react 1 rtp-jitter
Router(config-pmap-c-react)#alarm severity critical
Router(config-pmap-c-react)#threshold type immediate
Router(config-pmap-c-react)#threshold ge 30.000
Router(config-pmap-c-react)#react 2 rtp-loss-rate
Router(config-pmap-c-react)#alarm severity informational
Router(config-pmap-c-react)#threshold type immediate
Router(config-pmap-c-react)#threshold le 50.00
Router(config-pmap-c-react)#react 3 rtp-max-jitter
Router(config-pmap-c-react)#alarm severity critical
Router(config-pmap-c-react)#threshold type immediate
Router(config-pmap-c-react)#threshold range 20.000 50.000
Router(config-pmap-c-react)#react 4 rtp-lost-pkts
Router(config-pmap-c-react)#alarm severity critical
Router(config-pmap-c-react)#threshold type immediate
Router(config-pmap-c-react)#threshold ge 10
Router(config-pmap-c-react)#react 5 media-stop
Router(config-pmap-c-react)#description for me
Router(config-pmap-c-react)#alarm severity critical
outer(config-pmap-c-react)#exit
Router(config-pmap-c)#exit
Router(config-pmap)#exit
Router(config)#interface TenGigabitEthernet3/1
Router(config-if)#service-policy type performance-traffic input video-monitor
Router(config-if)#end

Verifying the Configuration

Use the show policy-map type performance-traffic interface interface-name command to display all the flows learnt on the specified interface.

  • Output for IPCBR/MDI:
Router#show policy-map type performance-traffic interface gig 8/11
GigabitEthernet8/11
 
Service-policy input: video-swport
 
class-map: sw-vlan3
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 60, DF: rfc4445, Total Flows: 1
------------------------------------------------------------------------------------------
 
Flow: 0001, IPV4; Dest: 12.0.0.2 Port: 6300; Src: 11.0.0.2 Port: 63
Agg Value(Per Flow)
MDC : 25200 Avail(%) : 100.000 Pkt_cnt : 126002
MLR : 25200 Error_secs : 0.000 MRV(%) : 0.00000
 
Error Transport
Intvl Updated at Type Pkt_cnt MRV(%)/MLR DF(msec) MDC Seconds Avail (%)
-----+----------+----+--------------+------------+----------+---------+--------+---------+
43 21:21:36 cbr 3000 0.00000 10.075 NA NA NA
43 21:21:36 mdi 3000 600 10.075 600 0.000 100.000
42 21:21:06 cbr 3000 0.00000 10.075 NA NA NA
42 21:21:06 mdi 3000 600 10.075 600 0.000 100.000
41 21:20:36 cbr 3000 0.00000 10.075 NA NA NA
41 21:20:36 mdi 3000 600 10.075 600 0.000 100.000
40 21:20:06 cbr 3000 0.00000 10.075 NA NA NA
40 21:20:06 mdi 3000 600 10.075 600 0.000 100.000
39 21:19:36 cbr 3001 0.03300 10.075 NA NA NA
39 21:19:36 mdi 3001 600 10.075 600 0.000 100.000
 
  • Output for RTP:
Router#show policy-map type performance-traffic interface gig 8/11 in class sw$
GigabitEthernet8/11
 
Service-policy input: video-swport
 
class-map: sw-rtp-vlan3
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 60, Total Flows: 1
------------------------------------------------------------------------------------------
 
Flow: 0001, IPV4; Dest: 12.0.0.2 Port: 50000; Src: 11.0.0.12 Port: 5000; rtp-ssrc: 3735927471
Agg Value(Per Flow)
Avail(%) : 99.978 Loss_Intvls : 22 Resyncs : 22 Pkt_cnt : 1470026
Error_secs : 0.176 Pkt_exp : 1481818 Pkt_lost : 11792
 
Intvl Upd at Type Pkt Exp Lost Loss Jitter MaxJitter Avg.Loss Loss Err Trnsprt
count pkts pkts Rate(%) (msec) (msec) Duration Intvls Sec Avail
(%)
-----+----------+----+----------+----------+----------+---------+--------+--------+-------
50 21:25:01 rtp 30001 30001 0 0.00000 0.007 0.048 0.00 0 0.000 100.00
49 21:24:31 rtp 30000 30536 536 1.75530 0.007 0.048 536.00 1 0.008 99.973
48 21:24:01 rtp 30001 30001 0 0.00000 0.005 0.037 0.00 0 0.000 100.00
47 21:23:31 rtp 30000 30536 536 1.75530 0.008 0.048 536.00 1 0.008 99.973
46 21:23:01 rtp 30001 30001 0 0.00000 0.005 0.024 0.00 0 0.000 100.00

NoteVideo-monitoring on ethernet service instance is supported on ScEompls, SVI based Eompls, VPLS, EVC BD, and EVC local connect services.


Use the show policy-map type performance-traffic interface interface_name aggregate command to display the total number of flows on an interface:

Router#show policy-map type performance-traffic interface gig 8/11 aggregate
GigabitEthernet8/11
 
Service-policy input: video-swport
Total Number of flows : 6
 

Use the show policy-map type performance-traffic interface interface_name brief command to display brief description of all the metrics for all the flows on an interface.

Router#show policy-map type performance-traffic interface gig 8/11 brief
GigabitEthernet8/11
 
Service-policy input: video-swport
 
class-map: sw-vlan1
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 2, Timeout(sec): 60, DF: rfc4445, Total Flows: 1
------------------------------------------------------------------------------------------
MRV(%) Error Transport
FlowID Flow Key Type Pkt_cnt /MLR DF(msec) MDC Secs Avail(%)
--------------- ---- ------- ------ ---- ---- --- -------
1 21.0.1.2:63->32.0.1.2:5000,10:0 cbr 3000 0.00000 10.135 NA NA NA
1 21.0.1.2:63->32.0.1.2:5000,10:0 mdi 3000 600 10.135 600 0.000 100.000
 
class-map: sw-rtp-vlan1
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 3, Timeout(sec): 60, Total Flows: 1
------------------------------------------------------------------------------------------
Expected Lost Loss Jitter Lost Err Transport
FlowID Flow Key Pkts Pkts Rate(%) (msec) Intvls Secs Avail
------ -------- ---- ---- ------- ----- ----- --- ------
1 21.0.1.3:63->32.0.1.2:50000,10:0, 30536 536 1.75530 0.000 1 0.008 99.973
3735927471

Use the show policy-map type performance-traffic interface interface_name cumulative command to display cumulative metrics for the flows on a specified interface.

Router#show policy-map type performance-traffic interface gig 8/11 cumulative
GigabitEthernet8/11
 
Service-policy input: video-swport
 
class-map: sw-vlan1
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 2, Timeout(sec): 60, DF: rfc4445, Total Flows: 1
------------------------------------------------------------------------------------------
FlowID Flow Key MRV(%) MDC MLR Error Secs Avail (%)
------ -------- ------ --- --- ---------- ---------
1 21.0.1.2:63-> 32.0.1.2:5000, 10:0 0.00000 32400 32400 0.000 100.000
 
class-map: sw-rtp-vlan1
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 3, Timeout(sec): 60, Total Flows: 1
------------------------------------------------------------------------------------------
FlowID FlowKey Exp Lost Lost Resyncs Err Avail
Pkts Pkts Intvls Secs
------ -------- ---- ----- ------- ----- ------ -----
1 21.0.1.3:63->32.0.1.2:50000,10:0, 1633428 13400 25 25 0.200 99.975
3735927471
 

Use the show policy-map type performance-traffic interface interface_name input|output command to display the data flow on an interface in a specified direction.

 
Router#show policy-map type performance-traffic interface gig 8/11 input
GigabitEthernet8/11
 
Service-policy input: video-swport
 
class-map: sw-vlan3
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 60, DF: rfc4445, Total Flows: 1
------------------------------------------------------------------------------------------
 
Flow: 0001, IPV4; Dest: 12.0.0.2 Port: 6300; Src: 11.0.0.2 Port: 63
Agg Value(Per Flow)
MDC : 37200 Avail(%) : 100.000 Pkt_cnt : 186003
MLR : 37200 Error_secs : 0.000 MRV(%) : 0.00000
 
Error Transport
Intvl Updated at Type Pkt_cnt MRV(%)/MLR DF(msec) MDC Seconds Avail (%)
-----+----------+----+--------------+------------+----------+---------+--------+---------+
65 21:32:36 cbr 3000 0.00000 10.075 NA NA NA
65 21:32:36 mdi 3000 600 10.075 600 0.000 100.000
64 21:32:06 cbr 3000 0.00000 10.075 NA NA NA
64 21:32:06 mdi 3000 600 10.075 600 0.000 100.000
63 21:31:36 cbr 3000 0.00000 10.075 NA NA NA
63 21:31:36 mdi 3000 600 10.075 600 0.000 100.000
62 21:31:06 cbr 3000 0.00000 10.075 NA NA NA
62 21:31:06 mdi 3000 600 10.075 600 0.000 100.000
61 21:30:36 cbr 3000 0.00000 10.075 NA NA NA
61 21:30:36 mdi 3000 600 10.075 600 0.000 100.000
 
 
class-map: sw-rtp-vlan3
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 60, Total Flows: 1
------------------------------------------------------------------------------------------
 
Flow: 0001, IPV4; Dest: 12.0.0.2 Port: 50000; Src: 11.0.0.12 Port: 5000; rtp-ssrc: 3735927471
Agg Value(Per Flow)
Avail(%) : 99.973 Loss_Intvls : 29 Resyncs : 29 Pkt_cnt : 1920034
Error_secs : 0.232 Pkt_exp : 1935578 Pkt_lost : 15544
 
Pkt Exp Lost Loss Jitter MaxJitter Avg. Loss Loss Err Transport
Intvl Updated Type count pkts pkts Rate(%) (msec) (msec) Dur. Intvls Sec Avail(%)
-----+----------+----+----------+----------+----------+---------+--------+--------+-------
66 21:33:01 rtp 30000 30536 536 1.75530 0.005 0.048 536.00 1 0.008 99.973
65 21:32:31 rtp 30001 30001 0 0.00000 0.005 0.024 0.00 0 0.000 100.000
64 21:32:01 rtp 30000 30536 536 1.75530 0.006 0.048 536.00 1 0.008 99.973
63 21:31:31 rtp 30001 30001 0 0.00000 0.005 0.048 0.00 0 0.000 100.000
62 21:31:01 rtp 30000 30536 536 1.75530 0.005 0.024 536.00 1 0.008 99.973
 

Use the show policy-map type performance-traffic interface interface_name detail command to display the detailed information for the latest interval of each flow.

Router#show policy-map type performance-traffic interface gig 8/11 detail
GigabitEthernet8/11
 
Service-policy input: video-swport
 
class-map: sw-vlan3
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 60, DF: rfc4445, Total Flows: 1
------------------------------------------------------------------------------------------
 
Flow: 0001 Key: 11.0.0.2:63 -> 12.0.0.2:6300 Intervals : 1
Intvl# 68, Updated at 21:34:06.775 PDT Fri Jun 10 2011
Metric Type : IP-CBR
MRV : 0.00000% DF(ms) : 10.075
Packets : 3000 Bytes : 4296000
 
Intvl# 68, Updated at 21:34:06.775 PDT Fri Jun 10 2011
Metric Type : MDI
MLR : 600 MDC : 600
Packets : 3000 Bytes : 4296000
DF(ms) : 10.075 Error seconds : 0.000
Transport Availability (%) : 100.000
 
class-map: sw-rtp-vlan3
---------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 60, Total Flows: 1
---------------------------------------------------------------------------------------------
 
Flow: 0001 Key: 11.0.0.12:5000 -> 12.0.0.2:50000, 3735927471 Intervals : 1
Intvl# 68, Updated at 21:34:01.731 PDT Fri Jun 10 2011
Pkts Recieved : 30000 Pkts Exp : 30536 Pkts Valid : 30000
Pkts Lost : 536 Pkts Late : 0 Pkts reord : 0
Loss Rate (%) : 1.75530 Loss Intvls : 1 Avg Loss duration: 536.00
Jitter(msec) : 0.006 Max Jitter : 0.024 Resyncs : 1
Error seconds : 0.008 Transport Availability (%) : 99.973
 

Use the show policy-map type performance-traffic interface interface_name last n command to display the last n number of intervals for each flow on an interface:

Router#show policy-map type performance-traffic interface gig 8/11 last 2
GigabitEthernet8/11
 
Service-policy input: video-swport
 
class-map: sw-vlan3
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 60, DF: rfc4445, Total Flows: 1
------------------------------------------------------------------------------------------
 
Flow: 0001, IPV4; Dest: 12.0.0.2 Port: 6300; Src: 11.0.0.2 Port: 63
Agg Value(Per Flow)
MDC : 39600 Avail(%) : 100.000 Pkt_cnt : 198003
MLR : 39600 Error_secs : 0.000 MRV(%) : 0.00000
 
Error Transport
Intvl Updated at Type Pkt_cnt MRV(%)/MLR DF(msec) MDC Seconds Avail (%)
-----+----------+----+--------------+------------+----------+---------+--------+---------+
69 21:34:36 cbr 3000 0.00000 10.075 NA NA NA
69 21:34:36 mdi 3000 600 10.075 600 0.000 100.000
68 21:34:06 cbr 3000 0.00000 10.075 NA NA NA
68 21:34:06 mdi 3000 600 10.075 600 0.000 100.000
 
 
class-map: sw-rtp-vlan3
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 60, Total Flows: 1
------------------------------------------------------------------------------------------
 
Flow: 0001, IPV4; Dest: 12.0.0.2 Port: 50000; Src: 11.0.0.12 Port: 5000; rtp-ssrc: 3735927471
Agg Value(Per Flow)
Avail(%) : 99.973 Loss_Intvls : 31 Resyncs : 31 Pkt_cnt : 2040036
Error_secs : 0.248 Pkt_exp : 2056652 Pkt_lost : 16616
 
Pkt Exp Lost Loss Jitter MaxJitter Avg. Loss Loss Err Transport
Intvl Updated Type count pkts pkts Rate(%) (msec) (msec) Dur. Intvls Sec Avail(%)
---- ------ --- ---- --- ----- --- ------ ------ -------- ----- ---- ---
70 21:35:01 rtp 30000 30536 536 1.75530 0.007 0.048 536.00 1 0.008 99.973
69 21:34:31 rtp 30001 30001 0 0.00000 0.007 0.048 0.00 0 0.000 100.000
 

Use the show policy-map type performance-traffic interface interface-name service instance instance-number command to display all the flows learnt on the specified EVC:

Router#show policy-map type performance-traffic interface gig 8/11 ser in 1
 
GigabitEthernet8/11: EFP 1
 
Service-policy input: video-monitor
 
class-map: mpls
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 420, DF: rfc4445, Total Flows: 1
------------------------------------------------------------------------------------------
 
Flow: 0001, IPV4; Dest: 12.0.1.2 Port: 6300; Src: 11.0.1.2 Port: 63
Agg Value(Per Flow)
MDC : 7803 Avail(%) : 100.000 Pkt_cnt : 39001
MLR : 7803 Error_secs : 0.000 MRV(%) : 0.00000
 
Error Transport
Intvl Updated at Type Pkt_cnt MRV(%)/MLR DF(msec) MDC Seconds Avail (%)
-----+----------+----+--------------+------------+----------+---------+--------+---------+
21 22:20:04 cbr 3000 0.00000 10.135 NA NA NA
21 22:20:04 mdi 3000 600 10.135 600 0.000 100.000
20 22:19:34 cbr 3000 0.00000 10.248 NA NA NA
20 22:19:34 mdi 3000 600 10.248 600 0.000 100.000
19 22:19:04 cbr 3000 0.00000 10.134 NA NA NA
19 22:19:04 mdi 3000 600 10.134 600 0.000 100.000
18 22:18:34 cbr 3000 0.00000 10.135 NA NA NA
18 22:18:34 mdi 3000 600 10.135 600 0.000 100.000
17 22:18:04 cbr 3000 0.00000 10.229 NA NA NA
17 22:18:04 mdi 3000 600 10.229 600 0.000 100.000
 
 
class-map: rtp-mpls
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 420, Total Flows: 1
------------------------------------------------------------------------------------------
 
Flow: 0001, IPV4; Dest: 12.0.1.2 Port: 50000; Src: 11.0.0.13 Port: 63; rtp-ssrc: 3735927471
Agg Value(Per Flow)
Avail(%) : 99.973 Loss_Intvls : 7 Resyncs : 7 Pkt_cnt : 420008
Error_secs : 0.056 Pkt_exp : 423760 Pkt_lost : 3752
 
Pkt Exp Lost Loss Jitter MaxJitter Avg. Loss Loss Err Transport
Intvl Updated Type count pkts pkts Rate(%) (msec) (msec) Dur. Intvls Sec Avail(%)
---- ------ --- ---- --- ----- --- ------ ------ -------- ----- ---- ---
21 22:20:09 rtp 30000 30000 0 0.00000 0.006 0.048 0.00 0 0.000 100.000
20 22:19:39 rtp 30001 30537 536 1.75524 0.005 0.036 536.00 1 0.008 99.973
19 22:19:09 rtp 30000 30000 0 0.00000 0.008 0.048 0.00 0 0.000 100.000
18 22:18:39 rtp 30001 30537 536 1.75524 0.009 0.048 536.00 1 0.008 99.973
17 22:18:09 rtp 30000 30000 0 0.00000 0.006 0.048 0.00 0 0.000 100.000

************************************************************************

Use show running-config interface interface-name command to display detailed information about interface:

router#sh running-config interface tenGigabitEthernet 7/21
Building configuration...
Current configuration : 816 bytes
interface TenGigabitEthernet7/21
ip arp inspection limit none
no ip address
ip rsvp bandwidth
service instance 1 ethernet
encapsulation dot1q 101
rewrite ingress tag pop 1 symmetric
service-policy type performance-traffic input video_monitor_1
service-policy type performance-traffic output video_monitor_2
bridge-domain 101
service instance 2 ethernet
encapsulation dot1q 102
rewrite ingress tag pop 1 symmetric
service-policy type performance-traffic input video_monitor_1
service-policy type performance-traffic output video_monitor_2
bridge-domain 102
end

 

Use the show policy-map type performance-traffic interface interface_name match ipv4 source ip-address mask destination ip-address mask command to display the flow matching the specified IPV4 source or destination IP.

Router#show policy-map type performance-traffic interface gig 8/11 match ipv4 source 11.0.0.12 255.255.255.255 destination 12.0.0.2 255.255.255.255
GigabitEthernet8/11
 
Service-policy input: video-swport
 
class-map: sw-vlan3
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 60, DF: rfc4445, Total Flows: 1
------------------------------------------------------------------------------------------
 
 
class-map: sw-rtp-vlan3
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 60, Total Flows: 1
------------------------------------------------------------------------------------------
 
Flow: 0001, IPV4; Dest: 12.0.0.2 Port: 50000; Src: 11.0.0.12 Port: 5000; rtp-ssrc: 3735927471
Agg Value(Per Flow)
Avail(%) : 99.973 Loss_Intvls : 32 Resyncs : 32 Pkt_cnt : 2130038
Error_secs : 0.256 Pkt_exp : 2147190 Pkt_lost : 17152
 
Pkt Exp Lost Loss Jitter MaxJitter Avg. Loss Loss Err Transport
Intvl Updated Type count pkts pkts Rate (msec) (msec) Dur. Intvls Sec Avail(%)
---- ------ --- ---- --- ----- --- ------ ------ -------- ----- ---- ---
73 21:36:31 rtp 30001 30537 536 1.75524 0.006 0.040 536.00 1 0.008 99.973
72 21:36:01 rtp 30000 30000 0 0.00000 0.009 0.048 0.00 0 0.000 100.000
71 21:35:31 rtp 30001 30001 0 0.00000 0.006 0.024 0.00 0 0.000 100.000
70 21:35:01 rtp 30000 30536 536 1.75530 0.007 0.048 536.00 1 0.008 99.973
69 21:34:31 rtp 30001 30001 0 0.00000 0.007 0.048 0.00 0 0.000 100.000
 

NoteThe match option can be used with brief, cumulative, or detail options in the show command.



NoteThe last option can be used with brief or detail options in the show command.


Troubleshooting the Inline Video Monitoring Implementation

The following section describes how to troubleshoot Video Monitoring.

  • Flow is not displayed in the show command

A flow is defined as unique traffic identified by the source and destination IP and port information. When the flow path is not displayed by the show command, perform the following steps to identify the problem:

1. Check the interface statistics using the show interface interface-type slot/port command to ensure that the traffic is flowing.

2. Check the configuration of class-map and the ACL configured under the class-map to ensure that the ACL is classifying the flows. The following example shows how to check the configuration of a class-map:

ROUTER#show running-config class-map video-class
Building configuration...
Current configuration : 67 bytes
!
class-map match-any video-class
match access-group 102
!
end
ROUTER#
outer#sh access-lists 102
Extended IP access list 102
10 permit ip any host 200.0.0.2
 
 

3. Check whether the rate layer3 packet command or rate media command is configured under the class using show policy-map type performance-traffic policy-map-name command.


Note The data flow path is not learnt for fragmented packets, MPLS packets, non-UDP protocols, and tunneled packets.


  • The change in media rate does not affects the DF metrics.

Use the show policy-map type performance-traffic policy-map-name command to check if the rate layer3 packet command is configured for the class. If the rate layer3 packet command is configured for the class, the IP-CBR packet rate configuration is used for both the IP-CBR and MDI metric calculations.

  • DF value is returned even though the data flow stream is stable.

DF is used to determine the jitter buffer required to ensure effective utilization of buffer while handling a stream. The minimum jitter buffer size is sufficient to receive a single packet. Therefore, even when there is no impairment or delay in the stream, the DF is equal to an inter-packet-gap. This DF value reported by the router when there is no impairment, is approximately equal to 1/packet-rate.

  • When packets are dropped, no message is triggered for MDI:DF even if the TCAs (reacts) are configured for MDI:DF.

When there are drops seen in the stream, DF computed is incorrect. In such a case, where packets are dropped in a stream(MLR), the computed DF is not used for triggering the message.

  • Show command output returns a dash (-).

Indicates that the metrics computed for that interval are invalid. This condition occurs during the initial flow learn, when a policy-map is updated dynamically or when the next intervals on the MSE are reported for the current interval.

  • Metrics cannot be configured under the default class (class-default).

Performance traffic functionality is not supported in the default class. The default class includes the traffic that is not classified under any other class-maps and has no defined rate. It is not possible to configure metric parameters for the default class.

  • TCA threshold messages are not triggered even when the metric value crosses the configured range.

Use the show policy-map type performance-traffic policy-map-name command to verify that the alarm severity is not configured to none.

  • Uncertainty over the choice of right debug logs.

Complete the following steps to collect the output for the line card:

1. Run the attach module-number command to connect to the line card.

2. Run the show platform npc performance-traffic action np number interface classmap command to display the class-map configuration on the line card.

3. Run the show platform npc performance-traffic action np number interface result command to display the class-map structure used by the microcode.

4. Run the show platform npc performance-traffic action np number interface stats command to print per flow statistics for the network processor.

5. Run the show platform npc performance-traffic action np number stats command to print the aggregate flow count in the network processor.

6. Run the show platform npc performance-traffic classification all to print the classification details for each class.

Supported MIBs

Video Monitoring supports the following MIBs. These MIBs are used for retrieving the data collected by flow monitors.

  • CISCO-FLOW-MONITOR-TC-MIB : This MIB module defines the text conventions common to the rest of the MIB modules.
  • CISCO-FLOW-MONITOR-MIB: This MIB module defines a framework that describes the flow monitors supported by the system, the flows that are learned, and the flow metrics collected for those flows.
  • CISCO-MDI-METRICS-MIB: This MIB module defines objects describing quality metrics collected for streams that comply to the Media Delivery Index (MDI).
  • CISCO-IP-CBR-METRICS-MIB: This MIB module defines objects describing quality metrics collected for IP streams that have a Constant Bit Rate (CBR).
  • CISCO-RTP-METRICS-MIB: This MIB module defines objects that describe the quality metrics of RTP streams.

IP Tunneling - IPv6 Rapid Deployment

The following sections describe the IPv6 Rapid Deployment (6RD) function.

Understanding IPv6 Rapid Deployment

The 6RD deployment is an variant of the 6to4 feature, and allows a service provider to provide a unicast IPv6 service to customers over its IPv4 network (using IPv6 encapsulation in IPv4).

For more information on 6to4 feature, see Cisco IOS IPv6 Configuration Guide, Release 12.2SR at: http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6/configuration/12-2sr/ipv6-12-2sr-book.html .

The differences between 6RD and 6to4 tunneling are:

  • 6RD does not require IP addresses to have a 2002::/16 prefix. Therefore, the prefix can be from the service provider's own address block. This function allows the 6RD operational domain to be within the service provider network. From the perspective of customer sites and the general IPv6 internet connected to a 6RD-enabled service provider network, the IPv6 service provided is equivalent to native IPv6.
  • Not all the 32 bits from the IPv4 destination address are carried to the IPv6 payload header. The IPv4 destination is obtained from a combination of bits in the payload header and information on the router. The IPv4 address is not at a fixed location in the IPv6 header as in the case with 6to4 tunneling.

Figure 13-1 shows a high-level view of the 6RD deployment.

Figure 13-1 6RD Deployment

 

The service provider delegates a 6RD service provider prefix for the IPv6 deployment, using the IPv4 address bits.

Figure 13-2 shows how 6RD prefix delegation works.

Figure 13-2 6RD Prefix Delegation

Figure 13-3 shows the 6RD prefix delegation topology.

Figure 13-3 6RD Prefix Delegation Topology

Restriction for IPv6 Rapid Deployment.

The interface facing the IPv4 network must be on the ES40 linecard.

Supported Features

Table 13-3 shows the list of supported and unsupported features for 6RD functionality.

Table 13-3 Supported and Unsupported Features

Feature
Supported

6RD BR mode

Yes

6RD CE mode

Yes

6RD tunnel

Yes

Scale

512

MIBs

No

Linecards

ES40

VRF awareness

Yes

ISG Co-existence

No

Qos on Tunnels

No

Configuring IPv6 Rapid Deployment on the Cisco 7600 series router Platform

The following sections describe how to configure 6RD on the c7600 platform:

Configuring 6RD

Complete the following steps to configure 6RD.

SUMMARY STEPS


Step 1 enable

Step 2 configure terminal

Step 3 interface tunnel tunnel-number

Step 4 ipv6 address { ipv6-address/prefix-length | prefix-name sub-bits/prefix-length }

Step 5 tunnel source {ip-address | interface-type interface-number}

Step 6 tunnel mode ipv6ip [6rd | 6to4 | auto-tunnel | isatap]

Step 7 mls 6rd reserve interface gigabitethernet/ tengigabitethernet

Step 8 tunnel 6rd prefix ipv6-prefix/prefix-length

Step 9 tunnel 6rd ipv4 {prefix-length length } {suffix-length length }

Step 10 exit

Step 11 interface type instance

Step 12 ip address ip-address

Step 13 exit

Step 14 ipv6 route { ipv6-prefix | prefix-length } tunnel tunnel-number

Step 15 end

DETAILED STEPS

Command or Action
Purpose

Step 1

enable

 

Router# enable

Enables privileged EXEC mode. Enter your password if prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 3

interface tunnel tunnel-number

 

Router(config)# interface tunnel 1

Specifies a tunnel interface and enters the interface configuration mode.

Step 4

ipv6 address { ipv6-address/prefix-length | prefix-name sub-bits/prefix-length }

 

Router(config-if)# ipv6 address 2001:B000:400::1/124

Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.

Step 5

tunnel source {ip-address | interface-type interface-number}

 

Router(config-if)# tunnel source loopback 0

Specifies the source interface type and number for the tunnel interface.

Step 6

tunnel mode ipv6ip [6rd | 6to4 | auto-tunnel | isatap]

 

Router(config-if)# tunnel mode ipv6ip 6rd

Configures a static IPv6 tunnel interface.

Step 7

mls 6rd reserve interface gigabitethernet/ tengigabitethernet

 

Router(config-if)# mls 6rd reserve interface gig 9/5

Redirects the IPv6 traffic to IPv4 core facing interface on the ES40 line card.

Step 8

tunnel 6rd prefix ipv6-prefix/prefix-length

 

Router(config-if)# tunnel 6rd prefix 2001:B000::/32

Specifies the common IPv6 prefix on IPv6 rapid 6RD tunnels.

Step 9

tunnel 6rd ipv4 {prefix-length length } {suffix-length length }

 

Router(config-if)# tunnel 6rd ipv4 prefix-len 16 suffix-len 8

Specifies the prefix and suffix length of the IPv4 transport address common to all the 6RD routers in a domain.

Step 10

exit

 

Router(config-if)# exit

Exits configuration mode, and returns the CLI to privileged EXEC mode.

Step 11

interface type instance

 

Router(config)# interface loopback 0

Enters interface configuration mode and names the new loopback interface.

Step 12

ip address ip-address

 

Router(config-if)# ip address 10.1.4.1 255.255.255.255

Assigns an IP address and subnet mask to the loopback interface.

Step 13

exit

 

Router(config-if)# exit

Exits configuration mode, and returns the CLI to privileged EXEC mode.

Step 14

ipv6 route ipv6-prefix/prefix-length tunnel tunnel-number

 

Router(config)# ipv6 route 2001:b000::/32 tunnel 1

Redirects 6RD specific traffic to the 6RD tunnel.

Step 15

end

 

Router(config-if)# end

Ends the current configuration session.

Configuration Examples

This example shows how to configure 6RD.

Router# enable
Router# configure terminal
Router(config)# interface tunnel 1
Router(config-if)# ipv6 address 2001:B000:400::1/124
Router(config-if)# tunnel source loopback 0
Router(config-if)# tunnel mode ipv6ip 6rd
Router(config-if)# mls 6rd reserve interface gig 9/5
Router(config-if)# tunnel 6rd prefix 2001:B000::/32
Router(config-if)# tunnel 6rd ipv4 prefix-len 16 suffix-len 8
Router(config-if)# exit
Router(config)# interface loopback 0
Router(config-if)# ip address 10.1.4.1 255.255.255.255
Router(config-if)# exit
Router(config)# ipv6 route 2001:b000::/32 tunnel 1
Router(config)# end

Verifying the Configuration

Use these commands to verify the configuration of 6RD on the Cisco 7600 series router:

Router# show tunnel 6rd tunnel 10
Interface Tunnel10:
Tunnel Source: 10.1.4.1
6RD: Operational, V6 Prefix: 2001:B000::/32
V4 Prefix, Length: 16, Value: 10.1.0.0
V4 Suffix, Length: 8, Value: 0.0.0.1
General Prefix: 2001:B000:400::/40
 
Router# show tunnel 6rd destination 2001:b000:800::12 tunnel 10
Interface: Tunnel10
6RD Prefix: 2001:B000:800::12
Destination: 10.1.8.1
 
Router# show tunnel 6rd prefix 10.1.8.1 tunnel 10
Interface: Tunnel10
Destination: 10.1.8.1
6RD Prefix: 2001:B000:800::

Troubleshooting Tips

For troubleshooting information, contact Cisco Technical Assistance Center (TAC) at:

http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

VRF aware IPv6 Rapid Deployment (6RD) tunnels

Currently the 6RD tunneling feature on c7600 does not support virtual routing and forwarding (VRF) awareness. The forwarding table lookups for IPv6 overlay addresses and IPv4 transport addresses are performed in global routing tables. This feature extends the 6RD tunneling support for IPv6 overlay addresses and IPv4 transport addresses in VRF.

These scenarios explain the VRF aware 6RD tunnel function:

  • IPv6 overlay address in VRF and IPv4 transport address in Global routing table (RT).
  • IPv6 overlay address in VRF and IPv4 transport address in VRF.

Figure 13-4 Topology for the IPv6 overlay address in VRF, and the IPv4 transport address in GRT.

 

The VRF Aware IPv6 over IPv4 Tunnel should have an ES+ line card towards the tunnel facing side.

 

Restriction for VRF aware 6RD tunnels

  • Currently the c7600 supports only 256 VRF instances for IPv6.
  • The incoming physical interface, and the tunnel interface should have the same VRF instance defined.
  • The tunnel transport VRF and the egress physical interface, through which the traffic leaves should have the same VRF instance defined.
  • For 6RD customer edge router configuration, the tunnel source and the border relay (BR) address should have the same VRF instance defined as the physical interface, through which the traffic flows.

Configuring VRF aware 6RD tunnel

The following sections describe how to configure VRF aware IPv6 tunnel on c7600:

Configuring IPv6 Overlay Addresses in VRF and IPv4 Transport Addresses in Global RT

Complete the following steps to configure IPv6 overlay addresses in VRF and IPv4 transport addresses in Global RT:

SUMMARY STEPS

6RD customer edge router onfiguration


Step 1 enable

Step 2 configure terminal

Step 3 ipv6 unicast-routing

Step 4 mls ipv6 vrf

Step 5 vrf definition vrf name

Step 6 rd { ASN:nn | IP address: nn }

Step 7 route-target [import | export | both]{ ASN:nn | IP address: nn }

Step 8 address-family ipv6

Step 9 exit

Step 10 address-family ipv4

Step 11 exit

Step 12 exit

Step 13 interface gigabitethernet slot/port

Step 14 vrf forwarding vrf name

Step 15 ipv6 address { ipv6-address/prefix-length | prefix-name sub-bits/prefix-length }

Step 16 exit

Step 17 interface gigabitethernet slot/port

Step 18 ip address ip-address mask

Step 19 ip ospf process-id area area-id

Step 20 exit

Step 21 interface loopback interface-number

Step 22 ip address ip-address mask

Step 23 ip ospf process-id area area-id

Step 24 exit

Step 25 interface tunnel tunnel-number

Step 26 vrf forwarding vrf name

Step 27 ipv6 address { ipv6-address/prefix-length | prefix-name sub-bits/prefix-length }

Step 28 mls 6rd reserve interface gigabitethernet/ tengigabitethernet

Step 29 tunnel source {ip-address | interface-type interface-number }

Step 30 tunnel mode ipv6ip [6rd | 6to4 | auto-tunnel | isatap]

Step 31 tunnel 6rd ipv4 {prefix-length length } {suffix-length length }

Step 32 tunnel 6rd prefix ipv6-prefix/prefix-length

Step 33 tunnel 6rd br ipv4-address

Step 34 exit

Step 35 ipv6 route vrf vrf-name ipv6-prefix/prefix-length tunnel tunnel number

Step 36 ipv6 route vrf vrf-name ipv6-prefix/prefix-length tunnel tunnel number ipv6-address

Step 37 end

6RD Border Relay (BR) Router Configuration


Step 1 Repeat steps 1 through 32 from the 6RD CE configuration, and then continue with these steps:

Step 2 exit

Step 3 ipv6 route vrf vrf-name ipv6-prefix/prefix-length tunnel tunnel number

Step 4 end

DETAILED STEPS (for 6RD customer edge router configuration)
DETAILED STEPS (for 6RD Border Relay (BR) Router Configuration)

Command or Action
Purpose

Step 1

enable

 

Router# enable

Enables privileged EXEC mode. Enter your password if prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 3

ipv6 unicast-routing

 

Router(config)# ipv6 unicast-routing

Enables the forwarding of IPv6 unicast datagrams.

Step 4

mls ipv6 vrf

 

Router(config)# mls ipv6 vrf

Enables IPv6 globally in a VRF instance.

Step 5

vrf definition vrf name

 

Router(config)# vrf definition VRF_RED

Configures a VRF instance and enters the VRF configuration mode.

Step 6

rd { ASN:nn | IP address: nn}

 

Router(config-vrf)# rd 1:1

Specifies a route distinguisher (RD).

  • ASN:nn: Specifies an autonomous system number and an arbitrary number.
  • IP address: nn: Specifies an IP address and an arbitrary number.

Step 7

route-target [ import | export | both ]{ ASN:nn | IP address: nn}

 

Router(config-vrf)#route-target export 1:1

Router(config-vrf)#route-target import 1:1

Creates a route-target extended community for a VRF instance. Route target extended community attributes are used to identify a set of sites and VRF instances that can receive routes with a configured route target.

  • import: Imports routing information from the target VPN extended community.
  • export: Exports routing information to the target VPN extended community.
  • both: Imports both import and export routing information to the target VPN extended community.
  • ASN:nn: Specifies an autonomous system number and an arbitrary number.
  • IP address: nn: Specifies an IP address and an arbitrary number.

Step 8

address-family ipv6

 

Router#(config-vrf)#address-family ipv6

Selects an address family type for a VRF table and enters VRF address family configuration mode. It configures the separate route-target policies for IPv6.

Step 9

exit

 

Router#(config-vrf-af)#exit

Exits the address family configuration mode.

Step 10

address-family ipv4

 

Router#(config-vrf)#address-family ipv4

Selects an address family type for a VRF table and enters VRF address family configuration mode. It configures the separate route-target policies for IPv4.

Step 11

exit

 

Router# (config-vrf-af)#exit

Exits the address family configuration mode.

Step 12

exit

 

Router#(config-vrf)#exit

Exits the VRF configuration mode.

Step 13

interface gigabitethernet slot/port

 

 

Router(config)# interface gigabitethernet 3/1

Enters the interface configuration mode and specifies the Gigabit interface to configure.

  • slot/port—Specifies the location of the interface.

Note This command configures the interface towards the IPv6 network.

Step 14

vrf forwarding vrf name

 

Router(config-if)#vrf forwarding VRF_RED

Associates a VRF instance with an interface or a subinterface.

Step 15

ipv6 address { ipv6-address|prefix-length | prefix-name sub-bits |prefix-length }

 

Router (config-if)# ipv6 address 1::2/64

Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.

Step 16

exit

 

Router (config-if)#exit

Exits interface configuration mode.

Step 17

interface gigabitethernet slot/port

 

Router(config)# interface gigabitethernet 4/1

Enters the interface configuration mode and specifies the Gigabit interface to configure.

  • slot/port—Specifies the location of the interface.

Note This command configures the interface towards the IPv4 network.

Step 18

ip address ip-address mask

 

Router(config-if)#ip address 17.1.1.1 255.255.255.0

Assigns an IP address and subnet mask to the interface.

Step 19

ip ospf process-id area area-id

 

Router(config-if)#ip ospf 2 area 0

Enables the Open Shortest Path First on an interface.

  • process-id —Specifies the process ID that ranges from 1 to 65535.
  • area-id —Specifies the area ID that ranges from 0 to 4294967295.

Step 20

exit

 

Router(config-if)# exit

Exits interface configuration mode.

Step 21

interface loopback interface-number

 

Router(config)# interface Loopback 100

Enters interface configuration mode and names the new loopback interface.

Note This command configures a loopback interface for the tunnel source.

Step 22

ip address ip-address mask

 

Router(config-if)#ip address 66.66.66.66 255.255.255.255

Assigns an IP address and subnet mask to the loopback interface.

Step 23

ip ospf process-id area area-id

 

Router(config-if)#ip ospf 2 area 0

Enables the Open Shortest Path First on an interface.

  • process-id —Specifies the process ID that ranges from 1 to 65535.
  • area-id —Specifies the area ID that ranges from 0 to 4294967295.

Step 24

exit

 

Router(config-if)# exit

Exits interface configuration mode.

Step 25

interface tunnel tunnel-number

 

Router(config)# interface tunnel 10

Specifies a tunnel interface and enters the interface configuration mode.

Note This command configures the IPv6 tunneling over IPv4 Transport.

Step 26

vrf forwarding vrf name

 

Router# (config-if)#vrf forwarding VRF_RED

Associates a VRF instance with an interface or a subinterface.

Note This command specifies the VRF instance to which the tunnel belongs, that is, the VRF instance used for IPv6 overlay address lookup.

Step 27

ipv6 address { ipv6-address/prefix-length | prefix-name sub-bits/prefix-length}

 

Router(config-if)# ipv6 address 2001:A000:100::1/128

Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.

Step 28

mls 6rd reserve interface gigabitethernet slot/port

 

Router(config-if)# mls 6rd reserve interface gig 4/5

Redirects the IPv6 traffic to the IPv4 core facing interface on the ES+ line card.

Step 29

tunnel source { ip-address | interface-type interface-number }

 

Router(config-if)# tunnel source loopback 100

Specifies the source interface type and number for the tunnel interface.

Step 30

tunnel mode ipv6ip [ 6rd | 6to4 | auto-tunnel | isatap ]

 

Router(config-if)# tunnelmode ipv6ip 6rd

Configures a static IPv6 tunnel interface.

Step 31

tunnel 6rd ipv4 {prefix-length length } {suffix-length length }

 

Router(config-if)# tunnel6rd ipv4 prefix-len 16 suffix-len 8

Specifies the prefix and suffix length of the IPv4 transport address common to all the 6RD routers in a domain.

Step 32

tunnel 6rd prefix ipv6-prefix/prefix-length

 

Router(config-if)# tunnel 6rd prefix 2001:A000::/32

Specifies the common IPv6 prefix on IPv6 6RD tunnels.

Step 33

tunnel 6rd br ipv4-address

 

Router(config-if)# tunnel 6rd br 60.1.2.1

Bypasses security checks on a 6RD customer-edge router.

  • ipv4-address —IPv4 address of the border relay (BR) router.

Step 34

exit

 

Router(config-if)# exit

Exits interface configuration mode.

Step 35

ipv6 route vrf vrf-name ipv6-prefix/prefix-length tunnel tunnel number

 

Router(config)# ipv6 route vrf vrf-red 2001:A000::/32 Tunnel 10

Establishes static routes.

  • ipv6-prefix —Specifies the IPv6 network that is the destination of the static route. Can also be a host name when static host routes are configured.
  • prefix-length —Specifies the length of the IPv6 prefix.

Step 36

ipv6 route vrf vrf-name ipv6-prefix/prefix-length tunnel tunnel number ipv6-address

 

Router(config)#ipv6 route vrf vrf-red 9000:1000::/64 Tunnel10 2001:A000:200::1

 

Establishes static routes.

  • ipv6-address —The IPv6 address of the next hop that can be used to reach the specified network.

Step 37

end

 

Router(config)# end

Ends the current configuration session.

Command or Action
Purpose

Step 1

Repeat steps 1 through 32 from the 6RD CE configuration, and then continue with these steps:

Step 2

exit

 

Router(config-if)# exit

Exits interface configuration mode.

Step 3

ipv6 route vrf vrf-name ipv6-prefix/prefix-length tunnel tunnel number

 

Router(config)# ipv6 route vrf vrf-red 2001:A000::/32 Tunnel 10

Establishes static routes.

  • ipv6-prefix —Specifies the IPv6 network that is the destination of the static route. Can also be a host name when static host routes are configured.
  • /prefix-length —Specifies the length of the IPv6 prefix.

Step 4

end

 

Router(config)# end

Ends the current configuration session.

Configuration Example

This example shows how to configure the IPv6 overlay addresses in VRF, and the IPv4 transport addresses in the Global Routing Table:

6RD customer edge router configuration

Router# enable
Router# configure terminal
Router(config)# ipv6 unicast-routing
Router(config)# mls ipv6 vrf
Router(config)# vrf definition VRF_RED
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv6
Router(config-vrf-af)# exit
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# exit
Router(config-vrf)# exit
Router(config)# interface gigabitethernet 3/1
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 1::2/64
Router(config-if)# exit
Router(config)# interface gigabitethernet 4/5
Router(config-if)# ip address 17.1.1.1 255.255.255.0
Router(config-if)# ip ospf 2 area 0
Router(config-if)# exit
Router(config)# interface Loopback 100
Router(config-if)# ip address 60.1.1.1 255.255.255.05
Router(config-if)# ip ospf 2 area 0
Router(config-if)# exit
Router(config)# interface tunnel 10
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 2001:A000:100::1/128
Router(config-if)# mls 6rd reserve interface GigabitEthernet4/5
Router(config-if)# tunnel source loopback 100
Router(config-if)# tunnel mode ipv6ip 6rd
Router(config-if)# tunnel 6rd ipv4 prefix-len 16 suffix-len 8
Router(config-if)# tunnel 6rd prefix 2001:A000::/32
Router(config-if)# tunnel 6rd br 60.1.2.1
Router(config-if)# exit
Router(config)#ipv6 route vrf vrf-red 2001:A000::/32 Tunnel10
Router(config)#ipv6 route vrf vrf-red 9000:1000::/64 Tunnel10 2001:A000:200::1
Router(config)# end

 

6RD Border Relay (BR) Router Configuration

Router# enable
Router# configure terminal
Router(config)# ipv6 unicast-routing
Router(config)# mls ipv6 vrf
Router(config)# vrf definition VRF_RED
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv6
Router(config-vrf-af)# exit
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# exit
Router(config-vrf)# exit
Router(config)# interface gigabitethernet 5/1
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 9000:1000::/64
Router(config-if)# exit
Router(config)# interface gigabitethernet 4/1
Router(config-if)# ip address 17.1.1.2 255.255.255.0
Router(config-if)# ip ospf 2 area 0
Router(config-if)# exit
Router(config)# interface Loopback 100
Router(config-if)# ip address 60.1.2.1 255.255.255.0
Router(config-if)# ip ospf 2 area 0
Router(config-if)# exit
Router(config)# interface tunnel 10
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 2001:A000:100::1/128
Router(config-if)# mls 6rd reserve interface GigabitEthernet4/1
Router(config-if)# tunnel source loopback 100
Router(config-if)# tunnel mode ipv6ip 6rd
Router(config-if)# tunnel 6rd ipv4 prefix-len 16 suffix-len 8
Router(config-if)# tunnel 6rd prefix 2001:A000::/32
Router(config-if)# exit
Router(config)#ipv6 route vrf vrf-red 2001:A000::/32 Tunnel10
Router(config)# end

Configuring IPv6 overlay addresses in VRF and IPv4 transport addresses in VRF

The only difference in configuration from the above GRT configuration is the use of the tunnel vrf vrf name command. This command associates a VRF instance to a specific tunnel destination or source.

Complete the following steps to configure IPv6 overlay addresses in VRF, and IPv4 transport addresses in VRF:

6RD customer edge configuration


Step 1 enable

Step 2 configure terminal

Step 3 ipv6 unicast-routing

Step 4 mls ipv6 vrf

Step 5 vrf definition vrf name 1

Step 6 rd {ASN:nn | IP address: nn}

Step 7 route-target [import | export | both] {ASN:nn | IP address: nn}

Step 8 address-family ipv6

Step 9 exit

Step 10 address-family ipv4

Step 11 exit

Step 12 exit

Step 13 vrf definition vrf name 2

Step 14 rd {ASN:nn | IP address: nn}

Step 15 route-target [import | export | both] {ASN:nn | IP address: nn}

Step 16 address-family ipv4

Step 17 exit

Step 18 exit

Step 19 interface gigabitethernet slot/port

Step 20 vrf forwarding vrf name 1

Step 21 ipv6 address { ipv6-address/prefix-length | prefix-name sub-bits/prefix-length }

Step 22 exit

Step 23 interface gigabitethernet slot/port

Step 24 vrf forwarding vrf name 2

Step 25 ip address ip-address mask

Step 26 ip ospf process-id area area-id

Step 27 exit

Step 28 interface loopback interface-number

Step 29 vrf forwarding vrf name 2

Step 30 ip address ip-address mask

Step 31 ip ospf process-id area area-id

Step 32 exit

Step 33 interface tunnel tunnel-number

Step 34 vrf forwarding vrf name 1

Step 35 ipv6 address { ipv6-address/prefix-length | prefix-name sub-bits/prefix-length }

Step 36 mls 6rd reserve interface gigabitethernet/ tengigabitethernet

Step 37 tunnel source {ip-address | interface-type interface-number }

Step 38 tunnel mode ipv6ip [6rd | 6to4 | auto-tunnel | isatap]

Step 39 tunnel 6rd ipv4 {prefix-length length } {suffix-length length }

Step 40 tunnel 6rd prefix ipv6-prefix/prefix-length

Step 41 tunnel 6rd br ipv4-address

Step 42 tunnel vrf vrf name 2

Step 43 exit

Step 44 ipv6 route vrf vrf-name ipv6-prefix/prefix-length tunnel tunnel number

Step 45 ipv6 route vrf vrf-name ipv6-prefix/prefix-length tunnel tunnel number ipv6-address

Step 46 end

6RD BR configuration


Step 1 Repeat steps 1 through 40 from the 6RD CE configuration, and then continue with these steps:

Step 2 tunnel vrf vrf name 2

Step 3 exit

Step 4 ipv6 route vrf vrf-name ipv6-prefix/prefix-length tunnel tunnel number

Step 5 end

DETAILED STEPS (for 6rd CE Configuration)

DETAILED STEPS (for 6RD BR Configuration)

Command or Action
Purpose

Step 1

enable

 

Router# enable

Enables privileged EXEC mode. Enter your password if prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 3

ipv6 unicast-routing

 

Router(config)# ipv6 unicast-routing

Enables the forwarding of IPv6 unicast datagrams.

Step 4

mls ipv6 vrf

 

Router(config)# mls ipv6 vrf

Enables IPv6 globally in a VRF instance.

Step 5

vrf definition vrf name 1

 

Router(config)# vrf definition VRF_RED

Configures a VRF instance and enters the VRF configuration mode.

Step 6

rd { ASN:nn | IP address: nn}

 

Router(config-vrf)# rd 1:1

Specifies a route distinguisher.

  • ASN:nn: Specifies an autonomous system number and an arbitrary number.
  • IP address: nn: Specifies an IP address and an arbitrary number.

Step 7

route-target [ import | export | both ]{ ASN:nn | IP address: nn}

 

Router(config-vrf)#route-target export 1:1

Router(config-vrf)#route-target import 1:1

Creates a route-target extended community for a VRF instance. Route target extended community attributes are used to identify a set of sites and VRF instances that can receive routes with a configured route target.

  • import: Imports routing information from the target VPN extended community.
  • export: Exports routing information to the target VPN extended community.
  • both: Imports both import and export routing information to the target VPN extended community.
  • ASN:nn: Specifies an autonomous system number and an arbitrary number.
  • IP address: nn: Specifies an IP address and an arbitrary number.

Step 8

address-family ipv6

 

Router(config-vrf)#address-family ipv6

Selects an address family type for a VRF table and enters VRF address family configuration mode. It configures the separate route-target policies for IPv6.

Step 9

exit

 

Router(config-vrf-af)#exit

Exits the address family configuration mode.

Step 10

address-family ipv4

 

Router(config-vrf)#address-family ipv4

Selects an address family type for a VRF table and enters VRF address family configuration mode. It configures the separate route-target policies for IPv4.

Step 11

exit

 

Router (config-vrf-af)#exit

Exits the address family configuration mode.

Step 12

exit

 

Router(config-vrf)#exit

Exits the VRF configuration mode.

Step 13

vrf definition vrf name 2

 

Router(config)# vrf definition VRF_GREEN

Configures a VRF instance and enters the VRF configuration mode.

Step 14

rd { ASN:nn | IP address: nn}

 

Router(config-vrf)# rd 1:1

Specifies an RD.

  • ASN:nn: Specifies an autonomous system number and an arbitrary number.
  • IP address: nn: Specifies an IP address and an arbitrary number.

Step 15

route-target [import | export | both] { ASN:nn | IP address: nn}

 

Router(config-vrf)#route-target export 1:1

Router(config-vrf)#route-target import 1:1

Creates a route-target extended community for a VRF instance. Route target extended community attributes are used to identify a set of sites and VRF instances that can receive routes with a configured route target.

  • import: Imports routing information from the target VPN extended community.
  • export: Exports routing information to the target VPN extended community.
  • both: Imports both import and export routing information to the target VPN extended community.
  • ASN:nn: Specifies an autonomous system number and an arbitrary number.
  • IP address: nn: Specifies an IP address and an arbitrary number.

Step 16

address-family ipv4

 

Router(config-vrf)#address-family ipv4

Selects an address family type for a VRF table and enters VRF address family configuration mode. It configures the separate route-target policies for IPv4.

Step 17

exit

 

Router (config-vrf-af)#exit

Exits the address family configuration mode.

Step 18

exit

 

Router(config-vrf)#exit

Exits the VRF configuration mode.

Step 19

interface gigabitethernet slot/port

 

Router(config)# interface gigabitethernet 3/1

Enters the interface configuration mode and specifies the Gigabit interface to configure.

  • slot/port—Specifies the location of the interface.

Note This command configures the interface towards the IPv6 network.

Step 20

vrf forwarding vrf name 1

 

Router(config-if)#vrf forwarding VRF_RED

Associates a VRF instance with an interface or a subinterface.

Step 21

ipv6 address { ipv6-address|prefix-length | prefix-name sub-bits |prefix-length }

 

Router(config-if)# ipv6 address 1::2/64

Specifies the IPv6 address assigned to the interface, and enables IPv6 processing on the interface.

Step 22

exit

 

Router# (config-if)# exit

Exits interface configuration mode.

Step 23

interface gigabitethernet slot/port

 

Router(config)# interface gigabitethernet 4/5

Enters the interface configuration mode and specifies the Gigabit interface to configure.

  • slot/port—Specifies the location of the interface.

Note This command configures the interface towards the IPv4 network.

Step 24

vrf forwarding vrf name 2

 

Router(config-if)#vrf forwarding VRF_GREEN

Associates a VRF instance with an interface or a subinterface.

Step 25

ip address ip-address mask

 

Router(config-if)#ip address 17.1.1.1 255.255.255.0

Assigns an IP address and subnet mask to the interface.

Step 26

ip ospf process-id area area-id

 

Router(config-if)#ip ospf 2 area 0

Enables the Open Shortest Path First on an interface.

  • process-id —Specifies the process ID that ranges from 1 to 65535.
  • area-id —Specifies the area ID that ranges from 0 to 4294967295.

Step 27

exit

 

Router(config-if)# exit

Exits interface configuration mode.

Step 28

interface loopback interface-number

 

Router(config)# interface Loopback 100

Enters interface configuration mode and names the new loopback interface.

Note This command configures a loopback interface for the tunnel source

Step 29

vrf forwarding vrf name 2

 

Router(config-if)#vrf forwarding VRF_GREEN

Associates a VRF instance with an interface or a subinterface.

Step 30

ip address ip-address

 

Router(config-if)#ip address 60.1.1.1 255.255.255.255

Assigns an IP address and subnet mask to the loopback interface.

Step 31

ip ospf process-id area area-id

 

Router(config-if)#ip ospf 2 area 0

Enables the Open Shortest Path First on an interface.

  • process-id —Specifies the process ID that ranges from 1 to 65535.
  • area-id —Specifies the area ID that ranges from 0 to 4294967295.

Step 32

exit

 

Router(config-if)# exit

Exits interface configuration mode.

Step 33

interface tunnel tunnel-number

 

Router(config)# interface tunnel 10

Specifies a tunnel interface and enters the interface configuration mode.

Note This command configures the IPv6 tunneling over IPv4 Transport.

Step 34

vrf forwarding vrf name 1

 

Router(config-if)#vrf forwarding VRF_RED

Associates a VRF instance with an interface or a subinterface.

Note This command specifies the VRF instance to which the tunnel belongs , that is, the VRF instance used for IPv6 overlay address lookup.

Step 35

ipv6 address { ipv6-address|prefix-length | prefix-name sub-bits |prefix-length }

 

Router(config-if)# ipv6 address 2001:A000:100::1/128

Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.

Step 36

mls 6rd reserve interface gigabitethernet slot/port

 

Router(config-if)# mls 6rd reserve interface gig 4/5

Redirects the IPv6 traffic to the IPv4 core facing interface on the ES+ line card.

Step 37

tunnel source { ip-address | interface-type interface-number }

 

Router(config-if)# tunnel source loopback 100

Specifies the source interface type and number for the tunnel interface.

Step 38

tunnel mode ipv6ip [ 6rd | 6to4 | auto-tunnel | isatap ]

 

Router(config-if)# tunnelmode ipv6ip 6rd

Configures a static IPv6 tunnel interface.

Step 39

tunnel 6rd ipv4 { prefix-length length } { suffix-length length }

 

Router(config-if)# tunnel6rd ipv4 prefix-len 16 suffix-len 8

Specifies the prefix and suffix length of the IPv4 transport address common to all the 6RD routers in a domain.

Step 40

tunnel 6rd prefix ipv6-prefix/prefix-length

 

Router(config-if)# tunnel 6rd prefix 2001:A000::/32

Specifies the common IPv6 prefix on IPv6 6RD tunnels.

Step 41

tunnel 6rd br ipv4-address

 

Router(config-if)# tunnel 6rd br 60.1.2.1

Bypasses security checks on a 6RD customer-edge router.

  • ipv4-address —IPv4 address of the border relay (BR) router.

Step 42

tunnel vrf vrf name 2

 

Router(config-if)# tunnel vrf VRF_GREEN

Configures a VRF instance with a specific tunnel destination, interface or a subinterface.

Note This command specifies the VRF instance used for the tunnel IPv4 transport address lookup.

Step 43

exit

 

Router(config-if)# exit

Exits interface configuration mode.

Step 44

ipv6 route vrf vrf-name ipv6-prefix/prefix-length tunnel tunnel number

 

Router(config)# ipv6 route vrf vrf-red 2001:A000::/32 Tunnel 10

Establishes static routes.

  • ipv6-prefix —Specifies the IPv6 network that is the destination of the static route. Can also be a host name when static host routes are configured.
  • prefix-length —Specifies the length of the IPv6 prefix.

Step 45

ipv6 route vrf vrf-name ipv6-prefix/prefix-length tunnel tunnel number ipv6-address

 

Router(config)#ipv6 route vrf vrf-red 9000:1000::/64 Tunnel10 2001:A000:200::1

 

Establishes static routes.

  • ipv6-address —The IPv6 address of the next hop that can be used to reach the specified network.

Step 46

end
 

Router(config)# end

Ends the current configuration session.

Command or Action
Purpose

Step 1

Repeat steps 1 through 40 from the 6RD CE configuration, and then continue with these steps:

Step 2

tunnel vrf vrf name 2

 

Router(config-if)# tunnel vrf VRF_GREEN

Configures a VRF instance with a specific tunnel destination, interface or a subinterface.

Note This command specifies the VRF instance used for tunnel IPv4 transport address lookup.

Step 3

exit

 

Router(config-if)# exit

Exits interface configuration mode.

Step 4

ipv6 route vrf vrf-name ipv6-prefix/prefix-length tunnel tunnel number

 

Router(config)# ipv6 route vrf vrf-red 2001:A000::/32 Tunnel 10

Establishes static routes.

  • ipv6-prefix —Specifies the IPv6 network that is the destination of the static route. Can also be a host name when static host routes are configured.
  • prefix-length —Specifies the length of the IPv6 prefix.

Step 5

end
 

Router(config)# end

Ends the current configuration session.

Configuration Example

This example shows how to configure IPv6 overlay addresses in VRF, and IPv4 transport addresses in VRF:

6RD customer edge configuration

 
Router# enable
Router# configure terminal
Router(config)# ipv6 unicast-routing
Router(config)# mls ipv6 vrf
Router(config)# vrf definition VRF_RED
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv6
Router(config-vrf-af)# exit
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# exit
Router(config-vrf)# exit
Router(config)# vrf definition VRF_GREEN
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# exit
Router(config-vrf)# exit
Router(config)# interface gigabitethernet 3/1
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 1::2/64
Router(config-if)# exit
Router(config)# interface gigabitethernet 4/5
Router(config-if)# vrf forwarding VRF_GREEN
Router(config-if)# ip address 17.1.1.1 255.255.255.0
Router(config-if)# ip ospf 2 area 0
Router(config-if)# exit
Router(config)# interface Loopback 100
Router(config-if)# vrf forwarding VRF_GREEN
Router(config-if)# ip address 60.1.1.1 255.255.255.0
Router(config-if)# ip ospf 2 area 0
Router(config-if)# exit
Router(config)# interface tunnel 10
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 2001:A000:100::1/128
Router(config-if)# mls 6rd reserve interface GigabitEthernet4/5
Router(config-if)# tunnel source loopback 100
Router(config-if)# tunnel mode ipv6ip 6rd
Router(config-if)# tunnel 6rd ipv4 prefix-len 16 suffix-len 8
Router(config-if)# tunnel 6rd prefix 2001:A000::/32
Router(config-if)# tunnel 6rd br 60.1.2.1
Router(config-if)# tunnel vrf VRF_GREEN
Router(config-if)# exit
Router(config)#ipv6 route vrf vrf-red 2001:A000::/32 Tunnel10
Router(config)#ipv6 route vrf vrf-red 9000:1000::/64 Tunnel10 2001:A000:200::1
Router(config)# end
 

6RD BR config

 
Router# enable
Router# configure terminal
Router(config)# ipv6 unicast-routing
Router(config)# mls ipv6 vrf
Router(config)# vrf definition VRF_RED
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv6
Router(config-vrf-af)# exit
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# exit
Router(config-vrf)# exit
Router(config)# vrf definition VRF_GREEN
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# exit
Router(config-vrf)# exit
Router(config)# interface gigabitethernet 5/1
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 9000:1000::/64
Router(config-if)# exit
Router(config)# interface gigabitethernet 4/1
Router(config-if)# vrf forwarding VRF_GREEN
Router(config-if)# ip address 17.1.1.2 255.255.255.0
Router(config-if)# ip ospf 2 area 0
Router(config-if)# exit
Router(config)# interface Loopback 100
Router(config-if)# vrf forwarding VRF_GREEN
Router(config-if)# ip address 60.1.2.1 255.255.255.0
Router(config-if)# ip ospf 2 area 0
Router(config-if)# exit
Router(config)# interface tunnel 10
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 2001:A000:100::1/128
Router(config-if)# mls 6rd reserve interface GigabitEthernet4/1
Router(config-if)# tunnel source loopback 100
Router(config-if)# tunnel mode ipv6ip 6rd
Router(config-if)# tunnel 6rd ipv4 prefix-len 16 suffix-len 8
Router(config-if)# tunnel 6rd prefix 2001:A000::/32
Router(config-if)# tunnel vrf VRF_GREEN
Router(config-if)# exit
Router(config)#ipv6 route vrf vrf-red 2001:A000::/32 Tunnel10
Router(config)# end
 

Verifying the Configuration

Use these commands to verify the configuration of VRF aware 6RD tunnels on c7600:

  • show platform npc ipv6_6rd egress-table vlan tunnel-vlan
Router# show platform npc ipv6_6rd egress-table vlan 1013
IPV6 6rd endpoint data for tepi_idx 0
dip 0.0.0.0 dmac-smac 0023.0417.b1c0-0023.0417.b1c0
Phy vlan 1024 Active 1 Tunnel Vlan 1013
 
  • show platform npc ipv6_6rd egress-table vlan tunnel-vlan detail
Router# show platform npc ipv6_6rd egress-table vlan 1013 detail
IPV6_6RD egress table entry
eg_entry->match_cond = 1
eg_entry->ent_valid = 1
eg_entry->static_route = 0
eg_entry->src_ip = 10.1.4.1
eg_entry->v4_add_mask = 0.0.255.0
eg_entry->v4_pref_suff = 10.1.0.1
eg_entry->v4_sp_pref_byte_off = 4
eg_entry->v4_sp_pref_bit_off = 0
eg_entry->v4_pref_in_bits = 16
eg_entry->is_tun_ep = 0
dmac 0023.0417.B1C0
smac 0023.0417.B1C0
eg_entry->eg_stats_id = 312020 0x0004C2D4
eg_entry->phy_vlan = 1024
 
value: 04 00 40 03 0a 01 04 01 00 00 ff 00 0a 01 00 01 ..@.............
value: 00 23 04 17 00 23 04 17 b1 c0 b1 c0 10 04 c2 d4 .#...#..1@1@..BT
 
  • show platform npc 6rd tcam vlan 1061
Router# sh plat npc 6rd tcam vlan 1061
TCAM entry for tunnel vlan 1061 on np 0
VMR-Handle : 132
 
Source IP : 100.0.32.1 Mask : 00000000
VRF id : 0 Mask : 0000
Feature id : 2 Mask : 00
Result Decode :
Vlan : 1061
Statistics ID : 0x53DBA
 
Raw output :
Key : 64 00 20 01 00 00 00 00 02 00 00 00 00 00 00 00 04 25 53 20
Mask : 00 00 00 00 FF FF FF FF 00 FF 00 00 FF FF FF FF FF FF A6 B0
Result : 04 25 01 03 00 05 3D BA
 
TCAM entry for tunnel vlan 1061 on np 1
VMR-Handle : 132
 
Source IP : 100.0.32.1 Mask : 00000000
VRF id : 0 Mask : 0000
Feature id : 2 Mask : 00
Result Decode :
Vlan : 1061
Statistics ID : 0x53DBA
 
Raw output :
Key : 64 00 20 01 00 00 00 00 02 00 00 00 00 00 00 00 04 25 53 20
Mask : 00 00 00 00 FF FF FF FF 00 FF 00 00 FF FF FF FF FF FF A6 B0
Result : 04 25 01 03 00 05 3D BA
 
  • show platform npc 6rd xlif vlan 1061
Router# show platform npc 6rd xlif vlan 1061
Eg xlif id (1061 + 32000) = (33061) tunnel_vlan : 1061
 
Egress XLIF table fields
 
Feature common enable: 0x1
Feature enable: 0x1
Feature bits: 0x04
Control common bits: 0x00
Control feature bits: 0x00
Control rewrite opcode: 0x00
Port: 0x3
Match cond 0x1
Entry valid: 0x1
Optimal Path en : 0x0
Dbus VLAN: 1018
QoS policy ID: 0
ACL ID: 0
Statistics ID: 0
Inner rewrite VLAN: 0
Outer rewrite VLAN: 0
QoS flow ID: 0
IP Session en : 0
Feature data 0 0x80830008
Intf etype: 0x00000000
Multicast enable: 0x00000000
Post Filter Opcode 0x00000000
Pre Filter Opcode 0x00000000
Pre Tag Outer 0x00000008
Pre Tag Inner 0x00000083
Post Filter Vlan high 0x00000000
Post Filter Vlan low 0x00000000
Post Filter Vlan outer 0x00000000
EVC - MST: 0x0
EVC etype 0x03FA
CFM MEP Level 0x00000000
CFM MIP Level 0x00000000
CFM disable 0x0
MIP filtering 0x0
block_data: 0x0
block_l2bpdu: 0x0
sacl: 0x0
MVPNv6 decap Vlanv4: 31
MVPNv6 decap Vlanv6: 1018
sacl index: 0x0000
sacl statid: 0x1F000
Span Enable: 0x0
Eg xlif id (1018 + 32000) phy_vlan : (1018)
 
Egress XLIF table fields
 
Feature common enable: 0x1
Feature enable: 0x1
Feature bits: 0x01
Control common bits: 0x00
Control feature bits: 0x00
Control rewrite opcode: 0x00
Port: 0x3
Match cond 0x1
Entry valid: 0x1
Optimal Path en : 0x1
Dbus VLAN: 1018
QoS policy ID: 0
ACL ID: 0
Statistics ID: 0
Inner rewrite VLAN: 0
Outer rewrite VLAN: 0
QoS flow ID: 0
IP Session en : 0
Feature data 0 0x00830008
Intf etype: 0x00008100
Multicast enable: 0x00000000
Post Filter Opcode 0x00000008
Pre Filter Opcode 0x00000000
Pre Tag Outer 0x00000008
Pre Tag Inner 0x00000083
Post Filter Vlan high 0x00000000
Post Filter Vlan low 0x00000100
Post Filter Vlan outer 0x00000000
EVC - MST: 0x0
EVC etype 0x0000
CFM MEP Level 0x00000000
CFM MIP Level 0x00000000
CFM disable 0x0
MIP filtering 0x0
block_data: 0x0
block_l2bpdu: 0x0
sacl: 0x0
MVPNv6 decap Vlanv4: 0
MVPNv6 decap Vlanv6: 0
sacl index: 0x0000
sacl statid: 0x00000
Span Enable: 0x0
 
  • show platform npc 6rd tunnel 34
Router# show platform npc 6rd tunnel 34
Tunnel34 is up, line protocol is up
Hardware is Tunnel
MTU 0 bytes, BW 10000000 Kbit/sec, DLY 0 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive set (10 sec)
Tunnel source 100.0.34.1 (Loopback34), destination 0.0.0.0
Tunnel protocol/transport IPv6 6RD, key disabled, sequencing disabled
Checksumming of packets disabled, vip tunneling disabled
Last input never, output never, output hang never
Last clearing of "show interface" counters 1d02h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
 
IPV6 6RD tunnel information on CP: Tunnel34, interface vlan = 1063
if_num = 1750, phy_vlan = 1018, tun_vlan = 1063, id =33, inuse = 1, active = 1 error = 0
sip 100.0.34.1, ep count 2
 
TEPI indices of remote endpoint associated
with the IPV6 6RD Tunnel interface are :
35

Troubleshooting

For troubleshooting information, contact Cisco Technical Assistance Center (TAC) at:

http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

VRF aware IPv6 Tunnels over IPv4 Transport

The current IPv6 tunneling feature on c7600 does not support Virtual Routing and Forwarding (VRF) awareness. The forwarding table lookups for IPv6 overlay addresses and IPv4 transport addresses are performed in the global routing tables. This feature extends the tunneling support for IPv6 overlay addresses in VRF.

These scenarios explain the VRF aware IPv6 tunnel function:

  • IPv6 overlay address in VRF and IPv4 transport address in Global routing table (RT).
  • IPv6 overlay address in VRF and IPv4 transport address in VRF.

Figure 13-5 illustrates the topology for the IPv6 overlay address in VRF, and the IPv4 transport address in VRF.

Figure 13-5 Topology for VRF aware IPv6 Tunnel

The VRF Aware IPv6 over IPv4 Tunnel can have any line card towards the core facing side.

.

Restrictions for VRF aware IPv6 tunnels

Following restrictions apply to the VRF aware IPv6 tunnels feature:

  • This feature supports the IPv6IP and 6to4 tunnels mode.
  • Due to EARL limitation, the same source tunnels across VRFs are not supported.
  • The tunnel source and the tunnel destination should be in the same VRF instance.
  • The tunnel IPv4 transport addresses and the physical interface where the tunnel traffic exits, should be in the same VRF instance.
  • The incoming IPv6 interface and the tunnel should be in the same VRF instance.
  • This feature does not support IPv6IP auto-tunnels and ISATAP.

Configuring VRF aware IPv6 tunnel

The following sections describe how to configure VRF aware IPv6 tunnel on c7600:

Configure IPv6 overlay addresses in VRF and IPv4 transport addresses in Global RT

Complete the following steps to configure IPv6 overlay addresses in VRF and IPv4 transport addresses in Global RT:

SUMMARY STEPS


Step 1 enable

Step 2 configure terminal

Step 3 ipv6 unicast-routing

Step 4 mls ipv6 vrf

Step 5 vrf definition vrf name

Step 6 rd { ASN:nn | IP address: nn }

Step 7 route-target [import | export | both]{ ASN:nn | IP address: nn }

Step 8 address-family ipv6

Step 9 exit

Step 10 address-family ipv4

Step 11 exit

Step 12 exit

Step 13 interface gigabitethernet slot/port

Step 14 vrf forwarding vrf name

Step 15 ipv6 address { ipv6-address/prefix-length | prefix-name sub-bits/prefix-length }

Step 16 exit

Step 17 interface gigabitethernet slot/port

Step 18 ip address ip-address

Step 19 exit

Step 20 interface loopback interface-number

Step 21 ip address ip-address

Step 22 exit

Step 23 interface tunnel tunnel-number

Step 24 vrf forwarding vrf name

Step 25 ipv6 address { ipv6-address/prefix-length | prefix-name sub-bits/prefix-length }

Step 26 tunnel source {ip-address | interface-type interface-number }

Step 27 tunnel destination {hostname | ip-address | ipv6-address}

Step 28 tunnel mode ipv6ip

Step 29 end

DETAILED STEPS

Command or Action
Purpose

Step 1

enable

 

Router# enable

Enables privileged EXEC mode. Enter your password if prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 3

ipv6 unicast-routing

 

Router(config)# ipv6 unicast-routing

Enables the forwarding of IPv6 unicast datagrams.

Step 4

mls ipv6 vrf

 

Router(config)# mls ipv6 vrf

Enables IPv6 globally in a VRF instance.

Step 5

vrf definition vrf name

 

Router(config)# vrf definition VRF_RED

Configures a VRF instance and enters the VRF configuration mode.

Step 6

rd { ASN:nn | IP address: nn}

 

Router(config-vrf)# rd 1:1

Specifies a route distinguisher (RD).

  • ASN:nn: Specifies an autonomous system number and an arbitrary number.
  • IP address: nn: Specifies an IP address and an arbitrary number.

Step 7

route-target [import | export | both]{ ASN:nn | IP address: nn}

 

Router(config-vrf)#route-target export 1:1

Router(config-vrf)#route-target import 1:1

Creates a route-target extended community for a VRF instance. Route target extended community attributes are used to identify a set of sites and VRF instances that can receive routes with a configured route target.

  • import: Imports routing information from the target VPN extended community.
  • export: Exports routing information to the target VPN extended community.
  • both: Imports both import and export routing information to the target VPN extended community.
  • ASN:nn: Specifies an autonomous system number and an arbitrary number.
  • IP address: nn: Specifies an IP address and an arbitrary number.

Step 8

address-family ipv6

 

Router#(config-vrf)#address-family ipv6

Selects an address family type for a VRF table and enters VRF address family configuration mode. This command configures the separate route-target policies for IPv6.

Step 9

exit

 

Router#(config-vrf-af)#exit

Exits the address family configuration mode.

Step 10

address-family ipv4

 

Router#(config-vrf)#address-family ipv4

Selects an address family type for a VRF table and enters VRF address family configuration mode. This command configures the separate route-target policies for IPv4.

Step 11

exit

 

Router# (config-vrf-af)#exit

Exits the address family configuration mode.

Step 12

exit

 

Router#(config-vrf)#exit

Exits the VRF configuration mode.

Step 13

interface gigabitethernet slot/port

 

 

Router(config)# interface gigabitethernet 3/1

Enters the interface configuration mode and specifies the Gigabit interface to configure.

  • slot/port—Specifies the location of the interface.

Note This command configures the interface towards the IPv6 network.

Step 14

vrf forwarding vrf name

 

Router(config-if)#vrf forwarding VRF_RED

Associates a VRF instance with an interface or a subinterface.

Step 15

ipv6 address { ipv6-address|prefix-length | prefix-name sub-bits |prefix-length }

 

Router (config-if)# ipv6 address 1::2/64

Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.

Step 16

exit

 

Router (config-if)#exit

Exits interface configuration mode.

Step 17

interface gigabitethernet slot/port

 

Router(config)# interface gigabitethernet 4/1

Enters the interface configuration mode and specifies the Gigabit interface to configure.

  • slot/port—Specifies the location of the interface.

Note This command configures the interface towards the IPv4 network.

Step 18

ip address ip-address

 

Router(config-if)#ip address 10.1.1.1 255.255.255.0

Assigns an IP address and subnet mask to the interface.

Step 19

exit

 

Router(config-if)# exit

Exits interface configuration mode.

Step 20

interface loopback interface-number

 

Router(config)# interface Loopback 666

Enters interface configuration mode and names the new loopback interface.

Note This command configures a loopback interface for the tunnel source

Step 21

ip address ip-address

 

Router(config-if)#ip address 66.66.66.66 255.255.255.255

Assigns an IP address and subnet mask to the loopback interface.

Step 22

exit

 

Router(config-if)# exit

Exits interface configuration mode.

Step 23

interface tunnel tunnel-number

 

Router(config)# interface tunnel 666

Specifies a tunnel interface and enters the interface configuration mode.

Note This command configures the IPv6 tunneling over IPv4 Transport.

Step 24

vrf forwarding vrf name

 

Router# (config-if)#vrf forwarding VRF_RED

Associates a VRF instance with an interface or a subinterface.

Note This command specifies the VRF instance to which the tunnel belongs, that is, the VRF instance used for IPv6 overlay address lookup.

Step 25

ipv6 address { ipv6-address/prefix-length | prefix-name sub-bits/prefix-length }

 

Router(config-if)# ipv6 address 3::1/120

Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.

Step 26

tunnel source {ip-address | interface-type interface-number}

 

Router(config-if)# tunnel source loopback 666

Specifies the source interface type and number for the tunnel interface.

Step 27

tunnel destination { host-name | ip-address | ipv6-address }

 

Router(config-if)# tunnel destination 10.66.66.1

Specifies the destination address for a tunnel interface.

Step 28

tunnel mode ipv6ip [6rd | 6to4 | auto-tunnel | isatap]

 

Router(config-if)# tunnel mode ipv6ip

Configures a static IPv6 tunnel interface.

Step 29

end

 

Router(config-if)# end

Ends the current configuration session.

Configuration Example

This example shows how to configure the IPv6 overlay addresses in VRF, and the IPv4 transport addresses in the Global Routing Table:

Router# enable
Router# configure terminal
Router(config)# ipv6 unicast-routing
Router(config)# mls ipv6 vrf
Router(config)# vrf definition VRF_RED
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv6
Router(config-vrf-af)# exit
Router(config-vrf)# address-family ipv4
Router(config-vrf)# (config-vrf-af)# exit
Router(config-vrf)# exit
Router(config)# interface gigabitethernet 3/1
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 1::2/64
Router(config-if)# exit
Router(config)# interface gigabitethernet 4/1
Router(config-if)# ip address 10.1.1.1 255.255.255.0
Router(config-if)# exit
Router(config)# interface Loopback 666
Router(config-if)# ip address 66.66.66.66 255.255.255.255
Router(config-if)# exit
Router(config)# interface tunnel 666
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 3::1/120
Router(config-if)# tunnel source loopback 666
Router(config-if)# tunnel destination 10.66.66.1
Router(config-if)# tunnel mode ipv6ip
Router(config-if)# end

Configure IPv6 overlay addresses in VRF and IPv4 transport addresses in VRF

Complete the following steps to configure IPv6 overlay addresses in VRF, and IPv4 transport addresses in VRF:

SUMMARY STEPS


Step 1 enable

Step 2 configure terminal

Step 3 ipv6 unicast-routing

Step 4 mls ipv6 vrf

Step 5 vrf definition vrf name 1

Step 6 rd {ASN:nn | IP address: nn}

Step 7 route-target [import | export | both] {ASN:nn | IP address: nn}

Step 8 address-family ipv6

Step 9 exit

Step 10 address-family ipv4

Step 11 exit

Step 12 exit

Step 13 vrf definition vrf name 2

Step 14 rd {ASN:nn | IP address: nn}

Step 15 route-target [import | export | both] {ASN:nn | IP address: nn}

Step 16 address-family ipv4

Step 17 exit

Step 18 exit

Step 19 interface gigabitethernet slot/port

Step 20 vrf forwarding vrf name 1

Step 21 ipv6 address { ipv6-address/prefix-length | prefix-name sub-bits/prefix-length }

Step 22 exit

Step 23 interface gigabitethernet slot/port

Step 24 vrf forwarding vrf name 2

Step 25 ip address ip-address

Step 26 exit

Step 27 interface loopback interface-number

Step 28 vrf forwarding vrf name 2

Step 29 ip address ip-address

Step 30 exit

Step 31 interface tunnel tunnel-number

Step 32 vrf forwarding vrf name 1

Step 33 ipv6 address { ipv6-address/prefix-length | prefix-name sub-bits/prefix-length }

Step 34 tunnel source {ip-address | interface-type interface-number }

Step 35 tunnel destination {hostname | ip-address | ipv6-address}

Step 36 tunnel mode ipv6ip

Step 37 tunnel vrf vrf name 2

Step 38 end

DETAILED STEPS

Command or Action
Purpose

Step 1

enable

 

Router# enable

Enables privileged EXEC mode. Enter your password if prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 3

ipv6 unicast-routing

 

Router(config)# ipv6 unicast-routing

Enables the forwarding of IPv6 unicast datagrams.

Step 4

mls ipv6 vrf

 

Router(config)# mls ipv6 vrf

Enables IPv6 globally in a VRF instance.

Step 5

vrf definition vrf name 1

 

Router(config)# vrf definition VRF_RED

Configures a VRF instance and enters the VRF configuration mode.

Step 6

rd { ASN:nn | IP address: nn}

 

Router(config-vrf)# rd 1:1

Specifies a route distinguisher (RD).

  • ASN:nn: Specifies an autonomous system number and an arbitrary number.
  • IP address: nn: Specifies an IP address and an arbitrary number.

Step 7

route-target [import | export | both]{ ASN:nn | IP address: nn}

 

Router(config-vrf)#route-target export 1:1

Router(config-vrf)#route-target import 1:1

Creates a route-target extended community for a VRF instance. Route target extended community attributes are used to identify a set of sites and VRF instances that can receive routes with a configured route target.

  • import: Imports routing information from the target VPN extended community.
  • export: Exports routing information to the target VPN extended community.
  • both: Imports both import and export routing information to the target VPN extended community.
  • ASN:nn: Specifies an autonomous system number and an arbitrary number.
  • IP address: nn: Specifies an IP address and an arbitrary number.

Step 8

address-family ipv6

 

Router(config-vrf)#address-family ipv6

Select san address family type for a VRF table and enters VRF address family configuration mode. This command configures the separate route-target policies for IPv6.

Step 9

exit

 

Router(config-vrf-af)#exit

Exits the address family configuration mode.

Step 10

address-family ipv4

 

Router(config-vrf)#address-family ipv4

Selects an address family type for a VRF table and enters VRF address family configuration mode. This command configures the separate route-target policies for IPv4.

Step 11

exit

 

Router (config-vrf-af)#exit

Exits the address family configuration mode.

Step 12

exit

 

Router(config-vrf)#exit

Exits the VRF configuration mode.

Step 13

vrf definition vrf name 2

 

Router(config)# vrf definition VRF_GREEN

Configures a VRF instance and enters the VRF configuration mode.

Step 14

rd { ASN:nn | IP address: nn}

 

Router(config-vrf)# rd 1:1

Specifies a route distinguisher (RD).

  • ASN:nn: Specifies an autonomous system number and an arbitrary number.
  • IP address: nn: Specifies an IP address and an arbitrary number.

Step 15

route-target [import | export | both]{ ASN:nn | IP address: nn}

 

Router(config-vrf)#route-target export 1:1

Router(config-vrf)#route-target import 1:1

Creates a route-target extended community for a VRF instance. Route target extended community attributes are used to identify a set of sites and VRF instances that can receive routes with a configured route target.

  • import: Imports routing information from the target VPN extended community.
  • export: Exports routing information to the target VPN extended community.
  • both: Imports both import and export routing information to the target VPN extended community.
  • ASN:nn: Specifies an autonomous system number and an arbitrary number.
  • IP address: nn: Specifies an IP address and an arbitrary number.

Step 16

address-family ipv4

 

Router(config-vrf)#address-family ipv4

Selects an address family type for a VRF table and enters VRF address family configuration mode. This command configures the separate route-target policies for IPv4.

Step 17

exit

 

Router (config-vrf-af)#exit

Exits the address family configuration mode.

Step 18

exit

 

Router(config-vrf)#exit

Exits the VRF configuration mode.

Step 19

interface gigabitethernet slot/port

 

Router(config)# interface gigabitethernet 3/1

Enters the interface configuration mode and specifies the Gigabit interface to configure.

  • slot/port—Specifies the location of the interface.

Note This command configures the interface towards the IPv6 network.

Step 20

vrf forwarding vrf name 1

 

Router(config-if)#vrf forwarding VRF_RED

Associates a VRF instance with an interface or a subinterface.

Step 21

ipv6 address { ipv6-address|prefix-length | prefix-name sub-bits |prefix-length }

 

Router(config-if)# ipv6 address 1::2/64

Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.

Step 22

exit

 

Router# (config-if)# exit

Exits interface configuration mode.

Step 23

interface gigabitethernet slot/port

 

Router(config)# interface gigabitethernet 4/1

Enters the interface configuration mode and specifies the Gigabit interface to configure.

  • slot/port—Specifies the location of the interface.

Note This command configures the interface towards the IPv4 network.

Step 24

vrf forwarding vrf name 2

 

Router(config-if)#vrf forwarding VRF_GREEN

Associates a VRF instance with an interface or a subinterface.

Step 25

ip address ip-address

 

Router(config-if)#ip address 10.1.1.1 255.255.255.0

Assigns an IP address and subnet mask to the interface.

Step 26

exit

 

Router(config-if)# exit

Exits interface configuration mode.

Step 27

interface loopback interface-number

 

Router(config)# interface Loopback 666

Enters interface configuration mode and names the new loopback interface.

Note This command configures a loopback interface for the tunnel source

Step 28

vrf forwarding vrf name 2

 

Router(config-if)#vrf forwarding VRF_GREEN

Associates a VRF instance with an interface or a subinterface.

Step 29

ip address ip-address

 

Router(config-if)#ip address 66.66.66.66 255.255.255.255

Assigns an IP address and subnet mask to the loopback interface.

Step 30

exit

 

Router(config-if)# exit

Exits interface configuration mode.

Step 31

interface tunnel tunnel-number

 

Router(config)# interface tunnel 666

Specifies a tunnel interface and enters the interface configuration mode.

Note This command configures the IPv6 tunneling over IPv4 Transport.

Step 32

vrf forwarding vrf name 1

 

Router(config-if)#vrf forwarding VRF_RED

Associates a VRF instance with an interface or a subinterface.

Note This command specifies the VRF instance to which the tunnel belongs, that is, the VRF instance used for IPv6 overlay address lookup.

Step 33

ipv6 address { ipv6-address/prefix-length | prefix-name sub-bits/prefix-length }

 

Router(config-if)# ipv6 address 3::1/120

Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.

Step 34

tunnel source {ip-address | interface-type interface-number}

 

Router(config-if)# tunnel source loopback 666

Specifies the source interface type and number for the tunnel interface.

Step 35

tunnel destination { host-name | ip-address | ipv6-address }

 

Router(config-if)# tunnel destination 10.66.66.1

Specifies the destination address for a tunnel interface.

Step 36

tunnel mode ipv6ip

 

Router(config-if)# tunnel mode ipv6ip

Configures a static IPv6 tunnel interface.

Step 37

tunnel vrf vrf name 2

 

Router(config-if)# tunnel vrf VRF_GREEN

Configures a VRF instance with a specific tunnel destination, interface or a subinterface.

Note This command specifies the VRF instance used for tunnel IPv4 transport address lookup, that is, the tunnel source and the tunnel destination.

Step 38

end

 

Router(config-if)# end

Ends the current configuration session.

Configuration Example

This example shows how to configure the IPv6 overlay addresses in VRF, and the IPv4 transport addresses in VRF:

Router# enable
Router# configure terminal
Router(config)# ipv6 unicast-routing
Router(config)# mls ipv6 vrf
Router(config)# vrf definition VRF_RED
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv6
Router(config-vrf-af)# exit
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# exit
Router(config-vrf)# exit
Router(config)# vrf definition VRF_GREEN
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# exit
Router(config-vrf)# exit
Router(config)# interface gigabitethernet 3/1
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 1::2/64
Router(config-if)# exit
Router(config)# interface gigabitethernet 4/1
Router(config-if)# vrf forwarding VRF_GREEN
Router(config-if)# ip address 10.1.1.1 255.255.255.0
Router(config-if)# exit
Router(config)# interface Loopback 666
Router(config-if)# vrf forwarding VRF_GREEN
Router(config-if)# ip address 66.66.66.66 255.255.255.255
Router(config-if)# exit
Router(config)# interface tunnel 666
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 3::1/120
Router(config-if)# tunnel source loopback 666
Router(config-if)# tunnel destination 10.66.66.1
Router(config-if)# tunnel mode ipv6ip
Router(config-if)# tunnel vrf VRF_GREEN
Router(config-if)# end

Verifying the Configuration

Use these commands to verify the configuration of VRF aware IPv6 tunnel on c7600:

Router# show vrf vrf-red
Name Default RD Protocols Interfaces
vrf-red 100:1 ipv4,ipv6 Tu666
 
Router# show interface tunnel 666
Tunnel666 is up, line protocol is up
Hardware is Tunnel
Internet address is 80.1.1.1/24
MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive not set
Tunnel source 66.66.66.66 (Loopback666), destination 66.66.66.65
Tunnel Subblocks:
src-track:
Tunnel666 source tracking subblock associated with Loopback666
Set of tunnels with source Loopback666, 1 member (includes iterators), on interface <OK>
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Tunnel transport MTU 1476 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 00:07:00, output 00:02:39, output hang never
Last clearing of "show interface" counters 00:07:19
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
L2 Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes
L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes mcast
L3 out Switched: ucast: 0 pkt, 0 bytes mcast: 0 pkt, 0 bytes
20 packets input, 1944 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
26 packets output, 2504 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out

Troubleshooting Tips

For troubleshooting information, contact Cisco Technical Assistance Center (TAC) at:

http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

IPv6 over IPv4-GRE Tunnels

IPv6 traffic is carried over IPv4 generic routing encapsulation (GRE) tunnels using the standard GRE tunneling technique. As in the manually configured IPv6 tunnels, GRE tunnels are links between two points, with a separate tunnel for each link. The GRE tunnels provide stable connections that require regular secure communication between two edge routers or between an edge router and an end system. This feature supports VRF Aware IPv6 over IPv4-GRE Tunnel on the c7600.

Figure 13-6 Topology for VRF Aware IPv6 over IPv4-GRE

The VRF Aware IPv6 over IPv4 GRE tunnel must have ES+ line card towards the core facing side.

 

Restrictions for IPv6 over IPv4-GRE tunnel

Following restrictions apply to the IPv6 over IPv4-GRE tunnel:

  • The IPv4 tunnel facing interface must be on the ES+ line card.
  • The GRE tunnel key is not supported in the hardware.
  • The IPv4 fragmentation after tunnel encapcapsulation is not supported in the hardware.
  • The fragmented IPv4 packets for tunnel decapsulation is not supported in the hardware.
  • The IPv4 GRE keepalives are supported, but the IPv6 GRE keepalives are not supported.
  • The keepalives are not supported when the VRF instances configured using the vrf forwarding and tunnel vrf commands are different.
  • Due to EARL limitation, same source tunnels across VRF’s are not supported.
  • This feature is not SSO compliant.
  • With scaled configurations, when changing the tunnel mode from IPv6 over GRE to IPv6IP and on enabling the mls mpls tunnel-recirc command , the system didplays an error message with a traceback.

Configuring IPv6 over IPv4-GRE tunnel

The following sections describe how to configure IPv6 over IPv4-GRE tunnel on the c7600 platform:

Configure IPv6 traffic over IPv4-GRE

Complete the following steps to configure IPv6 traffic over IPv4-GRE tunnel:


Step 1 enable

Step 2 configure terminal

Step 3 ipv6 unicast-routing

Step 4 interface gigabitethernet slot/port

Step 5 ipv6 address { ipv6-address/prefix-length | prefix-name sub-bits/prefix-length }

Step 6 exit

Step 7 interface gigabitethernet slot/port

Step 8 ip address ip-address

Step 9 exit

Step 10 interface loopback interface-number

Step 11 ip address ip-address

Step 12 exit

Step 13 interface tunnel tunnel-number

Step 14 ipv6 enable

Step 15 ipv6 address { ipv6-address/prefix-length | prefix-name sub-bits/prefix-length }

Step 16 tunnel source {ip-address | interface-type interface-number }

Step 17 tunnel destination {hostname | ip-address | ipv6-address}

Step 18 tunnel mode gre ip

Step 19 exit

DETAILED STEPS

Command or Action
Purpose

Step 1

enable

 

Router# enable

Enables privileged EXEC mode. Enter your password if prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 3

ipv6 unicast-routing

 

Router(config)# ipv6 unicast-routing

Enables the forwarding of IPv6 unicast datagrams.

Step 4

interface gigabitethernet slot/port

 

Router(config)# interface gigabitethernet 3/1

Enters the interface configuration mode and specifies the Gigabit interface to configure.

  • slot/port—Specifies the location of the interface.

Note This command configures the interface towards the IPv6 network.

Step 5

ipv6 address { ipv6-address|prefix-length | prefix-name sub-bits |prefix-length }

 

Router(config-if)# ipv6 address 1::2/64

Specifies the IPv6 address assigned to the interface, and enables IPv6 processing on the interface.

Step 6

exit

 

Router# (config-if)# exit

Exits interface configuration mode.

Step 7

interface gigabitethernet slot/port

 

Router(config)# interface gigabitethernet 4/1

Enters the interface configuration mode and specifies the Gigabit interface to configure.

  • slot/port—Specifies the location of the interface.

Note This command configures the interface towards the IPv4 network.

Step 8

ip address ip-address

 

Router(config-if)#ip address 10.1.1.1 255.255.255.0

Assigns an IP address and subnet mask to the interface.

Step 9

exit

 

Router(config-if)# exit

Exits interface configuration mode.

Step 10

interface loopback interface-number

 

Router(config)# interface Loopback 666

Enters interface configuration mode and names the new loopback interface.

Note This command configures a loopback interface for the tunnel source

Step 11

ip address ip-address

 

Router(config-if)#ip address 66.66.66.66 255.255.255.255

Assigns an IP address and subnet mask to the loopback interface.

Step 12

exit

 

Router(config-if)# exit

Exits interface configuration mode.

Step 13

interface tunnel tunnel-number

 

Router(config)# interface tunnel 666

Specifies a tunnel interface and enters the interface configuration mode.

Note This command configures the IPv6 tunneling over IPv4 Transport.

Step 14

ipv6 enable

 

Router(config-if)# ipv6 enable

Enables IPv6 processing on an interface not configured with an explicit IPv6 address.

Step 15

ipv6 address { ipv6-address/prefix-length | prefix-name sub-bits/prefix-length }

 

Router(config-if)# ipv6 address 3::1/120

Specifies the IPv6 address assigned to the interface, and enables IPv6 processing on the interface.

Step 16

tunnel source {ip-address | interface-type interface-number}

 

Router(config-if)# tunnel source loopback 666

Specifies the source interface type and number for the tunnel interface.

Step 17

tunnel destination { host-name | ip-address | ipv6-address }

 

Router(config-if)# tunnel destination 10.66.66.1

Specifies the destination address for a tunnel interface.

Step 18

tunnel mode gre ip

 

Router(config-if)# tunnel mode gre ip

Sets the encapsulation mode for the tunnel interface to GRE.

Step 19

end

 

Router(config-if)# end

Ends the current configuration session.

Configuration Example

This example shows how to configure IPv6 traffic over IPv4-GRE tunnel:

Router# enable
Router# configure terminal
Router(config)# ipv6 unicast-routing
Router(config)# interface gigabitethernet 3/1
Router(config-if)# ipv6 address 1::2/64
Router(config-if)# exit
Router(config)# interface gigabitethernet 4/1
Router(config-if)# ip address 10.1.1.1 255.255.255.0
Router(config-if)# exit
Router(config)# interface Loopback 666
Router(config-if)# ip address 66.66.66.66 255.255.255.255
Router(config-if)# exit
Router(config)# interface tunnel 666
Router(config-if)# ipv6 enable
Router(config-if)# ipv6 address 3::1/120
Router(config-if)# tunnel source loopback 666
Router(config-if)# tunnel destination 10.66.66.1
Router(config-if)# tunnel mode gre ip
Router(config-if)# end
 

Configure VRF Aware IPv6 over IPv4-GRE Tunnel

Complete the following steps to configure VRF Aware IPv6 over IPv4-GRE Tunnel:


Step 1 enable

Step 2 configure terminal

Step 3 ipv6 unicast-routing

Step 4 mls ipv6 vrf

Step 5 vrf definition vrf name 1

Step 6 rd {ASN:nn | IP address: nn}

Step 7 route-target [import | export | both] {ASN:nn | IP address: nn}

Step 8 address-family ipv6

Step 9 exit

Step 10 address-family ipv4

Step 11 exit

Step 12 exit

Step 13 vrf definition vrf name 2

Step 14 rd {ASN:nn | IP address: nn}

Step 15 route-target [import | export | both] {ASN:nn | IP address: nn}

Step 16 address-family ipv4

Step 17 exit

Step 18 exit

Step 19 interface gigabitethernet slot/port

Step 20 vrf forwarding vrf name 1

Step 21 ipv6 address { ipv6-address/prefix-length | prefix-name sub-bits/prefix-length }

Step 22 exit

Step 23 interface gigabitethernet slot/port

Step 24 vrf forwarding vrf name 2

Step 25 ip address ip-address

Step 26 exit

Step 27 interface loopback interface-number

Step 28 vrf forwarding vrf name 2

Step 29 ip address ip-address

Step 30 exit

Step 31 interface tunnel tunnel-number

Step 32 vrf forwarding vrf name 1

Step 33 ipv6 address { ipv6-address/prefix-length | prefix-name sub-bits/prefix-length }

Step 34 tunnel source {ip-address | interface-type interface-number }

Step 35 tunnel destination {hostname | ip-address | ipv6-address}

Step 36 tunnel mode gre ip

Step 37 tunnel vrf vrf name 2

Step 38 end

DETAILED STEPS

Command or Action
Purpose

Step 1

enable

 

Router# enable

Enables privileged EXEC mode. Enter your password if prompted.

Step 2

configure terminal

 

Router# configure terminal

Enters global configuration mode.

Step 3

ipv6 unicast-routing

 

Router(config)# ipv6 unicast-routing

Enables the forwarding of IPv6 unicast datagrams.

Step 4

mls ipv6 vrf

 

Router(config)# mls ipv6 vrf

Enables IPv6 globally in a VRF instance.

Step 5

vrf definition vrf name 1

 

Router(config)# vrf definition VRF_RED

Configures a VRF instance and enters the VRF configuration mode.

Step 6

rd { ASN:nn | IP address: nn}

 

Router(config-vrf)# rd 1:1

Specifies an RD.

  • ASN:nn: Specifies an autonomous system number and an arbitrary number.
  • IP address: nn: Specifies an IP address and an arbitrary number.

Step 7

route-target [import | export | both]{ ASN:nn | IP address: nn}

 

Router(config-vrf)#route-target export 1:1

Router(config-vrf)#route-target import 1:1

Creates a route-target extended community for a VRF instance. Route target extended community attributes are used to identify a set of sites and VRF instances that can receive routes with a configured route target.

  • import: Imports routing information from the target VPN extended community.
  • export: Exports routing information to the target VPN extended community.
  • both: Imports both import and export routing information to the target VPN extended community.
  • ASN:nn: Specifies an autonomous system number and an arbitrary number.
  • IP address: nn: Specifies an IP address and an arbitrary number.

Step 8

address-family ipv6

 

Router(config-vrf)#address-family ipv6

Select san address family type for a VRF table and enters VRF address family configuration mode. This command configures the separate route-target policies for IPv6.

Step 9

exit

 

Router(config-vrf-af)#exit

Exits the address family configuration mode.

Step 10

address-family ipv4

 

Router(config-vrf)#address-family ipv4

Selects an address family type for a VRF table and enters VRF address family configuration mode. This command configures the separate route-target policies for IPv4.

Step 11

exit

 

Router (config-vrf-af)#exit

Exits the address family configuration mode.

Step 12

exit

 

Router(config-vrf)#exit

Exits the VRF configuration mode.

Step 13

vrf definition vrf name 2

 

Router(config)# vrf definition VRF_GREEN

Configures a VRF instance and enters the VRF configuration mode.

Step 14

rd { ASN:nn | IP address: nn}

 

Router(config-vrf)# rd 1:1

Specifies an RD.

  • ASN:nn: Specifies an autonomous system number and an arbitrary number.
  • IP address: nn: Specifies an IP address and an arbitrary number.

Step 15

route-target [import | export | both]{ ASN:nn | IP address: nn}

 

Router(config-vrf)#route-target export 1:1

Router(config-vrf)#route-target import 1:1

Creates a route-target extended community for a VRF instance. Route target extended community attributes are used to identify a set of sites and VRF instances that can receive routes with a configured route target.

  • import: Imports routing information from the target VPN extended community.
  • export: Exports routing information to the target VPN extended community.
  • both: Imports both import and export routing information to the target VPN extended community.
  • ASN:nn: Specifies an autonomous system number and an arbitrary number.
  • IP address: nn: Specifies an IP address and an arbitrary number.

Step 16

address-family ipv4

 

Router(config-vrf)#address-family ipv4

Selects an address family type for a VRF table and enters VRF address family configuration mode. This command configures the separate route-target policies for IPv4.

Step 17

exit

 

Router (config-vrf-af)#exit

Exits the address family configuration mode.

Step 18

exit

 

Router(config-vrf)#exit

Exits the VRF configuration mode.

Step 19

interface gigabitethernet slot/port

 

Router(config)# interface gigabitethernet 3/1

Enters the interface configuration mode and specifies the Gigabit interface to configure.

  • slot/port—Specifies the location of the interface.

Note This command configures the interface towards the IPv6 network.

Step 20

vrf forwarding vrf name 1

 

Router(config-if)#vrf forwarding VRF_RED

Associates a VRF instance with an interface or a subinterface.

Step 21

ipv6 address { ipv6-address|prefix-length | prefix-name sub-bits |prefix-length }

 

Router(config-if)# ipv6 address 1::2/64

Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.

Step 22

exit

 

Router# (config-if)# exit

Exits interface configuration mode.

Step 23

interface gigabitethernet slot/port

 

Router(config)# interface gigabitethernet 4/1

Enters the interface configuration mode and specifies the Gigabit interface to configure.

  • slot/port—Specifies the location of the interface.

Note This command configures the interface towards the IPv4 network.

Step 24

vrf forwarding vrf name 2

 

Router(config-if)#vrf forwarding VRF_GREEN

Associates a VRF instance with an interface or a subinterface.

Step 25

ip address ip-address

 

Router(config-if)#ip address 10.1.1.1 255.255.255.0

Assigns an IP address and subnet mask to the interface.

Step 26

exit

 

Router(config-if)# exit

Exits interface configuration mode.

Step 27

interface loopback interface-number

 

Router(config)# interface Loopback 666

Enters interface configuration mode and names the new loopback interface.

Note This command configures a loopback interface for the tunnel source

Step 28

vrf forwarding vrf name 2

 

Router(config-if)#vrf forwarding VRF_GREEN

Associates a VRF instance with an interface or a subinterface.

Step 29

ip address ip-address

 

Router(config-if)#ip address 66.66.66.66 255.255.255.255

Assigns an IP address and subnet mask to the loopback interface.

Step 30

exit

 

Router(config-if)# exit

Exits interface configuration mode.

Step 31

interface tunnel tunnel-number

 

Router(config)# interface tunnel 666

Specifies a tunnel interface and enters the interface configuration mode.

Note This command configures the IPv6 tunneling over IPv4 Transport.

Step 32

vrf forwarding vrf name 1

 

Router(config-if)#vrf forwarding VRF_RED

Associates a VRF instance with an interface or a subinterface.

Note This command specifies the VRF instance to which the tunnel belongs , that is, the VRF instance used for IPv6 overlay address lookup.

Step 33

ipv6 address { ipv6-address|prefix-length | prefix-name sub-bits |prefix-length }

 

Router(config-if)# ipv6 address 3::1/120

Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.

Step 34

tunnel source {ip-address | interface-type interface-number}

 

Router(config-if)# tunnel source loopback 666

Specifies the source interface type and number for the tunnel interface.

Step 35

tunnel destination { host-name | ip-address | ipv6-address }

 

Router(config-if)# tunnel destination 10.66.66.1

Specifies the destination address for a tunnel interface.

Step 36

tunnel mode gre ip

 

Router(config-if)# tunnel mode gre ip

Sets the encapsulation mode for the tunnel interface to GRE.

Step 37

tunnel vrf vrf name 2

 

Router(config-if)# tunnel vrf VRF_GREEN

Configures a VRF instance with a specific tunnel destination, interface or a subinterface.

Note This command specifies the VRF instance used for tunnel IPv4 transport address lookup, that is, the tunnel source and the tunnel destination.

Step 38

end

 

Router(config-if)# end

Ends the current configuration session.

Configuration Example

This example shows how to configure VRF Aware IPv6 over IPv4-GRE Tunnel:

Router# enable
Router# configure terminal
Router(config)# ipv6 unicast-routing
Router(config)# mls ipv6 vrf
Router(config)# vrf definition VRF_RED
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv6
Router(config-vrf-af)# exit
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# exit
Router(config-vrf)# exit
Router(config)# vrf definition VRF_GREEN
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# exit
Router(config-vrf)# exit
Router(config)# interface gigabitethernet 3/1
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 1::2/64
Router(config-if)# exit
Router(config)# interface gigabitethernet 4/1
Router(config-if)# vrf forwarding VRF_GREEN
Router(config-if)# ip address 10.1.1.1 255.255.255.0
Router(config-if)# exit
Router(config)# interface Loopback 666
Router(config-if)# vrf forwarding VRF_GREEN
Router(config-if)# ip address 66.66.66.66 255.255.255.255
Router(config-if)# exit
Router(config)# interface tunnel 666
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 3::1/120
Router(config-if)# tunnel source loopback 666
Router(config-if)# tunnel destination 10.66.66.1
Router(config-if)# tunnel mode gre ip
Router(config-if)# tunnel vrf VRF_GREEN
Router(config-if)# end

Verifying the Configuration

Use these commands to verify the configuration of IPv6 over IPv4-GRE tunnel on the c7600:

Router# show platform npc ipv6ogre interface tunnel 666
Tunnel666 is up, line protocol is up
Hardware is Tunnel
MTU 0 bytes, BW 10000000 Kbit/sec, DLY 0 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Keepalive set (10 sec)
Tunnel source 66.66.66.66 (Loopback666), destination 66.66.66.65
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Checksumming of packets disabled, vip tunneling enabled
Last input never, output never, output hang never
Last clearing of "show interface" counters 00:08:54
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
Platform information
Tunnel vlan : 1026
Tun rsvd vlan : 1025
Phy vlan : 1017
Tunnel id : 0
HPLA addr : 0x23AF10A0
Router# show platform npc ipv6ogre egress-table 1026
IPV6OGRE egress table entry
eg_entry->match_cond = 1
eg_entry->ent_valid = 1
eg_entry->phy_vlan = 1017
eg_entry->src_ip = 66.66.66.66
eg_entry->dst_ip = 66.66.66.65
eg_entry->smac = 0012.44dc.9000
eg_entry->dmac = 0018.7468.0000
eg_entry->eg_stats_id = 639626 0x0009C28A
Raw dump
 
value: 00 00 3f 93 68 74 18 00 12 00 00 00 00 90 dc 44 ..?.ht........\D
value: aa 45 00 08 42 42 42 42 41 42 42 42 00 09 c2 8a *E..BBBBABBB..B.
Router# show platform npc ipv6ogre tcam 1026
Dumping tcam for 1026 on NP 0
Key Decode :
Source IP : 66.66.66.65 Mask : 00000000
Destination IP : 66.66.66.66 Mask : 00000000
Feature id : 3 Mask : 00
Result Decode :
Vlan : 1025
Statistics ID : 0x9C287
 
Raw output :
g_vmr.value : 42 42 42 42 42 42 42 41 03 00 00 00 00 00 00 00 00 00 E8 80
g_vmr.mask : 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF 64 A0
g_vmr.result: 04 01 01 03 00 09 C2 87
 
Dumping tcam for 1026 on NP 1
Key Decode :
Source IP : 66.66.66.65 Mask : 00000000
Destination IP : 66.66.66.66 Mask : 00000000
Feature id : 3 Mask : 00
Result Decode :
Vlan : 1025
Statistics ID : 0x9C28B
 
Raw output :
g_vmr.value : 42 42 42 42 42 42 42 41 03 00 00 00 00 00 00 00 00 00 E8 80
g_vmr.mask : 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF 64 A0
g_vmr.result: 04 01 01 03 00 09 C2 8B
 
Router# show platform npc ipv6ogre xlif 1026
Egress XLIF table fields
 
Feature common enable: 0x1
Feature enable: 0x1
Feature bits: 0x04
Control common bits: 0x00
Control feature bits: 0x00
Control rewrite opcode: 0x00
Port: 0x4
Match cond 0x1
Entry valid: 0x1
Optimal Path en : 0x0
Dbus VLAN: 1017
QoS policy ID: 0
ACL ID: 0
Statistics ID: 0
Inner rewrite VLAN: 0
Outer rewrite VLAN: 0
QoS flow ID: 0
IP Session en : 0
Feature data 0 0x40C40010
Intf etype: 0x00004242
Multicast enable: 0x00000001
Post Filter Opcode 0x00000004
Pre Filter Opcode 0x00000000
Pre Tag Outer 0x00000010
Pre Tag Inner 0x000000C4
Post Filter Vlan high 0x00000414
Post Filter Vlan low 0x00000242
Post Filter Vlan outer 0x00000242
EVC - MST: 0x0
EVC etype 0x03F9
CFM MEP Level 0x00000004
CFM MIP Level 0x00000002
CFM disable 0x0
MIP filtering 0x1
block_data: 0x0
block_l2bpdu: 0x1
sacl: 0x0
sacl index: 0x0000
sacl statid: 0x00100
Span Enable: 0x0
 
Egress XLIF table fields
 
Feature common enable: 0x1
Feature enable: 0x1
Feature bits: 0x01
Control common bits: 0x00
Control feature bits: 0x00
Control rewrite opcode: 0x00
Port: 0x4
Match cond 0x1
Entry valid: 0x1
Optimal Path en : 0x1
Dbus VLAN: 1017
QoS policy ID: 0
ACL ID: 0
Statistics ID: 0
Inner rewrite VLAN: 0
Outer rewrite VLAN: 0
QoS flow ID: 0
IP Session en : 0
Feature data 0 0x00C40010
Intf etype: 0x00008100
Multicast enable: 0x00000000
Post Filter Opcode 0x00000008
Pre Filter Opcode 0x00000000
Pre Tag Outer 0x00000010
Pre Tag Inner 0x000000C4
Post Filter Vlan high 0x00000000
Post Filter Vlan low 0x00000100
Post Filter Vlan outer 0x00000000
EVC - MST: 0x0
EVC etype 0x0000
CFM MEP Level 0x00000000
CFM MIP Level 0x00000000
CFM disable 0x0
MIP filtering 0x0
block_data: 0x0
block_l2bpdu: 0x0
sacl: 0x0
sacl index: 0x0000
sacl statid: 0x00000
Span Enable: 0x0

Troubleshooting Tips

For troubleshooting information, contact Cisco Technical Assistance Center (TAC) at:

http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

IPv6 Policy Based Routing

IPv6 policy-based routing (PBR) provides a flexible mechanism to route packets and define policy for the traffic flows. It extends and complements the existing mechanisms provided by routing protocols. PBR also provides a basic packet-marking capability.

PBR performs the following tasks:

  • Classifies traffic based on extended access list criteria. It provides access to lists and then establishes the match criteria.
  • Sets IPv6 precedence bits and enables the network to differentiate classes of service.
  • Routes packets to specific traffic-engineered paths. You can route the packets to allow a specific quality of service (QoS) through the network.

The Cisco 7600 Series Router implements this feature using the Earl7 forwarding engines capability to classify traffic through an Access Control List (ACL) Ternary Content Addressable Memory (TCAM) lookup. The ACL TCAM lookup classifies traffic based on the combination of a variety of Layer 3 and Layer 4 traffic parameters. Once classified, the ACL TCAM drives results for matching flows. The Feature Manager (FM) component converts the route map policy configured on an interface into a series of values, masks and results (VMRs) and programs these in the ACL TCAM.

Policy Based Routing

All packets received on a PBR-enabled interface are passed through enhanced packet filters known as route maps. Route maps are composed of statements that are marked as permit or deny , and they are interpreted in these ways:

  • If a packet matches all match statements for a route map that is marked as permit , the router subjects the packet to PBR using the set statements.
  • If the packet matches any match statements for a route map that is marked as deny , the router does not subject the packet to PBR and forwards it normally.
  • If the statement is marked as permit and the packets do not match any route map statements, the router sends the packets back through the normal forwarding channels and performs destination-based routing.

Packet Matching

The IPv6 PBR match criterion for a sequence is specified through a combination of IPv6 access-lists and packet length operations. Match statements are evaluated first by the criteria specified in the match ipv6 address command and then by criteria specified in the match length command. Therefore, if both an ACL and a length statement are used, a packet is first subjected to an ACL match. Only packets that pass the ACL match are subjected to the length match. Finally, only packets that pass both the ACL and the length statement are policy routed.

Packet Forwarding Using Set Statements

PBR for IPv6 packet forwarding is controlled using a number of set statements in the PBR route map. Listed below are the forwarding actions in order of decreasing priority, and the manner in which these options are reflected in the result from the VMRs programmed in the ACL TCAM. When more than one kind of packet forwarding action is specified in a sequence, the one with the highest priority is chosen.

Table 13-4 Packet Forwarding Set Statements

Set Statement
Notes

set vrf vrf name

Specifies the VPN Routing and Forwarding (VRF) instance to which the packet should be sent, based on packet attributes. By default the VRF that a packet is forwarded on is the same as the VRF that receives the packet.

set ipv6 next-hop next-hop ipv6 address

Specifies the next hop for the packet. The next hop must be present in the Routing Information Base (RIB); it must be directly connected, and it must be a global IPv6 address. If the next hop is invalid, the set statement is ignored.

set interface next-hop interface

Specifies the next hop interface for the packet. A packet is forwarded out of a specified interface. An entry for the packet destination address must exist in the IPv6 RIB, and the specified output interface must be in the path set. If the interface is invalid, the set statement is ignored.

set ipv6 default next-hop default next-hop ipv6 address

Specifies the connected next hop for the packet if the usual forwarding method fails to produce the default result. It must be a global IPv6 address. This set statement is used only when there is no explicit entry for the packet destination in the IPv6 RIB.

set default interface default next-hop interface

Specifies the default next-hop interface, from which the matching packets are forwarded if the usual forwarding method fails to produce a result. This set statement is used only when there is no explicit entry for the packet destination in the IPv6 RIB.

Restrictions for IPv6 PBR

Following restrictions apply to the IPv6 PBR:

  • Match length is not supported in the hardware, and the PBR is applied to the software.
  • Packet marking actions are not supported in the hardware, and packets requiring marking due to PBR are punted to the software.
  • Set interface is supported in the hardware only for the serial interface. Other interfaces are supported on the software.
  • Packets containing an IPv6 hop-by-hop header need to be examined by the router and are punted to the software. Such packets are subjected to PBR in the software.
  • PBR policies using access-lists matching on IPv6 flow label, DSCP value and extension headers such as, routing, mobility, destination headers cannot be fully classified in the hardware, and are punted to the software after partial classification.
  • It is not possible to completely classify traffic in hardware, when access-lists matching on non compressible addresses are used. In such cases, the PBR is applied to the software.
  • On Tycho based systems, fragment packets that require matching on layer 4 protocol are punted to the software .
  • IPv6 PBR on SVI interfaces is applied to the software, and hardware provides only partial classification.
  • IPv6 PBR when applied to hardware will also be applied on packets destined to a router address.
  • A set next-hop action where the next-hop is at the other end of a tunnel is not supported in the hardware.
  • For set interface and set default interface, the interface should be a point-to-point one.
  • PBR is not applied to multicast traffic and the traffic destined to link local addresses.
  • When there is no traffic flow, the TCAM entry does not change from punt to policy-route.

Configuring IPv6 PBR

To configure, verify and troubleshoot the IPv6 PBR, see: : Configuring IPv6 PBR.