Guest

Cisco IOS XR Software (End-of-Sale)

Release Notes for Cisco ASR 9000 Series Aggregation Services Routers for Cisco IOS XR Software Release 3.9.2

  • Viewing Options

  • PDF (1.1 MB)
  • Feedback
Release Notes for Cisco ASR 9000 Series Aggregation Services Routers for Cisco IOS XR Software Release 3.9.2

Table Of Contents

Release Notes for Cisco ASR 9000 Series Aggregation Services Routers for Cisco IOS XR Software Release 3.9.2

Contents

Introduction

System Requirements

Feature Set Table

Memory Requirements

Hardware Supported

Software Compatibility

Cisco ASR 9000 Series Right-To-Use (RTU) Licensing

Other Firmware Support

Determining Your Software Version

Features Supported on the Cisco ASR 9000 Series Router

Features Introduced in Cisco IOS XR Software Release 3.9.2

ACL Based Forwarding (ABF)

ABF Configuration Commands:

ipv4 access-list log-update rate

ipv4 access-list log-update threshold

permit (IPv4)

ABF Show Commands

show access-lists afi-all

show access-lists ipv4

show access-list ipv4 "acl_name" hardware ingress location "node"

show cef

show cef exact-route

Generic Routing Encapsulation (GRE)

GRE Commands

interface tunnel-ip

tunnel destination

tunnel mode

tunnel source

tunnel tos

tunnel ttl

tunnel dfbit disable

keepalive

GRE Show Commands

show cef

show cef adjacency

show cef interface

IPv6 Over Bundle

Features Introduced in Cisco IOS XR Software Release 3.9.1

Features Introduced in Cisco IOS XR Software Release 3.9.0

Features Introduced in Cisco IOS XR Software Release 3.7.3

Features Introduced in Cisco IOS XR Software Release 3.7.2

Important Notes

Caveats

Resolved Release 3.9.2 Cisco IOS XR Software Caveats

Open Release 3.9.2 Cisco IOS XR Software Caveats

Open Release 3.9.2 Caveats Specific to the Cisco ASR 9000 Series Router

Upgrading Cisco IOS XR Software

Troubleshooting

Resolving Upgrade File Issues

Obtaining Documentation and Submitting a Service Request


Release Notes for Cisco ASR 9000 Series Aggregation Services Routers for Cisco IOS XR Software Release 3.9.2


April 15, 2013

Cisco ASR 9000 Series Router Software Release 3.9.2

Text Part Number OL-23385-03


Note For information on Cisco ASR 9000 Series Router running Cisco IOS XR Software Release 3.9.2, see the "Features Introduced in Cisco IOS XR Software Release 3.9.2" section.


These release notes describe the features provided on the Cisco ASR 9000 Series Router running Cisco IOS XR Software Release 3.9.2 and are updated as needed.

For a list of software caveats that apply to the Cisco ASR 9000 Series Router running Cisco IOS XR Software Release 3.9.2, see the "Caveats" section. The caveats are updated for every release and are described on the World Wide Web at www.cisco.com.

Contents

These release notes contain the following sections:

Introduction

System Requirements

Determining Your Software Version

Features Supported on the Cisco ASR 9000 Series Router

Important Notes

Caveats

Upgrading Cisco IOS XR Software

Troubleshooting

Obtaining Documentation and Submitting a Service Request, page 107

Introduction

Cisco IOS XR software is a distributed operating system designed for continuous system operation combined with service flexibility and high performance.

Cisco IOS XR software running on the Cisco ASR 9000 Series Router provides the following features and benefits:

IP and RoutingSupports a wide range of IPv4 and IPv6 services and routing protocols; such as Border Gateway Protocol (BGP), Routing Information Protocol (RIPv2), Intermediate System-to-Intermediate System (IS-IS), Open Shortest Path First (OSPF), IP Multicast, Routing Policy Language (RPL), Hot Standby Router Protocol (HSRP), and Virtual Router Redundancy Protocol features (VRRP).

Ethernet Services—The Cisco IOS XR software Release 3.9.2 running on the Cisco ASR 9000 Series Router supports the following Ethernet features:

Ethernet Virtual Connections (EVCs)

Flexible VLAN classification

Flexible VLAN translation

IEEE bridging

IEEE 802.1s Multiple Spanning Tree (MST)

MST Access Gateway

L2VPN

Virtual Private LAN Services (VPLS), Hierarchical VPLS (H-VPLS), Virtual Private Wire Service (VPWS), Ethernet over MPLS (EoMPLS), pseudo wire redundancy, and multi segment pseudo wire stitching

BGP Prefix Independent ConvergenceProvides the ability to converge BGP routes within sub seconds instead of multiple seconds. The Forwarding Information Base (FIB) is updated, independent of a prefix, to converge multiple 100K BGP routes with the occurrence of a single failure. This convergence is applicable to both core and edge failures and with or with out MPLS. This fast convergence innovation is unique to Cisco IOS XR software.

Multiprotocol Label Switching (MPLS)Supports MPLS protocols, including Traffic Engineering (TE) [including TE-FRR and TE Preferred Path], Resource Reservation Protocol (RSVP), Label Distribution Protocol (LDP), Targeted LDP (T-LDP), Differentiated Services (DiffServ)-aware traffic engineering, and Layer 3 Virtual Private Network (L3VPN).

Multicast—Provides comprehensive IP Multicast software including Source Specific Multicast (SSM) and Protocol Independent Multicast (PIM) in Sparse Mode only. The Cisco ASR 9000 Series Router also supports Automatic route processing (AutoRP), Multiprotocol BGP (MBGP), Multicast Source Discovery Protocol (MSDP), Internet Group Management Protocol Versions 2 and 3 (IGMPv2 and v3), and IGMPv2 and v3 snooping.

Quality of Service (QoS)—Supports QoS mechanisms including policing, marking, queuing, random and hard traffic dropping, and shaping. Additionally, Cisco IOS XR supports modular QoS command-line interface (MQC). MQC is used to configure various QoS features on various Cisco platforms, including the Cisco ASR 9000 Series Router. Supports the following:

Class-Based Weighted Fair Queuing (CBWFQ)

Weighted Random Early Detection (WRED)

Priority Queuing with propagation

2-rate 3-color (2R3C) Policing

Modular QoS CLI (MQC)

4-level Hierarchical-QoS

Shared Policy Instances

Manageability—Provides industry-standard management interfaces including modular command-line interface (CLI), Simple Network Management Protocol (SNMP), and native Extensible Markup Language (XML) interfaces. Includes a comprehensive set of Syslog messaging.

Security—Provides comprehensive network security features including Layer 2 and Layer 3access control lists (ACLs); routing authentications; Authentication, Authorization, and Accounting (AAA)/Terminal Access Controller Access Control System (TACACS+); Secure Shell (SSH); Management Plane Protection (MPP) for control plan security; and Simple Network Management Protocol version3 (SNMPv3). Control plane protections integrated into line card Application-Specific Integrated Circuits (ASICs) include Generalized TTL Security Mechanism (GTSM), RFC 3682, and Dynamic Control Plane Protection (DCPP).

Availability—Supports rich availability features such as fault containment, fault tolerance, fast switchover, link aggregation, nonstop routing for ISIS, LDP and OSPF, and nonstop forwarding (NSF).

Enhanced core competencies:

IP fast convergence with Fast Reroute (FRR) support for Intermediate System-to-Intermediate System (IS-IS)

Traffic engineering support for unequal load balancing

Path Computation Element (PCE) capability for traffic engineering

For more information about new features provided on the Cisco ASR 9000 Series Router platform for Cisco IOS XR Software Release 3.9.2, see the "Features Introduced in Cisco IOS XR Software Release 3.9.2" section in this document.

System Requirements

This section describes the system requirements for Cisco ASR 9000 Series Router Software Release 3.9.2. The system requirements include the following information:

Feature Set Table

Memory Requirements

Hardware Supported

Software Compatibility

Other Firmware Support

Feature Set Table

The Cisco ASR 9000 Series Router software is packaged in feature sets (also called software images). Each feature set contains a specific set of Cisco ASR 9000 Series Router Software Release 3.9.2 features.

Table 1 lists the Cisco ASR 9000 Series Router software feature set matrix (PIE files) and associated filenames available for the Release 3.9.2 supported on the Cisco ASR 9000 Series Router.

Table 1 Cisco ASR 9000 Series Router Supported Feature Sets
(Cisco IOS XR Software Release 3.9.2 PIE Files) 

Feature Set
Filename
Description
Composite Package

Cisco IOS XR IP Unicast Routing Core Bundle

comp-asr9k-mini.pie-3.9.2

Contains the required core packages, including OS, Admin, Base, Forwarding, Forwarding Processor Card 40G, FPD, Routing, SNMP Agent, Diagnostic Utilities, and Alarm Correlation.

Cisco IOS XR IP Unicast Routing Core Bundle

comp-asr9k-mini.vm-3.9.2

Contains the required core packages including OS, Admin, Base, Forwarding, Forwarding Processor Card 40G, FPD, Routing, SNMP Agent, Diagnostic Utilities, and Alarm Correlation.

Optional Individual Packages 1

Cisco IOS XR Manageability Package

asr9k-mgbl.pie-3.9.2

CORBA2 agent, XML3 Parser, and HTTP server packages. This PIE also contains some SNMP MIB infrastructure. Certain MIBs won't work if this PIE is not installed.

Cisco IOS XR MPLS Package

asr9k-mpls.pie-3.9.2

MPLS-TE,4 LDP,5 MPLS Forwarding, MPLS OAM,6 LMP,7 OUNI,8 RSVP,9 and Layer-3 VPN.

Cisco IOS XR Multicast Package

asr9k-mcast.pie-3.9.2

Multicast Routing Protocols (PIM, MSDP,10 IGMP,11 Auto-RP), Tools (SAP, MTrace), and Infrastructure (MRIB,12 MURIB13 , MFWD14 ), and BIDIR-PIM.15

Cisco IOS XR Security Package

asr9k-k9sec.pie-3.9.2

Support for Encryption, Decryption, IPSec,16 SSH,17 SSL,18 and PKI19 (Software based IPSec support—maximum of 500 tunnels)

Cisco IOS XR Advanced Video Package

asr9k-adv-video-p.pie-3.9.2

Firmware for the advanced video feature for Cisco ASR 9000 Series Router chassis.

Cisco IOS XR Documentation Package

asr9k-doc.pie-3.9.2

.man pages for Cisco IOS XR Software on the Cisco ASR 9000 Series Router chassis.

1 Packages are installed individually

2 Common Object Request Broker Architecture

3 Extensible Markup Language

4 MPLS Traffic Engineering

5 Label Distribution Protocol

6 Operations, Administration, and Maintenance

7 Link Manager Protocol

8 Optical User Network Interface

9 Resource Reservation Protocol

10 Multicast Source Discovery Protocol

11 Internet Group Management Protocol

12 Multicast Routing Information Base

13 Multicast-Unicast RIB

14 Multicast forwarding

15 Bidirectional Protocol Independent Multicast

16 IP Security

17 Secure Shell

18 Secure Socket Layer

19 Public-key infrastructure


Table 2 lists the Cisco ASR 9000 Series Router TAR files.

Table 2 Cisco ASR 9000 Series Router Supported Feature Sets
(Cisco IOS XR Software Release 3.9.2 TAR Files) 

Feature Set
Filename
Description

Cisco IOS XR IP/MPLS Core Software

asr9k-iosxr-3.9.2.tar

Cisco IOS XR IP Unicast Routing Core Bundle

Cisco IOS XR Manageability Package

Cisco IOS XR MPLS Package

Cisco IOS XR Multicast Package

Cisco IOS XR FPD Package

Cisco IOS XR Diagnostic Package

Cisco IOS XR IP/MPLS Core Software 3DES

asr9k-iosxr-k9-3.9.2.tar

Cisco IOS XR IP Unicast Routing Core Bundle

Cisco IOS XR Manageability Package

Cisco IOS XR MPLS Package

Cisco IOS XR Multicast Package

Cisco IOS XR Security Package

Cisco IOS XR FPD Package

Cisco IOS XR Diagnostic Package


Memory Requirements


Caution If you remove the media in which the software image or configuration is stored, the router may become unstable and fail.

The minimum memory requirements for Cisco ASR 9000 Series Router running Cisco IOS XR Software Release 3.9.2 consist of the following:

4-GB memory on the route switch processors (RSPs)

2-GB compact flash on route switch processors (RSPs)

These minimum memory requirements are met with the base board design. There are no optional memory or storage upgrades available or required.

Hardware Supported

Cisco IOS XR Software Release 3.9.2 supports Cisco ASR 9000 Series Routers. All hardware features are supported on Cisco IOS XR software, subject to the memory requirements specified in the "Memory Requirements" section.

Table 3 lists the supported hardware components on the Cisco ASR 9000 Series Router and the minimum required software versions. For more information, see the "Other Firmware Support" section.

Table 3 Cisco ASR 9000 Series Router Supported Hardware and Minimum Software Requirements 

Component
Part Number
Support from Version
Cisco ASR 9000 Series Router 6-Slot

Cisco ASR 9000 Series 6-Slot System

ASR-9006

Release 3.7.2

Cisco ASR 9000 Series 6-Slot Fan Tray

ASR-9006-FAN

Release 3.7.2

Cisco ASR 9000 Series 6-Slot Door Kit

ASR-9006-DOOR

Release 3.7.2

Cisco ASR 9000 Series 6-Slot AC Chassis

ASR-9006-AC

Release 3.7.2

Cisco ASR 9000 Series 6-Slot DC Chassis

ASR-9006-DC

Release 3.7.2

Cisco ASR 9000 Series Router 6-Slot Air

Cisco ASR 9000 Series 6-Slot Air Filter

ASR-9006-FILTER

Release 3.7.2

 
Cisco ASR 9000 Series Router 10-Slot

Cisco ASR 9000 Series 10-Slot System

ASR-9010

Release 3.7.2

Cisco ASR 9000 Series 10-Slot Fan Tray

ASR-9010-FAN

Release 3.7.2

Cisco ASR 9000 Series 10-Slot Door Kit

ASR-9010-DOOR

Release 3.7.2

Cisco ASR 9000 Series 10-Slot AC Chassis

ASR-9010-AC

Release 3.7.2

Cisco ASR 9000 Series 10-Slot DC Chassis

ASR-9010-DC

Release 3.7.2

Cisco ASR 9000 Series 2 Post Mounting Kit

ASR-9010-2P-KIT

Release 3.7.2

Cisco ASR 9000 Series 4 Post Mounting Kit

ASR-9010-4P-KIT

Release 3.7.2

 
Cisco ASR 9000 Series Router 10-Slot Air

Cisco ASR 9000 Series 10-Slot Air Filter

ASR-9010-FILTER

Release 3.7.2

Cisco ASR 9000 Series 10-Slot External Exhaust Air Shaper

ASR-9010-AIRSHPR

Release 3.7.2

Cisco ASR 9000 Series 10-Slot Air Inlet Grill

ASR-9010-GRL

Release 3.7.2

Cisco ASR 9000 Series Router Power

Cisco ASR 9000 Series 1.5kW DC Power Module

A9K-1.5KW-DC

Release 3.7.2

Cisco ASR 9000 Series 2kW DC Power Module

A9K-2KW-DC

Release 3.7.2

Cisco ASR 9000 Series 3kW AC Power Module

A9K-3KW-AC

Release 3.7.2

Cisco ASR 9000 Series Router Line Cards

Cisco ASR 9000 Series 2-Port Ten Gigabit Ethernet +
Cisco ASR 9000 Series 20-Port Gigabit Ethernet, Medium Queue

A9K-2T20GE-B

Release 3.9.0

Cisco ASR 9000 Series 2-Port Ten Gigabit Ethernet +
Cisco ASR 9000 Series 20-Port Gigabit Ethernet, High Queue

A9K-2T20GE-E

Release 3.9.0

Cisco ASR 9000 Series 4-Port Ten Gigabit Ethernet, Medium Queue

A9K-4T-B

Release 3.7.2

Cisco ASR 9000 Series 4-Port Ten Gigabit Ethernet Extended Line Card, High Queue

A9K-4T-E

Release 3.7.2

Cisco ASR 9000 Series 4-Port Ten Gigabit Ethernet, Low Queue

A9K-4T-L

Release 3.9.0

Cisco ASR 9000 Series 8-Port Ten Gigabit Ethernet, 80G Line Rate Extended Line Card, Medium Queue

A9K-8T-B

Release 3.9.1

Cisco ASR 9000 Series 8-Port Ten Gigabit Ethernet, 80G Line Rate Extended Line Card, High Queue

A9K-8T-E

Release 3.9.0

Cisco ASR 9000 Series 8-Port Ten Gigabit Ethernet, 80G Line Rate, Low Queue

A9K-8T-L

Release 3.9.0

Cisco ASR 9000 Series 8-Port Ten Gigabit Ethernet, Medium Queue

A9K-8T/4-B

Release 3.7.2

Cisco ASR 9000 Series 8-Port TenGE DX Extended Line Card, High Queue

A9K-8T/4-E

Release 3.7.2

Cisco ASR 9000 Series 8-Port Ten Gigabit Ethernet, Low Queue

A9K-8T/4-L

Release 3.9.0

Cisco ASR 9000 Series 16-Port Ten Gigabit Ethernet, Medium Queue

A9K-4T-B

Release 3.9.1

Cisco ASR 9000 Series 40-Port Gigabit Ethernet, Medium Queue

A9K-40GE-B

Release 3.7.2

Cisco ASR 9000 Series 40-Port Gigabit Ethernet Extended Line Card, High Queue

A9K-40GE-E

Release 3.7.2

Cisco ASR 9000 Series 40-Port Gigabit Ethernet, Low Queue

A9K-40GE-L

Release 3.9.0

Cisco ASR 9000 Series Line Card Filler

A9K-LC-FILR

Release 3.7.2

Cisco ASR 9000 Series Router Processor Cards

Cisco ASR 9000 Series Route Switch Processor, 4G Memory

A9K-RSP-4G

Release 3.7.2

Cisco ASR 9000 Series Route Switch Processor Filler

ASR-9000-RSP-FILR

Release 3.7.2

Cisco ASR 9000 Series SIP and SPA Cards

Cisco ASR 9000 SIP-700 SPA interface processor

A9K-SIP-700

Release 3.9.0

2-Port Channelized OC-12/DS0 SPA

SPA-2XCHOC12/DS0

Release 3.9.0


Software Compatibility

Cisco IOS XR Software Release 3.9.2 is compatible with the following Cisco ASR 9000 Series Router systems:

Cisco ASR 9000 Series Router 6-Slot Line Card Chassis

Cisco ASR 9000 Series Router 10-Slot Line Card Chassis

Table 4 lists the supported software licenses on the Cisco ASR 9000 Series Router and the appropriate part numbers.

Table 4 Cisco ASR 9000 Series Router Supported Software Licenses 

Software License
Part Number

Cisco ASR 9000 Series iVRF License

A9K-IVRF-LIC

Cisco ASR 9000 Series Per Chassis Advanced Video License

A9K-ADV-VIDEO-LIC

Cisco ASR 9000 Series Per Line Card Advanced Optical License

A9K-ADV-OPTIC-LIC

Cisco ASR 9000 Series L3VPN License, Medium Queue and Low Queue Line Cards

A9K-AIP-LIC-B

Cisco ASR 9000 Series L3VPN License, High Queue Line Cards

A9K-AIP-LIC-E


Note that error messages may display if features run without the appropriate licenses installed. For example, when creating or configuring VRF, if the A9K-IVRF-LIC license is not installed before creating a VRF, the following message displays:

 
   
RP/0/RSP0/CPU0:PE1-AS1#LC/0/0/CPU0:Dec 15 17:57:53.653 : rsi_agent[247]: 
%LICENSE-ASR9K_LICENSE-2-INFRA_VRF_NEEDED : 5 VRF(s) are configured without license 
A9K-iVRF-LIC in violation of the Software Right To Use Agreement. This feature may be 
disabled by the system without the appropriate license. Contact Cisco to purchase the 
license immediately to avoid potential service interruption.  
 
   

For Cisco license support, please contact your Cisco Sales Representative or Customer Service at 800 553-NETS (6387) or 408-526-4000. For questions on the program other than ordering, please send e-mail to: cwm-license@cisco.com.

Cisco ASR 9000 Series Right-To-Use (RTU) Licensing

Here are on-line locations of the Cisco ASR 9000 Series Right-To-Use (RTU) licensing docs:

http://www.cisco.com/en/US/docs/routers/asr9000/hardware/Prodlicense/A9k-AIP-LIC-B.html

http://www.cisco.com/en/US/docs/routers/asr9000/hardware/Prodlicense/A9k-AIP-LIC-E.html


Note Layer 3 VPNs are only to be used after you have purchased a license. Cisco will enforce the RTU of L3VPNs in follow on releases. You should contact Cisco, or check the release notes for the follow on release before upgrading for directions on how to install the license as part of the upgrade - otherwise the L3VPN feature may be affected.


Other Firmware Support

The Cisco ASR 9000 Series Router supports the following firmware code:

The minimum ROMMON version required for this release is 1.03 for line cards, 1.04 for RSPs.

The minimum CPUCNTRL version required for this release is line card-specific. Use the show fpd package command to check the firmware needed.


Note For more information about CPU controller bits, see the Managing the Router Hardware section in the Cisco ASR 9000 Series Aggregation Services Router System Management Configuration Guide



Note In upgrading from Release 3.7.3 or earlier releases, you may be expected to do a one-time FPD upgrade for any firmware images that may have changed since the last release. Refer to the documents at http://www.cisco.com/web/Cisco_IOS_XR_Software/index.html for upgrade instructions.


Check the firmware needed by running the show fpd package command in admin mode.

RP/0/RSP0/CPU0:NPE2-BizzEdge(admin)#show fpd package 
Mon Sep 27 13:51:08.256 PST
 
   
============================== ================================================
                                        Field Programmable Device Package
                               ================================================
                                                                 SW      Min Req   Min Req
Card Type            FPD Description            Type Subtype   Version   SW Ver    HW Vers
==================== ========================== ==== ======= =========== ========  =======
A9K-40GE-B           Can Bus Ctrl (CBC) LC2     lc   cbc         2.02      0.0       0.1  
                     CPUCtrl LC2                lc   cpld1       0.19      0.0       0.1  
                     PHYCtrl LC2                lc   cpld2       0.06      0.0       0.1  
                     PortCtrl LC2               lc   fpga2       0.09      0.0       0.1  
                     Bridge LC2                 lc   fpga1       0.42      0.0       0.1  
                     ROMMONB LC2                lc   rommon      1.03      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-4T-B             Can Bus Ctrl (CBC) LC2     lc   cbc         2.02      0.0       0.1  
                     CPUCtrl LC2                lc   cpld1       0.19      0.0       0.1  
                     PHYCtrl LC2                lc   cpld2       0.08      0.0       0.1  
                     LCClkCtrl LC2              lc   cpld3       0.03      0.0       0.1  
                     PortCtrl LC2               lc   fpga2       0.10      0.0       0.1  
                     PHY LC2                    lc   fpga3      14.42      0.0       0.1  
                     Bridge LC2                 lc   fpga1       0.42      0.0       0.1  
                     ROMMONB LC2                lc   rommon      1.03      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-8T/4-B           Can Bus Ctrl (CBC) LC2     lc   cbc         2.02      0.0       0.1  
                     CPUCtrl LC2                lc   cpld1       0.19      0.0       0.1  
                     PHYCtrl LC2                lc   cpld2       0.08      0.0       0.1  
                     LCClkCtrl LC2              lc   cpld3       0.03      0.0       0.1  
                     PortCtrl LC2               lc   fpga2       0.10      0.0       0.1  
                     PHY LC2                    lc   fpga3      14.42      0.0       0.1  
                     Bridge LC2                 lc   fpga1       0.42      0.0       0.1  
                     ROMMONB LC2                lc   rommon      1.03      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-2T20GE-B         Can Bus Ctrl (CBC) LC2     lc   cbc         2.02      0.0       0.1  
                     CPUCtrl LC2                lc   cpld1       0.19      0.0       0.1  
                     PHYCtrl LC2                lc   cpld2       0.11      0.0       0.1  
                     LCClkCtrl LC2              lc   cpld3       0.09      0.0       0.1  
                     PortCtrl LC2               lc   fpga2       0.16      0.0       0.1  
                     Bridge LC2                 lc   fpga1       0.42      0.0       0.1  
                     ROMMONB LC2                lc   rommon      1.03      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-40GE-E           Can Bus Ctrl (CBC) LC2     lc   cbc         2.02      0.0       0.1  
                     CPUCtrl LC2                lc   cpld1       0.19      0.0       0.1  
                     PHYCtrl LC2                lc   cpld2       0.06      0.0       0.1  
                     PortCtrl LC2               lc   fpga2       0.09      0.0       0.1  
                     Bridge LC2                 lc   fpga1       0.42      0.0       0.1  
                     ROMMONB LC2                lc   rommon      1.03      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-4T-E             Can Bus Ctrl (CBC) LC2     lc   cbc         2.02      0.0       0.1  
                     CPUCtrl LC2                lc   cpld1       0.19      0.0       0.1  
                     PHYCtrl LC2                lc   cpld2       0.08      0.0       0.1  
                     LCClkCtrl LC2              lc   cpld3       0.03      0.0       0.1  
                     PortCtrl LC2               lc   fpga2       0.10      0.0       0.1  
                     PHY LC2                    lc   fpga3      14.42      0.0       0.1  
                     Bridge LC2                 lc   fpga1       0.42      0.0       0.1  
                     ROMMONB LC2                lc   rommon      1.03      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-8T/4-E           Can Bus Ctrl (CBC) LC2     lc   cbc         2.02      0.0       0.1  
                     CPUCtrl LC2                lc   cpld1       0.19      0.0       0.1  
                     PHYCtrl LC2                lc   cpld2       0.08      0.0       0.1  
                     LCClkCtrl LC2              lc   cpld3       0.03      0.0       0.1  
                     PortCtrl LC2               lc   fpga2       0.10      0.0       0.1  
                     PHY LC2                    lc   fpga3      14.42      0.0       0.1  
                     Bridge LC2                 lc   fpga1       0.42      0.0       0.1  
                     ROMMONB LC2                lc   rommon      1.03      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-2T20GE-E         Can Bus Ctrl (CBC) LC2     lc   cbc         2.02      0.0       0.1  
                     CPUCtrl LC2                lc   cpld1       0.19      0.0       0.1  
                     PHYCtrl LC2                lc   cpld2       0.11      0.0       0.1  
                     LCClkCtrl LC2              lc   cpld3       0.09      0.0       0.1  
                     PortCtrl LC2               lc   fpga2       0.16      0.0       0.1  
                     Bridge LC2                 lc   fpga1       0.42      0.0       0.1  
                     ROMMONB LC2                lc   rommon      1.03      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-8T-B             Can Bus Ctrl (CBC) LC3     lc   cbc         6.02      0.0       0.1  
                     CPUCtrl LC3                lc   cpld1       1.00      0.0       0.1  
                     PHYCtrl LC3                lc   cpld2       0.08      0.0       0.1  
                     LCClkCtrl LC3              lc   cpld3       0.03      0.0       0.1  
                     DB CPUCtrl LC3             lc   cpld4       1.00      0.0       0.1  
                     PortCtrl LC3               lc   fpga2       0.11      0.0       0.1  
                     Raven LC3                  lc   fpga1       1.00      0.0       0.1  
                     ROMMONB LC3                lc   rommon      1.03      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-16T/8-B          Can Bus Ctrl (CBC) LC3     lc   cbc         6.02      0.0       0.1  
                     CPUCtrl LC3                lc   cpld1       1.00      0.0       0.1  
                     PHYCtrl LC3                lc   cpld2       0.04      0.0       0.1  
                     LCClkCtrl LC3              lc   cpld3       0.01      0.0       0.1  
                     DB CPUCtrl LC3             lc   cpld4       1.00      0.0       0.1  
                     PortCtrl LC3               lc   fpga2       0.01      0.0       0.1  
                     Raven LC3                  lc   fpga1       1.00      0.0       0.1  
                     ROMMONB LC3                lc   rommon      1.03      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-8T-E             Can Bus Ctrl (CBC) LC3     lc   cbc         6.02      0.0       0.1  
                     CPUCtrl LC3                lc   cpld1       1.00      0.0       0.1  
                     PHYCtrl LC3                lc   cpld2       0.08      0.0       0.1  
                     LCClkCtrl LC3              lc   cpld3       0.03      0.0       0.1  
                     CPUCtrl LC3                lc   cpld4       1.00      0.0       0.1  
                     PortCtrl LC3               lc   fpga2       0.11      0.0       0.1  
                     Raven LC3                  lc   fpga1       1.00      0.0       0.1  
                     ROMMONB LC3                lc   rommon      1.03      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-40GE-L           Can Bus Ctrl (CBC) LC2     lc   cbc         2.02      0.0       0.1  
                     CPUCtrl LC2                lc   cpld1       0.19      0.0       0.1  
                     PHYCtrl LC2                lc   cpld2       0.06      0.0       0.1  
                     PortCtrl LC2               lc   fpga2       0.09      0.0       0.1  
                     Bridge LC2                 lc   fpga1       0.42      0.0       0.1  
                     ROMMONB LC2                lc   rommon      1.03      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-4T-L             Can Bus Ctrl (CBC) LC2     lc   cbc         2.02      0.0       0.1  
                     CPUCtrl LC2                lc   cpld1       0.19      0.0       0.1  
                     PHYCtrl LC2                lc   cpld2       0.08      0.0       0.1  
                     LCClkCtrl LC2              lc   cpld3       0.03      0.0       0.1  
                     PortCtrl LC2               lc   fpga2       0.10      0.0       0.1  
                     Serdes Upgrade LC2         lc   fpga3      14.42      0.0       0.1  
                     Bridge LC2                 lc   fpga1       0.42      0.0       0.1  
                     ROMMONB LC2                lc   rommon      1.03      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-8T/4-L           Can Bus Ctrl (CBC) LC2     lc   cbc         2.02      0.0       0.1  
                     CPUCtrl LC2                lc   cpld1       0.19      0.0       0.1  
                     PHYCtrl LC2                lc   cpld2       0.08      0.0       0.1  
                     LCClkCtrl LC2              lc   cpld3       0.03      0.0       0.1  
                     PortCtrl LC2               lc   fpga2       0.10      0.0       0.1  
                     Serdes Upgrade LC2         lc   fpga3      14.42      0.0       0.1  
                     Bridge LC2                 lc   fpga1       0.42      0.0       0.1  
                     ROMMONB LC2                lc   rommon      1.03      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-2T20GE-L         Can Bus Ctrl (CBC) LC2     lc   cbc         2.02      0.0       0.1  
                     CPUCtrl LC2                lc   cpld1       0.19      0.0       0.1  
                     PHYCtrl LC2                lc   cpld2       0.11      0.0       0.1  
                     LCClkCtrl LC2              lc   cpld3       0.09      0.0       0.1  
                     Tomcat LC2                 lc   fpga2       0.16      0.0       0.1  
                     Bridge LC2                 lc   fpga1       0.42      0.0       0.1  
                     ROMMONB LC2                lc   rommon      1.03      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-8T-L             Can Bus Ctrl (CBC) LC3     lc   cbc         6.02      0.0       0.1  
                     CPUCtrl LC3                lc   cpld1       1.00      0.0       0.1  
                     PHYCtrl LC3                lc   cpld2       0.08      0.0       0.1  
                     LCClkCtrl LC3              lc   cpld3       0.03      0.0       0.1  
                     CPUCtrl LC3                lc   cpld4       1.00      0.0       0.1  
                     PortCtrl LC3               lc   fpga2       0.11      0.0       0.1  
                     Raven LC3                  lc   fpga1       1.00      0.0       0.1  
                     ROMMONB LC3                lc   rommon      1.03      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-SIP-700          Can Bus Ctrl (CBC) LC5     lc   cbc         3.04      0.0       0.1  
                     CPUCtrl LC5                lc   cpld1       0.15      0.0       0.1  
                     QFPCPUBridge LC5           lc   fpga2       5.14      0.0       0.1  
                     NPUXBarBridge LC5          lc   fpga1       0.22      0.0       0.1  
                     ROMMONB LC5                lc   rommon      1.03      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-RSP-2G           Can Bus Ctrl (CBC) RSP2    lc   cbc         1.02      0.0       0.1  
                     CPUCtrl RSP2               lc   cpld2       1.17      0.0       0.1  
                     IntCtrl RSP2               lc   fpga2       1.15      0.0       0.1  
                     ClkCtrl RSP2               lc   fpga3       1.18      0.0       0.1  
                     UTI RSP2                   lc   fpga4       3.08      0.0       0.1  
                     PUNT RSP2                  lc   fpga1       1.05      0.0       0.1  
                     HSBI RSP2                  lc   hsbi        4.00      0.0       0.1  
                     ROMMONB RSP2               lc   rommon      1.04      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-RSP-4G           Can Bus Ctrl (CBC) RSP2    lc   cbc         1.02      0.0       0.1  
                     CPUCtrl RSP2               lc   cpld2       1.17      0.0       0.1  
                     IntCtrl RSP2               lc   fpga2       1.15      0.0       0.1  
                     ClkCtrl RSP2               lc   fpga3       1.18      0.0       0.1  
                     UTI RSP2                   lc   fpga4       3.08      0.0       0.1  
                     PUNT RSP2                  lc   fpga1       1.05      0.0       0.1  
                     HSBI RSP2                  lc   hsbi        4.00      0.0       0.1  
                     ROMMONB RSP2               lc   rommon      1.04      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-RSP-8G           Can Bus Ctrl (CBC) RSP2    lc   cbc         1.02      0.0       0.1  
                     CPUCtrl RSP2               lc   cpld2       1.17      0.0       0.1  
                     IntCtrl RSP2               lc   fpga2       1.15      0.0       0.1  
                     ClkCtrl RSP2               lc   fpga3       1.18      0.0       0.1  
                     UTI RSP2                   lc   fpga4       3.08      0.0       0.1  
                     PUNT RSP2                  lc   fpga1       1.05      0.0       0.1  
                     HSBI RSP2                  lc   hsbi        4.00      0.0       0.1  
                     ROMMONB RSP2               lc   rommon      1.04      0.0       0.1  
------------------------------------------------------------------------------------------
ASR-9010-FAN         Can Bus Ctrl (CBC) FAN     lc   cbc         4.00      0.0       0.1  
------------------------------------------------------------------------------------------
ASR-9006-FAN         Can Bus Ctrl (CBC) FAN     lc   cbc         5.00      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-BPID2-10-SLOT    Can Bus Ctrl (CBC) BP2     lc   cbc         7.00      0.0       0.1  
------------------------------------------------------------------------------------------
A9K-BPID2-6-SLOT     Can Bus Ctrl (CBC) BP2     lc   cbc         7.00      0.0       0.1  
------------------------------------------------------------------------------------------
SPA-2XCHOC12/DS0     SPA FPGA2 swv1.00          spa  fpga2       1.00      0.0       0.0  
                     SPA FPGA swv1.36           spa  fpga1       1.36      0.0       0.49 
                     SPA ROMMON swv2.2          spa  rommon      2.02      0.0       0.49 
------------------------------------------------------------------------------------------
SPA-10X1GE-V2        SPA FPGA swv1.10           spa  fpga1       1.10      0.0       0.0  
------------------------------------------------------------------------------------------
SPA-5X1GE-V2         SPA FPGA swv1.10           spa  fpga1       1.10      0.0       0.0  
------------------------------------------------------------------------------------------
SPA-1X10GE-L-V2      SPA FPGA swv1.9            spa  fpga1       1.09      0.0       0.0  
------------------------------------------------------------------------------------------
SPA-1X10GE-WL-V2     SPA FPGA swv1.9            spa  fpga1       1.09      0.0       0.0  
------------------------------------------------------------------------------------------

Determining Your Software Version

To determine the version of Cisco IOS XR software running on your router, log in to the router and enter the show version command:


Step 1 Establish a Telnet session with the router.

Step 2 Enter the show version command:

RP/0/RSP0/CPU0:NPE2-BizzEdge#show version     
Cisco IOS XR Software, Version 3.9.2[00]
Copyright (c) 2010 by Cisco Systems, Inc.
 
   
ROM: System Bootstrap, Version 1.4(20100216:021454) [ASR9K ROMMON],  
 
   
NPE2-BizzEdge uptime is 21 minutes
System image file is "bootflash:disk0/asr9k-os-mbi-3.9.2/mbiasr9k-rp.vm"
 
   
cisco ASR9K Series (MPC8641D) processor with 8388608K bytes of memory.
MPC8641D processor at 1333MHz, Revision 2.2
 
   
4 Management Ethernet
16 WANPHY controller(s)
16 DWDM controller(s)
24 TenGigE
80 GigabitEthernet
219k bytes of non-volatile configuration memory.
975M bytes of compact flash card.
33994M bytes of hard disk.
1605616k bytes of disk0: (Sector size 512 bytes).
1605616k bytes of disk1: (Sector size 512 bytes).
 
   
RP/0/RSP0/CPU0:NPE2-BizzEdge#show install active summary  
 
   
 Active Packages:
 
   
   disk0:comp-asr9k-mini-3.9.2
   disk0:asr9k-aaa-test-3.9.2
   disk0:asr9k-doc-3.9.2
   disk0:asr9k-adv-video-3.9.2
   disk0:asr9k-k9sec-3.9.2
   disk0:asr9k-mgbl-3.9.2
   disk0:asr9k-mcast-3.9.2
   disk0:asr9k-mpls-3.9.2

Features Supported on the Cisco ASR 9000 Series Router

The following sections describe the features supported on the Cisco ASR 9000 Series Router platform:

Features Introduced in Cisco IOS XR Software Release 3.9.2

Features Introduced in Cisco IOS XR Software Release 3.9.1

Features Introduced in Cisco IOS XR Software Release 3.9.0

Features Introduced in Cisco IOS XR Software Release 3.7.3

Features Introduced in Cisco IOS XR Software Release 3.7.2


Note The Cisco ASR 9000 Series Router platform is not supported on Cisco IOS XR Software Release 3.8.0.


Features Introduced in Cisco IOS XR Software Release 3.9.2

The following features introduced in Cisco IOS XR Software Release 3.9.2 are supported on the Cisco ASR 9000 Series Router platform:

ACL Based Forwarding (ABF)

Cisco IOS XR Software Release 3.9.2 introduces support on the Cisco ASR 9000 Series Router platform for packet forwarding and routing according to customer defined policies.

An access control list (ACL) consists of one or more access control entries (ACE) that collectively define the network traffic profile. This profile can then be referenced by Cisco IOS XR software features such as traffic filtering, route filtering, QoS classification, and access control. Each ACL includes an action element (permit or deny) and a filter element based on criteria such as source address, destination address, protocol, and protocol-specific parameters.

Prefix lists are used in route maps and route filtering operations and can be used as an alternative to access lists in many Border Gateway Protocol (BGP) route filtering commands. A prefix is a portion of an IP address, starting from the far left bit of the far left octet. By specifying exactly how many bits of an address belong to a prefix, you can then use prefixes to aggregate addresses and perform a function on them, such as redistribution (filter routing updates).

Hardware Limitations:

Support for ABF is only for IPv4 and Ethernet line cards. IPv6 and other interfaces are not supported

ABF is an ingress line card feature and the egress line card must be ABF aware.

SIP-700 is not ABF aware and hence drops ABF packets.

Restrictions:

The following nexthop configurations are not supported:

Attaching ACL having a nexthop option in the egress direction.

Modifying an ACL attached in the egress direction having nexthop.

deny ACE with nexthop.

The following interfaces are not supported: loopback, interflex, and L2.

The ABF feature configuration on A9K-SIP-700 is not supported.

ABF nexthop packets received by A9K-SIP-700 are dropped.


Note There is one exception to this. In case of IP to TAG, the label is imposed by the ingress LC (based on ABF nexthop), and the packet crosses the fabric as a tag packet. These packets are handled by A9K-SIP-700 without any issue.


Packets punted in the ingress direction from the NPU to the LC CPU are not subjected to ABF treatment due to lack of ABF support in the slow path.


Note For example, IP Options packets are not subjected to ABF. The packet is forwarded without ABF.


Packets punted in the egress direction from the NPU to the LC CPU other than in order to glean adjancency are not subjected to ABF treatment due to the lack of ABF support in the slow path.


Note IP packet(s) needing fragmentation are not subjected to ABF. The packet is forwarded in the traditional way. Fragmented packets recieved are handled by ABF.


nexthop in VRF is not supported. nexthop is looked at in the global table only.

Configuration

{[default] nexthop ipv4-address1 [ipv4-address2] [ipv4-address3]}

The nexthop/[default] nexthop extensions are valid only for permit ACE's. There is no reachability check of nexthop. Any configuration from the user is accepted as is.

When the action is nexthop

The packet is forwarded using the ACL nexthop configured in ACE.

When the action is default nexthop

If the traffic packet destination address results in a default route entry (i.e., no specific route to nexthop), then the packets are forwarded to the configured default nexthop IPs, if they are UP.

This is an ingress feature. So configuration is rejected if,

An ACL with nexthop action is attached to an interface in egress direction.

An ACL attached to an egress interface is modified to include nexthop action.

A deny statement exists for the ACL.

Configuration examples:

ACL for security only functionality

ipv4 access-list security-acl  
10 permit ipv4 10.0.0.0 0.255.255.255 any
20 permit ipv4 30.0.0.0 0.255.255.255 any 
interface gi 0/0/0/1 
ipv4 access-group security-acl ingress 

Packets entering an interface with the source address 10.x.x.x or 30.x.x.x are forwarded using traditional forwarding lookup.

All other packets entering the interface are dropped by the ACL.

ACL with security and ABF functionality

ipv4 access-list security-abf-acl  
10 permit ipv4 10.0.0.0 0.255.255.255 any  
20 permit ipv4 30.2.0.0 0.0.255.255 any nexthop 40.1.1.2 
30 deny ipv4 30.1.0.0 0.0.255.255 any  
40 permit ipv4 30.0.0.0 0.255.255.255 any 
 
   
interface gi 0/0/0/1 
ipv4 access-group security-abf-acl ingress 

Packets entering the interface with source address 10.x.x.x are forwarded using traditional forwarding lookup.

Packets entering the interface with source address 30.2.x.x are forwarded to nexthop 40.1.1.2

Packets entering the interface with source address 30.1.x.x are dropped by security ACE 20

Packets entering the interface with source address 30.x.x.x but not in 30.2.x.x (or) 30.1.x.x are forwarded using traditional forwarding lookup.

All other packets entering the interface are dropped by ACL.

ACL for ABF only functionality

ipv4 access-list abf-acl  
10 permit ipv4 10.0.0.0 0.255.255.255 any default nexthop 50.1.1.2  
20 permit ipv4 30.2.0.0 0.0.255.255 any nexthop 40.1.1.2 
30 permit ipv4 any any
 
   
interface gi 0/0/0/1 
ipv4 access-group abf-acl ingress 

Packets entering the interface with source address 10.x.x.x are forwarded to nexthop 50.1.1.2 if FIB lookup based on IP DA of packet points to default route.

Packets entering the interface with source address 30.2.x.x are forwarded to nexthop 40.1.1.2.

ACE 30 ensures all packets not matching the ABF ACE are forwarded using traditional method and doesn't get dropped due to implicit deny ACE installed by software at the end.

Show command

show ipv4 access-list <acl_name> hardware ingress location <nodeid>

The following example displays active nexthop programmed in hardware. The changes are highlighted in bold.

ipv4 access-list abf 
10 permit tcp host 30.30.1.2 range 100 500 any nexthop 1.1.1.1 2.2.2.2 
3.3.3.3 (27413 hw  matches), (nexthop: 1.1.1.1) 
20 permit tcp host 30.30.1.2 neq 600 any 
30 permit ipv4 any any log-input 
40 permit ipv4 any any 17 
 
   

The following example displays active default nexthop programmed in hardware. The changes are highlighted in bold.

show ipv4 access-lists ipv4 abf_scale hardware ingress location 0/1/CPU0

ipv4 access-list abf scalle
1 permit ipv4 any 0.0.3.1 255.255.0.0 (3640 hw matches) (next-hop: 20.1.1.2) (default 
next-hop)
2 permit ipv4 any 0.0.3.2 255.255.0.0 (3640 hw matches) (next-hop: 20.1.1.2) (default 
next-hop)
 
   

show ipv4 access-lists ipv4 abf_scale hardware ingress location 0/0/CPU0

ipv4 access-list abf scalle
1 permit ipv4 0.0.5.1 255.255.0.0 any(3272 hw matches) (next-hop: 110.2.1.2) 
2 permit ipv4 0.0.5.2 255.255.0.0 any(3640 hw matches) (next-hop: 110.2.1.2) 
 
   

ABF Configuration Commands:

Following configuration commands will be available to configure ABF lists.

ipv4 access-list log-update rate

ipv4 access-list log-update threshold

permit (IPv4)

ipv4 access-list log-update rate

To specify the rate at which IPv4 access lists are logged, use the ipv4 access-list log-update rate command in global configuration mode. To return the update rate to the default setting, use the no form of this command.

ipv4 access-list log-update rate rate-number<1-1000>

no ipv4 access-list log-update rate

Syntax Description

rate

Set access-list logging rate (num. logs per second)

<1-1000>

<1-1000> rate (num. logs per second)


Defaults

Default is 1.

Command Modes

CONFIG

Command History

Release
Modification

Release 3.9.2

This command was introduced on the Cisco ASR 9000 Series Routers.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

The rate-number argument applies to all the IPv4 access-lists configured on the interfaces. That is, at any given time there can be between 1 and 1000 log entries for the system.

Task ID
Task ID
Operations

ipv4

read, write

acl

read, write


Examples

The following example shows how to configure a IPv4 access hit logging rate for the system:.

RP/0/RP0/CPU0:router(config)#ipv4 access-list log-update rate 10 
 
   

Related Commands

Command
Description

ipv4 access-list log-update threshold

To specify the number of updates that are logged for IPv4 access lists

permit (IPv4)

Sets the permit conditions for an IPv4 access list.


ipv4 access-list log-update threshold

To specify the number of updates that are logged for IPv4 access lists, use the ipv4 access-list log-update threshold command in global configuration mode. To return the number of logged updates to the default setting, use the no form of this command.

ipv4 access-list log-update threshold update-number

no ipv4 access-list log-update threshold update-number

Syntax Description

threshold

Set access-list logging threshold

update-number

<0 to 2147483647> Log update threshold (number of hits).


Defaults

Default is 1.

Command Modes

Global configuration.

Command History

Release
Modification

Release 3.9.2

This command was introduced on the Cisco ASR 9000 Series Routers.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

IPv4 access list updates are logged at 5-minute intervals, following the first logged update. Configuring a lower number of updates (a number lower than the default) is useful when more frequent update logging is desired.

Task ID
Task ID
Operations

ipv4

read, write

acl

read, write


Examples

The following example shows how to configure a log threshold of ten updates for every IPv4 access list configured on the router:

 RP/0/RP0/CPU0:router(config)#ipv4 access-list log-update threshold 10 

Related Commands

Command
Description

ipv4 access-list log-update rate

To specify the rate at which IPv4 access lists are logged.

permit (IPv4)

Sets the permit conditions for an IPv4 access list.


permit (IPv4)

To set conditions for an IPv4 access list, use the permit command in access list configuration mode. There are two versions of the permit command: permit (source), and permit (protocol). To remove a condition from an access list, use the no form of this command.

[ sequence-number ] permit source [source-wildcard] [log | log-input]

[ sequence-number] permit protocol source source-wildcard destination destination-wildcard [precedence precedence] [default nexthop [ipv4-address1] [ipv4-address2] [ipv4-address3]] [dscp dscp] [fragments] [packet-length operator packet-length value] [log | log-input] [nexthop [ipv4-address1] [ipv4-address2] [ipv4-address3]] [ttl ttl value1 value2]

no sequence-number

Internet Control Message Protocol (ICMP)

[sequence-number] permit icmp source source-wildcard destination destination-wildcard [icmp-type] [icmp-code] [precedence precedence] [dscp dscp] [fragments] [log | log-input] [icmp-off]

Internet Group Management Protocol (IGMP)

[sequence-number] permit igmp source source-wildcard destination destination-wildcard [igmp-type] [igmp-code] [precedence precedence] [dscp value] [fragments] [log | log-input]

Stream Control Transmission Protocol (SCTP)

[sequence-number] permit sctp source source-wildcard [operator {port | protocol-port}] destination destination-wildcard [operator {port | protocol-port}] [established] [ack] [rst] [syn] [fin] [psh] [urg] [precedence precedence] [dscp dscp] [fragments] [log | log-input]

Transmission Control Protocol (TCP)

[sequence-number] permit tcp source source-wildcard [operator {port | protocol-port}] destination destination-wildcard [operator {port | protocol-port}] [established] | {match-any | match-all} {+ | -} [flag-name] [precedence precedence] [dscp dscp] [fragments] [log | log-input]

User Datagram Protocol (UDP)

[sequence-number] permit udp source source-wildcard [operator {port | protocol-port}] destination destination-wildcard [operator {port | protocol-port}] [precedence precedence] [dscp dscp] [fragments] [log | log-input]

Syntax Description

sequence-number

(Optional) Number of the permit statement in the access list. This number determines the order of the statements in the access list. Range is 1 to 2147483646. (By default, the first statement is number 10, and the subsequent statements are incremented by 10.) Use the resequence access-list command to change the number of the first statement and increment subsequent statements of a configured access list.

source

Number of the network or host from which the packet is being sent. There are three alternative ways to specify the source:

Use a 32-bit quantity in four-part dotted-decimal format.

Use the any keyword as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.

Use the host source combination as an abbreviation for a source and source-wildcard of source 0.0.0.0.

source-wildcard

Wildcard bits to be applied to the source. There are three alternative ways to specify the source wildcard:

Use a 32-bit quantity in four-part dotted-decimal format. Place ones in the bit positions you want to ignore.

Use the any keyword as an abbreviation for a source and source-wildcard of 0.0.0.0 255.255.255.255.

Use the host source combination as an abbreviation for a source and source-wildcard of source 0.0.0.0.

protocol

Name or number of an IP protocol. It can be one of the keywords ahp, esp, eigrp, gre, icmp, igmp, igrp, ip, ipinip, nos, ospf, pim, pcp, sctp, tcp, or udp, or an integer from 0 to 255 representing an IP protocol number. To match any Internet protocol (including ICMP, TCP, and UDP), use the ip keyword. ICMP, SCTP, and TCP allow further qualifiers, which are described later in this table.

destination

Number of the network or host to which the packet is being sent. There are three alternative ways to specify the destination:

Use a 32-bit quantity in four-part dotted-decimal format.

Use the any keyword as an abbreviation for the destination and destination-wildcard of 0.0.0.0 255.255.255.255.

Use the host destination combination as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0.

destination-wildcard

Wildcard bits to be applied to the destination. There are three alternative ways to specify the destination wildcard:

Use a 32-bit quantity in four-part dotted-decimal format. Place ones in the bit positions you want to ignore.

Use the any keyword as an abbreviation for a destination and destination-wildcard of 0.0.0.0 255.255.255.255.

Use the host destination combination as an abbreviation for a destination and destination-wildcard of destination 0.0.0.0.

precedence precedence

precedence precedence (Optional) Packets can be filtered by precedence level (as specified by a number from 0 to 7) or by the following names:

match-Match packets with routine precedence (0)

priority-Match packets with priority precedence (1)

immediate-Match packets with immediate precedence (2)

flash-Match packets with flash precedence (3)

flash-override-Match packets with flash override precedence (4)

critical-Match packets with critical precedence (5)

internet-Match packets with internetwork control precedence (6)

network-Match packets with network control precedence (7)

default nexthop

(Optional) Specifies the default next hop for this entry.

If the default nexthop keyword is configured, ACL-based forwarding action is taken only if the results of the PLU lookup for the destination of the packets determine a default route; that is, no specified route is determined to the destination of the packet.

ipv4-address1 ipv4-address2 ipv4-address3

(Optional) Uses one to three next-hop addresses. The IP address types are defined as follows:

Default IP addresses----Specifies the next-hop router in the path toward the destination in which the packets must be forwarded, if there is no explicit route for the destination address of the packet in the routing table. The first IP address that is associated with a connected interface that is currently up is used to route the packets.

Specified IP addresses----Specifies the next-hop router in the path toward the destination in which the packets must be forwarded. The first IP address that is associated with a connected interface that is currently up is used to route the packets.

dscp dscp

(Optional) Differentiated services code point (DSCP) provides quality of service control. The values for dscp are as follows:

0--63-Differentiated services code point value

af11-Match packets with AF11 dscp (001010)

af12-Match packets with AF12 dscp (001100)

af13-Match packets with AF13 dscp (001110)

af21-Match packets with AF21 dscp (010010)

af22-Match packets with AF22 dscp (010100)

af23-Match packets with AF23 dscp (010110)

af31-Match packets with AF31 dscp (011010)

af32-Match packets with AF32 dscp (011100)

af33-Match packets with AF33 dscp (011110)

af41-Match packets with AF41 dscp (100010)

af42-Match packets with AF42 dscp (100100)

af43-Match packets with AF43 dscp (100110)

cs1-Match packets with CS1(precedence 1) dscp (001000)

cs2-Match packets with CS2(precedence 2) dscp (010000)

cs3-Match packets with CS3(precedence 3) dscp (011000)

cs4-Match packets with CS4(precedence 4) dscp (100000)

cs5-Match packets with CS5(precedence 5) dscp (101000)

cs6-Match packets with CS6(precedence 6) dscp (110000)

cs7-Match packets with CS7(precedence 7) dscp (111000)

default Default DSCP (000000)

ef-Match packets with EF dscp (101110)

dscp dscp

(Optional) Differentiated services code point (DSCP) provides quality of service control. The values for dscp are as follows:

0--63-Differentiated services code point value

af11-Match packets with AF11 dscp (001010)

af12-Match packets with AF12 dscp (001100)

af13-Match packets with AF13 dscp (001110)

af21-Match packets with AF21 dscp (010010)

af22-Match packets with AF22 dscp (010100)

af23-Match packets with AF23 dscp (010110)

af31-Match packets with AF31 dscp (011010)

af32-Match packets with AF32 dscp (011100)

af33-Match packets with AF33 dscp (011110)

af41-Match packets with AF41 dscp (100010)

af42-Match packets with AF42 dscp (100100)

af43-Match packets with AF43 dscp (100110)

cs1-Match packets with CS1(precedence 1) dscp (001000)

cs2-Match packets with CS2(precedence 2) dscp (010000)

cs3-Match packets with CS3(precedence 3) dscp (011000)

cs4-Match packets with CS4(precedence 4) dscp (100000)

cs5-Match packets with CS5(precedence 5) dscp (101000)

cs6-Match packets with CS6(precedence 6) dscp (110000)

cs7-Match packets with CS7(precedence 7) dscp (111000)

default Default DSCP (000000)

ef-Match packets with EF dscp (101110)

fragments

(Optional) Causes the software to examine non-initial fragments of IPv4 packets when applying this access list entry. When this keyword is specified, fragments are subject to the access list entry.

packet-length operator

(Optional) Packet length operator used for filtering.

packet-length value

(Optional) Packet length used to match only packets in the range of the length.

log

(Optional) Causes an informational logging message about the packet that matches the entry to be sent to the console. (The level of messages logged to the console is controlled by the logging console command.)

The message includes the access list number, whether the packet was permitted or denied; the protocol, whether it was TCP, UDP, ICMP, or a number; and, if appropriate, the source and destination addresses and source and destination port numbers. The message is generated for the first packet that matches a flow, and then at 5-minute intervals, including the number of packets permitted or denied in the prior 5-minute interval.

log-input

(Optional) Provides the same function as the log keyword, except that the logging message also includes the input interface.

nexthop

(Optional) Forwards the specified next hop for this entry.

ttl

(Optional) Turns on matching against time-to-life (TTL) value.

tl value [value1 ... value2]

tl value1 value2 (Optional) TTL value used for filtering. Range is 1 to 255.

If only value1 is specified, the match is against this value.

If both value1 and value2 are specified, the packet TTL is matched against the range of TTLs between value1 and value2.

icmp-off

(Optional) Turns off ICMP generation for denied packets

icmp-type

(Optional) ICMP message type for filtering ICMP packets. Range is from 0 to 255.

icmp-code

(Optional) ICMP message code for filtering ICMP packets. Range is from 0 to 255.

igmp-type

(Optional) IGMP message type (0 to 15) or message name for filtering IGMP packets, as follows:

dvmrp

host-query

host-report

mtrace

mtrace-response

pim

precedence

trace

v2-leave

v2-report

v3-report

operator

(Optional) Operator is used to compare source or destination ports. Possible operands are lt (less than), gt (greater than), eq (equal), neq (not equal), and range (inclusive range).

If the operator is positioned after the source and source-wildcard values, it must match the source port.

If the operator is positioned after the destination and destination-wildcard values, it must match the destination port.

If the operator is positioned after the ttl keyword, it matches the TTL value.

The range operator requires two port numbers. All other operators require one port number.

port

Decimal number a TCP or UDP port. Range is 0 to 65535.

TCP ports can be used only when filtering TCP. UDP ports can be used only when filtering UDP.

protocol-port

Name of a TCP or UDP port. TCP and UDP port names are listed in the "Usage Guidelines" section.

TCP port names can be used only when filtering TCP. UDP port names can be used only when filtering UDP.

established

(Optional) For the TCP protocol only: Indicates an established connection.

match-any

(Optional) For the TCP protocol only: Filters on any combination of TCP flags.

match-all

(Optional) For the TCP protocol only: Filters on all TCP flags.

+ | -

(Required) For the TCP protocol match-any, match-all: Prefix flag-name with + or -. Use the + flag-name argument to match packets with the TCP flag set. Use the - flag-name argument to match packets when the TCP flag is not set.

flag-name

(Required) For the TCP protocol match-any, match-all. Flag names are: ack, fin, psh, rst, syn.


Defaults

There is no specific condition under which a packet is denied passing the IPv4 access list.

ICMP message generation is enabled by default.

Command Modes

IPv4 access list configuration

Command History

Release
Modification

Release 3.9.2

This command was introduced on the Cisco ASR 9000 Series Routers.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Use the permit command following the ipv4 access-list command to specify conditions under which a packet can pass the access list.

By default, the first statement in an access list is number 10, and the subsequent statements are incremented by 10.

You can add permit, deny, or remark statements to an existing access list without retyping the entire list. To add a new statement anywhere other than at the end of the list, create a new statement with an appropriate entry number that falls between two existing entry numbers to indicate where it belongs.

If you want to add a statement between two consecutively numbered statements (for example, between lines 10 and 11), first use the resequence access-list command to renumber the first statement and increment the entry number of each subsequent statement. The increment argument causes new, unused line numbers between statements. Then add a new statement with the entry-number specifying where it belongs in the access list.

The following is a list of precedence names:

critical

flash

flash-override

immediate

internet

network

priority

routine

The following is a list of ICMP message type names:

administratively-prohibited

alternate-address

conversion-error

dod-host-prohibited

dod-net-prohibited

echo

echo-reply

general-parameter-problem

host-isolated

host-precedence-unreachable

host-redirect

host-tos-redirect

host-tos-unreachable

host-unknown

host-unreachable

information-reply

information-request

mask-reply

mask-request

mobile-redirect

net-redirect

net-tos-redirect

net-tos-unreachable

net-unreachable

network-unknown

no-room-for-option

option-missing

packet-too-big

parameter-problem

port-unreachable

precedence-unreachable

protocol-unreachable

reassembly-timeout

redirect

router-advertisement

router-solicitation

source-quench

source-route-failed

time-exceeded

timestamp-reply

timestamp-request

traceroute

ttl-exceeded

unreachable

The following is a list of TCP port names that can be used instead of port numbers. Refer to the current Assigned Numbers RFC to find a reference to these protocols. You can find port numbers corresponding to these protocols by typing a ? in the place of a port number.

bgp

chargen

cmd

daytime

discard

domain

echo

exec

finger

ftp

ftp-data

gopher

hostname

ident

irc

klogin

kshell

login

lpd

nntp

pim-auto-rp

pop2

pop3

smtp

sunrpc

tacacs

talk

telnet

time

uucp

whois

www

The following UDP port names can be used instead of port numbers. Refer to the current Assigned Numbers RFC to find a reference to these protocols. You can find port numbers corresponding to these protocols by typing a ? in the place of a port number.

biff

bootpc

bootps

discard

dnsix

domain

echo

isakmp

mobile-ip

nameserver

netbios-dgm

netbios-ns

netbios-ss

ntp

pim-auto-rp

rip

snmp

snmptrap

sunrpc

syslog

tacacs

talk

tftp

time

who

xdmcp

Use the following flags in conjunction with the match-any and match-all keywords and the + and - signs to select the flags to display:

ack

fin

psh

rst

syn

For example, match-all +ack +syn displays TCP packets with both the ack and syn flags set, or match-any +ack -syn displays the TCP packets with the ack set or the syn not set.

For ACL-based forwarding, we recommend that you use the permit command and any any keywords for the last ACL-based forwarding ACE rule to overwrite an implicit deny of security ACL. It ensures that all packets are forwarded with the traditional destination IP address if you do not want to drop any non-ABF related packets.

Task ID
Task ID
Operations

ipv4

read, write

acl

read, write


Examples

The following example shows how to set a permit condition for an access list named Internetfilter:

RP/0/RP0/CPU0:router(config)#ipv4 access-list Internetfilter 
RP/0/RP0/CPU0:router(config-ipv4-acl)# 10 permit 192.168.34.0 0.0.0.255 
RP/0/RP0/CPU0:router(config-ipv4-acl)# 20 permit 172.16.0.0 0.0.255.255 
RP/0/RP0/CPU0:router(config-ipv4-acl)# 25 permit tcp host 172.16.0.0 eq bgp host 
192.168.202.203 range 1300 1400 
RP/0/RP00/CPU0:router(config-ipv4-acl)# deny 10.0.0.0 0.255.255.255 
 
   

The following example shows how to configure ACL-based forwarding with security for an access list configuration:

RP/0/RP0/CPU0:router(config)#ipv4 access-list security-abf-acl 
RP/0/RP0/CPU0:router(config-ipv4-acl)# 10 permit ipv4 10.0.0.0 0.255.255.255 any 
RP/0/RP00/CPU0:router(config-ipv4-acl)# 15 permit ipv4 30.2.0.0 0.0.255.255 any nexthop 
40.1.1.2 
RP/0/RP0/CPU0:router(config-ipv4-acl)# 20 deny ipv4 30.1.0.0 0.0.255.255 any 
RP/0/RP0/CPU0:router(config-ipv4-acl)# 25 permit ipv4 30.0.0.0 0.255.255.255 any 
 
   

The following example shows how to configure a pure ACL-based forwarding:

RP/0/RP0/CPU0:router(config)#ipv4 access-list security-abf-acl 
RP/0/RP0/CPU0:router(config-ipv4-acl)# 10 permit ipv4 10.0.0.0 0.255.255.255 any nexthop 
50.1.1.2 
RP/0/RSP0RP0/CPU0:router(config-ipv4-acl)# 15 permit ipv4 30.2.1.0 0.0.0.255 any 
RP/0/RP0/CPU0:router(config-ipv4-acl)# 20 permit ipv4 30.2.0.0 0.0.255.255 any nexthop 
40.1.1.2 
RP/0/RP0/CPU0:router(config-ipv4-acl)# 25 permit ipv4 any any 

In the following example, the user1 subnet is not allowed to use outbound Telnet:

RP/0/RP0/CPU0:router(config)#ipv4 access-list telnetting 
RP/0/RP0/CPU0:router(config-ipv4-acl)# 10 remark Do not allow user1 to telnet out 
RP/0/RP0/CPU0:router(config-ipv4-acl)# 20 deny tcp host 172.16.2.88 255.255.0.0 any eq 
telnet
RP/0/RP0/CPU0:router(config-ipv4-acl)# 30 permit icmp any any 
RP/RP0/CPU0:nouter#show ipv4 access-list telnetting 
 
   
ipv4 access-list telnetting 
0 remark Do not allow user1 to telnet out 
20 deny tcp 172.16.2.88 255.255.0.0 any eq telnet out 
30 permit icmp any any 
 
   

Related Commands

Command
Description

ipv4 access-list log-update rate

To specify the rate at which IPv4 access lists are logged.

ipv4 access-list log-update threshold

To specify the number of updates that are logged for IPv4 access lists


ABF Show Commands

show access-lists afi-all

show access-lists ipv4

show access-list ipv4 "acl_name" hardware ingress location "node"

show cef

show cef exact-route

show access-lists afi-all

To display the contents of current IPv4 access lists, use the show access-lists command in EXEC mode.

show access-lists afi-all

Syntax Description

This command has no arguments or keywords.

Command Modes

EXEC

Command History

Release
Modification

Release 3.9.2

This command updated with nexthop parameter on the Cisco ASR 9000 Series Routers.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Task ID
Task ID
Operations

acl

read


Examples

The following sample output is from the show access-lists afi-all with the nexthop option:

RP/0/RSP0/CPU0:gryffindor#show access-lists afi-all
ipv4 access-list abf_2IPs
 10 permit ipv4 any any nexthop 110.1.1.2 1.1.1.2 110.1.1.2  
 20 permit ipv4 any any nexthop 110.2.1.2 9.9.9.1 110.2.1.2
ipv4 access-list abf_bfd
 10 permit ipv4 any 0.0.0.2 255.255.255.0 nexthop 110.1.1.2 100.1.1.2 100.3.1.2 
 20 permit ipv4 any any 
ipv4 access-list abf_ecmp
 10 permit ipv4 0.0.0.1 255.255.255.0 any dscp af22 ttl eq 64 nexthop 9.9.9.1 110.1.1.2  
 20 permit ipv4 0.0.0.1 255.255.255.0 any dscp af21 fragments nexthop 1.1.1.2 110.1.1.2 
110.2.1.2
ipv4 access-list abf_qos
 10 permit ipv4 0.0.0.1 255.255.255.252 any nexthop 20.11.1.2
 
   

Related Commands

Command
Description

show access-lists ipv4

Display the contents of current IPv4 access lists.

show access-list ipv4 "acl_name" hardware ingress location "node"

Display the nexthop hardware configuration of the current IPv4 access list.


show access-lists ipv4

To display the contents of current IPv4 access lists, use the show access-lists ipv4 command in EXEC mode.

show access-lists ipv4 [access-list-name hardware {ingress | egress} [interface type interface-path-id]{sequence number | location node-id}| summary [access-list-name] | access-list-name [sequence-number] | maximum [detail] [usage {pfilter {location node-id | all}}]]

Syntax Description

access-list-name

(Optional) Name of a particular IPv4 access list. The name cannot contain spaces or quotation marks, but can include numbers.

hardware

(Optional) Identifies the access list as an access list for an interface.

ingress

(Optional) Specifies an inbound interface.

egress

(Optional) Specifies an outbound interface.

interface

(Optional) Displays interface statistics.

type

(Optional) Interface type. For more information, use the question mark (?) online help function.

interface-path-id

Physical interface or virtual interface.


Note Use the show interfaces command to see a list of all interfaces currently configured on the route


For more information about the syntax for the router, use the question mark (?) online help function.

sequence number

(Optional) Sequence number of a particular IPv4 access list. Range is 1 to 2147483644.

location node-id

(Optional) Location of a particular IPv4 access list. The node-id argument is entered in the rack/slot/module notation.

summary

(Optional) Displays a summary of all current IPv4 access lists.

sequence-number

(Optional) Sequence number of a particular IPv4 access list. Range is 1 to 2147483644.

maximum

(Optional) Displays the current maximum number of configurable IPv4 access control lists (ACLs) and access control entries (ACEs).

detail

(Optional) Displays complete out-of-resource (OOR) details.

usage

(Optional) Displays the usage of the access list on a given line card.

pfilter

(Optional) Displays the packet filtering usage for the specified line card.

all

(Optional) Displays the location of all the line cards.


Defaults

The default displays all IPv4 access lists.

Command Modes

EXEC

Command History

Release
Modification

Release 3.9.2

This command updated with nexthop parameter on the Cisco ASR 9000 Series Routers.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Use the show access-lists ipv4 command to display the contents of all IPv4 access lists. To display the contents of a specific IPv4 access list, use the name argument. Use the sequence-number argument to specify the sequence number of the access list.

Use the hardware, ingress or egress, and location keywords to display the access list hardware contents and counters for all interfaces that use the specified access list in a given direction (ingress or egress). To display the contents of a specific access list entry, use the sequence number keyword and argument. The access group for an interface must be configured using the ipv4 access-group command for access list hardware counters to be enabled.

Use the show access-lists ipv4 summary command to display a summary of all current IPv4 access lists. To display a summary of a specific IPv4 access list, use the name argument.

Use the show access-lists ipv4 maximum detail command to display the OOR details for IPv4 access lists. OOR limits the number of ACLs and ACEs that can be configured in the system. When the limit is reached, configuration of new ACLs or ACEs is rejected.

Use the show access-list ipv4 usage command to display a summary of all interfaces and access lists programmed on the specified line card.

Task ID
Task ID
Operations

acl

read


Examples

In the following example, the contents of the IPv4 access lists with nexthop are displayed:

RP/0/RSP0/CPU0:gryffindor#show access-lists ipv4 abf_gre hardware ingress location 
0/0/CPU0
ipv4 access-list abf_gre
 1 permit tcp 0.0.0.5 255.255.255.0 eq 1000 any gt 1100 (200267 hw matches) (next-hop: 
187.1.1.2)
 2 permit tcp 0.0.0.5 255.255.255.0 eq 1001 any gt 1101 (200268 hw matches) (next-hop: 
187.2.1.2)
 
   

Table 1 Describes show access-lists ipv4 hardware Field Descriptions.

Table 5 show access-lists ipv4 hardware Field Descriptions 

Field
Description

hw matches

Number of hardware matches.

next-hop

Next hop is programmed and is reachable through FIB.

ACL name

Name of the ACL programmed in hardware.

Sequence Number

Each ACE sequence number is programmed into hardware with all the fields that are corresponding to the values set in ACE.

Grant

Depending on the ACE rule, the grant is set to deny, permit, or both.

Logging

Logging is set to on if ACE uses a log option to enable logs.

Per ace icmp

If Per ace icmp is set to on in the hardware, ICMP is unreachable, is rate-limited, and is generated. The default is set to on.

Next Hop Enable

When the ABF next hop is configured on an ACE, the Next Hop Enable is set to on.

Default Next Hop

When the ABF default-next-hop is configured in an ACE, the Default Next Hop is set to on.

Hits

Hardware counter for that ACE.

Statistics pointer

Statistics pointer is the pointer that is assigned for hardware counters.

Number of TCAM entries

Number of TCAM entries that are used to program the ACE into hardware.


In the following example, a summary of all IPv4 access lists are displayed:

RP/0/RSP0/CPU0:gryffindor#show access-lists ipv4 summary  
 
ACL Summary: 
Total ACLs configured: 8 
Total ACEs configured: 518
 

Table 2Describes ACL Summary Field Descriptions.

Table 6 ACL Summary Field Descriptions 

Field
Description

Total ACLs configured

Number of configured IPv4 ACLs.

Total ACEs configured

Number of configured IPV4 ACEs.


In the following example, the OOR details of the IPv4 access lists are displayed:

 
   
RP/0/RSP0/CPU0:gryffindor#show access-lists ipv4 maximum detail  
Default max configurable acls :10000 
Default max configurable aces :350000 
Current configured acls :8 
Current configured aces :518 
Current max configurable acls :10000 
Current max configurable aces :350000 
Max configurable acls :10000 
Max configurable aces :350000
 
   
 
   

Table 3 Describes show access-lists ipv4 maximum detail Field Descriptions

Table 7 access-lists ipv4 maximum detail Field Descriptions

Field
Description

Default max configurable acls

Default maximum number of configurable IPv4 ACLs allowed.

Default max configurable aces

Default maximum number of configurable IPv4 ACEs allowed.

Current configured acls

Number of configured IPv4 ACLs.

Current configured aces

Number of configured IPv4 ACEs.

Current max configurable acls

Configured maximum number of configurable IPv4 ACLs allowed.

Current max configurable aces

Configured maximum number of configurable IPv4 ACEs allowed.

Max configurable acls

Maximum number of configurable IPv4 ACLs allowed.

Max configurable aces

Maximum number of configurable IPv4 ACEs allowed.


Related Commands

Command
Description

show access-lists afi-all

Display all the afi-all access-list.

show access-list ipv4 "acl_name" hardware ingress location "node"

Display the nexthop hardware configuration of the current IPv4 access list.


show access-list ipv4 "acl_name" hardware ingress location "node"

To display the nexthop hardware configuration of the current IPv4 access list, use the show access-lists ipv4 "acl_name" hardware command in the EXEC mode.

show access-lists ipv4 [access-list-name hardware {ingress | egress} {location node-id} ]

Syntax Description

ipv4

IPv4 access lists

access-list name

Access list name

hardware

Show IPv4 access-list entries in hardware

ingress

Specifies an inbound interface.

egress

Specifies an outbound interface.

location

node-id

Location of a particular IPv4 access list. The node-id argument is entered in the rack/slot/module notation.


Defaults

The default displays all IPv4 access lists.

Command Modes

EXEC

Command History

Release
Modification

Release 3.9.2

This command updated with nexthop parameter on the Cisco ASR 9000 Series Routers.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Task ID
Task ID
Operations

acl

read


Examples

The following example is a hardware ingress showing the nexthop option.

RP/0/RSP0/CPU0:gryffindor#show access-lists ipv4 abf_thor hardware ingress sequence 1 
detail location 0/0/CPU0 Fri Jul  2 10:04:28.301 UTC
 
   
 
   
ACL name: abf_thor
Channel ID: 3
Sequence Number: 1
Grant: permit
Logging: OFF
Per ace icmp: ON
Next Hop Enable: ON
Next-hop: 19.19.19.2
Default Next Hop: OFF
Hits: 2502697
ACE ID: 7
Number of TCAM entries: 1
 
   
Entry : 0 for ACE : 1
RAW value  : 0x40040000 0x42000000 0x00000100 0000000000 000000
RAW mask   : 0x0003ffff 0xbdffffff 0xffff00ff 0xffffffff 0xffff
 
   
-------------------------------Field Details----------------------------------
acl_id             : 0x001
acl_id mask        : 00000
src address         : 0.0.0.1
src address mask    : 255.255.255.0
Protocol            : 0000
Protocol mask       : 0xff
fragment            : 0x1
fragment mask       : 000
DSCP                : 0000
DSCP mask           : 0xff
TTL                : 0000
TTL mask           : 0xff
L4 src port         : 000000
L4 src port mask    : 0xffff
dest address        : 0.0.0.0
dest address mask   : 255.255.255.255
L4 dest port        : 000000
L4 dest port mask   : 0xffff
RP/0/RSP0/CPU0:gryffindor#

Related Commands

Command
Description

show access-lists afi-all

Display all the afi-all access-list.

show access-lists ipv4

Display the contents of current IPv4 access lists.


show cef

To display information about packets forwarded by Cisco Express Forwarding (CEF), use the show cef command in EXEC mode.

show cef [prefix [mask]] [hardware {egress | ingress} | detail] [location {node-id | all}]

Syntax Description

prefix

(Optional) Longest matching CEF entry for the specified IPv4 destination prefix.

mask

(Optional) Exact CEF entry for the specified IPv4 prefix and mask.

hardware

(Optional) Displays detailed information about hardware.

egress

Displays information from the egress packet switch exchange (PSE) file.

ingress

Displays information from the ingress packet switch exchange (PSE) file.

detail

(Optional) Displays full details.

location node-id

(Optional) Displays detailed CEF information for the designated node. The node-id argument is entered in the rack/slot/module notation.

all

(Optional) Displays all locations.


Defaults

When the prefix is not explicitly specified, this command displays all the IPv4 prefixes that are present in CEF. When not specified, the location defaults to the active Route Processor (RP) node.

Command Modes

EXEC

Command History

Release
Modification

Release 3.9.2

This command was introduced on the Cisco ASR 9000 Series Routers.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Task ID
Task ID
Operations

cef

read


Examples

How to check what is outgoing path for nexthop?

show cef 30.10.10.10
Sat Jan 3 18:04:32.879 UTC
30.10.10.0/24, version 1, internal 0x40000001 (ptr 0x9d734894) [1], 0x0 (0x9cdfa53c), 0x0 
(0x0)
Updated Jan 1 00:04:15.121
remote adjacency to TenGigE0 /0/0/1
Prefix Len 24, traffic index 0, precedence routine (0)
via 101.0.0.1, TenGigE0 /0/0/1, 6 dependencies, weight 0, class 0 [flags 0x0]
next hop 101.0.0.1
remote adjacency

The following sample output shows the load information flag from the show cef command for both hardware and ingress keywords:

RP/0/RSP0/CPU0:router#show cef 10.1.3.0/24 hardware ingress location 0/3/CPU0 
10.1.3.0/24, version 0, internal 0x40000001 (0x598491e8) [1], 0x0 (0x0),
(0x0)  
 local adjacency 10.0.101.2
 Prefix Len 24, traffic index 0, precedence routine (0)
 BGP Attribute: id: 8, Local id: 6, Origin AS: 1003, Next Hop AS: 4 
 
   via 10.0.101.2, 2 dependencies, recursive
    next hop 10.0.101.2 via 10.0.101.2/32
 
 
   
 Number of Mnodes:   2
 Mnode 0 HW Location: 0x00080404  HW Value 
[ 0x0081a600 00000000 00000000 00000000 ] 
 
 Leaf Mnode 1  HW Location: 0x040d3030
 Hardware Leaf:      PLU Leaf Value
[ 0x8000d800 028842c6 00000000 1fff2000 ] 
 
 FCR  2 TLU Address 0x00210b19 TI 0 AS 6 
 
VPN Label 1 0 
 
 ************* IGP LoadInfo *****************
 Loadinfo HW Max Index  0
 Loadinfo SW Max Index  0
 PBTS Loadinfo Attached: No
 LI Path [ 0]  HFA Info: 0x10204028   FCR: 4
 ********************************************
 
------------------------------------------------
 HW Rx Adjacency  0 Detail:
------------------------------------------------
    Rx Adj HW Address   0x02040280  (ADJ)  
    packets 0  bytes 0 
    HFA Bits 0x80 gp 16 mtu 9248 (Fabric MTU) TAG length 0 
    OI 0x409 (Tx uidb 0 PPindex 1033) 
    OutputQ 0 Output-port 0x0 local-outputq 0x8000 
 
[ 0x80181040 00002420 00000409 00008000 ]
[ 0x00000000 00000000 00000000 00000000 ]
[ 0x00000000 00000000 00000000 00000000 ] 
 
   

The following sample output shows the load information flag from the show cef command for both hardware and egress keywords:

RP/0/RSP0/CPU0:router#show cef 10.53.0.0/16 hardware egress detail location 0/2/cpu0
 
   
10.53.0.0/16, version 0, attached, connected, internal 0xc0000c01 (0x7d2faaf0) [3], 0x0 
(0x7c0d6a64), 0x0 (0x0)
 remote adjacency to MgmtEth0/RSP0/CPU0/0
 Prefix Len 16, traffic index 0, precedence routine (0)
  gateway array (0x0) reference count 1, flags 0x0, source 3,
                [0 type 3 flags 0x101000 (0x7d1b466c) ext 0x0 (0x0)]
  LW-LDI[type=3, refc=1, ptr=0x7c0d6a64, sh-ldi=0x7d1b466c]
   via MgmtEth0/RSP0/CPU0/0, 0 dependencies, weight 0, class 0
    remote adjacency
 
  EGRESS PLU
SW: 0x04000000 00010010 00000000 00459400
   HW: 0x04000000 00010010 00000000 00459400
  entry_type:         FWD    vpn key:     0x00000000
  prefix len:          16    as num:               0
  num entries:          1    next ptr:    0x00004594
 
 
   
    Load info: Drop
    Flag: 0x00000003
    TLU1 0x00004594
    TLU1 ENTRY        0
     SW: 0x00000001 00010400 00000000 00000100
     HW: 0x00000001 00010400 00000000 00000100
    local:                0x0    drop:                0x1
    next ptr:     0x00010400
    PBTS:    0
    num of entries:    1
    Recursive next-hop:   0.0.0.0
 
       TLU2 <NOT AVAILABLE>
 
 
 
    Load distribution: 0 (refcount 0)
 
    Hash  OK  Interface                 Address
    0     Y   MgmtEth0/RSP0/CPU0/0       remote

If both the QoS group and IP precedence are set for a prefix, both values are printed. If only one of them is set, only one is printed. The following sample output is set for both the QoS group and IP precedence:

RP/0/RSP0/CPU0:router#show cef 10.55.55.0
 
   
10.55.55.0/24, version 0, internal 0x40000001[1] 0x0, (0x0)  local adjacency point2point  
Prefix Len 24, traffic index 0, precedence routine (0)  QoS Group: 20, IP Precedence: 3
   via 10.56.56.1, 0 dependencies, recursive
    next hop 10.56.56.1 via 10.56.56.0/24
 
   

The following sample output is set for a QoS group:

RP/0/RSP0/CPU0:router#show cef 10.55.55.0
 
   
10.55.55.0/24, version 0, internal 0x40000001[1] 0x0, (0x0)  local adjacency point2point  
Prefix Len 24, traffic index 0, precedence routine (0)  QoS Group: 20
   via 10.56.56.1, 0 dependencies, recursive
    next hop 10.56.56.1 via 10.56.56.0/24
 
   

The following sample output is set for an IP precedence:

RP/0/RSP0/CPU0:router#show cef 10.55.55.0
 
   
10.55.55.0/24, version 0, internal 0x40000001[1] 0x0, (0x0)  local adjacency point2point  
Prefix Len 24, traffic index 0, precedence routine (0)  IP Precedence: 3
   via 10.56.56.1, 0 dependencies, recursive
    next hop 10.56.56.1 via 10.56.56.0/24

Related Commands

Command
Description

show cef exact-route

Displays an IPv4 Cisco Express Forwarding (CEF) exact route.


show cef exact-route

To display an IPv4 Cisco Express Forwarding (CEF) exact route, use the show cef ipv4 exact-route command in EXEC mode.

show cef [vrf vrf-name] ipv4 exact-route {source-address destination-address}
[protocol protocol protocol-name] [source-port source-port] [destination-port destination-port] [ingress-interface type interface-path-id] [policy-class value] [detail | location node-id]

Syntax Description

vrf

(Optional) Displays VPN routing and forwarding (VRF) instance information.

vrf-name

(Optional) Name of a VRF.

source-address

The IPv4 source address in x.x.x.x format.

destination-address

The IPv4 destination address in x.x.x.x format.

protocol protocol-name

(Optional) Displays the specified protocol for the route.

source-port source-port

(Optional) Sets the UDP source port. The range is from 0 to 65535.

destination-port destination-port

(Optional) Sets the UDP destination port. The range is from 0 to 65535.

ingress-interface

(Optional) Sets the ingress interface.

type

(Optional) Interface type. For more information, use the question mark (?) online help function.

interface-path-id

 

(Optional) Either a physical interface instance or a virtual interface instance as follows:

Physical interface instance. Naming notation is rack/slot/module/port and a slash between values is required as part of the notation.

rack: Chassis number of the rack.

slot: Physical slot number of the modular services card or line card.

module: Module number. A physical layer interface module (PLIM) is always 0.

port: Physical port number of the interface.

Note In references to a Management Ethernet interface located on a route processor card, the physical slot number is alphanumeric (RSP0) and the module is CPU0.
Example: interface MgmtEth0/RSP0/CPU0/0.

Virtual interface instance. Number range varies depending on interface type.

For more information about the syntax for the router, use the question mark (?) online help function.

policy-class value

(Optional) Displays the class for the policy-based tunnel selection. The range for the tunnel policy class value is from 1 to 7.

detail

(Optional) Displays full CEF entry information.

location node-id

(Optional) Displays the IPv4 CEF table for the designated node. The node-id argument is entered in the rack/slot/module notation.


Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release
Modification

Release 3.9.2

This command was introduced on the Cisco ASR 9000 Series Routers.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

If the Layer 4 information is enabled, the source-port, destination-port, protocol, and ingress-interface fields are required. Otherwise, the output of the show cef ipv4 exact-route command is not correct.

Task ID
Task ID
Operations

cef

read


Examples

The following sample output is from the show cef ipv4 exact-route command:

RP/0/RSP0/CPU0:gryffindor#show cef exact-route 5.5.5.1 1.1.1.2 1.1.1.2/32, version 1, 
internal 0x40000001 (ptr 0x9d75e9c8) [1], 0x0 (0x9cdf0104), 0x0 (0x0)  Updated Jun 22 
14:32:49.250  remote adjacency to GigabitEthernet0/0/0/18  Prefix Len 32, traffic index 0, 
precedence routine (0) via GigabitEthernet0/0/0/18
 
   
 
   

Table 4 describes the significant fields shown in the display.

Table 8 show cef ipv4 exact-route Command Field Descriptions 

Field
Description

Prefix

Prefix in the IPv4 CEF table

Next Hop

Next hop of the prefix

Interface

Interface associated with the prefix


The following sample output shows the exact route for the Layer 4 information:

RP/0/RSP0/CPU0:router#show cef ipv4 exact-route 10.6.1.9 10.6.1.10 protocol udp 
source-port 1 destination-port 1 ingress-interface GigabitEthernet 0/1/0/4
 
   
10.6.1.10/32 version 0, internal 0x40040001 (0x78439fd0) [3], 0x0 (0x78aaf928), 0x4400 
(0x78ed62d0)
   remote adjacency to gigabitethernet0/1/4/4
   Prefix Len 32, traffic index 0, precedence routine (0)
     via gigabitethernet0/1/4/4

Related Commands

Command
Description

bundle-hash

Displays the path a bundle flow that comprises a source and destination address would take. For more information, see the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Command Reference.

cef load-balancing fields

Selects the hashing algorithm that is used for load balancing when forwarding.

show mpls forwarding exact-route

Displays the path an MPLS flow that comprises a source and destination address would take.


Generic Routing Encapsulation (GRE)

Cisco IOS XR Software Release 3.9.2 introduces support on the Cisco ASR 9000 Series Router platform for the GRE tunneling protocol. GRE is a simple, generic way to transport packets of one protocol over another protocol by means of encapsulation. The GRE tunneling protocol enables:

High Assurance Internet Protocol Encryptor (HAIPE) devices for encryption over the public Internet and nonsecure connections.

Service providers (that do not run MPLS in their core network) to provide VPN services along with the security services.

For more information on this feature, refer to the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide and the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Command Reference online.

Hardware Limitations:

Support for GRE is only for the Ethernet line card.

SIP-700 is not GRE aware and will drop GRE packets.

Restrictions:

The GRE feature has the following restrictions.

A maximum of 500 GRE tunnels can be configured per system.

GRE is limited to tunneling of unicast IPv4 data packets.

Packets received with nested and concatenated GRE headers are dropped.

Transport header support is limited to IPv4

Path MTU discovery is not supported over GRE tunnel interfaces. When size of the packet going over GRE tunnel interface exceeds the tunnel MTU, the ucode will punt the packet to the slow path for best effort fragmentation. Since punted packets are policed, this doesn't provide real fragmentation support. If the decap router receives a fragmented GRE packet, the fragments will also be punted to the slow path for best-effort reassembly. The user is responsible for making sure the MTUs configured along the tunnel path are large enough to guarantee the GRE packet will not be fragmented between tunnel source and destination routers.

No Layer 3 features (like QoS, ACL and netflow) are supported over GRE tunnel interfaces. Features configured on the underlying physical interface will be applied.

No support for optional checksum as defined in RFC2784.

No support for key, and sequence number fields as defined in RFC2890

End User Command Line Interface (CLI):

The GRE Configuration Commands are used to configure a tunnel interface.

The GRE Show Commands are used to display interface statistics.

GRE Commands

Following configuration commands will be available to configure GRE tunnels. Some of the commands are not specific to GRE but are applicable to GRE interfaces and hence are listed.

interface tunnel-ip

tunnel destination

tunnel mode

tunnel source

tunnel tos

tunnel ttl

tunnel dfbit disable

keepalive

interface tunnel-ip

To configure a tunnel interface for generic routing encapsulation (GRE), use the interface tunnel-ip command in global configuration mode. To delete the IP tunnel interface, use the no form of this command.

interface tunnel-ip <0-65535>

no interface tunnel-ip <0-65535>

Syntax Description

interface

Interface configuration sub commands

tunnel-ip

GRE Tunnel Interface(s)

<0-65535>

The instance number of the interface to be configured.


Defaults

No default behavior or values

Command Modes

CONFIG

Command History

Release
Modification

Release 3.9.2

This command was introduced on the Cisco ASR 9000 Series Routers.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Use the interface tunnel-ip command to configure a tunnel interface where the number is the instance number of the interface to be configured.

Task ID
Task ID
Operations

interface

read, write


Examples

The following example shows how to use the interface tunnel-ip command:

RP/0/RP0/CPU0:router#configure 
RP/0/RP0/CPU0:router(config)#interface tunnel-ip 50000 

tunnel destination

To specify a tunnel interface's destination, use the tunnel destination interface configuration command. To remove the destination, use the no form of this command. The tunnel will not be operational until this parameter is specified.

tunnel destination A.B.C.D

no tunnel destination A.B.C.D

Syntax Description

A.B.C.D

IPv4 address of the host destination.


Defaults

No tunnel interface destination is specified.

Command Modes

CONFIG-IF

Command History

Release
Modification

Release 3.9.2

This command was introduced on the Cisco ASR 9000 Series Routers.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Use the tunnel destination command to configure the destination address for an IP tunnel.

You should not have two tunnels using the same encapsulation mode with the same source and destination address.

Task ID
Task ID
Operations

tunnel

read, write

interface

read, write


Examples

The following example shows how to configure the tunnel destination 172.19.72.120:

RP/0/RP0/CPU0:router#configure 
RP/0/RP0/CPU0:router(config)#interface tunnel-ip 25 
RP/0/RP0/CPU0:router(config-if)#tunnel source 172.19.70.92 
RP/0/RP0/CPU0:router(config-if)#tunnel destination 172.19.72.120 
 
   

Related Commands

Command
Description

tunnel dfbit disable

Configures the DF bit setting in the tunnel transport header.

tunnel mode

Sets the encapsulation mode of the tunnel interface.

tunnel source

Sets a tunnel interface's source address.

tunnel tos

Specifies the value of the TOS field in the tunnel encapsulating packets.

tunnel ttl

Configures the TTL for packets entering the tunnel.


tunnel mode

To set the encapsulation mode of the tunnel interface, use the tunnel mode in the interface configuration mode.


Note The tunnel encapsulation mode is set automatically to IPv4.


tunnel mode gre ipv4

no tunnel mode

Syntax Description

mode

Tunnel encapsulation method (default gre ipv4)

gre

IP over GRE encapsulation

ipv4

GRE over IPv4 encapsulation.


Defaults

The default tunnel mode is gre ipv4.

Command Modes

CONFIG-IF

Command History

Release
Modification

Release 3.9.2

This command was introduced on the Cisco ASR 9000 Series Routers.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

The tunnel mode is set automatically to IPv4.

Task ID
Task ID
Operations

tunnel

read, write

interface

read, write


Examples

The following example shows how to set the encapsulation mode of the tunnel interface:

RP/0/RP0/CPU0:router#configure 
RP/0/RP0/CPU0:router(config)#interface tunnel-ip 1 
RP/0/RP0/CPU0:router(config-if)#tunnel mode gre ipv4 

Related Commands

Command
Description

tunnel dfbit disable

Configures the DF bit setting in the tunnel transport header.

tunnel destination

Specifies a tunnel interface's destination.

tunnel source

Sets a tunnel interface's source address.

tunnel tos

Specifies the value of the TOS field in the tunnel encapsulating packets.

tunnel ttl

Configures the TTL for packets entering the tunnel.


tunnel source

To specify the source for a tunnel interface, use the tunnel source command in IP interface configuration mode. To remove the source address, use the no form of this command. The tunnel will not be operational until this parameter is specified.

tunnel source {interface_name | A.B.C.D }

no tunnel source {interface_name | A.B.C.D }

Syntax Description

source

Configure source of tunnel

interface_name

Specifies the name of the interface whose IP address will be used as the source address of the tunnel. The interface name can be of loopback interface or a physical interface.

A.B.C.D

IPv4 address to use as the source address for packets in the tunnel.


Defaults

No tunnel interface source address or interface is specified.

Command Modes

CONFIG-IF

Command History

Release
Modification

Release 3.9.2

This command was introduced on the Cisco ASR 9000 Series Routers.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Use the tunnel source command to configure the source address or interface type and instance for an IP Security tunnel.

Task ID
Task ID
Operations

interface

read, write


Examples

The following example shows how to configure the tunnel source to 172.19.72.92:

RP/0/RP0/CPU0:router#configure 
RP/0/RP0/CPU0:router(config)#interface tunnel-ip 25 
RP/0/RP0/CPU0:router(config-if)#tunnel source 172.19.72.92 
RP/0/RP0/CPU0:router(config-if)#tunnel destination 172.19.72.120 
 
   

Related Commands

Command
Description

tunnel destination

Specifies a tunnel interface's destination.

tunnel dfbit disable

Configures the DF bit setting in the tunnel transport header.

tunnel mode

Sets the encapsulation mode of the tunnel interface

tunnel tos

Specifies the value of the TOS field in the tunnel encapsulating packets.

tunnel ttl

Configures the TTL for packets entering the tunnel.


tunnel tos

To specify the TOS value in the tunnel encapsulating packets, use the tunnel tos configuration command in the interface configuration mode. To go back to the default TOS value, use the no form of this command.

tunnel tos <0-255>

no tunnel tos <0-255>

Syntax Description

0-255

tos bits as decimal, hex (0x) or octal (0) value.


Defaults

The default TOS behavior is to copy TOS/COS bits of internal IP header to GRE IP header.

Command Modes

CONFIG-IF

Command History

Release
Modification

Release 3.9.2

This command was introduced on the Cisco ASR 9000 Series Routers.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This command specifies the TOS value to insert in the tunnel encapsulating header.

Task ID
Task ID
Operations

tunnel

read, write

interface

read, write


Examples

The following example shows how to set the GRE IP header TOS of the tunnel interface:

RP/0/RP0/CPU0:router#configure 
RP/0/RP0/CPU0:router(config)#interface tunnel-ip 1 
RP/0/RP0/CPU0:router(config-if)#tunnel tos 134 
 
   

Related Commands

Command
Description

tunnel destination

Specifies a tunnel interface's destination.

tunnel dfbit disable

Configures the DF bit setting in the tunnel transport header.

tunnel mode

Sets the encapsulation mode of the tunnel interface.

tunnel source

Sets a tunnel interface's source address.

tunnel ttl

Configures the TTL for packets entering the tunnel.


tunnel ttl

To configure the time-to-live value for packets entering the tunnel, use the tunnel ttl configuration command. To go back to the default TTL value, use the no form of this command.

tunnel ttl <1-255>

no tunnel ttl <1-255>

Syntax Description

ttl

Configure the time-to-live for packets sent over this tunnel

1-255

ttl bits as decimal, hex (0x) or octal (0) value.


Defaults

The default value is 255

Command Modes

CONFIG-IF

Command History

Release
Modification

Release 3.9.2

This command was introduced on the Cisco ASR 9000 Series Routers.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This command specifies the Time-To-Live for packets entering the tunnel so that they are not dropped inside the carrier network before reaching the tunnel destination.

Task ID
Task ID
Operations

tunnel

read, write

interface

read, write


Examples

The following example shows how to set the time-to-live packets of the tunnel interface:

RP/0/RP0/CPU0:router#configure 
RP/0/RP0/CPU0:router(config)#interface tunnel-ip 1 
RP/0/RP0/CPU0:router(config-if)#tunnel ttl 100

Related Commands

Command
Description

tunnel destination

Specifies a tunnel interface's destination.

tunnel dfbit disable

Configures the DF bit setting in the tunnel transport header.

tunnel mode

Sets the encapsulation mode of the tunnel interface.

tunnel source

Sets a tunnel interface's source address.

tunnel tos

Specifies the value of the TOS field in the tunnel encapsulating packets.


tunnel dfbit disable

To configure the DF bit setting in the tunnel transport header, use the tunnel dfbit disable command in the configuration mode. To go back to the default DF setting value, use the no form of this command.

tunnel dfbit disable

no tunnel dfbit disable

Syntax Description

This command has no syntax or keywords.

Defaults

The default is to not allow fragmentation. i.e. the tunnel transport header is always encapsulated with DF bit set.

Command Modes

CONFIG-IF

Command History

Release
Modification

Release 3.9.2

This command was introduced on the Cisco ASR 9000 Series Routers.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This command specifies the DF bit setting in the tunnel transport header. The default is to always set the DF bit, use this command to override the default.

Task ID
Task ID
Operations

tunnel

read, write

interface

read, write


Examples

The following example shows how to configure interface tunnel:

 
   
RP/0/RSP0/CPU0:router#configure terminal
RP/0/RSP0/CPU0:router(config)#interface tunnel-ip 10
RP/0/RSP0/CPU0:router(config-if)#tunnel dfbit disable
 
   

Related Commands

Command
Description

tunnel destination

Specifies a tunnel interface's destination.

tunnel mode

Sets the encapsulation mode of the tunnel interface.

tunnel source

Sets a tunnel interface's source address.

tunnel tos

Specifies the value of the TOS field in the tunnel encapsulating packets.

tunnel ttl

Configures the TTL for packets entering the tunnel.


keepalive

To enable a keepalive for a tunnel interface, use this tunnel keepalive configuration command. To remove the keepalive, use the no form of this command.

keepalive [time_in_seconds [retry_num ] ]

no keepalive

Syntax Description

keepalive

Enable keepalive packets on this tunnel

time_in_seconds

<1-32767> Keepalive period in seconds (default 10 seconds)

retry_num

<1-255> Number of retries (default 3)


Defaults

Keepalives are disabled by default.

When enabled the default keepalive value is 10 seconds.

The default value for keepalive retries before declaring that a tunnel destination is unreachable is 3 retries

Command Modes

CONFIG-IF

Command History

Release
Modification

Release 3.9.2

This command was introduced on the Cisco ASR 9000 Series Routers.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Use the keepalive command to enable keepalive for a tunnel interface.

At tunnel source a keepalive packet is sent to the tunnel destination at specified interval to see if the tunnel destination is reachable. Upon tunnel destination becoming unreachable, the tunnel interface will be marked down.

Task ID
Task ID
Operations

tunnel

read, write

interface

read, write


Examples

The following example shows how to use the keepalive command:

RP/0/RSP0/CPU0:router#configure
RP/0/RSP0/CPU0:router(config)#interface tunnel-ip 10
RP/0/RSP0/CPU0:router(config-isa-prof)#keepalive 10 3

Related Commands

Command
Description

tunnel destination

Specifies a tunnel interface's destination.

tunnel dfbit disable

Configures the DF bit setting in the tunnel transport header.

tunnel mode

Sets the encapsulation mode of the tunnel interface

tunnel source

Sets a tunnel interface's source address.

tunnel tos

Specifies the value of the TOS field in the tunnel encapsulating packets.

tunnel ttl

Configures the TTL for packets entering the tunnel.


GRE Show Commands

This section describes different show commands that provide GRE specific information.

show cef

show cef adjacency

show cef interface

show cef

To display information about packets forwarded by Cisco Express Forwarding (CEF) interfaces, use the show cef command in EXEC mode.

show cef [tunnel-ip <0-65535>] [hardware {egress | ingress} | detail] [location {node-id | all}]

Syntax Description

tunnel-ip

(Optional) Displays information about GRE tunnel

<0-65535>

The instance number of the tunnel interface.

hardware

(Optional) Displays detailed information about hardware.

egress

Displays information from the egress packet switch exchange (PSE) file.

ingress

Displays information from the ingress packet switch exchange (PSE) file.

detail

(Optional) Displays full details.

location

node-id

(Optional) Displays detailed CEF information for the designated node. The node-id argument is entered in the rack/slot/module notation.

all

(Optional) Displays all locations.


Defaults

When the prefix is not explicitly specified, this command displays all the prefixes that are present in CEF. When not specified, the location defaults to the active Route Processor (RP) node.

Command Modes

EXEC

Command History

Release
Modification

Release 3.9.2

This command was modified on the Cisco ASR 9000 Series Routers to accept tunnel-ip option.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Task ID
Task ID
Operations

cef

read


Examples

The following example is show cef interface tunnel-ip 134.

RP/0/RSP0/CPU0:vkg-7#show cef tunnel-ip 134 detail 
Thu Jul 15 16:04:56.299 UTC
100.134.0.0/24, version 1, attached, connected, internal 0xc0000c01 (ptr 0x9d7fd514) 
[1], 0x0 (0x9cd96854), 0x0 (0x0)
Updated Jul 15 13:01:15.399 
local adjacency point2point
Prefix Len 24, traffic index 0, precedence routine (0)
via tunnel-ip134, 3 dependencies, weight 0, class 0 [flags 0x8]
local adjacency
100.134.0.0/32, version 0, broadcast
Updated Jul 15 13:01:15.400
Prefix Len 32
100.134.0.30/32, version 1, attached, receive
Updated Jul 15 13:01:15.399
Prefix Len 32
100.134.0.255/32, version 0, broadcast
Updated Jul 15 13:01:15.400
Prefix Len 

Related Commands

Command
Description

show cef adjacency

Display Cisco Express Forwarding (CEF) adjacency status and configuration information

show cef interface

Display Cisco Express Forwarding (CEF)-related information for an interface.


show cef adjacency

To display Cisco Express Forwarding (CEF) adjacency status and configuration information, use the show cef adjacency command in EXEC mode.

show cef adjacency [tunnel-ip <0-65535>]

Syntax Description

cef

CEF show commands

adjacency

CEF adjacency status and configuration

tunnel-ip

(Optional) GRE Tunnel Interface(s)

0-65535

The instance number of the interface to be configured.

detail

(Optional) Displays full details.


Defaults

No default behavior or values

Command Modes

EXEC

Command History

Release
Modification

Release 3.9.2

This command was modified on the Cisco ASR 9000 Series Routers to accept tunnel-ip option.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This command is used to verify that an adjacency exists for a connected device, that the adjacency is valid, and that the MAC header rewrite string is correct.

Task ID
Task ID
Operations

cef

read


Examples

The following example shows a cef interface details.

RP/0/RSP0/CPU0:vkg-7#show cef adjacency tunnel-ip 134 
Fri Jul 9 16:20:43.259 UTC
Display protocol is ipv4
Interface Address Type Refcount
 
   
ti134 Prefix: 0.0.0.0/32 local 5
Adjacency: PT:0x9c447764 0.0.0.0/32
Interface: ti134
GRE header: 4500000000004000ff2f67430a2200290a22001f00000800
GRE tunnel adjacency
GRE tunnel info: 0x9dee2098 (0x1 3), tos-propagate is set
Interface Type: 0x25, Base Flags: 0x20001 (0x9de7e5bc)
Nhinfo PT: 0x9de7e5bc, Idb PT: 0x9c8f6218, If Handle: 0x8000120
Dependent adj type: remote (0x9de7e618)
Dependent adj intf: ti134
Ancestor If Handle: 0x0

Related Commands

Command
Description

show cef

Displays information about packets forwarded by Cisco Express Forwarding (CEF).

show cef interface

Display Cisco Express Forwarding (CEF)-related information for an interface.


show cef interface

To display Cisco Express Forwarding (CEF)-related information for an interface, use the show cef interface command in EXEC mode.

show cef interface [tunnel-ip <0-65535>]

Syntax Description

cef

Cisco Express Forwarding (CEF) show commands

interface

CEF interface status and configuration

tunnel-ip

(Optional) GRE Tunnel Interface

0-65535

(Optional) The instance number of the interface to be queried.


65535>

Defaults

When an interface is not explicitly specified, this command displays all the interfaces that are present in CEF.

Command Modes

EXEC

Command History

Release
Modification

Release 3.9.2

This command was modified on the Cisco ASR 9000 Series Routers to accept the tunnel-ip option.


Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Task ID
Task ID
Operations

cef

read


Examples

The following example shows a cef interface details.

RP/0/RSP0/CPU0:vkg-7#show cef interface tunnel-ip 134 
Thu Jul 15 17:20:22.248 UTC
tunnel-ip134 is up if_handle 0x08000520 if_type 0x25 
idb info 0x9c7e6618 flags 0x1201 ext 0x9dac3050
Vrf Local Info (0x9daf5224)
Interface last modified Jul 15, 2010 12:58:55, create
Interface is marked as point to point interface
Interface is marked as GRE tunnel interface
Reference count 1 Next-Hop Count 2
Forwarding is enabled
ICMP redirects are never sent
IP MTU 1476, TableId 0xe0000000(0x9c66db80)
Protocol Reference count 2
Primary IPV4 local address 100.134.0.30/32

Related Commands

Command
Description

show cef

Displays information about packets forwarded by Cisco Express Forwarding (CEF).

show cef adjacency

Display Cisco Express Forwarding (CEF) adjacency status and configuration information


IPv6 Over Bundle

Cisco IOS XR Software Release 3.9.2 adds IPv6 as a protocol that can be passed over link bundles on the Cisco ASR 9000 Series Router platform.

This feature covers IPv6 support over Ethernet and POS bundles, including Bundle-VLANs. The features in this release that are supported on IPv6 over bundle interfaces are:

IPv6 Unicast

IPv6 Multicast

32 members per bundle (bundle-pos or bundle-ether).

Bundle interfaces of different bandwidth.

IPv6 QOS

IPv6 ACL

L2 load balance of v6 traffic over bundle interfaces.

Ipv6 BGP Policy Accounting

The following features are not supported in IPv6 over Bundle:

RSVP signaling on top of IPv6 bundle interfaces

TE and FRR on top of IPv6 bundle interfaces

GRE, L2TPv3 tunnels on top of IPv6 bundle interfaces

IPSEC tunnels over IPv6 bundle interfaces

Limitations:

User shall be able to configurable thresholds for the number of component links that need to be up and active for a link bundle to be up and active

Support up to 4000 (4k) Bundle VLANS in total.

L2VPN service over IPv6 bundled interfaces

MVPN Service over IPv6 bundled interfaces

On the Cisco ASR 9000 Series Router, this feature is available for all line cards

Ipv6 on bundles is not supported on the Cisco ASR 9000 Series Router SIP-700

IPv6 ACLs on bundles is supported from release 3.9.2 onwards

IPv6 multicast is not supported on bundle interfaces/normal interfaces in 3.9.2

IPv6 BGP Policy Accounting is currently not supported over physical or sub-interfaces.

More information about link bundling configuration and monitoring can be found in the following Command Reference Guides, Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Command Reference and Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Command Reference, online.

Features Introduced in Cisco IOS XR Software Release 3.9.1

The following features introduced in Cisco IOS XR Software Release 3.9.1 are supported on the Cisco ASR 9000 Series Router platform:

AIS for CFM (Y.1732 Performance Monitoring)

Cisco IOS XR Software Release 3.9.1 introduces support on the Cisco ASR 9000 Series Router platform for Alarm Indication Signal (AIS) functionality for Connectivity Fault Management (CFM) in conformance to the ITU-T Y.1731 standard. For more information on this feature, refer to the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide online.

CFM over BLM

Cisco IOS XR Software Release 3.9.1 introduces support on the Cisco ASR 9000 Series Router platform for Ethernet Connectivity Fault Management (CFM) over bundled link members (BLM). For more information on this feature, refer to the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide online.

CFM over Link Aggregation Groups (LAGs)

Cisco IOS XR Software Release 3.9.1 introduces support on the Cisco ASR 9000 Series Router platform for Ethernet Connectivity Fault Management (CFM) over link aggregation groups (LAGs). For more information on this feature, refer to the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide online.

Ethernet Fault Detection for CFM

Cisco IOS XR Software Release 3.9.1 introduces support on the Cisco ASR 9000 Series Router platform for EFD for CFM. Ethernet Fault Detection (EFD) is a feature of Ethernet Connectivity Fault Management (CFM) that provides line protocol fault detection for Ethernet interfaces.

CFM Configurable Tagging

Cisco IOS XR Software Release 3.9.1 introduces support on the Cisco ASR 9000 Series Router platform for configurable tagging for CFM. For more information on this feature, refer to the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide online.

PBB

Cisco IOS XR Software Release 3.9.1 introduces support on the Cisco ASR 9000 Series Router platform for the IEEE 802.1ah Standard for Provider Backbone Bridging (PBB). For more information on this feature, refer to the Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide online.

MVRP-Lite

Cisco IOS XR Software Release 3.9.1 introduces support on the Cisco ASR 9000 Series Router platform for MVRP-Lite (Multiple VLAN Registration Protocol Lite). For more information on this feature, refer to the Cisco ASR 9000 Series Aggregation Services Router Multicast Command Reference and the Cisco ASR 9000 Series Aggregation Services Router Multicast Configuration Guide online.

Note that MVRP-Lite describes does not implement the MAP or Registrar functions of the MRP specification or enact attribute registrations in the local forwarding table.

Netflow

Cisco IOS XR Software Release 3.9.1 introduces support on the Cisco ASR 9000 Series Router platform for Netflow. NetFlow is useful for the following:

Accounting/Billing—NetFlow data provides fine grained metering for highly flexible and detailed resource utilization accounting.

Network Planning and Analysis—NetFlow data provides key information for strategic network planning.

Network Monitoring—NetFlow data enables near real-time network monitoring capabilities.

For more information on this feature, refer to the Cisco ASR 9000 Series Aggregation Services Router Netflow Command Reference and the Cisco ASR 9000 Series Aggregation Services Router Netflow Configuration Guide online.

6PE/VPE

Cisco IOS XR Software Release 3.9.1 introduces support on the Cisco ASR 9000 Series Router platform for the 6PE (IPv6 over MPLS) feature. 6PE allows IPv6 domains to communicate with each other over an MPLS IPv4 core network. Note that IPv6 over bundles is NOT supported on the Cisco ASR 9000 Series Router platform running Cisco IOS XR Software Release 3.9.1 or earlier.

Also note that when downgrading from Cisco IOS XR Software Release 3.9.1 to an earlier release, if a 6PE/VPE configuration is present in the system, the 6PE/VPE configuration needs to be unconfigured before initiating the downgrade.

16x10-Gigabit Ethernet (16 x 10 GE) SFP+ Line Card

Cisco IOS XR Software Release 3.9.1 introduces support on the Cisco ASR 9000 Series Router platform for the 16x10-Gigabit Ethernet (16 x 10 GE) SFP+ line card.

BGP-AD with LDP Signalling

Cisco IOS XR Software Release 3.9.1 introduces support on the Cisco ASR 9000 Series Router platform for extending the BGP-AD feature to add support for LDP signalling. BGP-AD with BGP signalling was already supported on the Cisco ASR 9000 Series Router platform. LDP signalling is tied to L2VPN services.

SSH Remote Command Execution

Cisco IOS XR Software Release 3.9.1 introduces support on the Cisco ASR 9000 Series Router platform for the SSH remote command execution feature. This feature allows an operator to execute a command on the Cisco ASR 9000 Series Router without logging into the Cisco ASR 9000 Series Router, using non-interactive SSH mode. The result of the command is sent via the established channel to the operator. The SSH client running on the operator end prints the output.

Uncompressed Vidmon

Cisco IOS XR Software Release 3.9.1 introduces support on the Cisco ASR 9000 Series Router platform for high bandwidth flow on the Video Monitoring service introduced in Cisco IOS XR Software Release 3.9.0.

16K Queues per NPU on 10 Gigabit Ethernet Line Cards

Cisco IOS XR Software Release 3.9.1 adds support on the Cisco ASR 9000 Series Router for 16K Queues per Network Processing Unit (NPU) on the 10 Gigabit Ethernet line cards.

2000 VRRP Sessions

Cisco IOS XR Software Release 3.9.1 adds support on the Cisco ASR 9000 Series Router for up to 2000 Virtual Router Redundancy Protocol (VRRP) sessions.

SONET DS3

Cisco IOS XR Software Release 3.9.1 adds support for SONET DS3 on the Cisco ASR 9000 Series Router with SIP-700 and SPA-2XCH0C12. For more information on this feature, refer to the Cisco ASR 9000 Series Aggregation Services Router Interface and Hardware Component Configuration Guide online.

BPID-02

Cisco IOS XR Software Release 3.9.1 adds support for the show plugin slot counts command which displays cumulative and running counts of card inserts per slot on the Cisco ASR 9000 Series Router with the BPID-02 card. For more information on the show plugin slot counts command, refer to the Cisco ASR 9000 Series Aggregation Services Router System Management Command Reference online.

MPLS-TE Automatic Bandwidth

Cisco IOS XR Software Release 3.9.1 adds support for the MPLS-TE automatic bandwidth feature The MPLS-TE automatic bandwidth feature measures the traffic in a tunnel and periodically adjusts the signaled bandwidth for the tunnel.

Multicast VPN

Cisco IOS XR Software Release 3.9.1 adds support for the Multicast VPN feature. (For IPv4 address family only - MVPNv6 is not supported on the Cisco ASR 9000 Series Routers in Cisco IOS XR Software Release 3.9.1). For more information on this feature, refer to the Cisco ASR 9000 Series Aggregation Services Router Multicast Command Reference and the Cisco ASR 9000 Series Aggregation Services Router Multicast Configuration Guide online.

Policy Based Forwarding and Layer 2 Protocol Tunneling

Cisco IOS XR Software Release 3.9.1 adds support for the Policy Based Forwarding and Layer 2 Protocol Tunneling features. Layer 2 Protocol Tunneling (L2PT) is a Cisco proprietary protocol for tunneling Ethernet protocol frames across Layer 2 (L2) switching domains. This includes protocol tunnelling of CDP, PVST+, STP, and VTP protocol frames. For more information on these two features, refer to the Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide online.

Multiple Spanning Tree Protocol (MSTP) over Link Aggregation Groups (LAGs)

Cisco IOS XR Software Release 3.9.1 adds support for the Multiple Spanning Tree Protocol (MSTP) over Link Aggregation Groups (LAGs) feature and the MSTP over MSTAG feature. For more information on these features, refer to the Cisco ASR 9000 Series Aggregation Services Router L2VPN and Ethernet Services Configuration Guide online.

8x10-Gigabit Ethernet (8 x 10 GE) Line Card Medium Queue

Cisco IOS XR Software Release 3.9.1 introduces support on the Cisco ASR 9000 Series Router platform for the medium queue 8x10-Gigabit Ethernet line card (A9K-8T-B). Support for the high and low queue 8x10-Gigabit Ethernet line cards was introduced in Cisco IOS XR Software Release 3.9.0.

Features Introduced in Cisco IOS XR Software Release 3.9.0

The following features introduced in Cisco IOS XR Software Release 3.9.0 are supported on the Cisco ASR 9000 Series Router platform:

ANCP over IP Unnumbered Interfaces

Cisco IOS XR Software Release 3.9.0 adds support on the Cisco ASR 9000 Series Router for up to 400 Access Node Control Protocol (ANCP) sessions and an associated 400 IP unnumbered interfaces.


Note IP unnumbered interfaces on bundled Ethernet is only supported on the Cisco ASR 9000 Series Router platform.


100ms LACP

Cisco IOS XR Software Release 3.9.0 adds support on the Cisco ASR 9000 Series Router for LACP running over bundle member interfaces at intervals down to 100ms.

Cisco ASR 9000 Series 8-Port Ten Gigabit Ethernet line card, 80G Line Rate

Cisco IOS XR Software Release 3.9.0 adds support on the Cisco ASR 9000 Series Router for the A9K-8T line card, which provides an 80G line rate line card.

2x10GE + 20xGE on a Single Line Card

Cisco IOS XR Software Release 3.9.0 adds support on the Cisco ASR 9000 Series Router for the A9K-2T20GE line card, which provides 2x10GE + 20xGE on a single line card.

WAN PHY and OTN(G.709) modes

Cisco IOS XR Software Release 3.9.0 adds support for WAN PHY and OTN(G.709) modes, which provide IPoDWM on the newly-introduced A9K-8T line card and on the newly-introduced A9K-2T20G line card.

Here is the syntax of the transport-mode command, used to choose WAN PHY or OTN(G.709) mode:

[no] transport-mode {wan | otn}
 
   
 
   
RP/0/RSP0/CPU0:ROSH10(config-if)#transport-mode  wan
RP/0/RSP0/CPU0:ROSH10(config-if)#transport-mode  otn bit-transparent {opu1e | ouu2e}
 
   

There are two loopback modes available under IPoDWDM:

RP/0/RSP0/CPU0:ROSH10(config)#controller dwdm 0/2/0/0 
RP/0/RSP0/CPU0:ROSH10(config-dwdm)#loopback ?
  internal  Select internal loopback mode
  line      Select line loopback mode
 
   

There are three types of admin states: in-service, maintenance, and out-of-service. Set the admin-state to out-of-service before provisioning any command under controller dwdm mode.

RP/0/RSP0/CPU0:ROSH10(config)#controller dwdm 0/2/0/0 
RP/0/RSP0/CPU0:ROSH10(config-dwdm)#admin-state ?
  in-service      change the admin-state to In-service (IS)
  maintenance     change the admin-state to Out-of-service-Maintenance (OOS-MT)
  out-of-service  change the admin-state to Out-of-service (OOS)
 
   

Here are the show controllers commands introduced to support the three states (lan, wanphy and dwdm):

RP/0/RSP0/CPU0:ROSH10#sh controllers tenGigE 0/2/0/0 ?     
  all       Show all the information
  bert      Show BERT status
  control   Show configuration and control information
  internal  Show internal information
  mac       Show mac information
  phy       Show phy information
  regs      Show registers information
  stats     Show stats information
  xgxs      Show xgxs information
 
   
 
   
RP/0/RSP0/CPU0:ROSH10#sh controllers wanphy 0/2/0/1 ?
  alarms     Show alarm information
  all        Show all information
  registers  Show register information
 
   
 
   
RP/0/RSP0/CPU0:ROSH10#sh controllers dwdm 0/2/0/0 ?
  g709            Show G709  info
  log             Signal logging information
  optics          Show transponder info
  pm              show dwdm performance monitoring
  proactive       Proactive Protection Feature Status
  srlg            Display Network SRLGs configured at this port
  tdc             Show Tunable Dispersion info
  wavelength-map  Wavelength channel number  map table
 
   

Low Queue Line Cards

Cisco IOS XR Software Release 3.9.0 adds support on the Cisco ASR 9000 Series Router for the following low queue line cards:

A9K-40GE-L

A9K-8T/4-L

A9K-4T-L

A9K-8T-L

SIP-700

Cisco IOS XR Software Release 3.9.0 adds support on the Cisco ASR 9000 Series Router for the SIP-700, a 20G SPA Interface Processor.

SPA-2XCHOC12/DS0

Cisco IOS XR Software Release 3.9.0 adds support on the Cisco ASR 9000 Series Router for the SPA-2XCHOC12/DS0, a 2-Port Channelized OC-12/DS0 SPA (Shared Port Adapter).

SIP-700 and SPA-2XCHOC12/DS0 Software Features

Cisco IOS XR Software Release 3.9.0 adds support on the Cisco ASR 9000 Series Router with the SIP-700 and SPA-2XCHOC12/DS0 for the following software features:

MLPPP/LFI

IC-SSO

MR-APS

SONET, T1

Frequency Synchronization

IPv4 Netflow

QoS Features

Cisco IOS XR Software Release 3.9.0 adds support on the Cisco ASR 9000 Series Router with the SIP-700 and SPA-2XCHOC12/DS0 for the following QoS features:

Support for IPv4 payload on Serial (PPP encapsulation), MLPPP, and MCMP interfaces. Support for LFI traffic on MLPPP or MCMP bundles.

Support for classification based on DSCP, precedence, protocol, qos-group (egress only), discard-class (egress only), and access-lists.

Support for marking, policing, and priority (see Fabric QoS section) in the ingress direction.

Support for marking, policing, and all queueing actions (bandwidth, bandwidth-remaining, shaping, queue-limit, priority levels 1 and 2, and random-detect) in the egress direction.

On the SIP-700 and SPA-2XCHOC12/DS0 only a 2-parameter scheduler is supported i.e. either bandwidth or bandwidth-remaining can be used in the same policy, but not both.

Note that traffic shaping on an input interface is not supported on the SIP-700.

Two levels of hierarchy supported, with only class-default permitted in the parent policy-map.

Fabric QoS configured using the priority action in the ingress direction.

Support for re-programming the QoS policy in response to underlying link bandwidth change on multi-link interfaces. There is no support for in place QoS policy modification on the SIP-700.

Support for the "encap-sequence" action to set the traffic class for traffic on multi-class MLPPP interfaces in the egress direction.

The "set cos" command on the egress of a Layer 3 interface is valid and supported. The "set cos" command on the ingress of a Layer 3 interface is rejected when performed on a subinterface. The "set cos" command on the ingress of a Layer 3 interface is ignored on a main interface.

Y.1731 Performance Monitoring - Delay & Delay Variance

Cisco IOS XR Software Release 3.9.0 adds support on the Cisco ASR 9000 Series Router for Y.1731 PM, which initially supports 2-way scheduled delay and delay variance measurements.

IP FRR

Cisco IOS XR Software Release 3.9.0 adds support on the Cisco ASR 9000 Series Router for IPFRR (IP Fast ReRoute), a set of technologies used in order to rapidly converge traffic flows around link and/or node failures. Only MLPPP encapsulation channels on the OC-12 SONET interface can be protected by IP-FRR in Cisco IOS XR Software Release 3.9.2.

L2 Multicast Limit

Cisco IOS XR Software Release 3.9.0 adds support on the Cisco ASR 9000 Series Router for the Layer 2 Multicast Limit feature, which supports IGMP Snooping based limits for both the maximum number of allowed multicast channels per subscriber and the maximum bandwidth available for multicast per subscriber.

Traffic Mirroring

Cisco IOS XR Software Release 3.9.0 adds support on the Cisco ASR 9000 Series Router for Local Traffic Mirroring (EFP to EFP) and also the option of appending a VLAN tag on the destination port for transport across an Ethernet network. Traffic Mirroring copies traffic from one or more Layer 2 interfaces or sub-interfaces, including Layer 2 link bundle interfaces/sub-interfaces, and sends the copied traffic to one or more destinations for analysis by a network analyzer or other monitoring device.

On a switch, unicast traffic from A to B is only forwarded to the B port. Therefore, the network analyzer does not see this traffic. When the Traffic Mirroring feature is enabled, the network analyzer is attached to a port that is configured to receive a copy of every packet that host A sends. This port is called a traffic mirroring port.

Currently, the Cisco ASR 9000 Series Router only supports Local SPAN and R-SPAN.

A maximum of 8 monitor sessions, and 800 source ports are supported.

You can configure 800 source ports on a single monitor session or configure an aggregate total of 800 source ports on up to 8 different monitor sessions.

The following SPAN types are not supported:

ER-SPAN (Encapsulated Remote Switched Port Analyzer)

Traffic is mirrored to a remote site via a GRE tunnel.

Pseudowire SPAN (PW-SPAN).

Traffic is mirrored to a remote site via an MPLS pseudowire, instead of using a standard destination interface. (Plan to be supported in 4.0.1 release.)

VLAN-based SPAN.

In this case, the source for the mirrored traffic is not simply a set of interfaces, but is a full bridge-domain.

Filter-SPAN (F-SPAN)

In this case, flow and ACL are applied in mirroring the traffic.

Cisco recommends not mirroring more 15% of total transit traffic. On TenGigE or bundle interfaces there is a limit of 1.5G on each ingress and egress traffic port to be mirrored.

SPAN Configurations:

To create a "monitor-session" in global config:

-monitor-session <name>

- destination interface <dst_interface>

To attach a source port in local-plane config:

-interface <src-interface> l2transport

- monitor-session <name> [direction {rx_only | tx_only]

SPAN Configuration Samples:

SPAN with Physical Interfaces (Local SPAN)

The following example shows a basic configuration for SPAN with physical interfaces. When traffic flows over the point to point cross connect between gig0/2/0/19 and gig0/2/0/11, packets received and transmitted on gig0/2/0/19 will also get mirrored to gig0/2/0/15.

monitor-session ms1
 destination interface gig0/2/0/15
!
interface gig0/2/0/11
 l2transport
!
interface gig0/2/0/15
 l2transport
!
interface gig0/2/0/19
 l2transport
  monitor-session ms1
!
l2vpn
 xconnect group xg1
  p2p xg1_p1
   interface gig0/2/0/11
   interface gig0/2/0/19
  !
 !
!
 
   

SPAN with EFPs (R-SPAN)

The following example shows a basic configuration for SPAN with EFP interfaces. When traffic flows over the point to point cross connect between gig0/2/0/19.10 and gig0/2/0/11.10, packets received and transmitted on gig0/2/0/19.10 will also get mirrored to gig0/2/0/15.10.

monitor-session ms1
 destination interface gig0/2/0/15.10
!
interface gig0/2/0/11.10 l2transport
 encapsulation dot1q 10
!
interface gig0/2/0/15.10 l2transport
 encapsulation dot1q 10
!
interface gig0/2/0/19.10 l2transport
 encapsulation dot1q 10
 monitor-session ms1
!
l2vpn
 xconnect group xg1
  p2p xg1_p1
   interface gig0/2/0/11.10
   interface gig0/2/0/19.10
  !
 !
!
 
   
 
   

Display Commands

show monitor-session [session_name] status [detail] [error]

Shows the status of different monitor sessions.

Keywords:

session_name

detail

errors

Example output:

RP/0/RSP0/CPU0:RTP-VIKING-L2-8#show monitor-session status 
Fri Feb 20 14:56:04.233 UTC 
Monitor-session cisco-rtp1
Destination interface GigabitEthernet0/5/0/38
================================================================================
Source Interface      Dir   Status
--------------------- ----  ----------------------------------------------------
Gi0/5/0/4             Both  Operational
Gi0/5/0/17            Both  Operational

show monitor-session [session_name] counters

Shows the statistics/counters (received/transmitted/dropped) of different source ports.

Video Monitoring

Cisco IOS XR Software Release 3.9.0 adds support on the Cisco ASR 9000 Series Router for the Video Monitor application, used to monitor video flows, detect quality degradation, report metrics and raise alarms.

LAG integration with H-QOS

Cisco IOS XR Software Release 3.9.0 adds support on the Cisco ASR 9000 Series Router for extending Hierarchical QoS (H-QoS) support to link aggregation bundles. Shared Policy Instances (SPI) allow for QoS policy shared across multiple sub-interfaces.

EFP Based Load Balancing.

Cisco IOS XR Software Release 3.9.0 adds support on the Cisco ASR 9000 Series Router for EFP based load balancing, which provides a way to carry all the traffic of a specific EFP over a single physical member link.

Ethernet Connectivity Fault Management (E-CFM) with Ethernet Wire Service (EWS)

Cisco IOS XR Software Release 3.9.0 adds support on the Cisco ASR 9000 Series Router for Ethernet Connectivity Fault Management (E-CFM), a subset of EOAM that provides a number of protocols and procedures that allow discovery and verification of the path through 802.1 bridges and LANs. Note that CFM 100ms CCMs and CFM Exploratory Linktrace were introduced on the Cisco ASR 9000 Series Router with Cisco IOS XR Software Release 3.7.2.

BGP PIC Edge for IP/MPLS

Cisco IOS XR Software Release 3.9.0 adds support on the Cisco ASR 9000 Series Router for BGP PIC Edge for IP/MPLS, which provides sub-second convergence for IP and MPLS-VPN.

MPLS TE Path Protection

Cisco IOS XR Software Release 3.9.0 adds support on the Cisco ASR 9000 Series Router for MPLS TE path protection, which provides a backup tunnel between the MPLS/TE head-end and the tail router and adds to Cisco's MPLS/TE suite of bandwidth protection features, which also include node protection and link protection.

Image Refresh using Compact Flash

Cisco IOS XR Software Release 3.9.0 adds support on the Cisco ASR 9000 Series Router for performing an image refresh using compact flash.

Features Introduced in Cisco IOS XR Software Release 3.7.3

The following features introduced in Cisco IOS XR Software Release 3.7.3 are supported on the Cisco ASR 9000 Series Router platform:

MSTAG Enhancements

Cisco IOS XR Software Release 3.7.3 adds support on the Cisco ASR 9000 Series Router for multiple spanning tree access gateway (MSTAG) topology control.

MSTP Enhancements

Cisco IOS XR Software Release 3.7.3 adds support on the Cisco ASR 9000 Series Router for the following features added to MSTP:

PortFast—allows a port to be marked as an edge port that does not participate in the spanning tree.

BPDUGuard—protects PortFast ports from misconfigurations by error-disabling them if they receive a BPDU.

UplinkFast—allows a RootPort to transition straight to forwarding, if there are no other active RootPorts on the box.

BackboneFast—allows for accelerated recovery from indirect link failures.

RootGuard—prevents a port from becoming the RootPort.

MSTAG support on physical and bundle Ethernet interfaces.

EFP Egress Filtering on the Cisco ASR 9000 Series Router

Cisco IOS XR Software Release 3.7.3 introduces EFP Egress Filtering on the Cisco ASR 9000 Series Router.

For more information on configuring the EFP Egress Filtering feature including the associated EFP Egress Filtering commands on the Cisco ASR 9000 Series router, refer to the Egress EFP Filtering on the Cisco ASR 9000 Series Router feature module.

Flood Optimization

In prior releases the Cisco ASR 9000 Series Router acting as a bridge flooded broadcast and unknown unicast traffic to all the forwarding engines on all the line cards.

In Cisco IOS XR Software Release 3.7.2 if a pseudo wire is configured in a bridge domain all broadcast and unknown unicast traffic is flooded to all line cards in the system in order to attain fast convergence. With Cisco IOS XR Software Release 3.7.3 the flood optimization feature changes this default behavior. FGID will get programmed based on the primary paths on which the pseudo wire is going out and traffic will get flooded only to the line cards on which the pseudo wire resides. This mode is called Bandwidth Optimization mode.

But if a Fast ReRoute event occurs when fast convergence is set up it will take a longer time to complete the reroute as more hardware programming such as adding bridge ports etc. needs to be done. So for customers who are sensitive to this increased delay a command called flood mode convergence-optimized is provided in Cisco IOS XR Software Release 3.7.3. Use this flood mode convergence-optimized command to switch back to the convergence optimized mode where traffic gets flooded to all the line cards.

With this flood mode convergence-optimized command users are able to turn on/off the bandwidth optimized mode.

For more information on the flooding disable command and other Layer 2 VPLS commands on the Cisco ASR 9000 Series router, refer to the Multipoint Layer 2 Bridging Services (VPLS) Commands on Cisco ASR 9000 Series Routers section in the Cisco ASR 9000 Series Aggregation Services Router MPLS Command Reference here:

http://www.cisco.com/en/US/docs/routers/asr9000/software/mpls/command/reference/grasr9kvpls.html

ECMP (Equal Cost Multipath Protocol) Link Bundle hashing for PWs (pseudo wires) on Layer 3 NNI (Network to Network Interface) is now based on Virtual Connection labels

In Cisco IOS XR Software Release 3.7.3 as part of pseudo wire flood optimization, the Layer 3 interface list for a pseudo wire is now based on Virtual Connection labels. By using ECMP Link Bundle hashing, the Layer 3 interface list for a pseudo wire can be condensed to a single Layer 3 interface. This Layer 3 interface (slot and network protocol flood mask) is derived from the ordered array of Layer 3 interface list (masks).

Early Fast Discard command

Cisco IOS XR Software Release 3.7.3 adds support for the Early Fast Discard command. This command was added to process all high priority packets

Command syntax:

(config)#hw-module location <loc> early-fast-discard		
	(config-early-fast-discard)# mode [outer-encap-only | include-inner-encap]	
	(config-early-fast-discard)# vlan-cos <0-8> vlan-op [lt | ge]
	The defaults are 6 and ge (greater than or equal to)
	(config-early-fast-discard)# ip-prec <0-8> ip-op [lt | ge]	
	The defaults are 6 and ge (greater than or equal to)
	(config-early-fast-discard)# mpls-exp <0-8> mpls-op [lt | ge]	
	The defaults are 6 and ge (greater than or equal to)
	(config)# no hw-module location <loc> early-fast-discard		
 
   

Power Management multiple override mechanism

Cisco IOS XR Software Release 3.7.3 adds support for the user to override the Power Management feature in order to configure extra line cards without full power supply redundancy.

This feature allows a card to be forced to power up, regardless of an unprogrammed EEPROM power draw value. As with the ROMMON variable, this feature is intended for temporary use. After the cookie value has been programmed, remove this configuration by repeating the CLI command with the ''no'' option.

Command example:

RP/0/RSP0/CPU0:ios(admin-config)#hw-mod power override location <loc>
 
   

The IGMP Snooping feature no longer removes the state after a port goes down

Starting with Cisco IOS XR Software Release 3.7.3, mrouter and membership states on the Cisco ASR 9000 Series Router no longer need to be relearned after a port goes down. Once a port goes down, the IGMP Snooping feature immediately removes all group membership states from that port. Once an mrouter port goes down, the IGMP Snooping feature removes the port from the list of mrouter ports and removes that port from the flood set of all multicast routes.

New CLI:

tcn_relearning [cisco | rfc4541 | none]

For more information on the IGMP Snooping feature on the Cisco ASR 9000 Series router, refer to the Implementing Layer 2 Multicast using IGMP Snooping on Cisco ASR 9000 Series Routers section in the Cisco ASR 9000 Series Aggregation Services Router Multicast Configuration Guide here:

http://www.cisco.com/en/US/docs/routers/asr9000/software/multicast/configuration/guide/mcasr9kigsn.html

The VRRP & FRR failover time is no longer greater than 1 sec after a hardware module reload

Cisco IOS XR Software Release 3.7.3 improves the Cisco ASR 9000 Series Router VRRP & FRR failover time after a hardware module reload to less than or equal to one second.

The VPLS preferred path fallback enable option is now supported on the Cisco ASR 9000 Series Router

Layer 2 VPNs can provide pseudo wire resiliency through their routing protocols. When the connectivity between end-to-end PE routers fails, an alternative path to the directed LDP session and the user data takes over. With Cisco IOS XR Software Release 3.7.3, the user can fall-back to the preferred path once it has been restored.

32k EFPs/HQOS/ANCP/ACL/IGMP EFP up time > 30 minutes. This enhancement provides a five minute improvement over Cisco IOS XR Software Release 3.7.2.

The show environment power-supply command has been updated:

RP/0/RSP0/CPU0:Green_RO(admin)#show environment power-supply 
Thu Jul 23 17:01:08.829 pst
R/S/I   Modules Sensor          Watts           Status
 
   
0/PM0/*
        host    PM              3000            Ok
 
   
0/PM1/*
        host    PM              3000            Ok
 
   
0/PM4/*
        host    PM              3000            Ok
 
   
0/PM5/*
        host    PM              3000            Ok
 
   
 
   
Power Shelves Type: AC
 
   
Total Power Capacity:                           12000W
Usable Power Capacity:                          9000W
Supply Failure Protected Capacity:              9000W
Feed Failure Protected Capacity:                6000W
Worst Case Power Used:                          3010W
 
   
 Slot                                                      Max Watts
 ----                                                      ---------
 0/0/CPU0                                                        375
 0/1/CPU0                                                        395
 0/RSP0/CPU0                                                     250
 0/RSP1/CPU0                                                     250
 0/4/CPU0                                                        375
 0/6/CPU0                                                        375
 0/FT0/SP                                                        495  (default)
 0/FT1/SP                                                        495  (default)
 
   
Worst Case Power Available:             5990W
Supply Protected Capacity Available:    5990W
Feed Protected Capacity Available:      2990W
 
   
 
   

Features Introduced in Cisco IOS XR Software Release 3.7.2

The following features in Cisco IOS XR Software Release 3.7.2 are supported on the Cisco ASR 9000 Series Router platform:

CFM 100ms CCMs

CFM Exploratory Linktrace

IPv6 Filtering

IPv6 Routing

IPv6 Forwarding

IPv6 ACL

ECMP

ICMP

HSRP-VRRP L3VPN support

QoS Shared Policy Instance

ANCP-triggered interface bandwidth modification

Tri-rate SFP copper port bandwidth modification

IPv6 Classification

Tri-rate copper SFP

ANCP Termination

IPv4 VRF on main and sub-interfaces

CSC, Inter-AS L3VPN

CE-PE Link and FRR Protection for VPNv4 traffic on MPLS core

IGMP Snooping v2 and v3

Multicast Redirect UNI

PIM to SSM Mapping

IGMP VRF override

IPv6 OSPF, RIP, BGP

Multi-segment dynamic and static VPWS pseudo wires

Split Horizon Group for ACs

BGP Auto-discovery and signaling for VPLS and VPWS

Broadcast Storm Control

Important Notes

For Cisco IOS XR Software Release ,3.9.2 and above, the Cisco ASR 9000 Series Router does not support the following inventory schemas:

vkg_invmgr_adminoper.xsd

vkg_invmgr_common.xsd

vkg_invmgr_oper.xsd

Only MLPPP encapsulation channels on the OC-12 SONET interface can be protected by IP-FRR in Cisco IOS XR Software Release 3.9.0 and above.

For Cisco IOS XR Software Release 3.9.0 and above the SIP 700 with the 2-Port Channelized OC-12/DS0 SPA does not support SDH (including all the mappings under SDH) or DS0 mappings.

For Cisco IOS XR Software Release 3.9.0 and above the SIP 700 with the 2-Port Channelized OC-12/DS0 SPA does not support ATM or POS.

For Cisco IOS XR Software Release 3.9.0 and above the SIP 700 with the 2-Port Channelized OC-12/DS0 SPA does not support tunnels.

For Cisco IOS XR Software Release 3.9.0 and above the Cisco ASR 9000 Series Router does not support frame relay.

Country-specific laws, regulations, and licenses—In certain countries, use of these products may be prohibited and subject to laws, regulations, or licenses, including requirements applicable to the use of the products under telecommunications and other laws and regulations; customers must comply with all such applicable laws in the countries in which they intend to use the products.

Card, fan controller, and RSP removal—For all card removal and replacement (including fabric cards, line cards, fan controller, and RSP) follow the instructions provided by Cisco to avoid impact to traffic. See the Cisco ASR 9000 Series Router Getting Started Guide for procedures.

Exceeding Cisco testing—If you intend to test beyond the combined maximum configuration tested and published by Cisco, contact your Cisco Technical Support representative to discuss how to engineer a large-scale configuration maximum for your purpose.

Installing a Line Card—For a fully populated 40-port high density Line Card with cable optics, maintenance time required for card replacement is higher. For more information about Line Card installation and removal, refer to the Cisco ASR 9000 Aggregation Services Router Ethernet Line Card Installation Guide.

Serial Interfaces Out of Order in "show ip interface brief" Command —The show ip interface brief command might display interfaces out of order if different types of serialization are used on the SPA cards.

The serial interfaces are displayed in the show ip interface brief command output in the order shown in the example below:

The ordering is based on:

1. Slot

2. SPA

3. Type

a. T3

b. T3/T1

c. vt15-T1

d. multilink

This may be confusing (the interfaces appear out of order) for the user who is accustomed to IOS.

Example output:

With multiple cards:

 
   
Serial0/2/0/1/1/1:0  (t3/t1)
Serial0/2/0/1/2/1:0
Serial0/2/0/1/3/1:0
Serial0/2/0/1/4/1:0
Serial0/2/0/1/5/1:0
Serial0/2/0/1/6/1:0
Serial0/2/0/1/7/1:0
Serial0/2/0/1/8/1:0
Serial0/2/0/1/9/1:0
Serial0/2/0/1/10/1:0
Serial0/2/0/1/11/1:0
Serial0/2/0/1/12/1:0
 
   
Serial0/2/0/0/1/1/1:0  (vt15)
Serial0/2/0/0/2/1/1:0
Serial0/2/0/0/3/1/1:0
Serial0/2/0/0/4/1/1:0
Serial0/2/0/0/5/1/1:0
Serial0/2/0/0/6/1/1:0
Serial0/2/0/0/7/1/1:0
Serial0/2/0/0/8/1/1:0
Serial0/2/0/0/9/1/1:0
Serial0/2/0/0/10/1/1:0
Serial0/2/0/0/11/1/1:0
Serial0/2/0/0/12/1/1:0
 
   
Multilink 0/2/0/0/1
 
   
Serial0/2/1/0/1  (t3)
 
   
Serial0/2/1/1/1/1:0  (t3/t1)
Serial0/2/1/1/2/1:0
Serial0/2/1/1/3/1:0
Serial0/2/1/1/4/1:0
Serial0/2/1/1/5/1:0
Serial0/2/1/1/6/1:0
Serial0/2/1/1/7/1:0
Serial0/2/1/1/8/1:0
Serial0/2/1/1/9/1:0
Serial0/2/1/1/10/1:0
Serial0/2/1/1/11/1:0    
Serial0/2/1/1/12/1:0    
 
   
Serial0/6/0/1/1/1:0    
Serial0/6/0/1/2/1:0    
Serial0/6/0/1/3/1:0    
Serial0/6/0/1/4/1:0    
Serial0/6/0/1/5/1:0
Serial0/6/0/1/6/1:0
Serial0/6/0/1/7/1:0
Serial0/6/0/1/8/1:0
Serial0/6/0/1/9/1:0
Serial0/6/0/1/10/1:0
Serial0/6/0/1/11/1:0
Serial0/6/0/1/12/1:0
 
   
Serial0/6/0/0/1/1/1:0
Serial0/6/0/0/2/1/1:0
Serial0/6/0/0/3/1/1:0
Serial0/6/0/0/4/1/1:0
Serial0/6/0/0/5/1/1:0
Serial0/6/0/0/6/1/1:0
Serial0/6/0/0/7/1/1:0
Serial0/6/0/0/8/1/1:0
Serial0/6/0/0/9/1/1:0
Serial0/6/0/0/10/1/1:0
Serial0/6/0/0/11/1/1:0
Serial0/6/0/0/12/1/1:0
 
   
Multilink 0/6/0/0/1
 
   
Serial0/6/1/0/1
 
   
Serial0/6/1/1/1/1:0
Serial0/6/1/1/2/1:0
Serial0/6/1/1/3/1:0
Serial0/6/1/1/4/1:0
Serial0/6/1/1/5/1:0
Serial0/6/1/1/6/1:0
Serial0/6/1/1/7/1:0
Serial0/6/1/1/8/1:0
Serial0/6/1/1/9/1:0
Serial0/6/1/1/10/1:0
Serial0/6/1/1/11/1:0
Serial0/6/1/1/12/1:0
 
   

In the pw-class class name encapsulation mpls command the control-word option default is now disable -In Cisco IOS XR Software Release 3.9 and above the control word is disabled by default. To configure the control word, enter the control-word keyword shown in the following example:

pw-class class1 encapsulation mpls control-word

Caveats

Caveats describe unexpected behavior in Cisco IOS XR software releases. Severity-1 caveats are the most serious caveats; severity-2 caveats are less serious.

This section lists the Release 3.9.2 and Release 3.9.1 caveats for Cisco ASR 9000 Series Router Software and the Cisco ASR 9000 Series platform.

Resolved Release 3.9.2 Cisco IOS XR Software Caveats

CSCti62211

Basic Description:

BGP flaps due to unknown attribute

Symptom:

Cisco IOS XR Software contains a vulnerability in the Border Gateway Protocol (BGP) feature. The vulnerability manifests itself when a BGP peer announces a prefix with a specific, valid but unrecognized transitive attribute. On receipt of this prefix, the Cisco IOS XR device will corrupt the attribute before sending it to the neighboring devices. Neighboring devices that receive this corrupted update may reset the BGP peering session.

Conditions:

Affected devices running Cisco IOS XR Software corrupt the unrecognized attribute before sending to neighboring devices, but neighboring devices may be running operating systems other than Cisco IOS XR Software and may still reset the BGP peering session after receiving the corrupted update. This is per standards defining the operation of BGP.

Workaround:

No workaround. Cisco developed a fix that addresses this vulnerability and will be releasing free software maintenance upgrades (SMUs) progressively starting 28 August 2010.

A Security Advisory is posted at http://www.cisco.com/warp/public/707/cisco-sa-20100827-bgp.shtml

Open Release 3.9.2 Cisco IOS XR Software Caveats

The following caveats apply to the Cisco ASR 9000 Series Router running Release 3.9.2 of the Cisco IOS XR software:

CSCtf93555

Basic Description:

CLI command not authorized to execute during persist time of EEM policy

Symptom:

After persist time start for EEM policy user, CLI command failed to authorize.

Conditions:

When the TACACS server is down, persist time starts for the user credentials which registered for EEM policy. If the EEM policy gets triggered and opens a vty connection and try to execute any CLI while the TACACS server is down, it failed to authorize that command.

Workaround:

None.

Recovery:

Bring the TACACS server up.

CSCtd17516

Basic Description:

CLI over XML Configuration Fails

Symptom:

CLI over XML configuration request fails.

Conditions:

This happens when

- CLI command lines in XML request exceeds 200 lines or more

AND

- CLI commands are split internally and it happens to be split in middle of sub-mode.

Workaround:

- No need to use CLI over XML for config commands that already support XML natively.

- Split the commands into multiple requests so that command lines of each request are less than 200 lines.

Recovery:

None.

CSCta71930

Basic Description:

lpts_pa tracebacks after clear cef on line card

Symptom:

An error log is printed along with the traceback when a message send to BCDL agent fails.

Conditions:

The BCDL agent has gone down thus the message send is failing. This is a very rare scenario and would not happen under normal circumstances.

Workaround:

Not required, as BCDL will come up eventually.

Further Problem Description:

The error message is just to say that BCDL agent might have gone down. This would not cause an error in lpts as BDCL will eventually come up and the messages are sent again. The only caveat is that it might be some time before the messages are sent again. The solution would aim to put an upper bound on the resend time by having a retrying mechanism for the same.

CSCtg48346

Standby RP not ready - ospf Waiting for primary node

Basic Description:

Symptom:

The trigger for this issue is standby node is coming up and somebody trying to do some configuration from the active.

Conditions:

The consequence is that the new configuration might be lost and the impact would be depending on the new configuration. e.g., if the new configuration is to spawn new osfp, then those new ospf will not be spawned.

Workaround:

The workaround is to re-apply the new configuration once the standby is up completely.

Recovery:

None.

CSCti01478

Basic Description:

sysdb busy, timeouts after rack OIR of rack with DRP pair

Symptom:

Lots of processes (admin plane) complain that the registrations/get/bind operations are timing out. The next thing to notice is the Pending MsgCount which indicates the servers inability to process incoming messages. This triggers a snmp issue as snmp doesn't handles the error core related to sysdb registration properly.

# gsp_show -c 395 (jid of sysdb_svr_admin)
 Group messages received by client id 8, process pid:127038
(pkg/bin/sysdb_svr_admin) 
 28               Max Thresh    10000         Red High     9500
                   Flow Zone        0 Pending MsgCount        0
               Pending Bytes        0    High MsgCount        0
                  High Bytes        0      Total Bytes        0
                 Max MsgSize        0   Msgs Delivered        0
                Msgs Dropped        0
                      Lwg(s)

Conditions:

This issue occurs on a multi chassis system upon an OIR.

Workaround:

None.

Recovery:

Restarting sysdb_svr_admin on the active+standby DSC nodes (not simultaneously though) will help recover the issue.

CSCti74249

Basic Description:

Admin Plane config loss upon Turboboot

Symptom:

Admin config loss upon Turboboot, user have to create new root user name and password in order to log into the router.

Conditions:

Impact might be that for MC, all other racks may not be able to boot until new admin config re-applied.

Workaround:

Just re-apply the admin configuration saved before the turbo boot.

Recovery:

None.

CSCtj19602

Basic Description:

Install operation failed due to insufficient disk space on SP cards

Symptom:

Upgrade or install rollback may fail accompanied with "insufficient disk space on SPs" error messages like the following example.

Example:
 Error:    Cannot proceed with the rollback operation because there is
 Error:    insufficient disk space on the following devices:
 Error:     - 0/0/SP: bootflash: (5932652 bytes required, 3522772 bytes
 Error:       available)
 Error:     - 0/1/SP: bootflash: (5932652 bytes required, 3512316 bytes
 Error:       available)
 Error:     - 0/2/SP: bootflash: (5932652 bytes required, 3506976 bytes
 Error:       available)
 Error:     - 0/3/SP: bootflash: (5932652 bytes required, 3519248 bytes
 Error:       available)
 Error:     - 0/4/SP: bootflash: (5932652 bytes required, 3502804 bytes
 Error:       available)
 Error:     - 0/5/SP: bootflash: (5932652 bytes required, 3529776 bytes
 Error:       available)
 
   

Conditions:

This problem is triggered by switching to a release where the new version id is a substring of the old version id. This will only occur when upgrading from a test version with a test version suffix (ex: 3.9.2.22i) to a release version with no suffix (3.9.2).

1. Upgrading to a release where the new release id is a substring of the old release.

Example: Upgrading from 3.9.2.22i to 3.9.2.
 
   

2. Rolling back to a release where the release being rolled back to is a substring of the currently running release. Example: Rolling back from 3.9.2.22i to 3.9.2.

Workaround: Use turboboot instead of a PIE upgrade if the above conditions apply.

Recovery:

Use turboboot to run the new image

CSCti19533

Basic Description:

Wildcard does not work on activating inactive pies

Symptom:

When attempting to activate packages using wild cards, certain packages are not being found which prevents the activation from taking place.

Conditions:

When a activation to a new release (3.9.2) is attempted from 3.7.3 while using wild cards to specify the packages instead of specifying them explicitly by name.

Workaround:

Instead of using wild cards, explicitly name each package to be activated.

Recovery:

None

CSCti67148

Basic Description:

Optional task-maps not downloaded as part of exec authorization & Service exec tasks received from the TACACS server are not processed during AAA authorization

Symptom:

Command authorization fails:

RP/0/RP0/CPU0:router#show int desc
% This command is not authorized
RP/0/RP0/CPU0:router#

Conditions:

This happens:

On a router running IOS XR 3.9.2 or 4.0.0. These are the only 2 versions affected. It did not happen before and it's fixed afterwards.

Tacacs authorization is enabled.

Router is supposed to retrieve its list of usergroup/taskgroup/task from the tacacs server through a service exec (optional) task configured on the tacacs server.

The problem with this bug is that the service exec tasks received from the tacacs server are not processed during aaa authorization with tacacs. So the user ends up with no task on the router and no command is authorized. Even though the command is permitted on the tacacs server.

Workaround:

Instead of using wild cards, explicitly name each package to be activated.

Recovery:

The way to make tacacs authorization work in 3.9.2 or 4.0.0 is through a privilege level:

If privilege level 15 is assigned on the tacacs server, then user will end up with the tasks/commands of the group root-system.

If privilege level 14 is assigned on the tacacs server, then user will end up with the tasks/commands of the group owner-sdr.

If a privilege level between 1 and 13 (let's call it X), then we can configure a usergroup 'privX' on the router and the user will inherit the list of tasks of that group. For instance, if we want to have a user with all commands available, we can assign privilege level 13 on the router and configure this usergroup on the router:

usergroup priv13
  taskgroup root-system
  taskgroup cisco-support
 
   

CSCti50227

Basic Description:

Not able to modify RPL and delete prefix-set in a single commit.

Symptom:

When a policy that is attached directly or indirectly to an attach point needs to be modified, a single commit operation cannot be performed when:

Removing a set or policy referred by another policy that is attached to any attach point directly or indirectly.

Modifying the policy to remove the reference to the same set or policy that is getting removed.

Workaround:

The commit must be performed in two steps:

1. Modify the policy to remove the reference to the policy or set and then commit.

2. Remove the policy or set and commit.

Open Release 3.9.2 Caveats Specific to the Cisco ASR 9000 Series Router

The following caveats are specific to the Cisco ASR 9000 Series platform:

CSCti45664

Basic Description:

Removing storm control does not release qos resource

Symptom:

Issue #1:

Qos policers are not released when a bport is deleted directly if this bport is configured with storm control. In a scaled storm control configuration, this eventually leads to qos OOR condition, which triggers l2fib programming failures.

From the code path, mac limit long counter resource should suffer from the same error. However, since there are 16k long counters per available, this problem has not been exposed yet.

Issue #2:

PW configured with storm control may getting programmed with no qos policer applied, therefore, storm control is not working. This is not always reproducible, a special timing sequence is needed to get into this situation. However, even if the policer is programmed, it is only programmed on the MPLS LC, that is not by design. All NP in box should have one programmed. Therefore, even if the policer is programmed, if packet is coming from a backup path on a different LC, the storm control policer will not be applied.

Issue #3:

When all ECMP paths on a particular LC are removed, conceptually, the PW does not exist on that LC anymore. However, the policers will not be released even if the PW is deleted later even with the fix to the first issue. This is a side effect of #2.

The correct behavior for PWs is all NPs are allocated with storm control policers.

Issue #4:

For bundle ACs configured with storm control, shut the bundle main-interface will remove the policers. However, when the main-if is unshutted, these policers are not reallocated.

Conditions:

Issue #1:

Directly delete bports configured with storm control

Issue #2:

Shut down the MPLS port, remove the PW, add it back, and then unshut the MPLS port

Issue #3:

Removing all ECMP path on one particular LC while PWs are still configured with storm control

Issue #4:

Shut and then unshut the bundle main interface while some sub-ifs configured with storm control

Workaround:

Issue #1:

Remove storm control configuration before unbind the bport. This will ensure resources get properly released.

Issue #2:

One partial workaround is to remove the storm control config and re-apply it. There is no workaround to achieve the correct behavior mentioned above.

Issue #3:

None

Issue #4:

Remove the config and apply it back.

Recovery:

None

CSCti43247

Basic Description:

Multicast duplicate packet upon RPF IGP metric change.

When an RPF path is changed from one interface to other interface, there is a window of time wherein the local router draws multicast traffic from both RPF paths, as PIM does a delayed pruning of old RPF path. Because of this, the local router gets traffic on both RPF paths during this window. When the RPF interface change is getting updated asynchronously across all LCs on the local router, there is a possibility that one LC might get updated quicker than the other depending on the LC's CPU processing and what other events are happening on each LC. The root cause of this issue is the difference in update time on one ingress LC versus other ingress LC where the RPF interfaces are present.

Symptom:

A layer3 multicast host interface receives small amount of duplicate packets when switching over from one RPF path to another RPF path.

Conditions:

Layer3 multicast route, with RPF interfaces on different ingress linecards.

Workaround:

If both old and new RPF interfaces are on the same ingress linecard, duplicate packets will not be seen.

Recovery:

None

CSCtj02058

Basic Description:

ABF does not support MPLS nexthops

Symptom:

Whenever forwarding a packet using ABF and the next hop is MPLS

Conditions:

This traffic is dropped.

Workaround:

Change topology to not use ABF and MPLS together.

Recovery:

None

CSCtg18624

Basic Description:

ASR9K GRE: KA mgs are not accounted in tunnel egress counters

Symptom:

GRE: tunnel interface stats - keepalives not counted on egress

Conditions:

GRE: tunnel interface stats - keepalives not counted on egress on IOS-XR which is a different

behavior than IOS.

Workaround:

None

Recovery:

None

CSCti98759

Basic Description:

UI: Modifying GRE tunnel TTL causing traffic drop

Symptom:

The tunnel is removed and re-created in the fast-path. There is traffic drop at the decap router for that much time.

Conditions:

This is seen when TTL value for tunnel is changed.

Workaround:

None.

Recovery:

Not required. Once the tunnel is re-created, the traffic is forwarded as usual.

Upgrading Cisco IOS XR Software

Cisco IOS XR software is installed and activated from modular packages, allowing specific features or software patches to be installed, upgraded, or downgraded without affecting unrelated processes. Software packages can be upgraded or downgraded on all supported card types, or on a single card (node).

Software packages are installed from package installation envelope (PIE) files that contain one or more software components. Refer to Table 1 for a list of the Cisco ASR 9000 Series Router software feature set matrix (PIE files) and associated filenames available for the Cisco IOS XR Software Release 3.9.2 supported on the Cisco ASR 9000 Series Router.

The following URL contains links to information about how to upgrade Cisco IOS XR software:

http://www.cisco.com/web/Cisco_IOS_XR_Software/index.html

Troubleshooting

For information on troubleshooting Cisco IOS XR software, see the Cisco ASR 9000 Series Aggregation Services Routers Getting Started Guide and the Cisco ASR 9000 Series Router Troubleshooting Feature Module.

Resolving Upgrade File Issues


Note In some very rare cases inconsistencies in the content of the internal configuration files can appear. In such situations, to avoid configuration loss during upgrade, the following steps can be optionally done before activating packages:


a. Clear the NVGEN cache:

RP/0/RSP0/CPU0:PE44_ASR-9010#run nvgen -F 1
 
   

b. Create a dummy config commit:

RP/0/RSP0/CPU0:PE44_ASR-9010#config
RP/0/RSP0/CPU0:PE44_ASR-9010(config)#hostname <hostname>
RP/0/RSP0/CPU0:PE44_ASR-9010(config)#commit
RP/0/RSP0/CPU0:PE44_ASR-9010(config)#end
 
   

c. Force a commit update by using the reload command. Press "n" when the confirmation prompt appears:

RP/0/RSP0/CPU0:PE44_ASR-9010#reload
Updating Commit Database. Please wait...[OK]
Proceed with reload? [confirm] 
 
   

d. Press "n".

In some cases other activity may preclude a reload. The following message may display:

RP/0/RSP0/CPU0:PE44_ASR-9010#reload
Preparing system for backup. This may take a few minutes ............System 
configuration backup in progress [Retry later]
 
   

If you receive this message wait and then retry the command after some time.

Obtaining Documentation and Submitting a Service Request

For information on obtaining documentation, submitting a service request, and gathering additional information, see What's New in Cisco Product Documentation at: http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html.

Subscribe to What's New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.