Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide, Release 5.1.x
Implementing LPTS
Downloads: This chapterpdf (PDF - 1.28MB) The complete bookPDF (PDF - 5.06MB) | Feedback

Implementing LPTS

Implementing LPTS

Local Packet Transport Services (LPTS) maintains tables describing all packet flows destined for the secure domain router (SDR), making sure that packets are delivered to their intended destinations.

For a complete description of the LPTS commands listed in this module, refer to the LPTS Commands module of Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference.

Feature History for Implementing LPTS

Release

Modification

Release 3.9.0

LPTS was introduced.

Prerequisites for Implementing LPTS

The following prerequisites are required to implement LPTS:

You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Information About Implementing LPTS

To implement LPTS features mentioned in this document you must understand the following concepts:

LPTS Overview

LPTS uses two components to accomplish this task: the port arbitrator and flow managers. The port arbitrator and flow managers are processes that maintain the tables that describe packet flows for a logical router, known as the Internal Forwarding Information Base (IFIB). The IFIB is used to route received packets to the correct Route Processor or line card for processing.

LPTS interfaces internally with all applications that receive packets from outside the router. LPTS functions without any need for customer configuration. However, LPTS show commands are provided that allow customers to monitor the activity and performance of LPTS flow managers and the port arbitrator.

LPTS Policers

In Cisco IOS XR, the control packets, which are destined to the Route Processor (RP), are policed using a set of ingress policers in the incoming line cards. These policers are programmed statically during bootup by LPTS components. The policers are applied based on the flow type of the incoming control traffic. The flow type is determined by looking at the packet headers. The policer rates for these static ingress policers are defined in a configuration file, which are programmed on the line card during bootup.

You can change the policer values based on the flow types of these set of ingress policers. You are able to configure the rate per policer per node (locally) and globally using the command-line interface (CLI); therefore, overwriting the static policer values.

IP TOS Precedence

By default, router allows all packets into the network. The IP table of service (TOS) precedence feature allows you to classify packets by IP precedence value. The IP precedence value can be configured for every flow. Once configured for a flow type, only packets that match the defined IP precedence value are allowed, and others are rejected.

The precedence value can either be a number or name. This table lists configurable precedence values:
Table 1 Precedence Values
Precedence Number Precedence Name Description

0

routine

Matches packets with routine precedence.

1

priority

Matches packets with priority precedence.

2

immediate

Matches packets with immediate precedence.

3

flash

Matches packets with flash precedence.

4

flash-override

Matches packets with flash override precedence.

5

critical

Matches packets with critical precedence.

6

internet

Matches packets with internetwork control precedence.

7

network

Matches packets with network control precedence.

Configuring LPTS Policer with IP TOS Precedence

This task allows you to configure the LPTS policers with IP table of service (TOS) precedence:

SUMMARY STEPS

    1.    configure

    2.    lpts pifib hardware police [location node-id]

    3.    flow flow_type

    4.    precedence {number | name}

    5.    Use the commit or end command.

    6.    show lpts pifib hardware police [location {all | node_id}]


DETAILED STEPS
     Command or ActionPurpose
    Step 1 configure


    Example:
    RP/0/RSP0/CPU0:router# configure
     

    Enters global configuration mode.

     
    Step 2 lpts pifib hardware police [location node-id]


    Example:
    RP/0/RSP0/CPU0:router(config)# lpts pifib hardware police location 0/2/CPU0
    
    or
    RP/0/RSP0/CPU0:router(config)# lpts pifib hardware police
    
    
     

    Configures the ingress policers. You can configure per node or all locations.

    The example shows configuration of pifib policer on an individual node and globally for all nodes respectively.

     
    Step 3 flow flow_type


    Example:
    RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)# flow telnet default
    or
    RP/0/RSP0/CPU0:router(config-pifib-policer-global)# flow telnet default
     

    Configures the policer for the LPTS flow type. The example shows how to configure the policer for the telnet flow type per node or global mode (all locations).

    • Use the flow_type argument to select the applicable flow type. For information about the flow types, see Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference.
     
    Step 4 precedence {number | name}


    Example:
    RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)# precedence 5 6 7
    or
    RP/0/RSP0/CPU0:router(config-pifib-policer-global)# precedence 5 6 7
     

    Configures IP TOS precedence against a flow type. You can specify either a precedence number or name. For more information about precedence, use the question mark (?) online help function.

    The example shows how to configure IP TOS precedence 5, 6, and 7 per node or global mode.

     
    Step 5 Use the commit or end command.  

    commit—Saves the configuration changes and remains within the configuration session.

    end—Prompts user to take one of these actions:
    • Yes— Saves configuration changes and exits the configuration session.
    • No—Exits the configuration session without committing the configuration changes.
    • Cancel—Remains in the configuration mode, without committing the configuration changes.
     
    Step 6 show lpts pifib hardware police [location {all | node_id}]


    Example:
    RP/0/RSP0/CPU0:router# show lpts pifib hardware police location 0/2/cpu0
    
     

    Displays the policer configuration value set.

    • (Optional) Use the location keyword to display policer value for the designated node. The node-id argument is entered in the rack/slot/module notation.
    • Use the all keyword to specify all locations.
     

    Configuring LPTS Policers

    This task allows you to configure the LPTS policers.

    SUMMARY STEPS

      1.    configure

      2.    lpts pifib hardware police [location node-id]

      3.    flow flow_type {rate rate}

      4.    Use the commit or end command.

      5.    show lpts pifib hardware police [location {all | node_id}]


    DETAILED STEPS
       Command or ActionPurpose
      Step 1 configure


      Example:
      RP/0/RSP0/CPU0:router# configure
       

      Enters global configuration mode.

       
      Step 2 lpts pifib hardware police [location node-id]


      Example:
      RP/0/RSP0/CPU0:router(config)# lpts pifib hardware police location 0/2/CPU0
      RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)#
      
      RP/0/RSP0/CPU0:router(config)# lpts pifib hardware police
      RP/0/RSP0/CPU0:router(config-pifib-policer-global)#
      
       

      Configures the ingress policers and enters pifib policer global configuration mode or pifib policer per node configuration mode.

      The example shows pifib policer per node configuration mode and global.

       
      Step 3 flow flow_type {rate rate}


      Example:
      RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)# flow ospf unicast default rate 20000
      
       

      Configures the policer for the LPTS flow type. The example shows how to configure the policer for the ospf flow type.

      • Use the flow_type argument to select the applicable flow type. For information about the flow types, see Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference.
      • Use the rate keyword to specify the rate in packets per seconds (PPS). The range is from 0 to 4294967295.
       
      Step 4 Use the commit or end command.  

      commit—Saves the configuration changes and remains within the configuration session.

      end—Prompts user to take one of these actions:
      • Yes— Saves configuration changes and exits the configuration session.
      • No—Exits the configuration session without committing the configuration changes.
      • Cancel—Remains in the configuration mode, without committing the configuration changes.
       
      Step 5 show lpts pifib hardware police [location {all | node_id}]


      Example:
      RP/0/RSP0/CPU0:router# show lpts pifib hardware police location 0/2/cpu0
      
       

      Displays the policer configuration value set.

      • (Optional) Use the location keyword to display pre-Internal Forwarding Information Base (IFIB) information for the designated node. The node-id argument is entered in the rack/slot/module notation.
      • Use the all keyword to specify all locations.
       

      Configuring LPTS Policer with IP TOS Precedence

      This task allows you to configure the LPTS policers with IP table of service (TOS) precedence:

      SUMMARY STEPS

        1.    configure

        2.    lpts pifib hardware police [location node-id]

        3.    flow flow_type

        4.    precedence {number | name}

        5.    Use the commit or end command.

        6.    show lpts pifib hardware police [location {all | node_id}]


      DETAILED STEPS
         Command or ActionPurpose
        Step 1 configure


        Example:
        RP/0/RSP0/CPU0:router# configure
         

        Enters global configuration mode.

         
        Step 2 lpts pifib hardware police [location node-id]


        Example:
        RP/0/RSP0/CPU0:router(config)# lpts pifib hardware police location 0/2/CPU0
        
        or
        RP/0/RSP0/CPU0:router(config)# lpts pifib hardware police
        
        
         

        Configures the ingress policers. You can configure per node or all locations.

        The example shows configuration of pifib policer on an individual node and globally for all nodes respectively.

         
        Step 3 flow flow_type


        Example:
        RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)# flow telnet default
        or
        RP/0/RSP0/CPU0:router(config-pifib-policer-global)# flow telnet default
         

        Configures the policer for the LPTS flow type. The example shows how to configure the policer for the telnet flow type per node or global mode (all locations).

        • Use the flow_type argument to select the applicable flow type. For information about the flow types, see Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference.
         
        Step 4 precedence {number | name}


        Example:
        RP/0/RSP0/CPU0:router(config-pifib-policer-per-node)# precedence 5 6 7
        or
        RP/0/RSP0/CPU0:router(config-pifib-policer-global)# precedence 5 6 7
         

        Configures IP TOS precedence against a flow type. You can specify either a precedence number or name. For more information about precedence, use the question mark (?) online help function.

        The example shows how to configure IP TOS precedence 5, 6, and 7 per node or global mode.

         
        Step 5 Use the commit or end command.  

        commit—Saves the configuration changes and remains within the configuration session.

        end—Prompts user to take one of these actions:
        • Yes— Saves configuration changes and exits the configuration session.
        • No—Exits the configuration session without committing the configuration changes.
        • Cancel—Remains in the configuration mode, without committing the configuration changes.
         
        Step 6 show lpts pifib hardware police [location {all | node_id}]


        Example:
        RP/0/RSP0/CPU0:router# show lpts pifib hardware police location 0/2/cpu0
        
         

        Displays the policer configuration value set.

        • (Optional) Use the location keyword to display policer value for the designated node. The node-id argument is entered in the rack/slot/module notation.
        • Use the all keyword to specify all locations.
         

        Configuration Examples for Implementing LPTS Policers

        This section provides the following configuration example:

        Configuring LPTS Policers: Example

        The following example shows how to configure LPTS policers:

        configure
         lpts pifib hardware police
          flow ospf unicast default rate 200
          flow bgp configured rate 200
          flow bgp default rate 100
         !
         lpts pifib hardware police location 0/2/CPU0
          flow ospf unicast default rate 100
          flow bgp configured rate 300
         !
        show lpts pifib hardware police location 0/2/CPU0
        
        FT - Flow type ID; PPS - Packets per second configured rate
        
        FT Flow type                  Rate (PPS) Accept/Drop
        -- -------------------------- ---------- ----------------
        0  unconfigured-default       101        0/0
        0 
        
        unconfigured-default 
        
        101 
               0/0
        1 
        
        Fragment 
        
        1000       0
        /0
        2 
         OSPF-mc-known   
        
        1500 
        
        32550
        /0
        3 
         OSPF-mc
        -default 
        
        250 
               0/0
        4 
         OSPF-uc-known   
        
        2000 
        
        0
        /0
        5 
        
        OSPF
        -uc-default 
        
         101 
        
         1
        /0
        6 
         ISIS-known 
                      250   1500        0/0
        7 
        
        ISIS
        -default 
        
        250 
        
         0
        /0
        8 
         BGP-known 
        
         2000       17612
        /0
        9  
        BGP-default cfg-peer               203 
        
        5
        /0
        10 BGP
        -default 
        
        500 
        
         4
        /0
        11 
        PIM-mcast 
                         1500       0/0
        12 PIM-ucast 
                         1500       0/0
        13 IGMP 
        
              1500 
              0/0
        14 
        ICMP-local 
                        1046       0/0
        15 
        ICMP-app 
                      1000     1046       0/0
        16 
        ICMP-control 
        
        1000 
              0/0
        17 ICMP
        -default 
        
        1046       0
        /0
        18 
        LDP-TCP-known 
                   1500       9965
        /0
        19 
        LDP-TCP-cfg-peer 
        
        1500 
        0/0
        20 
        LDP-TCP-default 
        
        250 
        
         0
        /0
        21 LDP
        -UDP   
        
        1000 
        
        59759
        /0
        22 All
        -routers   
                     1500       0/0
        23 
        LMP-TCP-known   
                   1500       0/0
        24 
        LMP-TCP-cfg-peer 
        
        1500 
        0/0
        25 
        LMP-TCP-default 
        
        250 
               0/0
        26 LMP
        -UDP                    1000       0/0
        27 RSVP-UDP 
                          1000       0/0
        28 RSVP 
        1000       0/0
        29 IKE         
                       1000       0/0
        30 
        IPSEC-known   
        
        1000 
        0/0
        31 IPSEC
        -default 
        
         250 
               0/0
        32 
        MSDP-known 
                         1000       0/0
        33 
        MSDP-cfg-peer 
        
         1000 
        0/0
        34 MSDP-default 
        
        250 
               0/0
        35 SNMP 
        
        1000 
        0/0
        36 NTP       
        
        500 
               0/0
        37 
        SSH-known   
                       1000       0/0
        38 SSH
        -default 
                       1000       0/0
        39 
        HTTP-known   
                      1000       0/0
        40 HTTP
        -default 
        1000       0/0
        41 
        SHTTP-known   
                     1000       0/0
        42 SHTTP
        -default 
                     1000       0/0
        43 
        TELNET-known 
                    500   1000        0/0
        44 TELNET
        -default 
        
        500 
               0/0
        45 
        CSS-known   
        
        1000 
        0/0
        46 CSS
        -default 
        
        500 
               0/0
        47 
        RSH-known   
        
        1000 
        0/0
        48 RSH
        -default 
        
        500 
               0/0
        49 
        UDP-known 
        
         2000 
              0/0
        50 
        UDP-listen   
                      1500       0/0
        51 
        UDP-cfg-peer 
        
        1500 
        
        0
        /0
        52 UDP
        -default 
        
        101 
        
         653
        /0
        53 
        TCP-known 
                         2000       0/0
        54 
        TCP-listen   
                      2000       0/0
        55 
        TCP-cfg-peer 
        
        2000 
        
        0
        /0
        56 TCP
        -default 
        
        101 
        
         6
        /0
        57 
        Mcast-known   
        
        2000 
        0/0
        58 Mcast
        -default 
        
         101 
               0/0
        59 
        Raw-listen 
                         250        0/0
        60 Raw
        -default 
        
         250 
               0/0
        61 ip-sla 
        
        1000 
              0/0
        62 EIGRP 
                             1500       0/0
        63 RIP 
                            2398    1500       0/0
        64 
        PCEP                       101        0/0
        

        Configuring LPTS policers with IP TOS Precedence: Example

        • The following example shows how to configure IP TOS to telnet default flow and allow packets with precedence 3 or 4 at node 0/0/CPU0:
          configure
          lpts pifib hardware police location 0/0/CPU0 
          flow telnet default 
          precedence 3 4 
        • The following example shows how to configure IP TOS to telnet known flow to only allow packets with precedence 5 or 6 or 7 at all nodes
          configure
          lpts pifib hardware police 
          flow telnet known 
          precedence 5 6 7
        • The following example shows how to configure IP TOS to telnet known flow to only allow packets with routine and network precedence at all nodes
          configure
          lpts pifib hardware police 
          flow telnet known 
          precedence routine network

        Additional References

        The following sections provide references related to implementing LPTS.

        Related Documents

        Related Topic

        Document Title

        Cisco IOS XR LPTS commands: complete command syntax, command modes, command history, defaults, usage guidelines, and examples

        Cisco LPTS Commands module in the Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference

        Standards

        Standards

        Title

        No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.

        MIBs

        MIBs

        MIBs Link

        To locate and download MIBs, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http:/​/​cisco.com/​public/​sw-center/​netmgmt/​cmtk/​mibs.shtml

        RFCs

        RFCs

        Title

        No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.

        Technical Assistance

        Description

        Link

        The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

        http:/​/​www.cisco.com/​techsupport