description (interface ServiceApp)

To create a description for Service Application Interface, use the description command in Interface ServiceApp configuration mode. To delete Service Application Interface description, use the no form of this command.

description string

no description

Syntax Description

Cisco IOS XR System Security Command Reference for the Cisco CRS Router, Release 4.2.x
DDoS Mitigation Support on CGSE Commands
Downloads: This chapterpdf (PDF - 1.48MB) The complete bookPDF (PDF - 3.88MB) | Feedback

DDoS Mitigation Support on CGSE Commands

DDoS Mitigation Support on CGSE Commands

This module describes the commands used to configure and implement DDoS mitigation support on CGSE.

For detailed information about DDoS mitigation support concepts, configuration tasks, and examples, see the Implementing DDoS Mitigation Support on CGSE on Cisco IOS XR Software configuration module in the Cisco IOS XR System Security Configuration Guide for the Cisco CRS Router.

application tms-mgmt

To specify and map the DDoS TMS management application with the management serviceApp interface, use the application tms-mgmt command in ddos-tms configuration mode. To remove the DDoS TMS management application, use the no form of this command.

application tms-mgmt [ interface ServiceApp <ID> ]

no application tms-mgmt [ interface ServiceApp <ID> ]

Syntax Description

interface ServiceApp ID

(Optional) Configures ServiceApp interface.

Command Default

None

Command Modes

ddos-tms configuration mode

Command History

Release Modification
Release 4.2.3

This command was introduced.

Usage Guidelines

Task ID

Task ID Operation

basic-services

read, write

Examples

The following example shows how to specify the DDoS TMS management application:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service sesh sesh1
RP/0/RP0/CPU0:router(config-sesh)# service-location preferred-active 0/1/CPU0
RP/0/RP0/CPU0:router(config-sesh)# service-type ddos-tms tms1 
RP/0/RP0/CPU0:router(config-ddos-tms)# application tms-mgmt
RP/0/RP0/CPU0:router(config-tms-mgmt)#

Related Commands

Command

Description

service-type ddos-tms

Sets the service type as DDoS TMS.  

application tms-scrb

To specify and map the DDoS TMS Scrubber application with the ingress and the egress serviceApp interfaces, use the application tms-scrb command in ddos-tms configuration mode. To remove the DDoS TMS Scrubber application, use the no form of this command.

application tms-scrb [ map ingress-interface ServiceApp <ID> egress-interface ServiceApp <ID> ]

no application tms-scrb [ map ingress-interface ServiceApp <ID> egress-interface ServiceApp <ID> ]

Syntax Description

map ingress-interface ServiceApp <ID> egress-interface ServiceApp <ID> ID

(Optional) Maps the incoming interface and outgoing interface with the DDoS TMS Scrubber application.

Command Default

None

Command Modes

ddos-tms configuration mode

Command History

Release Modification
Release 4.2.3

This command was introduced.

Usage Guidelines

Task ID

Task ID Operation

basic-services

read, write

Examples

The following example shows how to specify the DDoS TMS scrubber application:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service sesh sesh1
RP/0/RP0/CPU0:router(config-sesh)# service-location preferred-active 0/1/CPU0
RP/0/RP0/CPU0:router(config-sesh)# service-type ddos-tms tms1 
RP/0/RP0/CPU0:router(config-ddos-tms)# application tms-scrb
RP/0/RP0/CPU0:router(config-tms-scrb)#

Related Commands

Command

Description

service-type ddos-tms

Sets the service type as DDoS TMS.  

copy

To copy a file from a source (such as a network server) to a destination (such as a flash disk), use the copy command in EXEC or administration EXEC mode.

copy source { location node-id destination location { node-id | all } | running-config [atomic] }

Syntax Description

source

Filename including the directory path or network location of the file. The possible sources are:

directory-path —Directory path of the file from which the file is copied.

access-list { ipv4 | ipv6 }—Copies an access list (EXEC mode only).

bootflash: —Copies from the bootflash: file system.

compactflash: —Copies from the compactflash: file system.

compactflasha: —Copies from the compactflasha: file system partition.

disk0: —Copies from disk0: file system.

disk0a: —Copies from disk0a: file system partition.

disk1: —Copies from disk1: file system.

disk1a: —Copies from disk1a: file system partition.

flash: —Copies from the flash: file system. The flash: keyword is an alias for bootflash:.

ftp: —Copies from an FTP network server. The syntax is ftp:[[[//username [:password]@] location]/directory]/filename.

harddisk: —Copies from the hard disk drive file system (if present).

harddiska: —Copies from the hard disk partition a.

harddiskb: —Copies from the hard disk partition b.

nvram: —Copies from the NVRAM file system.

prefix-list {ipv4 | ipv6}—Copies from a prefix list (EXEC mode only).

rcp: —Copies from a remote copy protocol (rcp) network server. The syntax is rcp:[[[//username@]location]/directory]/filename.

running-config —Copies from the current system configuration.

tftp: —Copies from a TFTP network server. The syntax is tftp:[[//location]/directory]/filename

xml-schema —Copies the XML schema files as a tar ball file (.tar.gz) [EXEC mode only].

destination

Filename including the directory path or network location of the file.

location node-id

Specifies a node. The node-id argument is expressed in the rack/slot/module notation.

location all

Copies to all nodes.

running-config

Applies the source configuration file to the running configuration of the system.

atomic

(Optional) Applies the changes to the running configuration only if there are no errors

Command Default

No default behavior or values

Command Modes

EXEC

Administration EXEC

Command History

Releases

Modifications

Release 2.0

This command was introduced.

Release 3.2

The command was made available in administration EXEC mode.

Support was added to copy to a designated node or to all nodes. Hardware partition support was added.

Release 3.5.0

Support was added to copy XML schema files.

Release 3.6.0

The following file systems were added: disk0a: and disk1a: .

Usage Guidelines

Source and destination can each be a configuration file, a text file, or a file system. Enter source and destination URL information, usernames, and passwords and issue the copy command. The networking device prompts for any missing information.

The exact format of the source and destination arguments vary according to the file or directory location. Enter the device or network location for the file system type.

Filenames can include the following characters:

! # $ % & ' + 0 1 2 3 4 5 6 7 8 9 ; @ A B C D E F G H I J K L M N O P Q R S T U V W X Y Z [ ] ^ _ a b c d e f g h i j k l m n o p q r s t u v w x y z { } ~

The following characters can be used with the stated limitations:

  • ` needs backslash before this character
  • – cannot be the first character
  • . cannot be the last character
  • = cannot be the filename without other characters

The following characters cannot be used in filenames:

" ( ) * , / : < > ? \ |

The maximum length allowed for a filename is 254 characters including the path. If a filename longer than 254 characters is specified, the filename is truncated to 254 characters.

To copy a file from a source on the router to a destination on the router, specify a source location node-id and a destination location node-id . To copy the file to all nodes, use the location all keywords.

In the alias syntax for the ftp: , rcp: , and tftp: keywords, the location is either an IP address or a hostname. The filename is specified relative to the directory used for file transfers.

When no alias is specified, the networking device looks for a file in the current directory. To view the current directory, enter the pwd command.


Note


During processing of the copy command, you might see the “C” character. For all files being copied, “C” indicates that the copy process is taking place. The entire copying process might take several minutes and differs from protocol to protocol and from network to network.


Table 1 describes the network protocols supported by Cisco IOS XR software.

Table 1  Network Protocols Supported by Cisco IOS XR Software

Prefix

Name

Description

tftp:

Trivial File Transfer Protocol

TFTP is a simplified version of FTP that allows files to be transferred from one computer to another over a network, usually without the use of client authentication (for example, username and password).

ftp:

File Transfer Protocol

FTP is an application protocol, part of the TCP/IP protocol stack, and is used for transferring files between network nodes. FTP requires a username and password.

rcp:

Remote Copy Protocol

The rcp protocol allows users to copy files to and from a file system residing on a remote host or server on the network. The rcp protocol uses TCP to ensure the reliable delivery of data. The rcp protocol downloads require a username.

Additional usage guidelines are in the following sections.

Invalid Combinations of Source and Destination

Some combinations of source and destination are invalid. Specifically, you cannot copy the following:

  • From a running configuration to a running configuration
  • From a network device to a network device (for example, copy ftp: rcp: )

Using TFTP

TFTP is a simplified version of FTP that allows files to be transferred from one computer to another over a network, usually without the use of client authentication (for example, username and password).

The syntax is as follows:

copy tftp://hostname /ipaddress/directory-path pie name target-device [location {node-id | all}]

Example:
RP/0/RP0/CPU0:router# copy tftp://1.1.1.1/images/software.pie disk1:

Note


Some Cisco IOS XR images may be larger than 32 MB, and the TFTP services provided by some vendors may not support a file this large. If you do not have access to a TFTP server that supports files larger than 32 MB, download the software image using FTP or rcp as described in the following sections.


Using FTP

FTP servers require a username and password for each client request. Cisco IOS XR software sends the first valid username in the following list:

  1. The username and password specified in the copy command, if a username is specified. The syntax is as follows: copy ftp:// username : password @ hostname or ipaddress/directory-path/pie-name target-device [location {node-id | all}]
    Example:
    RP/0/RP0/CPU0:router# copy ftp://john:secret@10.1.1.1/images/software.pie disk1:
    
  2. An “anonymous” username and password. The anonymous password is “root@ip address,” where “ip address” is the IP address of the local networking device.
  3. A password “username@iosname.domain” formed by the networking device. The variable “username” is the username associated with the current session, “iosname” is the configured hostname, and “domain” is the domain of the networking device.

The username and password must be associated with an account on the FTP server. If you are writing to the network server, the FTP server must be properly configured to accept the FTP write request from the user on the networking device.

If the network server has a directory structure, the configuration file or image is written to or copied from the directory associated with the username on the network server. For example, if the system image resides in the home directory of a user on the network server, specify the name of that user as the remote username.

Refer to the documentation for your FTP server for more details.

Using rcp

The rcp protocol requires a username upon each request. When you copy a configuration file or image between the networking device and an rcp server, the Cisco IOS XR software sends the first valid username in the following list:

  1. The remote username specified in the copy command, if one is specified.
  2. The username set by the rcp client username command, if the command is configured.
  3. The networking device hostname.

For the rcp copy request to process successfully, an account must be defined on the network server for the remote username. If the network administrator of the destination server did not establish an account for the remote username, this command does not run successfully. If the network server has a directory structure, the configuration file or image is written to or copied from the directory associated with the remote username on the network server. For example, if the system image resides in the home directory of a user on the network server, specify the name of that user as the remote username.

If you are writing to the network server, the rcp server must be properly configured to accept the rcp write request from the user on the networking device. For UNIX systems, add an entry to the .rhosts file for the remote user on the rcp server. Suppose the networking device contains the following configuration lines:

hostname Rtr1
ip rcp remote-username User0
    

If the IP address of the networking device translates to company.com, then the .rhosts file for User0 on the rcp server should contain the following line:

company.com Rtr1
    

See the documentation for your rcp server for more details.

If you are using a personal computer as a file server, the computer must support remote shell (rsh) protocol.

Using xml-schema

Use the xml-schema keyword to obtain the most up-to-date XML schemas (.xsd files) from the router. Using this keyword is useful to prevent the use of outdated schemas in the event that router software updates include schema updates. The tar ball file includes all active schema files. It does not include schemas that are activated by specific package installation envelopes (PIEs) if those PIEs are not installed and activated on the router.

Copying to the Running Configuration

When you use the copy command to copy a configuration file to the running-config destination, the configuration in the file is applied to the running configuration of the system. This is a configuration operation. By default, the copy is carried out in a best-effort manner. This means that if some configuration lines from the file cannot be applied, the remaining configuration is still integrated into the system. In this case, a partial configuration is committed. When the atomic keyword is used, partial configurations are not committed. This means that even if one error occurs in the parsing or committing phase, no changes are made to the system. To view any errors when applying the configuration, use the show configuration failed command.

Task ID

Task ID

Operations

filesystem

execute

Examples

The following example shows how to copy a file from a FTP server to disk1:

RP/0/RP0/CPU0:router# copy ftp://john:secret@10.1.1.1/images/comp-hfr-full.pie disk1:



           

The following example shows how to copy a file from an rcp server to disk1:

RP/0/RP0/CPU0:router# copy rcp://john@10.1.1.1/images/comp-hfr-full.pie disk1:



  

The following example shows how to copy a file from a TFTP server to disk1:

RP/0/RP0/CPU0:router# copy tftp://10.1.1.1/images/comp-hfr-full.pie disk1:



  

description (ddos-tms)

To create a description for ddos-tms service, use the description command in DDoS TMS configuration mode. To delete ddos-tms service description, use the no form of this command.

description string

no description

Syntax Description

string

Character string describing the ddos-tms service.

Command Default

None

Command Modes

DDoS TMS configuration mode

Command History

Release Modification
Release 4.2.3

This command was introduced.

Usage Guidelines

Task ID

Task ID Operation

basic-services

read, write

Examples

The following example shows the creation of ddos-tms service description:

RP/0/RP0/CPU0:router# configure
RP/0/RP0/CPU0:router(config)# service sesh sesh1
RP/0/RP0/CPU0:router(config-sesh)# service-location preferred-active 0/1/CPU0
RP/0/RP0/CPU0:router(config-sesh)# service-type ddos-tms tms1 
RP/0/RP0/CPU0:router(config-ddos-tms)# description ddos TMS instance 1
RP/0/RP0/CPU0:router(config-ddos-tms)#

Related Commands

    service-type ddos-tms

     

    string

    Character string describing the Service Application Interface.

    Command Default

    None

    Command Modes

    Interface ServiceApp configuration mode

    Command History

    Release Modification
    Release 4.2.3

    This command was introduced.

    Usage Guidelines

    Task ID

    Task ID Operation

    interface

    read, write

    Examples

    The following example shows the creation of Service Application Interface description:

    RP/0/RP0/CPU0:router# configure
    RP/0/RP0/CPU0:router(config)# interface ServiceApp 11
    RP/0/RP0/CPU0:router(config-if)# description tms1 mgmt interface
    RP/0/RP0/CPU0:router(config-if)# 
    

    Related Commands

    hw-module location

    To configure various hardware attributes for a specific node, or for all nodes installed in the router, use the hw-module location command in EXEC or administration EXEC mode.

    EXEC Mode hw-module location node-id { maintenance-mode | reload { path | warm } }

    Administration EXEC Mode hw-module location node-id reload { path | warm }

    Syntax Description

    node-id

    Node whose hardware attributes you want to configure. The node-id is expressed in the rack/slot/module notation.

    Note   

    Enter the show platform command to see the location of all nodes installed in the router.

    maintenance-mode

    Brings the node down and puts the node into maintenance mode.

    reload

    Resets power-cycle, reloads hardware, or both on a specific node.

    path

    Specific image you want to download onto the specific node or nodes. Replace path with the TFTP or disk path to the image you want to download.

    warm

    Specifies a warm reload of the node.

    Command Default

    None

    Command Modes

    EXEC

    Administration EXEC

    Command History

    Release

    Modification

    Release 3.3.0

    This command was introduced.

    Release 3.4.0

    The maintenance-mode keyword was added in EXEC mode.

    Usage Guidelines

    To reset a specific node, or to put a node into maintenance mode, use the hw-module location command in EXEC mode.

    To reset a specific node or all nodes, use the hw-module location command in administration EXEC mode.


    Note


    Before reloading nodes, we recommend using the cfs check command to check the sanity of the configuration file system and attempt to recover from internal inconsistencies. You need to enter the cfs check command on each secure domain router (SDR) that has nodes impacted by the reload.


    Examples

    The following example shows how to reset the hardware on a specific node from EXEC mode:
    RP/0/RP0/CPU0:router # hw-module location 0/1/CPU0 reload
      
    The following example shows how to reset the hardware on a specific node from administration EXEC mode:
    RP/0/RP0/CPU0:router# admin
    RP/0/RP0/CPU0:router(admin)# hw-module location 0/3/CPU0 reload
           

    hw-module service sesh location

    To configure the service role as Service Engine Service Hosting (SESH) for the specified Carrier Grade Service Engine (CGSE) location, use the hw-module service sesh location command in global configuration mode. To remove SESH as the service role on the CGSE, use the no form of the command.

    hw-module service sesh location node-id

    no hw-module service sesh location node-id

    Syntax Description

    node-id

    Location of the CGSE where you want to configure the service role as SESH. The node-id argument is entered in the rack/slot/interface notation.

    Command Default

    None

    Command Modes

    Global configuration

    Command History

    Release Modification

    Release 4.2.0

    This command was introduced.

    Usage Guidelines

    Use this command to allow the CGSE to start the Network Positioning System (NPS) service on the Cisco CRS router.

    Task ID

    Task ID Operation

    root-lr

    read, write

    Examples

    This example shows how to set the service role as SESH on the CGSE.

    RP/0/RP0/CPU0:router# configure
    RP/0/RP0/CPU0:router(config)# hw-module service sesh location 0/3/CPU0
    RP/0/RP0/CPU0:router(config)# 

    Related Commands

    Command

    Description

    show running-config

    Displays the current running (active) configuration.  

    interface ServiceApp

    To enable the application SVI interface, use the interface ServiceApp command in global configuration mode. To disable a particular service application interface, use the no form of this command.

    interface ServiceApp value

    no interface ServiceApp value

    Syntax Description

    value

    Total number of service application interfaces to be configured. Range is from 1 to 2000.

    Command Default

    None

    Command Modes

    Global configuration

    Command History

    Release

    Modification

    Release 3.9.1

    This command was introduced.

    Usage Guidelines

    The total number of service application interfaces per multi-service PLIM card cannot exceed 889.


    Note


    The name of the serviceapp interfaces is serviceapp n where n can be a number between 1 to 2000.


    Task ID

    Task ID

    Operations

    interface

    read, write

    Examples

    This example shows how to configure a DDoS TMS service application interface:

    RP/0/RP0/CPU0:router#configure
    RP/0/RP0/CPU0:router(config)#interface ServiceApp 1
    RP/0/RP0/CPU0:router(config-if)#service sesh sesh1
    
    

    interface ServiceInfra

    To enable the infrastructure SVI interface, use the interface ServiceInfra command in global configuration mode. To disable a particular service infrastructure interface, use the no form of this command.

    interface ServiceInfra value

    no interface ServiceInfra value

    Syntax Description

    value

    Total number of service infrastructure interfaces to be configured. Range is from 1 to 2000.

    Command Default

    None

    Command Modes

    Global configuration

    Command History

    Release

    Modification

    Release 3.9.1

    This command was introduced.

    Usage Guidelines

    Only one service infrastructure interface can be configured per ISM.


    Note


    The Infra SVI interface and its IPv4 address configuration are required to boot the CGSE. The IPv4 address is used as the source address of the netflow v9 logging packet.


    Task ID

    Task ID

    Operations

    interface

    read, write

    Examples

    This example shows how to configure one service infrastructure interface:

    RP/0/RP0/CPU0:router# configure
    RP/0/RP0/CPU0:router(config)# interface ServiceInfra 1
    RP/0/RP0/CPU0:router(config-if)#ipv4 address 3.1.1.1 255.255.255.248
    RP/0/RP0/CPU0:router(config-if)#service-location 0/1/CPU0
    
    

    map (tms-scrb)

    To map the DDoS TMS Scrubber application with the offramp and onramp serviceApp interfaces use the map command in tms-scrb configuration mode. To remove the map, use the no form of the command.

    map ingress-interface ServiceApp <ID> egress-interface ServiceApp <ID>

    no map ingress-interface ServiceApp <ID> egress-interface ServiceApp <ID>

    Syntax Description

    ID

    Specifies the name of the ServiceApp interface in number. Range is from 1 to 2000.

    Command Default

    None

    Command Modes

    tms-scrb configuration mode

    Command History

    Release Modification
    Release 4.2.3

    This command was introduced.

    Usage Guidelines

    Task ID

    Task ID Operation
    basic-services

    read, write

    Examples

    The following example shows how to map the DDoS TMS Scrubber application with the offramp and onramp serviceApp interfaces:

    RP/0/RP0/CPU0:router# configure
    RP/0/RP0/CPU0:router(config)# service sesh sesh1
    RP/0/RP0/CPU0:router(config-sesh)# service-location preferred-active 0/1/CPU0
    RP/0/RP0/CPU0:router(config-sesh)# service-type ddos-tms tms1 
    RP/0/RP0/CPU0:router(config-ddos-tms)# application tms-scrb
    RP/0/RP0/CPU0:router(config-tms-scrb)# map ingress-interface ServiceApp 21 egress-interface ServiceApp 22
    RP/0/RP0/CPU0:router(config-tms-scrb)#
    

    Related Commands

    package

    To add the TMS–CGSE RPM image to a specific Service Engine Service Hosting (SESH) instance, use the package command in the DDoS TMS configuration .

    package package name

    Syntax Description

    package name

    Specifies the name of the TMS–CGSE RPM image that you want to run on a SESH instance.

    Note   

    The TMS–CGSE RPM image be in the tftp_root directory.

    Command Default

    None

    Command Modes

    DDoS TMS

    Command History

    Release Modification

    Release 4.2.3

    This command was introduced.

    Usage Guidelines

    It takes approximately 10 minutes for the application to start executing after committing the configuration.

    Task ID

    Task ID Operation

    basic-services

    read, write

    Examples

    This example shows how to add TMS–CGSERPM image to the specified SESH instance.

    RP/0/RP0/CPU0:router# configure
    RP/0/RP0/CPU0:router(config)# service sesh sesh1
    RP/0/RP0/CPU0:router(config-sesh)# service-type ddos-tms tms1
    RP/0/RP0/CPU0:router(config-ddos-tms)# package tms-cgse.rpm
    RP/0/RP0/CPU0:router

    Related Commands

    Command

    Description

    service sesh

    Configures the service hosting instance.  

    remote (tms-mgmt)

    To configure remote endpoint parameters, use the remote command in the TMS-MGMT application ServiceApp interface configuration mode. To remove the remote endpoint parameters, use the no form of the command.

    remote { ipv4 { address } A.B.C.D/prefix | ipv6 { address } X:X::X/length }

    no remote { ipv4 { address } A.B.C.D/prefix | ipv6 { address } X:X::X/length }

    Syntax Description

    ipv4 address

    Specifies IPv4 address of the remote endpoint.

    ipv6 address

    Specifies IPv6 address of the remote endpoint.

    A.B.C.D/prefix

    IPv4 address and prefix in A.B.C.D/prefix notation.

    X:X::X/length

    IPv6 address and prefix in X:X::X/length notation.

    Command Default

    None

    Command Modes

    TMS-MGMT application ServiceApp interface configuration mode

    Command History

    Release Modification
    Release 4.2.3

    This command was introduced.

    Usage Guidelines

    Task ID

    Task ID Operation
    basic-services

    read, write

    Examples

    The following example shows how to configure remote endpoint parameters:

    RP/0/RP0/CPU0:router# configure
    RP/0/RP0/CPU0:router(config)# service sesh sesh1
    RP/0/RP0/CPU0:router(config-sesh)# service-location preferred-active 0/1/CPU0
    RP/0/RP0/CPU0:router(config-sesh)# service-type ddos-tms tms1 
    RP/0/RP0/CPU0:router(config-ddos-tms)# application tms-mgmt
    RP/0/RP0/CPU0:router(config-tms-mgmt)# interface ServiceApp11
    RP/0/RP0/CPU0:router(config-intf)# remote ipv4 address 10.10.76.17/29
    RP/0/RP0/CPU0:router(config-intf)#
    

    Related Commands

    service-location (Serviceinfra)

    To specify the SESH service location of CGSE, use the service-location command in Interface ServiceInfra configuration mode. To remove the SESH service location specification, use the no form of the command.

    service-location node-id

    no service-location node-id

    Syntax Description

    node-id
    The CGSE node location in which the service role is configured as SESH. The node-id is expressed in the rack/slot/module notation.
    Note   

    Use the show platform command to view the location of all nodes installed in the router.

    Command Default

    None

    Command Modes

    Interface ServiceInfra configuration mode

    Command History

    Release Modification
    Release 3.9.1

    This command was introduced.

    Usage Guidelines

    Only one service infrastructure interface can be configured per CGSE.

    Task ID

    Task ID Operation
    basic-services

    read, write

    Examples

    The following example shows how to specify the SESH service location of CGSE:

    RP/0/RP0/CPU0:router# configure
    RP/0/RP0/CPU0:router(config)# interface ServiceInfra 1
    RP/0/RP0/CPU0:router(config-if)# service-location 0/1/CPU0
    RP/0/RP0/CPU0:router(config-if)#
    

    service-location preferred-active (SESH)

    To specify the CGSE card location for the SESH instance, use the service-location preferred-active command in SESH configuration mode. To remove the SESH instance location specification, use the no form of the command.

    service-location preferred-active node-id

    no service-location preferred-active node-id

    Syntax Description

    preferred-active node-id
    Specifies the location in which the active TMS application starts. The node-id argument is entered in the rack/slot/module notation.
    Note   

    Only one active card is supported with no failover.

    Command Default

    None

    Command Modes

    SESH configuration mode

    Command History

    Release Modification
    Release 3.9.1

    This command was introduced.

    Usage Guidelines

    Task ID

    Task ID Operation
    basic-services

    read, write

    Examples

    The following example shows how to specify the CGSE card location for the SESH instance:

    RP/0/RP0/CPU0:router# configure
    RP/0/RP0/CPU0:router(config)# service sesh sesh1
    RP/0/RP0/CPU0:router(config-sesh)# service-location preferred-active 0/1/CPU0
    

    Related Commands

    Command

    Description

    service-type ddos-tms

    Sets the service type as DDoS TMS.  

    service sesh

    To configure the Service Engine Service Hosting (SESH) instance, use the service sesh command in global configuration mode.

    service sesh instance-name

    Syntax Description

    instance-name

    Specifies the name of the service hosting instance on the Carrier Grade Service Engine (CGSE).

    Command Default

    None

    Command Modes

    Global configuration

    Command History

    Release Modification

    Release 4.2.0

    This command was introduced.

    Usage Guidelines

    Task ID

    Task ID Operation

    basic-services

    read, write

    Examples

    This example shows how to configure the instance on the SESH.

    RP/0/RP0/CPU0:router# configure
    RP/0/RP0/CPU0:router(config)# service sesh instance1
    RP/0/RP0/CPU0:router(config)#
    

    Related Commands

    Command

    Description

    show running-config

    Displays the current running (active) configuration.  

    service-type ddos-tms

    To set the service type as DDoS TMS, use the service-type ddos-tms command in SESH configuration mode. To remove the DDoS TMS service type, use the no form of the command.

    service-type ddos-tms TMS-name

    no service-type ddos-tms TMS-name

    Syntax Description

    TMS-name

    Assigns a name to the DDoS TMS service type.

    Command Default

    None

    Command Modes

    SESH Configuration mode

    Command History

    Release Modification
    Release 4.2.3

    This command was introduced.

    Usage Guidelines

    Task ID

    Task ID Operation
    basic-services

    read, write

    Examples

    The following example shows how to set the service type as DDoS TMS:

    RP/0/RP0/CPU0:router# configure
    RP/0/RP0/CPU0:router(config)# service sesh sesh1
    RP/0/RP0/CPU0:router(config-sesh)# service-location preferred-active 0/1/CPU0
    RP/0/RP0/CPU0:router(config-sesh)# service-type ddos-tms tms1
    RP/0/RP0/CPU0:router(config-ddos-tms)# 
    

    Related Commands

    Command

    Description

    service-location preferred-active (SESH)

    Specifies the CGSE card location for the SESH instance.  

    show controllers services boot-params location

    To display the parameters for the Carrier Grade Service Engine (CGSE) card, use the show controllers services boot-params location command in the EXEC mode.

    show controllers boot-params location node-id

    Syntax Description

    node-id

    Location of the CGSE for which you want to display parameters. The node-id argument is entered in the rack/slot/interface notation.

    Command Default

    None

    Command Modes

    EXEC

    Command History

    Release Modification

    Release 4.2.0

    This command was introduced.

    Usage Guidelines

    Task ID

    Task ID Operation

    sonet-sdh

    read

    dwdm

    read

    interface

    read

    drivers

    read

    Examples

    This example show sample output of the parameters for the CGSE card.

    RP/0/RP0/CPU0:router# show controllers services boot-params location 0/3/CPU0
    Tue Mar  6 13:58:28.676 PST
    =============================================
                   Boot Params 
    =============================================
    
    Phase of implementation  : 1 
    Application              : SESH
    
    MSC ipv4 address       : 192.0.2.1
    Octeon0 SVC IPv4 addr    : 192.0.2.3 
    Octeon1 SVC IPv4 addr    : 192.0.2.4 
    Octeon2 SVC IPv4 addr    : 192.0.2.5 
    Octeon3 SVC IPv4 addr    : 192.0.2.6 
    ipv4 netmask             : 255.255.255.0
    
    MSC ipv6 address         : ::
    Octeon ipv6 address      : ::
    ipv6 netmask             : ::
    
    Tx uidb index            : 1 
    Rx uidb index            : 1 
     
    SVI VRF Name     : DUMMY_VRF_NAME    index 1610612736 
    
    Domain Name       :   
    
    MAC 0 : 00:15:63:58:bd:10   
    MAC 1 : 00:15:63:58:bd:11   
    MAC 2 : 00:15:63:58:bd:12   
    MAC 3 : 00:15:63:58:bd:13   
    
    Rack# : 0 
    Slot# : 3 
    Tile# : 0 
    
    

    show running-config

    To display the contents of the currently running configuration or a subset of that configuration, use the show running-config command in the appropriate mode.

    show running-config [ [exclude] command ] [sanitized]

    Syntax Description

    exclude

    (Optional) Excludes a specific configuration from the display.

    command

    (Optional) Command for which to display the configuration.

    sanitized

    (Optional) Displays a sanitized configuration for safe distribution and analysis.

    Command Default

    The show running-config command without any arguments or keywords displays the entire contents of the running configuration file.

    Command Modes

    EXEC

    Administration EXEC

    Command History

    Release

    Modification

    Release 2.0

    This command was introduced.

    Usage Guidelines

    You can display either the entire running configuration, or a subset of the running configuration. The subset may be all the commands within a specified command mode.


    Note


    In Cisco IOS XR software, the running configuration is automatically used at system startup, reset, or power cycle. The running configuration is the committed configuration.


    Sanitized Output

    Use the show running-config command with the sanitized keyword to display the contents of the active running configuration without installation-specific parameters. Some configuration details, such as IP addresses, are replaced with different addresses. The sanitized configuration can be used to share a configuration without exposing the configuration details.

    Command Modes

    When the show running-config command is entered in administration configuration mode, the configuration for the administration plane is displayed, including the configured logical routers for the system. When the show running-config command is entered in any global configuration mode, or in EXEC mode, the configuration for the specific secure domain router (SDR) is displayed.

    The inheritance and no-annotations keywords are not supported in administration EXEC or configuration modes.

    Excluding Parts of the Display

    Use the exclude keyword followed by a command argument to exclude a specific configuration from the display.

    Task ID

    Task ID

    Operations

    config-services

    read

    Examples

    This example shows how to enter the show running-config command with the question mark (?) online help function to display the available subsets of the running configuration that can be entered to display a subset of the running configuration:

    RP/0/RP0/CPU0:router# show running-config ?
      
    aaa               Authentication, Authorization and Accounting
    alias             Create an alias for entity
    aps               Configure SONET Automatic Protection Switching (APS)
    arp               Global ARP configuration subcommands
    as-path           BGP autonomous system path filter
    as-path-set       Define an AS-path set
    banner            Define a login banner
    cdp               Enable CDP, or configure global CDP subcommands
    cef               CEF configuration commands
    cinetd            Global Cisco inetd configuration commands
    class-map         Configure QoS Class-map command
    clock             Configure time-of-day clock
    community-list    Add a community list entry
    community-set     Define a community set
    controller        Controller configuration subcommands
    dhcp              Dynamic Host Configuration Protocol
    domain            Domain service related commands
    exception         Coredump configuration commands
    exclude           Exclude a feature or configuration item from display
    explicit-path     Explicit-path config commands
    extcommunity-set  Define an extended communitiy set
    fault             Fault related commands
    forward-protocol  Controls forwarding of physical and directed IP broadcasts
    ftp               Global FTP configuration commands
    --More--
      

    In this example, the show running-config command is used to display the running configuration for Packet-over-SONET/SDH (POS) interface 0/2/0/1:

    RP/0/RP0/CPU0:router# show running-config interface pos 0/2/0/1
      
    interface POS0/2/0/1
    ipv4 address 10.0.0.0 255.0.0.0  
      

    This example shows sample output from the show running-config command with the sanitized keyword displays a sanitized version of the running configuration. The sanitized configuration can be used to share a configuration without exposing specific configuration details.

    RP/0/RP0/CPU0:router# show running-config sanitized                                                 
    
    Building configuration...                         
      
    !! Last configuration change at 05:26:50 UTC Thu Jan 19 2009 by <removed>
    !
    snmp-server traps fabric plane
    snmp-server traps fabric bundle state
    hostname <removed>
    line console
    exec-timeout 0 0
    !
    exception choice 1 compress off filepath <removed>
    logging console debugging
    telnet vrf <removed> ipv4 server max-servers no-limit
    snmp-server ifindex persist
    snmp-server host 10.0.0.1 traps version <removed> priv <removed> udp-port 2555
    snmp-server view <removed> <removed> included
    snmp-server community <removed> RO LROwner
    snmp-server community <removed> RO LROwner
    snmp-server group <removed> v3 priv read <removed> write <removed>
    snmp-server traps snmp
    snmp-server traps syslog
    interface Loopback10
    !
    interface Loopback1000
    !
     --More--  
      

    This example shows sample output for the SESH on the Carrier Grade Service Engine (CGSE).

    RP/0/RP0/CPU0:router# show running-config service sesh
    Thu Mar  1 13:06:45.023 PST
    service sesh instance1
     service-location preferred-active 0/3/CPU0
     service-type nps nps-1
      forced-placement npu 0
      tunnel type gre
       name gre10
       tunnel-destination ipv4 address 209.165.200.225
       ipv4 address 192.0.2.6/24
       remote ipv4 address 192.0.2.5/24
       tunnel-source ipv4 address 209.165.200.226
      !
      package nps-mips64-r2.rpm
      interface ServiceApp1
       remote ipv4 address 209.165.200.227/24
      !
     !
    !

    show service sesh instance

    To display the state of the service application, use the show service sesh instance command in the EXEC mode.

    show service sesh instance name of instance

    Syntax Description

    name of instance

    Specifies the name of the Service Engine Service Hosting (SESH) instance.

    Command Default

    None

    Command Modes

    EXEC

    Command History

    Release Modification

    Release 4.2.0

    This command was introduced.

    Usage Guidelines

    Task ID

    Task ID Operation

    ic-services

    read

    Examples

    This example shows the state of an SESH instance.

    RP/0/RP0/CPU0:router# show service sesh instance instance1
    service sesh instance instance1 
    
    Service Infra instance sesh1 
    
    Application tms1 hosted on Location 0/3/CPU0 
    
    Octeon 0 
    
    State - UP - Application Spawned and Service App Interfaces Ready 
    
    Error Messages - None 
    
    
    Table 2 show service sesh instance Command Field Descriptions
    Field Description

    State

    Displays the state of the application. Values are:
    • INIT—Application configuration download is initiated.
    • WAITING—Application download is complete, but the service application interface is not ready.
    • UP—Application download is complete, and the service application interface is ready.

    Error Messages

    Displays error messages if the service application is missing or not configured.

    Related Commands

    Command

    Description

    service sesh

    Configures the service hosting instance.  

    show services role

    To display the current service role on service cards, use the show services role command in

    EXEC

    mode.

    show services role [detail] [ location node-id ]

    Syntax Description

    detail

    Displays the reason a role has not been enacted, if applicable.

    location node-id

    Location for which to display the specified information. The node-id argument is entered in the rack/slot/module notation.

    Command Default

    No default behavior or values

    Command Modes

    EXEC

    Command History

    Release

    Modification

    Release 3.5.0

    This command was introduced.

    Usage Guidelines

    Task ID

    Operations

    interface

    read

    Examples

    This example displays sample output from the show services role command:

    RP/0/RP0/CPU0:router# show services role
    Thu Mar  1 14:53:55.530 PST
    Node       Configured Role     Enacted Role        Enabled Services
    -----------------------------------------------------------------------------
    0/3/CPU0   SESH                SESH                 ServiceInfra 
      

    vrf

    To configure a VPN routing and forwarding (VRF) instance for a routing protocol, use the vrf command in router configuration mode. To place a service interface in VRF, use the command in Service Application Interface mode. To disable the VRF instance, use the no form of this command.

    vrf vrf-name

    no vrf vrf-name

    Syntax Description

    vrf-name

    Name of the VRF instance. The following names cannot be used: all, default, and global.

    Command Default

    All routing protocols insert their routes into a VRF's routing table.


    Note


    The number of supported VRFs is platform specific.


    Command Modes

    Router configuration

    Service Application Interface configuration

    Command History

    Release

    Modification

    Release 3.3.0

    This command was introduced.

    Usage Guidelines

    Task ID

    Task ID

    Operations

    ip services (Router Configuration mode)

    read, write

    interface (Service Application Interface configuration mode)

    read, write

    Examples

    The following example shows how to configure VRF using the vrf command:

    RP/0/RP0/CPU0:router# config
    RP/0/RP0/CPU0:router(config)# vrf client