Downloads |
Table Of Contents
Universal Transport Interface (UTI)
UTI Operation in 7000, 10700, and 12000 Series Routers
Tunnel Cards in 12000 Series Internet Routers
Frame Relay Subinterface Support
Line Cards for UTI Frame Relay Subinterfaces
Line Cards for UTI VLAN Subinterfaces
Limitations Specific to 12000 Series Internet Routers
Frame Relay Subinterface Restrictions
UTI VLAN Subinterface Restrictions
Supported Standards, MIBs, and RFCs
Configure the Interface for UTI Operation
Configure the Tunnel Card (12000 Series Internet Routers Only)
Verify the Route to the Tunnel Destination End Point
Display Statistics for an Interface
Configuration Examples for the 7200, 7500, and 10700 Series Routers
Configure the Interface for UTI
Configure the VLAN subinterface for UTI on a 10700 Router
Configure the TLS for VLAN subinterface for UTI on a 10700 Router
Configuration Examples for 12000 Series Internet Routers
Configure the Interface for UTI
hw-module slot <x> mode server
Universal Transport Interface (UTI)
Feature History
Note
The UTI functionality in IOS Release 12.0(18)S is not supported in the 12.0(18)ST release. However, in IOS Release 12.0(19)S and later, all UTI functionality supported in the S train is also supported in the ST train.
This feature module describes the Universal Transport Interface (UTI) and includes the following sections:
•
Feature Overview
The Universal Transport Interface (UTI) feature allows a pair of routers connected via an IP network to provide high-speed transparent Layer 2 connectivity between a pair of interfaces. This functionality can be used to build Layer 2 Virtual Private Networks (VPNs) or to support legacy network migration. UTI tunnels are available with the basic IP package. Frame Relay subinterfaces are supported with Cisco IOS release 12.0(19)S or later.
This section includes information on the following topics:
•
•
•
UTI Operation in 7000, 10700, and 12000 Series Routers
This document discusses session-based UTI, wherein all traffic between two customer network sites is encapsulated in an IP packet and sent across an IP network. The internal routers of the IP network treat the traffic as any other IP packet and do not need to know anything about the customer networks. This process is known as Layer 2 tunnelling and is represented in Figure 1.
Figure 1 UTI Operation
In Figure 1, Routers R1 and R2 provide UTI services. These routers communicate with each other using the IP protocol through a path comprising the interface int2, the IP network, and interface int3.
In this example, routers R3 and R4 communicate through Packet Over SONET (POS) or Ethernet interfaces using a UTI tunnel. The UTI tunnel tu1is configured between interface int1 on R1 and interface int4 on R2. Any packet arriving on interface int1 on R1 is encapsulated in UTI and sent via the tunnel (tu1) to R2. R2 decapsulates the packet and transmits it on interface int4 to R4. When R4 needs to send a packet to R3, the packet follows the same path in reverse.
Please note the following regarding UTI operation:
•
•
•
•
•
•
Tunnel Cards in 12000 Series Internet Routers
Cisco 12000 series Internet routers require additional tunnel cards for UTI operation. Tunnel cards are not used with 7200, 7500, and 10700 series routers.
Figure 2 UTI Packet Handling Using Tunnel Cards
Note
Actions on the Encapsulation Router
In Figure 2, traffic from the customer network on site 1 is sent to an ingress interface on the provider network edge router. When the interface is configured for UTI tunnelling, all arriving packets are forwarded to the tunnel card. The tunnel card encapsulates the packet with an encapsulation header containing the IP and UTI header information.
The encapsulated packet is then sent to the appropriate egress card, which sends the packet to the IP network as a normal IP packet.
Actions on the Tunnel Decapsulation Router
When an encapsulated UTI packet arrives at the tunnel card, the packet is checked for a valid session ID and a matching UTI key. If any of the two are not correct, the packet is silently dropped (the user is not notified). If the session ID and UTI key are correct, the tunnel card decapsulates the packet (by removing the IP+UTI header) and sends the packet to the egress card. The egress card then sends the packet to the customer network. It does not add a new Layer 2 header (the Layer 2 header is carried from the origin of the tunnel).
Note
Frame Relay Subinterface Support
UTI is supported on Frame Relay point-to-point subinterfaces in the 12000, 7200 and 7500 routers with Cisco IOS release 12.0(19)S or later.
See the following sections for additional information on the features and configuration of subinterfaces:
•
•
•
•
Line Card Support for Frame Relay Subinterfaces
UTI is supported on Frame Relay subinterfaces in Engine 0 and Engine 2 line cards only.
Engine 0 Support
Frame Relay subinterfaces on Engine 0 line cards now support three modes of operation: UTI, DLCI switching and IP termination. All three modes can be configured on a single physical port at the same time.
Engine 2 Support
Frame Relay subinterfaces on Engine 2 line cards now support three modes of operation: UTI, DLCI switching and IP termination. However, all three modes can not be configured on a single physical port at the same time.
Table 1 shows the possible combinations of Frame Relay modes that can be configured on the subinterfaces of a single physical port in Engine 2 line cards.
VLAN Subinterface Support
The UTI VLAN feature extends UTI-Raw tunneling to VLANs for Cisco 10700 and 12000 series Internet routers. This feature allows you to configure a UTI tunnel and bind it to an 802.1Q VLAN subinterface provisioned on an Ethernet port in the router.
For example, in Figure 1, you can configure UTI VLAN subinterfaces on routers R1 and R2. Traffic coming from each VLAN subinterface is transparently tunneled across the IP network to the other end of the tunnel. The UTI tunnel transports 802.1Q ARPA, 802.1Q SAP, and 802.1Q SNAP encapsulated Ethernet frames between the two customer VLAN segments.
On Cisco 10700 series Internet routers with 802.1Q VLAN subinterfaces configured, if you apply a UTI tunnel to the main interface, all 802.1Q VLANs are transparently tunneled across the IP network, resulting in a complete Transparent LAN Services solution.
In Cisco 12000 series Internet routers, UTI VLAN is implemented with a tunnel card. For information about how a tunnel card supports UTI tunneling and encapsulates/decapsulates packets, see Tunnel Cards in 12000 Series Internet Routers.
•
•
•
See the following sections for additional information on the features and configuration of UTI VLAN subinterfaces:
•
•
•
•
UTI Header Description
Each UTI packet contains a UTI header that includes a unique tunnel ID representing one tunnel.
The UTI tunnel ID and the UTI session ID are assigned via the Command Line Interface (CLI). Refer to Configuration Tasks for more information on the CLI commands for UTI.
The format of a UTI header is represented in Figure 3.
Figure 3 UTI Session Format
UTI Tunnel ID
The tunnel ID identifies the tunnel context on the decapsulating system. The value of the tunnel ID is selected to optimize the context identification efficiency of the decapsulating system. A decapsulation implementation may therefore elect to support a smaller tunnel identifier bit field. In this implementation this was achieved by setting an upper value for the UTI tunnel identifier of 1023. The UTI Tunnel Identifier value 0 is reserved for use by the protocol.
Note
UTI Tunnel Key
The tunnel key is an 8-octet signature that is shared between the two end-points of a UTI tunnel. This tunnel key reduces the chance that contamination of the decapsulated traffic will occur due to error in configuration. This signature is configured at both the source and destination routers and must match or the data will be dropped. The value of the tunnel key should be chosen for maximum opacity.
UTI Keepalive
The keepalive feature is implemented as a request/response mechanism between the interfaces at each end of a UTI tunnel. The keepalive function periodically monitors the status of the UTI tunnel and informs the user about the tunnel status and the reason for any failure.
The keepalive signal is very useful to rapidly detect interface failures. Use the keepalive command to better monitor and maintain UTI tunnel configurations.
If one of the endpoints of a UTI tunnel is a Cisco 10720 Internet Router and the other end is a Cisco 7000 series or Cisco 12000 series router, you must also use the tunnel uti keepalive old command to ensure 10720 and non-10720 interoperability.
Benefits
UTI allows provides a simple to integrate Layer 2 VPN model for both internal and external use. This enables:
•
•
•
When configuring UTI on a 10720 Internet router, you can also configure Quality of Service (QoS) parameters, such as:
•
•
Restrictions
This section contains information on the following:
•
•
•
•
•
•
Line Cards for UTI Interfaces
This section specifies the line cards that provide interface support for UTI tunnels. For information on the line cards that support subinterfaces, see Line Cards for UTI Frame Relay Subinterfaces.
UTI Interface Support for Line Cards facing the Customer Network Site (Ingress Encapsulation and Egress Decapsulation)
The line cards in Table 2 are used for the interfaces that face the customer network site. These cards provide interface support for UTI tunnels in the 12000 series Internet routers.
Note
Interface Support for Line Cards Facing the Backbone (Egress Encapsulation and Ingress Decapsulation)
The line cards in Table 3 are used for the interfaces that face toward the backbone. These line cards provide interface support for UTI tunnels in 12000 series Internet routers.
Line Cards for UTI Frame Relay Subinterfaces
This section specifies the line cards that support UTI in Frame Relay subinterfaces. For information on the line cards that support regular interfaces, see Line Cards for UTI Interfaces.
Subinterface Support for Line Cards Facing the Customer Network Site (Ingress Encapsulation and Egress Decapsulation)
The line cards in Table 2 are used for the subinterfaces that face the customer network site. These cards provide sub- interface support for UTI tunnels with Cisco IOS 12.0(19)S or later.
Subinterface Support for Line Cards Facing the Backbone (Egress Encapsulation and Ingress Decapsulation)
The line cards in Table 5 are used for the subinterfaces that face toward the backbone. These line cards provide sub- interface support for UTI tunnels with Cisco IOS 12.0(19)S or later.
Line Cards for UTI VLAN Subinterfaces
This section specifies the line cards that support UTI VLAN subinterfaces in Cisco 12000 series Internet routers. For information on the line cards that support standard UTI interfaces, see Line Cards for UTI Interfaces.
Subinterface Support for Line Cards Facing the Customer Network Site (Ingress Encapsulation and Egress Decapsulation)
The line cards in Table 6 are used for the subinterfaces that face the customer network site. These cards provide sub- interface support for UTI tunnels with Cisco IOS 12.0(21)S or later.
Table 6 describes the additional memory required by each VLAN 802.1Q line card for packet encapsulation at the ingress interface from the customer network.
8pFE 1pGE Line Cards
For 8pFE and 1pGE line cards, when the first UTI tunnel is bound to a VLAN port interface, the software switching vector of the port is reset to use the UTI VLAN forwarding path. If a packet arriving from the customer network is encapsulated in 802.1Q format with a VLAN ID configured for a UTI tunnel, the packet is forwarded by the UTI VLAN forwarding path to the tunnel card.
All other packets are sent on the normal forwarding path if either of the following are true:
•
•
When UTI VLAN is configured on 8pFE and 1pGE line cards, no significant change takes place in the rate of large packet forwarding.
When the last UTI VLAN tunnel is unbound from a port, the switching vector is restored to the normal forwarding path. There is no further performance impact.
3pGE Line Cards
Before a 3pGE line card is configured for UTI VLAN, packets are forwarded as shown in Table 7.
After a 3pGE line card is configured for UTI VLAN, packets are forwarded as shown in Table 8.
Table 8 Packet Forwarding on 3pGE Line Cards with UTI VLAN
L2 Encapsulation
VLAN ID UTI bound
Yes
Off
UTI-Raw for port
All
N/A
Fast
UTI VLAN
ARPA
SNAP
SAPN/A
Slow
802.1Q ARPA
802.1Q SNAP
802.1Q SAPYes
Fast
No
Slow for 802.1Q ARPA
Slow for 802.1Q SAP/SNAP
No
On
Refer to the entries in Table 7.
General Limitations
•
•
•
The size of IP packets flowing through the IP backbone network is:
20 bytes (IP header) + 12 bytes (UTI header) + x bytes (UTI payload that consists of the complete L2 frame, including the L2 header), where x is one of the following values:802.1Q ARPA = 18
Ethernet ARPA = 14
Frame Relay = 4
HDLC = 4The MTU of any link in the IP backbone must therefore be equal to or greater than the IP packet size on the pseudo-wire which is 32 + x bytes, where x is one of the L2 frame values described in the preceding paragraph.
On Cisco 10700 series Internet routers, a new CLI command allows you to configure the MTU to a maximum of 2000 bytes on Fast Ethernet interfaces that act as UTI backbone interfaces.
•
For customer networks that use ISIS, the ISIS administrator specifies a guaranteed MTU that can successfully propagate through the network. As a result, the ISIS protocol packs link state information into units of the guaranteed size. If packets cannot traverse the network, ISIS recognizes the link as being unavailable and routes around it.
With respect to UTI, when the encapsulation header is added to the default ISIS packet size of 1492 bytes, the resulting packet size may exceed the MTU of certain networks (or segments) along the backbone. As specified in the previous bulleted item, the backbone MTU must be greater than the MTU on the pseudo-wire. Any packet with a combined size (UTI and L2 headers) that exceeds the backbone MTU will be dropped. For example, if one of the backbone segments is Ethernet (with an MTU of 1500 bytes), and the default ISIS packet size is used, the ISIS/UTI configuration would fail. The packets would not be able to traverse the tunnel and ISIS would recognize the link as being unavailable.
The only workaround is to use the pseudo-wire MTU as the MTU for ISIS packets in the ISIS network.
Limitations Specific to 12000 Series Internet Routers
This section describes the restrictions that apply only to 12000 series Internet routers.
General Limitations
Using loopback addresses assigned to UTI tunnels as destinations for routing protocols is not recommended: this will consume bandwidth on the tunnel card installed in a 12000 series Internet router.
Tunnel Card Support
•
•
•
•
Feature Support on non-UTI Ports of an Ingress UTI Card
Table 9 summarizes the features supported or not supported on the non-UTI ports of an ingress UTI line card. Please review the comments below for additional descriptions of these restrictions.
Table 9 Feature Support on non-UTI Ports of an Ingress UTI Card
•
•
•
•
Output ACL Support on a Router with Ingress UTI
If Output ACLs are configured on any line card in the router, the ingress UTI on Engine 2 cards will not be supported (see Table 10).
Table 10 Output ACL Support on the Router with Ingress UTI
Frame Relay Subinterface Restrictions
•
•
•
•
•
•
•
•
UTI VLAN Subinterface Restrictions
•
–
–
•
•
•
This restriction does not apply to Cisco 10700 series Internet routers. You can apply a UTI tunnel to a 10700 port interface to provide Transparent LAN Services (TLS) across the IP network.
•
–
–
•
–
–
–
To avoid the error message, first unbind the UTI tunnel before you delete the subinterface.
Related Documents
General Configuration
•
•
•
Cisco Express Forwarding
•
•
•
IP Routing and Addressing
•
•
Frame Relay
•
•
•
Interface Configuration
•
•
Supported Platforms
•
•
•
•
Determining Platform Support Through Feature Navigator
Cisco IOS software is packaged in feature sets that support specific platforms. To get updated information regarding platform support for this feature, access Feature Navigator. Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.
Feature Navigator is a web-based tool that enables you to quickly determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image.
To access Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions at http://www.cisco.com/register.
Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Feature Navigator home page at the following URL:
http://www.cisco.com/go/fn
Supported Standards, MIBs, and RFCs
Standards
No new or modified standards are supported by this feature.
MIBs
No new or modified MIBs are supported by this feature.
To obtain lists of supported MIBs by platform and Cisco IOS release, and to download MIB modules, go to the Cisco MIB web site on Cisco Connection Online (CCO) at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
RFCs
No new or modified RFCs are supported by this feature.
Prerequisites
•
•
•
–
–
•
•
–
–
Configuration Tasks
See the following sections for configuration tasks for the Universal Transport Interface feature.
•
•
•
–
–
–
•
•
•
Define a Loopback Address
Define a loopback address to act as a reference for decapsulation.
Define the Tunnel
The tunnel must be bound to a physical interface, the source and destinations must be identified, and it must be set in UTI.
To define the tunnel, complete the steps below for both routers.
Configure the Interface for UTI Operation
Follow the instructions in this section to configure UTI operation in the appropriate interface. These steps must be completed for the routers at both ends of the tunnel.
•
•
Configure an Ethernet Interface
Follow the steps below to change the selected Ethernet interface to UTI, bind it to the tunnel, and start it
.
Configure a POS Interface
Follow the steps below to change the selected POS interface to UTI, bind it to the tunnel and start it
.
Configure a Frame Relay Subinterface
To configure a UTI Frame Relay subinterface, the port must first be configured for Frame Relay encapsulation. The sub-interface is then selected, bound to a unique DLCI and to a UTI tunnel.
Configure a VLAN Subinterface
To configure a UTI VLAN subinterface, you must first configure a selected Ethernet port for VLAN 802.1Q encapsulation. Then you must bind the interface to a UTI tunnel and start it
.
Configure Routing
Complete the following steps for the routers at both ends of the tunnel.
Configure the Tunnel Card (12000 Series Internet Routers Only)
UTI on the 12000 series Internet Router requires a tunnel card. This tunnel card must be an Engine 2 OC-48 POS card. Tunnel cards are not required with 7200, 7500, and 10700 series routers.
The tunnel cards must be configured in both routers. Complete the steps below for the tunnel cards in both routers. For each card, you must disable keepalives and the Cisco Discovery Protocol before the card is configured as a tunnel card. The interface must also be IP enabled with either the ip unnumbered command or the ip address command. Once these steps are complete, the card can be configured as a tunnel card.
Note
Verify the Route to the Tunnel Destination End Point
Step 1
uti-egress#show running-config interface tunnel2000Building configuration...Current configuration :262 bytes!interface Tunnel2000no ip addressno ip directed-broadcasttunnel source Loopback10tunnel destination 200.200.200.200tunnel mode uti rawtunnel key 123457tunnel uti high-key 1515870811tunnel uti local-session 52tunnel uti remote-session 69endStep 2
uti-egress#show running-config interface pos 5/2.1Building configuration...Current configuration :124 bytes!interface POS5/2.1 point-to-pointno ip directed-broadcastframe-relay interface-dlci 31uti-tunnel Tunnel1000endStep 3
uti-egress#show ip routeCodes:C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRGateway of last resort is not set200.200.200.0/32 is subnetted, 1 subnetsO 200.200.200.200 [110/2] via 15.0.0.2, 20:30:28, POS5/0100.0.0.0/24 is subnetted, 1 subnetsC 100.100.100.0 is directly connected, Loopback1010.0.0.0/24 is subnetted, 1 subnetsC 10.1.1.0 is directly connected, Ethernet044.0.0.0/24 is subnetted, 1 subnetsC 44.44.44.0 is directly connected, Loopback015.0.0.0/24 is subnetted, 1 subnetsC 15.0.0.0 is directly connected, POS5/0
Display Statistics for an Interface
Enter the following commands to view statistics and accounting for a UTI interface.
Step 1
uti-egress# show interface POS6/0 accountingPOS6/0Protocol Pkts In Chars In Pkts Out Chars OutIP 4 1540 0 0CDP 2 620 2 620Step 2
show frame-relay pvc dlci.uti-egress# show frame-relay pvc 31PVC Statistics for interface POS5/2 (Frame Relay DTE)DLCI = 31, DLCI USAGE = LOCAL, PVC STATUS = STATIC, INTERFACE = POS5/2.1input pkts 0 output pkts 0 in bytes 0out bytes 0 dropped pkts 0 in FECN pkts 0in BECN pkts 0 out FECN pkts 0 out BECN pkts 0in DE pkts 0 out DE pkts 0out bcast pkts 0 out bcast bytes 0pvc create time 00:01:06, last time pvc status changed 00:01:06Step 3
show interface tunnelnumber accounting. This command displays the number of packets of each protocol type that have been sent through the interface.uti-egress#show interface Tunnel1000 accountingTunnel1000Protocol Pkts In Chars In Pkts Out Chars OutIP 27 4154 11 1360
Note
Configuration Examples
This section provides the following configuration examples:
Configuration Examples for the 7200, 7500, and 10700 Series Routers
•
•
•
Configuration Examples for 12000 Series Internet Routers
•
–
–
An example of a basic UTI configuration is shown in Figure 4. Be sure to complete all steps in Configuration Tasks.
Figure 4 Sample of a Basic UTI Configuration
Configuration Examples for the 7200, 7500, and 10700 Series Routers
Define the Loopback Address
This example defines the loopback address to act as a reference for decapsulation.
Router1(config)#interface loopback1Router1(config-if)#ip address 7.7.7.7 255.255.255.255Router1(config-if)#endRouter2(config)#interface loopback2Router2(config-if)#ip address 8.8.8.8 255.255.255.255Router2(config-if)#endDefine the Tunnel
This example binds the tunnel to a physical interface, identifies the source and destination, and sets the tunnel in UTI.
Router1(config)#interface Tunnel1Router1(config-if)#ip unnumbered fastethernet 2/1Router1(config-if)#tunnel source Loopback1Router1(config-if)#tunnel destination 8.8.8.8Router1(config-if)#tunnel mode uti rawRouter1(config-if)#tunnel key 123456789Router1(config-if)#tunnel uti high-key 7654321Router1(config-if)#tunnel uti local-session 314Router1(config-if)#tunnel uti remote-session 159Router2(config)#interface Tunnel2Router2(config-if)#ip unnumbered fastethernet 2/1Router2(config-if)#tunnel source Loopback2Router2(config-if)#tunnel destination 7.7.7.7Router2(config-if)#tunnel mode uti rawRouter2(config-if)#tunnel key 123456789Router2(config-if)#tunnel uti high-key 7654321Router2(config-if)#tunnel uti local-session 159Router2(config-if)#tunnel uti remote-session 314endConfigure the Interface for UTI
This example changes the selected interface to UTI, binds it to the tunnel, and starts it. This example is for an Ethernet interface.
Router1(config)#interface FastEthernet3/0Router1(config-if)#no ip addressRouter1(config-if)#uti-tunnel Tunnel1Router2(config)#interface FastEthernet1/0Router2(config-if)#no ip addressRouter2(config-if)#uti-tunnel Tunnel2endConfigure the VLAN subinterface for UTI on a 10700 Router
This example changes the selected subinterface to UTI, binds it to the tunnel, and starts it. This example is for a 802.1Q Fast Ethernet subinterface.
Router1(config)#interface FastEthernet2/1.2Router1(config-if)#encapsulation dot1q 2Router1(config-if)#no ip addressRouter1(config-if)#uti-tunnel Tunnel1Router2(config)#interface FastEthernet2/3.2Router2(config-if)#encapsulation dot1q 2Router2(config-if)#no ip addressRouter2(config-if)#uti-tunnel Tunnel2endConfigure the TLS for VLAN subinterface for UTI on a 10700 Router
This example applies a UTI tunnel to a Fast Ethernet port interface on a Cisco 10700 router so that all 802.1Q VLAN traffic is encapsulated in the UTI tunnel.
Router1(config)#interface FastEthernet2/1.2Router1(config-if)#encapsulation dot1q 2Router1(config-if)#no ip addressRouter1(config)#interface FastEthernet2/1Router1(config-if)#no ip addressRouter1(config-if)#uti-tunnel Tunnel1Router2(config)#interface FastEthernet2/3.2Router2(config-if)#encapsulation dot1q 2Router2(config-if)#no ip addressRouter2(config)#interface FastEthernet2/3Router2(config-if)#no ip addressRouter2(config-if)#uti-tunnel Tunnel2endConfigure Routing
This example enables CEF and configures routing to provide the tunnel decapsulation point.
Router1(config-if)#ip cefRouter1(config-if)#ip route 8.8.8.8 255.255.255.255 pos1/0Router2(config-if)#ip cefRouter2(config-if)#ip route 7.7.7.7 255.255.255.255 pos2/0endConfiguration Examples for 12000 Series Internet Routers
Define the Loopback Address
This example defines the loopback address to act as a reference for decapsulation.
Router1(config)#interface loopback1Router1(config-if)#ip address 7.7.7.7 255.255.255.255Router2(config)#interface loopback2Router2(config-if)#ip address 8.8.8.8 255.255.255.255endDefine the Tunnel
This example binds the tunnel to a physical interface, identifies the source and destination, and sets the tunnel in UTI.
Router1(config)#interface Tunnel1Router1(config-if)#ip unnumbered fastethernet 2/1Router1(config-if)#no ip directed-broadcastRouter1(config-if)#tunnel source Loopback1Router1(config-if)#tunnel destination 8.8.8.8Router1(config-if)#tunnel mode uti rawRouter1(config-if)#tunnel key 123456789Router1(config-if)#tunnel uti high-key 7654321Router1(config-if)#tunnel uti local-session 314Router1(config-if)#tunnel uti remote-session 159Router1(config-if)#tunnel tos 64Router1(config-if)#tunnel ttl 254Router1(config-if)#endRouter2(config)#interface Tunnel2Router2(config-if)#ip unnumbered fastethernet 2/1Router1(config-if)#no ip directed-broadcastRouter2(config-if)#tunnel source Loopback2Router2(config-if)#tunnel destination 7.7.7.7Router2(config-if)#tunnel mode uti rawRouter2(config-if)#tunnel key 123456789Router2(config-if)#tunnel uti high-key 7654321Router2(config-if)#tunnel uti local-session 159Router2(config-if)#tunnel uti remote-session 314Router2(config-if)#tunnel tos 64Router2(config-if)#tunnel ttl 254Router2(config-if)#endConfigure the Interface for UTI
This example changes the selected interface to UTI, binds it to the tunnel, and starts it.
Example for an Ethernet Interface
Router1(config)#interface FastEthernet3/0Router1(config-if)#no ip addressRouter1(config-if)#no ip directed-broadcastRouter1(config-if)#no ip mroute-cacheRouter1(config-if)#uti-tunnel Tunnel1Router1(config-if)#endRouter2(config)#interface FastEthernet1/0Router2(config-if)#no ip addressRouter2(config-if)#no ip directed-broadcastRouter2(config-if)#no ip mroute-cacheRouter2(config-if)#uti-tunnel Tunnel2Router2(config-if)#endExample for a Frame Relay Point-To-Point Subinterface
Router1(config)# interface POS 5/2Router1(config-if)# no ip addressRouter1(config-if)# encapsulation frame-relayRouter1(config-if)# no keepaliveRouter1(config-if)# clock source internalRouter1(config-if)# interface POS 5/2.1Router1(config-if)# no ip addressRouter1(config-if)# frame-relay interface dlci 31Router1(config-if)# uti-tunnel Tunnel1Router1(config-if)# endRouter2(config)# interface POS 4/2Router2(config-if)# no ip addressRouter2(config-if)# encapsulation frame-relayRouter2(config-if)# no keepaliveRouter2(config-if)# clock source internalRouter2(config-if)# interface POS 4/2.1Router2(config-if)# no ip addressRouter2(config-if)# frame-relay interface dlci 31Router2(config-if)# uti-tunnel Tunnel2Router2(config-if)# endExample for a UTI VLAN Point-To-Point Subinterface
Router1(config)# interface FastEthernet 7/1.200Router1(config-if)# no ip addressRouter1(config-if)# encapsulation dot1Q 3000Router1(config-if)# frame-relay interface dlci 31Router1(config-if)# endRouter2(config)# interface FastEthernet 8/1.000Router2(config-if)# no ip addressRouter2(config-if)# encapsulation frame-relayRouter2(config-if)# uti-tunnel Tunnel2Router2(config-if)# endConfigure Routing
This example enables CEF and configures routing to provide the tunnel decapsulation point.
Router1(config-if)#ip cefRouter1(config-if)#ip route 8.8.8.8 255.255.255.255 pos1/0Router1(config-if)#endRouter2(config-if)#ip cefRouter2(config-if)#ip route 7.7.7.7 255.255.255.255 pos2/0Router2(config-if)#endConfigure the Tunnel Card
This example configures the tunnel card s to perform the UTI processing.
Router1# configure terminalRouter1(config)# interface POS 6/0Router1(config-if)# no keepaliveRouter1(config-if)# no cdp enableRouter1(config-if)1# ip unnumberedRouter1(config-if)1# hw-module slot 6 mode serverRouter1(config-if)1# endRouter2# configure terminalRouter2(config)# interface POS 6/0Router2(config-if)# no keepaliveRouter2(config-if)# no cdp enableRouter2(config-if)1# ip unnumberedRouter2(config-if)1# hw-module slot 6 mode serverRouter2(config-if)1# endCommand Reference
This section documents new and modified commands. All other commands used with this feature are documented in the Cisco IOS Release 12.0 command reference publications.
•
hw-module slot <x> mode server
To identify the card in slot <x> as a tunnel card, use the hw-module slot <x> mode server command in interface configuration mode. To disable the card as a tunnel card, use the no form of this command.
hw-module slot <x> mode server
no hw-module slot <x> mode server
Syntax Description
Defaults
No default behavior or values.
Command Modes
Interface configuration
Command History
Usage Guidelines
This command identifies the card in slot <x> as a tunnel card. This is mandatory on the 12000 series Internet Routers.
Examples
The following example specifies the card in slot 2 as the tunnel card:
hw-module slot 2 mode servertunnel mode uti raw
To set the encapsulation mode for the tunnel interface, use the tunnel mode uti raw interface configuration command. To disable, use the no form of this command
tunnel mode uti raw
no tunnel mode
Syntax Description
Defaults
No default behavior or values.
Command Modes
Interface configuration
Command History
Examples
The following example sets the encapsulation mode of the tunnel to UTI:
tunnel mode uti rawtunnel uti high-key
To set the value of the most significant longword in the UTI key field, use the tunnel uti high-key command in interface configuration mode. To disable, use the no form of this command.
tunnel uti high-key value
no tunnel uti high-key
Syntax Description
Defaults
No default behavior or values.
Command Modes
Interface configuration
Command History
12.0(18)S
This command was introduced on Cisco 7000 and 12000 series routers.
12.0(19)SP
This command was introduced on Cisco 10720 Internet routers.
Usage Guidelines
This command sets the value of the most significant longword in the UTI key field. The value of the key field in the UTI packet is:
<tunnel key> + <tunnel uti high-key> * 2 ^ 32
The same key value is used in both directions, and the packet key value must match the received key value in order for the packet to be received.
Packets received on a configured tunnel that fail to match the tunnel key are counted. These mismatched packets may be the result of a misconfiguration, or may be the result of an overt attempt to incorrectly inject traffic into the tunnel output stream.
Examples
The following example sets the UTI high key value as 200:
tunnel uti high-key 200tunnel uti keepalive old
To enable the UTI keepalive functionality on one endpoint of a UTI tunnel configured between a Cisco 10720 Internet router and a Cisco 7000 series or Cisco 12000 series router, use the tunnel uti keepalive old command in interface configuration mode. To disable, use the no form of this command.
tunnel uti keepalive old
no tunnel uti keepalive old
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
Interface configuration
Command History
12.0(21)SP
This command was introduced on Cisco 10720 Internet routers and Cisco 7000 series and Cisco 12000 series routers.
Usage Guidelines
When you configure a UTI tunnel between a Cisco 10720 Internet router running IOS Release 12.0(21)SP and a Cisco 7000 series or Cisco 12000 series router, use the tunnel uti keepalive old command to ensure interoperability between routers.
You must first use the keepalive command on the interface at each endpoint of the tunnel in order for the tunnel uti keepalive old command to take effect.
Examples
The following example enables UTI keepalive on one endpoint of a UTI tunnel between a Cisco 10720 and a Cisco 7000 or Cisco 12000 series router:
keepalive 10 5tunnel uti keepalive oldtunnel uti local-session
To set the tunnel identifier used to map received UTI packets, use the tunnel uti local-session command in interface configuration mode. To disable, use the no form of this command.
tunnel uti local-session value
no tunnel uti local-session
Syntax Description
Defaults
No default behavior or values.
Command Modes
Interface configuration
Command History
12.0(18)S
This command was introduced on Cisco 7000 and 12000 series routers.
12.0(19)SP
This command was introduced on Cisco 10720 Internet routers.
Usage Guidelines
This command sets the tunnel identifier the router uses to map received UTI packets. This same value is entered in the remote router using the uti remote session command. The value 0 is reserved.
Examples
The following example sets the value of the UTI tunnel local identifier to 6:
tunnel uti local-session 6Related Commands
tunnel uti remote-session <value>
Sets the value used in the UTI header tunnel identifier field. This value must match tunnel local session value at the other end of the tunnel.
tunnel uti remote-session
To set the value used in the UTI header tunnel identifier field, use the tunnel uti remote-session command in interface configuration mode. To disable, use the no form of this command.
tunnel uti remote-session value
no tunnel uti remote-session
Syntax Description
Defaults
No default behavior or values.
Command Modes
Interface configuration
Command History
12.0(18)S
This command was introduced on Cisco 7000 and 12000 series routers.
12.0(19)SP
This command was introduced on Cisco 10720 Internet routers.
Usage Guidelines
This command sets the value used in the UTI header tunnel identifier field. It must match tunnel local session value at the other end of the tunnel. The value 0 is reserved.
Examples
The following example sets the UTI header tunnel identifier field to 6:
tunnel uti remote-session 6Related Commands
tunnel uti local-session value
Sets the tunnel identifier used to map received UTI packets.
uti-tunnel Tunnelnumber
To bind the physical interface to the logical UTI tunnel interface, use the uti-tunnel Tunnelnumber command in interface configuration mode. To disable, use the no form of this command.
uti-tunnel Tunnelnumber
no uti-tunnel Tunnelnumber
Syntax Description
Defaults
No default behavior or values.
Command Modes
Interface configuration
Command History
12.0(18)S
This command was introduced on Cisco 7000 and 12000 series routers.
12.0(19)SP
This command was introduced on Cisco 10720 Internet routers.
Usage Guidelines
This command sets an interface in UTI. An interface may be a physical interface or a subinterface.
Examples
The following example sets the interface in UTI:
uti-tunnel Tunnel6Glossary
ACL—Access Control List
ATM—Asynchronous Transfer Mode
BGP—Border Gateway Protocol
CAM—Content-Addressable Memory
CDP—Cisco Discovery Protocol
CEF—Cisco Express Forwarding
DLCI—Data-link Connection Identifier
FR—Frame Relay
GSR—Gigabit Switched Router: previous name for Cisco's 12000 series Internet Routers.
HDLC—High-Level Data Link Control
ICMP—Internet Control Message Protocol: an extension to the Internet Protocol (IP) that allows for the generation of error messages, test packets, and informational messages related to IP.
IP—Internet Protocol
ISIS—Intermediate System to Intermediate System. OSI link-state hierarchical routing protocol based on DECnet Phase V routing, whereby ISs (routers) exchange routing information based on a single metric to determine network topology.
LC—Line Card
LMI—Local Management Interface
MAC—Media Access Control: the lower sublayer of the OSI data link layer. The interface between a node's Logical Link Control and the network's physical layer.
MAC Address— The hardware address of a device connected to a shared network medium.
MIB—Management Information Base
MTU—Maximum Transmission Unit
OIR—Online Insertion and Removal
PIRC—Per Interface Rate Control
PLU—Packet Look Up: a stage in the PSA which performs a lookup on an IP address.
PoP—Post Processor: a stage in the PSA responsible for packet post-processing, such as building the packet buffer header for transmission over the fabric.
POS—Packet Over Sonet
PPP—Point to Point Protocol
pps—Packets per second
PreP—Pre-Processor: a stage in the PSA responsible for packet pre-processing, such as IP header validation.
PSA—Packet Switching ASIC: the ASIC on the performance OC-48 line card which does the "fast path" packet forwarding operations.
SONET—Synchronous Optical Network
TLU—Table Look Up: a stage in the PSA responsible for copying information to the PoP PHB and updating statistics.
TOS—Type Of Service byte of an IP header as it is defined in RFC 791.
TTL—Time To Live byte of an IP header as it is defined in RFC 791.
UTI—Universal Transport Interface
VPN—Virtual Private Network
