Table Of Contents
Cisco IOS Software Configuration for the Cisco 10720 Internet Router
PXF Accelerated Cisco Express Forwarding
CEF Per-Destination Load Balancing
Load-Balancing Algorithms for CEF Traffic
Subsecond Link Loss Detection on Gigabit Ethernet Interfaces
Fast EtherChannel and Gigabit EtherChannel
Dynamic Packet Transport—Spatial Reuse Protocol
Modular Quality of Service Command-Line Interface
PXF Accelerated Cisco Express Forwarding Switching for IPv6
IPv6 Provider Edge Router over MPLS—Cisco 6PE
PXF Accelerated IPv6 Provider Edge Router over MPLS
PXF Accelerated IPv6 Extended ACLs
PXF Accelerated IPv6 Quality of Service
PXF Accelerated IPv6 Multicast
Any Transport over MPLS—Ethernet over MPLS
Pseudowire Emulation Edge-to-Edge MIBs
BGP Multipath Load Sharing for Both eBGP and iBGP in an MPLS VPN
MPLS Embedded Management—LSP Ping/Traceroute and AToM VCCV
MPLS Label Distribution Protocol
MPLS Multi-VPN Routing and Forwarding Tables
MPLS Traffic Engineering Fast Reroute
MPLS Virtual Private Networks—RFC 2547
MPLS VPN—Carrier Supporting Carrier
MPLS VPN—Carrier Supporting Carrier—IPv4 BGP Label Distribution
MPLS VPN—Interautonomous Systems
MPLS VPN—Inter-AS—IPv4 BGP Label Distribution
Multicast-VPN—IP Multicast Support for MPLS VPNs
MPLS VPN Carrier Supporting Carrier over IP Tunnels
Layer 2 Tunneling Protocol Version 3
L2TPv3 Ethernet-to-VLAN Internetworking
Integrated Routing and Bridging
Bidirectional Forwarding Detection
Unicast Reverse Path Forwarding Feature
Control Plane Policing Feature
Restrictions for Cisco IOS Software Configuration on the Cisco 10720 Internet Router
Related Features and Technologies
Supported Standards, MIBs, and RFCs
Loading and Maintaining System Images
Upgrading the ROM Monitor Image
Configuring a CEF Load-Balancing Algorithm
Configuring a Fast Ethernet Interface
Configuring a Gigabit Ethernet Interface
Configuring an RPR-IEEE Interface
Configuring SRP Mode on a Packet-over-SONET or an RPR-IEEE Interface
Configuring RPR-IEEE Mode on an SRP Interface
Configuring Modular Quality of Service
Distribution of Remaining Bandwidth
MQC Bandwidth in Absolute Values
Single Rate 3-Color Marker for Traffic Policing
MQC Hierarchical Class Maps on the Cisco 10720 Internet Router
MQC Strict Priority Queue on the Cisco 10720 Internet Router
DiffServ Compliant Weighted Random Early Detection
Configuring Policy-Based Routing
Configuring 802.3x Flow Control
Configuring Unicast Reverse Path Forwarding
Configuring Control Plane Policing
Configuring an Ethernet Interface
Configuring a VLAN Subinterface
Testing Cable Problems on a Fast Ethernet Interface
Verifying a Fast Ethernet Interface
Verifying a Gigabit Ethernet Interface
Verifying an RPR-IEEE Interface
Verifying the DSCP Configuration in a Service Policy and Displaying Drop Statistics
Verifying Unicast Reverse Path Forwarding
Verifying Control Plane Policing
Monitoring and Maintaining the Router
ip verify unicast source reachable-via
show hardware access mac-address-table
test interfaces fastethernet tdr
upgrade rom-monitor invalidate
upgrade rom-monitor preference
Cisco IOS Software Configuration for the Cisco 10720 Internet Router
Part Number OL-8689-01 (Rev A0), April 8, 2008
Feature History
This feature module describes the Cisco IOS software configuration for the Cisco 10720 Internet router and includes the following sections:
•
Supported Standards, MIBs, and RFCs
•
Feature Overview
The Cisco 10720 Internet router is a high-performance Cisco IOS router that enables service providers to offer next-generation business class IP services in edge-specific customer-facing networks. The Cisco 10720 Internet Router is a 2-rack unit (RU), 2-slot router.
One slot supports an optical or blank (console-only) uplink card. The following uplink cards are available:
•
–
–
–
–
•
The Dual Mode IEEE 802.17 RPR/SRP uplink card supports small form-factor pluggable (SFP) modules for its two OC-48c/STM-16c ports. The pluggable options are available in the following versions:
–
–
–
•
–
–
–
–
•
–
–
–
Gigabit Ethernet access is provided using SFP technology. The following optical interfaces options are supported:
–
–
–
The router provides IP services close to the user, enabling you to better control and monitor admission to network resources. The small form factor of the router allows easy deployment in central locations, such as office towers, business complexes, and telecommunications carrier central offices.
Based on the Cisco Parallel eXpress Forwarding (PXF) Toaster-based architecture, the Cisco 10720 Internet router is a cost-effective, reliable platform that allows advanced edge-focused Cisco IOS features to be introduced simply, efficiently, and without a compromise in performance.
You can use the AutoInstall feature to connect a new Cisco 10720 Internet router to the network, turn on the new router, and have it configured automatically from a preexisting configuration file on a TFTP server. The AutoInstall process begins any time a Cisco IOS software-based device is turned on and a valid configuration file is not found in nonvolatile random-access memory (NVRAM).
•
•
For information about how to configure and use the AutoInstall feature, refer to Using AutoInstall and Setup.
Note
Starting in Cisco IOS Release 12.0(27)S, you can increase the route processor (RP) memory in the router from 256 MB to 512 MB. Cisco IOS software running on a Cisco 10720 Internet router in which 512 MB of RP memory has been installed can then use up to 512 MB of memory. The increase in RP memory supports increasingly larger route tables and allows for more route table entries.
Note
•
•
For information about how to install the memory upgrade, refer to Cisco 10720 Internet Router Memory Replacement Instructions.
Supported Software Features
The software features described in this section are supported in Cisco IOS Release 12.0S on the Cisco 10720 Internet router.
PXF Accelerated Cisco Express Forwarding
Cisco Express Forwarding (CEF) is advanced Layer 3 IP switching technology. CEF optimizes network performance and scalability for networks with large and dynamic traffic patterns (such as the Internet) on networks characterized by intensive web-based applications or interactive sessions. Although you can use CEF in any part of a network, it is designed for high-performance, highly resilient Layer 3 IP backbone switching.
On the Cisco 10720 Internet router, CEF packet switching is enabled by default and is performed on IPv4 traffic by PXF using an accelerated fast-path. (For information about PXF-accelerated CEF switching of IPv6 traffic, see PXF Accelerated Cisco Express Forwarding Switching for IPv6.)
CEF Per-Destination Load Balancing
CEF load balancing is based on a combination of source and destination packet information; it allows you to optimize resources by distributing traffic over multiple paths. Load-balancing is performed on outbound interfaces
On the Cisco 10720 Internet router, per-destination load balancing is enabled by default with CEF. Per-destination load balancing allows the router to use multiple paths to achieve load sharing across multiple source-destination host pairs. Packets for a given source-destination host pair are guaranteed to take the same path, even if multiple paths are available. Traffic streams destined for different pairs tend to take different paths.
To use per-destination load balancing, you do not perform any additional tasks. Per-destination is the load balancing method of choice for most situations. Because per-destination load balancing depends on the statistical distribution of traffic, load sharing becomes more effective as the number of source-destination host pairs increases.
Per-destination load balancing ensures that packets for a given host pair arrive in order. All packets intended for a certain host pair are routed over the same link (or links).
Note
Load-Balancing Algorithms for CEF Traffic
The following load-balancing algorithms are supported for use with CEF traffic on the Cisco 10720 Internet router. To change the currently configured load-balancing algorithm, use the ip cef load-sharing algorithm command.
•
On the Cisco 10720 Internet router, the original load-balancing algorithm is the default. Depending on your network environment, you can select the universal algorithm. (The tunnel algorithm is not supported on the Cisco 10720 Internet router.)
•
•
Note
For information about how to switch between the original and universal load-balancing algorithms, refer to the Configuring a Load-Balancing Scheme for CEF Traffic chapter in the Cisco IOS IP Switching Configuration Guide, Release 12.4 at:
http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080430ac3.html
Ethernet
•
•
On a Revision B 4-port Gigabit Ethernet 8-port 10/100BASE-TX access card, both MDI and MDI-X modes, and an autoconfiguration mode (see the "media-type" section), are supported.
•
•
•
•
•
Subsecond Link Loss Detection on Gigabit Ethernet Interfaces
In Cisco IOS Release 12.0(26)S and earlier, link loss on Gigabit Ethernet interfaces was detected by periodically polling the hardware at 1-second intervals. This method resulted in a latency of up to 1 second after a link loss occurred before the loss is detected and a Layer 3 notification is sent. Starting in Cisco IOS Release 12.0(27)S, the subsecond link loss detection feature for the Cisco 10720 Internet router is introduced, which detects a link loss using a hardware interrupt mechanism. This mechanism allows Layer 3 to detect the loss within 50 ms or less from the time a link goes down.
Fast EtherChannel and Gigabit EtherChannel
The EtherChannel feature allows multiple Fast Ethernet and Gigabit Ethernet point-to-point links to be bundled into one logical link to provide bidirectional bandwidth of up to 800 Mbps. On the Cisco 10720 Internet router, the EtherChannel feature is supported on both Fast Ethernet (FE) and Gigabit Ethernet (GE) ports:
•
•
EtherChannel is implemented on the Cisco 10720 Internet Router as follows:
•
•
•
•
•
•
•
•
Note
To determine if the traffic is well-balanced, use the show interface command and, in the command output, compare the output rate and number of packets and bytes in the output on all operational physical links of the channel bundle.•
For more information about how to configure and use the EtherChannel feature, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios111/ca111/fechan.htm.
Dynamic Packet Transport—Spatial Reuse Protocol
The following Spatial Reuse Protocol (SRP) features are supported on Dynamic Packet Transport (DPT) uplink cards used in the Cisco 10720 Internet Router. For information about how to configure and use DPT/SRP features, refer to the Spatial Reuse Protocol document at:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/
srpapsgs.htm.
Note
•
•
•
•
•
•
•
•
•
•
•
•
Note
SRP—Layer 3 Fast Notification
Starting in Cisco IOS Release 12.0(27)S, the SRP—Layer 3 Fast Notification feature is supported on the Cisco 10720 Internet router. This feature enables faster convergence of Layer 3 routing protocols in case of SRP ring events that cause nodes to be dropped from the ring topology.
In Cisco IOS Release 12.0(26)S and earlier releases, a node failure in an SRP ring causes ring wrap to occur around the failed node. Traffic flow from other nodes in the ring to the failed node continues, even if there is an alternative path, until the Internal Gateway Protocol (IGP) reconverges. The traffic is interrupted for seconds because the SRP node failure is transparent to Layer 3 protocols and IP convergence takes the normal time based on routing updates.
With the Layer 3 Fast Notification feature, changes in the topology map of an SRP ring are reported immediately to Layer 3 protocols. The Layer 3 hello and routing update timers are bypassed, resulting in Layer 3 subsecond convergence.
On the Cisco 10720 Internet Router, the SRP—Layer 3 Fast Notification feature applies only to the Open Shortest Path First (OSPF) or Intermediate System-to-Intermediate System (IS-IS) routing protocols.
Also, when the Single Ring Recovery (SRR) protocol is enabled, faster convergence of Layer 3 routing protocols does not occur. The SRR protocol enables an SRP ring to preserve full node connectivity in the event of multiple failures on one of its two counter-rotating rings while the other is failure free. In all other cases, the SRP ring maintains the standard SRP intelligent protection switching (IPS) behavior.
Resilient Packet Ring
Starting in Cisco IOS Release 12.0(29)S, the IEEE 802.17 Resilient Packet Ring (802.17 RPR) protocol is supported on the Cisco 10720 Internet router. 802.17 RPR is a metropolitan area network (MAN) technology that supports data transfer between stations interconnected in a dual-ring configuration. It is an independent protocol with many similarities to SRP, but offers a much larger domain of configurability and control. RPR uses a new interface that is maintained across all platforms to ensure consistency between solutions.
The Cisco 10720 Internet router supports the following RPR features:
•
Wrapping is a ring protection mode in which the two stations on either end of a failed span react by wrapping traffic back onto the opposite ringlet to reach the destination. 802.17 RPR wrapping is similar in behavior to SRP wrapping.
In steering protection mode, stations that detect a failed span notify all other stations in the ring. Each individual station is then responsible for "steering" traffic away from the failed span to reach the destination. Steering requires that every station determines the location of the failure to avoid the failed span. Compared to wrapping protection mode, steering can be slower to converge in large topologies.
•
Relaxed mode does not flush (drop) traffic in case of a protection event, such as a fiber failure. As a result, there is less traffic loss but a slight possibility of re-ordering packets during a node recovery. Relaxed mode is the default traffic mode. Strict mode flushes traffic after a topology change, such as a protection event, until the topology stabilizes.
In case of a topology change caused by a ring failure:
–
–
You configure the traffic mode as relaxed or strict on a per-router basis. Topology stability is determined using the settings of the Topology Checksum and Context Containment features of the 802.17 RPR protocol.
•
Fairness ensures proper partitioning of opportunistic traffic. Weighted fairness allows a weighted fair access to available ring capacity and operates in two modes:
–
–
•
Aggressive rate adjustment reacts very quickly to changes in bandwidth use, resulting in optimal bandwidth use during a congestion condition on the ring. However, small fluctuations of bandwidth in very bursty traffic situations may occur.
An alternative method used to adjust the fairness rate on an RPR interface is conservative mode, which ramps up in stages (over a few hundred milliseconds) when bandwidth is available and ramps down in stages (over a few hundred milliseconds) when congestion occurs. Compared to aggressive rate adjustment, conservative mode results in slower ramping and in slightly lower bandwidth utilization, but is more applicable in very bursty traffic scenarios.
•
Class A marks the highest-priority and lowest-latency traffic, is not subject to fairness controls, and is divided into Reserved and High priority traffic queues. Class C marks the lowest priority traffic using secondary queues, and is subject to fairness controls.
•
Jumbo MTU mode provides an operating MTU of 9100 bytes to each station on the ring.
Starting in Cisco IOS Release 12.0(30)S, the regular MTU of 1500 bytes is supported as the default MTU size.
•
Starting in Cisco IOS Release 12.0(30)S, you can generate a report for traffic congestion events on the ring by using the show rpr-ieee fairness history command. This command reports the congestion status for a station over ninety-six time intervals of 15 minutes each (24 hours).
•
•
The Operation, Administration, and Maintenance (OAM) echo feature for 802.17 RPR functions as a test feature for ring connectivity. Use the 802.17 echo feature to debug and resolve Layer 2 issues. The ping rpr-ieee echo command is similar to a ping command.
For information about how to configure and use RPR features, refer to IEEE 802.17 Resilient Packet Ring Feature Guide at: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/
rprs wg.htmPacket-over-SONET
On the Cisco 10720 2-port OC-48c/STM-16c POS/SRP uplink card, standard Cisco IOS Packet-over-SONET, Point-to-Point Protocol (PPP), and High-Level Data Link Control (HDLC) commands are supported.
The 2-port OC-48c/STM-16c POS/SRP uplink card allows you to use the Cisco 10720 Internet router to:
•
•
•
For detailed information about the POS commands supported on Packet-over-SONET interfaces on the Cisco 10720, refer to the relevant sections of the following documents:
•
http://www.cisco.com/univercd/cc/td/doc/product/core/cis7300/linecard/oc_12379/3438cnf.htm•
http://www.cisco.com/warp/public/127/POS/posclocking_16181.html•
http://cco/warp/public/127/aps_routing_16142.html•
http://cco/warp/public/127/refl_chan_16143.htmlFor information about using HDLC and PPP commands on Packet-over-SONET interfaces on the Cisco 10720 Internet router, refer to Configuring a Synchronous Serial Interface at:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/finter_c/
icfserin.htm#xtocid7.Internet Protocol
The Internet Protocol (IP) is a packet-based protocol used to exchange data, voice, and video traffic over digital networks. IP handles addressing, fragmentation, reassembly, and protocol demultiplexing. It is the foundation on which all other IP protocols (collectively referred to as the IP Protocol suite) are built. As a network-layer protocol, IP contains addressing and control information that allows data packets to be routed.
The Cisco 10720 Internet router supports the following IP features:
•
–
–
•
–
•
•
•
•
•
Modular Quality of Service Command-Line Interface
The Cisco 10720 Internet router supports the modular QoS command-line interface (MQC) to create traffic polices and attach these polices to interfaces. A traffic policy contains a traffic class and one or more QoS features. A traffic class is used to classify traffic, while the QoS features in the traffic policy determine how to treat the classified traffic.
The following MQC features are implemented on the Cisco 10720 Internet router:
•
–
–
–
•
•
•
•
–
•
–
•
•
•
•
NetFlow
NetFlow provides highly granular per-flow traffic statistics in a Cisco router. A flow is a unidirectional set of packets that are received on the same subinterface. The packets have the same source and destination IP addresses, Layer 4 protocol, TCP/UDP source and destination ports, and the same type of service (TOS) byte in the IP headers. The router accumulates NetFlow statistics in a NetFlow cache and can export them to an external device (such as the Cisco CNS NetFlow Collection Engine) for further processing.
Sampled NetFlow
The Cisco 10720 Internet router supports Sampled NetFlow through Cisco IOS Release 12.0(28)S.
Sampled NetFlow allows you to sample one from a specified number of IP packets being forwarded to an interface. Sampled packets are accounted for in the NetFlow flow cache of the router. Sampling packets substantially decreases the CPU utilization needed to account for NetFlow packets by allowing the majority of the packets to be switched faster because they do not require additional NetFlow processing. For information about how to configure and use Sampled NetFlow, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/
120s11/12s_sanf.htm.The Sampled NetFlow implementation on the Cisco 10720 Internet router includes the following additional features:
•
•
•
Note
The snf_feed_back and snf counters may have different values if the PXF RP queue is congested. In this case, the snf value should be equal to or less than the snf_feed_back value because some sampled packets are dropped from the PXF RP queue. The snf value should never be greater than the snf_feed_back value.Changing to Random Sampling Method
Starting in Cisco IOS Release 12.0(29)S, the NetFlow sampling method supported on the Cisco 10720 Internet router has changed from deterministic (used in Sampled NetFlow) to random sampling without any changes in the configuration commands. You use the same configuration procedure that you use to configure Sampled NetFlow.
Random sampling gathers NetFlow data for a subset of traffic in a Cisco router by processing only one randomly selected packet from n sequential packets, where n is a user-configurable parameter. Packets are sampled as they arrive (before any NetFlow cache entries are made for those packets). Statistical traffic sampling substantially reduces consumption of router resources (especially CPU resources) while providing valuable NetFlow data.
The capability to sample packets was first provided using deterministic sampling by the Sampled NetFlow feature. Deterministic sampling selects every nth packet for NetFlow processing on a per-interface basis. For example, if you set the sampling rate to 1 out of 100 packets, then Sampled NetFlow samples the first, 101st, 201st, 301st, and so on packets. Because Sampled NetFlow does not allow random sampling, statistics can be inaccurate when traffic arrives in fixed patterns. Random Sampled NetFlow is more statistically accurate than Sampled NetFlow.
Note
nfstatsa.htm
IP Version 6 Support
IPv6, formerly called IPng (next generation), is the latest version of IP. IPv6 offers many benefits, such as a larger address space over the previous version of IP (Version 4).
On the Cisco 10720 Internet router, most IPv6 features forward packets through the route processor (through the CPU), instead of using the Parallel eXpress Forwarding (PXF) processor for fast-path switching (packet and route processing) as IPv4 features do. Only the following IPv6 features use PXF for accelerated fast-path forwarding:
•
•
•
•
•
For information about how to configure and use these IPv6 software features on the Cisco 10720 Internet router, refer to the Cisco documents at:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ipv6/
index.htm.For information about all IPv6 features supported in the 12.0 S Cisco IOS software train, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ipv6/
ftipv6s.htm.The Cisco 10720 Internet router supports the following IPv6 features:
•
•
–
–
–
–
–
–
–
–
–
–
–
–
The eACL feature extends the standard IPv6 ACL functionality to support—in addition to traffic filtering based on source and destination addresses—filtering of traffic based on IPv6 option headers, flow label, and optional, upper-layer protocol type of information for finer granularity of control (functionality similar to extended ACLs in IPv4). IPv6 ACLs are defined by using the ipv6 access-list command in global configuration mode; permit and deny conditions in an ACL are defined by using the permit and deny commands in IPv6 access list configuration mode. (Configuring the ipv6 access-list command places the router in IPv6 access list configuration mode, from which permit and deny conditions can be set for the defined IPv6 ACL.)
For more information about IPv6 extended access control lists, refer to: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ipv6/
ftipv6o.htm#1029667.–
–
–
•
–
–
–
–
–
–
•
–
–
–
–
–
–
–
–
PXF Accelerated Cisco Express Forwarding Switching for IPv6
On the Cisco 10720 Internet router, Cisco Express Forwarding Switching for IPv6 is performed by PXF using an accelerated fast-path for the following types of IPv6 packets:
•
•
•
•
All of these IPv6 packet types that match an eACL entry are also switched by PXF using the accelerated fast-path. However, all other IPv6 packets are managed by the CPU using the route processor path, including:
•
•
•
•
For more information about how to use CEF, refer to: http://www.cisco.com/univercd/cc/td/doc/product/software/ios112/ios112p/gsr/cef.htm
IPv6 Provider Edge Router over MPLS—Cisco 6PE
The Cisco 6PE feature allows service providers running an MPLS/IPv4 infrastructure to offer IPv6 services on an MPLS network. A Cisco 6PE-enabled backbone allows IPv6 domains to communicate with each other over an MPLS IPv4 core network. A Cisco 6PE implementation requires no backbone infrastructure upgrades and no reconfiguration of core routers, because forwarding is based on labels rather than on the IP header.
Additionally, the inherent Virtual Private Network (VPN) and traffic engineering (TE) services available within an MPLS environment allow IPv6 networks to be combined into VPNs or extranets over an infrastructure that supports IPv4 VPNs and MPLS-TE.
The provider edge (PE) routers at each end of the MPLS network must be IPv6-enabled. A PE router applies an appropriate label for the address in the packet to reach the other side of the MPLS backbone. This function is similar to tunneling because it allows IPv6 traffic to be transported over MPLS without the routers in the backbone being aware of the IPv6 traffic. An MPLS packet enters and exits the MPLS network on different routers, and each router must be IPv6- and 6PE-enabled.
On the Cisco 10720 Internet router, the IPv6 Provider Edge Router over MPLS feature is performed by PXF using an accelerated fast-path. For more information about the Cisco 6PE feature, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ipv6/
ftipv6o.htm#1026998.PXF Accelerated IPv6 Provider Edge Router over MPLS
The IPv6 Provider Edge Router over MPLS—Cisco 6PE feature is performed with the fast-path forwarding provided by PXF.
PXF Accelerated IPv6 Extended ACLs
The Extended Access Control List (eACL) feature for IPv6 is also performed on the Cisco 10720 Internet router using the fast-path forwarding provided by PXF.
Note
PXF Accelerated IPv6 Quality of Service
Quality-of-service (QoS) features, including packet classification, queuing, traffic shaping, WRED, class-based packet marking, and policing of IPv6 packets, are supported in IPv6 environments using PXF for accelerated fast-path forwarding.
All of the QoS features available for IPv6 environments are managed from the modular QoS command-line interface. The MQC allows you to define IPv6 traffic classes, create and configure traffic policies (policy maps) for IPv6 traffic, and then attach those traffic policies to interfaces.
For packet classification, the match protocol {ip | ipv6} command is introduced to classify IPv6 packets for QoS policies. For more information, see match protocol.
For information about how to configure QoS policies in IPv6 environments, refer to Implementing QoS for IPv6 for Cisco IOS Software.
For documentation on MQC configuration commands and tasks, and for general information on how to use the MQC, refer to Modular Quality of Service Command-Line Interface and Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.3.
PXF Accelerated IPv6 Multicast
IPv6 multicast allows a host to send one data stream to a subset of all hosts (group transmission) simultaneously, instead of only to one host (unicast transmission) or to all hosts (broadcast transmission).
To enable IPv6 multicast routing, you must:
•
•
On the Cisco 10720 Internet router, PXF-accelerated IPv6 multicast forwarding is supported on the following modules:
•
•
•
•
•
Note
The following multicast protocols are supported to implement PXF-accelerated IPv6 multicast routing:
•
•
Note
Multiprotocol Label Switching
Service providers have adopted different technologies for different applications and services such as voice, video, business-critical data services, and Internet access. Although service providers have been successful in building single-service networks, Multiprotocol Label Switching (MPLS) is positioned as a technology to converge and integrate applications over a single network and to scale existing backbones.
Multiprotocol label switching (MPLS) combines the performance and capabilities of Layer 2 (data link layer) switching with the proven scalability of Layer 3 (network layer) routing. MPLS efficiently enables the delivery of IP services. MPLS supports the creation of different routes between a source and a destination on a purely router-based Internet backbone.
For information about how to configure and use MPLS label switching, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21
/fs_rtr.htm.The Cisco 10720 Internet router supports the following MPLS features:
•
•
•
•
•
•
•
•
•
•
•
•
•
Any Transport over MPLS—Ethernet over MPLS
The Ethernet over MPLS (EoMPLS) feature works by encapsulating Ethernet protocol data units (PDUs) in MPLS packets and forwarding them across the MPLS network. Each PDU is transported as one packet.
You can configure Ethernet over MPLS in one of two ways:
•
The Cisco 10720 Internet router also supports the VLAN ID Rewrite feature for EoMPLS connections. This feature allows you to use VLAN interfaces with different VLAN IDs at either end of the MPLS backbone.
•
The EoMPLS feature is part of the Any Transport over MPLS (AToM) product set. For more information about Ethernet over MPLS, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s25/
atom25s.htm#1038827.Starting in Cisco IOS Release 12.0(25)S, the Cisco 10720 Internet router supports the AToM EoMPLS Tunnel Selection feature. This feature allows you to specify the path that EoMPLS traffic takes. You can specify either an MPLS TE tunnel or destination IP address and DNS name. You also have the option of specifying whether the VCs should use the default path (the path LDP used for signaling) if the preferred path is unreachable. For information about how to configure and use the Tunnel Selection feature in an EoMPLS configuration, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s25/
atom25s.htm#1130490.Pseudowire Emulation Edge-to-Edge MIBs
On the Cisco 10720 Internet router, the Pseudowire Emulation Edge-to-Edge (PWE3) MIBs provide Simple Network Management Protocol (SNMP) support within an Any Transport over Multiprotocol Label Switching (AToM) infrastructure emulating Ethernet services over packet switched networks (PSNs). The supported PWE3 MIBs include the CISCO-IETF-PW-MIB (PW-MIB), the CISCO-IETF-PW-MPLS-MIB (PW-MPLS-MIB), and the CISCO-IETF-PW-ENET-MIB (PW-ENET-MIB).
Note
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s31/gspwe31s.htm
BGP Multipath Load Sharing for Both eBGP and iBGP in an MPLS VPN
The BGP Multipath Load Sharing for eBGP and iBGP feature allows you to configure multipath load balancing with both external BGP (eBGP) and internal BGP (iBGP) paths in Border Gateway Protocol (BGP) networks that are configured to use MPLS VPNs. This feature provides improved load balancing deployment and service offering capabilities and is useful for multihomed autonomous systems and Provider Edge (PE) routers that import both eBGP and iBGP paths from multihomed and stub networks.
For information about how to configure and use BGP Multipath Load Sharing for eBGP and iBGP in an MPLS VPN, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s24/
s_eibmpl.htm.MPLS Embedded Management—LSP Ping/Traceroute and AToM VCCV
To manage an MPLS network, you must be able to monitor label switched paths (LSPs) and quickly isolate an MPLS forwarding problem. The MPLS Embedded Management—LSP Ping/Traceroute and AToM VCCV feature can detect when an LSP fails to deliver user traffic by providing the following MPLS Operation, Administration, and Maintenance (OAM) tools:
•
•
•
MPLS LSP Ping/Traceroute and PWE3 VCCV use MPLS echo request and reply packets to test LSPs. The Cisco implementation of MPLS echo request and echo reply are based on the Internet Engineering Task Force (IETF) Internet-Draft Detecting MPLS Data Plane Failures (draft-ietf-mpls-lsp-ping-03.txt).
For more information about how to configure and use these MPLS OAM tools, refer to Cisco MPLS Embedded Management-LSP Ping/Traceroute and PWE3 VCCV at:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s27/gslsppt.htm.MPLS Label Distribution Protocol
The Cisco MPLS label distribution protocol (LDP), as standardized by the Internet Engineering Task Force (IETF) and as enabled by Cisco IOS software, allows the construction of highly scalable and flexible IP networks that support multiple levels of service. LDP provides a standard methodology for hop-by-hop, or dynamic label, distribution in an MPLS network by assigning labels to routes that are chosen by the underlying Interior Gateway Protocol (IGP) routing protocols.
For information about how to use MPLS LDP, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s23/
fsldp23.htm.MPLS Multi-VPN Routing and Forwarding Tables
Multi-VPN Routing and Forwarding (VRF) tables for customer edge (CE) routers extend limited provider edge (PE) router functionality to a CE router in an MPLS-VPN model. A CE router can then maintain separate VRF tables to extend the privacy and security of an MPLS-VPN down to a branch office rather than just at the PE router node.
For detailed information about the Multi-VRF feature for CE routers, refer to:
http://www.cisco.com/warp/public/cc/pd/rt/2600/prodlit/1575_pp.htm.MPLS Quality of Service
The MPLS Quality of Service (QoS) feature allows the service provider to set the MPLS experimental field instead of overwriting the value in the customer IP precedence field. The IP header remains available for the customer to use; the QoS of the IP packet is not changed as the packet travels through the MPLS network.
When a customer transmits IP packets from one site to another, the IP precedence field (the first three bits of the differentiated services code point [DSCP] field in the header of an IP packet) specifies the quality of service. Based on the IP precedence marking, the packet is given the desired treatment, such as the latency or the percent of bandwidth allowed for that quality of service. If the service provider network is an MPLS network, then the IP precedence bits are copied into the MPLS experimental (EXP) field at the edge of the network. However, the service provider might want to set the quality of service of an MPLS packet to a different value determined by the service offering.
For more detailed information about MPLS QoS enhancements, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s22/
fsqosen.htm.MPLS Static Labels
Label-switching routers (LSRs) dynamically learn the labels they should use to label-switch packets by means of label distribution protocols, including:
•
•
•
To use a learned label to label-switch packets, an LSR installs the label into its label-forwarding information base (LFIB).
The MPLS Static Labels feature provides the means to statically configure the following items:
•
•
For information about how to use the MPLS Static Labels feature, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s23/
fs_stlab.htm.MPLS Traffic Engineering
MPLS traffic engineering (TE) software enables an MPLS backbone to replicate and expand upon the traffic engineering capabilities of Layer 2 ATM and Frame Relay networks. MPLS is an integration of Layer 2 and Layer 3 technologies. By making traditional Layer 2 features available to Layer 3, MPLS enables traffic engineering. A one-tier MPLS network can then offer the traffic engineering achieved only by overlaying a Layer 3 network on a Layer 2 network.
Traffic engineering is essential for service provider and Internet service provider (ISP) backbones. Such backbones must support a high use of transmission capacity, and the networks must be resilient to withstand link and node failures.
In the Cisco 10720 Internet router, MPLS traffic engineering is supported on the following interfaces:
•
•
•
Note
The Cisco 10720 Internet router also supports a new version of the IS-IS routing protocol that includes extensions for MPLS traffic engineering. These extensions enable IS-IS to carry different kinds of information for traffic engineering.
For more information about MPLS traffic engineering and IS-IS extensions for MPLS traffic engineering, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s23/
fs23te.htm.MPLS Traffic Engineering Fast Reroute
The MPLS Traffic Engineering Fast Reroute (FRR) feature is supported on the Cisco 10720 2-port OC-48c/STM-16c POS/SRP uplink card in POS mode only. The Fast Reroute feature provides link protection to label-switched paths (LSPs).
Regular MPLS traffic engineering automatically establishes and maintains label-switched paths across the backbone using the Resource Reservation Protocol (RSVP). The path used by a given LSP at any time is based upon the LSP resource requirements and available network resources, such as bandwidth.
Available resources are flooded by means of extensions to a link-state-based Interior Gateway Protocol (IGP), such as IS-IS or OSPF.
Paths for LSPs are calculated at the LSP head end. Under failure conditions, the head end determines a new route for the LSP. Recovery at the head end provides for the optimal use of resources. However, because of messaging delays, the head end cannot recover as fast as possible by making a repair at the point of failure.
By providing link protection to LSPs, the Fast Reroute feature enables all traffic carried by LSPs that traverse a failed link to be rerouted around the failure. The reroute decision is completely controlled locally by the router interfacing the failed link. The head end of the tunnel is also notified of the link failure through the IGP or through RSVP; the head end then attempts to establish a new LSP that bypasses the failure.
For more information about the MPLS FRR feature, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s24/
fsfrr24.htm.MPLS Virtual Private Networks—RFC 2547
The IP Virtual Private Network (VPN) feature for Multiprotocol Label Switching (MPLS) allows a Cisco IOS network to deploy scalable IPv4 Layer 3 VPN backbone services. An IP VPN is the foundation that companies use for deploying or administering value-added services, including applications and data-hosting network commerce, and telephony services to business customers.
For information about setting up an MPLS VPN, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s23/
fsvpn23.htm.MPLS VPN—Carrier Supporting Carrier
The MPLS VPN Carrier Supporting Carrier (CsC) feature enables one MPLS VPN-based service provider to allow other service providers to use a segment of its backbone network.
The MPLS VPN CsC feature with IPv4 BGP label distribution allows you to configure your carrier-supporting-carrier network to enable Border Gateway Protocol (BGP) to transport routes and Multiprotocol Label Switching (MPLS) labels between the backbone carrier provider edge (PE) routers and the customer carrier customer edge (CE) routers. Previously, you had to use Label Distribution Protocol (LDP) to carry the labels and an Interior Gateway Protocol (IGP) to carry the routes between PE and CE routers to achieve the same goal.
For more information about using the Carrier Supporting Carrier feature with IPv4 BGP label distribution, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s24/
fscsc24.htm.MPLS VPN—Carrier Supporting Carrier—IPv4 BGP Label Distribution
The MPLS VPN—Carrier Supporting Carrier—IPv4 BGP Label Distribution feature allows you to configure your carrier-supporting-carrier network to enable the Border Gateway Protocol (BGP) to transport routes and MPLS labels between the backbone carrier provider edge (PE) routers and the customer carrier customer edge (CE) routers. Previously, you had to use Label Distribution Protocol (LDP) to carry the labels and an Interior Gateway Protocol (IGP) to carry the routes between PE and CE routers to achieve the same goal.
Using BGP to distribute IPv4 routes and MPLS label routes provides the following benefits:
•
•
This feature is an extension of the Carrier Supporting Carrier feature, introduced in Cisco IOS Release 12.0(14)ST, which was based on LDP.
For more information about configuring and using the Carrier Supporting Carrier feature with IPv4 BGP label distribution, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s24/
fscscl24.htm.MPLS VPN—Interautonomous Systems
The MPLS VPN—Interautonomous System (Inter-AS) Support feature allows a Multiprotocol Label Switching Virtual Private Network (MPLS VPN) to span multiple VPN service providers and autonomous systems (ASs) in different geographic areas.
Separate autonomous systems from different service providers can communicate by exchanging IPv4 Network Layer Reachability Information (NLRI) in the form of VPN-IPv4 addresses. The border edge routers of the autonomous systems use eBGP to exchange that information. Then, an Interior Gateway Protocol (IGP) distributes the network layer information for VPN-IPv4 prefixes throughout each VPN and each autonomous system.
An MPLS VPN with interautonomous system support allows a service provider to provide customers with scalable Layer 3 VPN services, such as web hosting, application hosting, interactive learning, electronic commerce, and telephony service. A VPN service provider supplies a secure IP-based network that shares resources on one or more physical networks.
For information about MPLS VPN Inter-Autonomous System support, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s24/
fsias24.htm.MPLS VPN—Inter-AS—IPv4 BGP Label Distribution
The MPLS VPN—Inter-AS—IPv4 BGP Label Distribution feature allows you to set up a VPN service provider network so that the autonomous system boundary routers (ASBRs) exchange IPv4 routes with MPLS labels of the provider edge (PE) routers. Route reflectors (RRs) exchange VPNv4 routes by using multihop, multiprotocol, external Border Gateway Protocol (eBGP). This configuration saves the ASBRs from having to store all the VPNv4 routes. Using the route reflectors to store the VPNv4 routes and forward them to the PE routers results in improved scalability.
The MPLS VPN—Inter-AS—IPv4 BGP Label Distribution feature has the following benefits:
•
This configuration scales better than other configurations where the ASBR holds all the VPNv4 routes and forwards the routes based on VPNv4 labels. With this configuration, route reflectors hold the VPNv4 routes, which simplifies the configuration at the border of the network.
•
You can transport IPv4 routes with MPLS labels over a non-MPLS VPN service provider.
•
If two adjacent label switch routers (LSRs) are also BGP peers, BGP can handle the distribution of the MPLS labels. No other label distribution protocol is needed between the two LSRs.
For information about how to configure and use the MPLS VPN Interautonomous Systems feature with IPv4 BGP Label Distribution, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s24/
fsiasl24.htm.Multicast-VPN—IP Multicast Support for MPLS VPNs
The Multicast-VPN (MVPN)—IP Multicast Support for MPLS VPNs feature allows a service provider to configure and support multicast traffic in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment. This feature supports routing and forwarding of multicast packets for each individual VPN routing and forwarding (VRF) instance, and provides a mechanism to transport VPN multicast packets across the service provider backbone.
The Multicast-VPN feature on the Cisco 10720 Internet router provides the ability to support the multicast feature over a Layer 3 VPN. As enterprises extend the reach of their multicast applications, service providers can accommodate these enterprises over their MPLS core network. IP multicast is used to stream video, voice, and data to an MPLS VPN network core.
For more information about configuring and using MVPN, refer to Multicast-VPN—IP Multicast Support for MPLS VPNs at: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122s/122snwft/release/122s14/fs_mvpn.htm.
On the Cisco 10720 Internet router, MVPN is implemented as follows:
•
•
•
–
–
–
MPLS VPNs over IP Tunnels
The MPLS VPNs over IP Tunnels feature introduces the capability to deploy Layer 3 Virtual Private Network (VPN) services, as proposed in RFC 2547, BGP/MPLS VPNs, over an IP core network using L2TPv3 multipoint tunneling instead of Multiprotocol Label Switching (MPLS). This feature allows L2TPv3 tunnels to be configured as multipoint tunnels to transport IP VPN services across the core IP network. Because multipoint tunnels support multiple endpoints, only one tunnel must be configured on each Provider Edge (PE) router. This feature also introduces a simple packet validation mechanism to enforce VPN integrity.
For more information about configuring and using the MPLS VPNs over IP Tunnels feature, refer to: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s30/csgl3vpn.htm.
Starting in Cisco IOS Release 12.0(32)S, MPLS VPNs over IP Tunnels is implemented on the Cisco 10720 Internet Router in PXF as follows:
•
•
•
•
Only the Interautonomous Systems—Back-to-Back VRF feature is supported. The MPLS VPN—Interautonomous Systems Support (using a shared Inter-AS interface and shared protocol without VRFs for each customer) and MPLS VPN Inter-AS—IPv4 BGP Label Distribution implementations are not supported.
•
Starting in Cisco IOS Release 12.0(32)SY, the Carrier Supporting Carrier feature is supported in an MPLS VPNs over IP Tunnels configuration on the Cisco 10720 Internet router (see the "MPLS VPN Carrier Supporting Carrier over IP Tunnels" section).
•
•
•
–
To override the default propagation of the IP precedence or DSCP value and reconfigure the ToS byte value in the tunnel header of L2TPv3-tunneled packets, use the tunnel tos tos-byte command on an L2TPv3 multipoint tunnel interface in interface configuration mode. For more information, refer to the Tunnel Type of Service (ToS) feature module at: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s17/12s_tos.htm.
The set ip precedence tunnel and set ip dscp tunnel commands are supported in policy-map configuration mode. You can use these commands to override the ToS byte value configured for the L2TPv3 tunnel header with the tunnel tos tos-byte command. For examples of how to use these commands to configure tunnel marking, refer to the Layer 2 Tunnel Protocol Version 3 feature module at: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s31/l2tpv31s.htm
–
•
•
•
•
•
–
–
MPLS VPN Carrier Supporting Carrier over IP Tunnels
On a Cisco 10720 Internet router configured for the MPLS VPNs over IP Tunnels feature, you can configure the Carrier Supporting Carrier (CsC) feature on a Gigabit Ethernet or Fast Ethernet customer-facing interface. The router must be deployed as a PE router in a core network.
Note
The MPLS VPN Carrier Supporting Carrier over IP Tunnels feature enables one MPLS VPNs over IP Tunnel-based service provider to allow other service providers to use a segment of its backbone network.
•
•
The backbone carrier benefits in the following ways:
•
•
When configured on a customer-facing 10720 interface, the MPLS VPN—Carrier Supporting Carrier feature supports only customer-carrier VPNs that are configured as an MPLS VPN over IP Tunnels network.
For information about configuring a backbone carrier for the Carrier Supporting Carrier feature to allow other service providers to use a segment of its backbone network, refer to:
•
•
Universal Transport Interface
•
•
•
For more information about UTI, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s18/uti.htm.
Note
Layer 2 Tunneling Protocol Version 3
The Layer 2 Tunneling Protocol version 3 (L2TPv3) is an Internet Engineering Task Force (IETF) l2tpext working group draft that provides several enhancements to the Layer 2 Tunneling Protocol (RFC2661) for the capability to tunnel any Layer 2 (L2) payload over L2TP. Specifically, L2TPv3 defines the L2TP protocol for tunneling L2 payloads over an IP core network using Layer 2 Virtual Private Networks (L2VPNs).
L2TPv3 signaling performs the following tasks:
•
•
•
L2TPv3 is also used to deliver hello messages and circuit status messages reliably. These messages are critical to support circuit interworking, such as the Local Management Interface (LMI), and to monitor the remote circuit status.
L2TPv3 consists of two parts:
•
•
L2TPv3 provides Xconnect (Layer 2 tunneling with a pseudowire over IP) and Layer 2 VPN (PE-to-PE router service using Xconnect) support for Ethernet, 802.1Q VLAN, Frame Relay, HDLC, and PPP L2 circuits, including both static (UTI-like) and dynamic (using the new L2TPv3 signaling) forwarded sessions.
Although Universal Transport Interface (UTI) features have been implemented on the Cisco 10720 Internet Router, the UTI protocol lacks the signaling capability and standards support necessary for large-scale commercial service. To answer the need for a standard way to provide large-scale VPN connectivity over an IP core network, migration from UTI to L2TPv3 is introduced in Cisco IOS Release 12.0(23)S.
For information about how to configure and use L2TPv3 on the Cisco 10720 Internet router, refer to:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s25/
l2tpv325.htmStarting in Cisco IOS Release 12.0(24)S, the Cisco 10720 Internet router supports the following L2TPv3 features:
In Cisco IOS Release 12.0(26)S, support for L2TPv3 Ethernet-to-VLAN Internetworking is added.
In Cisco IOS Release 12.0(32)SY, support for L2TPv3 Layer 2 Fragmentation is added.
Path MTU Discovery
The Path MTU Discovery feature allows you to use the ip pmtu command to enable the discovery of the maximum transmission unit (MTU) of an L2TPv3 path. All packets (except IS-IS) that are sent in an L2TPv3 tunneling session having a size larger than the path maximum transmission unit (PMTU) of the session are dropped. If an IP packet is dropped, an Internet Control Message Protocol (ICMP) unreachable message is sent back to the originator of the packet.
When the Path MTU Discovery feature is enabled, if you do not set the Don't Fragment (DF) bit in the session IP header with the ip dfbit set command, all IP packets sent into the session have their DF bit reflected from the inner IP header to the session IP header.
In an L2TPv3 session, the destination of encapsulated packets in the provider edge (PE) network is the decapsulation router. To avoid congestion caused by the reassembly of fragments at the decapsulation router, you can use the ip dfbit set command to enable the DF bit on the encapsulating IP header. The DF bit results in packets being dropped in the provider network if the packet size exceeds the maximum transmission unit (MTU).
IS-IS Packet Fragmentation
The fragmentation of Intermediate System-to-Intermediate System (IS-IS) packets occurs in an L2TPv3 session if the size of the IS-IS packet exceeds the configured MTU of the L2TPv3 tunnel. IS-IS protocol packet fragmentation is supported only for dynamic L2TPv3 sessions.
IS-IS is an OSI link-state hierarchical routing protocol based on DECnet Phase V routing, whereby intermediate systems (routers) exchange routing information based on a single metric to determine network topology.
IP ToS Reflection
The IP Type of Service (ToS) Reflection feature allows you to use the ip tos command to set the ToS byte in the outer headers of L2TPv3 tunneled packets reflected from the inner IP header of the encapsulated packet.
Variable Cookie Size
The L2TPv3 header contains a control channel cookie field that is similar to the UTI control channel key field. However, on the Cisco 10720 Internet router, the control channel cookie field has a variable length of 0, 4, or 8 bytes for packet encapsulation to a remote PE router. The Cisco 10720 Internet router supports only an 8-byte cookie locally for packet decapsulation.
You can manually configure the control channel cookie length for static sessions using the l2tp cookie remote command, or allow it to be dynamically determined for dynamic sessions.
L2TPv3 Ethernet-to-VLAN Internetworking
Layer 2 transport over MPLS and L2TPv3 already exist on the Cisco 10720 Internet router for like-to-like attachment circuits, such as Ethernet-to-Ethernet. L2VPN Interworking builds on this functionality by allowing disparate attachment circuits to be connected. An interworking function facilitates the translation between different Layer 2 encapsulations.
On the Cisco 10720 Internet router, you can configure L2TPv3 interworking for an Ethernet port or an 802.1Q VLAN subinterface on the following Ethernet access cards:
•
•
•
As a result, traffic coming from the L2TPv3 tunnel toward a customer edge (CE) router conforms to the following frame formats:
•
•
When L2TPv3 interworking is:
•
•
•
The following example shows how to enable L2VPN interworking on the end point of an L2TPv3 tunnel. You can use the same command on the other end of the L2TPv3 tunnel to enable the feature end-to-end.
Router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)# pseudowire-class oneRouter(config-pw-class)# interworking ethernetFor information about configuring and using L2VPN interworking on the Cisco 10720 Internet Router, refer to: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/
120s26/fsinterw.htm.L2TPv3 Layer 2 Fragmentation
Starting in Cisco IOS Release 12.0(32)SY, the L2TPv3 Layer 2 fragmentation feature is supported in an L2TPv3 pseudowire configuration. You can enable this feature to fragment IP traffic received from a CE router before the data enters the pseudowire, forcing the computationally expensive reassembly to occur in the CE network rather than in the service provider network.
The number of fragments that must be generated is determined based on the discovered pseudowire path MTU. To enable the fast discovery of the path MTU for an L2TPv3 pseudowire:
1.
2.
3.
On the Cisco 10720 Internet router, after you enter the ip pmtu command, the ip dfbit set command is automatically enabled to set the Don't Fragment (DF) bit in the outer Layer 2 packet headers so that (for performance reasons) tunneled packets are not reassembled on the decapsulation router. As a result, no fragmentation and reassembly is performed by the Cisco 10720 Internet router on packets received from a CE network.
Note
For complete information about configuring the L2TPv3 pseudowire and using Layer 2 fragmentation, refer to Layer 2 Tunnel Protocol Version 3.
Integrated Routing and Bridging
On the Cisco 10720 Internet router, the integrated routing and bridging (IRB) feature is supported on the Fast Ethernet interfaces of the 4-port Gigabit Ethernet 8-port 10/100BASE-TX access card.
Your network might require you to bridge local traffic within several segments and have hosts on the bridged segments reach the hosts on the Cisco 10720 Internet router on a routed network. For example, if you plan to migrate bridged topologies into routed topologies, you might start by connecting some of the bridged segments to the routed networks.
Using IRB, you can route a given protocol between routed Fast Ethernet interfaces and bridge groups within one 4-port Gigabit Ethernet 8-port 10/100BASE-TX access card. Specifically, local or unroutable traffic is bridged among the bridged interfaces in the same bridge group, while routable traffic is routed to other routed interfaces or bridge groups.
Because bridging is in the data link layer and routing is in the network layer, they have different protocol configuration models. With IP, for example, bridge group interfaces belong to the same network and have a collective IP network address. In contrast, each routed interface represents a distinct network and has its own IP network address. Integrated routing and bridging uses the concept of a Bridge Group Virtual Interface (BVI) to enable these interfaces to exchange packets for a given protocol.
A BVI is a virtual interface on a Fast Ethernet interface of the 4-port Gigabit Ethernet 8-port 10/100BASE-TX access card that acts like a normal routed interface. A BVI does not support bridging, but represents the corresponding bridge group to routed interfaces within the access card. The Fast Ethernet interface number is the link between the BVI and the bridge group.
Note
On the Cisco 10720 Internet router, IRB is implemented on Fast Ethernet interfaces of the 4-port Gigabit Ethernet 8-port 10/100BASE-TX access card as follows:
•
•
•
•
•
–
–
—Although a Fast Ethernet port does not support VLAN subinterfaces, VLAN configuration commands are not blocked.
—If an 802.1q-tagged frame is received, the frame is not dropped, but forwarded according to the source MAC address in the hardware address table in the 4-port Gigabit Ethernet 8-port 10/100BASE-TX access card.
—802.1q frames cannot be routed to other bridge groups or any routed interface (Fast Ethernet, SRP, Gigabit Ethernet, and so on).
•
–
–
•
–
–
For information about configuring IRB, refer to the prerequisites and configuration procedures in the "Configuring IRB" chapter at: http://www.cisco.com/univercd/cc/td/doc/product/ong/15400/r40docs/454ios40/irb.htm.
For information about using individual bridging commands on the Cisco 10720 Internet router, refer to the Transparent Bridging Commands document at: http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/ibm_r/brprt1/br1dtb.htm.
Note
High Availability
Bidirectional Forwarding Detection
Bidirectional Forwarding Detection (BFD) is a detection protocol that provides fast forwarding path failure detection times for all media types, encapsulations, topologies, and routing protocols. In addition to fast forwarding path failure detection, BFD provides a consistent failure detection method for network administrators.
Because the network administrator can use BFD to detect forwarding path failures at a uniform rate (rather than the variable rates for different routing protocol hello mechanisms), network profiling and planning is easier, and reconvergence time is consistent and predictable. For information about how to configure and use BFD, refer to Bidirectional Forwarding Detection at: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122limit/122sx/12218sxe/fs_bfd.htm.
On the Cisco 10720 Internet router, BFD is implemented as follows:
•
•
•
•
•
•
•
When BFD tries to set up the connection between routing protocols and establish a 101st session between a Cisco 10720 Internet router and adjacent routers, the following error message appears:
00:01:24: %OSPF-5-ADJCHG: Process 100, Nbr 5.22.32.73 on RPR-IEEE1/1 from LOADING to FULL, Loading Done00:01:24: %BFD-5-SESSIONLIMIT: Attempt to exceed session limit of 100 neighbors.The Cisco 10720 Internet router does not support the following BFD features:
•
•
•
Cisco Globally Resilient IP
Cisco Globally Resilient IP (GRIP) is a portfolio of technologies in Cisco IOS software that enables network-wide resilience to increase IP network availability. Network application traffic must cross different segments from the enterprise backbone, enterprise edge, and service provider (SP) edge through the SP core. All segments must be resilient enough to recover quickly from faults and to prevent faults from affecting user activities and network applications. A fault anywhere in the network can result in termination, interruption, or violation of Service Level Agreements (SLAs) for business-critical applications.
With Cisco Globally Resilient IP, network hardware and software work together and enable rapid recovery from disruptions to ensure fault transparency to users and network applications. The GRIP features offered on existing Cisco IOS platforms include:
•
•
•
•
•
Cisco Nonstop Forwarding
Cisco Nonstop Forwarding (NSF) works with the Stateful Switchover (SSO) feature in Cisco IOS software to minimize the amount of time a network is unavailable to its users following a switchover. The main objective of Cisco NSF is to continue forwarding IP packets following a route processor (RP) switchover.
Usually, when a networking device restarts, all routing peers of that device detect that the device went down and then came back up. This transition results in a routing flap, which could spread across multiple routing domains. Routing flaps caused by routing restarts create routing instabilities, which are detrimental to the overall network performance.
Cisco NSF:
•
•
•
For more information about configuring Cisco NSF, refer to: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s22/
nsf120s.htm.Security Features
This section describes Cisco IOS security features supported on the Cisco 10720 Internet router. These security features can protect your network against degradation or failure and also against data loss or compromise resulting from intentional attacks and from unintended but damaging mistakes by well-meaning network users.
For more information about how to configure and use a security feature, refer to Cisco IOS Security Configuration Guide, Release 12.3.
Traffic Filtering
Cisco implements traffic filters with access control lists (also called access lists). Access lists determine what traffic is blocked and what traffic is forwarded at router interfaces. Cisco provides both basic and advanced access list capabilities.
•
You should configure ACLs for all routed network protocols (IP, Ethernet, and so on) to filter the packets of those protocols as the packets pass through a Cisco 10720 Internet router. You can configure an ACL to control access to a network: access lists can prevent certain traffic from entering or exiting a network. For detailed information, refer to Access Control Lists: Overview and Guidelines in the Cisco IOS Security Configuration Guide, Release 12.3.
On the Cisco 10720 Internet router, the ACL feature is implemented as follows:
–
–
–
–
For IPv4, you create an access list and access conditions using the access-list command as described in the "Filtering IP Packets Using Access Lists" section in Configuring IP Services.
For IPv6, you use the ipv6 access-list command with the deny and permit keywords in global configuration mode. For more information, refer to the "IPv6 Access Control Lists" section in IPv6 for Cisco IOS Software.
ACL logging is not recommended, especially when used for filtering high-volume traffic, for the following reasons:
–
–
For information on the basic filtering capabilities of ACLs, refer to Access Control Lists: Overview and Guidelines
•
The Turbo Access Control Lists (Turbo ACL) feature processes access lists more expediently, providing faster functionality for routers equipped with the feature. For more information, refer to Turbo Access Control Lists.
IP Receive ACL Feature
The IP Receive ACL feature provides basic filtering capability for traffic that is destined for the Router Processor (RP) on the Cisco 10720 Internet router. The router can protect high-priority routing protocol traffic from an attack because the filtering occurs after any input access control list (ACL) on the ingress interface.
You can implement the IP Receive ACL feature in a security solution to protect a router from remote intrusions. Access to the router can be restricted to known, trusted sources and expected traffic profiles. For more information about how to configure and use this feature, refer to IP Receive ACL.
Note that on the Cisco 10720 Internet router:
•
•
•
Because ICMP ping replies are implemented in PXF (not in the Route Processor as on other platforms), you must configure ICMP filtering separately on each 10720 input interface (not on the RP interface).
Unicast Reverse Path Forwarding Feature
The Unicast Reverse Path Forwarding (uRPF) feature helps reduce problems caused by the introduction of malformed or forged (spoofed) IP source addresses into a network by discarding IP packets that lack a verifiable IP source address. For example, a number of common types of denial-of-service (DoS) attacks, including Smurf and Tribe Flood Network (TFN), can take advantage of forged or rapidly changing source IP addresses to allow attackers to thwart efforts to locate or filter the attacks. For Internet service providers (ISPs) that provide public access, Unicast RPF deflects such attacks by forwarding only packets that have source addresses that are valid and consistent with the IP routing table. This action protects the network of the ISP, its customer, and the rest of the Internet.
The Cisco 10720 Internet router supports two Unicast RPF checking modes:
•
•
Note
For more information about this feature, refer to Configuring Unicast Reverse Path Forwarding in the Cisco IOS Security Configuration Guide, Release 12.3.
Control Plane Policing Feature
The Control Plane Policing feature allows users to configure a quality of service (QoS) filter that manages the traffic flow of control plane packets to protect the control plane of Cisco IOS routers and switches against reconnaissance and denial-of-service (DoS) attacks. In this way, the control plane (CP) can help maintain packet forwarding and protocol states despite an attack or heavy traffic load on the router or switch.
On the Cisco 10720 Internet router, control plane policing is implemented on Cisco Parallel eXpress Forwarding (PXF), a hardware-based central switch engine that can filter traffic at a higher rate than the route processor. PXF switches all data traffic separately from the route processor.
PXF packet processing occurs at an intermediate step between the nondistributed access and uplink cards and route processor. PXF punts certain types of packets (such as unknown Layer 2 encapsulation and packets with IP options) to the RP for further processing at interrupt level. For more information about this feature, refer to Control Plane Policing.
ACL IP Options Selective Drop
You can configure enhanced RP protection on a Cisco 10720 Internet router by using the ip option drop command to drop IPv4 packets with IP options that are punted to the RP by PXF. Tunneled IPv4 packets and IPv4 packets with an unsupported encapsulation method are not dropped.
On the Cisco 10720 Internet router, the ip option ignore command is not supported. Only drop mode (ip option drop) is supported. Drop mode drops all packets with IP options that are received on PXF and prevents options from being transmitted deeper into the network. Ignore mode treats packets as though they do not have IP options and does not remove options from a packet; it only ignores the options. For more information, refer to ACL IP Options Selective Drop.
Cisco Networking Services
Cisco Networking Services (CNS) is a foundation technology for linking users to network services. CNS Software Developers Kit (SDK) accomplishes this linking by making applications network-aware and increasing the intelligence of the network elements. CNS SDK provides building blocks to a range of customers in market segments such as enterprise, service provider, independent software vendors, and system integrators.
CNS Configuration Agent
The CNS Configuration Agent feature supports initial configurations, incremental configurations, and synchronized configuration updates for Cisco IOS software-based routing devices.
CNS Event Agent
The CNS Event Agent is part of the Cisco IOS software infrastructure that allows Cisco IOS software applications to publish and subscribe to events on a CNS event bus. CNS Event Agent works in conjunction with the CNS Configuration Agent feature.
Service Assurance Agent
The Cisco Service Assurance Agent (SAA), formerly known as Response Time Reporter (RTR), is a Cisco IOS technology that allows users to monitor network performance between a Cisco router and a remote device (another Cisco router, an IP Host, or an MVS host). SAA provides important performance information that allows network administrators to do service-level monitoring, troubleshooting, and resource planning.
For more information about how to use Cisco SAA to monitor and troubleshoot network performance, refer to Cisco Service Assurance Agent User Guide at: http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/saaug_ai.htm
Restrictions for Cisco IOS Software Configuration on the Cisco 10720 Internet Router
MAC Address
You can only change the Media Access Control (MAC) address on the uplink card. The Cisco 10720 Internet Router does not support a user-configurable MAC address on Fast Ethernet interfaces.
boot system TFTP Command
The boot system TFTP command is not supported on the Cisco 10720 Internet Router because there is no available out-of-band Ethernet interface.
boot system flash Command
Use the boot system flash command instead of the boot system flash command to load a Cisco IOS image used at startup.
The Cisco 10720 Internet Router has a single flash memory device that contains both the bootflash and flash partitions. To look for and load the downloaded Cisco IOS image in the flash partition, use the boot system flash: command. Because the boot system flash command looks for the factory-installed Cisco IOS image in the bootflash partition, the command is disabled and has no effect.
Number of Queues Supported
The total number of user queues, including the default queue, supported on any Cisco 10720 Internet router interface is eight. The maximum number of user queues supported on an Ethernet subinterface is eight.
CEF Load-Balancing Algorithm
On the Cisco 10720 Internet router, the tunnel algorithm is not supported; only the original (10720-specific) and universal load-balancing algorithms are supported.
MQC Quality-of-Service Policies
The following restrictions apply to the MQC implementation on the Cisco 10720 Internet router:
•
•
•
•
•
•
•
•
•
Starting in Cisco IOS Release 12.0(25)S, the Cisco 10720 Internet router supports a 3-color marker that consists of the following configuration settings: committed information rate (CIR), committed burst size (CBS), excess burst size (EBS), conform action, exceed action, and violate action.
As a result, when you boot a Cisco 10720 Internet router running Cisco IOS Release 12.0(25)S with a startup configuration based on CAR, the police command is automatically converted into the 3-color functionality. The following changes occur:
–
–
Customers who upgrade a Cisco 10720 Internet router from Cisco IOS Release 12.0(24)S or earlier to Cisco IOS Release 12.0(25)S or later releases should be aware of the change in police command operation. For more information, see the "police" section.
•
–
–
However, if you do not apply a quality-of-service policy to outgoing traffic on an interface, outgoing packets are processed in this way:
–
–
•
Starting in Cisco IOS Release 12.0(26)S, when the Cisco 10720 Internet router supports the match class-map command, the following restrictions apply:
–
–
–
•
You cannot use the shape command in a strict priority queue; you cannot configure strict priority using the priority command on a shaped queue.
•
–
–
–
–
–
Note
- IPv6 packets with the PAK_PRIORITY flag are sent to the control queue.
- All other IPv6 packets are sent to the default queue.Number of VLANs Supported
The maximum number of VLANs supported on each access card is as follows:
•
•
L2TPv3 Restrictions
The following restrictions apply to the L2TPv3 implementation on the Cisco 10720 Internet router:
•
•
•
•
•
•
•
The following L2TPv3 features are not supported on the Cisco 10720 Internet router in Cisco IOS Release 12.0(23)S and earlier releases:
•
Fast EtherChannel and Gigabit EtherChannel
On the port-channel interface of a Fast or Gigabit EtherChannel bundle, UTI, L2TPv3, and EoMPLS tunneling are not supported.
Packet-over-SONET crc Command
On the Cisco 10720 Internet router, only a 32-bit word size is supported for the Cyclic Redundancy Check setting configured with the crc command.
MPLS Traffic Engineering
The Cisco 10720 Internet router does not support the forwarding of traffic into tunnels established with MPLS traffic engineering using policy-based routing (PBR) in Cisco IOS Release 12.0(23)S and earlier versions.
PXF Accelerated IPv6 on the Cisco 10720 Internet Router
Starting in Cisco IOS Release 12.0(26)S, CEF switching for IPv6 is performed in the accelerated fast path using PXF. However, PXF forwards only the following types of IPv6 packets:
•
•
•
•
•
All other IPv6 packets are processed by the CPU using the route processor path, including:
•
•
•
•
PXF Accelerated IPv6 Multicast
Large Turbo ACLs and QoS policy maps that need to be split to be processed by PXF are not supported with IPv6 multicast packets.
SRP—Layer 3 Fast Notification
•
•
IP Receive ACL
•
•
•
Unicast Reverse Path Forwarding
•
•
•
Control Plane Policing
The Control Plane Policing feature requires the modular QoS command-line interface (CLI) (MQC) to configure packet classification and policing. Restrictions that apply to MQC Quality-of-Service Policies also apply to control plane policing.
In the input service policy (policy map) applied for control plane policing:
•
•
–
–
When using these commands for control plane policing, note the following restrictions:
–
–
IPv6 source and destination addresses
Layer 2 class of service (CoS)
IPv6 routing header flag
IPv6 undetermined transport flag
IPv6 flow label
IP Real-Time transport Protocol (RTP)
Note
•
ACL IP Options Selective Drop
On the Cisco 10720 Internet router, the ip option ignore command is not supported. Only drop mode (the ip option drop command) is supported.
Bidirectional Forwarding Detection
On the Cisco 10720 Internet router, Bidirectional Forwarding Detection is not supported on POS interfaces.
Named ACLs
On the Cisco 10720 Internet router, the QoS classification using Named ACLs is not supported. Numbered ACLs can be used in place of Named ACLs for QoS classification.
Related Features and Technologies
•
•
•
Related Documents
•
This document provides a summary of the commands used to configure routers.
•
Presents hardware installation and basic configuration procedures for the Cisco 10720 Internet router.
•
Contains instructions for installing and configuring the Ethernet access card on the Cisco 10720 Internet router.
•
Contains instructions for installing and configuring the OC-48/STM-16c DPT and OC-48/STM-16c POS uplink cards and the console/auxiliary card on the Cisco 10720 Internet router.
•
Describes how to configure quality-of-service (QoS) policies using the modular quality-of-service command-line interface (Modular QoS CLI).
•
Provides information about QoS commands used to configure quality of service, a measure of performance for a transmission system that reflects its transmission quality and service availability.
•
Provides QoS configuration information and examples. Cisco IOS Quality of Service Solutions Configuration Guide, Release 12.3 (known as a virtual configuration guide) consists of the Cisco IOS Release 12.2 configuration guide and new-feature documentation for Cisco IOS Release 12.2 T.
•
Provides a summary of the commands used to configure routers.
•
Provides information about:
–
–
–
•
Describes how to perform the following tasks:
–
–
•
Provides information about configuring Cisco IOS security features on your Cisco networking devices. These security features can protect your network against degradation or failure and also against data loss or compromise resulting from intentional attacks and from unintended but damaging mistakes by well-meaning network users.
The following tasks are described:
–
–
–
•
Describes the commands used to configure Cisco IOS security features for Cisco networking devices, including contains commands used to configure authentication, authorization, and accounting (AAA) and Unicast Reverse Path Forwarding (uRPF).
•
Provides network troubleshooting information about the problems encountered in the field in a format that is easy to apply.
Addresses the network or system administrator who maintains Cisco routers and access servers running Cisco IOS software, and provides information about using debug commands to troubleshoot Cisco network servers. This manual is most effective when used with Internetwork Troubleshooting Handbook.
•
Describes Cisco IOS system error messages. The system software sends these error messages to the console (and, optionally, to a logging server on another system) during operation.
•
Describes the Cisco Systems private, or local, Management Information Base (MIB) for the Cisco Internetwork Operating System (Cisco IOS). The Cisco MIB is provided with all Cisco software releases and with CiscoWorks router management software. The MIB file contains variables that can be set or read to provide information on network devices and interfaces.
Supported Standards, MIBs, and RFCs
Standards
No new or modified standards are supported by the Cisco 10720 Internet router.
MIBs
The following additional MIBs are supported on the Cisco 10720 Internet router:
•
•
•
•
•
•
For descriptions of supported MIBs, refer to the Cisco MIB website on Cisco.com at: ftp://ftp.cisco.com/pub/mibs/v2/.
RFCs
No new or modified RFCs are supported by the Cisco 10720 Internet router.
Technical Assistance
The Technical Assistance Center (TAC) home page contains 30,000 pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content: http://www.cisco.com/public/support/tac/home.shtml
Prerequisites
None required.
Configuration Tasks
Configuration tasks for the Cisco 10720 Internet router are presented in the following sections. Each task in the list is identified as either optional or required.
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
For information on other commands that can be used by the uplink and access cards, see the Cisco IOS Release 12.0(18)ST configuration guides.
Note
Loading and Maintaining System Images
System images contain the Cisco IOS software. The Cisco 10720 Internet router already has an image on it when you receive it. However, you may want to load a different image onto the router at some point. This task is optional. For example, you may want to upgrade your software to the latest release, or use the same version of the software for all the routers in a network.
Different system images contain different sets of Cisco IOS features. To determine which version (release number) of Cisco IOS is currently running on your system and the filename of the system image, use the show version command in privileged EXEC mode. For example, Version 12.0 indicates Cisco IOS Release 12.0, and c10700-p-mz.120.18.ST indicates the system image for a Cisco 10720 Internet Router containing the feature set.
When loading and maintaining images on the Cisco 10720 Internet Router, be aware of the following:
•
•
For a description loading and maintaining system images, refer to the "File Management" chapter of Cisco IOS Release 12.0 Configuration Fundamentals Configuration Guide.
Types of Images
The following are the two main types of image your router may use:
•
Use the show file systems EXEC command to determine which file systems the router supports. Refer to the Cisco 10720 Internet Router Installation Configuration Guide for information about where these images are located by default.
•
For a complete description of the system image commands, see the "System Image and Microcode Commands" section in Cisco IOS Release 12.0 Configuration Fundamentals Command Reference.
Upgrading the ROM Monitor Image
The read-only memory (ROM) monitor is the first software to be run on the Cisco 10720 Internet Router upon system power up or restart. ROM executes the hardware power-on test and then either automatically boots a system image or presents the user with a command-driven user interface. From the command-line interface of the ROM monitor, you can manually load a Cisco IOS software image.
The ROM monitor (ROMMON) image on the Cisco 10720 Internet Router is field upgradeable. The ROMMON image is stored in a boot area that is divided into four regions, as follows:
•
•
•
Note
To upgrade the ROMMON image, use the following commands:
Use the show rom-monitor command to verify the ROMMON image upgrade. If there is an error after upgrading a ROMMON image to a specific region, the region appears as invalid in the show command output. If the upgrade is successful, after the Cisco IOS image is started, the region appears as approved, preferred to show that the new image is selected as the preferred image to use and is the image that is currently running.
Upgrading the Gold ROM Monitor Image
If you have field-upgraded the route processor (RP) memory on a Cisco 10720 Internet Router from 256 MB to 512 MB, as described in the Cisco 10720 Internet Router Memory Replacement Instructions, you may also need to upgrade the gold ROMMON image. A prerequisite for upgrading the gold ROMMON image is that the Cisco 10720 Internet Router is running Cisco IOS Release 12.0(28)S or later.
You do not have to upgrade the gold ROMMON image if:
•
•
Before you upgrade the ROMMON image stored in the gold region, you must first:
1.
2.
3.
FPGA version 4 is a prerequisite for upgrading the ROM monitor image in the gold storage region. To verify the version of FPGA installed on a Cisco 10720 Internet Router, enter the show diags command. The FPGA version appears following Main FPGA ver: as follows:
•
•
To upgrade to FPGA version 4, follow these steps:
1.
If you need to load a new system image, refer to the "File Management" chapter in the Cisco IOS Release 12.0 Configuration Fundamentals Configuration Guide.
2.
Router# upgrade hw-module slot 0Upgrade takes about 40 secs, don't power off. Process? [confirm]Finish main FPGA programmingUpgrade succeeds, reload system to take effect.3.
After you upgrade the main FPGA to version 4 and verify that the Cisco 10720 Internet Router is running Cisco IOS Release 12.0(28)S or later and the active ROMMON image is in region F1 or F2, upgrade the gold ROMMON image by using the following commands:
Configuring a CEF Load-Balancing Algorithm
The Cisco 10720 Internet router is set to perform load balancing with the original algorithm by default. To configure the universal algorithm (or to switch back to the original algorithm), use the following commands:
Configuring a Fast Ethernet Interface
To create a basic configuration, enable a Fast Ethernet interface, and specify IP routing, follow these steps. This task is required. You can also enter other configuration commands, depending on the requirements of your routing configuration. For descriptions of configuration commands and the configuration options available, refer to the appropriate software publications listed in the "Related Documents" section.
A Cisco 10720 Internet router identifies a Fast Ethernet interface address by its card slot number and port number, in the format slot/port. For example, the slot/port address of a Fast Ethernet interface on a 24-port Ethernet access card installed in line card slot 2 and port 1 is 2/1.
To configure a Fast Ethernet interface, use the following commands:
Configuring a Gigabit Ethernet Interface
To create a basic configuration, enable a Gigabit Ethernet interface, and specify IP routing, follow these steps. This task is required. You can also enter other configuration commands, depending on the requirements of your routing configuration. For descriptions of configuration commands and the configuration options available, refer to the appropriate software publications listed in the "Related Documents" section.
A Cisco 10720 Internet Router identifies a Gigabit Ethernet interface address by its card slot number and port number, in the format slot/port. For example, the slot/port address of a Gigabit Ethernet interface on a 4-port Gigabit Ethernet 8-port 10/100 Ethernet TX access card installed in line card slot 2 and port 2 is 2/2.
To configure a Gigabit Ethernet interface, use the following commands:
Configuring an SRP Interface
To create a basic configuration, enable an SRP interface, and specify IP routing, follow these steps. This task is required. You can also enter other configuration commands, depending on the requirements of your system configuration, as described in the software publications listed in the "Related Documents" section.
For descriptions of SRP configuration commands and the configuration options available, refer to the Spatial Reuse Protocol document at: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/
srpapsgs.htmA Cisco 10720 Internet router identifies an SRP interface address by its line card slot number and port number, in the format slot/port. For example, the slot/port address of an SRP interface on an uplink card installed in line card slot 1 and port 1 is 1/1.
There are two physical OC-48c/STM-16 SRP ports (Side A and Side B) on the uplink card. They behave as one SRP interface and share one IP address.
To configure an SRP interface, use the following commands:
Configuring an RPR-IEEE Interface
To create a basic configuration, enable an RPR-IEEE interface, and specify IP routing, follow these steps. This task is required. You can also enter other configuration commands, depending on the requirements of your system configuration, as described in the software publications listed in the "Related Documents" section.
For descriptions of RPR-IEEE configuration commands and the configuration options available, refer to IEEE 802.17 Resilient Packet Ring Feature Guide at: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/
rprswg.htmA Cisco 10720 Internet router identifies an RPR-IEEE interface address by its line card slot number and port number, in the format slot/port. For example, the slot/port address of an RPR-IEEE interface on an uplink card installed in line card slot 1 and port 1 is 1/1.
There are two physical OC-48c/STM-16 RPR-IEEE ports (Span East and Span West) on the uplink card. They behave as one RPR-IEEE interface and share one IP address.
To configure an RPR-IEEE interface, use the following commands:
Configuring SRP Mode on a Packet-over-SONET or an RPR-IEEE Interface
The Versatile Optical Interface (VOI) allows you to change the interfaces on a 2-port OC-48/STM-16c POS/SRP uplink card from Packet-over-SONET (POS)/SDH to Spatial Reuse Protocol (SRP) mode.
Starting in Cisco IOS Release 12.0(29)S, you can also change the interfaces on a Dual Mode IEEE 802.17 RPR/SRP uplink card from Resilient Packet Ring (RPR)-IEEE to SRP mode.
SRP is the underlying technology used in the Cisco DPT line cards and is supported on the 2-port OC-48/STM-16c POS/SRP and Dual Mode IEEE 802.17 RPR/SRP uplink cards.
You can then interwork Cisco 10720 SRP interfaces with OC-48c/STM-16c DPT/SRP line cards in Cisco 12000 series Internet routers. Configuring SRP mode on a POS interface is an optional task.
To change a POS or RPR-IEEE interface on an uplink card to SRP mode, use the following commands:
For information about how to configure and use SRP in a dual-resilient ring configuration, refer to Spatial Reuse Protocol Feature Guide at http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/
srpapsgs.htm.Configuring RPR-IEEE Mode on an SRP Interface
You can change the interfaces on a Dual Mode IEEE 802.17 RPR/SRP uplink card from SRP to Resilient Packet Ring (RPR)-IEEE mode.
IEEE 802.17 RPR is a high-speed MAC-layer protocol that is optimized for packet transmission in resilient ring topologies. RPR employs a ring structure using unidirectional, counter-rotating ringlets. Each ringlet is made up of links with data flow in the same direction.
You can interwork Cisco 10720 RPR interfaces with other networking devices in an RPR ring and use enhanced RPR options for data classification, protection, and fairness. Configuring RPR mode on an SRP interface is an optional task.
To change an SRP interface to RPR-IEEE mode, use the following commands:
For information about how to configure and use RPR-IEEE mode in a dual-resilient ring configuration, refer to IEEE 802.17 Resilient Packet Ring Feature Guide at http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/
rprswg.htm.Changing an SRP MAC Address
The MAC address on an SRP interface is related to the IP address. The address of the uplink card in the router is slot 1/port 1.
This task is optional. The SRP interface is identified by its unique MAC address. The MAC address can be changed on the uplink card. The Burnt-in Address (BIA) is labeled on the chassis.
To change an SRP MAC address, use the following commands:
Configuring Modular Quality of Service
The Quality of Service (QoS) feature allows you to specify a traffic class independent of QoS policies. You use the modular QoS command-line interface (MQC) to configure a QoS policy and apply it to an interface. Configuring an MQC policy is an optional task.
You must follow these basic steps to configure and apply a modular quality of service policy:
1.
2.
3.
You can configure and use supported QoS features on any Fast Ethernet, Gigabit Ethernet, SRP, or Packet-over-SONET interface on the Cisco 10720 Internet router.
When you configure a quality of service policy (using the policy-map command) and apply it to outgoing traffic on an interface (using the service-policy command), outgoing packets are processed as follows:
•
•
If you do not apply a quality-of-service policy to outgoing traffic on an interface, outgoing packets are processed in this way:
•
•
The Cisco 10720 Internet router supports a subset of MQC commands and implements a special MQC command for changing the SRP priority value for outgoing packets.
The Cisco 10720 Internet router does not support the following MQC commands:
•
•
•
•
Starting in Cisco IOS Release 12.0(24)S, the Cisco 10720 Internet router supports the following MQC features:
•
Starting in Cisco IOS Release 12.0(25)S, the Cisco 10720 Internet router supports additional MQC features:
•
•
Starting in Cisco IOS Release 12.0(26)S, the Cisco 10720 Internet router also supports the following MQC features:
•
•
Starting in Cisco IOS Release 12.0(27)S, the Cisco 10720 Internet router supports:
•
Starting in Cisco IOS Release 12.0(30)S, the Cisco 10720 Internet router supports all IPv4 QoS features in IPv6 environments, including packet classification, queuing, traffic shaping, WRED, class-based packet marking, and policing of IPv6 packets.
All of the QoS features available for IPv6 environments are managed from the modular QoS command-line interface. The MQC allows you to define IPv6 traffic classes, create and configure traffic policies (policy maps) for IPv6 traffic, and then attach those traffic policies to interfaces. Any class map or policy map you configure using MQC can be applied to IPv4 or IPv6 traffic.
Note
The following MQC class-map commands are now supported on the Cisco 10720 Internet router:
•
•
•
•
Note
The following policy-map commands and actions that have been supported on IPv4 traffic are now supported on IPv6 traffic:
•
•
•
•
•
•
•
•
•
•
•
The following policy-map commands apply to both IPv4 and IPv6 traffic:
•
•
For detailed information about how to configure QoS policies in IPv6 environments, refer to Implementing QoS for IPv6 for Cisco IOS Software.
For complete documentation on MQC configuration commands and tasks, and for general information on how to configure the MQC, refer to:
•
•
•
Hierarchical Policy Map
You can use a hierarchical policy map to specify a parent shaper for a given interface or subinterface (802.1Q). Under the parent shaper, you can specify a child policy map to configure multiple user queues, such as shaped, fair, priority, and default.
Use this feature to offer fractional bandwidth service on a Gigabit Ethernet or Fast Ethernet access interface. When you configure an interface with fractional bandwidth, the packet dequeue rate does not exceed the configured fractional value.
You specify fractional bandwidth as a percentage of the physical bandwidth of the port, ranging from 1 to 99 percent in increments of 1 percent.
When you first configure fractional bandwidth, and each time you modify the fractional bandwidth value, take into account that the bandwidth used by the main interface is modified accordingly:
•
•
If you configure the bit rate on a Cisco 10720 Gigabit Ethernet, POS, or SRP high-speed interface to a value less than 700 Mbps, the buddy queues are removed on the output queues of the interface.
To configure fractional bandwidth, you must use a two-level hierarchical policy map that consists of a parent policy and a child policy linked together. The parent policy must be configured in the following format:
Policy Map <place-name>Class class-defaultshape percent <percentage>service-policy <child_policy_name>where <percentage> specifies the fractional percentage of bandwidth to use. The valid values are from 1 to 99 in 1-percent increments.
The child policy map is an ordinary policy map with no special restriction. When you apply the parent policy map as an output service policy, the fractional bandwidth takes effect.
The following example shows how to configure a fractional output bandwidth of 30 Mbps (30 percent of 100 Mbps throughput) on the Fast Ethernet port 1 in slot 2, and then to verify the configuration. The queue for class prec0 has been guaranteed a bandwidth of 3 Mbps (10 percent of 30 Mbps) and the low-latency queue for class prec7 has been guaranteed a bandwidth of 6 Mbps (20 percent of 30 Mbps).
Router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)# policy-map child_policyRouter(config-pmap)# class prec0Router(config-pmap-c)# bandwidth percent 10Router(config-pmap-c)# class prec7Router(config-pmap-c)# bandwidth percent 20Router(config-pmap-c)# policy-map parent_policyRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# shape percent 30Router(config-pmap-c)# service-policy child_policyRouter(config-pmap-c)# interface fastethernet 2/1Router(config-if)# service-policy output parent_policyRouter(config-if)# ^ZRouter#00:18:42: %SYS-5-CONFIG_I: Configured from console by consoleRouter# show hardware pxf cpu queue fastethernet 2/1VCCI 5:Class ID Length/Max Slot Dequeues Drops0 class-default 263 0/2048 2 59 01 prec0 311 0/2048 2 0 02 prec7 300 0/2048 2 0 015 net control 262 0/1024 2 0 0Legend:$: Priority Queue~: RED QueueRouter#Router# show policy-map parent_policyPolicy Map parent_policyClass class-defaultshape percent 30service-policy child_policyRouter# show policy-map child_policyPolicy Map child_policyClass prec0bandwidth percent 10Class prec7bandwidth percent 20As shown in the next example, you can modify the fractional bandwidth percentage used in the parent policy at any time so that, for example, the guaranteed bandwidth of the class prec0 queue is 5 Mbps (10 percent of 50 Mbps) and of the prec7 queue is 10 Mbps (20 percent of 50 Mbps).
Router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)# policy-map parent_policyRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# shape percent 50Router(config-pmap-c)# ^ZRouter#00:32:32: %SYS-5-CONFIG_I: Configured from console by consoleRouter# show policy-map parent-policyPolicy Map parent-policyClass class-defaultshape percent 50Per-VLAN Queuing
You can use MQC to configure output packet queues for an 802.1q VLAN on a Cisco 10720 Internet router Ethernet interface. When you configure a VLAN queue, you must specify the amount of bandwidth reserved for the VLAN. After VLAN queuing is configured, the packet dequeue rate does not exceed the specified rate. Also, as long as the Cisco 10720 Internet router does not experience system-wide congestion, traffic on the VLAN interface is serviced at the specified bandwidth.
You configure VLAN bandwidth as a percentage of the total bandwidth available on the physical interface, ranging from 1 to 99 percent in increments of 1 percent. The aggregate amount of reserved bandwidth on a physical Ethernet interface cannot exceed 100 percent. If you configure more than 100 percent of reserved bandwidth for VLAN queuing, an error message appears.
After you configure reserved bandwidth for a VLAN, unused bandwidth on the VLAN cannot be reused by other traffic on the main Ethernet interface and subinterfaces.
When you first configure VLAN bandwidth, and each time you modify the VLAN bandwidth setting, take into account that the bandwidth used by the main interface is modified accordingly:
•
•
After you configure VLAN queuing, the VLAN sets its own default queue and network control queues. The default and network control queues for the VLAN are different from the queues used by the main interface.
When VLAN queuing is not configured for a VLAN, traffic on the VLAN is subject to the QoS service policy attached to the main interface, if any exists.
As when configuring fractional bandwidth, when you configure output queues on a VLAN subinterface, you must use a two-level hierarchical policy map that consists of a parent policy and a child policy linked together. The parent policy must be configured in the following format:
Policy Map <policy_name>Class class-defaultshape percent <percentage>service-policy <child_policy_name>where <percentage> specifies the percentage of bandwidth on the main Ethernet interface that is reserved for exclusive use of VLAN traffic. The valid values are from 1 to 99 in 1-percent increments.
The child policy map is an ordinary policy map with no special restriction. When you apply the parent policy map as an output service policy on the VLAN subinterface, the VLAN queues are created and the specified bandwidth percentage is reserved for VLAN use.
The following example shows how to configure the VLAN subinterface Fast Ethernet 2/1.1 with 40 Mbps (40 percent of 100 Mbps throughput) of output bandwidth and then to verify the configuration. Note that all bandwidth percentages in the child policy map are percentages of the VLAN bandwidth and not of the physical port bandwidth.
Router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)# policy-map child_policyRouter(config-pmap)# class prec0Router(config-pmap-c)# bandwidth percent 10Router(config-pmap-c)# class prec1Router(config-pmap-c)# shape percent 30Router(config-pmap-c)# class prec2Router(config-pmap-c)# bandwidth percent 20Router(config-pmap-c)# random-detectRouter(config-pmap-c)# class prec7Router(config-pmap-c)# bandwidth percent 20Router(config-pmap-c)#Router(config-pmap-c)# policy-map parent_policyRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# shape percent 40Router(config-pmap-c)# service-policy child_policyRouter(config-pmap-c)# interface fastethernet 2/1.1Router(config-subif)# service-policy output parent_policyRouter(config-subif)# ^ZRouter#19:41:44: %SYS-5-CONFIG_I: Configured from console by consoleRouter# show hardware pxf cpu queue fastethernet 2/1.1VCCI 28:VCCI 28:Class ID Length/Max Slot Dequeues Drops0 class-default 311 0/2048 2 0 01 prec0 309 0/2048 2 0 02 prec1 310 0/2048 2 0 0~ 3 prec2 312 0/2048 2 0 04 prec7 313 0/2048 2 0 015 net control 308 0/1024 2 0 0Legend:$: Priority Queue~: RED QueueRouter# show policy-map parent_policyPolicy Map parent_policyClass class-defaultshape percent 40service-policy child_policyRouter# show policy-map child_policyPolicy Map child_policyClass prec0bandwidth percent 10Class prec1shape percent 30Class prec2bandwidth percent 20random-detectClass prec7bandwidth percent 20The next example shows the error message that appears when you configure an aggregate VLAN bandwidth which exceeds the amount of available bandwidth on the main Ethernet interface. The hierarchical policy map used in the previous example is applied below to two additional VLAN subinterfaces, Fast Ethernet 2/1.2 and 2/1.3, resulting in an aggregate bandwidth of 3 x 40 percent, or 120 percent of the bandwidth of the main interface.
Router# configure terminalRouter(config-pmap-c)# interface fastethernet 2/1.2Router(config-subif)# service-policy output parent_policyRouter(config-subif)# interface fastethernet 2/1.3Router(config-subif)# service-policy output parent_policyNot enough available bandwidth left on interface.The following example shows how the error message is also displayed when the amount of aggregate VLAN bandwidth used in service policies that you apply to more than one VLAN subinterface exceeds the total amount of physical bandwidth on the Ethernet port.
Router# show policy parent_policyPolicy Map parent_policyClass class-defaultshape percent 40service-policy child_policyRouter# show running interface fastethernet 2/1.1Building configuration...Current configuration : 161 bytes!interface FastEthernet2/1.1encapsulation dot1Q 1ip address 192.168.101.1 255.255.255.0no ip directed-broadcastservice-policy output parent_policyendRouter# show running interface fastethernet 2/1.2Building configuration...Current configuration : 161 bytes!interface FastEthernet2/1.2encapsulation dot1Q 2ip address 192.168.102.1 255.255.255.0no ip directed-broadcastservice-policy output parent_policyendRouter# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)# policy-map parent_policyRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# shape percentage 60Value refused because bandwidth required would exceed physical bandwidth on interface FastEthernet2/1Distribution of Remaining Bandwidth
You can use MQC to specify how the remaining bandwidth is distributed among the output queues on a Cisco 10720 Internet router interface or subinterface. Remaining bandwidth is the available bandwidth left on an interface or subinterface after all guaranteed traffic is accounted for. The amount of remaining bandwidth available for use is determined by the excess information rate (EIR) configured for the queue.
In MQC, the bandwidth remaining percent command allows you to configure the remaining bandwidth for output queues. See the "bandwidth remaining percent" section for more information.
The following example shows how to use the bandwidth remaining percent command to distribute percentages of remaining bandwidth to various traffic classes in a policy map.
Router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)# policy-map myPolicyRouter(config-pmap)# class class-defaultRouter(config-pmap-c)# bandwidth remaining percent 20Router(config-pmap-c)# class prec1Router(config-pmap-c)# bandwidth remaining percent 30Router(config-pmap-c)# class prec2Router(config-pmap-c)# bandwidth remaining percent 10Router(config-pmap-c)# bandwidth percent 50Router(config-pmap-c)# ^ZRouter#20:44:36: %SYS-5-CONFIG_I: Configured from console by consoleRouter# show policy-map myPolicyPolicy Map myPolicyClass prec1bandwidth remaining percent 30Class prec2bandwidth percent 50bandwidth remaining percent 10Class class-defaultbandwidth remaining percent 20Turbo QoS Classifier
MQC match statements are normally searched sequentially to find a matching rule. Because of the increasing needs and requirements for better packet classification, the MQC matching process can expand to the point that searching through MQC class maps adds a significant amount of PXF feedback when packets are being forwarded.
The Turbo Quality of Service (QoS) Classifier feature compiles the MQC class maps into a set of lookup tables, similar to the Turbo ACL feature. Packet headers are used to access these tables in a small, fixed number of lookups, independent of the existing number of class map entries. This feature dramatically reduces the need for feedback on the Cisco 10720 Internet router because only one lookup is needed per lookup table.
MQC Bandwidth in Absolute Values
In Cisco IOS Release 12.0(24)S and earlier versions, the Cisco 10720 Internet router supported only the percent percentage parameter in the bandwidth, priority, and shape modular QoS command-line interface (MQC) commands.
Starting in Cisco IOS Release 12.0(25)S, the Cisco 10720 Internet router also supports the bandwidth-kbps parameter so that the command syntax in policy-map class configuration mode is as follows:
•
•
•
Syntax Description
On the Cisco 10720 Internet router, the bandwidth, priority, and shape commands are implemented so that, when you enter a bandwidth value in kilobits per second (bandwidth-kbps), the kbps value is internally converted to a number between 0 and 1023, where 1023 represents the full bandwidth in kbps of the interface or subinterface.
The granularity (in kbps) on an interface is 1/1023 of the bandwidth available on the interface. For example, if the interface speed is:
•
•
•
Note
For more information about standard MQC command usage, refer to
•
/en/US/docs/ios/12_2/qos/command/reference/qrfcmd1.html#1029499•
/en/US/docs/ios/12_2/qos/command/reference/qrfcmd6.html#1036072•
/en/US/docs/ios/12_2/qos/command/reference/qrfcmd9.html#1102949Single Rate 3-Color Marker for Traffic Policing
Starting in Cisco IOS Release 12.0(25)S, the Cisco 10720 Internet router supports the Single Rate 3-Color Marker feature that meters a packet stream and marks its packets different colors, based on the committed information rate (CIR) and two associated burst sizes: committed burst size (CBS) and excess burst size (EBS).
CIR is measured in bits of IP packets per second, and includes the IP header and link-specific headers. CBS and EBS are measured in bytes. You configure 3-color packet marking using the police command in the Modular QoS command-line interface (MQC).
In Cisco IOS Release 12.0(24)S and earlier versions, the Cisco 10720 Internet router supported only a 2-color marker using the committed access rate (CAR). The 2-color marker also allows you to set the traffic rate limit based on CIR with the police command. Traffic that conforms to the configured rate is marked by the conform action. All remaining traffic is marked by the exceed action.
The new single rate, 3-color marker allows the Cisco 10720 Internet router to also mark packets that violate the EBS. A packet can be marked as conforming to the CIR (and not exceeding the CBS), exceeding the CIR (exceeding the CBS but not the EBS), or violating the EBS (exceeding both the CIR and the EBS).
This feature is useful, for example, for ingress policing of a service, where service eligibility is determined only by the length of the burst and not its peak rate. Separate byte and packet statistics are collected for conforming, exceeding, and violating traffic. To display these policing statistics, use the show policy-map interface command.
To configure the 3-Color Marker feature, use the MQC police command in policy-map configuration class mode. For information about how to use the MQC police command on the Cisco 10720 Internet Router, see the "police" section.
MQC Hierarchical Class Maps on the Cisco 10720 Internet Router
Starting in Cisco IOS Release 12.0(26)S, the Cisco 10720 Internet router supports the match class-map command in class map configuration mode. The match class-map command allows you to use a traffic class as a match criterion and create nested traffic classes (by defining nested class maps) within a single traffic class configuration (defined with a class-map command).
By nesting a traffic class within another traffic class, you save the overhead of recreating a new traffic class when most of the information exists in a previously configured traffic class. In the following example, the parent traffic class has the same characteristics as the child traffic class, with the exception that the parent traffic class has added a destination IP precedence value as a match criterion. Rather than configuring the parent traffic class line by line, you can enter the match class-map child command. This command allows all the characteristics in the child traffic class to be included in the parent traffic class, and simply add the new IP precedence match criterion without reconfiguring the entire traffic class.
Router(config)# class-map match-any childRouter(config-cmap)# match qos-group 3Router(config-cmap)# match access-group 2Router(config-cmap)# exitRouter(config)# class-map match-all parentRouter(config-cmap)# match class-map childRouter(config-cmap)# match ip precedence 2Router(config-cmap)# exitThe preceding example also shows that the Modular QoS CLI, the match class-map command provides the only way of combining match-any and match-all characteristics within one traffic class. To combine match-any and match-all characteristics into one class, a traffic class created with the match-all instruction must use a class configured with the match-any instruction as a match criterion (through the match class-map command), or vice versa.
The following restrictions apply when you configure hierarchical class maps on the Cisco 10720 Internet router:
•
•
•
For more information about how to use the match class-map command to configure nested traffic classes, refer to Modular Quality of Service Command-Line Interface at: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120xe/
120xe5/mqc/mcli.htmMQC Strict Priority Queue on the Cisco 10720 Internet Router
Starting in Cisco IOS Release 12.0(26)S, the Cisco 10720 Internet router does not support the priority percent percentage and priority bandwidth-kbps commands in policy-map class configuration mode, except as a hidden command to preserve backward compatibility. These commands allow you to create a queue to handle low-latency traffic.
The percentage and bandwidth-kbps arguments specify the bandwidth that is guaranteed to the queue. However, when the excess bandwidth on a link is consumed by other queues, the priority queue receives only the amount of bandwidth that you configured. As a result, if there is a burst of traffic into a priority queue, the packets in the burst are shaped and transmitted at the configured rate. Because a temporary burst often exceeds the amount of configured bandwidth, the packets in the burst are queued with an increased latency. This impacts performance because the increased latency occurs for bursts that have a long-term traffic rate that is much lower than the configured bandwidth.
To guarantee latency for any packet that enters the priority queue regardless of the current congestion level in the link, strict priority mode is supported as the only mode of operation for a priority queue in Cisco IOS Release 12.0(26)S and later releases.
To configure the strict priority queue, you use the priority command in policy-map class configuration mode with no arguments; the percentage and bandwidth-kbps arguments are not supported. When you create a strict priority queue using the priority command, the committed information rate (CIR) of the queue is set to 99 percent of the link bandwidth.
Because the priority queue consume almost all the link bandwidth when packets are transmitted from it, there is no way to guarantee bandwidth to other queues on the link. Therefore, if you use the priority command for a traffic class in a policy map configuration, only bandwidth remaining commands are allowed in other class configurations in the same policy map.
To prevent the priority queue from starving other queues on the link, you can use the police command in conjunction with the priority command. In this case, the CIR is set to the bandwidth specified in the police command. Also, you can use the bandwidth command on the other queues in the link to create one or more queues with guaranteed bandwidth. In either case, you must set the exceed and violate actions of the police command to drop for the CIR of the priority queue to be affected.
Note
DiffServ Compliant Weighted Random Early Detection
The DiffServ Compliant Weighted Random Early Detection feature enables Weighted Random Early Detection (WRED) to use the differentiated services code point (DSCP) value when it calculates the drop probability for a packet. The DSCP value is the first six bits of the IP type of service (ToS) byte.
This feature extends the functionality of WRED on the Cisco 10720 Internet router to enable support for Differentiated Services (DiffServ) and Assured Forwarding (AF) Per Hop Behavior (PHB). This feature enables WRED to be compliant with the DiffServ standard and the AF PHB standard developed by the Internet Engineering Task Force (IETF).
On the Cisco 10720 Internet router, the DiffServ Compliant WRED feature allows you to implement AF PHB by marking packets at the class level according to DSCP values and then assigning preferential drop probabilities to those packets. You use WRED at the class level as part of class-based weighted fair queueing (CBWFQ) in a service policy map applied to an interface.
First, you specify the policy map, traffic class, and bandwidth. Then, specify that WRED should use the DSCP value (instead of the IP Precedence value) to calculate the drop probability with the random-detect dscp-based command. Use the random-detect dscp dscpvalue command to configure the default minimum and maximum thresholds for one or more DSCP values; use the random-detect dscp default command to configure all DSCP values not specified with the random-detect dscp dscpvalue command.
The following guidelines and restrictions apply when configuring the DiffServ Compliant WRED feature on the Cisco 10720 Internet router:
•
In a class map, a maximum number of eight unique drop profiles (including the default drop profile) is also supported. However, you can reuse the same drop profile for different DSCP values in the same and in different class maps. In the following example, note that DSCP 14 and DSCP 16 in class af1 use the same drop profile. However, DSCP 1, DSCP 20, DSCP 22, and the default profile use unique drop profiles. Therefore, five drop profiles are used in the class map. As a result, in the wred-2class policy map in the example:
–
–
Router(config-if)# policy-map wred-2classRouter(config-pmap)# class af1Router(config-pmap-c)# random-detect dscp-basedRouter(config-pmap-c)# random-detect dscp 1 3000 3500 1Router(config-pmap-c)# random-detect dscp 14 1000 1500 1Router(config-pmap-c)# random-detect dscp 16 1000 1500 1Router(config-pmap-c)# random-detect dscp 20 2000 2500 1Router(config-pmap-c)# random-detect dscp 22 1500 2000 1Router(config-pmap-c)# random-detect dscp default 2500 3000 1•
•
•
•
•
•
•
The following example shows how to enable WRED in a service policy applied to an interface so that various DSCP values are used in different traffic classes to calculate drop probability. The minimum and maximum thresholds are also set for these DSCP values. A default drop profile in each class configures the minimum and maximum thresholds to be used for all other DSCP values not specified by the random-detect dscp commands. The last line attaches the service policy to a Fast Ethernet output interface.
Router(config-if)# policy-map wred-3classRouter(config-pmap)# class af31Router(config-pmap-c)# shape percent 30Router(config-pmap-c)# random-detect dscp-basedRouter(config-pmap-c)# random-detect dscp 1 1000 1500 1Router(config-pmap-c)# random-detect dscp 14 1500 2000 1Router(config-pmap-c)# random-detect dscp 22 1500 2000 1Router(config-pmap-c)# random-detect dscp default 1000 1500 1Router(config-pmap-c)# exitRouter(config-pmap)# class af22Router(config-pmap-c)# shape percent 30Router(config-pmap-c)# bandwidth percent 20Router(config-pmap-c)# random-detect dscp-basedRouter(config-pmap-c)# random-detect dscp 8 1000 1500 1Router(config-pmap-c)# random-detect dscp 14 2500 3000 1Router(config-pmap-c)# random-detect dscp 22 2500 3000 1Router(config-pmap-c)# random-detect dscp default 2000 2500 1Router(config-pmap-c)# exitRouter(config-pmap)# class af13Router(config-pmap-c)# shape percent 30Router(config-pmap-c)# bandwidth percent 20Router(config-pmap-c)# random-detect dscp-basedRouter(config-pmap-c)# random-detect dscp 14 3000 3500 1Router(config-pmap-c)# random-detect dscp 16 1000 1500 1Router(config-pmap-c)# random-detect dscp 22 3000 3500 1Router(config-pmap-c)# random-detect dscp default 3000 3500 1Router(config-pmap-c)# exitRouter(config-pmap)# exitRouter(config)# interface fastethernet 2/8Router(config-if)# service-policy output wred-3classFor more information about how to configure and use the DiffServ Compliant WRED feature in a quality-of-service policy, refer to the DiffServ Compliant Weighted Random Early Detection document at http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/dtdswred.htm.
For information about how to verify the DSCP configuration and display drop statistics for a service policy applied to traffic classes on an interface, see the "Verifying the DSCP Configuration in a Service Policy and Displaying Drop Statistics" section.
For information about the syntax and usage guidelines of the 10720-specific random-detect dscp default command, see the "random-detect dscp" section.
Configuring Policy-Based Routing
Policy-based routing (PBR) provides a flexible means of routing packets by allowing you to configure a defined policy for traffic flows, lessening reliance on routes derived from routing protocols. You can set up PBR as a way to route packets based on configured policies. For example, you can implement routing policies to allow or deny paths based on the identity of a particular end system or an application protocol.
Also, you can configure a unique policy for each input interface or one policy for multiple interfaces. A policy contains one or more route maps. Each route map has one or more statements that specify the required matching criteria and actions. For example, a matching statement can be an ACL. If the matching criteria are met, the action statements are executed. An action statement can contain a routing action or QOS action. The routing action determines what output interfaces the packet should take or what the next hop is. The QOS action may be to set the ToS or IP precedence parameter to a specific value.
PBR is implemented on the Cisco 10720 Internet router as follows:
•
•
•
•
This task is optional. For information about how to configure policy-based routing, refer to: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/fqos_c/fqcprt1/qcfpbr.htm.
Configuring 802.3x Flow Control
In a Cisco 10720 Internet router, you can configure flow control for 802.3x packets in Ethernet connections on the Gigabit Ethernet ports of a 4-port Gigabit Ethernet 8-port 10/100 Ethernet TX access card. This task is optional.
To configure 802.3x flow control, use the following commands:
To verify the 802.3x flow control configuration for a Gigabit Ethernet port on a 4-port Gigabit Ethernet 8-port 10/100 Ethernet TX access card, see the "Verifying the DSCP Configuration in a Service Policy and Displaying Drop Statistics" section.
For more information about the 4-port Gigabit Ethernet 8-port 10/100 Ethernet TX access card, refer to Cisco 10720 Internet Router Access Card Installation and Configuration Guide.
Configuring Unicast Reverse Path Forwarding
On a Cisco 10720 Internet router, you can configure either of two Unicast RPF checking modes to drop packets with malformed or forged (spoofed) IP source addresses that are introduced into a network.
•
•
Note
- The most recently configured checking mode is not automatically applied to all interfaces as on other platforms. You must enable Unicast RPF separately on each interface.
- The Unicast RPF feature requires that Cisco Express Forwarding (CEF) is enabled on the router.
- The Unicast RPF feature (loose and strict checking modes) is not supported on an interface configured for L2TPv3 tunneling or EoMPLS.To configure Unicast RPF, use the following commands:
To verify the Unicast RPF configuration on an interface, see the "Verifying Unicast Reverse Path Forwarding" section.
For more information about how to configure and use the Unicast RPF feature, refer to Configuring Unicast Reverse Path Forwarding in "Part 5: Other Security Features" of the Cisco IOS Security Configuration Guide, Release 12.3.
Configuring Control Plane Policing
On the Cisco 10720 Internet router, you can configure aggregate control plane services on PXF to provide policing for control plane (CP) packets received from all access- and uplink-card interfaces on the router.
PXF executes normal input port services and makes routing decisions for an incoming packet: if the packet is destined for the CP, aggregate services are performed. Because CP traffic from all access and uplink cards must pass through aggregate CP services on PXF, these services manage the cumulative amount of CP traffic.
Aggregate CP services are defined for one input interface on PXF, which represents an aggregate for all ports on a router. Modular QoS is used to define CP services. Class maps and policy maps for both DoS protection and packet QoS are defined for one aggregate PXF service policy.
Note
Prerequisites
Before you enter control-plane configuration mode to attach an existing QoS policy to the control plane, you must first create the policy using MQC to define a class map and policy map for control plane traffic.
For information about how to classify traffic and create a QoS policy, refer to the "Modular Quality of Service Command-Line Interface" chapter in the Cisco IOS Quality of Service Solutions Configuration Guide.
To configure aggregate CP services, such as packet rate control, use the following commands:
To verify the service policy configuration for aggregate control plane services on PXF, see the "Verifying Control Plane Policing" section.
For more information about how to configure and use the Control Plane Policing feature, refer to Control Plane Policing.
Prioritizing Ethernet Traffic
On a 4-port Gigabit Ethernet 8-port 10/100 Ethernet TX access card in a Cisco 10720 Internet router, you can configure the Ethernet packet priority of:
•
•
When you prioritize Ethernet traffic, you map incoming packets to a high- or low-priority queue. This task is optional.
Configuring an Ethernet Interface
To configure the threshold of 802.1q frames received on all subinterfaces configured on a main Ethernet interface, use the following commands:
Configuring a VLAN Subinterface
To configure the priority of all incoming 802.1q frames on a specific VLAN subinterface using their 802.1p bits, use the following commands:
Testing Cable Problems on a Fast Ethernet Interface
Use the Time Domain Reflectometer (TDR) on a Fast Ethernet interface on a 100BASE-TX or 4-port Gigabit Ethernet 8-port 10/100 Ethernet TX access card to locate physical-layer network problems. This task is optional.
You can use TDR to detect shorts and breaks, and to measure the length of the cable. TDR sends a signal from one end of a cable and measures the time for the signal to reflect back.
To use TDR to test for a cable problem on a Fast Ethernet interface, use the following commands:
Verifying a Fast Ethernet Interface
Use the show interfaces fastethernet slot/port command to display information about a Fast Ethernet interface.
Step 1
Router> enableStep 2
Router# show interfaces fastethernet 2/1FastEthernet2/1 is up, line protocol is upHardware is Fast Ethernet, address is 0001.64ff.3101 (bia 0001.64ff.3101)Internet address is 10.0.0.1/24MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, rely 255/255, load 1/255Encapsulation ARPA, loopback not setKeepalive set (10 sec)Auto-duplex, Auto Speed, 100BaseTX/FXARP type:ARPA, ARP Timeout 04:00:00Last input 00:00:55, output 00:00:00, output hang neverLast clearing of "show interface" counters 00:03:39Queueing strategy:PXF First-In-First-OutOutput queue 0/8192, 0 drops; input queue 0/75, 0 drops5 minute input rate 23305000 bits/sec, 46539 packets/sec5 minute output rate 0 bits/sec, 0 packets/sec846264 packets input, 19192319 bytesReceived 0 broadcasts, 0 runts, 0 giants, 0 throttles0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored0 watchdog, 0 multicast0 input packets with dribble condition detected59 packets output, 4154 bytes, 0 underruns0 output errors, 0 collisions, 0 interface resets0 babbles, 0 late collision, 0 deferred0 lost carrier, 0 no carrier0 output buffer failures, 0 output buffers swapped outRouter#
Verifying a Gigabit Ethernet Interface
Use the show interfaces gigabitethernet slot/port command to display information about a Gigabit Ethernet interface. Use the show controllers gigabitethernet slot/port sfp command to verify the status and type of small form-factor pluggable gigabit interface converters (SFP GBICs) on the access card.
Step 1
Router> enableStep 2
Router# show interfaces gigabitethernet 2/1GigabitEthernet2/1 is up, line protocol is upInternet address is 195.16.1.1/16MTU 9100 bytes, BW 1000000 Kbit, DLY 10 usec, rely 255/255, load 0/255Encapsulation ARPA, loopback not setKeepalive not setFull-duplex mode, link type is autonegotiation, media type is SXoutput flow-control is off, input flow-control is offARP type: ARPA, ARP Timeout 04:00:00Last input 00:00:02, output 00:00:00, output hang neverLast clearing of "show interface" counters 03:41:33Queueing strategy: PXF First-In-First-OutOutput queue 0/8192, 0 drops; input queue 0/75, 0 drops30 second input rate 0 bits/sec, 0 packets/sec30 second output rate 0 bits/sec, 0 packets/sec0 packets input, 0 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants, 0 throttles0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored0 watchdog, 0 multicast, 0 pause input1 packets output, 64 bytes, 0 underruns0 output errors, 0 collisions, 0 interface resets0 babbles, 0 late collision, 0 deferred0 lost carrier, 0 no carrier, 0 pause output0 output buffer failures, 0 output buffers swapped outStep 3
Router# show controllers gigabitethernet 2/1 sfpStatic informationID: SFP transceiverExtended ID: 4Connector: LCSONET compliance: unspecifiedGigabit Ethernet compliance: 1000BASE-SXFibre Channel link length: unspecifiedFibre Channel transmitter technology: unspecifiedFibre Channel transmission media: unspecifiedFibre Channel speed: 100 MBytes/secEncoding: 8B10BBit Rate: 1200 Mbps50 micron-multimode fiber supported length: 550 m62.5 micron-multimode fiber supported length: 300 mUpper bit rate limit: unspecifiedLower bit rate limit: unspecifiedDate code (yyyy/mm/dd): 2002/02/13Vendor PN: FTRJVendor revision number:Vendor serial number: H11DVETStatus informationTemperature +32 (+/-3 Celsius)Voltage in transceiver 3205400 uV (+/- 10 mV)TX bias 14092 uA (+/- 100uA)TX power 227600 nW (+/- 25 uW)TX power -6 dBmRX power 182400 nW (+/- 25 uW)RX power -7 dBm
Verifying an SRP Interface
Use the show srp srp slot/port command to show the current Intelligent Protocol Switching (IPS) source counter and topology status of an SRP interface on the uplink card in the Cisco 10720 Internet router.
Step 1
Router> enableStep 2
Router# show srp srp 1/1IPS Information for Interface SRP1/1MAC AddressesSide A (Outer ring RX) neighbor 0048.0001.0002Side B (Inner ring RX) neighbor 0048.0001.0001Node MAC address 0001.64fe.fe80IPS StateSide A not wrappedSide B not wrappedSide A (Inner ring TX) IPS pkt. sent every 1 sec. (next pkt. after 1 sec.)Side B (Outer ring TX) IPS pkt. sent every 1 sec. (next pkt. after 1 sec.)inter card bus enabledIPS WTR period is 10 sec. (timer is inactive)Node IPS State: idleIPS Self Detected Requests IPS Remote RequestsSide A IDLE Side A IDLESide B IDLE Side B IDLESide A Failures: noneSide B Failures: noneIPS messages receivedSide A (Outer ring RX) {0048.0001.0002,IDLE,SHORT}, TTL 255Side B (Inner ring RX) {0048.0001.0001,IDLE,SHORT}, TTL 255...Step 3
Router# show controllers srp 1/1 transceiverShow Transceiver: Side AStatic informationID: SFP transceiverExtended ID: 4Connector: LCSONET compliance: OC48SRGigabit Ethernet compliance: unspecifiedFibre Channel link length: unspecifiedFibre Channel transmitter technology: unspecifiedFibre Channel transmission media: unspecifiedFibre Channel speed: unspecifiedEncoding: reservedBit Rate: 2500 MbpsSingle mode fiber supported length: 2 kmUpper bit rate limit: unspecifiedLower bit rate limit: unspecifiedDate code (yyyy/mm/dd): 2004/04/21Vendor PN: SCP6828-C5-BNEVendor revision number: DVendor serial number: ECL0817001LTransceiver status informationDiagnostics calibration is externalTemperature 39 (+/-3 Celsius)Voltage in transceiver 3231000 uV (+/- 10 mV)TX bias 8940 uA (+/- 100uA)TX power 320200 nW / -4 dBm (+/- 3dBm)RX power 300300 nW / -5 dBm (+/- 3dBm)No Active AlarmsNo Active WarningsAlarm Thresholds:high lowTemperature 96 C -44 CVoltage 4000000 uV 0 uVTX bias 70000 uA 0 uATX power 1000000 nW / 0 dBm 50100 nW / -13 dBmRX power 1008300 nW / 0 dBm unspecifiedWarning Thresholds:high lowTemperature 91 C - 9 CVoltage 3600000 uV 3000000 uVTX bias 60000 uA 0 uATX power 630900 nW / -2 dBm 79400 nW / -11 dBmRX power 1008300 nW / 0 dBm unspecifiedShow Transceiver: Side BStatic informationID: SFP transceiverExtended ID: 4Connector: LCSONET compliance: OC48SRGigabit Ethernet compliance: unspecifiedFibre Channel link length: unspecifiedFibre Channel transmitter technology: unspecifiedFibre Channel transmission media: unspecifiedFibre Channel speed: unspecifiedEncoding: reservedBit Rate: 2500 MbpsSingle mode fiber supported length: 2 kmUpper bit rate limit: unspecifiedLower bit rate limit: unspecifiedDate code (yyyy/mm/dd): 2004/04/21Vendor PN: SCP6828-C5-BNEVendor revision number: DVendor serial number: ECL0817001MTransceiver status informationDiagnostics calibration is externalTemperature 39 (+/-3 Celsius)Voltage in transceiver 3230200 uV (+/- 10 mV)TX bias 8740 uA (+/- 100uA)TX power 287400 nW / -5 dBm (+/- 3dBm)RX power 310200 nW / -5 dBm (+/- 3dBm)No Active AlarmsNo Active WarningsAlarm Thresholds:high lowTemperature 96 C -44 CVoltage 4000000 uV 0 uVTX bias 70000 uA 0 uATX power 1000000 nW / 0 dBm 50100 nW / -13 dBmRX power 1008300 nW / 0 dBm unspecifiedWarning Thresholds:high lowTemperature 91 C - 9 CVoltage 3600000 uV 3000000 uVTX bias 60000 uA 0 uATX power 630900 nW / -2 dBm 79400 nW / -11 dBmRX power 1008300 nW / 0 dBm unspecified
Verifying an RPR-IEEE Interface
Use the show rpr-ieee rpr-ieee slot/port command to show the current protection, topology, and counters status of an RPR-IEEE interface on an uplink card in the Cisco 10720 Internet router.
Step 1
Router> enableStep 2
Router# show rpr-ieee rpr-ieee 1/1Protection Information for Interface RPR-IEEE1/1MAC AddressesWest Span (Ringlet 0 RX) neighbor 0001.0001.0001East Span (Ringlet 1 RX) neighbor 0003.0003.0003Station MAC address 0002.0002.0002TP frame sending timers:fast timer: 10 msecslow timer: 1x100 msec (100 msec)Protection holdoff timers:L1 Holdoff Keepalive DetectionWest Span 0x10 msec ( 0 msec) West Span 3 msecEast Span 0x10 msec ( 0 msec) East Span 3 msecConfigured protection mode: WRAPPING (ring uses WRAPPING)Protection StatusRing is PROTECTED by wrappingWest Span not wrapped (clear)East Span not wrapped (clear)Hops to edge (TX):ringlet0: 2 ringlet1: 0Protection WTR period is 10 sec. (timer is inactive)Self Detected Requests Remote RequestsWest Span IDLE West Span IDLEEast Span IDLE East Span IDLEDistant RequestsEast Span IDLE West Span IDLEWest Span Failures: noneEast Span Failures: none....Step 3
Router# show controllers rpr-ieee 1/1 transceiverShow Transceiver: West SpanStatic informationID: SFP transceiverExtended ID: 4Connector: LCSONET compliance: OC48LR-2Gigabit Ethernet compliance: unspecifiedFibre Channel link length: unspecifiedFibre Channel transmitter technology: unspecifiedFibre Channel transmission media: unspecifiedFibre Channel speed: unspecifiedEncoding: reservedBit Rate: 2500 MbpsSingle mode fiber supported length: 80 kmUpper bit rate limit: unspecifiedLower bit rate limit: unspecifiedDate code (yyyy/mm/dd): 2004/06/08Vendor PN: SCP6878-C1-BMEVendor revision number: CVendor serial number: ECL08240007Transceiver status informationDiagnostics calibration is externalTemperature 30 (+/-3 Celsius)Voltage in transceiver 3249200 uV (+/- 10 mV)TX bias 11296 uA (+/- 100uA)TX power 1035200 nW / 0 dBm (+/- 3dBm)RX power less than -30 dBmNo Active AlarmsNo Active WarningsAlarm Thresholds:high lowTemperature 103 C -43 CVoltage 4000000 uV 0 uVTX bias 70000 uA 0 uATX power 3981000 nW / 5 dBm 316200 nW / -5 dBmRX power unspecified unspecifiedWarning Thresholds:high lowTemperature 95 C -43 CVoltage 3600000 uV 3000000 uVTX bias 60000 uA 0 uATX power 2511800 nW / 3 dBm 501100 nW / -3 dBmRX power unspecified unspecifiedShow Transceiver: East SpanStatic informationID: SFP transceiverExtended ID: 4Connector: LCSONET compliance: OC48SRGigabit Ethernet compliance: unspecifiedFibre Channel link length: unspecifiedFibre Channel transmitter technology: unspecifiedFibre Channel transmission media: unspecifiedFibre Channel speed: unspecifiedEncoding: reservedBit Rate: 2500 MbpsSingle mode fiber supported length: 2 kmUpper bit rate limit: unspecifiedLower bit rate limit: unspecifiedDate code (yyyy/mm/dd): 2004/04/21Vendor PN: SCP6828-C5-BNEVendor revision number: DVendor serial number: ECL0817001STransceiver status informationDiagnostics calibration is externalTemperature 28 (+/-3 Celsius)Voltage in transceiver 3218000 uV (+/- 10 mV)TX bias 7424 uA (+/- 100uA)TX power 317000 nW / -4 dBm (+/- 3dBm)RX power 312200 nW / -5 dBm (+/- 3dBm)No Active AlarmsNo Active WarningsAlarm Thresholds:high lowTemperature 96 C -44 CVoltage 4000000 uV 0 uVTX bias 70000 uA 0 uATX power 1000000 nW / 0 dBm 50100 nW / -13 dBmRX power 1008300 nW / 0 dBm unspecifiedWarning Thresholds:high lowTemperature 91 C - 9 CVoltage 3600000 uV 3000000 uVTX bias 60000 uA 0 uATX power 630900 nW / -2 dBm 79400 nW / -11 dBmRX power 1008300 nW / 0 dBm unspecified
Verifying a POS Interface
Use the show interfaces pos slot/port command to display the configuration of a Packet-over-SONET interface on the uplink card.
Step 1
Router> enableStep 2
Router# show interfaces pos1/1POS1/1 is up, line protocol is upHardware is Packet Over SONETInternet address is 2.34.34.4/24MTU 9092 bytes, BW 2488000 Kbit, DLY 100 usec, rely 255/255, load 11/255Encapsulation PPP, crc 32, loopback not setKeepalive set (10 sec)Scramble disabledLCP OpenOpen: OSICP, IPCP, CDPCPLast input 00:00:00, output 00:00:00, output hang neverLast clearing of "show interface" counters 00:00:22Queueing strategy: PXF First-In-First-OutOutput queue 8189/8192, 0 drops; input queue 0/75, 0 drops30 second input rate 275442000 bits/sec, 169124 packets/sec30 second output rate 111718000 bits/sec, 198366 packets/sec7369252 packets input, 1500282821 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants, 0 throttles, 0 parity0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort8651874 packets output, 609128533 bytes, 0 underruns0 output errors, 0 applique, 0 interface resets0 output buffer failures, 0 output buffers swapped out0 carrier transitions
Verifying the SRP MAC Address
Use the show interfaces srp slot/port command to show information about an SRP interface, including its MAC address.
Step 1
Router> enableStep 2
router# show interfaces srp 1/1SRP1/1 is up, line protocol is upHardware is CAMR SRP OC48, address is 0001.64ff.3100 (bia 0001.64ff.3100)Internet address is 48.1.1.10/24MTU 4470 bytes, BW 2488000 Kbit, DLY 100 usec, rely 255/255, load 1/255Encapsulation SRP2,Side A:loopback not setSide B:loopback not set3 nodes on the ring MAC passthrough not setSide A:not wrapped IPS local:IDLE IPS remote:IDLESide B:not wrapped IPS local:IDLE IPS remote:IDLELast input 00:00:00, output 00:00:00, output hang neverLast clearing of "show interface" counters 00:03:13Queueing strategy:PXF First-In-First-OutOutput queue Side A:0/32768; Side B:0/32768, 0 dropsInput queue 0/75, 0 dropsSide A:30 seconds output rate 70090 bits/sec, 129 packets/sec30 seconds input rate 0 bits/sec, 0 packets/secSide B:30 seconds output rate 0 bits/sec, 0 packets/sec30 seconds input rate 0 bits/sec, 0 packets/sec209 packets input, 17590 bytes, 0 no bufferReceived 0 broadcasts, 0 runts, 0 giants, 0 throttles0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort961553 packets output, 63941552 bytes, 0 underruns0 output errors, 0 collisions, 0 interface resets0 output buffer failures, 0 output buffers swapped outSide A received errors:0 input errors, 0 CRC, 0 ignored,0 framer runts, 0 framer giants, 0 framer aborts,0 mac runts, 0 mac giants, 0 mac abortsSide B received errors:0 input errors, 0 CRC, 0 ignored,0 framer runts, 0 framer giants, 0 framer aborts,0 mac runts, 0 mac giants, 0 mac aborts
Verifying the DSCP Configuration in a Service Policy and Displaying Drop Statistics
Use the show policy-map interface command to verify the DSCP values used by WRED in a service policy to calculate the drop probability for packets in one or more traffic classes. The output displayed in the following example is for the sample service policy applied to a Fast Ethernet interface in the "DiffServ Compliant Weighted Random Early Detection" section.
Step 1
Router> enableStep 2
Router# show policy-map interface fastethernet 2/8FastEthernet2/8Service-policy output: wred-3class (1156)Class-map: af31 (match-all) (1157/2)1488082 packets, 95237184 bytes5 minute offered rate 2570000 bps, drop rate 0 bpsMatch: ip dscp 1 (1158)shape: 30010 kbpsrandom-detect:Exp-weight-constant: 9 (1/512)Diff-Serv Minimum Maximum Markcodepoint threshold threshold probability---------- --------- --------- -----------DSCP-1:1000 1500 1/1af13(14),af23(22):1500 2000 1/1Default:1000 1500 1/1DSCP Transmitted Random drop Tail droppkts/bytes pkts/bytes pkts/bytes----- ----------- ----------- ----------DSCP-1:318603/20390592 319943/20476224 676192/43276352af13(14),af23(22):0/0 0/0 0/0Default:0/0 0/0 0/0Total 318603/20390592 319943/20476224 676192/43276352
Guest
