Table Of Contents
Release Notes for Cisco IOS Release 12.0 ST
Determining the Software Version
Upgrading to a New Software Release
New Features in Cisco IOS Release 12.0(21)ST
10 Gbps POS Enhanced Services Line Cards
128 ACLs, MPLS VPN, IP Marking on Engine 2 POS Line Cards
BGP Policy Accounting on 3-Port Gigabit Ethernet Line Cards per VLAN Support
IP Services Engine Line Cards for the Cisco 12000 Series Internet Routers
MPLS AToM - Ethernet over MPLS and MPLS AToM - ATM AAL5 over MPLS
MPLS Enhancements in the Cisco 10720 Internet Router
MPLS Traffic Engineering (TE)—Interarea Tunnels on 12000 Series Internet Routers
MPLS VPN and Fast Reroute on 10 Gbps POS Enhanced Services Line Cards
MPLS VPN Carrier Supporting Carrier and Interautonomous Systems Supported on Engine 2 POS Line Cards
MPLS VPN Carrier Supporting Carrier—IPv4 BGP Label Distribution
MPLS VPN Inter-AS—IPv4 BGP Label Distribution
MPLS VPN MIB and MPLS VPN MIB Traps
OSPF Sham-Link Support for MPLS VPN
OSPF Support for Disabling the Down (DN) Bit Check for Multi-VRF CE Routers
RPR+ Support for Additional Line Cards in the Cisco 12000 Series Internet Router
SONET APS 1+1 for 4-Port OC-3 ATM and 1-Port OC-12 ATM Line Cards
VPN Aware DHCP Relay for Non-Overlapping Addresses
New Features in Cisco IOS Release 12.0(20)ST
8-Port Unchannelized E3/T3 Line Card
Generic Routing Encapsulation (GRE)
Multiplex Section Protection (MSP)
Priority Queueing (PQ/CBWFQ on ATM PVCs
Turbo Quality of Service (QoS)
New Features in Cisco IOS Release 12.0(19)ST1
Route Processor Redundancy Plus (RPR+)
New Features in Cisco IOS Release 12.0(19)ST
MPLS Traffic Engineering (TE)—Interarea Tunnels
New Features in Cisco IOS Release 12.0(18)ST
802.1p Support on the Cisco 10720 Internet Router
802.1q Support for the Cisco 10720 Internet Router
MPLS Traffic Engineering (TE)—Configurable Path Calculation Metric for Tunnels
RPR+ Support for Engine 4 Line Cards in the Cisco 12000 Series Internet Router
Single Ring Recovery (SRR) Protocol
VT1.5 for Channelized OC-12 Card
Virtual Router Redundancy Protocol (VRRP)
New Features in Cisco IOS Release 12.0(17)ST
Cisco 10000 Series Edge Services Router
Fast Reroute LP Support for OC192
MPLS VPN—Interautonomous System Support (Engine 2 POS and Engine 2 QOC-12 ATM)
MPLS VPN Support for the 2-Port Channelized OC-3/STM-1 to DS1/E1 Line Card
MPLS VPN, TE, and LDP Support for the OC-192c and QOC-48c Line Cards
RPR+ in the Cisco 12000 Series Internet Router
New Features in Cisco IOS Release 12.0(16)ST
3-Port Gigabit Ethernet Line Card MPLS-VPN Features
MPLS VPN and Traffic Engineering Support for 6E3-SMB and 12 E3-SMB Line Cards
MPLS VPN Carrier Supporting Carrier for Engine 0 Line Cards
MPLS VPN—Interautonomous System Support
Policy Routing onto MPLS TE Tunnels
New Features in Cisco IOS Release 12.0(15)ST
New Features in Cisco IOS Release 12.0(14)ST1
MPLS Traffic Engineering (TE)—IP Explicit Address Exclusion
New Features in Cisco IOS Release 12.0(14)ST
BGP Conditional Route Injection
Diff-Serv-Aware Traffic Engineering (DS-TE)
MPLS Quality of Service Enhancements
MPLS Label Switching Router MIB
MPLS Traffic Engineering (TE)—Automatic Bandwidth Adjustment for (TE) Tunnels
MPLS Traffic Engineering (TE)—Scalability Enhancements
MPLS VPN and TE support on the Cisco 12000 series Internet routers 6CT3-SMB Line Card
MPLS VPN Carrier Supporting Carriers
MPLS VPN Line Cards for Cisco 12000 Series Internet Routers (Engine 2 ATM)
Restrictions in Cisco IOS Release 12.0(14)ST
New Features in Cisco IOS Release 12.0(11)ST
Diff-Serv-Aware Traffic Engineering (DS-TE)
Label-Controlled ATM Interface (LC-ATM)
Label Distribution Protocol MIB
New MPLS VPN Line Card for Cisco 12000 Series Internet Routers
New Features in Cisco IOS Release 12.0(10)ST
MPLS Egress NetFlow Accounting
MPLS Label Distribution Protocol (LDP)
MPLS Multiprotocol Label Switching (Tag Switching)
MPLS Traffic Engineering and Enhancements
MPLS Traffic Engineering (TE)—Fast Reroute (FRR) Link Protection
New MPLS VPN Line Card Support for Cisco 12000 Series Internet Routers
MPLS VPN—OSPF Provider Edge (PE)-Customer Edge (CE) Support
VPN Routing/Forwarding (VRF) CLI Command
VPN Routing/Forwarding (VRF) ARP Entry Support
VPN Slow-Path Support on Engine 2 at Deaggregation Point (Between PE-P)
New Features in Cisco IOS Release 12.0(9)ST
MPLS Support on Dynamic Packet Transport (DPT)
MPLS Virtual Private Networks (VPN)
Multi-protocol BGP (MP-BGP)—MPLS VPN
Limitations That Apply to Cisco IOS Release 12.0(21)ST
Controlling the Rate of Logging Messages on the Cisco 10000 Series Edge Services Router
Testing Performance of High-Speed Interfaces on the Cisco 10000 Series Edge Services Router
Important Notes for Cisco IOS Release 12.0(21)ST
Cisco Discovery Protocol on the Cisco 10000 Series Edge Services Router
Frame Relay and PPP Sessions on the Cisco 10000 Series Edge Services Router
Limited Availability of Images for the Cisco 12000 Series Internet Routers
VLAN Session Support on the Cisco 10000 Series Edge Services Router
Important Notes for Cisco IOS Release 12.0(20)ST
Performance Routing Engine on the Cisco 10000 Series Edge Services Router
Important Notes for Cisco IOS Release 12.0(12)ST
Configurable Throttling for Integrated IS-IS
Resolved Caveats—Cisco IOS Release 12.0(21)ST7
Resolved Caveats—Cisco IOS Release 12.0(21)ST6
Resolved Caveats—Cisco IOS Release 12.0(21)ST5
Resolved Caveats—Cisco IOS Release 12.0(21)ST4
Resolved Caveats—Cisco IOS Release 12.0(21)ST3
Resolved Caveats—Cisco IOS Release 12.0(21)ST2
Resolved Caveats—Cisco IOS Release 12.0(21)ST1
Open Caveats—Cisco IOS Release 12.0(21)ST
Resolved Caveats—Cisco IOS Release 12.0(21)ST
Resolved Caveats—Cisco IOS Release 12.0(20)ST6
Resolved Caveats—Cisco IOS Release 12.0(20)ST5
Resolved Caveats—Cisco IOS Release 12.0(20)ST4
Resolved Caveats—Cisco IOS Release 12.0(20)ST3
Resolved Caveats—Cisco IOS Release 12.0(20)ST2
Resolved Caveats—Cisco IOS Release 12.0(20)ST1
Resolved Caveats—Cisco IOS Release 12.0(20)ST
Resolved Caveats—Cisco IOS Release 12.0(19)ST5
Resolved Caveats—Cisco IOS Release 12.0(19)ST6
Resolved Caveats—Cisco IOS Release 12.0(19)ST4
Resolved Caveats—Cisco IOS Release 12.0(19)ST3
Resolved Caveats—Cisco IOS Release 12.0(19)ST2
Resolved Caveats—Cisco IOS Release 12.0(19)ST1
Resolved Caveats—Cisco IOS Release 12.0(19)ST
Resolved Caveats—Cisco IOS Release 12.0(18)ST1
Resolved Caveats—Cisco IOS Release 12.0(18)ST
Resolved Caveats—Cisco IOS Release 12.0(17)ST8
Resolved Caveats—Cisco IOS Release 12.0(17)ST7
Resolved Caveats—Cisco IOS Release 12.0(17)ST6
Resolved Caveats—Cisco IOS Release 12.0(17)ST5
Resolved Caveats—Cisco IOS Release 12.0(17)ST4
Resolved Caveats—Cisco IOS Release 12.0(17)ST3
Resolved Caveats—Cisco IOS Release 12.0(17)ST2
Resolved Caveats—Cisco IOS Release 12.0(17)ST1
Resolved Caveats—Cisco IOS Release 12.0(17)ST
Resolved Caveats—Cisco IOS Release 12.0(16)ST1
Resolved Caveats—Cisco IOS Release 12.0(16)ST
Resolved Caveats—Cisco IOS Release 12.0(15)ST
Resolved Caveats—Cisco IOS Release 12.0(14)ST3
Resolved Caveats—Cisco IOS Release 12.0(14)ST1
Resolved Caveats—Cisco IOS Release 12.0(14)ST
ISO Connectionless Network Service
Resolved Caveats—Cisco IOS Release 12.0(11)ST4
Cisco IOS Software Documentation Set
Cisco IOS Release 12.0 Documentation Set
Obtaining Technical Assistance
Release Notes for Cisco IOS Release 12.0 ST
June 16, 2004
Cisco IOS Release 12.0(21)ST7
Text Part Number OL-1147-07 Rev. W0
These release notes for the Cisco 7200 series routers, Cisco 7500 series routers, Cisco 10000 series edge services routers, Cisco 10720 Internet router, and Cisco 12000 series Internet routers support Cisco IOS Release 12.0 ST, up to and including Cisco IOS Release 12.0(21)ST7. These release notes are updated, as needed, to describe new features, memory requirements, supported hardware, software platform deferrals, and changes to the microcode and related documents.
Cisco IOS Release 12.0 ST is based on Cisco IOS Release 12.0 S and Cisco IOS Release 12.0, and is currently tailored to provide new Multiprotocol Label Switching (MPLS) features in service provider environments. Cisco IOS Release 12.0 ST is synchronized to Cisco IOS Release 12.0 with each maintenance release of the software. Cisco IOS Release 12.0 S is the follow-on release to Cisco IOS Release 11.1 CC, which was also targeted to the service provider environment. Additionally, many of the features in Cisco IOS Release 12.0 S were first introduced for the Cisco 12000 series Internet routers in Cisco IOS Release 11.2 OS and for the Cisco 7000 family in Cisco IOS Release 12.0 T.
Use these release notes in conjunction with the Release Notes for Cisco IOS Release 12.0 and Cisco IOS Release 12.0 S, which are located on Cisco.com and the Documentation CD-ROM.
For a list of software caveats that apply to Cisco IOS Release 12.0 ST, see the "Caveats" section. In addition to the caveats listed in the "Caveats" section, the software caveats that apply to Cisco IOS Release 12.0 and Cisco IOS Release 12.0 S also apply to Cisco IOS Release 12.0 ST. For information on other caveats that might apply to Cisco IOS Release 12.0 ST, refer to the caveat documents for Cisco IOS Release 12.0 and Cisco IOS Release 12.0 S that are located on Cisco.com and on the Documentation CD-ROM.
Note
MPLS Class of Service is now referred to as MPLS Quality of Service. This transition reflects the growth of MPLS to encompass a wider meaning and highlights the path toward Any Transport over MPLS.
Cisco recommends that you view the field notices for this release to see if your software or hardware platforms are affected. If you have an account on Cisco.com, you can find field notices at: http:///www.cisco.com/kobayashi/support/tac/fn_index.html.
Contents
These release notes contain the following sections:
•
Introduction
Cisco IOS Release 12.0(14)ST was the first general availability release of this software. Many of the features and the hardware supported in this software have been previously released to customers on other software releases.
For information on new features and Cisco IOS commands supported by Cisco IOS Release 12.0 ST, see the "New and Changed Information" section and the "Caveats" section.
System Requirements
This section describes the following system requirements for Cisco IOS Release 12.0 ST:
•
Memory Requirements
Table 1 through Table 5 list the memory requirements for the platforms supported in Cisco IOS Release 12.0 ST.
Table 5 Memory Requirements for the Cisco 12000 Series Internet Routers1
Flash MemoryService Provider
gsr-p-mz
20 MB
128 MB
RAM
Service Provider/Secured Shell 3DES
gsr-k4p-mz
20 MB
128 MB
RAM
1 A Cisco 12000 series line card requires 128 MB of DRAM memory.
2 Cisco IOS Release 12.0(21)ST1 supports the Cisco 12000 series routers. Note that Cisco IOS Release 12.0(21)ST supports the Cisco 12000 series routers on a limited availability basis only.
Supported Hardware
Cisco IOS Release 12.0 ST supports the following platforms:
•
•
•
•
•
For additional information about supported hardware for this platform and release, please refer to the Hardware/Software Compatibility Matrix in the Cisco Software Advisor at the following location:
http://tools.cisco.com/Support/Fusion/FusionHome.do
Note
Note
Note
Note
Supported Port Adapters
Table 6 lists the port adapters that are supported for the Cisco 7200 series and Cisco 7500/RSP series routers in Cisco IOS Release 12.0 ST and uses the following conventions:
•
•
•
Table 6 Supported Port Adapters for the Cisco 7200 Series and Cisco 7500/RSP Series Routers
SeriesPA-A1-OC3SM
1-port ATM OC3 single mode (IR)
No
Yes
PA-A1-OC3MM
1-port ATM OC3 multimode
No
Yes
PA-A2-4T1C-OC3SM=
ATM CES, 4T1 CES ports, 1 OC3 ATM SM port
Yes
No
PA-A2-4T1C-T3ATM=
ATM CES, 4T1 CES ports, 1 T3 ATM Port
Yes
No
PA-A2-4E1XC-OC3SM=
CES OC3, 4E1 ports, 120 ohm
Yes
No
PA-A2-4E1XC-E3ATM=
CES E3/E1, 120 ohms
Yes
No
PA-A3-OC3MM
1-port ATM Enhanced OC3c/STM1 multimode
Yes
Yes
PA-A3-OC3SMI
1-port ATM Enhanced OC3c/STM1 single mode (IR)
Yes
Yes
PA-A3-OC3SML
1-port ATM Enhanced OC3c/STM1 single mode (LR)
Yes
Yes
PA-A3-OC12MM
1-port ATM Enhanced OC12/STM4 multimode
(11)
No
Yes
PA-A3-OC12SMI
1-port ATM Enhanced OC12/STM4 single mode (IR)
(11)
No
Yes
PA-A3-E3
1-port ATM Enhanced E3
Yes
Yes
PA-A3-T3
1-port ATM Enhanced DS3
Yes
Yes
PA-A3-8E1IMA
8-port ATM Inverse Mux E1, 120 ohm
(11)
Yes
Yes
PA-A3-8T1IMA
8-port ATM Inverse Mux T1
(11)
Yes
Yes
PA-4C-E=
1-port Enhanced ESCON Channel
Yes
Yes
PA-SRP-OC12MM=
DPT-OC12 multimode (Cisco 7200 series only)
Yes
No
PA-SRP-OC12SMI=
DPT-OC12 single mode (IR) (Cisco 7200 series only)
Yes
No
PA-SRP-OC12SML=
DPT-OC12 single mode (LR) (Cisco 7200 series only)
Yes
No
PA-SRP-OC12SMX=
DPT-OC12 single mode extended reach (Cisco 7200 series only)
Yes
No
SRPIP-OC12MM=
DPT-OC12 multimode (Cisco 7500 series only)
No
Yes
SRPIP-OC12SMI=
DPT-OC12 single mode (IR) (Cisco 7500 series only)
No
Yes
SRPIP-OC12SML=
DPT-OC12 single mode (LR) (Cisco 7500 series only)
No
Yes
SRPIP-OC12SMX=
DPT-OC12 single mode extended reach (Cisco 7500 series only)
No
Yes
PA-4E
4-Port Ethernet 10BASE-T
Yes
Yes
PA-4E1G/75
4-port E1 G.703 Serial, 75 ohm/unbalanced
Yes
Yes
PA-4E1G/120
4-port E1 G.703 Serial, 120 ohm/balanced
Yes
Yes
PA-5EFL
5-port Ethernet 10BASE-FL
Yes
Yes
PA-8E
8-port Ethernet 10BASE-T
Yes
Yes
PA-FE-FX
1-port Fast Ethernet 100BASE-FX
Yes
Yes
PA-FE-TX
1-port Fast Ethernet 100BASE-TX
Yes
Yes
PA-2FE-FX
2-port Fast Ethernet 100BASE-FX
(15)
Yes
Yes
PA-2FE-TX
2-port Fast Ethernet 100BASE-TX
(15)
Yes
Yes
PA-GE
1-port Gigabit Ethernet
Yes
No
PA-F/FD-MM
1-port FDDI Full Duplex multimode
No
Yes
PA-F/FD-SM
1-port FDDI Full Duplex single mode
No
Yes
PA-H
1-port High-Speed Serial Interface (HSSI)
Yes
Yes
PA-2H
2-port High-Speed Serial Interface (HSSI)
Yes
Yes
PA-MC-T3
1-port multichannel T3
Yes
Yes
PA-MC-E3
1-port multichannel E3
Yes
Yes
PA-MC-2T3+
2-port multichannel T3
Yes
Yes
PA-MC-2T1
2-port multichannel T1, integrated CSU/DSUs
Yes
Yes
PA-MC-2E1/120
2-port multichannel E1, G.703 120 ohm interface
Yes
Yes
PA-MC-4T1
4-port multichannel T1, integrated CSU/DSUs
Yes
Yes
PA-MC-8T1
8-port multichannel T1, integrated CSU/DSUs
Yes
Yes
PA-MC-8E1/120
8-port multichannel E1, G.703 120 ohm interface
Yes
Yes
PA-MC-8TE1+
8 port multichannel T1/E1 8PRI
Yes
No
PA-MC-8DSX1
8 port multichannel T1 with integrated DSUs
Yes
Yes
PA-MC-STM-1MM
1-port multichannel STM-1 multimode
(14)
No
Yes
PA-MC-STM-1SMI
1-port multichannel STM-1 single mode
(14)
No
Yes
PA-4B-U
4-port BRI, U Interface
Yes
No
PA-8B-S/T
8-port BRI, S/T Interface
Yes
No
SA-ENCRYPT=
Encryption Service Adapter
Yes
Yes
SA-ISA
Integrated Services Adapter for IPSec or MPPE encryption
Yes
No
SA-VAM
VPN Acceleration Module (VAM)
Yes
No
PA-POS-OC3MM
1-port Packet-over-SONET OC3c/STM1 multimode
Yes
Yes
PA-POS-OC3SMI
1-port Packet-over-SONET OC3c/STM1 single mode (IR)
Yes
Yes
PA-POS-OC3SML
1-port Packet-over-SONET OC3c/STM1 single mode (LR)
Yes
Yes
PA-4T+
4-port Serial, Enhanced
Yes
Yes
PA-8T-V35
8-port Serial, V.35
Yes
Yes
PA-8T-X21
8-port Serial, X.21
Yes
Yes
PA-8T-232
8-port Serial, 232
Yes
Yes
PA-T3
1-port T3 Serial, T3 DSUs
Yes
Yes
PA-T3+
1-port T3 Serial, Enhanced
Yes
Yes
PA-2T3
2-port T3 Serial, T3 DSUs
Yes
Yes
PA-2T3+
2-port T3 Serial, Enhanced
Yes
Yes
PA-E3
1-port E3 Serial, E3 DSUs
Yes
Yes
PA-2E3
2-port E3 Serial, E3 DSUs
Yes
Yes
PA-4R-DTR
4-port Dedicated Token Ring, 4/16Mbps, HDX/FDX
Yes
Yes
PA-MCX-2TE1=
2-port MIX-enabled multichannel T1/E1, CSU/DSU
No
No
PA-MCX-4TE1=
4-port MIX-enabled multichannel T1/E1, CSU/DSU
No
No
PA-MCX-8TE1-M=
Signaling System 7 over IP (SS7oIP)
No
No
PA-MCX-8TE1=
8-port MIX-enabled multichannel T1/E1, CSU/DSU
No
No
PA-VXA-1TE1-24+
1-port T1/E1 Digital Voice, 24 Channels
No
Yes
PA-VXA-1TE1-30+
1-port T1/E1 Digital Voice, 30 Channels
No
Yes
PA-VXB-2TE1+
2-port T1/E1 moderate capacity, enhanced
No
Yes
PA-VXC-2TE1+
2 port TE1 high capacity, enhanced
No
Yes
1 For a spare product number, append the product number with an equal sign (=). If a product number is listed as a spare product, only a spare product is available.
Determining the Software Version
To determine the version of Cisco IOS software currently running on your Cisco router, log in to the router and enter the show version EXEC command. The following is sample output from the show version command. The version number is indicated on the second line.
Router> show versionCisco Internetwork Operating System SoftwareIOS (tm) 7200 Software (C7200-P-M), Version 12.0(21)ST, RELEASE SOFTWAREAdditional command output lines include more information, such as processor revision numbers, memory amounts, hardware IDs, and partition information.
Upgrading to a New Software Release
For general information about upgrading to a new software release, see the Cisco document Software Installation and Upgrade Procedures located at the following location:
http://www.cisco.com/en/US/products/hw/routers/tsd_products_support_category_home.html
Microcode Software
Table 7 lists the current microcode versions for the Cisco 7500/RSP series. This series includes the Cisco 7500 series routers.
Microcode software images are bundled with the system software image, except for the Channel Interface Processor (CIP) microcode (all system software images) and the Versatile Interface Processor (VIP) microcode (certain system software images). Bundling eliminates the need to store separate microcode images. When the router starts, the system software unpacks the microcode software bundle and loads the proper software on all the interface processor boards. VIP and VIP2 microcode is bundled into all Cisco 7500 series feature sets listed in Table 7.
For further information about the CIP microcode, refer to the Cisco document Channel Interface Processor Microcode Release Note and Microcode Upgrade Instructions.
Feature Set Tables
The Cisco IOS software is packaged in feature sets consisting of software images—depending on the platform. Each feature set contains a specific set of Cisco IOS features.
Different platforms support different feature sets. Table 8 through Table 12 list the newest features and feature sets supported by the Cisco 7200 series, the Cisco 7500/RSP series, the Cisco 10000 series, the Cisco 10720, and the Cisco 12000 series in Cisco IOS Release 12.0 ST. The tables use the following conventions:
•
•
•
Note
New and Changed Information
This section lists the new hardware and software features supported by the Cisco 7200 series, Cisco 7500 series, Cisco 10000 series, Cisco 10720 Internet router, and Cisco 12000 series Internet routers in Cisco IOS Release 12.0 ST and contains the following sections:
•
•
•
•
•
•
•
•
•
•
•
•
•
For the latest hardware and software features, see the following section, "New Features in Cisco IOS Release 12.0(21)ST."
New Features in Cisco IOS Release 12.0(21)ST
Cisco IOS Release 12.0(21)ST supports the following new features:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
10 Gbps POS Enhanced Services Line Cards
Platforms: Cisco 12000 series Internet routers
The 1-port OC-192 POS Enhanced Services (ES, also referred to as Engine 4 plus) and Quad OC-48 POS ES line cards for Cisco 12400 Internet routers support an extensive list of features that enable service providers to provide customers with the means to build scalable, feature-rich 10G networks that support value-added services, such as MPLS VPN, voice, and tiered service offerings, without compromising performance.
Cisco IOS Release 12.0(21)ST supports all the features in Release 12.0(21)S (see the note below) along with the following additional features:
•
•
•
•
•
•
Note
For information about how to install and configure 10 Gbps POS Enhanced Services line cards, refer to the Cisco documents at the following locations:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_pos/11420q48.htm
http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_pos/11421192.htm
128 ACLs, MPLS VPN, IP Marking on Engine 2 POS Line Cards
Platforms: Cisco 12000 series Internet routers
Engine 2 (E2) Packet-over-SONET (POS) line cards in Cisco 12000 series Internet routers now support the following features:
•
For information about the performance improvement that you receive by using up to 128 ACL entries on input interfaces and how to enable the 128 ACL entries, refer to the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s10/hw_acl.htm
•
A Virtual Private Network (VPN) is a secure IP-based network that uses a shared backbone to distribute resources on one or more physical networks located in geographically dispersed sites. MPLS-based VPNs enable highly scalable, highly flexible IP VPNs in Layer 3 without tunneling or encryption. For more information about MPLS VPNs, refer to the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/vpn.htm
•
This feature allows you to mark packets by setting the IP precedence bits or the IP differentiated services code point (DSCP) in the IP type of service (ToS) byte. By marking packets, you can classify traffic on the basis of the IP precedence or IP DSCP value. IP marking can be used to identify traffic within the network. Also, other interfaces can match traffic based on the basis of the IP precedence or DSCP markings. For more information about how to use IP packet precedence marking, refer to the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft/121t/121t5/cbpmark2.htm
These features (128 ACLs, MPLS VPNs, and IP precedence marking) are supported on the following E2 POS line cards:
•
•
•
•
BGP Policy Accounting on 3-Port Gigabit Ethernet Line Cards per VLAN Support
Platforms: Cisco 12000 series Internet routers
Cisco IOS Release 12.0(21)ST now supports Border Gateway Protocol (BGP) policy accounting on 3-port Gigabit Ethernet line cards per VLAN.
IP Services Engine Line Cards for the Cisco 12000 Series Internet Routers
Platforms: Cisco 12000 series Internet routers
The IP Services Engine (ISE) line cards (also referred to as Engine 3 line cards) for the Cisco 12000 series Internet router provide enhanced Layer 3 capabilities for high-speed customer aggregation, backbone connectivity, and peering solutions. These line cards are available in both concatenated and channelized versions. The ISE line cards offer the following advantages:
•
•
•
•
•
The following concatenated line cards are introduced for the Cisco 12000 series Internet routers:
Concatenated 1-Port OC-48/STM-16
The 1-port OC-48/STM-16 line card provides the Cisco 12000 series Internet routers with one 2488-Mbps concatenated Packet-over-SONET (POS) interface on a single card.
Concatenated 4-Port OC-12/STM-4
The 4-port OC-12/STM-4 line card provides the Cisco 12000 series Internet routers with four 622-Mbps concatenated Packet-over-SONET (POS) interfaces on a single card.
Concatenated 16-Port OC-3/STM-1
The 16-port OC-3/STM-1 line card provides the Cisco 12000 series Internet routers with 16 155-Mbps concatenated POS interfaces on a single card.
Refer to the following Cisco publications for additional information:
•
–
•
–
–
–
The following channelized line cards are introduced for the Cisco 12000 series Internet routers:
Channelized 1-Port OC-48/STM-16
The 1-port Channelized OC-48/STM-16 to DS-3/E3 line card supports both SONET and SDH framing and provides DS-3/E3 aggregation for the Cisco 12000 series Internet router. For SDH, both AU-3 and AU-4 mappings are supported. The line card interfaces with the Cisco 12000 series Internet router switch fabric and provides one OC-48/STM-16 duplex SC single-mode intermediate reach optical port that can be configured with up to 48 channelized interfaces.
Channelized 4-Port OC-12/STM-4
The 4-port Channelized OC-12/STM-4 to DS-3/E3 line card supports both SONET and SDH framing and provides DS-3/E3 aggregation for the Cisco 12000 series Internet router. For SDH, both AU-3 and AU-4 mappings are supported. The line card interfaces with the Cisco 12000 series Internet router switch fabric and provides four OC-12/STM-4 duplex SC single-mode intermediate reach optical ports. Each of these ports can be configured with up to 12 channelized interfaces.
Refer to the following Cisco publications for additional information:
•
–
•
–
–
Supported Features on ISE Line Cards
The ISE line cards that are introduced in Cisco IOS Release 12.0(21)ST support MPLS VPN and the following features on both physical interfaces and subinterfaces:
•
•
•
•
•
•
•
•
•
•
•
•
•
IPv6 for Cisco IOS Software
Platforms: Cisco 12000 series Internet routers
IPv6, formerly called IPng (next generation), is the latest version of IP and offers many benefits, such as a larger address space, over the previous version of IP (version 4). The IPv6 for Cisco IOS Software feature was first introduced in Cisco IOS Release 12.2(2)T. In Cisco IOS Release 12.0(21)ST, the IPv6 for Cisco IOS Software feature is enhanced by the addition of the following features:
•
•
•
•
•
•
For further information, refer to the Cisco documents at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t2/ipv6/index.htm
IS-IS HMAC-MD5 Authentication
Platforms: Cisco 7200 series routers, Cisco 7500 series routers, Cisco 10000 series edge services routers, Cisco 10720 Internet router, Cisco 12000 series Internet routers
The IS-IS HMAC-MD5 Authentication feature adds an HMAC-MD5 digest to each Intermediate System-to-Intermediate System (IS-IS) protocol data unit (PDU). HMAC is a mechanism for message authentication codes (MAC) using cryptographic hash functions. The digest allows authentication at the IS-IS routing protocol level, which prevents unauthorized routing messages from being injected into the network routing domain.
IS-IS has five packet types: link-state packet (LSP), LAN Hello, Serial Hello, complete sequence number PDU (CSNP), and partial sequence number PDU (PSNP). The IS-IS HMAC-MD5 authentication or the cleartext password authentication can be applied to all five types of PDU. The authentication can be enabled on different IS-IS levels independently. The interface-related PDUs (LAN Hello, Serial Hello, CSNP and PSNP) can be enabled with authentication on different interfaces, with different levels and different passwords.
The HMAC-MD5 mode cannot be mixed with the clear text mode on the same authentication scope (LSP or interface). However, administrators can use one mode for LSP and another mode for some interfaces, for example. If mixed modes are intended, different keys should be used for different modes in order not to compromise the encrypted password in the PDUs.
For more information about the IS-IS HMAC-MD5 Authentication feature, refer to the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/ftmd5isi.htm
Label Switch Routing
Platform: Cisco 10000 series edge services routers
The label switch router (LSR) feature enables the Cisco 10000 series edge services (ESR) router to function as a provider router (P router) in a Multiprotocol Label Switching (MPLS) network. Previously, the Cisco 10000 series ESR could function as a provider edge router (PE router), forwarding packets from an IP network to an MPLS (label imposition) network and from an MPLS network to an IP (label disposition) network. This feature adds full LSR support, enabling the router to perform MPLS-to-MPLS forwarding (label switching).
For more information about MPLS on Cisco routers, including the Cisco 10000 series ESR, refer to the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/fs_rtr.htm
New Features
LSR provides the following new features:
•
•
•
•
•
–
–
–
Requirements
To run the LSR feature, the Cisco 10000 series ESR must have the PRE1 version (part number ESR-PRE1) of the Performance Routing Engine (PRE) installed in the Cisco 10000 series ESR chassis. You can verify which PRE is installed in the chassis by using the show version command.
MPLS AToM - Ethernet over MPLS and MPLS AToM - ATM AAL5 over MPLS
Platforms: Cisco 12000 series Internet routers
In Cisco IOS Release 12.0(21)ST, the following Multiprotocol Label Switching (MPLS) Any Transport over MPLS (AToM) features are supported:
•
•
The Ethernet over MPLS feature allows you to connect two VLAN networks that are in different locations, without using expensive bridges, routers, or switches at the VLAN locations. You can enable the MPLS backbone network to accept Layer 2 VLAN traffic by configuring the label edge routers (LERs) at both ends of the MPLS backbone.
In Cisco 12000 series Internet routers, Ethernet over MPLS label imposition is supported on the following engines and line cards:
•
Cisco 12000 Series 3-Port Gigabit Ethernet line cardsIn Cisco 12000 series Internet routers, Ethernet over MPLS label disposition is supported on the following engines and line cards:
•
Cisco 12000 Series 3-Port Gigabit Ethernet line cards
Cisco 12000 Series 8-Port OC3c/STM-1c POS/SDH line cards
Cisco 12000 Series 16-Port OC3c/STM-1c POS/SDH line cards
Cisco 12000 Series 4-Port OC12c/STM-4c POS/SDH line cards
Cisco 12000 Series 1-Port OC48c/STM-16c POS/SDH line cards•
Cisco 12000 Series 4-Port OC-48c/STM-16c POS line cards
Cisco 12000 Series 1-Port OC-192c/STM-64c POS/SDH line cardsFor further information, refer to the Cisco document MPLS AToM—Ethernet over MPLS at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/eompls20.htm
The ATM AAL5 over MPLS feature provides an ATM permanent virtual circuit (PVC) for transporting AAL5 PDUs across an IP/MPLS backbone with rate-limit policing and configurable PVC priority values. A dynamic MPLS tunnel is configured to enable label imposition and disposition of encapsulated ATM PDUs transported between two edge routers having a Label Distribution Protocol (LDP) neighbor relationship.
In Cisco 12000 series Internet routers, AAL5 over MPLS label disposition is supported on the following engines and line cards:
•
Cisco 12000 Series 4-Port OC-3c/STM-1c POS/SDH line cards
Cisco 12000 Series 1-Port OC-12c/STM-4c POS/SDH line cards•
Cisco 12000 Series 3-Port Gigabit Ethernet line cards
Cisco 12000 Series 8-Port OC3c/STM-1c POS/SDH line cards
Cisco 12000 Series 16-Port OC3c/STM-1c POS/SDH line cards
Cisco 12000 Series 4-Port OC12c/STM-4c POS/SDH line cards
Cisco 12000 Series 1-Port OC48c/STM-16c POS/SDH line cards
Cisco 12000 Series 1-Port OC-48c/STM-16c DPT line cardsIn Cisco 12000 series Internet routers, AAL5 over MPLS label imposition and disposition are supported on the following engines and line cards:
•
Cisco 12000 Series 4-Port OC-3c/STM-1c ATM line cards
Cisco 12000 Series 1-Port OC-12c/STM-4c ATM line cards
Cisco 12000 Series 4-Port OC-12c/STM-4c ATM line cardsFor further information, see the "AAL5 Transport over MPLS" section and refer to the Cisco document MPLS AToM—ATM AAL5 over MPLS at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/fsaal5.htm
Note
MPLS Enhancements in the Cisco 10720 Internet Router
Platform: Cisco 10720 Internet router
MPLS Provider Backbone and Provider Edge Functionality in the Cisco 10720 Internet Router
Cisco IOS Release 12.0(21)ST supports the following MPLS provider (P) backbone and provider edge (PE) functionality in the Cisco 10720 Internet router in addition to existing IP features:
•
•
•
The IP Virtual Private Network (VPN) feature for MPLS allows a Cisco IOS network to deploy scalable IPv4 Layer 3 VPN backbone services. An IP VPN is the foundation that companies use for deploying or administering value-added services including applications and data hosting network commerce, and telephony services to business customers. For more information about MPLS VPNs, refer to the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/fs_vpn.htm
Cisco's MPLS label distribution protocol (LDP), as standardized by the Internet Engineering Task Force (IETF) and as enabled by Cisco IOS software, allows the construction of highly scalable and flexible IP VPNs that support multiple levels of services.
LDP provides a standard methodology for hop-by-hop, or dynamic label, distribution in an MPLS network by assigning labels to routes that have been chosen by the underlying Interior Gateway Protocol (IGP) routing protocols. The resulting labeled paths, called label switch paths or LSPs, forward label traffic across an MPLS backbone to particular destinations. These capabilities enable service providers to implement Cisco's MPLS-based IP VPN services across multivendor MPLS networks. For more information about MPLS LDP, refer to the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/fsldp_21.htm
Label switching combines the performance and capabilities of Layer 2 (data link layer) switching with the proven scalability of Layer 3 (network layer) routing. It enables service providers to meet challenges brought about by explosive growth and provides the opportunity for differentiated services without necessitating the sacrifice of existing infrastructure. The label switching architecture is remarkable for its flexibility. Data can be transferred over any combination of Layer 2 technologies, support is offered for all Layer 3 protocols, and scaling is possible well beyond anything offered in today's networks.
Specifically, label switching can efficiently enable the delivery of IP services over an ATM switched network. It supports the creation of different routes between a source and a destination on a purely router-based Internet backbone. Service providers who use label switching can save money and increase revenue and productivity. For more information about MPLS label switching, refer to the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/fs_rtr.htm
New Show Commands for MPLS Forwarding in Cisco 10720 Internet Routers
In a Cisco 10720 Internet router, you can use the following command to display hardware information about the MPLS forwarding performed by Parallel Express Forwarding (PXF) for a given IP prefix or incoming MPLS label:
show hardware pxf cpu mpls [network [mask] | label]
Where:
network specifies the IP address of a destination network.
mask specifies the network mask of a destination network.
label specifies an incoming MPLS label.For more information on the command syntax and for sample output, refer to the Cisco document
Cisco IOS Software Configuration for the Cisco 10720 Internet Router at the following location:http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st18/10720.htm
MPLS LDP—MIB Traps
Platforms: Cisco 7200 series routers, Cisco 7500 series routers, Cisco 12000 series Internet routers
Cisco IOS Release 12.0(11)ST introduced the MPLS Label Distribution Protocol (LDP) MIB, whereas Release 12.0(21)ST adds support for MPLS LDP MIB traps. When you enable MPLS LDP MIB notification functionality by issuing the snmp-server enable traps mpls ldp command, notification messages are generated and sent to a designated network management station (NMS) in the network to signal the occurrence of specific events within Cisco IOS software.
The MPLS LDP MIB objects involved in LDP status transitions and event notifications include the following:
•
•
•
•
Note
For further information, see the "Label Distribution Protocol MIB" section and refer to the Cisco document MPLS Label Distribution Protocol MIB at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/ldpmib21.htm
MPLS Traffic Engineering (TE)—Interarea Tunnels on 12000 Series Internet Routers
Platforms: Cisco 12000 series Internet routers
Cisco IOS Release 12.0(19)ST1 introduced the MPLS Traffic Engineering (TE)—Interarea Tunnels feature on the Cisco 7200 series and Cisco 7500 series routers. In Cisco IOS Release 12.0(21)ST, this feature is also supported on the Cisco 12000 series Internet routers.
The MPLS Traffic Engineering (TE)—Interarea Tunnels feature allows you to establish MPLS TE tunnels that span multiple Interior Gateway Protocol (IGP) areas and levels, removing the restriction that had required that the tunnel headend and tailend routers both be in the same area. The IGP can be either Intermediate System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF).
To configure an interarea tunnel, you specify on the headend router a loosely routed explicit path for the tunnel label switched path (LSP) that identifies each area border router (ABR) that the LSP should traverse using the next-address loose command. The headend router and the ABRs along the specified explicit path expand the loose hops, each computing the path segment to the next ABR or tunnel destination.
For further information, refer to the Cisco document MPLS Traffic Engineering (TE)—Interarea Tunnels at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st19/inter_ar.htm
MPLS VPN and Fast Reroute on 10 Gbps POS Enhanced Services Line Cards
Platforms: Cisco 12000 series Internet routers
The MPLS Virtual Private Network (VPN) and Fast Reroute (FRR) features are supported on Packet-over-SONET (POS) Enhanced Services (ES, also referred to as Engine 4 plus) line cards in Cisco 12000 series Internet routers, including:
•
•
A VPN is a secure IP-based network that uses a shared backbone to distribute resources on one or more physical networks located in geographically dispersed sites. MPLS-based VPNs enable highly scalable, highly flexible IP VPNs in Layer 3 without tunneling or encryption. For more information about MPLS VPNs, refer to the Cisco document at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t5/vpn.htm
Regular MPLS traffic engineering automatically establishes and maintains label-switched paths (LSPs) across the backbone using Resource Reservation Protocol (RSVP). The path used by a given LSP at any point in time is based upon the LSP resource requirements and available network resources such as bandwidth.
Available resources are flooded via extensions to a link-state based Interior Gateway Protocol (IGP), such as IS-IS or OSPF.
Paths for LSPs are calculated at the LSP headend. Under failure conditions, the headend determines a new route for the LSP. Recovery at the headend provides for the optimal use of resources. However, because of messaging delays, the headend cannot recover as fast as possible by making a repair at the point of failure.
Fast Reroute provides link protection to LSPs. This enables all traffic carried by LSPs that traverse a failed link to be rerouted around the failure. The reroute decision is completely controlled locally by the router interfacing the failed link. The headend of the tunnel is also notified of the link failure through the IGP or through RSVP; the headend then attempts to establish a new LSP that bypasses the failure.
For more information about Fast Reroute, see the "MPLS Traffic Engineering (TE)—Fast Reroute (FRR) Link Protection" section .
MPLS VPN Carrier Supporting Carrier and Interautonomous Systems Supported on Engine 2 POS Line Cards
Platforms: Cisco 12000 series Internet routers
The MPLS Virtual Private Network (VPN) features, carrier supporting carrier and interautonomous systems, are now supported on Engine 2 Packet-over-SONET (POS) line cards in Cisco 12000 series Internet routers, including:
•
•
•
•
The carrier supporting carrier (CsC) feature enables an MPLS VPN-based service provider to allow other service providers to use a segment of its backbone network. It provides the following benefits to the backbone carrier (the service provider that provides the segment of the backbone network to the other provider) and customer carrier (the service provider that uses the segment of the backbone network):
•
•
•
•
•
•
•
For more information about the MPLS CsC feature, see the "MPLS VPN Carrier Supporting Carriers" section and the Cisco document MPLS VPN Carrier Supporting Carrier at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/csc20.htm
The interautonomous systems feature provides MPLS VPN services that can span multiple autonomous systems and VPN service providers. It provides the following benefits:
•
•
•
For more information about the MPLS interautonomous system feature, see the "MPLS VPN—Interautonomous System Support" section and the Cisco document Inter-Autonomous Systems for MPLS VPNs at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st17/intras17.htm
MPLS VPN Carrier Supporting Carrier—IPv4 BGP Label Distribution
Platforms: Cisco 7200 series routers, Cisco 7500 series routers
The MPLS VPN Carrier Supporting Carrier—IPv4 BGP Label Distribution feature enables you to configure your carrier supporting carrier network to enable Border Gateway Protocol (BGP) to transport routes and Multiprotocol Label Switching (MPLS) labels between the backbone carrier provider edge (PE) routers and the customer carrier customer edge (CE) routers. The backbone carrier offers BGP and MPLS VPN services. The customer carrier can be either:
•
•
Previously you had to use Label Distribution Protocol (LDP) and an internal gateway protocol (IGP) between PE and CE routers to achieve the same goal. Using BGP to distribute IPv4 routes and MPLS labels routes has the following benefits:
•
•
This feature is an extension of the MPLS VPN Carrier Supporting Carriers feature, introduced in Cisco IOS Release 12.0(14)ST. For more information, refer to the Cisco document MPLS VPN Carrier Supporting Carrier—IPv4 BGP Label Distribution at the following location:
MPLS VPN Inter-AS—IPv4 BGP Label Distribution
Platforms: Cisco 7200 series routers, Cisco 7500 series routers
The MPLS VPN Inter-AS—IPv4 BGP Label Distribution feature enables you to set up a VPN service provider (SP) network to exchange IPv4 routes with MPLS labels. You can configure the VPN service provider network as follows:
•
•
–
–
Alternatively, the route reflector can reflect the IPv4 routes and MPLS labels learned from the ASBR to the PE routers in the VPN. This is accomplished by enabling the ASBR to exchange IPv4 routes and MPLS labels with the route reflector. The route reflector also reflects the VPNv4 routes to the PE routers in the VPN (as mentioned in the first bullet). For example, in VPN1, RR1 reflects to PE1 the VPNv4 routes it learned and IPv4 routes and MPLS labels learned from ASBR1. Using the route reflectors to store the VPNv4 routes and forward them through the PE routers and ASBRs allows for a scalable configuration.
•
Using BGP to distribute IPv4 routes and MPLS labels routes has the following benefits:
•
•
•
For more information, refer to the Cisco document MPLS VPN Inter-AS—IPv4 BGP Label Distribution at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/fsbgp.htm
MPLS VPN MIB and MPLS VPN MIB Traps
Platforms: Cisco 7200 series routers, Cisco 7500 series routers, Cisco 12000 series Internet routers
Simple Network Management Protocol (SNMP) agent code operating in conjunction with the Provider-Provisioned VPN (PPVPN) Multiprotocol Label Switching Virtual Private Network (MPLS VPN) MIB enables a standardized, SNMP-based approach in managing MPLS VPNs in Cisco IOS software.
The PPVPN MPLS VPN MIB is based on the Internet Engineering Task Force (IETF) draft MIB draft-ietf-ppvpn-mpls-vpn-mib-03.txt, which includes objects describing features that support MPLS VPN events. This IETF draft MIB, which undergoes revisions from time to time, is being evolved toward becoming a standard. Accordingly, the Cisco implementation of features of the PPVPN MPLS VPN MIB is expected to track the evolution of the IETF draft MIB.
Some slight differences between the IETF draft MIB and the actual implementation of MPLS VPNs within Cisco IOS software require some minor translations between the PPVPN MPLS VPN MIB and the internal data structures of Cisco IOS software. These translations are accomplished by means of the SNMP agent code. Also, while running as a low priority process, the SNMP agent provides a management interface to Cisco IOS software.
The SNMP objects defined in the PPVPN MPLS VPN MIB can be viewed by any standard SNMP utility. The network administrator can retrieve information in the PPVPN MPLS VPN MIB using standard SNMP get and getnext operations.
All PPVPN MPLS VPN MIB objects are based on the IETF draft MIB; thus, no specific Cisco SNMP application is required to support the functions and operations that pertain to the PPVPN MPLS VPN MIB features.
In Cisco IOS Release 12.0(21)ST, the PPVPN MPLS VPN MIB provides you with the ability to do the following:
•
•
•
•
•
•
•
For further information—including information about how to configure the router to send SNMP traps— refer to the Cisco document MPLS VPN MIB at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/fsvpnmib.htm
OSPF Sham-Link Support for MPLS VPN
Platform: Cisco 12000 series Internet routers
In a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) configuration, the Open Shortest Path First (OSPF) protocol is one way you can connect customer edge (CE) routers to service provider edge (PE) routers in the VPN backbone. OSPF is often used by customers that run OSPF as their intrasite routing protocol, subscribe to a VPN service, and want to exchange routing information between their sites using OSPF (during migration or on a permanent basis) over an MPLS VPN backbone.
Using an OSPF sham-link in an MPLS VPN has the following benefits:
•
•
For further information about OSPF sham-link support for MPLS VPN, refer to the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st21/shamlink.htm
OSPF Support for Disabling the Down (DN) Bit Check for Multi-VRF CE Routers
Platform: Cisco 12000 series Internet routers
The OSPF Support for Disabling the Down (DN) Bit Check for Multi-VRF CE Routers feature provides the capability of suppressing provider edge (PE) checks. The checks are needed to prevent loops when the PE is performing a mutual redistribution of packets between Open Shortest Path First (OSPF) and Border Gateway Protocol (BGP). When VPN routing/forwarding (VRF) is used on a router that is not a PE (that is, one that is not running BGP), the checks can be turned off to allow for correct population of the VRF routing table with routes to IP prefixes.
The OSPF Support for Disabling the Down (DN) Bit Check for Multi-VRF CE Routers feature allows you to split the router into multiple virtual routers, where each contains its own set of interfaces, routing table, and forwarding table. On the basis of routing information stored in the VRF IP routing table and VRF Cisco Express Forwarding (CEF) table, packets are forwarded to their destination using Multiprotocol Label Switching (MPLS).
The OSPF Support for Disabling the Down (DN) Bit Check for Multi-VRF CE Routers feature gives you the ability to segment or single out parts of your network and configure those segments to perform specific functions, yet still maintain correct routing information.
For further information about the OSPF Support for Disabling the Down (DN) Bit Check for Multi-VRF CE Routers feature, refer to the following Cisco document:
RPR+ Support for Additional Line Cards in the Cisco 12000 Series Internet Router
Platform: Cisco 12000 series Internet routers
The list of supported line cards for Route Processor Redundancy Plus (RPR+) now includes the following additional line cards:
•
•
•
•
•
•
The following line cards are already supported for RPR+:
•
•
•
•
All other line cards (that is, ATM and Engine 3 line cards) are reset and reloaded during a RPR+ switchover.
With RPR+, if the Active RP fails, or if a manual switchover is performed, these line cards are not reset during a switchover to the standby RP. The interfaces remain up during this transfer, so neighboring routers do not detect a link flap (that is, a link does not go down and back up).
Refer to the following document for additional information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st17/rpr_plus.htm
SNMP Version 3
Platforms: Cisco 7200 series routers, Cisco 7500 series routers, Cisco 10000 series edge services routers, Cisco 10720 Internet router, Cisco 12000 series Internet routers
Simple Network Management Protocol version 3 (SNMPv3) addresses issues related to the large-scale deployment of SNMP for configuration, accounting, and fault management. Currently SNMP is predominantly used for monitoring and performance management. The primary goal of SNMPv3 is to define a secure version of the SNMP protocol. SNMPv3 also facilitates remote configuration of the SNMP entities that make remote administration of SNMP entities a much simpler task. SNMPv3 builds on top of SNMPv1 and SNMPv2 to provide a secure environment for the management of systems and networks.
SNMPv3 provides an identification strategy for SNMP devices to facilitate communication only between known SNMP strategies. Each SNMP device has an identifier called the SNMP EngineID, which is a copy of SNMP. Each SNMP message contains an SNMP EngineID. SNMP communication is possible only if an SNMP entity knows the identity of its peer SNMP device.
SNMPv3 also contains a security model or security strategy that exists between an SNMP user and the SNMP group to which the user belongs. A security model may define the security policy within an administrative domain or an intranet. The SNMPv3 protocol consists of the specification for the User-based Security Model (USM).
Definition of security goals in which the goals of message authentication service include the following protection strategies:
•
•
•
•
–
–
–
For further information about SNMP version 3, refer to Cisco document SNMPv3 at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120t/120t3/snmp3.htm
SONET APS 1+1 for 4-Port OC-3 ATM and 1-Port OC-12 ATM Line Cards
Platforms: Cisco 10000 series edge services routers
In Cisco IOS Release 12.0(21)ST, the Cisco 10000 series edge services router (ESR) supports SONET automatic protection switching (APS) 1+1 redundancy for the 4-port OC-3 ATM and 1-port OC-12 ATM line cards. APS 1+1 support is card-to-card. When the active line card fails, the redundant line card takes over. For line cards with multiple ports (such as the 4-port OC-3 ATM line card), you can also use APS 1+1 support to switch from one port to another port as long as the redundant port is on a different line card.
The Cisco 10000 series ESR supports SONET APS operation that is:
•
•
•
Note
For information about configuring APS on a Cisco 10000 series ESR, refer to the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/aggr/10000/10ksw/apsos.htm
VPN Aware DHCP Relay for Non-Overlapping Addresses
Platforms: Cisco 7200 series routers, Cisco 7500 series routers, Cisco 10000 series edge services routers, Cisco 10720 Internet router, Cisco 12000 series Internet routers
In Cisco IOS Release 12.0(21)ST, Dynamic Host Configuration Protocol (DHCP) relay works with VPN routing/forwarding (VRF) Virtual Private Networks (VPNs). VPN Aware DHCP Relay for Non-Overlapping Addresses requires each VPN to have its own DHCP server.
VRF over FR Subinterfaces
Platform: Cisco 12000 series Internet routers
VPN routing/forwarding instances (VRFs) are supported over Frame Relay (FR) subinterfaces on Engine 2 Packet-over-SONET (POS) line cards in Cisco 12000 series Internet routers, including:
•
•
•
•
On an Engine 2 line card interface configured with Frame Relay encapsulation, each subinterface can be associated to either the global Forwarding Information Base (FIB) table or any configured VRF. This association is independent for each Frame Relay subinterface. It is not necessary for all subinterfaces on the same physical interface to belong to the same VRF.
Packets that arrive at an E2 line card interface with Frame Relay encapsulation are processed as follows:
•
•
•
New Features in Cisco IOS Release 12.0(20)ST
Cisco IOS Release 12.0(20)ST supports the following new features for the Cisco 10000 series edge services routers only:
•
•
•
•
•
4-Port OC-3 ATM Line Card
The 4-port OC-3 ATM line card provides four 155.52-Mbps SONET/SDH connections to ATM networks. It uses a standard implementation of ATM over SONET switching to provide four trunk uplinks for the Cisco 10000 series edge services router.
6-Port OC-3/POS Line Card
The 6-port OC-3/POS line card allows Internet access and provider-to-provider peering through Cisco 10000 equipment via unchannelized OC-3 interfaces. To meet global requirements, the card supports both SONET (STS3c) and SDH (STM1c) framing and signaling.
8-Port Unchannelized E3/T3 Line Card
The 8-port unchannelized E3/T3 line card is an advanced E3 and T3 interface module for the Cisco 10000 series edge services router (ESR). It supports eight physical BNC connections, which can be configured for E3 or T3. Each E3 or T3 connection can either support a full clear-channel or be subrated by limiting the data transfer rate, and thereby reducing the peak access rate.
Subrate modes configure each interface of the 8-port unchannelized E3/T3 line card to connect with Cisco port adaptors and with customer premise data service units (DSUs). The 8-port unchannelized E3/T3 line card supports maximum flexibility in that it can be used in any Cisco 10000 series ESR chassis (with no slot dependency) and can be hot-swapped. It is fully manageable by means of standard Cisco management tools, and it supports all IP networking protocols. In addition, it supports the following encapsulation protocols:
•
•
•
•
Diffserv Compliant WRED
The Diffserv Compliant WRED feature extends the functionality of Weighted Random Early Detection (WRED) to enable support for Differentiated Services (DiffServ) and Assured Forwarding (AF) Per Hop Behavior (PHB). DiffServ Compliant WRED enables customers to implement AF PHB by coloring packets according to Differentiated Services Code Point (DSCP) values and then assigning preferential drop probabilities to those packets.
Generic Routing Encapsulation (GRE)
Generic Routing Encapsulation (GRE) supports Generic Routing Encapsulation (GRE) IP and Distance Vector Multicast Routing Protocol (DVMRP) multicast tunnel modes to transport otherwise unroutable packets across the IP network and provide data separation for Virtual Private Network (VPN) services. GRE tunnels make it possible to have multiprotocol local networks running over a single-protocol backbone. They also provide workarounds for networks that contain protocols that have limited hop counts, connectivity for discontinuous subnetworks, and connectivity for VPNs across wide-area networks. DVMRP multicast tunnel modes are supported only between the Cisco 10000 series edge services router and a Sun SPARCstation that is running DVMRP version 3.8 or higher.
Multiplex Section Protection (MSP)
This feature adds support for Multiplex Section Protection (MSP) redundancy for the 4-port channelized STM-1 line card (ESR-4OC3-CHSTM1) for the Cisco 10000 router (ESR10008 and ESR10005). This feature provides linear, nonrevertive, 1+1 protection on a per-port basis. MSP support requires two ESR-4OC3-CHSTM1 line cards.
NetFlow Accounting
NetFlow Accounting supports gathering and exporting Version 5 and Version 8 record types to NetFlow FlowCollectors, and provides basic metering for a key set of applications, including network traffic accounting, usage-based network billing, network planning, and network monitoring capabilities.
Policy-Based Routing (PBR)
Policy-Based Routing (PBR) provides a tool for expressing and implementing the forwarding or routing of data packets, on the basis of the policies that are defined by network administrators. PBR allows policy override on routing protocol decisions by selectively applying policies based on access list and/or packet size. Network administrators can also use PBR to selectively change the IP ToS, IP precedence, and IP QoS Group fields for matching incoming packets on an interface.
The Cisco 10000 series edge services router supports a maximum of 255 PBR policies and 32 route maps within each policy. The following subset of policy-based routing commands is supported in this release of Cisco IOS software:
•
•
•
•
•
•
•
•
•
•
Priority Queueing (PQ/CBWFQ on ATM PVCs
Priority Queueing (PQ)/CBWFQ on ATM PVCs allows a service policy, including class queue policy statements, to be attached to ATM variable bit rate (VBR) virtual circuits (VCs). This feature is enabled using the Modular Quality of Service Command-Line Interface (MQC) syntax.
Subinterface Policy Maps
Subinterface Policy Maps allows you to use the service-policy command to configure quality of service (QoS) features at the subinterface level in addition to configuring QoS features on main interfaces. The types of subinterfaces supported include Frame Relay, ATM (both unspecified bit rate [UBR] and variable bit rate [VBR]), and 802.1Q VLAN. ATM VBR subinterfaces support all QoS features including queueing. On all other subinterface types, any queueing-related commands in the service-policy, such as bandwidth, priority, shape, queue-limit, and random-detect, are ignored.
Turbo Quality of Service (QoS)
Turbo Quality of Service (QoS) provides more efficient handling of QoS policy maps for quicker packet classification and a QoS solution that scales.
New Features in Cisco IOS Release 12.0(19)ST1
Cisco IOS Release 12.0(19)ST1 supports the following new features:
•
Frame Relay Fast Restart
The Frame Relay Fast Restart feature increases network availability by reducing recovery time from Route Processor (RP) failures on Cisco 7500 series and Cisco 10000 series routers in Frame Relay networks. This feature reduces recovery time by accelerating the transition from primary RP to standby RP after a hardware or software failure.
When a switchover from primary RP to standby RP occurs on a switch that has Frame Relay line cards, the switch must implement an initialization procedure to bring permanent virtual circuits (PVCs) back up and to reestablish dynamic mappings. While this procedure is under way, the Frame Relay interface is unavailable for traffic forwarding. Before the introduction of this feature, the initialization procedure took from 30 to 90 seconds to complete on each Frame Relay interface. The Frame Relay Fast Restart feature reduces interface restart time to 10 to 15 seconds.
Route Processor Redundancy Plus (RPR+)
The Route Processor Redundancy Plus (RPR+) feature is an enhancement to the RPR feature on Cisco 7500 series routers. RPR+ keeps the Virtual Interface Processors (VIPs) from being reset and reloaded when a switchover occurs between the active and standby Route Switch Processors (RSPs). Because VIPs are not reset, microcode is not reloaded on the VIPs, and the time needed to parse the configuration is eliminated, switchover time is reduced to 30 to 40 seconds.
New Features in Cisco IOS Release 12.0(19)ST
Cisco IOS Release 12.0(19)ST supports the following new features for the Cisco 10000 series edge services routers only:
•
ATM PVCs
The Cisco 10000 series edge services router (ESR) now supports 4000 ATM permanent virtual circuits (PVCs).
MPLS Traffic Engineering (TE)—Interarea Tunnels
Platforms: Cisco 7200 series routers, Cisco 7500 series routers
The MPLS Traffic Engineering (TE)—Interarea Tunnels feature allows you to establish MPLS TE tunnels that span multiple Interior Gateway Protocol (IGP) areas and levels, removing the restriction that had required that the tunnel headend and tailend routers both be in the same area. The IGP can be either Intermediate System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF).
To configure an interarea tunnel, you specify on the headend router a loosely routed explicit path for the tunnel label switched path (LSP) that identifies each area border router (ABR) that the LSP should traverse using the next-address loose command. The headend router and the ABRs along the specified explicit path expand the loose hops, each computing the path segment to the next ABR or tunnel destination.
For further information, refer to the Cisco document MPLS Traffic Engineering (TE)—Interarea Tunnels at the following location:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st19/inter_ar.htm
Per-Packet Load Balancing
Per-Packet Load Balancing (PPLB) ensures load balancing over multiple links by allowing the router to send successive data packets over paths, without regard to individual hosts or user sessions. PPLB uses a round-robin method to determine which path each packet takes to arrive at the destination.
New Features in Cisco IOS Release 12.0(18)ST
Cisco IOS Release 12.0(18)ST supports the following new features:
•
•
•
•
•
•
•
Feature module documentation for select features can be found on the
"New Features in Release 12.0(18)ST" page on Cisco.com or the Documentation CD-ROM.802.1p Support on the Cisco 10720 Internet Router
The IEEE 802.1p standard provides a means for individual end stations to request a particular quality of service (QoS) of the network and for the network to respond accordingly. 3-bits in the 802.1Q header with values ranging from 0 to 8 can be used to set different priority levels of user traffic at Layer 2. In the context of the Cisco 10720 router, the Modular QoS feature is used to set the 802.1p bits, similar to setting the IP type of service (ToS) bits. The switches that are deployed behind the Cisco 10720 router that supports this feature can take advantage of the priority bits for providing a higher quality of service for certain types of traffic.
802.1q Support for the Cisco 10720 Internet Router
The term "VLAN" refers to the ability to virtually create a LAN using a switched architecture. Rather than being defined on a physical or geographical basis, VLANs can be defined on a logical or organizational basis in which the network can be configured via software. The IEEE standard 802.1q defines the operation of VLAN bridges that permit the definition, operation, and administration of VLAN topologies within a bridged LAN infrastructure. This standard is based on a frame-tagging mechanism to identify the specific VLAN.
Bidirectional PIM
Bidirectional PIM is a variant of the Protocol Independent Multicast (PIM) suite of routing protocols for IP Multicast. In PIM, packet traffic for a multicast group is routed according to the rules of the mode configured for that multicast group. The Cisco IOS implementation of PIM supports the following three modes for a multicast group:
•
•
•
A router can simultaneously support all three modes or any combination of them for different multicast groups. In bidirectional mode, traffic is routed only along a bidirectional shared tree that is rooted at the rendezvous point (RP) for the group. In Bidirectional PIM (bidir-PIM), the IP address of the RP acts as the key to having all routers establish a loop-free spanning tree topology rooted in that IP address. This IP address does not need to be a router, but it can be any unassigned IP address on a network that is reachable throughout the PIM domain. Using this technique is the preferred configuration for establishing a redundant RP configuration for bidir-PIM.
Membership to a bidirectional group is signaled via explicit "Join" messages. Traffic from sources is unconditionally sent up the shared tree toward the RP and passed down the tree toward the receivers on each branch of the tree.
Bidir-PIM is designed to be used for many-to-many applications within individual PIM domains. Multicast groups in bidirectional mode can scale to an arbitrary number of sources without incurring overhead due to the number of sources.
Bidir-PIM is derived from the mechanisms of PIM sparse mode (PIM-SM) and shares many shortest path tree (SPT) operations. Bidir-PIM also has unconditional forwarding of source traffic toward the RP upstream on the shared tree, but it has no registering process for sources as in PIM-SM. These modifications are necessary and sufficient to allow forwarding of traffic in all routers based solely on the multicast routing entries (*, G). This feature eliminates any source-specific state and allows scaling capability to an arbitrary number of sources.
CNS Configuration Agent
Cisco Networking Services (CNS) is a foundation technology for linking users to network services. CNS Software Developers Kit (SDK) accomplishes this linking by making applications network-aware and increasing the intelligence of the network elements. CNS SDK provides building blocks to a range of customers in market segments such as enterprise, service provider, independent software vendors, and system integrators.
The CNS Configuration Agent feature supports initial configurations, incremental configurations, and synchronized configuration updates for Cisco IOS software-based routing devices.
Initial Configurations
When a routing device first comes up, it connects to the configuration server component of CNS Configuration Agent by establishing a TCP connection through the use of cns config initial, a standard command-line interface (CLI) command. The device issues a request and identifies itself by providing a unique configuration ID to the configuration server.
When the CNS web server receives a request for a configuration file, it invokes the Java Servlet and executes the corresponding embedded code. The embedded code directs the CNS web server to access the directory server and file system to read the configuration reference for this device (configuration ID) and template. The Configuration Agent prepares an instantiated configuration file by substituting all the parameter values specified in the template with valid values for this device. The configuration server forwards the configuration file to the CNS web server for transmission to the routing device.
The CNS Configuration Agent feature accepts the configuration file from the CNS web server, performs XML parsing, checks syntax (optional), and loads the configuration file. The routing device reports the status of the configuration load as an event to which a network monitoring or workflow application can subscribe.
Incremental (Partial) Configurations
When the network is up and running, new services can be added using the CNS Configuration Agent. Incremental (partial) configurations can be sent to routing devices. The actual configuration can be sent as an event payload by way of the Event Gateway (push operation) or as a signal event that triggers the device to initiate a pull operation.
The routing device can check the syntax of the configuration before applying it. If the syntax is correct, the routing device applies the incremental configuration and publishes an event that signals success to the configuration server. If the device fails to apply the incremental configuration, it publishes an event that indicates an error status.
After the routing device has applied the incremental configuration, it can write it to NVRAM, or wait until signaled to do so.
Synchronized Configurations
When a routing device receives a configuration, it has the option to defer application of the configuration upon receipt of a write-signal event. The CNS Configuration Agent feature allows the device configuration to be synchronized with other dependent network activities.
For further information on enabling CNS services on your routing devices, see the "CNS Configuration Agent" and "CNS Event Agent" feature modules at: http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st18/.
CNS Event Agent
Cisco Networking Services (CNS) is a foundation technology for linking users to network services. CNS Software Developers Kit (SDK) accomplishes this linking by making applications network-aware and increasing the intelligence of the network elements. CNS SDK provides building blocks to a range of customers in market segments such as enterprise, service provider, independent software vendors, and system integrators.
The CNS Event Agent is part of the Cisco IOS software infrastructure that allows Cisco IOS software applications to publish and subscribe to events on a CNS Event Bus. CNS Event Agent works in conjunction with the CNS Configuration Agent feature.
Cisco 10720 Internet Router
The Cisco 10720 Internet router is a high performance Cisco IOS router that enables service providers to offer next generation business class IP services within metropolitan networks. Designed with support for 10/100 and later 1000 Mbps Ethernet access and high speed OC48/STM16 DPT technology over fiber uplink, the Cisco 10720 Internet router allows service providers to offer IP services that are closer to the user, enabling the users to better control admission to network resources. The small form factor allows easy deployment in central locations within business complexes. Based on Cisco Parallel Express Forwarding (PXF) (Toaster-based) architecture, the Cisco 10720 Internet router is a cost effective reliable platform that allows advanced IOS features to be introduced simply, efficiently, and without compromising on performance.
DPT MIB
The Cisco 10720 router supports DPT MIB. Refer to the following document for additional MIB information:
ftp://ftp.cisco.com/pub/mibs/v2/CISCO-SRP-MIB.my
Frame Relay Fast Restart
The Frame Relay Fast Restart feature increases network availability by reducing recovery time from Route Processor (RP) failures on Cisco routers in Frame Relay networks. This feature reduces recovery time by accelerating the transition from primary RP to standby RP after a hardware or software failure.
When a switchover from primary RP to standby RP occurs on a router that has been configured for Frame Relay encapsulation, the router must implement an initialization procedure to bring permanent virtual circuits (PVCs) back up and to reestablish dynamic mappings. While this procedure is under way, the Frame Relay interface is unavailable for traffic forwarding. Before the introduction of this feature, the initialization procedure took from 30 to 90 seconds to complete on each Frame Relay interface. The Frame Relay Fast Restart feature reduces interface restart time to 10 to 15 seconds.
The Frame Relay Fast Restart feature uses the methods described in the following sections to reduce interface restart time:
Accelerating the LMI Cycle
To address the possibility that the line protocol is down upon switchover to the standby RP, the Frame Relay Fast Restart feature introduces an accelerated Local Management Interface (LMI) cycle. The accelerated LMI cycle is designed to bring the line protocol up quickly, in turn making PVCs available sooner.
Before the introduction of Frame Relay fast restart, LMI polling cycles occurred every ten seconds, and on the sixth cycle a full LMI status request was sent. This LMI cycle resulted in the sending of a full LMI status request every 60 seconds. With the accelerated LMI cycle, a full status request is sent to the switch immediately after switchover to the standby RP. The next polling cycle begins within one second following receipt of the full status from the switch rather than waiting the default ten seconds. A full status request is also sent at the last polling cycle. The accelerated LMI cycle ends after a fixed number of polling cycles, which can be configured to meet the requirements of the switch.
The accelerated LMI cycle causes the line protocol to come up and PVCs to be reported active in one or two seconds instead of the 30 to 40 seconds that it would have taken before the introduction of this feature.
Note
Note
Accelerating Inverse ARP
Inverse Address Resolution Protocol (ARP) requests, where applicable, will be sent out as soon as a PVC becomes active. Before the introduction of the Frame Relay Fast Restart feature, when an Inverse ARP request was unsuccessful, the request was resent every 60 seconds. This new feature accelerates the Inverse ARP timer so that if a request comes back unsuccessful, a second request is sent in ten seconds. Subsequent requests are sent every 60 seconds.
MPLS Traffic Engineering (TE)—Configurable Path Calculation Metric for Tunnels
When Multiprotocol Label Switching (MPLS) traffic engineering (TE) is configured in a network, the Interior Gateway Protocol (IGP) floods two metrics for every link: the normal IGP (OSPF or IS-IS) link metric and a TE link metric. The IGP uses the IGP link metric in the normal way to compute routes for destination networks. In previous releases, MPLS TE used the TE link metric to calculate and verify paths for TE tunnels. When the TE metric was not explicitly configured, the TE metric was the IGP metric.
The current enhancement enables you to control the metric used in path calculation for TE tunnels on a per-tunnel basis. It allows you to specify that the path calculation for a given tunnel be based on either of the following:
•
•
Post Switchover Core Dump
When a Route Processor (RP) crashes, it is sometimes useful to obtain a full copy of the memory image (called a core dump) to identify the cause of the crash. (Not all crash types will produce a core dump.)
In networking devices that support redundant route processors, one processor acts as the active processor while the other processor acts as the standby processor. In the event of a crash, the standby processor switches over to become the active processor. The Post-Switchover Core Dump feature allows the newly active processor to complete the switchover process before writing the core dump information from the previously active processor to a preconfigured file.
RPR+ Support for Engine 4 Line Cards in the Cisco 12000 Series Internet Router
The list of supported line cards for Route Processor Redundancy Plus (RPR+) now includes two additional Engine 4 line cards. With this addition, the complete list of supported cards becomes:
•
•
•
•
All other line cards are reset during a switchover.
With RPR+, if the Active RP fails, or if a manual switchover is performed, these line cards are not reset during a switchover to the standby RP. The interfaces remain up during this transfer, so neighboring routers do not detect a link flap (i.e. a link does not go down and back up).
Refer to the following document for additional information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st17/rpr_plus.htm
show idb Command
The show idb command is available on Cisco12000 series Internet routers. The show idb command displays the list of hardware interface description blocks (IDBs) in the router. The following is an example of the show idb command:
Router#show idb
Maximum number of IDBs 4096
2014 SW IDBs allocated (2392 bytes each)
13 HW IDBs allocated (5624 bytes each)
HWIDB#1 1 POS1/0 (HW IFINDEX, SONET, Serial)
HWIDB#2 2 POS1/1 (HW IFINDEX, SONET, Serial)
HWIDB#3 3 POS1/2 (HW IFINDEX, SONET, Serial)
HWIDB#4 4 POS1/3 (HW IFINDEX, SONET, Serial)
HWIDB#5 5 POS2/0 (HW IFINDEX, SONET, Serial)
HWIDB#6 6 GigabitEthernet3/0 (HW IFINDEX, Ether)
HWIDB#7 7 GigabitEthernet3/1 (HW IFINDEX, Ether)
HWIDB#8 8 GigabitEthernet3/2 (HW IFINDEX, Ether)
HWIDB#9 9 ATM4/0 (HW IFINDEX, SONET, HW ATM)
HWIDB#10 10 GigabitEthernet5/0 (HW IFINDEX, Ether)
HWIDB#11 11 GigabitEthernet5/1 (HW IFINDEX, Ether)
HWIDB#12 12 GigabitEthernet5/2 (HW IFINDEX, Ether)
HWIDB#13 13 Ethernet0 (HW IFINDEX, Ether)Single Ring Recovery (SRR) Protocol
The Single Ring Recovery (SRR) Protocol enables a spatial reuse protocol (SRP) ring to preserve full node connectivity in the event of multiple failures on one of its two counter-rotating rings while the other is failure free. In all other cases, the SRP ring maintains the standard SRP intelligent protection switching (IPS) behavior.
VT1.5 for Channelized OC-12 Card
The Cisco 10000 series edge services routers will support the VT1.5 on the Channelized OC-12 line card through the controller vt command. This enhancement allows the configuration of the virtual tributary (VT) controllers as well as the T3 controllers on the line card.
A VT controller on a Channelized OC-12 line card is channelized into 28 T1 interfaces by default. The controller vt command can be used to shut down a VT link or to change the settings for a T1 interface.
The VT link can be configured by entering the controller vt command:
controller vt slot/subslot/port.path
Where path is a value from 1 to 12. Each number represents a VT that houses 28 T1 lines.
Example:
Router# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)# controller vt 1/0/0.1
Router(config-controller)#Virtual Router Redundancy Protocol (VRRP)
There are several ways in which a LAN client can determine which router should be the first hop to a particular remote destination. The client can use a dynamic process or a static configuration. Examples of dynamic router discovery are as follows:
•
•
•
The drawback to dynamic discovery protocols is that they incur some configuration and processing overhead on the LAN client. Also, in the event of a router failure, the process of switching to another router can be slow.
An alternative to dynamic discovery protocols is to statically configure a default router on the client. This approach simplifies client configuration and processing, but creates a single point of failure. If the default gateway fails, the LAN client is limited to communicating only on the local IP network segment and is cut off from the rest of the network.
The Virtual Router Redundancy Protocol (VRRP) feature can solve the static configuration problem. VRRP enables a group of routers to form a single virtual router. The LAN clients can then be configured with the virtual router as their default gateway. The virtual router, representing a group of routers, is also known as a VRRP group.
VRRP is supported on Ethernet, Fast Ethernet, and Gigabit Ethernet interfaces, and on Multiprotocol Label Switching (MPLS) Virtual Private Networks (VPNs) and VLANs.
New Features in Cisco IOS Release 12.0(17)ST
Cisco IOS Release 12.0(17)ST supports the following new features:
•
•
•
•
•
•
Cisco 10000 Series Edge Services Router
The Cisco 10000 series edge services router (ESR) is a Layer 3 platform that allows service providers to provision IP services across thousands of leased-line connections. The Cisco 10000 series ESR aggregates large numbers of T3, T1, and DS0 leased lines through OC-12 Packet over SONET (POS) and Gigabit Ethernet interfaces. The Cisco IOS software offers a range of features that service providers can use to improve their network and customize their services.
The series consists of two chassis—an 8-slot chassis designed to meet the needs of large service providers and a 5-slot chassis designed to meet the needs of medium-to-large service providers.
Fast Reroute LP Support for OC192
The MPLS Traffic Engineering Fast Reroute—Link Protection feature is now supported for the following: Engine 4 OC-192 line cards in the Cisco 12000 series Internet routers with Cisco IOS Release 12.0(17)ST.
Note
MPLS Traffic Engineering Fast Reroute (FRR) delivers Layer 3 protection switching for networks that are currently configured with MPLS label switched paths (LSPs). MPLS Traffic Engineering FRR provides temporary rerouting around a failed link (in the future, a node). This protects against physical point-to-point link failures. Upon notification (such as loss of signal or loss of frame) of a facility, a path error failure is delivered to the LSP/tunnel headend and the logical LSP is rerouted to the next hop using a preconfigured backup LSP/tunnel.
Regular MPLS traffic engineering automatically establishes and maintains LSPs across the backbone using Resource Reservation Protocol (RSVP). The path used by a given LSP at any point in time is determined on the basis of the LSP resource requirements and network resources, such as bandwidth.
Available resources are flooded via extensions to a link-state based Interior Gateway Protocol (IGP), either Intermediate System-to-Intermediate System (IS-IS) or Open Shortest Path First (OSPF).
Paths for LSPs are calculated at the LSP headend. Under failure conditions, the headend determines a new route for the LSP. Recovery at the headend provides for the optimal use of resources. However, due to messaging delays, the headend cannot recover as fast as possible by making a repair at the point of failure.
Fast reroute provides link protection to LSPs. This link protection enables all the traffic carried by LSPs that traverse a failed link to be rerouted around the failure. The reroute decision is completely controlled locally by the router that interfaces the failed link. The headend of the tunnel is also notified of the link failure through the IGP or through RSVP and completely reroutes the LSP around the failure.
Note
HSRP Support for MPLS VPNs
Note
Hot Standby Router Protocol (HSRP) support on a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) interface is useful when an Ethernet is connected between two provider edges (PEs) with either of the following:
•
•
Each VPN is associated with one or more VPN routing/forwarding (VRF) instances. A VRF consists of the following:
•
•
•
•
VPN routing information is stored in the IP routing table and the CEF table for each VRF. A separate set of routing and CEF tables is maintained for each VRF. These tables prevent information from being forwarded outside a VPN and also prevent packets that are outside a VPN from being forwarded to a router within the VPN.
HSRP currently adds Address Resolution Protocol (ARP) entries and IP hash table entries (aliases) using the default routing table instance. However, a different routing table instance is used when VRF forwarding is configured on an interface, causing ARP and Internet Control Message Protocol (ICMP) echo requests for the HSRP virtual IP address to fail.
The HSRP Support for MPLS VPNs feature ensures that the HSRP virtual IP address is added to the correct IP routing table and not to the default routing table.
MPLS VPN ID
The MPLS VPN ID feature allows you to identify Virtual Private Networks (VPNs) by a VPN identification number, as described in RFC 2685. Multiple VPNs can be configured in a router. You can use a VPN name (a unique ASCII string) to reference a specific VPN configured in the router.
Alternately, you can use a VPN ID to identify a particular VPN in the router. The VPN ID follows a standard specification (RFC 2685). To ensure that the VPN has a consistent VPN ID, assign the same VPN ID to all the routers in the service provider network that service that VPN.
Remote access applications, such as the RADIUS and Dynamic Host Configuration Protocol (DHCP), can use the MPLS VPN ID feature to identify a VPN. RADIUS can use the VPN ID to assign dial-in users to the proper VPN on the basis of the authentication information of each user.
Configuration of a VPN ID for a VPN is optional. You can still use a VPN name to identify configured VPNs in the router. The VPN name is not affected by the VPN ID configuration. These are two independent mechanisms to identify VPNs.
MPLS VPN—Interautonomous System Support (Engine 2 POS and Engine 2 QOC-12 ATM)
MPLS VPN—Interautonomous System Support is now added to the Engine 2 based Packet over SONET (PoS) and QOC-12 ATM line cards.
The MPLS VPN—Interautonomous System Support capability allows a BGP/MPLS VPN to span multiple service providers—each service provider has its own autonomous system.
MPLS VPN Support for the 2-Port Channelized OC-3/STM-1 to DS1/E1 Line Card
MPLS-VPN is now supported in the 2-Port Channelized OC-3/STM-1 to DS1/E1 line card for the Cisco 12000 series Internet router.
MPLS VPN, TE, and LDP Support for the OC-192c and QOC-48c Line Cards
Cisco IOS Release 12.0(17)ST adds support for the following features on the OC-192c/STM-64c Packet over SONET (PoS) and Quad OC-48cSTM-16c Packet over SONET (PoS) line cards:
•
•
•
The OC-192c/STM-64c Packet over SONET (PoS) line card provides the Cisco 12416 Internet router with a single 10-Gbps POS interface on a single card. The card interfaces with the 320-Gbps switch fabric in the Cisco 12016 Internet router and provides one OC-192 duplex SC or FC single-mode connection. This connection is concatenated, which provides for increased efficiency by eliminating the need to partition the bandwidth.
The Quad OC-48c/STM-16c Packet over SONET (PoS) line card provides the Cisco 12416 Internet router with a single 10-Gbps POS interface on a single card. The card interfaces with the switch fabric in the Internet router and provides one OC-48c/STM-16c duplex SC or FC single-mode connection. This connection is concatenated, which provides for increased efficiency by eliminating the need to partition the bandwidth.
Refer to the following document for further information about the OC-192c and QOC-48c line cards:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/index.htm
RPR+ in the Cisco 12000 Series Internet Router
When two Route Processors (RPs) are installed in a 12000 series Internet router chassis, one RP acts as the Active RP, and the other acts as a backup, or Standby RP. If the Active RP fails, or is removed from the system, the Standby RP detects the failure and initiates a switchover. During a switchover, the Standby RP assumes control of the router, connects with the network interfaces, and activates the local network management interface and system console.
With Route Processor Redundancy Plus (RPR+), the Standby RP is fully initialized and configured. This feature allows RPR+ to dramatically shorten the switchover time if the Active RP fails, or if a manual switchover is performed. Because both the startup configuration and the running configuration are continually synchronized from the Active to the Standby RP, line cards are not reset during a switchover. The interfaces remain up during this transfer, so neighboring routers do not detect a link flap (i.e. link does not go down and back up).
Supported Line Cards
In Cisco IOS Release 12.0(17)ST, RPR+ is supported in the following line cards with the 12000 series Internet routers:
•
•
All other line cards are reset during a switchover.
New Features in Cisco IOS Release 12.0(16)ST
Cisco IOS Release 12.0(16)ST supports the following new features:
•
•
•
•
•
3-Port Gigabit Ethernet Line Card MPLS-VPN Features
The following MPLS-VPN features are supported on the 3-Port Gigabit Ethernet line card for the Cisco 12000 series Internet routers:
•
•
•
•
BGP Next Hop Propagation
The BGP Next Hop Propagation feature allows you to set Border Gateway Protocol (BGP) attributes for a BGP route reflector and the ability to turn off the nexthop calculation for eBGP peers.
Fast Software Upgrade
Using Fast Software Upgrade (FSU), you can reduce planned downtime. With FSU you can configure the system to switch over to a standby RSP, which is preloaded with an upgraded Cisco IOS software image. FSU reduces outage time during a software upgrade by transferring functions to the standby RSP that has the upgraded Cisco IOS software preinstalled. The only downtime with a Fast Software Upgrade is the time required for the standby RSP to take control during the switchover. You can also use FSU to downgrade a system to an older version of Cisco IOS software or have a backup system loaded for downgrading to a previous image immediately after an upgrade.
MPLS VPN and Traffic Engineering Support for 6E3-SMB and 12 E3-SMB Line Cards
Cisco IOS Release 12.0(16)ST adds support for the following features on the 6E3-SMB and 12E3-SMB line cards:
•
•
•
The 6E3-SMB and 12E3-SMB line cards consist of high-density E# service through 6 or 12 E3 interfaces.
The 6-port line card is a partially depopulated version of the 12-port line card. The 6-port line card consists of a total of 12 connectors. A single port consists of one coaxial connector for receiving (Tx) and one coaxial connector for transmitting (Tx). The ports on the 6-port line card are numbered 0-5.
The 12-port line card consists of a total of 24 connectors. A single port consists of one coaxial connector for receiving (Rx) and one coaxial connector for transmitting (Tx). The ports on the 12-port line card are numbered 0-11.
See the following document for further information about the 6E3-SMB and 12E3-SMB line cards:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_chan/11613e3.htm
MPLS VPN Carrier Supporting Carrier for Engine 0 Line Cards
Cisco IOS Release 12.0(16)ST adds support for MPLS VPN carrier supporting carriers for Engine 0 line cards on the Cisco 12000 series Internet routers carrier.
Carrier supporting carrier is a term used to describe a situation where one service provider allows another service provider to use a segment of its backbone network. The service provider that provides the segment of the backbone network to the other provider is called the backbone carrier. The service provider that uses the segment of the backbone network is called the customer carrier. Refer to the following document for additional information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st16/csc16.htm
MPLS VPN—Interautonomous System Support
The MPLS VPN—Interautonomous System Support feature allows a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) to span service providers and autonomous systems.
As VPNs grow, their requirements expand. In some cases, VPNs need to reside on different autonomous systems in different geographic areas. (An autonomous system is a single network or group of networks that is controlled by a common system administration group and that uses a single, clearly defined routing protocol.)
Also, some VPNs need to extend across multiple service providers (overlapping VPNs). Regardless of the complexity and location of the VPNs, the connection between autonomous systems must be seamless to the customer.
The MPLS VPN—Interautonomous System Support feature provides that seamless integration of autonomous systems and service providers. Separate autonomous systems from different service providers can communicate by exchanging IPv4 network layer reachability information (NLRI) in the form of VPN-IPv4 addresses.
The border edge routers of the autonomous systems use exterior border gateway protocol (EBGP) to exchange that information. Then, an interior gateway protocol (IGP) distributes the network layer information for VPN-IPv4 prefixes throughout each VPN and each autonomous system. Routing information uses the following protocols:
•
•
An MPLS VPN with interautonomous system support allows a service provider to provide to customers scalable Layer 3 VPN services, such as web hosting, application hosting, interactive learning, electronic commerce, and telephony service. A VPN service provider supplies a secure, IP-based network that shares resources on one or more physical networks.
The primary function of a EBGP is to exchange network reachability information between autonomous systems, including information about the list of autonomous system routes. The autonomous systems use EBGP border edge routers to distribute the routes, which include label switching information. Each border edge router rewrites the next-hop and MPLS labels. See the section "Routing Between Autonomous Systems" for more information.
Interautonomous system configurations supported in an MPLS VPN can include:
•
•
Policy Routing onto MPLS TE Tunnels
Cisco IOS Release 12.0(16)ST now supports mapping packets to tunnels. Refer to the following document for additional information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/12cgcr/np1_c/1cprt1/1cindep.htm
Route Processor Redundancy
Route Processor Redundancy (RPR) provides an alternative to the High System Availability (HSA) feature currently available on Cisco 7500 series routers. HSA enables a system to reset and use a standby RSP in the event of a failure of the active RSP.
Using RPR you can reduce unplanned downtime. RPR enables a quicker switchover between a primary and secondary RSP in the event of a fatal error on the active RSP. When you configure RPR, the standby RSP loads a Cisco IOS image on boot up and initializes itself in standby mode. In the event of a fatal error on the active RSP, the system switches to the standby RSP, which reinitializes itself as the active RSP, reloads all of the line cards, and restarts the system.
New Features in Cisco IOS Release 12.0(15)ST
Cisco IOS Release 12.0(15)ST was not released. See the "New Features in Cisco IOS Release 12.0(16)ST" section.
New Features in Cisco IOS Release 12.0(14)ST1
Cisco IOS Release 12.0(14)ST1 supports the following new features:
•
MPLS Traffic Engineering (TE)—IP Explicit Address Exclusion
The MPLS traffic engineering Internet Protocol (IP) explicit address exclusion feature provides a means to exclude a link or node from the path for an MPLS traffic engineering label-switched path (LSP).
The feature is accessible via the ip explicit-path command that allows you to create an IP explicit path and enter a configuration submode for specifying the path. The feature adds to the submode commands the exclude-address command for specifying addresses to exclude from the path.
If the exclude-address for an MPLS traffic engineering LSP identifies a flooded link, the constraint-based shortest path first (CSPF) routing algorithm doesn't consider that link when computing paths for the LSP. If the exclude-address specifies a flooded MPLS traffic engineering router ID, the CSPF routing algorithm doesn't allow paths for the LSP to traverse the node identified by the router ID.
For more information, refer to the MPLS Traffic Engineering IP Explicit Address Exclusion feature in Cisco IOS Release 12.0(14)ST1.
New Features in Cisco IOS Release 12.0(14)ST
Cisco IOS Release 12.0(14)ST supports the following new features:
•
•
•
•
•
•
•
•
•
•
BGP Conditional Route Injection
Cisco IOS software provides several methods in which you can originate a prefix into the Border Gateway Protocol (BGP). The existing methods include using the network or aggregate-address commands and redistribution. These methods assume the existence of more specific routing information (matching the route to be originated) in either the routing table or the BGP table.
The BGP conditional route injection feature enables you to originate a prefix into BGP without the corresponding match. The routes are injected into the BGP table only if certain conditions are met. The most common condition is the existence of a less-specific prefix.
For more information, refer to the BGP Conditional Route Injection feature in Cisco IOS Release 12.0(14)ST.
Diff-Serv-Aware Traffic Engineering (DS-TE)
Extensions added to Multiprotocol Label Switching Traffic Engineering (MPLS TE) make it Diff-Serv aware. Specifically, the bandwidth reservable on each link for constraint-based routing (CBR) purposes can now be managed through two bandwidth pools: a global pool and a sub-pool. The sub-pool can be limited to a smaller portion of the link bandwidth. Tunnels using the sub-pool bandwidth can then be used in conjunction with MPLS Quality of Service (QoS) mechanisms to deliver guaranteed bandwidth services end-to-end across the network.
DS-TE is now available for the Cisco 7500 routers.
For more information, see Diff-Serv-Aware Traffic Engineering (DS-TE) feature in Cisco IOS Release 12.0(14)ST.
Explicit Null
With this release, Explicit Null is supported on Cisco 12000 series Internet routers Engine-2 line cards. Explicit Null labels are used where label encapsulation is needed, but no valid label is required. For example, an explicit null label might be used to retain the Exp fields for QoS purposes on the last hop of an LSP, even though no label is required by the last hop.
When the explicit null label is used, it must be the only entry in the label stack.
MPLS Quality of Service Enhancements
When a customer transmits IP packets from one site to another, the IP precedence field (the first three bits of the DSCP field in the header of an IP packet) specifies the quality of service. Based on the IP precedence marking, the packet is given the desired treatment such as the latency or the percent of bandwidth allowed for that quality of service. If the service provider network is an MPLS network, then the IP precedence bits are copied into the MPLS EXP field at the edge of the network. However, the service provider might want to set an MPLS packet's QoS to a different value determined by the service offering.
This feature allows the service provider to set the MPLS experimental field instead of overwriting the value in the customer's IP precedence field. The IP header remains available for the customer's use; the IP packet's QoS is not changed as the packet travels through the multiprotocol label switching (MPLS) network.
For more information, see the MPLS Quality of Service Enhancements feature in Cisco IOS Release 12.0(14)ST.
MPLS Label Switching Router MIB
The MPLS Label Switching Router MIB allows you to use the Simple Network Management Protocol (SNMP) to remotely monitor a label switching router (LSR) that is using the multiprotocol label switching (MPLS) technology. The MPLS LSR MIB mirrors the Cisco Label Switching sub-system, specifically, the LSR management information that is provided by the label forwarding information base (LFIB).
The MPLS LSR MIB contains managed objects that support the retrieval of label switching information from a router and is based on Revision 05 of the IEFT MPLS-LSR-MIB. This implementation enables a network administrator to get information on the status, character, and performance of the following:
•
•
•
In addition, the network manager can retrieve the status of cross-connect entries that associate MPLS segments together.
For descriptions of supported MIBs and how to use them, see the Cisco MIB web site on Cisco.com at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
MPLS Scalability Enhancements
MPLS scalability enhancements allow the prevention of label-switched paths (LSPs) from being created in an MPLS network.
Some LSPs are often unnecessary between some LERs in an MPLS network. Every time a new destination is created, LSPs are created from all LERs in the MPLS network to the new destination. You can use the tag-switching request-tags for command with an access list at an LER to restrict the destinations for which a downstream-on-demand request is issued. You specify the destination IP addresses that you want to disable from creating LSPs.
This command allows you to permit creation of some LSPs, while preventing the creation of others. Using this command reduces the number of LSPs in an MPLS network, which reduces the VC usage in the network.
For more information, refer to the MPLS Scalability Enhancements feature in Cisco IOS Release 12.0(14)ST.
MPLS Traffic Engineering MIB
The MPLS TE MIB enables a standardized, SNMP-based approach to managing the MPLS traffic engineering features in Cisco IOS software. Providing this capability requires SNMP agent code implementation of the MPLS TE MIB.
The MPLS TE MIB is based on an IETF draft MIB that includes objects describing features that support MPLS traffic engineering. The implementation of the MPLS TE MIB within Cisco IOS software closely corresponds to the features described in the IETF draft MIB.
Some slight differences between the IETF draft MIB and the actual implementation of the traffic engineering capabilities within IOS require some minor translations between the MPLS TE MIB and the internal data structures of Cisco IOS software. These translations are accomplished by means of the SNMP agent code. Also, while running as a low priority process, the SNMP agent provides a management interface to Cisco IOS software.
The Cisco MPLS TE MIB implementation described in this feature module tracks the following version of the IETF draft MIB: draft-ietf-mpls-te-mib-05.txt. This IETF draft document is continually being evolved toward the status of a standard and will undergo revisions from time to time. Accordingly, the Cisco implementation of the MPLS TE MIB is expected to track the evolution of the IETF draft MIB.
The SNMP objects defined in the MPLS TE MIB can be viewed by any standard SNMP management utility. All MPLS TE MIB objects are based on the IETF draft MIB; accordingly, no specific Cisco-developed applications are required to support the MPLS TE MIB
For descriptions of supported MIBs and how to use them, see the Cisco MIB web site on Cisco.com at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
MPLS Traffic Engineering (TE)—Automatic Bandwidth Adjustment for (TE) Tunnels
Traffic engineering autobandwidth samples, at a user-configurable interval, the current 5-minute bandwidth average for each tunnel marked with an auto-bw flag. Traffic engineering autobandwidth then applies the highest sample to each marked tunnel at the tunnel's user-configurable time (for example, once per day).
For more information, refer to the Automatic Bandwidth Adjustment for MPLS Traffic Engineering Tunnels feature in Cisco IOS Release 12.0(14)ST.
MPLS Traffic Engineering (TE)—Scalability Enhancements
Implementation of MPLS traffic engineering scalability has been improved so that scalability performs better for large numbers of tunnels. These improvements
•
•
User-visible scalability enhancements include the following:
•
•
•
•
Pacing for RSVP Messages
A burst of RSVP traffic engineering signaling messages may overflow the input queue of a receiving router, causing some messages to be dropped. Dropped messages cause a substantial delay in completing LSP signaling.
A new mechanism controls the transmission rate for RSVP messages and lessens the likelihood of input drops on the receiving router. The transmission rate is configurable with a default rate of 200 RSVP messages per second to a given neighbor.
Signaling and Management for MPLS Traffic Engineering Tunnels
The following changes improve the responsiveness of LSP recovery when a link used by an LSP fails:
•
•
Controlling IS-IS and MPLS Traffic Engineering Topology Database Interactions
The delay between when IS-IS receives an IGP update and delivers it to the MPLS traffic engineering topology database has been reduced in most situations.
Previously, when IS-IS received a new LSP that contained traffic engineering TLVs there could be a delay of several seconds before it passed the traffic engineering TLVs to the traffic engineering database. The purpose of the delay was to provide better scalability during periods of network instability and to give the router an opportunity to receive more fragments of the LSP before passing the information to the traffic engineering database. However, this delay introduced a corresponding delay to the convergence time for the traffic engineering database.
Now IS-IS extracts traffic engineering TLVs from received LSPs and passes them to the traffic engineering database immediately, except when there are large numbers of LSPs to process and it is important to limit CPU consumption, such as during periods of network instability. The arguments that control delivery of traffic engineering TLVs by IS-IS to the traffic engineering topology database are configurable.
Improved Diagnostic Capabilities for MPLS Traffic Engineering and RSVP Signaling
The following enhancements improve diagnostic and trouble shooting capabilities for MPLS Traffic Engineering and RSVP:
•
•
For more information, see the Scalability Enhancements for MPLS Traffic Engineering feature on Cisco IOS Release 12.0(14)ST.
MPLS VPN and TE support on the Cisco 12000 series Internet routers 6CT3-SMB Line Card
In Cisco IOS Release 12.0(14)ST, the following support is added for the 6-port channelized T3 (6CT3-SMB) line card on the Cisco 12000 series Internet routers:
•
•
•
The 6CT3-SMB line card provides high-density digital signal level 3 (DS3) service through six copper T3 ports. T3 transmits DS3-formatted data at 44.736 Mbps through the telephone switching network that is used in a digital WAN carrier facility. A T3 can be channelized into 28 independent DS1 data channels or up to 35 NxDS0. A total of 168 DS1 channels are supported, or 210 NxDS0 per line card.
For more information on the Cisco 12000 series Internet routers 6CT3-SMB line card, refer to the following Cisco document:
http://www.cisco.com/univercd/cc/td/doc/product/core/cis12000/linecard/lc_chan/10318ct3.htm
MPLS VPN Carrier Supporting Carriers
Carrier supporting carrier is a term used to describe a situation where one service provider allows another service provider to use a segment of its backbone network. The service provider that provides the segment of the backbone network to the other provider is called the backbone carrier. The service provider that uses the segment of the backbone network is called the customer carrier.
The carrier supporting carrier feature enables one MPLS VPN-based service provider to allow other service providers to use a segment of its backbone network. Refer to the following document for additional information:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120st/120st16/csc16.htm
MPLS VPN Line Cards for Cisco 12000 Series Internet Routers (Engine 2 ATM)
MPLS VPN is supported for only customer access on the QOC-12 ATM line card. Connection to the service provider's backbone is not supported on the QOC-12 ATM. A maximum of 320 VPNs can be configured on the ATM E2 line card per Cisco 12000 series Internet router. The maximum number of VPN routes per Cisco 12000 series Internet router should be no more than 100K.
Restrictions in Cisco IOS Release 12.0(14)ST
This section describes the following:
•
•
Open Shortest Path First Restriction
Open Shortest Path First (OSPF) is not supported between customer edge (CE) to provider edge (PE) routers on Cisco 12000 series Internet routers Engine 0 and Engine 2 line cards. Only Version 2 of the Routing Information Protocol (RIP), static routers, and external BGP are supported.
PIRC and Access Lists Restriction
Cisco 12000 series Internet routers PIRC and access lists cannot be configured under VRF interfaces on a PE router.
New Features in Cisco IOS Release 12.0(11)ST
Cisco IOS Release 12.0(11)ST supports the following new features:
•
•
•
•
Diff-Serv-Aware Traffic Engineering (DS-TE)
MPLS traffic engineering allows constraint-based routing of IP traffic. One of the constraints satisfied by CBR is the availability of required bandwidth over a selected path. Diff-Serv-Aware Traffic Engineering (DS-TE) extends MPLS traffic engineering to enable you to perform constraint-based routing of "guaranteed" traffic, which satisfies a more restrictive bandwidth constraint than that satisfied by CBR for regular traffic. The more restrictive bandwidth is termed a sub-pool, while the regular TE tunnel bandwidth is called the global pool. (The sub-pool is a portion of the global pool.) This ability to satisfy a more restrictive bandwidth constraint translates into an ability to achieve higher Quality of Service performance (in terms of delay, jitter, or loss) for the guaranteed traffic.
For example, DS-TE can be used to ensure that traffic is routed over the network so that, on every link, there is never more than 40 per cent (or any assigned percentage) of the link capacity of guaranteed traffic (for example, voice), while there can be up to 100 per cent of the link capacity of regular traffic. Assuming QoS mechanisms are also used on every link to queue guaranteed traffic separately from regular traffic, it then becomes possible to enforce separate "overbooking" ratios for guaranteed and regular traffic. (In fact, for the guaranteed traffic it becomes possible to enforce no overbooking at all or even an underbooking so that very high QoS can be achieved end-to-end for that traffic, even while for the regular traffic a significant overbooking continues to be enforced.)
Also, through the ability to enforce a maximum percentage of guaranteed traffic on any link, the network administrator can directly control the end-to-end QoS performance parameters without having to rely on over-engineering or on expected shortest path routing behavior. This is essential for transport of applications that have very high QoS requirements (such as real-time voice, virtual IP leased line, and bandwidth trading), where over-engineering cannot be assumed everywhere in the network.
DS-TE involves extending OSPF (Open Shortest Path First routing protocol), so that the available sub-pool bandwidth at each preemption level is advertised in addition to the available global pool bandwidth at each preemption level. And DS-TE modifies constraint-based routing to take this more complex advertised information into account during path computation.
In this release, tight guarantees can be achieved using the Cisco 12000 series Internet routers and POS (Packet over SONET) interface, with Engine 0 line card at the edge and Engine 2 line card at the core. End-to-end guaranteed bandwidth service is achieved by applying CAR (Committed Access Rate) and MPLS QoS mechanisms in conjunction with DS-TE. QPPB (Qos Policy Propagation via BGP) is not supported with input CAR on the Cisco 12000 series Internet routers in this release.
Label-Controlled ATM Interface (LC-ATM)
The Label-Controlled ATM Interface (LC-ATM) allows Cisco 12000 series Internet routers to operate with the Cisco Label Switch Controller (LSC). The LSC must be running IOS Version 12.1(5)T or higher, and the Cisco 12000 series Internet router must be running IOS Version 12.0(11)ST1 or higher.
Label Distribution Protocol MIB
Multiprotocol label switching (MPLS) is a packet forwarding methodology that uses a short, fixed-length value (called a label) in packets to enable the determination of the next hop for transporting packets through an MPLS network. Two label switching routers (LSRs) must agree on the definition of the labels used to forward network traffic between and through them. This common understanding of labels is achieved through a set of procedures embodied in the Label Distribution Protocol (LDP). The LDP enables an LSR to inform other LSRs of the label bindings it has made, thereby distributing label binding information to peer devices for the purpose of supporting hop-by-hop forwarding along normally routed paths.
In order for LDP to be used to the best advantage in an MPLS network, the MPLS Label Distribution Protocol MIB (MPLS LDP MIB) has been implemented in conjunction with MPLS and LDP. Designed as a network management aid, the MPLS LDP MIB is based on an Internet Engineering Task Force (IETF) draft that defines objects in a structured and standardized label-switching database.
The information in the MPLS LDP MIB is accessible by means of any network management utility that supports the Simple Network Management Protocol (SNMP). The SNMP-based code in a network management utility incorporates a layered structure for supporting the MPLS LDP MIB that is similar to that built into Cisco IOS software for supporting MIBs.
New MPLS VPN Line Card for Cisco 12000 Series Internet Routers
MPLS-based VPNs on Engine 2 line cards support POS and DPT-48 technologies for customer access and for connection to the service provider's backbone. A maximum of 256 VPNs (16 x 16) can be configured on a Cisco 12000 series Internet router that is fully populated with 16xOC-3 Engine 2 line cards. A maximum of approximately 100K VPN routes can be configured on a Cisco 12000 series Internet router platform with Engine 2 line cards, when not using other MPLS applications such as QoS.
New MPLS VPN line cards supported for Cisco 12000 series Internet routers include the following:
•
•
•
•
New Features in Cisco IOS Release 12.0(10)ST
Cisco IOS Release 12.0(10)ST supports the following new features:
•
•
•
•
•
•
•
•
•
•
•
Note
AAL5 Transport over MPLS
The AAL5 Transport over MPLS (AToM) feature provides an ATM permanent virtual circuit (PVC) transport service for transporting AAL5 protocol data units (PDUs) across an IP/MPLS backbone with rate-limit policing and a configurable PVC priority value. A dynamic MPLS tunnel is configured to enable label imposition and disposition of encapsulated ATM PDUs transported between two edge routers having a Label Distribution Protocol (LDP) neighbor relationship.
Each routed PVC label stack has two levels of labels prepended to each ATM PDU: an Internal Gateway Protocol (IGP) stack consisting of zero or more labels and a PVC-based label. Label imposition and disposition are performed by routers at the edge of the MPLS backbone. The imposition router takes the ATM PDU and encapsulates it in an MPLS PDU for transport to the correct disposition router. The disposition router takes the MPLS PDU, de-encapsulates the ATM PDU, and delivers it to the correct ATM interface and virtual path identifier/virtual circuit identifier (VPI/VCI).
For more information on the ATM Adaptation Layer Type 5 Transport over MPLS feature module, see the aal5atm.pdf file at http://www.cisco.com/kobayashi/library/spc_req.shtml.
MPLS Egress NetFlow Accounting
The MPLS Egress NetFlow Accounting feature allows you to capture Internet Protocol (IP) flow information for packets undergoing MPLS label disposition - that is, packets that arrive on a router as MPLS and are transmitted as IP.
Prior to this feature, you captured NetFlow data only for flows that arrived on the packet in IP format. When an edge router performed MPLS label imposition (received an IP packet and transmitted it as an MPLS packet), NetFlow data was captured when the packet entered the network. Inside the network, the packet was switched based only on MPLS information; NetFlow information was not captured until after the last label was removed.
One common application of the MPLS Egress NetFlow Accounting feature allows you to capture the MPLS Virtual Private Network (VPN) IP flows that are traveling through a service provider backbone from one site in a VPN to another site in the same VPN.
Formerly, you captured flows only for IP packets on the ingress interface of a router. You could not capture flows for MPLS encapsulated frames, which were switched through Cisco Express Forwarding (CEF) from the input port. Therefore, in an MPLS VPN environment you captured flow information as packets were received from a customer edge (CE) router and forwarded to the backbone. However, you could not capture flow information as packets were transmitted to a CE router because those packets were received as MPLS frames.
The MPLS Egress NetFlow Accounting feature lets you capture the flows on the outgoing interfaces.
For more information, refer to the MPLS Egress NetFlow Accounting feature in Cisco IOS Release 12.0(10)ST.
MPLS Label Distribution Protocol (LDP)
The MPLS Label Distribution Protocol (LDP) is the IETF standard protocol for label distribution. LDP provides the means for label switching routers (LSRs) to request, distribute, and release label prefix binding information to peer routers in a network. LDP is a two-party protocol that provides the means for LSRs to discover potential peers in a network and to establish LDP sessions with those peers for the purpose of exchanging label binding information.
Functionally, LDP is a superset of the prestandard Tag Distribution Protocol (TDP), which also supports MPLS forwarding along normally routed paths. In addition, for those features that LDP and TDP have in common, the pattern of protocol exchanges between platforms is identical. The differences between LDP and TDP for the features that both protocols support are largely embedded in their respective implementation details, such as the encoding of protocol messages.
This release, which supports both LDP and TDP, provides the means for transitioning an existing network from a TDP switching environment to an LDP switching environment. You can run LDP and TDP simultaneously on any given platform. The protocol that you use can be configured on a per-interface basis for directly connected neighbors and on a per-target basis for nondirectly connected (targeted) neighbors. In addition, an LSP across an MPLS network can be supported by LDP on some hops and by TDP on other hops.
For more information, refer to the MPLS LDP feature in Cisco IOS Release 12.0(10)ST.
MPLS Multiprotocol Label Switching (Tag Switching)
Note
MPLS combines the performance and capabilities of Layer 2 (data link layer) switching with the proven scalability of Layer 3 (network layer) routing. MPLS enables service providers to meet the challenges of explosive growth in network utilization while providing the opportunity to differentiate services without sacrificing the existing network infrastructure. The MPLS architecture is flexible and can be employed in any combination of Layer 2 technologies. MPLS support is offered for all Layer 3 protocols, and scaling is possible beyond that typically offered in today's networks.
MPLS efficiently enables the delivery of IP services over an ATM switched network. MPLS supports the creation of different routes between a source and a destination on a purely router-based Internet backbone. By incorporating MPLS into their network architecture, service providers can save money, increase revenue and productivity, provide differentiated services, and gain competitive advantages.
MPLS Quality of Service (QoS)
The MPLS Quality of Service (QoS) feature enables network administrators to provide differentiated services across an MPLS network. A range of networking requirements can be satisfied by supplying for each packet transmitted the particular QoS specified for each packet by means of its QoS precedence bit setting. QoS services are differentiated by means of the IP precedence bit setting in each transmitted IP packet.
In providing differentiated IP services, MPLS QoS supports the following services:
•
•
•
MPLS Traffic Engineering and Enhancements
MPLS traffic engineering software enables an MPLS backbone to replicate and expand upon the traffic engineering capabilities of Layer 2 ATM and Frame Relay networks.
Traffic engineering is essential for service provider and Internet service provider (ISP) backbones. Such backbones must support the use of a high percentage of transmission capacity, and the networks must be very resilient so that they can withstand link or node failures.
MPLS traffic engineering provides an integrated approach to traffic engineering. With MPLS, traffic engineering capabilities are integrated into Layer 3, which optimizes the routing of IP traffic, given the constraints imposed by backbone capacity and topology.
For more information, refer to the MPLS Traffic Engineering and Enhancements feature in Cisco IOS Release 12.0(10)ST.
MPLS Traffic Engineering (TE)—Fast Reroute (FRR) Link Protection
MPLS Traffic Engineering (TE)—Fast Reroute (FRR) delivers Layer 3 protection switching for networks currently configured with MPLS label switched paths (LSPs). MPLS Traffic Engineering FRR provides temporary rerouting around a failed link (in the future, a node). This protects against physical point-to-point link failures. Upon notification (such as loss of signal or loss of frame) of a facility, a path error failure is delivered to the LSP/tunnel headend and the logical LSP is rerouted to the next hop by way of a preconfigured backup LSP/tunnel.
Regular MPLS traffic engineering automatically establishes and maintains LSPs across the backbone using RSVP. The path used by a given LSP at any point in time is determined by the LSP resource requirements and network resources, such as bandwidth.
Available resources are flooded by means of extensions to a link-state based Interior Gateway Protocol (IGP), either IS-IS or OSPF.
Paths for LSPs are calculated at the LSP headend. Under failure conditions, the headend determines a new route for the LSP. Recovery at the headend provides for the optimal use of resources. However, due to messaging delays, the headend cannot recover as fast as possible by making a repair at the point of failure.
FRR provides link protection to LSPs. This link protection enables all the traffic carried by LSPs that traverse a failed link to be rerouted around the failure. The reroute decision is completely controlled locally by the router interfacing the failed link. The headend of the tunnel is also notified of the link failure through the IGP or through Resource Reservation Protocol (RSVP) and completely reroutes the LSP around the failure.
Note
New MPLS VPN Line Card Support for Cisco 12000 Series Internet Routers
New line cards supported for Cisco 12000 series Internet routers include the following:
•
•
•
MPLS VPN—OSPF Provider Edge (PE)-Customer Edge (CE) Support
Setting a separate router ID for each interface or subinterface on a provider edge (PE) router attached to multiple customer edge (CE) routers within a VPN provides increased flexibility through Open Shortest Path First (OSPF) when routers exchange routing information among sites. The OSPF Provider Edge (PE)-Customer Edge (CE) feature is supported only on the Cisco 7000 family of routers (7200 and 7500).
For more information, refer to the MPLS Virtual Private Network Enhancements feature in Cisco IOS Release 12.0(7)T.
VPN-Aware PING MIB
The ping MIB supports VPNs. An attribute, VrfName, has been added to the ciscoPingEntry in MIBS/CISCO-PING_MIB.my. This attribute allows the provider-edge router to look up the appropriate VPN routing table while sending a ping packet. If this attribute is NULL (default), a ping packet uses the default VPN routing table.
For descriptions of supported MIBs and how to use them, see the Cisco MIB web site on CCO at http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml.
VPN Routing/Forwarding (VRF) CLI Command
The VPN Routing/Forwarding (VRF) configuration command allows you to enter comments about your VRF configuration.
description <description string>
no description
Here is output from a configuration example:
Router(config)# ip vrf V4Router(config-vrf)# ?IP VPN Routing/Forwarding instance configuration commands:default Set a command to its defaultsdescription VRF specific descriptionexit Exit from VRF configuration modeexport VRF exportimport VRF importmaximum Set a limitno Negate a command or set its defaultsrd Specify Route Distinguisherroute-target Specify Target VPN Extended CommunitiesRouter(config-vrf)# descRouter(config-vrf)# description ?LINE Up to 80 characters describing this VRFRouter(config-vrf)# description This Is My 4th VRF ;-)Router(config-vrf)# endRouter# sh ru | beg V4ip vrf V4description This Is My 4th VRF ;-)rd 1:406route-target export 1:400route-target import 1:400VPN Routing/Forwarding (VRF) ARP Entry Support
The VPN routing/forwarding (VRF) option in the Address Resolution Protocol (ARP) command allows you to configure static ARP entries per VRF.
[no] arp [vrf name] ipaddr hardware-addr {arpa | sap | smds | snap} [{alias | interfaces}]
Here is output from a configuration example:
Router(config)# arp ?A.B.C.D IP address of ARP entryvrf Configure static ARP for a VPN Routing/Forwarding instanceRouter(config)# arp vrf V4 ?A.B.C.D IP address of ARP entryRouter(config)# arp vrf V4 20.1.1.1 0000.0000.0001 arpaVPN Slow-Path Support on Engine 2 at Deaggregation Point (Between PE-P)
You can now have an Engine 2 card in the chassis when you are running VPN. However, full support will be available in a future release.
New Features in Cisco IOS Release 12.0(9)ST
Cisco IOS Release 12.0(9)ST supports the following new features:
•
•
•
Note
MPLS Support on Dynamic Packet Transport (DPT)
Dynamic packet transport (DPT) offers the reliability and restorability typically associated with SONET/SDH transport, without adding unnecessary overhead to IP traffic.
DPT uses dual counter-rotating fiber rings that can concurrently transport data and control traffic. DPT uses the Spatial Reuse Protocol (SRP), which is the media-independent Media Access Control (MAC) layer protocol, for addressing and stripping packets, controlling bandwidth, and controlling message propagation on the packet ring.
Note
DPT (OC-12/STM4) is supported for forwarding and label distribution on the following:
•
•
•
DPT combines the bandwidth-efficient and service-rich capabilities of IP routing with the bandwidth-rich, self-healing capabilities of fiber rings to provide fundamental cost and functionality advantages over existing solutions.
MPLS Traceroute
MPLS-aware traceroute functionality has been added to the traceroute program. When you enter the traceroute user EXEC command, the display output includes the IP address of the router interface through which the traceroute packet is passing, followed by the MPLS label information and the normal trace/ping information.
The following is sample output from the traceroute command:
Router-A# traceroute 14.0.0.1Type escape sequence to abort.Tracing the route to 14.0.0.11 10.0.0.2 [MPLS: Label 138 Exp 0] 0 msec 0 msec 4 msec2 11.0.0.2 [MPLS: Label 138 Exp 0] 0 msec 0 msec 0 msec3 14.0.0.1 4 msec 0 msecMPLS Virtual Private Networks (VPN)
A Virtual Private Network (VPN) is a secure IP-based network that uses a shared backbone to distribute resources on one or more physical networks located in geographically dispersed sites. MPLS-based VPNs make it possible to have highly scalable, highly flexible IP VPNs in Layer 3 without tunneling or encryption.
MPLS VPNs have the following advantages over the current IP VPN solutions that rely on Layer 2 VC, Layer 3 tunnels, or encryption:
•
•
•
•
•
•
End users do not have to modify their IP applications or support MPLS.
MPLS-based VPNs support a variety of Layer 2 technologies (ATM, Frame Relay, Packet over SONET (PoS), and multi-access) for customer access, and in the provider's backbone.
Line cards supported for Cisco 12000 series Internet routers include:
•
•
•
•
Note
Note
Multi-protocol BGP (MP-BGP)—MPLS VPN
Multi-protocol BGP (MP-BGP) provides extensions to BGP-4 as specified in IETF RFC 2283, Multiprotocol Extensions for BGP-4. T. Bates, R. Chandra, D. Katz, and Y. Rekhter. February 1998.
(Format: TXT=18946 bytes) (Status: PROPOSED STANDARD).These extensions enable MBGP to carry different address families. In Cisco IOS Release 12.0(9)ST, MBGP supports the distribution of multicast and MPLS VPN routes. In the future, these MBGP extensions will support the distribution of IPv6 routes.
Limitations and Restrictions
The following sections list limitations that apply to Cisco IOS Release 12.0 ST. These limitations can apply to the Cisco 7200 series routers, the Cisco 7500 series routers, the Cisco 10000 series edge services routers, the Cisco 10720 Internet router, and the Cisco 12000 series Internet routers.
Limitations That Apply to Cisco IOS Release 12.0(21)ST
The following limitations apply to Cisco IOS Release 12.0(21)ST.
Controlling the Rate of Logging Messages on the Cisco 10000 Series Edge Services Router
It is important that you limit the rate that system messages are logged by the Cisco 10000 series ESR. This avoids a situation where the router becomes unstable and the CPU is overloaded. Use the logging rate-limit command to control the output of messages from the system.
We recommend that you configure the logging rate-limit command as follows:
Router(config)# logging rate-limit console all 10 except critical
This command rate-limits all messages to the console to 10 per second, except for messages with critical priority (level 3) or greater.
For more information on the logging rate-limit command, see the Cisco IOS Configuration Fundamentals Command Reference.
Testing Performance of High-Speed Interfaces on the Cisco 10000 Series Edge Services Router
The Cisco 10000 series ESR has multiple queues for all classes of traffic over high-speed interfaces. The software selects a queue based on the source and destination address for the packet. This ensures that a traffic flow always uses the same queue and the packets are transmitted in order.
When the Cisco 10000 series ESR is installed in a real network, the high-speed interfaces work efficiently to spread traffic flows equally over the queues. However, using single traffic streams in a laboratory environment may result in less-than-expected performance.
Therefore, to ensure accurate test results, you should test the throughput of the gigabit Ethernet, POS, or ATM uplink with multiple source or destination addresses.
Tip
Important Notes
The following sections contain important notes about Cisco IOS Release 12.0 ST that can apply to the Cisco 7200 series routers, the Cisco 7500 series routers, the Cisco 10000 series edge services routers, the Cisco 10720 Internet router, and the Cisco 12000 series Internet routers.
Field Notices and Bulletins
•
•
•
•
Important Notes for Cisco IOS Release 12.0(21)ST
The following important notes apply to Cisco IOS Release 12.0(21)ST.
Cisco 12000 Series Internet Router Images Deferred Due to Caveats CSCdx04150, CSCdx04074, and CSCdw94910
Two images in Cisco IOS Release 12.0(21)ST were deferred due to severe defects. These defects have been assigned to Cisco caveat ID CSCdx04150, CSCdx04074, and CSCdw94910. These caveats affect the following images:
•
•
With caveat CSCdx04150, a Cisco 12000 series Internet router may not forward packets from an Engine 4 line card to an Engine 3 or Engine 4 Plus line card. With caveat CSCdx04074, a Cisco 12000 series Internet router may stop traffic forwarding after Fast Reroute has started. With caveat CSCdw94910, a Cisco 12000 series Internet router may not be able to forward traffic. The software solution for these deferred images is Cisco IOS Release 12.0(21)ST1, which is available on Cisco.com.
In order to increase network availability, Cisco recommends that you upgrade affected Cisco IOS images with the suggested replacement software images. Cisco will discontinue manufacturing shipment of affected Cisco IOS images. Any pending order will be substituted by the replacement software images.
Note
The terms and conditions that governed your rights and obligations and those of Cisco, with respect to the deferred images, will apply to the replacement images.
Cisco Discovery Protocol on the Cisco 10000 Series Edge Services Router
Unlike other Cisco routers, on the Cisco 10000 series edge services router the Cisco Discovery Protocol (CDP) is disabled by default. You can enable CDP on an interface using the cdp enable command.
Frame Relay and PPP Sessions on the Cisco 10000 Series Edge Services Router
You can run up to 4200 Frame Relay sessions or 4000 PPP sessions, and you can configure up to 800 BGP peers on the Cisco 10000 series ESR. The router also supports up to 512 Multilink PPP (MLP) protocol sessions.
Note
Limited Availability of Images for the Cisco 12000 Series Internet Routers
The images for the Cisco 12000 series Internet routers for Cisco IOS Release 12.0(21)ST are available on a limited basis. Cisco IOS Release 12.0(21)ST1 provides the generally available set of images for the Cisco 12000 series Internet routers.
show ip bgp dampened-paths and show ip bgp flap-statistics Commands Replaced by show ip bgp dampening Command
The show ip bgp dampened-paths and show ip bgp flap-statistics commands have been replaced by the show ip bgp dampening [dampened-paths | flap-statistics | parameters] command in Cisco IOS Release 12.0(21)S. See the sample output below.
Router# show ip bgp dampening ?
dampened-paths Display paths suppressed due to dampening
flap-statistics Display flap statistics of routes
parameters Display details of configured dampening parameters
The functionality of the dampened-paths and flap-statistics keywords remains the same as in the show ip bgp dampened-paths and show ip bgp flap-statistics commands.
Note
% NOTE: This command will be deprecated soon. Please use 'show ip bgp dampening [dampened-paths|flap-statistics]'The parameters keyword introduces new functionality. The parameters keyword is used to display the details of configured dampening parameters. The following is sample output for the show ip bgp dampening parameters command:
Router# show ip bgp dampening parameters
dampening 10 1590 3000 30
Half-life time : 10 mins Decay Time : 1250 secs
Max suppress penalty: 12720 Max suppress time: 30 mins
Suppress penalty : 3000 Reuse penalty : 1590
Table 13 describes the significant fields shown in the display:
VLAN Session Support on the Cisco 10000 Series Edge Services Router
In Cisco IOS Release 12.0(21)ST, the Cisco 10000 series edge services router provides session support for 4000 802.1Q VLANs.
Important Notes for Cisco IOS Release 12.0(20)ST
The following important notes apply to Cisco IOS Release 12.0(20)ST.
Performance Routing Engine on the Cisco 10000 Series Edge Services Router
Cisco IOS Release 12.0(20)ST is available in two different images for the Cisco 10000 series edge services router (ESR). The correct image to run on the ESR depends on which Performance Routing Engine, PRE or PRE1, is installed in the chassis.
If you attempt to run a Cisco IOS Release 12.0(20)ST image that is incompatible with the PRE that is installed in the chassis, the following warning message is displayed to the console:
Invalid image for this PRE version.When this happens, the Cisco 10000 series ESR is not fully operational. To return to normal operation, you need to reload the system with the appropriate image for the installed PRE.
Note
Table 14 lists the correct image to run for each PRE revision installed in the Cisco 10000 series ESR chassis.
Table 14 Cisco IOS Release 12.0(20)ST images compatible with installed PRE
PRE
c10k-p6-mz
PRE1
c10k-p10-mz
Important Notes for Cisco IOS Release 12.0(12)ST
The following important notes apply to Cisco IOS Release 12.0(12)ST.
Configurable Throttling for Integrated IS-IS
As of 12.0(12)ST, Integrated IS-IS provides configurable throttling of link-state PDU (LSP) generation, Shortest Path First (SPF) calculations, and partial route computations (PRC). For information about the lsp-gen-interval command, spf-interval command, and prc-interval command, refer to the "Integrated IS-IS Commands" chapter of the Cisco IOS IP Command Reference, Volume 2 of 3: Routing Protocols, Release 12.2 and the "Configuring Integrated IS-IS" chapter of the Cisco IOS IP Configuration Guide, Release 12.2.
Caveats
Caveats describe unexpected behavior in Cisco IOS software releases. Severity 1 caveats are the most serious; severity 2 caveats are less serious. Severity 3 caveats are moderate caveats, and only select severity 3 caveats are included in the caveats document.
This section contains open and resolved caveats for Cisco IOS Release 12.0 ST.
Because Cisco IOS Release 12.0 ST and Cisco IOS Release 12.0 S are based on Cisco IOS Release 12.0, many caveats that apply to these releases apply to Cisco IOS Release 12.0 ST. For information on severity 1 and 2 caveats in Cisco IOS Release 12.0, see Caveats for Cisco IOS Release 12.0. This document is located on Cisco.com and the Documentation CD-ROM.
Note
Note
The caveats section consists of the following subsections:
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Resolved Caveats—Cisco IOS Release 12.0(21)ST7
Cisco IOS Release 12.0(21)ST7 is a rebuild of Cisco IOS Release 12.0(21)ST. The caveats listed in this section are resolved in Cisco IOS Release 12.0(21)ST7 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
The following information is provided for each caveat:
Symptoms—A description of what is observed when the caveat occurs.
Conditions—The conditions under which the caveat has been known to occur.
Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•
Symptoms: The no cdp run global configuration command may be deleted from the running configuration file when a subinterface is created after reloading the router.
Conditions: This symptom is observed on a Cisco 12000 series Internet router.
Workaround: Execute the no cdp run global configuration command again.
Miscellaneous
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
•
Symptoms: A Cisco 12000 series Internet router may report incorrect environmental values, as the following environmental logs display:
%ENV_MON-2-VOLTAGE: MBUS 5V supply(slot 1) volts has reached SHUTDOWN level at 5 m(V) %ENV_MON-2-TEMP: Hotpoint temp sensor(slot 17) temperature has reached SHUTDOWN level at 756(C) %ENV_MON-2-VOLTAGE: Card 3.3v supply(slot 17) volts has reached CRITICAL level at 2560 m(V)
Although the environmental logs indicate that the shutdown level has been reached, the router does not shut down the line cards for which the incorrect environmental values are reported.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21)S3, Release 12.0(21)S5, Release 12.0(21)ST2, or Release 12.0(22)S.
Workaround: There is no workaround.
•
Symptoms: A router may reload when a Multiprotocol Label Switching (MPLS) input feature (such as quality of service [QoS] classification, QoS marking, rate limiting, policing, or expression bit accounting) or output feature (such as QoS classification, QoS marking, rate limiting, policing, expression bit accounting, IP precedence accounting, egress NetFlow, MPLS multi-virtual circuit [VC], Virtual Private Network [VPN] routing/forwarding Network Address Translation [VRF-NAT], or VRF-crypto) is configured on a router interface and when MPLS packets that are received by an MPLS router from the core are switched to the customer edge (CE) router through the VRF interface or to a local loopback under a deaggregation scenario.
With certain Cisco IOS releases, the router reload may occur when certain types of Any Transport over Multiprotocol Label Switching (AToM) disposition are performed. The reload can affect any platform that performs software MPLS switching.
The features listed above may not be exhaustive. On some platforms, this software defect may cause alignment errors for MPLS packets that are switched through the deaggregation code path.
Conditions: This symptom may be observed on a router that operates in an MPLS VPN environment.
Workaround: There is no workaround. This symptom does not occur if input and output MPLS features such as the ones listed above are not configured on the PE router.
•
Cisco routers and switches running Cisco IOS software and configured to process Internet Protocol version 4 (IPv4) packets are vulnerable to a Denial of Service (DoS) attack. A rare sequence of crafted IPv4 packets sent directly to the device may cause the input interface to stop processing traffic once the input queue is full. No authentication is required to process the inbound packet. Processing of IPv4 packets is enabled by default. Devices running only IP version 6 (IPv6) are not affected. A workaround is available.
Cisco has made software available, free of charge, to correct the problem.
This advisory is available at
http://www.cisco.com/warp/public/707/cisco-sa-20030717-blocked.shtml
•
Symptoms: Pings from a customer edge (CE) router may fail in an Any Transport over Multiprotocol Label Switching (AToM) network.
Conditions: This symptom is observed when Ethernet over Multiprotocol Label Switching (EoMPLS) AToM is configured.
Workaround: There is no workaround.
•
Symptoms: High CPU utilization may occur when tag switching is enabled on an Engine 2 (E2) line card. Packets may be punted to the Gigabit Route Processor (GRP).
Conditions: This symptom is observed on an E2 line card when incoming traffic is through a Multiprotocol Label Switching (MPLS) interface and outgoing traffic is through an IP interface.
Workaround: Enable MPLS on the IP interface.
•
A Cisco device running IOS and enabled for the Border Gateway Protocol (BGP) is vulnerable to a Denial of Service (DOS) attack from a malformed BGP packet. The BGP protocol is not enabled by default, and must be configured in order to accept traffic from an explicitly defined peer. Unless the malicious traffic appears to be sourced from a configured, trusted peer, it would be difficult to inject a malformed packet. BGP MD5 is a valid workaround for this problem.
Cisco has made free software available to address this problem. For more details, please refer to this advisory, available at http://www.cisco.com/warp/public/707/cisco-sa-20040616-bgp.shtml.
•
Symptoms: On the chassis of a Cisco 12410 Internet router with the primary clock and scheduler card (CSC) located in slot 17, use of the hw-module slot 17 shut EXEC command may cause a FIA-HALT on the Engine 4 (E4) and Engine 4 Plus (E4+) line cards in the router.
Conditions: This symptom is observed on a Cisco 12410 router that is running Cisco IOS Release 12.0(21)S6.
Workaround: Do not use the hw-module slot 17 shut EXEC command.
•
Symptoms: It may take about 10 minutes before a Versatile Interface Processor (VIP) synchronizes with a Cisco Express Forwarding (CEF) table.
Conditions: This symptom is observed after you reload the VIP that has the Single Line Card Reload (SLCR) feature and distributed CEF (dCEF) enabled, when there are about 40,000 prefixes in the CEF table, and when Border Gateway Protocol (BGP) is in stable condition.
Workaround: Increase the interprocess communications (IPC) cache significantly; when there are about 40,000 prefixes, increase the IPC cache using the ipc cache command.
•
Symptoms: Frame Relay (FR) interfaces and subinterfaces may stop forwarding traffic if a packet-queueing application-specific integrated circuit (ASIC) error is detected by Cisco IOS software. Error recovery is invoked, but FR interfaces do not recover properly.
Conditions: This symptom is observed on a Cisco router that is configured with FR.
Workaround: Reload the line card.
•
Symptoms: A memory leak may be observed on a line card with the Multicast Distributed Switching (MDS) line card process when the ip multicast routing global configuration command is enabled while there are tunnel interfaces configured.
Conditions: This symptom occurs when the affected line card runs out of memory because of a memory leak and the MDFS process on the line card attempts to allocate memory. This symptom occurs only when multicast routing is enabled by entering the ip multicast-routing distributed global configuration command when a traffic engineering (TE) tunnel is configured.
Workaround: There is no workaround.
•
Symptoms: A switch fabric card (SFC) switchover may occur, cyclic redundancy
check (CRC) Fabric Interface ASIC (FIA) errors may occur, and the following
error message may be displayed on a Cisco 12400 series:
FABRIC-3-ERR_HANDLE Due to CRC error from slot 8, shutdown the fabric card on
slot 22
Note that the slot numbers (that is, 8 and 22) are just examples.
Conditions: These symptoms are observed after a Cisco 12400 series router that is configured with one or more Engine 4 plus line cards is reloaded with a new Cisco IOS release that causes a maintenance bus (MBus) download condition and while traffic is being processed on the router
Workaround: After the router is reloaded with the new Cisco IOS release, reload the router for a second time.
•
Symptoms: The following error message may be generated often for slot 24 or 25 on a Cisco 12000 series:
%MBUS_SYS-3-NOBUFFER: Message from slot 25 in stream 0 dropped
Conditions: This symptom is observed on a Cisco 12000 series that is running Cisco IOS Release 12.0(21)S5 or Release 12.0(21)S6.
Workaround: There is no workaround.
•
Symptoms: A router may incorrectly encapsulate packets when Multicast Distributed Switching (MDS) is enabled. This causes traffic to be blackholed.
Conditions: This symptom is observed on a Cisco router that is configured with MDS and with a generic routing encapsulation (GRE) tunnel interface.
Workaround: There is no workaround.
•
Symptoms: Packets may be dropped by a 3-port line card for a Cisco 12000 series Internet router.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is configured with a GSR 3-port line card and that is running Cisco IOS Release 12.0(21)ST or Release 12.0(22)S when the following conditions are met:
–
–
–
–
Workaround: Remove the output ACL if possible or use Cisco IOS Release 12.0(23)S or later.
Resolved Caveats—Cisco IOS Release 12.0(21)ST6
Cisco IOS Release 12.0(21)ST6 is a rebuild of Cisco IOS Release 12.0(21)ST. The caveats listed in this section are resolved in Cisco IOS Release 12.0(21)ST6 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
The following information is provided for each caveat:
Symptoms—A description of what is observed when the caveat occurs.
Conditions—The conditions under which the caveat has been known to occur.
Workaround—Solutions, if available, to counteract the caveat.
Basic System Services
•
Symptoms: A Simple Network Management Protocol Version 3 (SNMPv3) user configuration is changed when a router is reloaded.
Conditions: This symptom is observed when an SNMPv3 user is created using message digest 5 (MD5) authentication by entering the following commands:
snmp-server group [group-name] v3 auth
snmp-server user [user-name] [group-name] v3 auth md5 [password]
The engine ID is then changed by entering the following command:
snmp-server engineID local 00000009020000024B0008FE
An SNMP walk is performed by entering the following command, the configuration is saved, and the router is reloaded.
Incoming SNMP packet : v3 packet security model: v3 security level:
auth username: abcdefghij
The router is reloaded, and a second SNMP walk is performed by entering the following command:
snmpwalk -v3 -u abcdefghij -A abcdefghij -a MD5 -1 AuthNoPriv device-name
After the second SNMP walk is performed, the command does not generate any output and the following debug header output is displayed when the debug snmp EXEC command is entered:
Incoming SNMP packet : v3 packet security model: v3 security level:
no auth : username: abcdefghij
Workaround: Do not change the default engine identity (ID).
•
Symptoms: A NPE-200 network processing engine for Cisco 7200 series routers may experience memory corruption issues.
Conditions: This symptom may occur during periods of high traffic, with packet sizes greater than 1524 bytes, and may seemingly be associated with port adapter (PA) rearrangements.
Workaround: Attempt port adapter rearrangement, or upgrade to a Cisco IOS release that contains the software workaround (Release 12.0(23.03)S and later).
Interfaces and Bridging
•
Symptoms: A single-port Fast Ethernet 100BASE-TX port adapter (PA-FE-TX) on a Cisco 7206VXR router may stop receiving burst traffic packets.
Conditions: This symptom is observed on a PA-FE-TX.
Workaround: This symptom can be cleared by entering the shutdown interface configuration command followed by the no shutdown interface configuration command on the PA-FE-TX interface.
IP Routing Protocols
•
Symptoms: A Cisco 7200 series router may experience a memory leak.
Conditions: This symptom is observed on a Cisco 7206VXR provider edge (PE) router that is running Cisco IOS Release 12.1(5a) in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) network. The memory leak is caused by the Border Gateway Protocol (BGP) I/O process and occurs at the rate of 100 to 130 KB per hour (about 2.5 to 3 MB per day) after the show memory summary | incl BGP privileged EXEC command is entered. This situation occurs regardless of whether the BGP neighbor is flapping.
The show memory summary | incl BGP privileged EXEC command indicates that the "BGP (1) update" function allocates memory without deallocating it again after the process is completed.
The following is command output from the show processes memory | incl BGP privileged EXEC command:
Router# show processes memory | incl bgp
PID TTY Allocated Freed Holding Getbufs Retbufs Process ... 104 0 3522569548 2139398320 21965976 297916 5184 BGP I/O ...
The following is command output from the show memory summary | incl BGP privileged EXEC command:
Router# show memory summary | incl bgp
Alloc PC Size Blocks Bytes What ... 0x607C42E0 65496 333 21810168 BGP (1) update ....
Workaround: Stop the session by using the clear ip BGP privileged EXEC command.
•
Symptoms: After an interface is detached from a Virtual Private Network (VPN) routing/forwarding (VRF) instance using the no ip vrf forwarding vrf-name command, the adjacency information associated with the removed interface still shows up in the VRF table.
Conditions: The conditions under which this symptom occurs are not known at this time.
Workaround: There is no workaround.
•
Symptoms: An unusually formatted Multicast Source Discovery Protocol (MSDP) packet may cause a memory corruption to occur and a router to reload.
Conditions: This symptom is observed on a Cisco router that has a peer relationship with a vendor router.
Workaround: If this symptom is observed on a Cisco router that has a peer relationship with a vendor router, enter the ip msdp shutdown peer-address global configuration command to shut down the peer relationship with the vendor router.
•
Symptoms: Configuring OSPF (Open Shortest Path First) sham links in a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) environment may cause a memory leak in the OSPF router process.
Conditions: This symptom is observed in a MPLS-VPN environment. The area [area-id] sham-link [source-address] [destination-address] cost [number] global configuration command is used and OSPF adjacency is formed over the sham-link. Each time an OSPF acknowledgment is sent over the sham-link, some memory is allocated that is never freed.
Workaround: There is no workaround.
Miscellaneous
•
Symptoms: The slow path (process-switched path) is broken on a Cisco 12000 series Engine 4 and Engine 4 Plus line card.
Conditions: This symptom is observed in an IP to Multiprotocol Label Switching (MPLS) environment. Note that the fast path (hardware-switching path) is not affected.
Workaround: There is no workaround.
•
Symptoms: The fix for CSCdx47695, integrated into Cisco IOS Release 12.0(21)S3, introduced a throttling mechanism that may be used when the physical layer interface module (PLIM) is congested. The throttling mechanism prevents interfaces or a bundle, or both, from flapping when bidirectional traffic with small packets is sent through either a 6-port channelized T3 line card or a 2-port channelized OC-3/STM-1 (DS1/E1) line card.
The throttling mechanism produces a severe performance impact, although no link flaps occur.
Conditions: This symptom is observed on a Cisco 12000 series Internet router.
Workaround: There is no workaround. The fix for this caveat consists of a knob for the throttling.
•
Symptoms: A Cisco 7500 series router may reload at a packet enqueue utility.
Conditions: This symptom is observed on a Cisco 7500 series router that is running Cisco IOS Release 12.0(22)S when all of the following conditions are met.
–
–
–
–
Workaround: Avoid the situation in which all of the above-mentioned conditions take place concurrently. For example, when a FR link is configured on a VIP interface and traffic shaping is required, use distributed FRTS, or unconfigure FRTS while user traffic is low so as not to activate the shaping function.
•
Symptoms: A Cisco 12416 router, that is running Cisco IOS Release 12.0(21)ST2 does not load-balance traffic properly between two OC-48 packet-over-SONET (POS) interfaces (Engine 2 line cards).
Conditions: It has been observed that when a Cisco 12000 series Internet router has incoming traffic from an Engine 4 card and outgoing traffic toward Engine 2 parallel links, load balancing does not work properly. The symptom does not seem to occur when the incoming card has been changed to an Engine 2 card.
Workaround: There is no workaround.
•
Symptoms: Performance degradation may occur on an Engine 4 Plus line card when traffic engineering (TE) tunnel load balancing is enabled.
Conditions: This symptom is observed on a Cisco 12000 series Internet router running Cisco IOS Release 12.0(22.3)S.
Workaround: There is no workaround.
•
Symptoms: When a Cisco 12000 series Engine 3 line card receives a tag packet with an IP version 4 (IPv4) packet that has options underneath it or with a non-IPv4 packet such as an IP version 6 (IPv6) packet, the packet may be sent to the line card CPU for processing.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21)ST2.
Workaround: There is no workaround.
•
Symptoms: Traffic is not sent through a network when an Asynchronous Transfer Mode (ATM) link is used between a Cisco customer edge (CE) router and a Cisco provider edge (PE) router.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running the gsr-p-mz image of Cisco IOS Release 12.0(23)S.
Workaround: There is no workaround.
•
Symptoms: When the loopback remote line interface configuration command is executed on a 6-port channelized T3 line card, the command may fail and may cause a T1 connection to flap.
Conditions: This symptom is observed on both American National Standards Institute (ANSI) and Bell Communications Research (Bellcore) loopbacks on networks that are sensitive to T1 framing errors.
When the loopback remote line configuration command is executed, the line card causes a brief change of frame alignment (COFA) error. Normally, this error goes unnoticed. However, some devices react to these errors with an alarm indication signal (AIS). Each time the loopback request is initiated (if the T1 connection is configured for remote loopbacks each time the T1 connection comes up), the AIS brings down the T1 connection.
The actual commands would be as follows:
t1 1 loopback remote line fdl ansi
t1 1 loopback remote line fdl bellcore
Workaround: There is no workaround.
•
Symptoms: The following error messages may be generated on a Cisco 12000 series Engine 4 Plus (E4+) OC-192 line card:
SLOT 6: %RX192-3-HINTR: status = 0x4000000, mask = 0x7EFFFF FF - Parity error on rx_pbc_mem. -Traceback= 4039CEF0 4044ECEC 400C85B0 SLOT 6: %SYS-2-INTSCHED: 'sleep for' at level 7 -Process= "CEF IPC Background", ipl= 7, pid= 52 -Traceback= 400CABB8 400B9D24 403F5EB0 4044E040 400CEAE4 400C7108 SLOT 6: %SYS-2-INTSCHED: 'sleep for' at level 7 -Process= "CEF IPC Background", ipl= 7, pid= 52 -Traceback= 400CABB8 400B9D24 403F5EB0 4044E040 400CEAE4 400C7108
Cisco Express Forwarding (CEF) on the E4+ OC-192 line card may become disabled, and the associated port stays in an "Up/Up" state.
Conditions: This symptom is observed on a Cisco 12000 series router that is running the gsr-k4p-mz image of Cisco IOS Release 12.0(21)S3 or the gsr-p-mz image of Cisco IOS Release 12.0(21)ST2.
Workaround: Enter the microcode reload slot- number global configuration command on the Engine 4 Plus (E4+) OC-192 line card.
•
Symptoms: A Cisco 12000 series Engine 2 line card may generate the following error messages:
SLOT 14: %LCPOS-3-SOP: TX:BadLenCtr. Source=0x1 (Plim), halt_minor0=0x8001 (1000 0000 0000 00sl, s/l=TooShort/long) SLOT 14: %GSR-3-INTPROC: Process Traceback= 400CCE60 400C90F0 40010A24 -Traceback= 4033F424 4044ED54 400C88B0
Conditions: This symptom is observed when switch fabric is removed and reinserted on a Cisco 12000 series router while traffic is flowing.
Workaround: There is no workaround.
•
Symptoms: The IP Source Tracker feature unexpectedly stops functioning on a line card, and packets for the source-tracked destination are not forwarded because the IP Source Tracker feature is stuck in the throttling mode.
Conditions: This symptom is observed on a Cisco 12000 series Engine 2 line card. To determine if the line card is in the above-mentioned condition, enable the debug line card hw-throttle command. If the following message recurs every two seconds (even when there is low CPU utilization), the IP Source Tracker feature is stuck in the throttling mode.
SLOT 0: GLC_HW: Disabled HW DOS throttling (CPU at 0%, sched skew: -1%)
Workaround: Reload the line card.
•
Symptoms: Under certain conditions, the Cisco 12000 series Internet router Engine 2 Packet-over-SONET (POS) line card can get busy collecting statistics for the locally assigned Multiple Protocol Label Switching (MPLS) label entries and lose the outgoing labels entries for those prefixes. All the prefixes show up as untagged and reachability to those prefixes can be adversely affected.
Conditions: This symptom is observed on a Cisco 12000 series Internet router Engine 2 POS line card.
Workaround: Reset the line card to recover.
•
Symptoms: A router may loop indefinitely when a Simple Network Management Protocol (SNMP) walk is performed against certain objects. (Examples of these objects are ifDescr, ifMTU, and ifInOctets, etc.) The SNMP walk will not cycle if a specific interface is specified, such as ifDescr.1.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running 12.0(21)S2. This may occur only in a situation where Multilink Frame Relay (MFR) interfaces are configured.
Workaround: Reload the router.
•
Symptoms A destination interface may not have a value in the NetFlow cache (the destination interface may be null), but it should have a value.
Conditions This symptom is observed when the egress interface is on a Cisco 12000 series Engine 0 line card and a rate limit access list is applied to the egress interface. The rate limit access list may not cause packets to be dropped, but the destination interface is null in the NetFlow cache.
Workaround Disable the rate limit on the output interface.
•
Symptoms: A memory leak may be observed on a line card.
Conditions: This symptom is observed on the line card of a Cisco 12000 series Internet router after Netflow is disabled on the last interface of a line card that has NetFlow enabled. This symptom is observed while there are more than 1900 flow records in the NetFlow cache of the line card.
Workaround: Keep NetFlow enabled on at least one interface on the line card.
•
Symptoms: An Engine 2 (E2) line card may reload after it reboots.
Conditions: This symptom is observed on the E2 line card of a Cisco 12000 series Internet router that is running the gsr-p-mz image of Cisco IOS Release 12.0(23)S. The E2 line card is configured with 128 line access control list (ACLs), Virtual Private Network (VPN), and has Frame Relay configured on one of the interfaces.
Workaround: There is no workaround.
•
Symptoms: An Engine 2 line card is reloaded by a bus error after a Cisco 12000 series Internet router restarts by entering the reload command or powering off and on or after the line card is reloaded.
Conditions: Before this symptom occurs, one or both of the following messages are displayed.
%GRP-3-FABRIC_UNI: Unicast send timed out (1) %LCGE-3-SOP: TX:BadLenCtr. Source=0x1 (Plim), halt_minor0=0x8002 (1000 0000 0000 00sl, s/l=TooShort/long)
Once the line card becomes stable, this symptom does not occur until the router reloads or the line card reloads. The trigger of this symptom is not clear. But this symptom is seen on a router that has the following conditions:
–
–
–
–
–
–
Workaround: There is no workaround.
•
Symptoms: A Cisco 12000 series Internet router that is configured with an output ACL applied in ingress E2 may not work. This symptom is caused by snf overriding the registers that 448 ACLs use even though enf is not configured. This caveat is introduced by the fix of CSCdy86210.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(23)S.
Workaround: There is no workaround.
•
Symptoms: Packet drops may occur in the Cisco Express Forwarding (CEF) and distributed Cisco Express Forwarding (dCEF) paths after a router has been reloaded and a ping is sent (through the router) to the IP address of a directly connected customer edge (CE) router.
Conditions: This symptom is observed on a Cisco 7500 series router. The CE router in this configuration is connected to a Fast Ethernet Virtual Private Network (VPN) routing/forwarding (VRF) dot1q subinterface on a provider edge (PE) router that has the mpls netflow egress interface configuration command enabled.
Workaround: On the PE router, manually ping the IP address of the directly connected CE router and enable the relevant Address Resolution Protocol (ARP) entries to be populated.
First Alternate Workaround: Disable the mpls netflow egress interface configuration command on the subinterface by using the no form of this command.
Second Alternate Workaround: Add a static ARP entry for the VRF subinterface by entering the arp vrf [vrf-name] [ip-address] [mac-address] arpa global configuration command.
Third Alternate Workaround: Enter the clear arp-cache privileged EXEC command on the destination CE router.
•
Symptoms: A line card may generate packet switch application-specific integrated circuit (ASIC) (PSA) error messages and stop sending traffic. The following output may be observed when the show interface gigabit ethernet interface EXEC command is entered.
%LC-3-PSAERRS: PSA PSA_CPU_GS_INT error 4
%LC-3-PSAERR: PSA error: if_err 0 adr FC00002C c md 5 data 0 pipe 0,fs 0,prep 0 (pc 1EC),pop 0 (pc 19F),plu 0,tlu 0,plu sdram 0 a dr 0 synd 0 check 4D00,tlu sdram 0 adr 0 synd 0 check 0,ssdram 0 adr 0,gather 0, pl 1822D92,plmuxcnts 61, pludefpsr 22000, plupsr 22000, pludsr 0
Conditions: This symptom is observed on the 3-port Gigabit Ethernet line card of a Cisco 12000 series Internet router.
Workaround: There is no workaround.
•
Symptoms: The CPU of a Versatile Interface Processor (VIP) may exhibit persistently high CPU utilization values.
Conditions: This symptom is observed on the CPU of a VIP on a Cisco 7500 series router or Cisco 12000 series line card and does not directly impact the operation of the router. This symptom is a rare race condition and may occur with parallel paths. When this symptom occurs, the output of the show mpls forwarding-table EXEC command may no longer display accurate counters.
Workaround: There is no workaround. Reload the microcode of the affected line card to restore normal operation.
•
Symptoms: "ALPHA" errors may be observed on the ingress or egress interfaces of a Cisco 12000 series 4-port OC-12c/STM-4c Packet-over-SONET (POS) Synchronous Digital Hierarchy IP Services Engine line card, and the following error messages are generated:
%EE48-3-ALPHAERRS: TX ALPHA: ALPHA_CPU_PIPELINE_CTRL_INT error 1 SLOT 2: %EE48-3-ALPHAPAIR: TX ALPHA: POP PAIR
Conditions: This symptom is observed if the shape, bandwidth, random detect, or priority value is configured and if both the set-ip-dscp-value quality of service (QoS) policy map configuration command and the set mpls experimental policy-map configuration command are disabled.
Workaround: Remove the transmit (TX) service policy and use Per Interface Rate Control (PIRC) instead.
Additional Notes: The same symptom may occur when an error recovery is performed for hardware failures such as data path parity errors. The symptom under those circumstances would be a failed recovery. There is no workaround for the occurrence of this symptom when an error recovery is performed.
•
Symptoms: Open Shortest Path First (OSPF) or Intermediate System-to-Intermediate System (IS-IS) protocol adjacencies may be incomplete.
Conditions: This symptom is observed on a Cisco router after it is loaded with Cisco IOS Release 12.0(21)ST5. This symptom may affect connectivity across Engine 2 (E2) interfaces.
Workaround: There is no workaround.
•
Symptoms: After a switchover for some of the routes on a Cisco 10008 router, the tag_rewrite data structure values are zeroes, which causes packets to be dropped. This symptom is seen only for untagged entries. For aggregate entries, the values are set properly.
Conditions: This symptom is seen only when the provider edge (PE) to customer edge (CE) link is IP unnumbered.
Workaround: Use the clear adjacency EXEC command to clear the Cisco Express Forwarding (CEF) adjacency table.
•
Symptoms: Multilink adjacencies may show up as invalid.
Conditions: This symptom is observed on the Engine 3 (E3) Quad OC-12 line card of a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(21)S3. It may not be possible to clear this symptom by entering the clear cef linecard EXEC command or by reloading the microcode on the line card.
Workaround: There is no workaround.
•
Symptoms: An Engine 3 (E3) 4-port OC-12 (4xOC-12) or Engine 3 OC-48 Packet over SONET (POS) line card may reload and generate traceback messages.
Conditions: This symptom is observed when the gsr-p-mz image of Cisco IOS Release 12.0(24)S is loaded on a Cisco 12406 router in an Autonomous System Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) of an IP version 4 (IPv4) Border Gateway Protocol (BGP) label distribution environment. The E3 4xOC-12 line card may be operating either in the channelized mode or the POS mode.
Workaround: No workaround is necessary as the line cards will recover without user intervention.
•
Symptoms: A Cisco 12000 series Internet router may reload because of a bus error.
Conditions: This symptom is observed on a Cisco 12000 series that has dual Gigabit Route Processors (GRP) and that is operating in the Route Processor Redundancy (RPR) mode. This symptom is observed after the Cisco 12000 series is upgraded to Cisco IOS Release 12.0(23)S.
Workaround: There is no workaround.
•
Symptoms: Switch fabric cards (SFCs) may fail on a Cisco 12410 router.
Conditions: This symptom is observed when there is an upgrade to a Cisco IOS release.
Workaround: There is no workaround.
•
Symptoms: When a parity error occurs on an Engine 4/4P line card, the packet and byte counters may not be accurate.
Conditions: This symptom is observed on a Cisco 12000 series Internet router.
Workaround: There is no workaround.
•
Symptoms: Cisco devices that run Cisco IOS software and contain support for the Secure Shell (SSH) server are vulnerable to a Denial of Service (DoS) if the SSH server is enabled on the device. A malformed SSH packet directed at the affected device can cause a reload of the device. No authentication is necessary for the packet to be received by the affected device. The SSH server in Cisco IOS software is disabled by default.
Conditions: This symptom is observed on all Cisco devices that run Cisco IOS software and contain support for the SSH server.
Workaround: Cisco will be making free software available to correct the problem as soon as possible.
The malformed packets can be generated using the SSHredder test suite from Rapid7, Inc. Workarounds are available. The Cisco PSIRT is not aware of any malicious exploitation of this vulnerability.
This advisory is available at http://www.cisco.com/warp/public/707/ssh-packet-suite-vuln.shtml.
•
Symptoms: The tag forwarding counter may no longer function when parity errors occur on an Engine 4 Plus (E4+) line card.
Conditions: This symptom is observed on a Cisco 12000 series Internet router.
Workaround: There is no workaround.
TCP/IP Host-Mode Services
•
Symptoms: A data-link switching (DLSw) peer may pause indefinitely in the AB_PEND state, and a TCP session may pause indefinitely in the SYNSENT state.
Conditions: This symptom is observed after an IP outage occurs between two DLSw routers.
Workaround: Use the show tcp brief EXEC command to determine the Transmission Control Block (TCB) of the paused TCP session. Enter the clear tcp tcb address privileged EXEC command to clear the TCB of the paused TCP session. The DLSw peers will reconnect as long as there is IP connectivity between the DLSw peers.
•
Symptoms: A Cisco 12000 series 4-port OC-48 Engine 4 Plus (E4+) line card may reset because of interprocess communications (IPC) failures.
Conditions: This symptom is observed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(22)S2. Even if one increases the line card memory pool for the Cisco Express Forwarding (CEF) queuing messages by entering the ip cef linecard ipc memory 25000 global configuration command and the cache size is increased by entering the ipc cache 15000 command and the ipc cache 5000 slot all command, the symptom still occurs.
Workaround: There is no workaround.
•
Symptoms: A router may fail because of a bus error.
Conditions: This symptom is observed if the show environment all EXEC command or the show environment internals EXEC command is entered while an online insertion and removal (OIR) procedure is in process.
Workaround: Do not enter the show environment all EXEC command or the show environment internals EXEC command while an OIR is in progress.
•
Symptoms: A traceback condition exists on an Engine 2 (E2) line card of a Cisco 12000 series Internet router with VPN Routing and Forwarding (VRF) configured on a regular Frame Relay (FR) packet-over-SONET (POS) interface.
Conditions: This symptom is observed on the E2 line card of a Cisco 12000 series Internet router that is running the gsr-p-mz image of Cisco IOS Release 12.0(21)ST5. With VRF configured on the same interface, traceback starts to show. It also becomes impossible to ping on this interface, and injecting traffic to this interface (FR sub VRF) causes a permanent pause.
Workaround: There is no workaround.
•
Symptoms: Traffic that is destined for certain loadsharing paths may be dropped or switched to an incorrect destination.
Conditions: This symptom is observed if the no cos gsr tx global configuration command is entered on a Cisco router that has an Engine 4 (E4) line card on the ingress side and a loadsharing or multiple path on the egress side.
Workaround: Remove the extra loadsharing paths and consolidate the extra loadsharing paths into one single outgoing path or remove the no cos gsr tx global configuration command. After the no cos gsr tx global configuration command is removed from the configuration, there may be an increase in the hardware memory requirement on all E4 line cards on the router.
•
Symptoms: In the Carrier Supporting Carrier (CSC) setup, an Engine 2 (E2) 4xOC-12 Packet-over-SONET (POS) line card may show power supply A (PSA) errors and reset after the router reloads.
Conditions: This symptom is observed on the E2 line card of a Cisco 12000 series Internet router that is running the gsr-p-mz image of Cisco IOS Release 12.0(21)ST5 in a Carrier Supporting Carrier (CSC) provider edge (PE) router, after router reload.
Workaround: There is no workaround.
•
Symptoms: A Cisco 7500 series router or a Cisco 12000 Internet series router could experience a reload of either the Versatile Interface Processor (VIP) or the line card with the following message:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout, process = TFIB Stats Background
Conditions: Cisco IOS releases with the fix for the caveat CSCdz32988 may show these symptoms. These symptoms affect only platforms that perform distributed Multiprotocol Label Switching (MPLS) forwarding. Cisco IOS releases that may contain this symptom include 12.0(21)S, 12.0(22)S, 12.0(23)S, 12.1 and its derivatives and 12.2 mainline. Cisco IOS releases 12.2 T and the latest 12.0 S software are not susceptible to this symptom.
Workaround: Disable the stats aggregation using the no tag aggregate hidden command.
•
Symptoms: IP Multicast hardware counter memory is not freed on an Engine 4/4 Plus line card after multicast routes are cleared from the routing table.
Conditions: This symptom only occurs when the Engine 4/4 Plus line card runs out of mtrie node memory, for example when the routes in the router are more than the line card can handle.
Workaround: There is no workaround.
•
Symptoms: If a 3*GE Engine 2 (E2) line card is configured for .1q VLAN operation and an inbound access control list (ACL) is applied to the main interface, the line card will be paused by the Gigabit Route Processor (GRP), reporting Fabric Unicast timeout errors. Note that 3*GE E2 line cards do not support per subinterface ACL processing.
Conditions: This symptom is seen with both normal and extended ACLs running Cisco IOS 12.0(24)S, 12.0(24.1)S, and 12.0(24.2)S. The line card will continue to pause until the ACL is either removed from the interface configuration or ACL is removed from the configuration using the no access-list [access-list-number] global configuration command.
Workaround: There is no workaround.
•
Symptoms: When resetting the secondary gigabit route processor (GRP) with the break key on a Cisco 12000 series dual-RP router, the primary gigabit route processor pauses, then permanently pauses on watchdog timeout:
Jan 30 00:11:15.216 PST:
%SYS-2-WATCHDOG: Process aborted on watchdog timeout
process = Fabric ping
Conditions:This occurs regardless of the redundancy mode (RPR, RPR-plus and SSO) and may impact the process of replacing a defective slave GRP hardware.
Workaround: There is no workaround.
Resolved Caveats—Cisco IOS Release 12.0(21)ST5
Cisco IOS Release 12.0(21)ST5 is a rebuild of Cisco IOS Release 12.0(21)ST. The caveats listed in this section are resolved in Cisco IOS Release 12.0(21)ST5 but may be open in previous Cisco IOS releases. This section describes only severity 1 and 2 caveats.
The following information is provided for each caveat:
Symptoms—A description of what is observed when the caveat occurs.
Conditions—The conditions under which the caveat has been known to occur.
Workaround—Solutions, if available, to counteract the caveat.
•
Symptoms The ip address negotiated interface configuration command must be applied to the configuration of an interface before any other PPP commands.
Conditions This symptom is observed when the on-demand address pool (ODAP) on-board Dynamic Host Configuration Protocol (DHCP) server is used.
Workaround There is no workaround.
•
Symptoms On a router that is configured as a provider edge (PE) router with multiple Virtual Private Network (VPN) routing/forwarding (VRF) instances, the VRF routing table may not be imported to the same PE router when routes are imported between the VRFs even when the PE router is displayed on the Border Gateway Protocol (BGP) VPN4 table.
Conditions This symptom is observed on a PE router in a Multiprotocol Label Switching (MPLS) and VPN environment.
Workaround There is no workaround.
•
Symptoms A router may reload.
Conditions This symptom is observed during the execution of the no e1 1 channel-group 0 command on the controller of a Multi-Channel E3 port adapter on a Cisco 7200 series router that is configured for IP routing.
Workaround Shut the interface down and then remove the channel group.
•
Symptoms Packets with a valid source IP address that is reachable via tag switching are not passed through.
Conditions This symptom is observed when you have unicast Reverse Path Forwarding (uRPF) configured on a Cisco 12000 series Internet router.
Workaround There is no workaround.
•
Symptoms If a peer advertises a replacement path (with the same MED as in the original path), the new path will be inserted in the original path's position. In other words, the replacement path may not be grouped with paths from the same autonomous system number (ASN) (as deterministic-med should). The ordering may result in incorrect routing, including routing loops.
Conditions This symptom is observed on a Border Gateway Protocol (BGP) router using deterministic-med.
Workaround There is no workaround. However, once the router is in the incorrect state, the situation can be corrected by disabling deterministic-med and then reenabling it.
•
Symptoms When a provider edge (PE) router must advertise a large number of Virtual Private Network version 4 (VPNv4) prefixes to another PE router, the initial convergence time may be very long (more than 20 minutes) or convergence may never occur. One symptom of this caveat is that the number of Border Gateway Protocol (BGP) messages used to propagate the VPNv4 prefixes may be greater than the number of prefixes.
Conditions This symptom is observed when a PE router must advertise a large number of VPNv4 prefixes to another PE router.
Workaround There is no workaround.
•
Symptoms Virtual Private Network (VPN) routing/forwarding (VRF) VLAN packet switch ASIC (PSA) registry memory does not reinitialize when another PSA loads and then unloads, because higher-priority PSA features are being configured and then unconfigured. This situation prevents VRF VLAN forwarding to function.
Conditions This symptom is observed on a Cisco 12000 series Internet router.
Workaround There is no workaround.
•
Symptoms Pings cannot be sent to a peer router through an interface that has VLANs configured after the router that is sending the pings reloads.
Conditions This symptom is observed on a Gigabit Ethernet line card that is installed on a Cisco 12000 series Internet router that is running Cisco IOS Release 12.0(19)ST4.
Workaround Enter the hw-module slot number reload EXEC command to reset the line card.
•
Symptoms A Route Processor (RP) may boot up with the boot helper image instead of the regular image, or a Cisco 12000 series line card that is configured under the primary RP may reset because of interprocess communications (IPC) failures and generate the following error message:
* UTC: %FIB-3-FIBDISABLE: Fatal error, slot 0: IPC Failure: timeout
The two above mentioned symptoms are mutually exclusive.
Conditions These symptoms are observed on a Cisco 12000 series router when the router is configured with a primary RP and a standby RP and you load the gsr-boot-mz image from Bootflash using the boot system tftp global configuration command.
Guest
