Table Of Contents
Configuring Layer 3 and Layer 4 Features
Layer 3 and Layer 4 Security ACL on Service Instance
Restrictions and Usage Guidelines
Configuring on a Service Instance
Configuring on a Port-Channel
Examples
Verification
Inline Video Monitoring on the Cisco 7600 Router
Media Delivery Index
Support for IP Delay Variation for 7600 Inline Video Monitoring
Internet Protocol-Constant Bit Rate (IP-CBR)
Support MPLS Encapsulation for 7600 Inline Video Monitoring
Configurable MPEG Video PIDs for Inline Video Monitoring
RTP Metrics support for 7600 Inline Video Monitoring
RTP Metrics
Support Switch-Port Interfaces for 7600 Inline Video Monitoring
Support PPPoE Encapsulation for 7600 Inline Video Monitoring
Inline Video Monitoring Support of MDI Metrics for RTP Encapsulated Flows
Inline Video Monitoring Support for Availability Metrics
Inline Video Monitoring Support for Uncompressed Video
Restrictions for Inline Video Monitoring
Supported Interfaces
Ingress and Egress Interfaces
Monitored Video Flows
Alerts and Event Notifications
Media Stop Events
Threshold Crossing Alerts
Flow Monitoring and Metric Computation
Provisioning the Metric
Verifying the Configuration
Troubleshooting the Inline Video Monitoring Implementation
Supported MIBs
IP Tunneling - IPv6 Rapid Deployment
Understanding IPv6 Rapid Deployment
Restriction for IPv6 Rapid Deployment.
Supported Features
Configuring IPv6 Rapid Deployment on the Cisco 7600 series router Platform
Configuring 6RD
Verifying the Configuration
Troubleshooting Tips
VRF aware IPv6 Rapid Deployment (6RD) tunnels
Restriction for VRF aware 6RD tunnels
Configuring VRF aware 6RD tunnel
Configuring IPv6 Overlay Addresses in VRF and IPv4 Transport Addresses in Global RT
Configuring IPv6 overlay addresses in VRF and IPv4 transport addresses in VRF
Verifying the Configuration
Troubleshooting
VRF aware IPv6 Tunnels over IPv4 Transport
Restrictions for VRF aware IPv6 tunnels
Configuring VRF aware IPv6 tunnel
Configure IPv6 overlay addresses in VRF and IPv4 transport addresses in Global RT
Configure IPv6 overlay addresses in VRF and IPv4 transport addresses in VRF
Verifying the Configuration
Troubleshooting Tips
IPv6 over IPv4-GRE Tunnels
Restrictions for IPv6 over IPv4-GRE tunnel
Configuring IPv6 over IPv4-GRE tunnel
Configure IPv6 traffic over IPv4-GRE
Configure VRF Aware IPv6 over IPv4-GRE Tunnel
Verifying the Configuration
Troubleshooting Tips
IPv6 Policy Based Routing
Policy Based Routing
Packet Matching
Packet Forwarding Using Set Statements
Restrictions for IPv6 PBR
Configuring IPv6 PBR
Configuring Layer 3 and Layer 4 Features
This chapter provides information about configuring Layer 3 and Layer 4 features on the Cisco 7600 Series Ethernet Services Plus (ES+) line card family (ES+, ES+T, ES+XT, ES+XC). It includes the following topics:
•
Layer 3 and Layer 4 Security ACL on Service Instance
•Inline Video Monitoring on the Cisco 7600 Router
•IP Tunneling - IPv6 Rapid Deployment
–VRF aware IPv6 Rapid Deployment (6RD) tunnels
•VRF aware IPv6 Tunnels over IPv4 Transport
•IPv6 over IPv4-GRE Tunnels
•IPv6 Policy Based Routing
For more information about the commands used in this chapter, see the Cisco IOS Release 12.2 SR Command References at http://www.cisco.com/en/US/products/ps6922/prod_command_reference_list.html.
Note The information provided in this chapter is applicable to all the ES+ line card family unless specified otherwise.
Layer 3 and Layer 4 Security ACL on Service Instance
An ACL consists of a series of statements called ACL entries that define the network traffic profile. Each entry permits or denies network traffic (inbound and outbound) to the parts of your network specified in the entry. Each entry also contains a filter element that is based on criteria such as the source address, the destination address, the protocol, and protocol-specific parameters such as ports and so on.
The Layer 3 and Layer 4 ACLs on Service Instance feature permits you to configure ACLs under an Ethernet Virtual Circuit (EVC) on the Cisco 7600 Series ES+ line cards. Cisco IOS Release 15.1(1)S supports EVC port-channels.
Restrictions and Usage Guidelines
When configuring the Layer 3 and Layer 4 Security ACL on Service Instance feature on Cisco 7600 Series ES+ line cards, follow these restrictions and usage guidelines:
•8000 unique ACLs are supported per NP
•8000 ACEs are supported per ACL with only single ACL present
•8000 EVCs are supported per NP
•If TCAM is full, filtering is not supported
•IPv6 ACLs are not supported
•Operators for Layer 4 attributes are not supported
•time-range, dynamic range, and acl log are not supported
•Layer 2 and Layer 3 ACLs cannot coexist on the same service instance
•8000 access control entries (ACEs) per ACL on EVC
•The number of uniquely defined ACLs on the chassis is not affected by support on service instances
•ACL configuration with ACEs that contain type of service (ToS) configuration is not supported, but differentiated services code point (DSCP) is supported
•IP options are not supported.
Configuring on a Service Instance
SUMMARY STEPS
1. enable
2. configure terminal
3. interface gigabitethernet slot/port or interface tengigabitethernet slot/port
4. [no] ip address
5. service instance id ethernet [service-name]
6. ip access-group {access-list-name | access-list-number} {in | out}
DETAILED STEPS
| |
Command
|
Purpose
|
Step 1
|
enable
Example:
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
interface gigabitethernet slot/port
or
interface tengigabitethernet slot/port
Example:
Router(config)# interface
gigabitethernet 4/1
|
Specifies the Gigabit Ethernet or the Ten Gigabit Ethernet interface to configure, where:
•slot/port—Specifies the location of the interface.
|
Step 4
|
[no] ip address
Example:
Router(config-if)# no ip address
|
Assigns an IP address and subnet mask to the EtherChannel.
|
Step 5
|
service instance id ethernet
[service-name]
Example:
Router(config-if)# service instance 101
ethernet
|
Creates a service instance (an instantiation of an EVC) on an interface and sets the device into the config-if-srv submode.
|
Step 6
|
ip access-group {access-list-name |
access-list-number} {in | out}
Example:
Router(config-if-srv)# ip access-group
101 out
|
Applies an IP access list to an interface.
|
Configuring on a Port-Channel
SUMMARY STEPS
1. enable
2. configure terminal
3. interface port-channel number
4. [no] ip address
5. service instance id ethernet [service-name]
6. ip access-group {access-list-name | access-list-number} {in | out}
DETAILED STEPS
| |
Command
|
Purpose
|
Step 1
|
enable
Example:
|
Enables privileged EXEC mode.
•Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
interface port-channel number
Example:
Router(config)# interface port-channel
12
|
Creates the port-channel interface.
|
Step 4
|
[no] ip address
Example:
Router(config-if)# no ip address
|
Assigns an IP address and subnet mask to the EtherChannel.
|
Step 5
|
service instance id ethernet
[service-name]
Example:
Router(config-if)# service instance 101
ethernet
|
Creates a service instance (an instantiation of an EVC) on an interface and sets the device into the config-if-srv submode.
|
Step 6
|
ip access-group {access-list-name |
access-list-number} {in | out}
Example:
Router(config-if)# ip access-group 101
out
|
Applies an IP access list to an interface.
|
Examples
In this example, the Layer 3 access control list below is applied under the EVC and a port-channel on a Cisco ES+ line card.
ip access-list extended l3acl
permit ip 1.1.1.1 255.255.255.255 any
permit ip 2.2.2.2 255.255.255.255 any
Router# configure terminal
Router(config)# interface GigabitEthernet 3/1
Router(config-if)# no ip address
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# ip access-group l3acl in/out
Router# configure terminal
Router(config)# interface port-channel 3/1
Router(config-if)# no ip address
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# ip access-group l3acl in/out
In this example, the Layer 4 access control list below is applied under the EVC and a port-channel on a Cisco ES+ line card.
ip access-list extended l4acl
permit tcp host 1.1.1.1 eq 30 any
Router# configure terminal
Router(config)# interface GigabitEthernet 3/1
Router(config-if)# no ip address
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# ip access-group l4acl in/out
Router# configure terminal
Router(config)# interface port-channel 3/1
Router(config-if)# no ip address
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# ip access-group l4acl in/out
Verification
Use the following commands to verify operation.
Command
|
Purpose
|
Router# show ethernet service evc [id evc-id | interface interface-id] [detail]
|
Displays information pertaining to a specific EVC if an EVC ID is specified, or pertaining to all EVCs on an interface if an interface is specified. The detail option provides additional information on the EVC.
|
Router# show ethernet service instance [id instance-id interface interface-id | interface interface-id] [detail]
|
Displays information about one or more service instances: If a service instance ID and interface are specified, only data pertaining to that particular service instance is displayed. If only an interface ID is specified, displays data for all service instances on the given interface.
|
Inline Video Monitoring on the Cisco 7600 Router
IP video is highly sensitive to delay and packet loss. It is estimated that nearly twenty percent of the access lines are of marginal quality, and a three millisecond (ms) packet loss results in a 500-1000 ms video degradation visible to the subscriber. A data loss in a multicast video stream in the core network affects multiple access and aggregation networks, and thousands of subscribers viewing the stream.
This feature provides the funtionality for inline video monitoring. Using the inline video monitoring, you can monitor the video inline in the router without using a video probe. A Video probe is an external device used for video monitoring. Video Monitoring feature enables you to monitor the video data flow in a network. These features are included in Inline Video Monitoring:
•Media Delivery Index
•Support for IP Delay Variation for 7600 Inline Video Monitoring
•Internet Protocol-Constant Bit Rate (IP-CBR)
•Support MPLS Encapsulation for 7600 Inline Video Monitoring
•Configurable MPEG Video PIDs for Inline Video Monitoring
•RTP Metrics support for 7600 Inline Video Monitoring
•Support Switch-Port Interfaces for 7600 Inline Video Monitoring
•Support PPPoE Encapsulation for 7600 Inline Video Monitoring
Media Delivery Index
The Media Delivery Index (MDI) metric provides a relative indicator of the required buffer depths at the consumer node due to packet jitter. It also gives an indication of the lost packets. MDI provides the Delay Factor (DF) and the Media Loss Rate (MLR) for the video flow. DF is the maximum difference between the arrival of a packet and the drain of the packet. MLR is the number of media packets lost over a certain time interval. Media Discontinuity Count (MDC) is a measure of the number of times discontinuity events occurred resulting in MLR. MDC metric is a Cisco proprietary standard.
Note In case of major data loss, the reported MDC & MLR values are capped to 65535 for an interval and reset to zero from the next interval.
Note The maximum value for DF is capped to 1000 ms.
Support for IP Delay Variation for 7600 Inline Video Monitoring
Previously, for inline video monitoring, the jitter buffer required by the end devices was calculated using the delay factor (DF) algorithm defined in RFC 4445. This algorithm was effective for constant bit rate (CBR) flows where the flow rate was consistent and helped calculate the DF accurately. However, in a variable bit rate (VBR) flow or inconsistent flow rate, the calculated DF was inaccurate, hence not very helpful to the service provider.
Effective from release 15.1(1)S, video monitoring on the Cisco 7600 Series Routers supports DF computation as IP Delay Variation (IPDV). The IPDV algorithm is independent of configured packet rate and is useful for a service provider to calculate accurate jitter buffer for VBR flows. You can configure either RFC 4445 or IPDV algorithm on a flow to calculate the DF. To configure the delay factor using either of these algorithms, use df algo_type command.
Note DF computed using RFC4445 algorithm includes the inter-packet gap and hence it is never zero. But IPDV does not include the inter-packet gap and the computed DF can be zero.
These are the characteristics of IPDV configuration:
•IPDV or MDI-DF on a per class basis with-in a policy-map is supported.
•IPDV and MDI-DF can coexist within the same policy-map.
•IPDV cannot co-exist with MDI-DF under the same class-map.
•IPDV and MDI-DF can be configured under different class-maps under the same policy-map.
Advantages of using IPDV to calculate DF:
•IPDV algorithm works with both CBR and VBR flows and reports only the network introduced delay. The DF calculation does not include the inter packet delay.
•IPDV algorithm is independent of packet rate.
Internet Protocol-Constant Bit Rate (IP-CBR)
The Internet Protocol-Constant Bit Rate (IP-CBR) metric provides the Media Rate Variation (MRV) and Delay Factor (DF). MRV is used on CBR flows to isolate the variations in the data transport due to packet loss. The MRV metric indicates the percentage rate of variation of media from the expected metrics calculated rate. MRV is calculated based on the expected bit rate provided by the user and the actual bit rate. Delay factor is the measured difference between the arrival of a packet and the drain of the packet.
Note The maximum value for DF is restricted to 1000 milliseconds.
Support MPLS Encapsulation for 7600 Inline Video Monitoring
Inline video monitoring feature monitors MPLS encapsulated video packets on MPLS enabled interfaces. Effective from Cisco IOS release 15.1(1)S, inline video monitoring is also supported for these MPLS scenarios:
•Tag to Tag: 7600 router configured as Label Switch Router (LSR) to switch MPLS packets.
•Tag to IP: 7600 router configured as Label Edge Router (LER) to remove the last MPLS tag.
•IP to Tag: 7600 router configured as LER to add the first MPLS tag.
The following MPLS packet formats are supported for inline video monitoring:
•L3VPN packet formats: 0x8847, MPLS Labels, IP header, UDP header, and MPEG. (ignore acronyms)
•L2VPN and VPLS packet formats: Router MAC, 0x8847, MPLS Labels, control word, VLAN Tags, CE MAC, IP, UDP, and MPEG.
Configurable MPEG Video PIDs for Inline Video Monitoring
Until Cisco IOS release15.0(1)S, inline video monitoring learned the first five unique Program Identifiers (PIDs) in an MPEG flow for video, audio, or caption data PIDs. However, monitoring PIDs for audio or caption data is not a priority for a customer implementing inline video monitoring. Effective from Cisco IOS release15.1(1)S, video monitoring provides support to configure the PIDs to monitor. This enables a user to configure only the video PIDs in an MPEG flow on priority. The PIDs to monitor are configured within the monitor metric mdi command mode using the monitor pids pid_value command. You can configure a maximum of five PIDs using this command. The PID value can range from hexadecimal value 2 to 1FFF.
Note This feature is supported on flows monitored for MDI metrics.
RTP Metrics support for 7600 Inline Video Monitoring
Real-time Transport Protocol (RTP) provides protocol level support for detecting packet loss and jitter in a network. Packet loss is detected using the 16 bit sequence numbers in the packet header. These numbers provide an accurate measurement of number of packets lost and delayed during transmission. The timestamp information in the RTP packet header is used for calculating jitter in a network data stream. Effective from Release 15.1(2)S, inline video monitoring supports monitoring packet loss and jitter metrics for RTP flows in addition to IP-CBR and MPEG flow.
RTP metrics is enabled on a per class-map basis on the Cisco 7600 series routers. A new RTP flow is created for each RTP Synchronization Source (SSRC) detected in the RTP session matching the class-map classification criteria. Since RTP sessions are dynamically negotiated, they must be validated before learning the RTP flow for monitoring. A RTP header does not contain protocol specific information to identify it as an RTP packets. Currently, these checks are performed to ensure that a particular RTP packet is valid:
•The RTP version number should be two.
•The payload type should be known and not equal to SR (Sender Report 200) or RR (Receiver Report 201).
•When the SSRC identifier is received for the first time, the data packets carrying the identifier are considered invalid until a number of data packets with consecutive sequence numbers are received.
•The SSRC value should not be zero.
Note RTP SSRC is a part of flow key along with existing five flow tuples.
RTP Metrics
Apart from the packet loss and jitter metrics, an RTP flow contains additional metrics that provide information about the RTP traffic. Table 13-1 lists the metrics exported and displayed for an RTP flow.
Table 13-1
Metric Name
|
Description
|
Cumulative/ Interval
|
total_pkts
|
Total number of packets monitored for the interval.
|
Interval + Cumulative
|
expected_pkts
|
Total number of packets expected in an interval based on the minimum and maximum sequence numbers.
|
Interval + Cumulative
|
lost_pkts
|
Total number of packets lost in an interval. It is the difference between the expected (expected_pkts) and the actual packets (actual_pkts).
|
Interval + Cumulative
|
jitter
|
Jitter reported for an interval
|
Interval
|
max_jitter
|
Maximum jitter observed in the interval.
|
Interval
|
loss_intervals
|
Number of loss intervals1 . A loss interval is an interval when the consecutive RTP packets were lost.
|
Interval
|
num_resync
|
Total number of sequence number re-synchronizations performed in an interval.
|
Interval + Cumulative
|
late_pkts
|
Total number of packets received outside the sliding window defined by maximum reoder (max_reorder) and dropout (max_dropout) parameters.
|
Interval
|
reord_pkts
|
Total number of reordered packets received in a interval.
|
Interval
|
lost_fraction
|
The number of packets lost divided by the number of packets expected. Displayed in percent.
|
Interval
|
avg loss duration
|
The number of packets lost (lost_pkts) divided by the number of loss intervals (loss_intervals).
|
Interval
|
valid packets
|
Difference between the number of packets received and the number of reordered and late packets.
|
Interval
|
RTP Reported Metrics
Support Switch-Port Interfaces for 7600 Inline Video Monitoring
Effective from Release 15.1(2)S, inline video monitoring feature supports video traffic monitoring on layer 2 and layer 3 interfaces. These layer 2 switch-port interfaces are supported:
•Trunk interface: When you configure a switch-port mode as trunk, multiple VLANs can be switched on the interface.
•Access interface: When you configure a switch-port mode as access, a single VLAN can be switched on the interface.
•Dot1q tunnel: When you configure a switch-port mode on the router as trunk and on the peer as non-trunk or vice-versa.
Note Apart from the five tuple keys, inner and outer VLAN ids can be used as a key to differentiate flows.
Support PPPoE Encapsulation for 7600 Inline Video Monitoring
Point-to-Point Protocol over Ethernet (PPPoE) is a network protocol for encapsulating Point-to-Point Protocol (PPP) frames inside the ethernet frames. This protocol is used for Digital Subscriber Line (DSL) services where a user in a metro ethernet network, connects to the DSL modem. Effective from Release 15.1(2)S, inline video monitoring supports to monitor video traffic from a PPPoE network. Packets with ether type as 0x8864 are considered as the PPPoE packets and included for video monitoring.
These PPPoE encapsulated packet formats arte supported:
•PPPoE packets
–Eth + VLAN + PPPoE + IP
•L2VPN
–Eth + MPLS + Eth + VLAN + PPPoE + IP
–Eth + VLAN + MPLS + Eth + VLAN + PPPoE + IP
Note Video monitoring for PPPoE encapsulated packets is not supported on a node where the session terminates.
Inline Video Monitoring Support of MDI Metrics for RTP Encapsulated Flows
Effective with Release 15.1(3)S, inline video monitoring supports MDI metrics calculation for MPEG2-Transport Stream (TS) flows encapsulated in RTP (RFC3550) headers. The MDI metric (RFC4445) provides information about the buffer required at the consumer node for packet jitter (DF) and an estimate of the packet loss during the data transmission (MLR/MDC).
Note Currently, you can monitor either the MDI or RTP at a time for data flow, not both together.
Inline Video Monitoring Support for Availability Metrics
Effective with Release 15.1(3), inline video monitoring provides an availability metrics named transport-availability, which indicates the availability of a transport stream for a specific period of time. Inline video monitoring computes transport-availability and error-seconds based on either MDI (RFC 4445) or RTP (RFC 3550) metrics. These metrics provide network operators additional troubleshooting information and the option to measure per video flow performance against the defined Service Level Agreements (SLA).
Note Before Cisco IOS Release 15.1(3), inline video monitoring provided metrics such as MLR and DF for MDI traffic, and jitter and loss-fraction for RTP traffic. To understand these metrics, a user should have an understanding of technology and standards.
Transport-availability is calculated as the percentage of time a transport stream is available over a measured time interval, and the error-seconds (downtime) is the time interval for which the transport stream in not available for data transmission. The transport-availability is calculated as:
Transport-availability = (Interval duration - Error-seconds) / Interval duration
Note Two new react-types, transport-availability and error-seconds, are introduced in the react command to help configure alarms based on the keyword values.
Note Packet drop occurs during the error-seconds interval.
Note Only the packet loss is considered for calculating error-seconds; jitter is not considered for error-seconds calculation.
Inline Video Monitoring Support for Uncompressed Video
Effective with Release 15.1(3)S, inline video monitoring supports monitoring of uncompressed video, such as Serial Data Interface (SDI) and High Definition- SDI (HD-SDI). RTP loss metrics are not frequency dependent, and jitter calculation involves frequency. Hence, with the existing default 90kHz frequency, jitter calculation for higher frequencies might display incorrect results. To monitor uncompressed videos, three new RTP clock frequencies: 148.5MHz, 148.5/100, and 27MHz are supported apart from existing support for 90kHz. You can configure the RTP clock frequency using the clock-rate command. This command allows you to map a dynamic Payload Type (PT) value to the corresponding frequency for each class-map in the RTP header. Based on the PT value in the RTP header for a flow, a corresponding frequency is mapped for jitter calculations. For the un-mapped PTs, default frequency of 90kHz is used.
Note You can disable jitter calculation for unsupported frequencies. The jitter value for unsupported frequencies is reported as 0.
Restrictions for Inline Video Monitoring
The following restrictions apply to the inline Video Monitoring feature:
•Video Monitoring is supported only on ES+ line cards.
•The supported supervisor engines are Sup720 and RSP720 (1 gigabits and 10 gigabits).
•Up to 1000 video monitoring flows per Line Card and up to 8000 flows per router are supported for inline video monitoring.
•Only IPv4 ACLs are supported.
•The video traffic is not monitored up to first two intervals after the flow is learnt.
•After the LC flow traffic stops and is timed out using the configured timeout value under class-map, some of the system resources are released only after 25 minutes. The learn-delete process may result in delay in monitoring the flows because the system resources are not released immediately.
•In case of video monitoring on EVC, monitoring is performed for learnt unicast and multicast traffic only. Traffic with unknown unicast destination MAC is not monitored.
•MDI:DF, MDI:MLR, MDI:MDC, IP-CBR:DF, and IP-CBR:MRV metrics are supported for CBR flows. For VBR flows, only MDI:MLR and MDI:MDC are supported.
•MDI:DF, MDI:MLR, and MDI:MDC are supported only for MPEG-2 and MPEG-4 transport streams. Both the single program transport streams (SPTS) and multi-program transport streams (MPTS) are supported.
•Only a flat performance-traffic policy type can be configured in each direction. Hierarchical policies are not supported for Video Monitoring in the performance-traffic typed policy.
•Video Monitoring is an independent feature and can co-exist with QoS. Though QoS and performance-traffic are policy-map based, both can be applied to the same interface in the same direction to function independently.
•A maximum of five PIDs can be configured for monitoring.
•Only the configured PIDs are monitored. For example, if only one PID is configured, no other new PIDs are monitored.
•These reserved PIDs are not monitored:
–0x0000: Reserved for Program Association Table (PAT).
–0x0001: Reserved for Conditional Access Table (CAT).
–0x0010: Reserved for Network Information Table (NIT).
–0x1FFF: Reserved for Null Packets.
•Duplicate PID values cannot be configured.
•Layer 3 VPN (L3VPN) and Layer 2 VPN (L2VPN)/Virtual Private LAN Services (VPLS) MPLS encapsulated packet format are supported.
•Flow from a CE MAC and IP HDR magic pattern is not supported.
•MPLS labels and EXP values are not supported as part of the flow key. If two different customers using different MPLS labels but same IP address and UDP ports are on the same target, both are mapped to the same video monitoring flow.
•MDI-DF and IPDV cannot be configured on the same class-map.
•RTP metric cannot co-exist with MDI or IP-CBR in the same class-map.
•Clock rate support is limited to 90Khz. Jitter metric computation accuracy is not guaranteed if the clock rate for packets is not 90Khz.
•Performance-type policy-map is supported on switch-port trunk mode, access mode, and Dot1q tunnel mode.
•PPPoE control packets are not monitored.
•These flows are not supported:
–Fragmented IPv4 packets
–Tunneled GRE, mGRE, L2TPv3, or multicast VPN
•IPv6 and tunneled IPv6
•MPEG transport streams where TS header is encrypted
•The value of error-seconds metrics ranges from 0 to 1000.
•Transport-availability and error-seconds metrics are not calculated for IP-CBR flows.
•Static payload types 1 to 95 can only be mapped to the frequency option disable.
Supported Interfaces
Video Monitoring is supported on the routed main interface, subinterfaces, switchports, and EVCs in release 15.0(01)S.
Table 13-2 lists the inline video monitoring interface support for each release:
Table 13-2
Cisco IOS Release
|
Interfaces Supported
|
12.2(33) ZI
|
Main-interface, Sub-interface.
|
15.0(1)
|
Main-interface, Sub-interface, EVCs.
|
15.1(1)
|
Main-interface, Sub-interface, EVCs.
|
15.1(2)
|
Main-interface, Sub-interface, EVCs, L2 switch-port interface.
|
Inline Video Monitoring Interface Support Per Release
Note Video monitoring on EVC enables you to monitor video traffic on layer 2 networks.
Ingress and Egress Interfaces
Video Monitoring can be configured on both ingress and egress interfaces. The following types of monitoring is allowed on these interfaces:
•Ingress only monitoring
•Egress only monitoring
•Ingress and egress for the different flows on different ports.
•Ingress and egress for the same flow
Monitored Video Flows
Video Monitoring feature supports only UDP traffic in release 15.0(01)S. The following flows are monitored:
•IP+UDP
•Single program transport streams (SPTS) and multi-program transport streams (MPTS)
•MPEG-2 and MPEG-4
•MPLS+IP+UDP
•IP+UDP+RTP
Alerts and Event Notifications
Alerts and notifications enable you to track the performance in a system. The flow of video can be tracked and managed using alerts and event notification. Computed metric values are used to generate alerts and event notifications.
Media Stop Events
Media Stop Event is triggered when no packets are received for at least eight seconds on a valid flow for a configured interval. The reason for MSE can be:
•Media Server failure
•Upstream network failure
•Genuine flow ending.
MSE interval causes invalidation of metrics data for up to two subsequent intervals. Metrics from these invalidated intervals do not trigger any traps or reacts.
Threshold Crossing Alerts
Router reports the metric values at the end of the monitoring interval. The computed values are compared with the configured threshold react range and an alarm is triggered if the computed value is not within the configured range. The router relays the alerts to the management station through a SNMP trap notification. The alerts can be immediate or average. An immediate alert is triggered at the end of monitoring interval if the metric value crosses the configured range. An average alert is sent based on the average value, which is computed based on the last n monitored intervals.
Note If two alerts are asserted for a same interval, the alert with lower profile-id is asserted. The alert profiles with lower profile-id have higher priority.
Flow Monitoring and Metric Computation
This section describes how to configure the Video Monitoring feature and report the metrics.
Provisioning the Metric
Provisioning the metric involves creating a policy map, defining the filtering criteria, and applying the policy map on an interface. A new policy map type performance-traffic is used for Video Monitoring. The policy map contains a list of actions for the flow monitoring.
Note The maximum number of class maps supported in a performance-traffic policy map is 50. The maximum number of policy maps (including QoS and typed policy maps) supported on a router is 1023.
Follow these steps to configure video monitoring on an interface:
SUMMARY STEPS
1. enable
2. configure terminal
3. access-list access-list-number permit ip {host} source destination
4. class-map [match-any] class-map-name
5. match access-group access-group-name | access-group-number
6. exit
7. policy-map type performance-traffic policy-map-name
8. class class-map-name
9. monitor parameters
10. df rfc4445 | ipdv
11. interval duration n-secs
12. timeout n-interval
13. history n-interval
14. exit
15. monitor metric {mdi | ip-cbr|rtp}
16. (optional) clock-rate dynamic-pt frequency
17. (optional) monitor pids pid1 [pid2] [pid3] [pid4] [pid5]
18. rate {media | layer3} {packet n-pps [pps] | n {bps | kbps | mbps | gbps}}
19. packet {size media n-bytes | media in-layer3 n-packets}
20. react profile id-value {mdi-df | mdi-mdc | mdi-mlr | ip-cbr-mrv | ip-cbr-df | media-stop | rtp-lost-fraction | rtp-jitter | rtp-max-jitter | rtp-lost-pkts | transport-availability | error-seconds}
21. threshold {range range-value1 range-value2} | {[gt|ge|lt|le] value3} | {type [immediate | average value4]}
22. action {syslog | snmp}
23. alarm severity {none | informational | notification | warning | error | critical | alert | emergency}
24. alarm type discrete
25. description character string
26. interface type number
27. (optional) service instance instance-number ethernet
28. service-policy type performance-traffic {input | output} {policy-map name}
29. exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
router> enable
|
Enables privileged EXEC mode.
|
Step 2
|
configure terminal
Example:
router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
access-list access-list-number permit ip [host]
source destination
Example:
router(config)# access-list 101 permit ip host
10.10.2.20 any
|
Identifies the flow to be monitored.
In this example, the traffic from the host 10.10.2.20 is monitored. Video Monitoring feature supports both standard and extended access-list.
Note Classification based on IP address, precedence, and DSCP values is supported for extended access list.
Note The deny option for access-list command is not supported. If deny option is configured under the access-list command and the class-map configured with the deny condition is part of the performance-traffic policy map, the video traffic is not monitored.
|
Step 4
|
class-map match-any class-map-name
Example:
router(config)# class-map match-any video-class
|
Defines a class map.
In this example, a class-map named video class is defined with match criteria match any. The packets must meet any of the match criteria in the class map video- class.
|
Step 5
|
match access-group access-group-name
|access-group-number
Example:
router(config-cmap)# match access-group 101
|
Defines the access-group. Only IPv4 acls are supported for Video Monitoring.
|
Step 6
|
exit
Example:
router(config-cmap)# exit
|
Exits class-map configuration mode.
|
Step 7
|
policy-map type performance-traffic policy-map
name
Example:
router(config)# policy-map type
performance-traffic video-monitor
|
Creates a performance-traffic type policy map and enters the policy map configuration mode.
In this example, the type of the policy-map is performance-traffic and the policy-map name is video-monitor.
|
Step 8
|
class class-map-name
Example:
router(config-pmap)# class video-class
|
Specifies the traffic (class map) on which an action is to be performed.
In this example, the class map is video-class.
|
Step 9
|
monitor parameters
Example:
router(config-pmap-c)# monitor parameters
|
Enters the monitor parameters submode where you can configure the flow related parameters.
|
Step 10
|
df rfc4445 | ipdv
Example:
router(config-pmap-c-monitor)# df ipdv
|
Specifies the jitter buffer calculation mechanism.
Note By default, rfc4445 algorithm is selected.
|
Step 11
|
interval duration n-secs
Example:
router(config-pmap-c-monitor)# interval
duration 30
|
Specifies the monitoring interval. The loss or jitter of packets is calculated at the end of this interval. The configurable range is 30 to 900 seconds. The default value is 30 seconds. The interval value should be a multiple of 5.
|
Step 12
|
timeout n-inteval
Example:
router(config-pmap-c-monitor)# timeout 200
|
Specifies the timeout for a flow. If no traffic is transmitted within this interval, the monitoring is stopped. When the flow times out, the resources linked with that flow are released. The default value is 100 intervals.
|
Step 13
|
history n-inteval
Example:
router(config-pmap-c-monitor)# history 20
|
Specifies the last n-interval number of intervals that should be maintained in the history table. The range is 1 to 180 intervals. The default value is 10 intervals.
|
Step 14
|
exit
Example:
router(config-pmap-c-monitor)# exit
|
Exits the monitor parameter mode.
|
Step 15
|
monitor metric {mdi|ip-cbr|rtp}
Example:
router(config-pmap-c)# monitor metric mdi
|
Enters the monitor metric submode where you can configure the metric related parameters.
In this example, the MDI metric is selected.
|
Step 16
|
clock-rate dynamic_pt frequency
Example:
router(config-pmap-c-metric)# clock-rate 1 96
|
Maps a dynamic PT value to the corresponding frequency for each class-map. The available frequency options are:
•148.5/1.001Mhz
•148.5Mhz
•27Mhz
•Disable
|
Step 17
|
(optional) monitor pids pid1 [pid2] [pid3] [pid4]
[pid5]
Example:
router(config-pmap-c-metric)# monitor pids
0x0011
|
Specifies the PIDs to monitor.
|
Step 18
|
rate media n (bps | kbps | mbps | gbps)
Example:
router(config-pmap-c-metric)# rate media
2500031 bps
|
Specifies the expected media transfer rate. For the media transfer rate, you have to specify the transfer rate unit. The following units are available:
•bps: Number of bits per second
•kbps: Number of kilobits per second
•mbps: Number of megabits per second
•gbps: Number of gigabits per second
Note For metric monitoring, you should configure mdi-metric as rate media or ip-cbr metric as rate layer3.
|
Step 19
|
packet {size media n-bytes | count media
in-layer3 n-packets}
Example:
router(config-pmap-c-metric)# packet size media
188
Example:
router(config-pmap-c-metric)# packet count
media in-layer3 7
|
Specifies the layer 2 or layer 3 packet behavior. In general, the keyword media refers to layer 2 video or audio frame whereas layer 3 refers to network layer packet such as IP layer packet.
The keyword size media specifies the encoding video or audio frame size in bytes. The valid value is 188.
The keyword count media in-layer3 specifies the number of MPEG frames within a single IP packet. The default value is 7 and valid range is 1 - 7.
|
Step 20
|
exit
Example:
router(config-pmap-c-metric)# exit
|
Exits the monitor metric mode.
|
Step 21
|
monitor metric {mdi|ip-cbr|rtp}
Example:
router(config-pmap-c)# monitor metric ip-cbr
|
Enters the monitor metric submode for IP-CBR where you can configure the metric related parameters.
|
Step 22
|
rate layer3 packet n [pps]
Example:
router(config-pmap-c-metric)# rate layer3
packet 300
|
Specifies the expected layer 3 transfer rate. The transfer rate is configured in packets per second(pps).
For accurate metric computations, recommended pps configuration should be three precision digits.
Note For metric monitoring, you should configure mdi-metric as rate media or ip-cbr metric as rate layer3. If both the options are configured, ip-cbr metric configuration takes precedence.
|
Step 23
|
exit
Example:
router(config-pmap-c-metric)# exit
|
Exits the monitor metric mode.
|
Step 24
|
react profile-id {mdi-df | mdi-mdc | mdi-mlr |
ip-cbr:mrv | ip-cbr:df | media-stop | rtp |
transport-availability | error-seconds}
MDI Example:
router(config-pmap-c)# react 100 mdi-df
IP-CBR Example:
router(config-pmap-c)# react 200 ip-cbr-df
|
Configures the react metrics. At the end of the interval, values are compared with the configured threshold values. If the systems exceeds these configured values, an alarm is triggered.
This command enters the react submode where you can configure the alarms and threshold values.
When the monitored interval for a flow expires, the corresponding metric values are generated. These values are compared to the threshold values you set here, and if the threshold is crossed, an alarm is exported to the management system.
You can specify multiple react commands. Each command is differentiated by the argument operation-id value. The react argument operation-id value should be unique within a policy-map. The range of the argument operational id-value is 1 to 65535. The react types are:
•mdi-df
•mdi-mdc
•mdi-mlr
•ip-cbr-mrv
•ip-cbr-df
•media-stop
•rtp
•transport-availability
•error-seconds
Note If you selected the media-stop option, you cannot configure more than one react profile for a class-map for react type media-stop.
A profile-id once used for a react type can not be reused for any other react type until it is removed using the no react profile-id react-type command.
|
Step 25
|
threshold {range range-value1 range-value2} |
{[gt|ge|lt|le] value3 | {type [immediate |
average value4]}
Example:
router(config-pmap-c-react)# threshold gt 4
router(config-pmap-c-react)# threshold type
average 5
|
Specifies the threshold related parameters.
•range: Specifies the threshold range. The unit for this boundary depends on react type in the react command. If the react type is MDI:DF, the unit is msec. If the react type is MDI:MLR, the unit is number of packets lost.
•gt|ge|lt|le: Specifies the threshold range where gt stands for greater than, ge stands for greater than or equal to, lt stands for less than, and le stands for less than or equal to.
You need to specify one value and threshold parameter. In the following example, the threshold is between 100 and infinity:
•type: Specifies the criteria for alarm assertion. If you select the keyword immediate, an alert is triggered at the end of monitoring interval if the metric value crosses the configured range. If you select the keyword average, the alarm is generated based on the average value which is computed based on the value4 you set. The range of the value4 is between 2 and the number defined in the flow history.
The default type is immediate.
|
Step 26
|
action {syslog | snmp}
Example:
router(config-pmap-c-react)# action syslog
|
Enables the management system to log the threshold-crossing events.
|
Step 27
|
alarm severity {none | informational |
notification | warning | error | critical |
alert | emergency}
Example:
router(config-pmap-c-react)# alarm severity
none
|
Specifies the alarm severity associated with a particular react command.
The default value is none. The router does not generate syslog message if alarm severity is set to none.
|
Step 28
|
alarm type discrete
Example:
router(config-pmap-c-react)# alarm type
discrete
|
Specifies that discrete alarms are supported.
Note Alarm groups are not supported for Video Monitoring feature release 15.0(01)S.
|
Step 29
|
description character-string
Example:
router(config-pmap-c-react)# description
critical TCA
|
Adds the comments for the submodes. Available for all the submodes. The character-string cannot exceed 200 characters.
|
Step 30
|
end
Example:
router(config-pmap-c-react)#end
|
Exits the configuration mode.
|
Step 31
|
configure terminal
Example:
router# configure terminal
|
Enters the configuration mode.
|
Step 32
|
interface type number
Example:
router(config)# interface gig 1/2
|
Configures the interface type and number.
|
Step 33
|
(optional) service instance instance-number
Ethernet
Example:
router(config)# service instance 1 Ethernet
|
Configures the service instance for EVC.
Note Applicable while configuring EVC.
|
Step 34
|
(optional) service-policy type
performance-traffic (input|output)
policy-map-name
Example:
router(config-if-srv)# service-policy type
performance-traffic input video-monitor
|
Attaches the specified policy-map to the target EVC.
Note Applicable while configuring EVC.
|
Step 35
|
exit
Example:
router(config-if)# exit
|
Exits the interface configuration mode.
|
Example
The following example shows how to configure video monitoring feature on an interface:
Router(config)#policy-map type performance-traffic video-monitor
Router(config-pmap)#class video-class
Router(config-pmap-c)# monitor parameters
Router(config-pmap-c-monitor)# df ipdv
Router(config-pmap-c-monitor)#description mon
Router(config-pmap-c-monitor)#interval duration 30
Router(config-pmap-c-monitor)#history 30
Router(config-pmap-c-monitor)#timeout 10
Router(config-pmap-c-monitor)#exit
Router(config-pmap-c)#monitor metric ip-cbr
Router(config-pmap-c-metric)#rate layer3 packet 237.465 pps
Router(config-pmap-c-metric)#exit
Router(config-pmap-c)#monitor metric mdi
Router(config-pmap-c-metric)# monitor pids 0x0011
Router(config-pmap-c-metric)#rate media 2500031 bps
Router(config-pmap-c-metric)#packet count media in-layer3 7
Router(config-pmap-c-metric)#packet size media 188
Router(config-pmap-c-metric)#exit
Router(config-pmap-c)#react 1 ip-cbr-df
Router(config-pmap-c-react)#alarm severity critical
Router(config-pmap-c-react)#threshold type immediate
Router(config-pmap-c-react)#threshold ge 30.000
Router(config-pmap-c-react)#react 2 ip-cbr-mrv
Router(config-pmap-c-react)#alarm severity informational
Router(config-pmap-c-react)#threshold type immediate
Router(config-pmap-c-react)#threshold le -1.00000
Router(config-pmap-c-react)#react 3 mdi-df
Router(config-pmap-c-react)#alarm severity critical
Router(config-pmap-c-react)#threshold type immediate
Router(config-pmap-c-react)#threshold range 20.000 50.000
Router(config-pmap-c-react)#react 4 mdi-mlr
Router(config-pmap-c-react)#alarm severity critical
Router(config-pmap-c-react)#threshold type immediate
Router(config-pmap-c-react)#threshold gt 0
Router(config-pmap-c-react)#react 5 media-stop
Router(config-pmap-c-react)#description for me
Router(config-pmap-c-react)#alarm severity critical
Router(config-pmap-c-react)#react 15 mdi-mdc
Router(config-pmap-c-react)#alarm severity notification
Router(config-pmap-c-react)#threshold type immediate
Router(config-pmap-c-react)#threshold gt 0
Router(config-pmap-c-react)#react 10 ip-cbr-mrv
Router(config-pmap-c-react)#alarm severity informational
Router(config-pmap-c-react)#threshold type immediate
Router(config-pmap-c-react)#threshold ge 1.00000
Router(config-pmap-c-react)#exit
Router(config-pmap-c)#exit
Router(config)#interface TenGigabitEthernet3/1
Router(config-if)#service-policy type performance-traffic input video-monitor
This example shows how to configure RTP metrics for video monitoring:
Router(config)#policy-map type performance-traffic video-monitor
Router(config-pmap)#class video-class
Router(config-pmap-c)# monitor parameters
Router(config-pmap-c-monitor)#description mon
Router(config-pmap-c-monitor)#interval duration 30
Router(config-pmap-c-monitor)#history 30
Router(config-pmap-c-monitor)#timeout 10
Router(config-pmap-c-monitor)#exit
Router(config-pmap-c)#monitor metric rtp
Router(config-pmap-c-metric)#exit
Router(config-pmap-c)#react 1 rtp-jitter
Router(config-pmap-c-react)#alarm severity critical
Router(config-pmap-c-react)#threshold type immediate
Router(config-pmap-c-react)#threshold ge 30.000
Router(config-pmap-c-react)#react 2 rtp-loss-rate
Router(config-pmap-c-react)#alarm severity informational
Router(config-pmap-c-react)#threshold type immediate
Router(config-pmap-c-react)#threshold le 50.00
Router(config-pmap-c-react)#react 3 rtp-max-jitter
Router(config-pmap-c-react)#alarm severity critical
Router(config-pmap-c-react)#threshold type immediate
Router(config-pmap-c-react)#threshold range 20.000 50.000
Router(config-pmap-c-react)#react 4 rtp-lost-pkts
Router(config-pmap-c-react)#alarm severity critical
Router(config-pmap-c-react)#threshold type immediate
Router(config-pmap-c-react)#threshold ge 10
Router(config-pmap-c-react)#react 5 media-stop
Router(config-pmap-c-react)#description for me
Router(config-pmap-c-react)#alarm severity critical
outer(config-pmap-c-react)#exit
Router(config-pmap-c)#exit
Router(config)#interface TenGigabitEthernet3/1
Router(config-if)#service-policy type performance-traffic input video-monitor
Verifying the Configuration
Use the show policy-map type performance-traffic interface interface-name command to display all the flows learnt on the specified interface.
•Output for IPCBR/MDI:
Router#show policy-map type performance-traffic interface gig 8/11
Service-policy input: video-swport
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 60, DF: rfc4445, Total Flows: 1
------------------------------------------------------------------------------------------
Flow: 0001, IPV4; Dest: 12.0.0.2 Port: 6300; Src: 11.0.0.2 Port: 63
MDC : 25200 Avail(%) : 100.000 Pkt_cnt : 126002
MLR : 25200 Error_secs : 0.000 MRV(%) : 0.00000
Intvl Updated at Type Pkt_cnt MRV(%)/MLR DF(msec) MDC Seconds Avail (%)
-----+----------+----+--------------+------------+----------+---------+--------+---------+
43 21:21:36 cbr 3000 0.00000 10.075 NA NA NA
43 21:21:36 mdi 3000 600 10.075 600 0.000 100.000
42 21:21:06 cbr 3000 0.00000 10.075 NA NA NA
42 21:21:06 mdi 3000 600 10.075 600 0.000 100.000
41 21:20:36 cbr 3000 0.00000 10.075 NA NA NA
41 21:20:36 mdi 3000 600 10.075 600 0.000 100.000
40 21:20:06 cbr 3000 0.00000 10.075 NA NA NA
40 21:20:06 mdi 3000 600 10.075 600 0.000 100.000
39 21:19:36 cbr 3001 0.03300 10.075 NA NA NA
39 21:19:36 mdi 3001 600 10.075 600 0.000 100.000
•Output for RTP:
Router#show policy-map type performance-traffic interface gig 8/11 in class sw$
Service-policy input: video-swport
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 60, Total Flows: 1
------------------------------------------------------------------------------------------
Flow: 0001, IPV4; Dest: 12.0.0.2 Port: 50000; Src: 11.0.0.12 Port: 5000; rtp-ssrc:
3735927471
Avail(%) : 99.978 Loss_Intvls : 22 Resyncs : 22
Pkt_cnt : 1470026
Error_secs : 0.176 Pkt_exp : 1481818 Pkt_lost : 11792
Intvl Upd at Type Pkt Exp Lost Loss Jitter MaxJitter Avg.Loss Loss Err Trnsprt
count pkts pkts Rate(%) (msec) (msec) Duration Intvls Sec Avail
-----+----------+----+----------+----------+----------+---------+--------+--------+-------
50 21:25:01 rtp 30001 30001 0 0.00000 0.007 0.048 0.00 0 0.000 100.00
49 21:24:31 rtp 30000 30536 536 1.75530 0.007 0.048 536.00 1 0.008 99.973
48 21:24:01 rtp 30001 30001 0 0.00000 0.005 0.037 0.00 0 0.000 100.00
47 21:23:31 rtp 30000 30536 536 1.75530 0.008 0.048 536.00 1 0.008 99.973
46 21:23:01 rtp 30001 30001 0 0.00000 0.005 0.024 0.00 0 0.000 100.00
Note Video-monitoring on ethernet service instance is supported on ScEompls, SVI based Eompls, VPLS, EVC BD, and EVC local connect services.
Use the show policy-map type performance-traffic interface interface_name aggregate command to display the total number of flows on an interface:
Router#show policy-map type performance-traffic interface gig 8/11 aggregate
Service-policy input: video-swport
Total Number of flows : 6
Use the show policy-map type performance-traffic interface interface_name brief command to display brief description of all the metrics for all the flows on an interface.
Router#show policy-map type performance-traffic interface gig 8/11 brief
Service-policy input: video-swport
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 2, Timeout(sec): 60, DF: rfc4445, Total Flows: 1
------------------------------------------------------------------------------------------
FlowID Flow Key Type Pkt_cnt /MLR DF(msec) MDC Secs Avail(%)
--------------- ---- ------- ------ ---- ---- --- -------
1 21.0.1.2:63->32.0.1.2:5000,10:0 cbr 3000 0.00000 10.135 NA NA NA
1 21.0.1.2:63->32.0.1.2:5000,10:0 mdi 3000 600 10.135 600 0.000 100.000
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 3, Timeout(sec): 60, Total Flows: 1
------------------------------------------------------------------------------------------
Expected Lost Loss Jitter Lost Err Transport
FlowID Flow Key Pkts Pkts Rate(%) (msec) Intvls Secs Avail
------ -------- ---- ---- ------- ----- ----- --- ------
1 21.0.1.3:63->32.0.1.2:50000,10:0, 30536 536 1.75530 0.000 1 0.008 99.973
Use the show policy-map type performance-traffic interface interface_name cumulative command to display cumulative metrics for the flows on a specified interface.
Router#show policy-map type performance-traffic interface gig 8/11 cumulative
Service-policy input: video-swport
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 2, Timeout(sec): 60, DF: rfc4445, Total Flows:
1
------------------------------------------------------------------------------------------
FlowID Flow Key MRV(%) MDC MLR Error Secs Avail (%)
------ -------- ------ --- --- ---------- ---------
1 21.0.1.2:63-> 32.0.1.2:5000, 10:0 0.00000 32400 32400 0.000 100.000
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 3, Timeout(sec): 60, Total Flows: 1
------------------------------------------------------------------------------------------
FlowID FlowKey Exp Lost Lost Resyncs Err Avail
------ -------- ---- ----- ------- ----- ------ -----
1 21.0.1.3:63->32.0.1.2:50000,10:0, 1633428 13400 25 25 0.200 99.975
Use the show policy-map type performance-traffic interface interface_name input|output command to display the data flow on an interface in a specified direction.
Router#show policy-map type performance-traffic interface gig 8/11 input
Service-policy input: video-swport
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 60, DF: rfc4445, Total Flows:
1
------------------------------------------------------------------------------------------
Flow: 0001, IPV4; Dest: 12.0.0.2 Port: 6300; Src: 11.0.0.2 Port: 63
MDC : 37200 Avail(%) : 100.000 Pkt_cnt : 186003
MLR : 37200 Error_secs : 0.000 MRV(%) : 0.00000
Intvl Updated at Type Pkt_cnt MRV(%)/MLR DF(msec) MDC Seconds Avail (%)
-----+----------+----+--------------+------------+----------+---------+--------+---------+
65 21:32:36 cbr 3000 0.00000 10.075 NA NA NA
65 21:32:36 mdi 3000 600 10.075 600 0.000 100.000
64 21:32:06 cbr 3000 0.00000 10.075 NA NA NA
64 21:32:06 mdi 3000 600 10.075 600 0.000 100.000
63 21:31:36 cbr 3000 0.00000 10.075 NA NA NA
63 21:31:36 mdi 3000 600 10.075 600 0.000 100.000
62 21:31:06 cbr 3000 0.00000 10.075 NA NA NA
62 21:31:06 mdi 3000 600 10.075 600 0.000 100.000
61 21:30:36 cbr 3000 0.00000 10.075 NA NA NA
61 21:30:36 mdi 3000 600 10.075 600 0.000 100.000
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 60, Total Flows: 1
------------------------------------------------------------------------------------------
Flow: 0001, IPV4; Dest: 12.0.0.2 Port: 50000; Src: 11.0.0.12 Port: 5000; rtp-ssrc:
3735927471
Avail(%) : 99.973 Loss_Intvls : 29 Resyncs : 29
Pkt_cnt : 1920034
Error_secs : 0.232 Pkt_exp : 1935578 Pkt_lost : 15544
Pkt Exp Lost Loss Jitter MaxJitter Avg. Loss Loss Err Transport
Intvl Updated Type count pkts pkts Rate(%) (msec) (msec) Dur. Intvls Sec Avail(%)
-----+----------+----+----------+----------+----------+---------+--------+--------+-------
66 21:33:01 rtp 30000 30536 536 1.75530 0.005 0.048 536.00 1 0.008 99.973
65 21:32:31 rtp 30001 30001 0 0.00000 0.005 0.024 0.00 0 0.000 100.000
64 21:32:01 rtp 30000 30536 536 1.75530 0.006 0.048 536.00 1 0.008 99.973
63 21:31:31 rtp 30001 30001 0 0.00000 0.005 0.048 0.00 0 0.000 100.000
62 21:31:01 rtp 30000 30536 536 1.75530 0.005 0.024 536.00 1 0.008 99.973
Use the show policy-map type performance-traffic interface interface_name detail command to display the detailed information for the latest interval of each flow.
Router#show policy-map type performance-traffic interface gig 8/11 detail
Service-policy input: video-swport
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 60, DF: rfc4445, Total Flows:
1
------------------------------------------------------------------------------------------
Flow: 0001 Key: 11.0.0.2:63 -> 12.0.0.2:6300 Intervals : 1
Intvl# 68, Updated at 21:34:06.775 PDT Fri Jun 10 2011
MRV : 0.00000% DF(ms) : 10.075
Packets : 3000 Bytes : 4296000
Intvl# 68, Updated at 21:34:06.775 PDT Fri Jun 10 2011
Packets : 3000 Bytes : 4296000
DF(ms) : 10.075 Error seconds : 0.000
Transport Availability (%) : 100.000
------------------------------------------------------------------------------------------
---
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 60, Total Flows: 1
------------------------------------------------------------------------------------------
---
Flow: 0001 Key: 11.0.0.12:5000 -> 12.0.0.2:50000, 3735927471 Intervals : 1
Intvl# 68, Updated at 21:34:01.731 PDT Fri Jun 10 2011
Pkts Recieved : 30000 Pkts Exp : 30536 Pkts Valid : 30000
Pkts Lost : 536 Pkts Late : 0 Pkts reord : 0
Loss Rate (%) : 1.75530 Loss Intvls : 1 Avg Loss duration: 536.00
Jitter(msec) : 0.006 Max Jitter : 0.024 Resyncs : 1
Error seconds : 0.008 Transport Availability (%) : 99.973
Use the show policy-map type performance-traffic interface interface_name last n command to display the last n number of intervals for each flow on an interface:
Router#show policy-map type performance-traffic interface gig 8/11 last 2
Service-policy input: video-swport
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 60, DF: rfc4445, Total Flows:
1
------------------------------------------------------------------------------------------
Flow: 0001, IPV4; Dest: 12.0.0.2 Port: 6300; Src: 11.0.0.2 Port: 63
MDC : 39600 Avail(%) : 100.000 Pkt_cnt : 198003
MLR : 39600 Error_secs : 0.000 MRV(%) : 0.00000
Intvl Updated at Type Pkt_cnt MRV(%)/MLR DF(msec) MDC Seconds Avail (%)
-----+----------+----+--------------+------------+----------+---------+--------+---------+
69 21:34:36 cbr 3000 0.00000 10.075 NA NA NA
69 21:34:36 mdi 3000 600 10.075 600 0.000 100.000
68 21:34:06 cbr 3000 0.00000 10.075 NA NA NA
68 21:34:06 mdi 3000 600 10.075 600 0.000 100.000
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 60, Total Flows: 1
------------------------------------------------------------------------------------------
Flow: 0001, IPV4; Dest: 12.0.0.2 Port: 50000; Src: 11.0.0.12 Port: 5000; rtp-ssrc:
3735927471
Avail(%) : 99.973 Loss_Intvls : 31 Resyncs : 31
Pkt_cnt : 2040036
Error_secs : 0.248 Pkt_exp : 2056652 Pkt_lost : 16616
Pkt Exp Lost Loss Jitter MaxJitter Avg. Loss Loss Err Transport
Intvl Updated Type count pkts pkts Rate(%) (msec) (msec) Dur. Intvls Sec Avail(%)
---- ------ --- ---- --- ----- --- ------ ------ -------- ----- ---- ---
70 21:35:01 rtp 30000 30536 536 1.75530 0.007 0.048 536.00 1 0.008 99.973
69 21:34:31 rtp 30001 30001 0 0.00000 0.007 0.048 0.00 0 0.000 100.000
Use the show policy-map type performance-traffic interface interface-name service instance instance-number command to display all the flows learnt on the specified EVC:
Router#show policy-map type performance-traffic interface gig 8/11 ser in 1
GigabitEthernet8/11: EFP 1
Service-policy input: video-monitor
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 420, DF: rfc4445, Total
Flows: 1
------------------------------------------------------------------------------------------
Flow: 0001, IPV4; Dest: 12.0.1.2 Port: 6300; Src: 11.0.1.2 Port: 63
MDC : 7803 Avail(%) : 100.000 Pkt_cnt : 39001
MLR : 7803 Error_secs : 0.000 MRV(%) : 0.00000
Intvl Updated at Type Pkt_cnt MRV(%)/MLR DF(msec) MDC Seconds Avail (%)
-----+----------+----+--------------+------------+----------+---------+--------+---------+
21 22:20:04 cbr 3000 0.00000 10.135 NA NA NA
21 22:20:04 mdi 3000 600 10.135 600 0.000 100.000
20 22:19:34 cbr 3000 0.00000 10.248 NA NA NA
20 22:19:34 mdi 3000 600 10.248 600 0.000 100.000
19 22:19:04 cbr 3000 0.00000 10.134 NA NA NA
19 22:19:04 mdi 3000 600 10.134 600 0.000 100.000
18 22:18:34 cbr 3000 0.00000 10.135 NA NA NA
18 22:18:34 mdi 3000 600 10.135 600 0.000 100.000
17 22:18:04 cbr 3000 0.00000 10.229 NA NA NA
17 22:18:04 mdi 3000 600 10.229 600 0.000 100.000
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 420, Total Flows: 1
------------------------------------------------------------------------------------------
Flow: 0001, IPV4; Dest: 12.0.1.2 Port: 50000; Src: 11.0.0.13 Port: 63; rtp-ssrc:
3735927471
Avail(%) : 99.973 Loss_Intvls : 7 Resyncs : 7
Pkt_cnt : 420008
Error_secs : 0.056 Pkt_exp : 423760 Pkt_lost : 3752
Pkt Exp Lost Loss Jitter MaxJitter Avg. Loss Loss Err Transport
Intvl Updated Type count pkts pkts Rate(%) (msec) (msec) Dur. Intvls Sec Avail(%)
---- ------ --- ---- --- ----- --- ------ ------ -------- ----- ---- ---
21 22:20:09 rtp 30000 30000 0 0.00000 0.006 0.048 0.00 0 0.000 100.000
20 22:19:39 rtp 30001 30537 536 1.75524 0.005 0.036 536.00 1 0.008 99.973
19 22:19:09 rtp 30000 30000 0 0.00000 0.008 0.048 0.00 0 0.000 100.000
18 22:18:39 rtp 30001 30537 536 1.75524 0.009 0.048 536.00 1 0.008 99.973
17 22:18:09 rtp 30000 30000 0 0.00000 0.006 0.048 0.00 0 0.000 100.000
************************************************************************
Use show running-config interface interface-name command to display detailed information about interface:
router#sh running-config interface tenGigabitEthernet 7/21
Building configuration...
Current configuration : 816 bytes
interface TenGigabitEthernet7/21
ip arp inspection limit none
service instance 1 ethernet
rewrite ingress tag pop 1 symmetric
service-policy type performance-traffic input video_monitor_1
service-policy type performance-traffic output video_monitor_2
service instance 2 ethernet
rewrite ingress tag pop 1 symmetric
service-policy type performance-traffic input video_monitor_1
service-policy type performance-traffic output video_monitor_2
Use the show policy-map type performance-traffic interface interface_name match ipv4 source ip-address mask destination ip-address mask command to display the flow matching the specified IPV4 source or destination IP.
Router#show policy-map type performance-traffic interface gig 8/11 match ipv4 source
11.0.0.12 255.255.255.255 destination 12.0.0.2 255.255.255.255
Service-policy input: video-swport
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 60, DF: rfc4445, Total Flows: 1
------------------------------------------------------------------------------------------
------------------------------------------------------------------------------------------
Mon-Interval(sec): 30, History(intvls): 5, Timeout(sec): 60, Total Flows: 1
------------------------------------------------------------------------------------------
Flow: 0001, IPV4; Dest: 12.0.0.2 Port: 50000; Src: 11.0.0.12 Port: 5000; rtp-ssrc:
3735927471
Avail(%) : 99.973 Loss_Intvls : 32 Resyncs : 32
Pkt_cnt : 2130038
Error_secs : 0.256 Pkt_exp : 2147190 Pkt_lost : 17152
Pkt Exp Lost Loss Jitter MaxJitter Avg. Loss Loss Err Transport
Intvl Updated Type count pkts pkts Rate (msec) (msec) Dur. Intvls Sec Avail(%)
---- ------ --- ---- --- ----- --- ------ ------ -------- ----- ---- ---
73 21:36:31 rtp 30001 30537 536 1.75524 0.006 0.040 536.00 1 0.008 99.973
72 21:36:01 rtp 30000 30000 0 0.00000 0.009 0.048 0.00 0 0.000 100.000
71 21:35:31 rtp 30001 30001 0 0.00000 0.006 0.024 0.00 0 0.000 100.000
70 21:35:01 rtp 30000 30536 536 1.75530 0.007 0.048 536.00 1 0.008 99.973
69 21:34:31 rtp 30001 30001 0 0.00000 0.007 0.048 0.00 0 0.000 100.000
Note The match option can be used with brief, cumulative, or detail options in the show command.
Note The last option can be used with brief or detail options in the show command.
Troubleshooting the Inline Video Monitoring Implementation
The following section describes how to troubleshoot Video Monitoring.
•Flow is not displayed in the show command
A flow is defined as unique traffic identified by the source and destination IP and port information. When the flow path is not displayed by the show command, perform the following steps to identify the problem:
1. Check the interface statistics using the show interface interface-type slot/port command to ensure that the traffic is flowing.
2. Check the configuration of class-map and the ACL configured under the class-map to ensure that the ACL is classifying the flows. The following example shows how to check the configuration of a class-map:
ROUTER#show running-config class-map video-class
Building configuration...
Current configuration : 67 bytes
class-map match-any video-class
outer#sh access-lists 102
Extended IP access list 102
10 permit ip any host 200.0.0.2
3. Check whether the rate layer3 packet command or rate media command is configured under the class using show policy-map type performance-traffic policy-map-name command.
Note The data flow path is not learnt for fragmented packets, MPLS packets, non-UDP protocols, and tunneled packets.
•The change in media rate does not affects the DF metrics.
Use the show policy-map type performance-traffic policy-map-name command to check if the rate layer3 packet command is configured for the class. If the rate layer3 packet command is configured for the class, the IP-CBR packet rate configuration is used for both the IP-CBR and MDI metric calculations.
•DF value is returned even though the data flow stream is stable.
DF is used to determine the jitter buffer required to ensure effective utilization of buffer while handling a stream. The minimum jitter buffer size is sufficient to receive a single packet. Therefore, even when there is no impairment or delay in the stream, the DF is equal to an inter-packet-gap. This DF value reported by the router when there is no impairment, is approximately equal to 1/packet-rate.
•When packets are dropped, no message is triggered for MDI:DF even if the TCAs (reacts) are configured for MDI:DF.
When there are drops seen in the stream, DF computed is incorrect. In such a case, where packets are dropped in a stream(MLR), the computed DF is not used for triggering the message.
•Show command output returns a dash (-).
Indicates that the metrics computed for that interval are invalid. This condition occurs during the initial flow learn, when a policy-map is updated dynamically or when the next intervals on the MSE are reported for the current interval.
•Metrics cannot be configured under the default class (class-default).
Performance traffic functionality is not supported in the default class. The default class includes the traffic that is not classified under any other class-maps and has no defined rate. It is not possible to configure metric parameters for the default class.
•TCA threshold messages are not triggered even when the metric value crosses the configured range.
Use the show policy-map type performance-traffic policy-map-name command to verify that the alarm severity is not configured to none.
•Uncertainty over the choice of right debug logs.
Complete the following steps to collect the output for the line card:
1. Run the attach module-number command to connect to the line card.
2. Run the show platform npc performance-traffic action np number interface classmap command to display the class-map configuration on the line card.
3. Run the show platform npc performance-traffic action np number interface result command to display the class-map structure used by the microcode.
4. Run the show platform npc performance-traffic action np number interface stats command to print per flow statistics for the network processor.
5. Run the show platform npc performance-traffic action np number stats command to print the aggregate flow count in the network processor.
6. Run the show platform npc performance-traffic classification all to print the classification details for each class.
Supported MIBs
Video Monitoring supports the following MIBs. These MIBs are used for retrieving the data collected by flow monitors.
•CISCO-FLOW-MONITOR-TC-MIB: This MIB module defines the text conventions common to the rest of the MIB modules.
•CISCO-FLOW-MONITOR-MIB: This MIB module defines a framework that describes the flow monitors supported by the system, the flows that are learned, and the flow metrics collected for those flows.
•CISCO-MDI-METRICS-MIB: This MIB module defines objects describing quality metrics collected for streams that comply to the Media Delivery Index (MDI).
•CISCO-IP-CBR-METRICS-MIB: This MIB module defines objects describing quality metrics collected for IP streams that have a Constant Bit Rate (CBR).
•CISCO-RTP-METRICS-MIB: This MIB module defines objects that describe the quality metrics of RTP streams.
IP Tunneling - IPv6 Rapid Deployment
The following sections describe the IPv6 Rapid Deployment (6RD) function.
•Understanding IPv6 Rapid Deployment
•Restriction for IPv6 Rapid Deployment.
•Configuring IPv6 Rapid Deployment on the Cisco 7600 series router Platform
•Troubleshooting Tips
Understanding IPv6 Rapid Deployment
The 6RD deployment is an variant of the 6to4 feature, and allows a service provider to provide a unicast IPv6 service to customers over its IPv4 network (using IPv6 encapsulation in IPv4).
For more information on 6to4 feature, see Cisco IOS IPv6 Configuration Guide, Release 12.2SR at: http://www.cisco.com/en/US/docs/ios-xml/ios/ipv6/configuration/12-2sr/ipv6-12-2sr-book.html.
The differences between 6RD and 6to4 tunneling are:
•6RD does not require IP addresses to have a 2002::/16 prefix. Therefore, the prefix can be from the service provider's own address block. This function allows the 6RD operational domain to be within the service provider network. From the perspective of customer sites and the general IPv6 internet connected to a 6RD-enabled service provider network, the IPv6 service provided is equivalent to native IPv6.
•Not all the 32 bits from the IPv4 destination address are carried to the IPv6 payload header. The IPv4 destination is obtained from a combination of bits in the payload header and information on the router. The IPv4 address is not at a fixed location in the IPv6 header as in the case with 6to4 tunneling.
Figure 13-1 shows a high-level view of the 6RD deployment.
Figure 13-1 6RD Deployment
The service provider delegates a 6RD service provider prefix for the IPv6 deployment, using the IPv4 address bits.
Figure 13-2 shows how 6RD prefix delegation works.
Figure 13-2 6RD Prefix Delegation
Figure 13-3 shows the 6RD prefix delegation topology.
Figure 13-3 6RD Prefix Delegation Topology
Restriction for IPv6 Rapid Deployment.
The interface facing the IPv4 network must be on the ES40 linecard.
Supported Features
Table 13-3 shows the list of supported and unsupported features for 6RD functionality.
Table 13-3
Feature
|
Supported
|
6RD BR mode
|
Yes
|
6RD CE mode
|
Yes
|
6RD tunnel
|
Yes
|
Scale
|
512
|
MIBs
|
No
|
Linecards
|
ES40
|
VRF awareness
|
Yes
|
ISG Co-existence
|
No
|
Qos on Tunnels
|
No
|
Supported and Unsupported Features
Configuring IPv6 Rapid Deployment on the Cisco 7600 series router Platform
The following sections describe how to configure 6RD on the c7600 platform:
•Configuring 6RD
•Verifying the Configuration
Configuring 6RD
Complete the following steps to configure 6RD.
SUMMARY STEPS
Step 1 enable
Step 2 configure terminal
Step 3 interface tunnel tunnel-number
Step 4 ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length}
Step 5 tunnel source {ip-address | interface-type interface-number}
Step 6 tunnel mode ipv6ip [6rd | 6to4 | auto-tunnel | isatap]
Step 7 mls 6rd reserve interface gigabitethernet/ tengigabitethernet
Step 8 tunnel 6rd prefix ipv6-prefix/prefix-length
Step 9 tunnel 6rd ipv4 {prefix-length length} {suffix-length length}
Step 10 exit
Step 11 interface type instance
Step 12 ip address ip-address
Step 13 exit
Step 14 ipv6 route { ipv6-prefix | prefix-length } tunnel tunnel-number
Step 15 end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router# enable
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
interface tunnel tunnel-number
Example:
Router(config)# interface
tunnel 1
|
Specifies a tunnel interface and enters the interface configuration mode.
|
Step 4
|
ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length}
Example:
Router(config-if)# ipv6
address
2001:B000:400::1/124
|
Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.
|
Step 5
|
tunnel source {ip-address | interface-type interface-number}
Example:
Router(config-if)# tunnel
source loopback 0
|
Specifies the source interface type and number for the tunnel interface.
|
Step 6
|
tunnel mode ipv6ip [6rd | 6to4 | auto-tunnel | isatap]
Example:
Router(config-if)# tunnel
mode ipv6ip 6rd
|
Configures a static IPv6 tunnel interface.
|
Step 7
|
mls 6rd reserve interface gigabitethernet/ tengigabitethernet
Example:
Router(config-if)# mls 6rd
reserve interface gig 9/5
|
Redirects the IPv6 traffic to IPv4 core facing interface on the ES40 line card.
|
Step 8
|
tunnel 6rd prefix ipv6-prefix/prefix-length
Example:
Router(config-if)# tunnel
6rd prefix 2001:B000::/32
|
Specifies the common IPv6 prefix on IPv6 rapid 6RD tunnels.
|
Step 9
|
tunnel 6rd ipv4 {prefix-length length} {suffix-length length}
Example:
Router(config-if)# tunnel
6rd ipv4 prefix-len 16
suffix-len 8
|
Specifies the prefix and suffix length of the IPv4 transport address common to all the 6RD routers in a domain.
|
Step 10
|
exit
Example:
Router(config-if)# exit
|
Exits configuration mode, and returns the CLI to privileged EXEC mode.
|
Step 11
|
interface type instance
Example:
Router(config)# interface
loopback 0
|
Enters interface configuration mode and names the new loopback interface.
|
Step 12
|
ip address ip-address
Example:
Router(config-if)# ip
address 10.1.4.1
255.255.255.255
|
Assigns an IP address and subnet mask to the loopback interface.
|
Step 13
|
exit
Example:
Router(config-if)# exit
|
Exits configuration mode, and returns the CLI to privileged EXEC mode.
|
Step 14
|
ipv6 route
ipv6-prefix/prefix-length
tunnel tunnel-number
Example:
Router(config)# ipv6 route
2001:b000::/32 tunnel 1
|
Redirects 6RD specific traffic to the 6RD tunnel.
|
Step 15
|
end
Example:
Router(config-if)# end
|
Ends the current configuration session.
|
Configuration Examples
This example shows how to configure 6RD.
Router# configure terminal
Router(config)# interface tunnel 1
Router(config-if)# ipv6 address 2001:B000:400::1/124
Router(config-if)# tunnel source loopback 0
Router(config-if)# tunnel mode ipv6ip 6rd
Router(config-if)# mls 6rd reserve interface gig 9/5
Router(config-if)# tunnel 6rd prefix 2001:B000::/32
Router(config-if)# tunnel 6rd ipv4 prefix-len 16 suffix-len 8
Router(config)# interface loopback 0
Router(config-if)# ip address 10.1.4.1 255.255.255.255
Router(config)# ipv6 route 2001:b000::/32 tunnel 1
Verifying the Configuration
Use these commands to verify the configuration of 6RD on the Cisco 7600 series router:
Router# show tunnel 6rd tunnel 10
6RD: Operational, V6 Prefix: 2001:B000::/32
V4 Prefix, Length: 16, Value: 10.1.0.0
V4 Suffix, Length: 8, Value: 0.0.0.1
General Prefix: 2001:B000:400::/40
Router# show tunnel 6rd destination 2001:b000:800::12 tunnel 10
6RD Prefix: 2001:B000:800::12
Router# show tunnel 6rd prefix 10.1.8.1 tunnel 10
6RD Prefix: 2001:B000:800::
Troubleshooting Tips
For troubleshooting information, contact Cisco Technical Assistance Center (TAC) at:
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
VRF aware IPv6 Rapid Deployment (6RD) tunnels
Currently the 6RD tunneling feature on c7600 does not support virtual routing and forwarding (VRF) awareness. The forwarding table lookups for IPv6 overlay addresses and IPv4 transport addresses are performed in global routing tables. This feature extends the 6RD tunneling support for IPv6 overlay addresses and IPv4 transport addresses in VRF.
These scenarios explain the VRF aware 6RD tunnel function:
•IPv6 overlay address in VRF and IPv4 transport address in Global routing table (RT).
•IPv6 overlay address in VRF and IPv4 transport address in VRF.
Figure 13-4 Topology for the IPv6 overlay address in VRF, and the IPv4 transport address in GRT.
The VRF Aware IPv6 over IPv4 Tunnel should have an ES+ line card towards the tunnel facing side.
Restriction for VRF aware 6RD tunnels
•Currently the c7600 supports only 256 VRF instances for IPv6.
•The incoming physical interface, and the tunnel interface should have the same VRF instance defined.
•The tunnel transport VRF and the egress physical interface, through which the traffic leaves should have the same VRF instance defined.
•For 6RD customer edge router configuration, the tunnel source and the border relay (BR) address should have the same VRF instance defined as the physical interface, through which the traffic flows.
Configuring VRF aware 6RD tunnel
The following sections describe how to configure VRF aware IPv6 tunnel on c7600:
•Configuring IPv6 Overlay Addresses in VRF and IPv4 Transport Addresses in Global RT
•Configuring IPv6 overlay addresses in VRF and IPv4 transport addresses in VRF
Configuring IPv6 Overlay Addresses in VRF and IPv4 Transport Addresses in Global RT
Complete the following steps to configure IPv6 overlay addresses in VRF and IPv4 transport addresses in Global RT:
SUMMARY STEPS
6RD customer edge router onfiguration
Step 1 enable
Step 2 configure terminal
Step 3 ipv6 unicast-routing
Step 4 mls ipv6 vrf
Step 5 vrf definition vrf name
Step 6 rd {ASN:nn | IP address: nn}
Step 7 route-target [import | export | both]{ASN:nn | IP address: nn}
Step 8 address-family ipv6
Step 9 exit
Step 10 address-family ipv4
Step 11 exit
Step 12 exit
Step 13 interface gigabitethernet slot/port
Step 14 vrf forwarding vrf name
Step 15 ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length}
Step 16 exit
Step 17 interface gigabitethernet slot/port
Step 18 ip address ip-address mask
Step 19 ip ospf process-id area area-id
Step 20 exit
Step 21 interface loopback interface-number
Step 22 ip address ip-address mask
Step 23 ip ospf process-id area area-id
Step 24 exit
Step 25 interface tunnel tunnel-number
Step 26 vrf forwarding vrf name
Step 27 ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length}
Step 28 mls 6rd reserve interface gigabitethernet/ tengigabitethernet
Step 29 tunnel source {ip-address | interface-type interface-number}
Step 30 tunnel mode ipv6ip [6rd | 6to4 | auto-tunnel | isatap]
Step 31 tunnel 6rd ipv4 {prefix-length length} {suffix-length length}
Step 32 tunnel 6rd prefix ipv6-prefix/prefix-length
Step 33 tunnel 6rd br ipv4-address
Step 34 exit
Step 35 ipv6 route vrf vrf-name ipv6-prefix/prefix-length tunnel tunnel number
Step 36 ipv6 route vrf vrf-name ipv6-prefix/prefix-length tunnel tunnel number ipv6-address
Step 37 end
6RD Border Relay (BR) Router Configuration
Step 1 Repeat steps 1 through 32 from the 6RD CE configuration, and then continue with these steps:
Step 2 exit
Step 3 ipv6 route vrf vrf-name ipv6-prefix/prefix-length tunnel tunnel number
Step 4 end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router# enable
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
ipv6 unicast-routing
Example:
Router(config)# ipv6
unicast-routing
|
Enables the forwarding of IPv6 unicast datagrams.
|
Step 4
|
mls ipv6 vrf
Example:
Router(config)# mls ipv6
vrf
|
Enables IPv6 globally in a VRF instance.
|
Step 5
|
vrf definition vrf name
Example:
Router(config)# vrf
definition VRF_RED
|
Configures a VRF instance and enters the VRF configuration mode.
|
Step 6
|
rd {ASN:nn | IP address:
nn}
Example:
Router(config-vrf)# rd 1:1
|
Specifies a route distinguisher (RD).
•ASN:nn: Specifies an autonomous system number and an arbitrary number.
•IP address: nn: Specifies an IP address and an arbitrary number.
|
Step 7
|
route-target [import |
export | both]{ASN:nn | IP
address: nn}
Example:
Router(config-vrf)#route-ta
rget export 1:1
Router(config-vrf)#route-ta
rget import 1:1
|
Creates a route-target extended community for a VRF instance. Route target extended community attributes are used to identify a set of sites and VRF instances that can receive routes with a configured route target.
•import: Imports routing information from the target VPN extended community.
•export: Exports routing information to the target VPN extended community.
•both: Imports both import and export routing information to the target VPN extended community.
•ASN:nn: Specifies an autonomous system number and an arbitrary number.
•IP address: nn: Specifies an IP address and an arbitrary number.
|
Step 8
|
address-family ipv6
Example:
Router#(config-vrf)#address
-family ipv6
|
Selects an address family type for a VRF table and enters VRF address family configuration mode. It configures the separate route-target policies for IPv6.
|
Step 9
|
exit
Example:
Router#(config-vrf-af)#exit
|
Exits the address family configuration mode.
|
Step 10
|
address-family ipv4
Example:
Router#(config-vrf)#address
-family ipv4
|
Selects an address family type for a VRF table and enters VRF address family configuration mode. It configures the separate route-target policies for IPv4.
|
Step 11
|
exit
Example:
Router#
(config-vrf-af)#exit
|
Exits the address family configuration mode.
|
Step 12
|
exit
Example:
Router#(config-vrf)#exit
|
Exits the VRF configuration mode.
|
Step 13
|
interface gigabitethernet
slot/port
Example:
Router(config)# interface
gigabitethernet 3/1
|
Enters the interface configuration mode and specifies the Gigabit interface to configure.
•slot/port—Specifies the location of the interface.
Note This command configures the interface towards the IPv6 network.
|
Step 14
|
vrf forwarding vrf name
Example:
Router(config-if)#vrf
forwarding VRF_RED
|
Associates a VRF instance with an interface or a subinterface.
|
Step 15
|
ipv6 address
{ipv6-address|prefix-length
| prefix-name sub-bits
|prefix-length}
Example:
Router (config-if)# ipv6
address 1::2/64
|
Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.
|
Step 16
|
exit
Example:
Router (config-if)#exit
|
Exits interface configuration mode.
|
Step 17
|
interface gigabitethernet
slot/port
Example:
Router(config)# interface
gigabitethernet 4/1
|
Enters the interface configuration mode and specifies the Gigabit interface to configure.
•slot/port—Specifies the location of the interface.
Note This command configures the interface towards the IPv4 network.
|
Step 18
|
ip address ip-address mask
Example:
Router(config-if)#ip
address 17.1.1.1
255.255.255.0
|
Assigns an IP address and subnet mask to the interface.
|
Step 19
|
ip ospf process-id area
area-id
Example:
Router(config-if)#ip ospf 2
area 0
|
Enables the Open Shortest Path First on an interface.
•process-id—Specifies the process ID that ranges from 1 to 65535.
•area-id—Specifies the area ID that ranges from 0 to 4294967295.
|
Step 20
|
exit
Example:
Router(config-if)# exit
|
Exits interface configuration mode.
|
Step 21
|
interface loopback
interface-number
Example:
Router(config)# interface
Loopback 100
|
Enters interface configuration mode and names the new loopback interface.
Note This command configures a loopback interface for the tunnel source.
|
Step 22
|
ip address ip-address mask
Example:
Router(config-if)#ip
address 66.66.66.66
255.255.255.255
|
Assigns an IP address and subnet mask to the loopback interface.
|
Step 23
|
ip ospf process-id area
area-id
Example:
Router(config-if)#ip ospf 2
area 0
|
Enables the Open Shortest Path First on an interface.
•process-id—Specifies the process ID that ranges from 1 to 65535.
•area-id—Specifies the area ID that ranges from 0 to 4294967295.
|
Step 24
|
exit
Example:
Router(config-if)# exit
|
Exits interface configuration mode.
|
Step 25
|
interface tunnel
tunnel-number
Example:
Router(config)# interface
tunnel 10
|
Specifies a tunnel interface and enters the interface configuration mode.
Note This command configures the IPv6 tunneling over IPv4 Transport.
|
Step 26
|
vrf forwarding vrf name
Example:
Router# (config-if)#vrf
forwarding VRF_RED
|
Associates a VRF instance with an interface or a subinterface.
Note This command specifies the VRF instance to which the tunnel belongs, that is, the VRF instance used for IPv6 overlay address lookup.
|
Step 27
|
ipv6 address
{ipv6-address/prefix-length
| prefix-name
sub-bits/prefix-length}
Example:
Router(config-if)# ipv6
address
2001:A000:100::1/128
|
Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.
|
Step 28
|
mls 6rd reserve interface
gigabitethernet slot/port
Example:
Router(config-if)# mls 6rd
reserve interface gig 4/5
|
Redirects the IPv6 traffic to the IPv4 core facing interface on the ES+ line card.
|
Step 29
|
tunnel source {ip-address |
interface-type
interface-number}
Example:
Router(config-if)# tunnel
source loopback 100
|
Specifies the source interface type and number for the tunnel interface.
|
Step 30
|
tunnel mode ipv6ip [6rd |
6to4 | auto-tunnel |
isatap]
Example:
Router(config-if)#
tunnelmode ipv6ip 6rd
|
Configures a static IPv6 tunnel interface.
|
Step 31
|
tunnel 6rd ipv4
{prefix-length length}
{suffix-length length}
Example:
Router(config-if)#
tunnel6rd ipv4 prefix-len
16 suffix-len 8
|
Specifies the prefix and suffix length of the IPv4 transport address common to all the 6RD routers in a domain.
|
Step 32
|
tunnel 6rd prefix
ipv6-prefix/prefix-length
Example:
Router(config-if)# tunnel
6rd prefix 2001:A000::/32
|
Specifies the common IPv6 prefix on IPv6 6RD tunnels.
|
Step 33
|
tunnel 6rd br ipv4-address
Router(config-if)# tunnel
6rd br 60.1.2.1
|
Bypasses security checks on a 6RD customer-edge router.
•ipv4-address—IPv4 address of the border relay (BR) router.
|
Step 34
|
exit
Example:
Router(config-if)# exit
|
Exits interface configuration mode.
|
Step 35
|
ipv6 route vrf vrf-name
ipv6-prefix/prefix-length
tunnel tunnel number
Example:
Router(config)# ipv6 route
vrf vrf-red 2001:A000::/32
Tunnel 10
|
Establishes static routes.
•ipv6-prefix—Specifies the IPv6 network that is the destination of the static route. Can also be a host name when static host routes are configured.
•prefix-length—Specifies the length of the IPv6 prefix.
|
Step 36
|
ipv6 route vrf vrf-name
ipv6-prefix/prefix-length
tunnel tunnel number
ipv6-address
Example:
Router(config)#ipv6 route
vrf vrf-red 9000:1000::/64
Tunnel10 2001:A000:200::1
|
Establishes static routes.
•ipv6-address—The IPv6 address of the next hop that can be used to reach the specified network.
|
Step 37
|
end
Example:
Router(config)# end
|
Ends the current configuration session.
|
(for 6RD customer edge router configuration)
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
Repeat steps 1 through 32 from the 6RD CE configuration, and then continue with these steps:
|
Step 2
|
exit
Example:
Router(config-if)# exit
|
Exits interface configuration mode.
|
Step 3
|
ipv6 route vrf vrf-name
ipv6-prefix/prefix-length
tunnel tunnel number
Example:
Router(config)# ipv6 route
vrf vrf-red 2001:A000::/32
Tunnel 10
|
Establishes static routes.
•ipv6-prefix—Specifies the IPv6 network that is the destination of the static route. Can also be a host name when static host routes are configured.
•/prefix-length—Specifies the length of the IPv6 prefix.
|
Step 4
|
end
Example:
Router(config)# end
|
Ends the current configuration session.
|
(for 6RD Border Relay (BR) Router Configuration)
Configuration Example
This example shows how to configure the IPv6 overlay addresses in VRF, and the IPv4 transport addresses in the Global Routing Table:
6RD customer edge router configuration
Router# configure terminal
Router(config)# ipv6 unicast-routing
Router(config)# mls ipv6 vrf
Router(config)# vrf definition VRF_RED
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv6
Router(config-vrf-af)# exit
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# exit
Router(config)# interface gigabitethernet 3/1
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 1::2/64
Router(config)# interface gigabitethernet 4/5
Router(config-if)# ip address 17.1.1.1 255.255.255.0
Router(config-if)# ip ospf 2 area 0
Router(config)# interface Loopback 100
Router(config-if)# ip address 60.1.1.1 255.255.255.05
Router(config-if)# ip ospf 2 area 0
Router(config)# interface tunnel 10
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 2001:A000:100::1/128
Router(config-if)# mls 6rd reserve interface GigabitEthernet4/5
Router(config-if)# tunnel source loopback 100
Router(config-if)# tunnel mode ipv6ip 6rd
Router(config-if)# tunnel 6rd ipv4 prefix-len 16 suffix-len 8
Router(config-if)# tunnel 6rd prefix 2001:A000::/32
Router(config-if)# tunnel 6rd br 60.1.2.1
Router(config)#ipv6 route vrf vrf-red 2001:A000::/32 Tunnel10
Router(config)#ipv6 route vrf vrf-red 9000:1000::/64 Tunnel10 2001:A000:200::1
6RD Border Relay (BR) Router Configuration
Router# configure terminal
Router(config)# ipv6 unicast-routing
Router(config)# mls ipv6 vrf
Router(config)# vrf definition VRF_RED
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv6
Router(config-vrf-af)# exit
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# exit
Router(config)# interface gigabitethernet 5/1
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 9000:1000::/64
Router(config)# interface gigabitethernet 4/1
Router(config-if)# ip address 17.1.1.2 255.255.255.0
Router(config-if)# ip ospf 2 area 0
Router(config)# interface Loopback 100
Router(config-if)# ip address 60.1.2.1 255.255.255.0
Router(config-if)# ip ospf 2 area 0
Router(config)# interface tunnel 10
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 2001:A000:100::1/128
Router(config-if)# mls 6rd reserve interface GigabitEthernet4/1
Router(config-if)# tunnel source loopback 100
Router(config-if)# tunnel mode ipv6ip 6rd
Router(config-if)# tunnel 6rd ipv4 prefix-len 16 suffix-len 8
Router(config-if)# tunnel 6rd prefix 2001:A000::/32
Router(config)#ipv6 route vrf vrf-red 2001:A000::/32 Tunnel10
Configuring IPv6 overlay addresses in VRF and IPv4 transport addresses in VRF
The only difference in configuration from the above GRT configuration is the use of the tunnel vrf vrf name command. This command associates a VRF instance to a specific tunnel destination or source.
Complete the following steps to configure IPv6 overlay addresses in VRF, and IPv4 transport addresses in VRF:
6RD customer edge configuration
Step 1 enable
Step 2 configure terminal
Step 3 ipv6 unicast-routing
Step 4 mls ipv6 vrf
Step 5 vrf definition vrf name 1
Step 6 rd {ASN:nn | IP address: nn}
Step 7 route-target [import | export | both] {ASN:nn | IP address: nn}
Step 8 address-family ipv6
Step 9 exit
Step 10 address-family ipv4
Step 11 exit
Step 12 exit
Step 13 vrf definition vrf name 2
Step 14 rd {ASN:nn | IP address: nn}
Step 15 route-target [import | export | both] {ASN:nn | IP address: nn}
Step 16 address-family ipv4
Step 17 exit
Step 18 exit
Step 19 interface gigabitethernet slot/port
Step 20 vrf forwarding vrf name 1
Step 21 ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length}
Step 22 exit
Step 23 interface gigabitethernet slot/port
Step 24 vrf forwarding vrf name 2
Step 25 ip address ip-address mask
Step 26 ip ospf process-id area area-id
Step 27 exit
Step 28 interface loopback interface-number
Step 29 vrf forwarding vrf name 2
Step 30 ip address ip-address mask
Step 31 ip ospf process-id area area-id
Step 32 exit
Step 33 interface tunnel tunnel-number
Step 34 vrf forwarding vrf name 1
Step 35 ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length}
Step 36 mls 6rd reserve interface gigabitethernet/ tengigabitethernet
Step 37 tunnel source {ip-address | interface-type interface-number}
Step 38 tunnel mode ipv6ip [6rd | 6to4 | auto-tunnel | isatap]
Step 39 tunnel 6rd ipv4 {prefix-length length} {suffix-length length}
Step 40 tunnel 6rd prefix ipv6-prefix/prefix-length
Step 41 tunnel 6rd br ipv4-address
Step 42 tunnel vrf vrf name 2
Step 43 exit
Step 44 ipv6 route vrf vrf-name ipv6-prefix/prefix-length tunnel tunnel number
Step 45 ipv6 route vrf vrf-name ipv6-prefix/prefix-length tunnel tunnel number ipv6-address
Step 46 end
6RD BR configuration
Step 1 Repeat steps 1 through 40 from the 6RD CE configuration, and then continue with these steps:
Step 2 tunnel vrf vrf name 2
Step 3 exit
Step 4 ipv6 route vrf vrf-name ipv6-prefix/prefix-length tunnel tunnel number
Step 5 end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router# enable
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
ipv6 unicast-routing
Example:
Router(config)# ipv6
unicast-routing
|
Enables the forwarding of IPv6 unicast datagrams.
|
Step 4
|
mls ipv6 vrf
Example:
Router(config)# mls ipv6
vrf
|
Enables IPv6 globally in a VRF instance.
|
Step 5
|
vrf definition vrf name 1
Example:
Router(config)# vrf
definition VRF_RED
|
Configures a VRF instance and enters the VRF configuration mode.
|
Step 6
|
rd {ASN:nn | IP address:
nn}
Example:
Router(config-vrf)# rd 1:1
|
Specifies a route distinguisher.
•ASN:nn: Specifies an autonomous system number and an arbitrary number.
•IP address: nn: Specifies an IP address and an arbitrary number.
|
Step 7
|
route-target [import |
export | both]{ASN:nn | IP
address: nn}
Example:
Router(config-vrf)#route-t
arget export 1:1
Router(config-vrf)#route-t
arget import 1:1
|
Creates a route-target extended community for a VRF instance. Route target extended community attributes are used to identify a set of sites and VRF instances that can receive routes with a configured route target.
•import: Imports routing information from the target VPN extended community.
•export: Exports routing information to the target VPN extended community.
•both: Imports both import and export routing information to the target VPN extended community.
•ASN:nn: Specifies an autonomous system number and an arbitrary number.
•IP address: nn: Specifies an IP address and an arbitrary number.
|
Step 8
|
address-family ipv6
Example:
Router(config-vrf)#address
-family ipv6
|
Selects an address family type for a VRF table and enters VRF address family configuration mode. It configures the separate route-target policies for IPv6.
|
Step 9
|
exit
Example:
Router(config-vrf-af)#exit
|
Exits the address family configuration mode.
|
Step 10
|
address-family ipv4
Example:
Router(config-vrf)#address
-family ipv4
|
Selects an address family type for a VRF table and enters VRF address family configuration mode. It configures the separate route-target policies for IPv4.
|
Step 11
|
exit
Example:
Router
(config-vrf-af)#exit
|
Exits the address family configuration mode.
|
Step 12
|
exit
Example:
Router(config-vrf)#exit
|
Exits the VRF configuration mode.
|
Step 13
|
vrf definition vrf name 2
Example:
Router(config)# vrf
definition VRF_GREEN
|
Configures a VRF instance and enters the VRF configuration mode.
|
Step 14
|
rd {ASN:nn | IP address:
nn}
Example:
Router(config-vrf)# rd 1:1
|
Specifies an RD.
•ASN:nn: Specifies an autonomous system number and an arbitrary number.
•IP address: nn: Specifies an IP address and an arbitrary number.
|
Step 15
|
route-target [import |
export | both]{ASN:nn | IP
address: nn}
Example:
Router(config-vrf)#route-t
arget export 1:1
Router(config-vrf)#route-t
arget import 1:1
|
Creates a route-target extended community for a VRF instance. Route target extended community attributes are used to identify a set of sites and VRF instances that can receive routes with a configured route target.
•import: Imports routing information from the target VPN extended community.
•export: Exports routing information to the target VPN extended community.
•both: Imports both import and export routing information to the target VPN extended community.
•ASN:nn: Specifies an autonomous system number and an arbitrary number.
•IP address: nn: Specifies an IP address and an arbitrary number.
|
Step 16
|
address-family ipv4
Example:
Router(config-vrf)#address
-family ipv4
|
Selects an address family type for a VRF table and enters VRF address family configuration mode. It configures the separate route-target policies for IPv4.
|
Step 17
|
exit
Example:
Router
(config-vrf-af)#exit
|
Exits the address family configuration mode.
|
Step 18
|
exit
Example:
Router(config-vrf)#exit
|
Exits the VRF configuration mode.
|
Step 19
|
interface gigabitethernet
slot/port
Example:
Router(config)# interface
gigabitethernet 3/1
|
Enters the interface configuration mode and specifies the Gigabit interface to configure.
•slot/port—Specifies the location of the interface.
Note This command configures the interface towards the IPv6 network.
|
Step 20
|
vrf forwarding vrf name 1
Example:
Router(config-if)#vrf
forwarding VRF_RED
|
Associates a VRF instance with an interface or a subinterface.
|
Step 21
|
ipv6 address
{ipv6-address|prefix-lengt
h | prefix-name sub-bits
|prefix-length}
Example:
Router(config-if)# ipv6
address 1::2/64
|
Specifies the IPv6 address assigned to the interface, and enables IPv6 processing on the interface.
|
Step 22
|
exit
Example:
Router# (config-if)# exit
|
Exits interface configuration mode.
|
Step 23
|
interface gigabitethernet
slot/port
Example:
Router(config)# interface
gigabitethernet 4/5
|
Enters the interface configuration mode and specifies the Gigabit interface to configure.
•slot/port—Specifies the location of the interface.
Note This command configures the interface towards the IPv4 network.
|
Step 24
|
vrf forwarding vrf name 2
Example:
Router(config-if)#vrf
forwarding VRF_GREEN
|
Associates a VRF instance with an interface or a subinterface.
|
Step 25
|
ip address ip-address mask
Example:
Router(config-if)#ip
address 17.1.1.1
255.255.255.0
|
Assigns an IP address and subnet mask to the interface.
|
Step 26
|
ip ospf process-id area
area-id
Example:
Router(config-if)#ip ospf
2 area 0
|
Enables the Open Shortest Path First on an interface.
•process-id—Specifies the process ID that ranges from 1 to 65535.
•area-id—Specifies the area ID that ranges from 0 to 4294967295.
|
Step 27
|
exit
Example:
Router(config-if)# exit
|
Exits interface configuration mode.
|
Step 28
|
interface loopback
interface-number
Example:
Router(config)# interface
Loopback 100
|
Enters interface configuration mode and names the new loopback interface.
Note This command configures a loopback interface for the tunnel source
|
Step 29
|
vrf forwarding vrf name 2
Example:
Router(config-if)#vrf
forwarding VRF_GREEN
|
Associates a VRF instance with an interface or a subinterface.
|
Step 30
|
ip address ip-address
Example:
Router(config-if)#ip
address 60.1.1.1
255.255.255.255
|
Assigns an IP address and subnet mask to the loopback interface.
|
Step 31
|
ip ospf process-id area
area-id
Example:
Router(config-if)#ip ospf
2 area 0
|
Enables the Open Shortest Path First on an interface.
•process-id—Specifies the process ID that ranges from 1 to 65535.
•area-id—Specifies the area ID that ranges from 0 to 4294967295.
|
Step 32
|
exit
Example:
Router(config-if)# exit
|
Exits interface configuration mode.
|
Step 33
|
interface tunnel
tunnel-number
Example:
Router(config)# interface
tunnel 10
|
Specifies a tunnel interface and enters the interface configuration mode.
Note This command configures the IPv6 tunneling over IPv4 Transport.
|
Step 34
|
vrf forwarding vrf name 1
Example:
Router(config-if)#vrf
forwarding VRF_RED
|
Associates a VRF instance with an interface or a subinterface.
Note This command specifies the VRF instance to which the tunnel belongs , that is, the VRF instance used for IPv6 overlay address lookup.
|
Step 35
|
ipv6 address
{ipv6-address|prefix-lengt
h | prefix-name sub-bits
|prefix-length}
Example:
Router(config-if)# ipv6
address
2001:A000:100::1/128
|
Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.
|
Step 36
|
mls 6rd reserve interface
gigabitethernet slot/port
Example:
Router(config-if)# mls 6rd
reserve interface gig 4/5
|
Redirects the IPv6 traffic to the IPv4 core facing interface on the ES+ line card.
|
Step 37
|
tunnel source {ip-address
| interface-type
interface-number}
Example:
Router(config-if)# tunnel
source loopback 100
|
Specifies the source interface type and number for the tunnel interface.
|
Step 38
|
tunnel mode ipv6ip [6rd |
6to4 | auto-tunnel |
isatap]
Example:
Router(config-if)#
tunnelmode ipv6ip 6rd
|
Configures a static IPv6 tunnel interface.
|
Step 39
|
tunnel 6rd ipv4
{prefix-length length}
{suffix-length length}
Example:
Router(config-if)#
tunnel6rd ipv4 prefix-len
16 suffix-len 8
|
Specifies the prefix and suffix length of the IPv4 transport address common to all the 6RD routers in a domain.
|
Step 40
|
tunnel 6rd prefix
ipv6-prefix/prefix-length
Example:
Router(config-if)# tunnel
6rd prefix 2001:A000::/32
|
Specifies the common IPv6 prefix on IPv6 6RD tunnels.
|
Step 41
|
tunnel 6rd br ipv4-address
Router(config-if)# tunnel
6rd br 60.1.2.1
|
Bypasses security checks on a 6RD customer-edge router.
•ipv4-address—IPv4 address of the border relay (BR) router.
|
Step 42
|
tunnel vrf vrf name 2
Example:
Router(config-if)# tunnel
vrf VRF_GREEN
|
Configures a VRF instance with a specific tunnel destination, interface or a subinterface.
Note This command specifies the VRF instance used for the tunnel IPv4 transport address lookup.
|
Step 43
|
exit
Example:
Router(config-if)# exit
|
Exits interface configuration mode.
|
Step 44
|
ipv6 route vrf vrf-name
ipv6-prefix/prefix-length
tunnel tunnel number
Example:
Router(config)# ipv6 route
vrf vrf-red 2001:A000::/32
Tunnel 10
|
Establishes static routes.
•ipv6-prefix—Specifies the IPv6 network that is the destination of the static route. Can also be a host name when static host routes are configured.
•prefix-length—Specifies the length of the IPv6 prefix.
|
Step 45
|
ipv6 route vrf vrf-name
ipv6-prefix/prefix-length
tunnel tunnel number
ipv6-address
Example:
Router(config)#ipv6 route
vrf vrf-red 9000:1000::/64
Tunnel10 2001:A000:200::1
|
Establishes static routes.
•ipv6-address—The IPv6 address of the next hop that can be used to reach the specified network.
|
Step 46
|
Example:
Router(config)# end
|
Ends the current configuration session.
|
(for 6rd CE Configuration)
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
Repeat steps 1 through 40 from the 6RD CE configuration, and then continue with these steps:
|
Step 2
|
tunnel vrf vrf name 2
Example:
Router(config-if)# tunnel
vrf VRF_GREEN
|
Configures a VRF instance with a specific tunnel destination, interface or a subinterface.
Note This command specifies the VRF instance used for tunnel IPv4 transport address lookup.
|
Step 3
|
exit
Example:
Router(config-if)# exit
|
Exits interface configuration mode.
|
Step 4
|
ipv6 route vrf vrf-name
ipv6-prefix/prefix-length
tunnel tunnel number
Example:
Router(config)# ipv6 route
vrf vrf-red 2001:A000::/32
Tunnel 10
|
Establishes static routes.
•ipv6-prefix—Specifies the IPv6 network that is the destination of the static route. Can also be a host name when static host routes are configured.
•prefix-length—Specifies the length of the IPv6 prefix.
|
Step 5
|
Example:
Router(config)# end
|
Ends the current configuration session.
|
(for 6RD BR Configuration)
Configuration Example
This example shows how to configure IPv6 overlay addresses in VRF, and IPv4 transport addresses in VRF:
6RD customer edge configuration
Router# configure terminal
Router(config)# ipv6 unicast-routing
Router(config)# mls ipv6 vrf
Router(config)# vrf definition VRF_RED
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv6
Router(config-vrf-af)# exit
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# exit
Router(config)# vrf definition VRF_GREEN
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# exit
Router(config)# interface gigabitethernet 3/1
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 1::2/64
Router(config)# interface gigabitethernet 4/5
Router(config-if)# vrf forwarding VRF_GREEN
Router(config-if)# ip address 17.1.1.1 255.255.255.0
Router(config-if)# ip ospf 2 area 0
Router(config)# interface Loopback 100
Router(config-if)# vrf forwarding VRF_GREEN
Router(config-if)# ip address 60.1.1.1 255.255.255.0
Router(config-if)# ip ospf 2 area 0
Router(config)# interface tunnel 10
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 2001:A000:100::1/128
Router(config-if)# mls 6rd reserve interface GigabitEthernet4/5
Router(config-if)# tunnel source loopback 100
Router(config-if)# tunnel mode ipv6ip 6rd
Router(config-if)# tunnel 6rd ipv4 prefix-len 16 suffix-len 8
Router(config-if)# tunnel 6rd prefix 2001:A000::/32
Router(config-if)# tunnel 6rd br 60.1.2.1
Router(config-if)# tunnel vrf VRF_GREEN
Router(config)#ipv6 route vrf vrf-red 2001:A000::/32 Tunnel10
Router(config)#ipv6 route vrf vrf-red 9000:1000::/64 Tunnel10 2001:A000:200::1
6RD BR config
Router# configure terminal
Router(config)# ipv6 unicast-routing
Router(config)# mls ipv6 vrf
Router(config)# vrf definition VRF_RED
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv6
Router(config-vrf-af)# exit
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# exit
Router(config)# vrf definition VRF_GREEN
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# exit
Router(config)# interface gigabitethernet 5/1
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 9000:1000::/64
Router(config)# interface gigabitethernet 4/1
Router(config-if)# vrf forwarding VRF_GREEN
Router(config-if)# ip address 17.1.1.2 255.255.255.0
Router(config-if)# ip ospf 2 area 0
Router(config)# interface Loopback 100
Router(config-if)# vrf forwarding VRF_GREEN
Router(config-if)# ip address 60.1.2.1 255.255.255.0
Router(config-if)# ip ospf 2 area 0
Router(config)# interface tunnel 10
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 2001:A000:100::1/128
Router(config-if)# mls 6rd reserve interface GigabitEthernet4/1
Router(config-if)# tunnel source loopback 100
Router(config-if)# tunnel mode ipv6ip 6rd
Router(config-if)# tunnel 6rd ipv4 prefix-len 16 suffix-len 8
Router(config-if)# tunnel 6rd prefix 2001:A000::/32
Router(config-if)# tunnel vrf VRF_GREEN
Router(config)#ipv6 route vrf vrf-red 2001:A000::/32 Tunnel10
Verifying the Configuration
Use these commands to verify the configuration of VRF aware 6RD tunnels on c7600:
•show platform npc ipv6_6rd egress-table vlan tunnel-vlan
Router# show platform npc ipv6_6rd egress-table vlan 1013
IPV6 6rd endpoint data for tepi_idx 0
dip 0.0.0.0 dmac-smac 0023.0417.b1c0-0023.0417.b1c0
Phy vlan 1024 Active 1 Tunnel Vlan 1013
•show platform npc ipv6_6rd egress-table vlan tunnel-vlan detail
Router# show platform npc ipv6_6rd egress-table vlan 1013 detail
IPV6_6RD egress table entry
eg_entry->static_route = 0
eg_entry->src_ip = 10.1.4.1
eg_entry->v4_add_mask = 0.0.255.0
eg_entry->v4_pref_suff = 10.1.0.1
eg_entry->v4_sp_pref_byte_off = 4
eg_entry->v4_sp_pref_bit_off = 0
eg_entry->v4_pref_in_bits = 16
eg_entry->eg_stats_id = 312020 0x0004C2D4
eg_entry->phy_vlan = 1024
value: 04 00 40 03 0a 01 04 01 00 00 ff 00 0a 01 00 01 ..@.............
value: 00 23 04 17 00 23 04 17 b1 c0 b1 c0 10 04 c2 d4 .#...#..1@1@..BT
•show platform npc 6rd tcam vlan 1061
Router# sh plat npc 6rd tcam vlan 1061
TCAM entry for tunnel vlan 1061 on np 0
Source IP : 100.0.32.1 Mask : 00000000
Key : 64 00 20 01 00 00 00 00 02 00 00 00 00 00 00 00 04 25 53 20
Mask : 00 00 00 00 FF FF FF FF 00 FF 00 00 FF FF FF FF FF FF A6 B0
Result : 04 25 01 03 00 05 3D BA
TCAM entry for tunnel vlan 1061 on np 1
Source IP : 100.0.32.1 Mask : 00000000
Key : 64 00 20 01 00 00 00 00 02 00 00 00 00 00 00 00 04 25 53 20
Mask : 00 00 00 00 FF FF FF FF 00 FF 00 00 FF FF FF FF FF FF A6 B0
Result : 04 25 01 03 00 05 3D BA
•show platform npc 6rd xlif vlan 1061
Router# show platform npc 6rd xlif vlan 1061
Eg xlif id (1061 + 32000) = (33061) tunnel_vlan : 1061
Feature common enable: 0x1
Control common bits: 0x00
Control feature bits: 0x00
Control rewrite opcode: 0x00
Feature data 0 0x80830008
Multicast enable: 0x00000000
Post Filter Opcode 0x00000000
Pre Filter Opcode 0x00000000
Post Filter Vlan high 0x00000000
Post Filter Vlan low 0x00000000
Post Filter Vlan outer 0x00000000
MVPNv6 decap Vlanv6: 1018
Eg xlif id (1018 + 32000) phy_vlan : (1018)
Feature common enable: 0x1
Control common bits: 0x00
Control feature bits: 0x00
Control rewrite opcode: 0x00
Feature data 0 0x00830008
Multicast enable: 0x00000000
Post Filter Opcode 0x00000008
Pre Filter Opcode 0x00000000
Post Filter Vlan high 0x00000000
Post Filter Vlan low 0x00000100
Post Filter Vlan outer 0x00000000
•show platform npc 6rd tunnel 34
Router# show platform npc 6rd tunnel 34
Tunnel34 is up, line protocol is up
MTU 0 bytes, BW 10000000 Kbit/sec, DLY 0 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Tunnel source 100.0.34.1 (Loopback34), destination 0.0.0.0
Tunnel protocol/transport IPv6 6RD, key disabled, sequencing disabled
Checksumming of packets disabled, vip tunneling disabled
Last input never, output never, output hang never
Last clearing of "show interface" counters 1d02h
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
IPV6 6RD tunnel information on CP: Tunnel34, interface vlan = 1063
if_num = 1750, phy_vlan = 1018, tun_vlan = 1063, id =33, inuse = 1, active = 1 error = 0
sip 100.0.34.1, ep count 2
TEPI indices of remote endpoint associated
with the IPV6 6RD Tunnel interface are :
Troubleshooting
For troubleshooting information, contact Cisco Technical Assistance Center (TAC) at:
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
VRF aware IPv6 Tunnels over IPv4 Transport
The current IPv6 tunneling feature on c7600 does not support Virtual Routing and Forwarding (VRF) awareness. The forwarding table lookups for IPv6 overlay addresses and IPv4 transport addresses are performed in the global routing tables. This feature extends the tunneling support for IPv6 overlay addresses in VRF.
These scenarios explain the VRF aware IPv6 tunnel function:
•IPv6 overlay address in VRF and IPv4 transport address in Global routing table (RT).
•IPv6 overlay address in VRF and IPv4 transport address in VRF.
Figure 13-5 illustrates the topology for the IPv6 overlay address in VRF, and the IPv4 transport address in VRF.
Figure 13-5 Topology for VRF aware IPv6 Tunnel
The VRF Aware IPv6 over IPv4 Tunnel can have any line card towards the core facing side.
.
Restrictions for VRF aware IPv6 tunnels
Following restrictions apply to the VRF aware IPv6 tunnels feature:
•This feature supports the IPv6IP and 6to4 tunnels mode.
•Due to EARL limitation, the same source tunnels across VRFs are not supported.
•The tunnel source and the tunnel destination should be in the same VRF instance.
•The tunnel IPv4 transport addresses and the physical interface where the tunnel traffic exits, should be in the same VRF instance.
•The incoming IPv6 interface and the tunnel should be in the same VRF instance.
•This feature does not support IPv6IP auto-tunnels and ISATAP.
Configuring VRF aware IPv6 tunnel
The following sections describe how to configure VRF aware IPv6 tunnel on c7600:
•Configure IPv6 overlay addresses in VRF and IPv4 transport addresses in Global RT
•Configure IPv6 overlay addresses in VRF and IPv4 transport addresses in VRF
Configure IPv6 overlay addresses in VRF and IPv4 transport addresses in Global RT
Complete the following steps to configure IPv6 overlay addresses in VRF and IPv4 transport addresses in Global RT:
SUMMARY STEPS
Step 1 enable
Step 2 configure terminal
Step 3 ipv6 unicast-routing
Step 4 mls ipv6 vrf
Step 5 vrf definition vrf name
Step 6 rd {ASN:nn | IP address: nn}
Step 7 route-target [import | export | both]{ASN:nn | IP address: nn}
Step 8 address-family ipv6
Step 9 exit
Step 10 address-family ipv4
Step 11 exit
Step 12 exit
Step 13 interface gigabitethernet slot/port
Step 14 vrf forwarding vrf name
Step 15 ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length}
Step 16 exit
Step 17 interface gigabitethernet slot/port
Step 18 ip address ip-address
Step 19 exit
Step 20 interface loopback interface-number
Step 21 ip address ip-address
Step 22 exit
Step 23 interface tunnel tunnel-number
Step 24 vrf forwarding vrf name
Step 25 ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length}
Step 26 tunnel source {ip-address | interface-type interface-number}
Step 27 tunnel destination {hostname | ip-address | ipv6-address}
Step 28 tunnel mode ipv6ip
Step 29 end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router# enable
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
ipv6 unicast-routing
Example:
Router(config)# ipv6
unicast-routing
|
Enables the forwarding of IPv6 unicast datagrams.
|
Step 4
|
mls ipv6 vrf
Example:
Router(config)# mls ipv6
vrf
|
Enables IPv6 globally in a VRF instance.
|
Step 5
|
vrf definition vrf name
Example:
Router(config)# vrf
definition VRF_RED
|
Configures a VRF instance and enters the VRF configuration mode.
|
Step 6
|
rd {ASN:nn | IP address:
nn}
Example:
Router(config-vrf)# rd 1:1
|
Specifies a route distinguisher (RD).
•ASN:nn: Specifies an autonomous system number and an arbitrary number.
•IP address: nn: Specifies an IP address and an arbitrary number.
|
Step 7
|
route-target [import |
export | both]{ASN:nn | IP
address: nn}
Example:
Router(config-vrf)#route-ta
rget export 1:1
Router(config-vrf)#route-ta
rget import 1:1
|
Creates a route-target extended community for a VRF instance. Route target extended community attributes are used to identify a set of sites and VRF instances that can receive routes with a configured route target.
•import: Imports routing information from the target VPN extended community.
•export: Exports routing information to the target VPN extended community.
•both: Imports both import and export routing information to the target VPN extended community.
•ASN:nn: Specifies an autonomous system number and an arbitrary number.
•IP address: nn: Specifies an IP address and an arbitrary number.
|
Step 8
|
address-family ipv6
Example:
Router#(config-vrf)#address
-family ipv6
|
Selects an address family type for a VRF table and enters VRF address family configuration mode. This command configures the separate route-target policies for IPv6.
|
Step 9
|
exit
Example:
Router#(config-vrf-af)#exit
|
Exits the address family configuration mode.
|
Step 10
|
address-family ipv4
Example:
Router#(config-vrf)#address
-family ipv4
|
Selects an address family type for a VRF table and enters VRF address family configuration mode. This command configures the separate route-target policies for IPv4.
|
Step 11
|
exit
Example:
Router#
(config-vrf-af)#exit
|
Exits the address family configuration mode.
|
Step 12
|
exit
Example:
Router#(config-vrf)#exit
|
Exits the VRF configuration mode.
|
Step 13
|
interface gigabitethernet
slot/port
Example:
Router(config)# interface
gigabitethernet 3/1
|
Enters the interface configuration mode and specifies the Gigabit interface to configure.
•slot/port—Specifies the location of the interface.
Note This command configures the interface towards the IPv6 network.
|
Step 14
|
vrf forwarding vrf name
Example:
Router(config-if)#vrf
forwarding VRF_RED
|
Associates a VRF instance with an interface or a subinterface.
|
Step 15
|
ipv6 address
{ipv6-address|prefix-length
| prefix-name sub-bits
|prefix-length}
Example:
Router (config-if)# ipv6
address 1::2/64
|
Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.
|
Step 16
|
exit
Example:
Router (config-if)#exit
|
Exits interface configuration mode.
|
Step 17
|
interface gigabitethernet
slot/port
Example:
Router(config)# interface
gigabitethernet 4/1
|
Enters the interface configuration mode and specifies the Gigabit interface to configure.
•slot/port—Specifies the location of the interface.
Note This command configures the interface towards the IPv4 network.
|
Step 18
|
ip address ip-address
Example:
Router(config-if)#ip
address 10.1.1.1
255.255.255.0
|
Assigns an IP address and subnet mask to the interface.
|
Step 19
|
exit
Example:
Router(config-if)# exit
|
Exits interface configuration mode.
|
Step 20
|
interface loopback
interface-number
Example:
Router(config)# interface
Loopback 666
|
Enters interface configuration mode and names the new loopback interface.
Note This command configures a loopback interface for the tunnel source
|
Step 21
|
ip address ip-address
Example:
Router(config-if)#ip
address 66.66.66.66
255.255.255.255
|
Assigns an IP address and subnet mask to the loopback interface.
|
Step 22
|
exit
Example:
Router(config-if)# exit
|
Exits interface configuration mode.
|
Step 23
|
interface tunnel
tunnel-number
Example:
Router(config)# interface
tunnel 666
|
Specifies a tunnel interface and enters the interface configuration mode.
Note This command configures the IPv6 tunneling over IPv4 Transport.
|
Step 24
|
vrf forwarding vrf name
Example:
Router# (config-if)#vrf
forwarding VRF_RED
|
Associates a VRF instance with an interface or a subinterface.
Note This command specifies the VRF instance to which the tunnel belongs, that is, the VRF instance used for IPv6 overlay address lookup.
|
Step 25
|
ipv6 address
{ipv6-address/prefix-length |
prefix-name
sub-bits/prefix-length}
Example:
Router(config-if)# ipv6
address 3::1/120
|
Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.
|
Step 26
|
tunnel source {ip-address |
interface-type
interface-number}
Example:
Router(config-if)# tunnel
source loopback 666
|
Specifies the source interface type and number for the tunnel interface.
|
Step 27
|
tunnel destination
{host-name | ip-address |
ipv6-address}
Example:
Router(config-if)# tunnel
destination 10.66.66.1
|
Specifies the destination address for a tunnel interface.
|
Step 28
|
tunnel mode ipv6ip [6rd |
6to4 | auto-tunnel |
isatap]
Example:
Router(config-if)# tunnel
mode ipv6ip
|
Configures a static IPv6 tunnel interface.
|
Step 29
|
end
Example:
Router(config-if)# end
|
Ends the current configuration session.
|
Configuration Example
This example shows how to configure the IPv6 overlay addresses in VRF, and the IPv4 transport addresses in the Global Routing Table:
Router# configure terminal
Router(config)# ipv6 unicast-routing
Router(config)# mls ipv6 vrf
Router(config)# vrf definition VRF_RED
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv6
Router(config-vrf-af)# exit
Router(config-vrf)# address-family ipv4
Router(config-vrf)# (config-vrf-af)# exit
Router(config)# interface gigabitethernet 3/1
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 1::2/64
Router(config)# interface gigabitethernet 4/1
Router(config-if)# ip address 10.1.1.1 255.255.255.0
Router(config)# interface Loopback 666
Router(config-if)# ip address 66.66.66.66 255.255.255.255
Router(config)# interface tunnel 666
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 3::1/120
Router(config-if)# tunnel source loopback 666
Router(config-if)# tunnel destination 10.66.66.1
Router(config-if)# tunnel mode ipv6ip
Configure IPv6 overlay addresses in VRF and IPv4 transport addresses in VRF
Complete the following steps to configure IPv6 overlay addresses in VRF, and IPv4 transport addresses in VRF:
SUMMARY STEPS
Step 1 enable
Step 2 configure terminal
Step 3 ipv6 unicast-routing
Step 4 mls ipv6 vrf
Step 5 vrf definition vrf name 1
Step 6 rd {ASN:nn | IP address: nn}
Step 7 route-target [import | export | both] {ASN:nn | IP address: nn}
Step 8 address-family ipv6
Step 9 exit
Step 10 address-family ipv4
Step 11 exit
Step 12 exit
Step 13 vrf definition vrf name 2
Step 14 rd {ASN:nn | IP address: nn}
Step 15 route-target [import | export | both] {ASN:nn | IP address: nn}
Step 16 address-family ipv4
Step 17 exit
Step 18 exit
Step 19 interface gigabitethernet slot/port
Step 20 vrf forwarding vrf name 1
Step 21 ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length}
Step 22 exit
Step 23 interface gigabitethernet slot/port
Step 24 vrf forwarding vrf name 2
Step 25 ip address ip-address
Step 26 exit
Step 27 interface loopback interface-number
Step 28 vrf forwarding vrf name 2
Step 29 ip address ip-address
Step 30 exit
Step 31 interface tunnel tunnel-number
Step 32 vrf forwarding vrf name 1
Step 33 ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length}
Step 34 tunnel source {ip-address | interface-type interface-number}
Step 35 tunnel destination {hostname | ip-address | ipv6-address}
Step 36 tunnel mode ipv6ip
Step 37 tunnel vrf vrf name 2
Step 38 end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router# enable
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
ipv6 unicast-routing
Example:
Router(config)# ipv6
unicast-routing
|
Enables the forwarding of IPv6 unicast datagrams.
|
Step 4
|
mls ipv6 vrf
Example:
Router(config)# mls ipv6
vrf
|
Enables IPv6 globally in a VRF instance.
|
Step 5
|
vrf definition vrf name 1
Example:
Router(config)# vrf
definition VRF_RED
|
Configures a VRF instance and enters the VRF configuration mode.
|
Step 6
|
rd {ASN:nn | IP address:
nn}
Example:
Router(config-vrf)# rd 1:1
|
Specifies a route distinguisher (RD).
•ASN:nn: Specifies an autonomous system number and an arbitrary number.
•IP address: nn: Specifies an IP address and an arbitrary number.
|
Step 7
|
route-target [import |
export | both]{ASN:nn | IP
address: nn}
Example:
Router(config-vrf)#route-t
arget export 1:1
Router(config-vrf)#route-t
arget import 1:1
|
Creates a route-target extended community for a VRF instance. Route target extended community attributes are used to identify a set of sites and VRF instances that can receive routes with a configured route target.
•import: Imports routing information from the target VPN extended community.
•export: Exports routing information to the target VPN extended community.
•both: Imports both import and export routing information to the target VPN extended community.
•ASN:nn: Specifies an autonomous system number and an arbitrary number.
•IP address: nn: Specifies an IP address and an arbitrary number.
|
Step 8
|
address-family ipv6
Example:
Router(config-vrf)#address
-family ipv6
|
Select san address family type for a VRF table and enters VRF address family configuration mode. This command configures the separate route-target policies for IPv6.
|
Step 9
|
exit
Example:
Router(config-vrf-af)#exit
|
Exits the address family configuration mode.
|
Step 10
|
address-family ipv4
Example:
Router(config-vrf)#address
-family ipv4
|
Selects an address family type for a VRF table and enters VRF address family configuration mode. This command configures the separate route-target policies for IPv4.
|
Step 11
|
exit
Example:
Router
(config-vrf-af)#exit
|
Exits the address family configuration mode.
|
Step 12
|
exit
Example:
Router(config-vrf)#exit
|
Exits the VRF configuration mode.
|
Step 13
|
vrf definition vrf name 2
Example:
Router(config)# vrf
definition VRF_GREEN
|
Configures a VRF instance and enters the VRF configuration mode.
|
Step 14
|
rd {ASN:nn | IP address:
nn}
Example:
Router(config-vrf)# rd 1:1
|
Specifies a route distinguisher (RD).
•ASN:nn: Specifies an autonomous system number and an arbitrary number.
•IP address: nn: Specifies an IP address and an arbitrary number.
|
Step 15
|
route-target [import |
export | both]{ASN:nn | IP
address: nn}
Example:
Router(config-vrf)#route-t
arget export 1:1
Router(config-vrf)#route-t
arget import 1:1
|
Creates a route-target extended community for a VRF instance. Route target extended community attributes are used to identify a set of sites and VRF instances that can receive routes with a configured route target.
•import: Imports routing information from the target VPN extended community.
•export: Exports routing information to the target VPN extended community.
•both: Imports both import and export routing information to the target VPN extended community.
•ASN:nn: Specifies an autonomous system number and an arbitrary number.
•IP address: nn: Specifies an IP address and an arbitrary number.
|
Step 16
|
address-family ipv4
Example:
Router(config-vrf)#address
-family ipv4
|
Selects an address family type for a VRF table and enters VRF address family configuration mode. This command configures the separate route-target policies for IPv4.
|
Step 17
|
exit
Example:
Router
(config-vrf-af)#exit
|
Exits the address family configuration mode.
|
Step 18
|
exit
Example:
Router(config-vrf)#exit
|
Exits the VRF configuration mode.
|
Step 19
|
interface gigabitethernet
slot/port
Example:
Router(config)# interface
gigabitethernet 3/1
|
Enters the interface configuration mode and specifies the Gigabit interface to configure.
•slot/port—Specifies the location of the interface.
Note This command configures the interface towards the IPv6 network.
|
Step 20
|
vrf forwarding vrf name 1
Example:
Router(config-if)#vrf
forwarding VRF_RED
|
Associates a VRF instance with an interface or a subinterface.
|
Step 21
|
ipv6 address
{ipv6-address|prefix-lengt
h | prefix-name sub-bits
|prefix-length}
Example:
Router(config-if)# ipv6
address 1::2/64
|
Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.
|
Step 22
|
exit
Example:
Router# (config-if)# exit
|
Exits interface configuration mode.
|
Step 23
|
interface gigabitethernet
slot/port
Example:
Router(config)# interface
gigabitethernet 4/1
|
Enters the interface configuration mode and specifies the Gigabit interface to configure.
•slot/port—Specifies the location of the interface.
Note This command configures the interface towards the IPv4 network.
|
Step 24
|
vrf forwarding vrf name 2
Example:
Router(config-if)#vrf
forwarding VRF_GREEN
|
Associates a VRF instance with an interface or a subinterface.
|
Step 25
|
ip address ip-address
Example:
Router(config-if)#ip
address 10.1.1.1
255.255.255.0
|
Assigns an IP address and subnet mask to the interface.
|
Step 26
|
exit
Example:
Router(config-if)# exit
|
Exits interface configuration mode.
|
Step 27
|
interface loopback
interface-number
Example:
Router(config)# interface
Loopback 666
|
Enters interface configuration mode and names the new loopback interface.
Note This command configures a loopback interface for the tunnel source
|
Step 28
|
vrf forwarding vrf name 2
Example:
Router(config-if)#vrf
forwarding VRF_GREEN
|
Associates a VRF instance with an interface or a subinterface.
|
Step 29
|
ip address ip-address
Example:
Router(config-if)#ip
address 66.66.66.66
255.255.255.255
|
Assigns an IP address and subnet mask to the loopback interface.
|
Step 30
|
exit
Example:
Router(config-if)# exit
|
Exits interface configuration mode.
|
Step 31
|
interface tunnel
tunnel-number
Example:
Router(config)# interface
tunnel 666
|
Specifies a tunnel interface and enters the interface configuration mode.
Note This command configures the IPv6 tunneling over IPv4 Transport.
|
Step 32
|
vrf forwarding vrf name 1
Example:
Router(config-if)#vrf
forwarding VRF_RED
|
Associates a VRF instance with an interface or a subinterface.
Note This command specifies the VRF instance to which the tunnel belongs, that is, the VRF instance used for IPv6 overlay address lookup.
|
Step 33
|
ipv6 address
{ipv6-address/prefix-length |
prefix-name
sub-bits/prefix-length}
Example:
Router(config-if)# ipv6
address 3::1/120
|
Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.
|
Step 34
|
tunnel source {ip-address
| interface-type
interface-number}
Example:
Router(config-if)# tunnel
source loopback 666
|
Specifies the source interface type and number for the tunnel interface.
|
Step 35
|
tunnel destination
{host-name | ip-address |
ipv6-address}
Example:
Router(config-if)# tunnel
destination 10.66.66.1
|
Specifies the destination address for a tunnel interface.
|
Step 36
|
tunnel mode ipv6ip
Example:
Router(config-if)# tunnel
mode ipv6ip
|
Configures a static IPv6 tunnel interface.
|
Step 37
|
tunnel vrf vrf name 2
Example:
Router(config-if)# tunnel
vrf VRF_GREEN
|
Configures a VRF instance with a specific tunnel destination, interface or a subinterface.
Note This command specifies the VRF instance used for tunnel IPv4 transport address lookup, that is, the tunnel source and the tunnel destination.
|
Step 38
|
end
Example:
Router(config-if)# end
|
Ends the current configuration session.
|
Configuration Example
This example shows how to configure the IPv6 overlay addresses in VRF, and the IPv4 transport addresses in VRF:
Router# configure terminal
Router(config)# ipv6 unicast-routing
Router(config)# mls ipv6 vrf
Router(config)# vrf definition VRF_RED
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv6
Router(config-vrf-af)# exit
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# exit
Router(config)# vrf definition VRF_GREEN
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# exit
Router(config)# interface gigabitethernet 3/1
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 1::2/64
Router(config)# interface gigabitethernet 4/1
Router(config-if)# vrf forwarding VRF_GREEN
Router(config-if)# ip address 10.1.1.1 255.255.255.0
Router(config)# interface Loopback 666
Router(config-if)# vrf forwarding VRF_GREEN
Router(config-if)# ip address 66.66.66.66 255.255.255.255
Router(config)# interface tunnel 666
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 3::1/120
Router(config-if)# tunnel source loopback 666
Router(config-if)# tunnel destination 10.66.66.1
Router(config-if)# tunnel mode ipv6ip
Router(config-if)# tunnel vrf VRF_GREEN
Verifying the Configuration
Use these commands to verify the configuration of VRF aware IPv6 tunnel on c7600:
Name Default RD Protocols Interfaces
vrf-red 100:1 ipv4,ipv6 Tu666
Router# show interface tunnel 666
Tunnel666 is up, line protocol is up
Internet address is 80.1.1.1/24
MTU 17916 bytes, BW 100 Kbit/sec, DLY 50000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Tunnel source 66.66.66.66 (Loopback666), destination 66.66.66.65
Tunnel666 source tracking subblock associated with Loopback666
Set of tunnels with source Loopback666, 1 member (includes iterators), on
interface <OK>
Tunnel protocol/transport GRE/IP
Key disabled, sequencing disabled
Checksumming of packets disabled
Tunnel TTL 255, Fast tunneling enabled
Tunnel transport MTU 1476 bytes
Tunnel transmit bandwidth 8000 (kbps)
Tunnel receive bandwidth 8000 (kbps)
Last input 00:07:00, output 00:02:39, output hang never
Last clearing of "show interface" counters 00:07:19
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Output queue: 0/0 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
L2 Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes
L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes mcast
L3 out Switched: ucast: 0 pkt, 0 bytes mcast: 0 pkt, 0 bytes
20 packets input, 1944 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
26 packets output, 2504 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
Troubleshooting Tips
For troubleshooting information, contact Cisco Technical Assistance Center (TAC) at:
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
IPv6 over IPv4-GRE Tunnels
IPv6 traffic is carried over IPv4 generic routing encapsulation (GRE) tunnels using the standard GRE tunneling technique. As in the manually configured IPv6 tunnels, GRE tunnels are links between two points, with a separate tunnel for each link. The GRE tunnels provide stable connections that require regular secure communication between two edge routers or between an edge router and an end system. This feature supports VRF Aware IPv6 over IPv4-GRE Tunnel on the c7600.
Figure 13-6 Topology for VRF Aware IPv6 over IPv4-GRE
The VRF Aware IPv6 over IPv4 GRE tunnel must have ES+ line card towards the core facing side.
Restrictions for IPv6 over IPv4-GRE tunnel
Following restrictions apply to the IPv6 over IPv4-GRE tunnel:
•The IPv4 tunnel facing interface must be on the ES+ line card.
•The GRE tunnel key is not supported in the hardware.
•The IPv4 fragmentation after tunnel encapcapsulation is not supported in the hardware.
•The fragmented IPv4 packets for tunnel decapsulation is not supported in the hardware.
•The IPv4 GRE keepalives are supported, but the IPv6 GRE keepalives are not supported.
•The keepalives are not supported when the VRF instances configured using the vrf forwarding and tunnel vrf commands are different.
•Due to EARL limitation, same source tunnels across VRF's are not supported.
•This feature is not SSO compliant.
•With scaled configurations, when changing the tunnel mode from IPv6 over GRE to IPv6IP and on enabling the mls mpls tunnel-recirc command, the system didplays an error message with a traceback.
Configuring IPv6 over IPv4-GRE tunnel
The following sections describe how to configure IPv6 over IPv4-GRE tunnel on the c7600 platform:
•Configure IPv6 traffic over IPv4-GRE
•Configure VRF Aware IPv6 over IPv4-GRE Tunnel
Configure IPv6 traffic over IPv4-GRE
Complete the following steps to configure IPv6 traffic over IPv4-GRE tunnel:
Step 1 enable
Step 2 configure terminal
Step 3 ipv6 unicast-routing
Step 4 interface gigabitethernet slot/port
Step 5 ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length}
Step 6 exit
Step 7 interface gigabitethernet slot/port
Step 8 ip address ip-address
Step 9 exit
Step 10 interface loopback interface-number
Step 11 ip address ip-address
Step 12 exit
Step 13 interface tunnel tunnel-number
Step 14 ipv6 enable
Step 15 ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length}
Step 16 tunnel source {ip-address | interface-type interface-number}
Step 17 tunnel destination {hostname | ip-address | ipv6-address}
Step 18 tunnel mode gre ip
Step 19 exit
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router# enable
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
ipv6 unicast-routing
Example:
Router(config)# ipv6
unicast-routing
|
Enables the forwarding of IPv6 unicast datagrams.
|
Step 4
|
interface gigabitethernet
slot/port
Example:
Router(config)# interface
gigabitethernet 3/1
|
Enters the interface configuration mode and specifies the Gigabit interface to configure.
•slot/port—Specifies the location of the interface.
Note This command configures the interface towards the IPv6 network.
|
Step 5
|
ipv6 address
{ipv6-address|prefix-lengt
h | prefix-name sub-bits
|prefix-length}
Example:
Router(config-if)# ipv6
address 1::2/64
|
Specifies the IPv6 address assigned to the interface, and enables IPv6 processing on the interface.
|
Step 6
|
exit
Example:
Router# (config-if)# exit
|
Exits interface configuration mode.
|
Step 7
|
interface gigabitethernet
slot/port
Example:
Router(config)# interface
gigabitethernet 4/1
|
Enters the interface configuration mode and specifies the Gigabit interface to configure.
•slot/port—Specifies the location of the interface.
Note This command configures the interface towards the IPv4 network.
|
Step 8
|
ip address ip-address
Example:
Router(config-if)#ip
address 10.1.1.1
255.255.255.0
|
Assigns an IP address and subnet mask to the interface.
|
Step 9
|
exit
Example:
Router(config-if)# exit
|
Exits interface configuration mode.
|
Step 10
|
interface loopback
interface-number
Example:
Router(config)# interface
Loopback 666
|
Enters interface configuration mode and names the new loopback interface.
Note This command configures a loopback interface for the tunnel source
|
Step 11
|
ip address ip-address
Example:
Router(config-if)#ip
address 66.66.66.66
255.255.255.255
|
Assigns an IP address and subnet mask to the loopback interface.
|
Step 12
|
exit
Example:
Router(config-if)# exit
|
Exits interface configuration mode.
|
Step 13
|
interface tunnel
tunnel-number
Example:
Router(config)# interface
tunnel 666
|
Specifies a tunnel interface and enters the interface configuration mode.
Note This command configures the IPv6 tunneling over IPv4 Transport.
|
Step 14
|
ipv6 enable
Example:
Router(config-if)# ipv6
enable
|
Enables IPv6 processing on an interface not configured with an explicit IPv6 address.
|
Step 15
|
ipv6 address
{ipv6-address/prefix-length |
prefix-name
sub-bits/prefix-length}
Example:
Router(config-if)# ipv6
address 3::1/120
|
Specifies the IPv6 address assigned to the interface, and enables IPv6 processing on the interface.
|
Step 16
|
tunnel source {ip-address
| interface-type
interface-number}
Example:
Router(config-if)# tunnel
source loopback 666
|
Specifies the source interface type and number for the tunnel interface.
|
Step 17
|
tunnel destination
{host-name | ip-address |
ipv6-address}
Example:
Router(config-if)# tunnel
destination 10.66.66.1
|
Specifies the destination address for a tunnel interface.
|
Step 18
|
tunnel mode gre ip
Example:
Router(config-if)# tunnel
mode gre ip
|
Sets the encapsulation mode for the tunnel interface to GRE.
|
Step 19
|
end
Example:
Router(config-if)# end
|
Ends the current configuration session.
|
Configuration Example
This example shows how to configure IPv6 traffic over IPv4-GRE tunnel:
Router# configure terminal
Router(config)# ipv6 unicast-routing
Router(config)# interface gigabitethernet 3/1
Router(config-if)# ipv6 address 1::2/64
Router(config)# interface gigabitethernet 4/1
Router(config-if)# ip address 10.1.1.1 255.255.255.0
Router(config)# interface Loopback 666
Router(config-if)# ip address 66.66.66.66 255.255.255.255
Router(config)# interface tunnel 666
Router(config-if)# ipv6 enable
Router(config-if)# ipv6 address 3::1/120
Router(config-if)# tunnel source loopback 666
Router(config-if)# tunnel destination 10.66.66.1
Router(config-if)# tunnel mode gre ip
Configure VRF Aware IPv6 over IPv4-GRE Tunnel
Complete the following steps to configure VRF Aware IPv6 over IPv4-GRE Tunnel:
Step 1 enable
Step 2 configure terminal
Step 3 ipv6 unicast-routing
Step 4 mls ipv6 vrf
Step 5 vrf definition vrf name 1
Step 6 rd {ASN:nn | IP address: nn}
Step 7 route-target [import | export | both] {ASN:nn | IP address: nn}
Step 8 address-family ipv6
Step 9 exit
Step 10 address-family ipv4
Step 11 exit
Step 12 exit
Step 13 vrf definition vrf name 2
Step 14 rd {ASN:nn | IP address: nn}
Step 15 route-target [import | export | both] {ASN:nn | IP address: nn}
Step 16 address-family ipv4
Step 17 exit
Step 18 exit
Step 19 interface gigabitethernet slot/port
Step 20 vrf forwarding vrf name 1
Step 21 ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length}
Step 22 exit
Step 23 interface gigabitethernet slot/port
Step 24 vrf forwarding vrf name 2
Step 25 ip address ip-address
Step 26 exit
Step 27 interface loopback interface-number
Step 28 vrf forwarding vrf name 2
Step 29 ip address ip-address
Step 30 exit
Step 31 interface tunnel tunnel-number
Step 32 vrf forwarding vrf name 1
Step 33 ipv6 address {ipv6-address/prefix-length | prefix-name sub-bits/prefix-length}
Step 34 tunnel source {ip-address | interface-type interface-number}
Step 35 tunnel destination {hostname | ip-address | ipv6-address}
Step 36 tunnel mode gre ip
Step 37 tunnel vrf vrf name 2
Step 38 end
DETAILED STEPS
| |
Command or Action
|
Purpose
|
Step 1
|
enable
Example:
Router# enable
|
Enables privileged EXEC mode. Enter your password if prompted.
|
Step 2
|
configure terminal
Example:
Router# configure terminal
|
Enters global configuration mode.
|
Step 3
|
ipv6 unicast-routing
Example:
Router(config)# ipv6
unicast-routing
|
Enables the forwarding of IPv6 unicast datagrams.
|
Step 4
|
mls ipv6 vrf
Example:
Router(config)# mls ipv6
vrf
|
Enables IPv6 globally in a VRF instance.
|
Step 5
|
vrf definition vrf name 1
Example:
Router(config)# vrf
definition VRF_RED
|
Configures a VRF instance and enters the VRF configuration mode.
|
Step 6
|
rd {ASN:nn | IP address:
nn}
Example:
Router(config-vrf)# rd 1:1
|
Specifies an RD.
•ASN:nn: Specifies an autonomous system number and an arbitrary number.
•IP address: nn: Specifies an IP address and an arbitrary number.
|
Step 7
|
route-target [import |
export | both]{ASN:nn | IP
address: nn}
Example:
Router(config-vrf)#route-t
arget export 1:1
Router(config-vrf)#route-t
arget import 1:1
|
Creates a route-target extended community for a VRF instance. Route target extended community attributes are used to identify a set of sites and VRF instances that can receive routes with a configured route target.
•import: Imports routing information from the target VPN extended community.
•export: Exports routing information to the target VPN extended community.
•both: Imports both import and export routing information to the target VPN extended community.
•ASN:nn: Specifies an autonomous system number and an arbitrary number.
•IP address: nn: Specifies an IP address and an arbitrary number.
|
Step 8
|
address-family ipv6
Example:
Router(config-vrf)#address
-family ipv6
|
Select san address family type for a VRF table and enters VRF address family configuration mode. This command configures the separate route-target policies for IPv6.
|
Step 9
|
exit
Example:
Router(config-vrf-af)#exit
|
Exits the address family configuration mode.
|
Step 10
|
address-family ipv4
Example:
Router(config-vrf)#address
-family ipv4
|
Selects an address family type for a VRF table and enters VRF address family configuration mode. This command configures the separate route-target policies for IPv4.
|
Step 11
|
exit
Example:
Router
(config-vrf-af)#exit
|
Exits the address family configuration mode.
|
Step 12
|
exit
Example:
Router(config-vrf)#exit
|
Exits the VRF configuration mode.
|
Step 13
|
vrf definition vrf name 2
Example:
Router(config)# vrf
definition VRF_GREEN
|
Configures a VRF instance and enters the VRF configuration mode.
|
Step 14
|
rd {ASN:nn | IP address:
nn}
Example:
Router(config-vrf)# rd 1:1
|
Specifies an RD.
•ASN:nn: Specifies an autonomous system number and an arbitrary number.
•IP address: nn: Specifies an IP address and an arbitrary number.
|
Step 15
|
route-target [import |
export | both]{ASN:nn | IP
address: nn}
Example:
Router(config-vrf)#route-t
arget export 1:1
Router(config-vrf)#route-t
arget import 1:1
|
Creates a route-target extended community for a VRF instance. Route target extended community attributes are used to identify a set of sites and VRF instances that can receive routes with a configured route target.
•import: Imports routing information from the target VPN extended community.
•export: Exports routing information to the target VPN extended community.
•both: Imports both import and export routing information to the target VPN extended community.
•ASN:nn: Specifies an autonomous system number and an arbitrary number.
•IP address: nn: Specifies an IP address and an arbitrary number.
|
Step 16
|
address-family ipv4
Example:
Router(config-vrf)#address
-family ipv4
|
Selects an address family type for a VRF table and enters VRF address family configuration mode. This command configures the separate route-target policies for IPv4.
|
Step 17
|
exit
Example:
Router
(config-vrf-af)#exit
|
Exits the address family configuration mode.
|
Step 18
|
exit
Example:
Router(config-vrf)#exit
|
Exits the VRF configuration mode.
|
Step 19
|
interface gigabitethernet
slot/port
Example:
Router(config)# interface
gigabitethernet 3/1
|
Enters the interface configuration mode and specifies the Gigabit interface to configure.
•slot/port—Specifies the location of the interface.
Note This command configures the interface towards the IPv6 network.
|
Step 20
|
vrf forwarding vrf name 1
Example:
Router(config-if)#vrf
forwarding VRF_RED
|
Associates a VRF instance with an interface or a subinterface.
|
Step 21
|
ipv6 address
{ipv6-address|prefix-lengt
h | prefix-name sub-bits
|prefix-length}
Example:
Router(config-if)# ipv6
address 1::2/64
|
Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.
|
Step 22
|
exit
Example:
Router# (config-if)# exit
|
Exits interface configuration mode.
|
Step 23
|
interface gigabitethernet
slot/port
Example:
Router(config)# interface
gigabitethernet 4/1
|
Enters the interface configuration mode and specifies the Gigabit interface to configure.
•slot/port—Specifies the location of the interface.
Note This command configures the interface towards the IPv4 network.
|
Step 24
|
vrf forwarding vrf name 2
Example:
Router(config-if)#vrf
forwarding VRF_GREEN
|
Associates a VRF instance with an interface or a subinterface.
|
Step 25
|
ip address ip-address
Example:
Router(config-if)#ip
address 10.1.1.1
255.255.255.0
|
Assigns an IP address and subnet mask to the interface.
|
Step 26
|
exit
Example:
Router(config-if)# exit
|
Exits interface configuration mode.
|
Step 27
|
interface loopback
interface-number
Example:
Router(config)# interface
Loopback 666
|
Enters interface configuration mode and names the new loopback interface.
Note This command configures a loopback interface for the tunnel source
|
Step 28
|
vrf forwarding vrf name 2
Example:
Router(config-if)#vrf
forwarding VRF_GREEN
|
Associates a VRF instance with an interface or a subinterface.
|
Step 29
|
ip address ip-address
Example:
Router(config-if)#ip
address 66.66.66.66
255.255.255.255
|
Assigns an IP address and subnet mask to the loopback interface.
|
Step 30
|
exit
Example:
Router(config-if)# exit
|
Exits interface configuration mode.
|
Step 31
|
interface tunnel
tunnel-number
Example:
Router(config)# interface
tunnel 666
|
Specifies a tunnel interface and enters the interface configuration mode.
Note This command configures the IPv6 tunneling over IPv4 Transport.
|
Step 32
|
vrf forwarding vrf name 1
Example:
Router(config-if)#vrf
forwarding VRF_RED
|
Associates a VRF instance with an interface or a subinterface.
Note This command specifies the VRF instance to which the tunnel belongs , that is, the VRF instance used for IPv6 overlay address lookup.
|
Step 33
|
ipv6 address
{ipv6-address|prefix-lengt
h | prefix-name sub-bits
|prefix-length}
Example:
Router(config-if)# ipv6
address 3::1/120
|
Specifies the IPv6 address assigned to the interface and enables IPv6 processing on the interface.
|
Step 34
|
tunnel source {ip-address
| interface-type
interface-number}
Example:
Router(config-if)# tunnel
source loopback 666
|
Specifies the source interface type and number for the tunnel interface.
|
Step 35
|
tunnel destination
{host-name | ip-address |
ipv6-address}
Example:
Router(config-if)# tunnel
destination 10.66.66.1
|
Specifies the destination address for a tunnel interface.
|
Step 36
|
tunnel mode gre ip
Example:
Router(config-if)# tunnel
mode gre ip
|
Sets the encapsulation mode for the tunnel interface to GRE.
|
Step 37
|
tunnel vrf vrf name 2
Example:
Router(config-if)# tunnel
vrf VRF_GREEN
|
Configures a VRF instance with a specific tunnel destination, interface or a subinterface.
Note This command specifies the VRF instance used for tunnel IPv4 transport address lookup, that is, the tunnel source and the tunnel destination.
|
Step 38
|
end
Example:
Router(config-if)# end
|
Ends the current configuration session.
|
Configuration Example
This example shows how to configure VRF Aware IPv6 over IPv4-GRE Tunnel:
Router# configure terminal
Router(config)# ipv6 unicast-routing
Router(config)# mls ipv6 vrf
Router(config)# vrf definition VRF_RED
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv6
Router(config-vrf-af)# exit
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# exit
Router(config)# vrf definition VRF_GREEN
Router(config-vrf)# rd 1:1
Router(config-vrf)# route-target export 1:1
Router(config-vrf)# route-target import 1:1
Router(config-vrf)# address-family ipv4
Router(config-vrf-af)# exit
Router(config)# interface gigabitethernet 3/1
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 1::2/64
Router(config)# interface gigabitethernet 4/1
Router(config-if)# vrf forwarding VRF_GREEN
Router(config-if)# ip address 10.1.1.1 255.255.255.0
Router(config)# interface Loopback 666
Router(config-if)# vrf forwarding VRF_GREEN
Router(config-if)# ip address 66.66.66.66 255.255.255.255
Router(config)# interface tunnel 666
Router(config-if)# vrf forwarding VRF_RED
Router(config-if)# ipv6 address 3::1/120
Router(config-if)# tunnel source loopback 666
Router(config-if)# tunnel destination 10.66.66.1
Router(config-if)# tunnel mode gre ip
Router(config-if)# tunnel vrf VRF_GREEN
Verifying the Configuration
Use these commands to verify the configuration of IPv6 over IPv4-GRE tunnel on the c7600:
Router# show platform npc ipv6ogre interface tunnel 666
Tunnel666 is up, line protocol is up
MTU 0 bytes, BW 10000000 Kbit/sec, DLY 0 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation TUNNEL, loopback not set
Tunnel source 66.66.66.66 (Loopback666), destination 66.66.66.65
Tunnel protocol/transport GRE/IP, key disabled, sequencing disabled
Checksumming of packets disabled, vip tunneling enabled
Last input never, output never, output hang never
Last clearing of "show interface" counters 00:08:54
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 collisions, 0 interface resets
0 output buffer failures, 0 output buffers swapped out
Router# show platform npc ipv6ogre egress-table 1026
IPV6OGRE egress table entry
eg_entry->phy_vlan = 1017
eg_entry->src_ip = 66.66.66.66
eg_entry->dst_ip = 66.66.66.65
eg_entry->smac = 0012.44dc.9000
eg_entry->dmac = 0018.7468.0000
eg_entry->eg_stats_id = 639626 0x0009C28A
value: 00 00 3f 93 68 74 18 00 12 00 00 00 00 90 dc 44 ..?.ht........\D
value: aa 45 00 08 42 42 42 42 41 42 42 42 00 09 c2 8a *E..BBBBABBB..B.
Router# show platform npc ipv6ogre tcam 1026
Dumping tcam for 1026 on NP 0
Source IP : 66.66.66.65 Mask : 00000000
Destination IP : 66.66.66.66 Mask : 00000000
g_vmr.value : 42 42 42 42 42 42 42 41 03 00 00 00 00 00 00 00 00 00 E8 80
g_vmr.mask : 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF 64 A0
g_vmr.result: 04 01 01 03 00 09 C2 87
Dumping tcam for 1026 on NP 1
Source IP : 66.66.66.65 Mask : 00000000
Destination IP : 66.66.66.66 Mask : 00000000
g_vmr.value : 42 42 42 42 42 42 42 41 03 00 00 00 00 00 00 00 00 00 E8 80
g_vmr.mask : 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF 64 A0
g_vmr.result: 04 01 01 03 00 09 C2 8B
Router# show platform npc ipv6ogre xlif 1026
Feature common enable: 0x1
Control common bits: 0x00
Control feature bits: 0x00
Control rewrite opcode: 0x00
Feature data 0 0x40C40010
Multicast enable: 0x00000001
Post Filter Opcode 0x00000004
Pre Filter Opcode 0x00000000
Post Filter Vlan high 0x00000414
Post Filter Vlan low 0x00000242
Post Filter Vlan outer 0x00000242
Feature common enable: 0x1
Control common bits: 0x00
Control feature bits: 0x00
Control rewrite opcode: 0x00
Feature data 0 0x00C40010
Multicast enable: 0x00000000
Post Filter Opcode 0x00000008
Pre Filter Opcode 0x00000000
Post Filter Vlan high 0x00000000
Post Filter Vlan low 0x00000100
Post Filter Vlan outer 0x00000000
Troubleshooting Tips
For troubleshooting information, contact Cisco Technical Assistance Center (TAC) at:
http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html
IPv6 Policy Based Routing
IPv6 policy-based routing (PBR) provides a flexible mechanism to route packets and define policy for the traffic flows. It extends and complements the existing mechanisms provided by routing protocols. PBR also provides a basic packet-marking capability.
PBR performs the following tasks:
•Classifies traffic based on extended access list criteria. It provides access to lists and then establishes the match criteria.
•Sets IPv6 precedence bits and enables the network to differentiate classes of service.
•Routes packets to specific traffic-engineered paths. You can route the packets to allow a specific quality of service (QoS) through the network.
The Cisco 7600 Series Router implements this feature using the Earl7 forwarding engines capability to classify traffic through an Access Control List (ACL) Ternary Content Addressable Memory (TCAM) lookup. The ACL TCAM lookup classifies traffic based on the combination of a variety of Layer 3 and Layer 4 traffic parameters. Once classified, the ACL TCAM drives results for matching flows. The Feature Manager (FM) component converts the route map policy configured on an interface into a series of values, masks and results (VMRs) and programs these in the ACL TCAM.
Policy Based Routing
All packets received on a PBR-enabled interface are passed through enhanced packet filters known as route maps. Route maps are composed of statements that are marked as permit or deny, and they are interpreted in these ways:
•If a packet matches all match statements for a route map that is marked as permit, the router subjects the packet to PBR using the set statements.
•If the packet matches any match statements for a route map that is marked as deny, the router does not subject the packet to PBR and forwards it normally.
•If the statement is marked as permit and the packets do not match any route map statements, the router sends the packets back through the normal forwarding channels and performs destination-based routing.
Packet Matching
The IPv6 PBR match criterion for a sequence is specified through a combination of IPv6 access-lists and packet length operations. Match statements are evaluated first by the criteria specified in the match ipv6 address command and then by criteria specified in the match length command. Therefore, if both an ACL and a length statement are used, a packet is first subjected to an ACL match. Only packets that pass the ACL match are subjected to the length match. Finally, only packets that pass both the ACL and the length statement are policy routed.
Packet Forwarding Using Set Statements
PBR for IPv6 packet forwarding is controlled using a number of set statements in the PBR route map. Listed below are the forwarding actions in order of decreasing priority, and the manner in which these options are reflected in the result from the VMRs programmed in the ACL TCAM. When more than one kind of packet forwarding action is specified in a sequence, the one with the highest priority is chosen.
Table 13-4 Packet Forwarding Set Statements
Set Statement
|
Notes
|
set vrf vrf name
|
Specifies the VPN Routing and Forwarding (VRF) instance to which the packet should be sent, based on packet attributes. By default the VRF that a packet is forwarded on is the same as the VRF that receives the packet.
|
set ipv6 next-hop next-hop ipv6 address
|
Specifies the next hop for the packet. The next hop must be present in the Routing Information Base (RIB); it must be directly connected, and it must be a global IPv6 address. If the next hop is invalid, the set statement is ignored.
|
set interface next-hop interface
|
Specifies the next hop interface for the packet. A packet is forwarded out of a specified interface. An entry for the packet destination address must exist in the IPv6 RIB, and the specified output interface must be in the path set. If the interface is invalid, the set statement is ignored.
|
set ipv6 default next-hop default next-hop ipv6 address
|
Specifies the connected next hop for the packet if the usual forwarding method fails to produce the default result. It must be a global IPv6 address. This set statement is used only when there is no explicit entry for the packet destination in the IPv6 RIB.
|
set default interface default next-hop interface
|
Specifies the default next-hop interface, from which the matching packets are forwarded if the usual forwarding method fails to produce a result. This set statement is used only when there is no explicit entry for the packet destination in the IPv6 RIB.
|
Restrictions for IPv6 PBR
Following restrictions apply to the IPv6 PBR:
•Match length is not supported in the hardware, and the PBR is applied to the software.
•Packet marking actions are not supported in the hardware, and packets requiring marking due to PBR are punted to the software.
•Set interface is supported in the hardware only for the serial interface. Other interfaces are supported on the software.
•Packets containing an IPv6 hop-by-hop header need to be examined by the router and are punted to the software. Such packets are subjected to PBR in the software.
•PBR policies using access-lists matching on IPv6 flow label, DSCP value and extension headers such as, routing, mobility, destination headers cannot be fully classified in the hardware, and are punted to the software after partial classification.
•It is not possible to completely classify traffic in hardware, when access-lists matching on non compressible addresses are used. In such cases, the PBR is applied to the software.
•On Tycho based systems, fragment packets that require matching on layer 4 protocol are punted to the software .
•IPv6 PBR on SVI interfaces is applied to the software, and hardware provides only partial classification.
•IPv6 PBR when applied to hardware will also be applied on packets destined to a router address.
•A set next-hop action where the next-hop is at the other end of a tunnel is not supported in the hardware.
•For set interface and set default interface, the interface should be a point-to-point one.
•PBR is not applied to multicast traffic and the traffic destined to link local addresses.
•When there is no traffic flow, the TCAM entry does not change from punt to policy-route.
Configuring IPv6 PBR
To configure, verify and troubleshoot the IPv6 PBR, see: : Configuring IPv6 PBR.
Feedback
