Release Notes for Cisco CRS-1 Series Router for Cisco IOS XR Software Release 3.9.3 [Cisco IOS XR Software (End-of-Sale)]

Table Of Contents

Release Notes for Cisco CRS-1 for Cisco IOS XR Software Release 3.9.3

Key Changes from Previous Releases in Cisco IOS XR Release 3.9.3

Contents

Introduction

System Requirements

Feature Set Table

Memory Requirements

Hardware Supported

Software Compatibility

Other Firmware Support

Determining Your Software Version

New Features in Cisco IOS XR Software Release 3.9.3

New Software Features Supported on all Platforms

Cisco CRS-1 Series Router Specific Software Features

IPv4/IPv6 Stateless Translator (XLAT)

NAT44 Sample Configuration

NAT64 Stateless Sample Configuration

6RD (IPv6 Rapid Deployment)

XLAT and 6rd Commands

address (CGN NetflowV9 logging)

address (CGN static-forward)

address-family ipv4 (CGN)

address-family ipv6 (CGN)

alg ActiveFTP (CGN)

alg rtsp

br (6rd)

df-override (CGN)

external-logging (CGN)

hw-module service cgn location (CGN)

inside-vrf (CGN)

interface ServiceApp (CGN)

interface ServiceInfra (CGN)

ipv4 prefix (6rd)

ipv4 suffix (6rd)

ipv6-prefix (6rd)

map (CGN)

mss (CGN)

path-mtu (CGN)

path-mtu (6rd)

portlimit (CGN)

protocol (CGN-INVRF)

protocol (CGN-NAT44)

protocol icmp reset-mtu (CGN)

reassembly-enable (6rd)

refresh-direction (CGN)

refresh-rate (CGN)

reset-df-bit (6rd)

server (CGN)

service cgn (CGN)

service-location (CGN)

service-type nat44 (CGN)

service-type nat64 (CGN)

service-type tunnel (CGN)

session (CGN)

source-address (6rd)

static-forward inside (CGN)

tcp mss (CGN)

timeout (CGN)

timeout (CGN logging)

tos (CGN)

traceroute (CGN)

traffic-class (CGN)

ttl (6rd)

ubit-reserved (CGN)

unicast address (6rd)

vrf (cgn)

Clear Commands

clear cgn

clear cgn nat44 inside-vrf

clear cgn nat44 ipaddress

clear cgn nat44 port

clear cgn nat44 protocol

clear cgn nat44 statistics

Show Commands

show cgn nat44 inside-translation

show cgn nat44 outside-translation

show cgn nat44 pool-utilization

show cgn nat44 statistics

show cgn tunnel v6rd statistics

New Hardware Features for the Cisco CRS-1 Series Router

New Features in Cisco IOS XR Software Release 3.9.2

New Software Features Supported on all Platforms

Cisco CRS-1 Router Specific Software Features

ATM UNI (L3VPN)

ACL-Chaining (Multi-ACL)

QoS Granularity

CRS 6PE-Pr-VRF-CE-Label

8 + x delivery

8 port 10GE XFP Support

Heartbeat Loss Debug Enhancement

New Hardware Features for the Cisco CRS-1 Router

ACL-Chaining (Multi-ACL) Commands

ipv4 access-group

ipv6 access-group

QoS Granularity Commands

hw-module qos input police granularity

show hw-module qos input police granularity

hw-module qos output police granularity

show hw-module qos output police granularity

hw-module qos output shape granularity

show hw-module qos output shape granularity

6PE per VRF Commands

label-allocation-mode

8 port 10GE XFP Support Commands

controller wanphy

Important Notes

Minimum Flash Disk Requirements When Upgrading to Release 3.9.3

Caveats

Resolved Release 3.9.3 Cisco IOS XR PSIRT-Related Caveats

Open Release 3.9.3 Cisco IOS XR Caveats

Open Release 3.9.3 Caveats Specific to the Cisco CRS-1 Router

Upgrading Cisco IOS XR Software

Troubleshooting

Related Documentation

Obtaining Documentation and Submitting a Service Request

Release Notes for Cisco CRS-1 for Cisco IOS XR Software Release 3.9.3

April 15, 2013

Cisco IOS XR Software Release 3.9.3

Text Part Number OL-24252-01

These release notes describe the features provided in the Cisco IOS XR Software Release 3.9.3 for the Cisco CRS-1 Router and are updated as needed.

Note For information on the Cisco CRS-1 Router running Cisco IOS XR Software Release 3.9.3, see the "Important Notes" section.

You can find the most current Cisco IOS XR software documentation at

http://www.cisco.com/en/US/products/ps5763/tsd_products_support_series_home.html

These electronic documents may contain updates and modifications. For more information on obtaining Cisco documentation, see the "Obtaining Documentation and Submitting a Service Request".

For a list of software caveats that apply to Cisco IOS XR Software Release 3.9.3, see the "Caveats" section . The caveats are updated for every release and are described at www.cisco.com.

We recommend that you view the field notices for this release located at the following URL to see if your software or hardware platforms are affected:

http://www.cisco.com/public/support/tac/fn_index.html

Key Changes from Previous Releases in Cisco IOS XR Release 3.9.3

Cisco IOS XR Software Release 3.9.3 requires a 2-GB Flash Disk as a minimum. Therefore, you must upgrade an existing PCMCIA 1-GB Flash Disk to 2 GB or 4 GB before upgrading to Cisco IOS XR Software Release 3.9.3. For more information, see the "Minimum Flash Disk Requirements When Upgrading to Release 3.9.3" section.

Contents

These release notes contain the following sections:

•Introduction

•System Requirements

•Determining Your Software Version

•New Features in Cisco IOS XR Software Release 3.9.3

•Important Notes

•Minimum Flash Disk Requirements When Upgrading to Release 3.9.3

•Caveats

•Upgrading Cisco IOS XR Software

•Troubleshooting

•Related Documentation

•Obtaining Documentation and Submitting a Service Request, page 51

Introduction

Cisco IOS XR software is a distributed operating system designed for continuous system operation combined with service flexibility and high performance.

Cisco IOS XR software running on the Cisco CRS-1 Router provides the following features and benefits:

•IP and Routing—Supports a wide range of IPv4 and IPv6 services and routing protocols; such as Border Gateway Protocol (BGP), Routing Information Protocol (RIPv2), Intermediate System-to-Intermediate System (IS-IS), Open Shortest Path First (OSPF), IP Multicast, Routing Policy Language (RPL), Hot Standby Router Protocol (HSRP), and Virtual Router Redundancy Protocol features (VRRP).

•BGP Prefix Independent Convergence—Provides the ability to converge BGP routes within sub seconds instead of multiple seconds. The Forwarding Information Base (FIB) is updated, independent of a prefix, to converge multiple 100K BGP routes with the occurrence of a single failure. This convergence is applicable to both core and edge failures and with or with out MPLS. This fast convergence innovation is unique to Cisco IOS XR software.

•Multiprotocol Label Switching (MPLS)—Supports MPLS protocols, including Traffic Engineering (TE), Resource Reservation Protocol (RSVP), Label Distribution Protocol (LDP), Virtual Private LAN Service (VPLS), Layer 2 Virtual Private Network (L2VPN), and Layer 3 Virtual Private Network (L3VPN).

•Multicast—Provides comprehensive IP Multicast software including Source Specific Multicast (SSM) and Protocol Independent Multicast (PIM) in Sparse Mode only, and Bidirectional Protocol Independent Multicast (BIDIR-PIM).

•Quality of Service (QoS)—Supports QoS mechanisms including policing, marking, queuing, random and hard traffic dropping, and shaping. Additionally, Cisco IOS XR software also supports modular QoS command-line interface (MQC). MQC is used to configure QoS features.

•Manageability—Provides industry-standard management interfaces including modular command-line interface (CLI), Simple Network Management Protocol (SNMP), and native Extensible Markup Language (XML) interfaces. Includes a comprehensive set of Syslog messages.

•Security—Provides comprehensive network security features including access control lists (ACLs); routing authentications; Authentication, Authorization, and Accounting (AAA)/Terminal Access Controller Access Control System (TACACS+); Secure Shell (SSH); Management Plane Protection (MPP) for management plane security; and Simple Network Management Protocol version3 (SNMPv3). Control plane protections integrated into line card Application-Specific Integrated Circuits (ASICs) include Generalized TTL Security Mechanism (GTSM), RFC 3682, and Dynamic Control Plane Protection (DCPP).

•Craft Works Interface (CWI)—CWI is a client-side application used to configure and manage Cisco routers. Management and configuration features include fault, configuration, security, and inventory, with an emphasis on speed and efficiency. The CWI provides a context-sensitive graphical representation of the objects in a Cisco router, simplifying the process of configuring and managing the router. The CWI allows you to log in to multiple routers and perform management tasks.

•Availability—Supports rich availability features such as fault containment, fault tolerance, fast switchover, link aggregation, nonstop routing for ISIS, LDP, BGP, and OSPF, and nonstop forwarding (NSF).

•Multicast service delivery in SP NGN—MVPNv4 support carries multicast traffic over an ISP MPLS core network.

•IPv6 Provider Edge Router support for IPv6 applications—Delivers IPv6 traffic over an IPv4/MPLS core with IPv6 provider edge router (6PE) support.

•IPv6 VPN over MPLS (6VPE) support—Delivers IPv6 VPN over MPLS (IPv6) VPN traffic over an IPv4 or MPLS core with 6VPE support.

•Enhanced core competencies:

–IP fast convergence with Fast Reroute (FRR) support for Intermediate System-to-Intermediate System (IS-IS) and OSPF

–Traffic engineering support for unequal load balancing

–Path Computation Element (PCE) capability for traffic engineering

For more information about new features provided on the Cisco CRS-1 Router for Cisco IOS XR Software Release 3.9.3, see the "New Features in Cisco IOS XR Software Release 3.9.3" section in this document.

System Requirements

This section describes the system requirements for Cisco IOS XR Software Release 3.9.3 supported on the Cisco CRS-1 Router. The system requirements include the following information:

•Feature Set Table

•Memory Requirements

•Hardware Supported

•Software Compatibility

•Other Firmware Support

To determine the software versions or levels of your current system, see the "Determining Your Software Version" section.

Feature Set Table

Cisco IOS XR software is packaged in feature sets (also called software images). Each feature set contains a specific set of Cisco IOS XR Software Release 3.9.3 features.

Table 1 lists the Cisco IOS XR software feature set matrix (PIE files) and associated filenames available for the Cisco IOS XR Software Release 3.9.3 supported on the Cisco CRS-1 Router.

Table 1 Cisco CRS-1 Supported Feature Sets
(Cisco IOS XR Software Release 3.9.3 PIE Files)

Feature Set

Filename

Description

Composite Package

Cisco IOS XR IP Unicast Routing Core Bundle

comp-hfr-mini.pie-3.9.3

Contains the required core packages, including OS, Admin, Base, Forwarding, Modular Services Card, Routing, SNMP Agent, and Alarm Correlation.

Cisco IOS XR IP Unicast Routing Core Bundle

comp-hfr-mini.vm-3.9.3

Contains the required core packages including OS, Admin, Base, Forwarding, Modular Services Card, Routing, SNMP Agent, and Alarm Correlation.

Optional Individual Packages¹

Cisco IOS XR Manageability Package

hfr-mgbl-p.pie-3.9.3

CORBA² agent, XML³ Parser, and HTTP server packages.

Cisco IOS XR MPLS Package

hfr-mpls-p.pie-3.9.3

MPLS-TE,⁴ LDP,⁵ MPLS Forwarding, MPLS OAM,⁶ LMP,⁷ OUNI,⁸ RSVP,⁹ and Layer-2 VPN and Layer-3 VPN.

Cisco IOS XR Multicast Package

hfr-mcast-p.pie-3.9.3

Multicast Routing Protocols (PIM, MSDP,¹⁰ IGMP,¹¹ Auto-RP), Tools (SAP, MTrace), and Infrastructure (MRIB,¹² MURIB¹³, MFWD¹⁴), and BIDIR-PIM.¹⁵

Cisco IOS XR Security Package

hfr-k9sec-p.pie-3.9.3

Support for Encryption, Decryption, IPSec,¹⁶SSH,¹⁷ SSL,¹⁸and PKI¹⁹ (Software based IPSec support—maximum of 500 tunnels)

Cisco IOS XR FPD Package

hfr-fpd.pie-3.9.3

Firmware for Fixed PLIM²⁰ and SPA²¹ modules as well as ROMMON²² images for Cisco CRS-1 chassis.

Cisco IOS XR Diagnostic Package

hfr-diags.pie-3.9.3

Diagnostic utilities for Cisco IOS XR routers.

Cisco IOS XR Documentation Package

hfr-doc.pie-3.9.3

.man pages for Cisco IOS XR software on the Cisco CRS-1 chassis.

Cisco IOS XR Carrier Grade NAT Package

hfr-cgn-p.pie-3.9.3

Support for Carrier Grade NAT on Cisco CRS-1 routers.

¹Packages are installed individually

²Common Object Request Broker Architecture

³Extensible Markup Language

⁴MPLS Traffic Engineering

⁵Label Distribution Protocol

⁶Operations, Administration, and Maintenance

⁷Link Manager Protocol

⁸Optical User Network Interface

⁹Resource Reservation Protocol

¹⁰Multicast Source Discovery Protocol

¹¹Internet Group Management Protocol

¹²Multicast Routing Information Base

¹³Multicast-Unicast RIB

¹⁴Multicast forwarding

¹⁵Bidirectional Protocol Independent Multicast

¹⁶IP Security

¹⁷Secure Shell

¹⁸Secure Socket Layer

¹⁹Public-key infrastructure

²⁰Physical layer interface module

²¹Shared port adapters

²²ROM monitor

Table 2 lists the Cisco CRS-1 Router TAR files.

Table 2 Cisco CRS-1 Supported Feature Sets
(Cisco IOS XR Software Release 3.9.3 TAR Files)

Feature Set

Filename

Description

Cisco IOS XR IP/MPLS Core Software

CRS-1-iosxr-3.9.3.tar

•Cisco IOS XR IP Unicast Routing Core Bundle

•Cisco IOS XR Manageability Package

•Cisco IOS XR MPLS Package

•Cisco IOS XR Multicast Package

•Cisco IOS XR Diagnostic Package

•Cisco IOS XR FPD Package

Cisco IOS XR IP/MPLS Core Software 3DES

CRS-1-iosxr-k9-3.9.3.tar

•Cisco IOS XR IP Unicast Routing Core Bundle

•Cisco IOS XR Manageability Package

•Cisco IOS XR MPLS Package

•Cisco IOS XR Multicast Package

•Cisco IOS XR Security Package

•Cisco IOS XR Diagnostic Package

•Cisco IOS XR FPD Package

Memory Requirements

Caution If you remove the media in which the software image or configuration is stored, the router may become unstable and fail.

The minimum memory requirements for a Cisco CRS-1 running Cisco IOS XR Software Release 3.9.3 consist of the following:

•4-GB memory on the route processors (RPs)

•2-GB memory on each Modular Services Card (MSC)

•2-GB PCMCIA Flash Disk

Note Cisco IOS XR Software Release 3.9.3 requires a 2-GB Flash Disk as a minimum. Therefore, you must upgrade an existing PCMCIA 1-GB Flash Disk to 2 GB or 4 GB before upgrading to Cisco IOS XR Software Release 3.9.2. For more information, see the "Minimum Flash Disk Requirements When Upgrading to Release 3.9.3" section.

Hardware Supported

All hardware features are supported on Cisco IOS XR software, subject to the memory requirements specified in the "Memory Requirements" section.

Table 3 lists the supported hardware components on the Cisco CRS-1 and the minimum required software versions. For more information, see the "Other Firmware Support" section.

Table 3 Cisco CRS-1 Supported Hardware and Minimum Software Requirements

Component

Part Number

Support from Version

Cisco CRS-1 Series 16-Slot Line Card Chassis

Cisco CRS-1 16-Slot Line Card Chassis

CRS-16-LCC

3.2

Cisco CRS-1 Fan Tray for 16-Slot LCC

CRS-16-LCC-FAN-TR

3.2

Cisco CRS-1 Fan Controller for 16-Slot Line Card Chassis

CRS-16-LCC-FAN-CT

3.2

Cisco CRS-1 16-Slot Alarm Board

CRS-16-ALARM

3.2

Cisco CRS-1 AC Delta Power Shelf for 16-Slot LCC

CRS-16-LCC-PS-ACD

3.2

Cisco CRS-1 AC Wye Power Shelf for 16-Slot LCC

CRS-16-LCC-PS-ACW

3.2

Cisco CRS-1 DC Power Shelf for 16-Slot LCC

CRS-1-LCC-PS-DC

3.2

Cisco CRS-1 LCC Front AC Power Panel

CRS-16-ACGRILLE

3.2

Cisco CRS-1 LCC Front DC Power Panel

CRS-16-DCGRILLE

3.2

Cisco CRS-1 Line Card Chassis Front Doors

CRS-16-LCC-DRS-F

3.2

Cisco CRS-1 Line Card Chassis Front Cable Mgmt

CRS-16-LCC-FRNT

3.2

Cisco CRS-1 LCC Expanded Front Cable Mgmt

CRS-16-LCC-FRNT-E

3.2

Cisco CRS-1 Line Card Chassis Rear Cable Mgmt

CRS-16-LCC-BCK-CM

3.2

Cisco CRS-1 Line Card Chassis Rear Doors

CRS-16-LCC-DRS-R

3.2

Cisco CRS-1 Lift for LCC 16 and FCC

CRS-16-LIFT/B

3.2

Cisco CRS-1 DC PEM for 16 slot LCC and FCC

CRS-16-DC-PEM

3.2

Cisco CRS-1 16 Slot System Reduced-Noise DC PEM

CRS-16-DC-PEM-B

3.8

Cisco CRS-1 16 Slot System Reduced-Noise Fan Tray

CRS-16-LCC-FNTR-B

3.8

Cisco CRS-1 Series 8-Slot Line Card Chassis

Cisco CRS-1 8-Slot Install Kit

CRS-8-INSTALL-KT

N/A

Cisco CRS-1 8-Slot Fork Lift Tube

CRS-8-LIFT-TUBE

N/A

Cisco CRS-1 8-Slot Front Badge Panel

CRS-8-BDG-PANEL

N/A

Cisco CRS-1 8-Slot Front Inlet Grill

CRS-8-FRNT-GRILL

N/A

Cisco CRS-1 8-Slot Horizontal Install Rails

CRS-8-HRZ-RAILS

N/A

Cisco CRS-1 8-Slot Line Card Chassis

CRS-8-LCC

3.2

Cisco CRS-1 Fan Tray for 8-Slot Line Card Chassis

CRS-8-LCC-FAN-TR

3.2

Cisco CRS-1 Line Card Chassis Filter Pack

CRS-8-LCC-FILTER

3.2

Cisco CRS-1 AC Pwr Rectifier for 8-Slot LCC

CRS-8-AC-RECT

3.2

Cisco CRS-1 DC Power Entry Module for 8-Slot LCC

CRS-8-DC-PEM

3.2

Cisco CRS-1 AC & DC Power Module Filter for 8-Slot LCC

CRS-8-PWR-FILTER

3.2

Cisco CRS-1 AC Delta PDU for CRS-8 LCC

CRS-8-LCC-PDU-ACD

3.2

Cisco CRS-1 AC Wye PDU for CRS-8 LCC

CRS-8-LCC-PDU-ACW

3.2

Cisco CRS-1 DC PDU for CRS-8 LCC

CRS-8-LCC-PDU-DC

3.2

Cisco CRS-1 Series 4-Slot Line Card Chassis

Cisco CRS-1 4-Slot Single-Shelf System

CRS-4/S

3.4

Cisco CRS-1 Fabric Chassis Hardware

CRS-FCC= Cisco CRS-1 Series Fabric Card Chassis Only

CRS-FCC=

3.2

CRS-1 Fabric Chassis AC Delta Power Kit

CRS-FCC-ACD-KIT

3.2

CRS-1 Fabric Chassis AC Grille

CRS-FCC-ACGRILLE

3.2

CRS-1 Fabric Chassis AC-Wye Power Kit

CRS-FCC-ACW-KIT

3.2

CRS Fabric Chassis DC Power Kit

CRS-FCC-DC-KIT

3.2

CRS-1 Fabric Chassis DC Power Grille

CRS-FCC-DCGRILLE

3.2

CRS Fabric Chassis Lift Bracket

CRS-FCC-LIFT-BRKT

3.2

CRS Fabric Chassis OIM Modules

CRS-FCC-OIM-1S=

3.2

Cisco CRS-1 Series FC Chassis Shelf/Fan/Enet cntr

CRS-FCC-SC-GE=

3.2

CRS-1 Fabric Chassis AC Intake Grille

CRS-FCC-ACGRILLE=

3.2

CRS-1 Fabric Chassis DC Intake Grille

CRS-FCC-DCGRILLE=

3.2

Cisco CRS-1 Series Fan Tray for FCC

CRS-FCC-FAN-TR=

3.2

CRS-1 Fabric Card Chassis Fan Tray Filters

CRS-FCC-FILTER=

3.2

CRS-1 Fabric Chassis Front Cosmetic Kit

CRS-FCC-FRNT-CM=

3.2

Cisco CRS-1 Series Fabric Card Chassis Fiber Module LED

CRS-FCC-LED=

3.2

Cisco CRS-1 Series DC Power Shelf for FCC

CRS-FCC-PS-DC=

3.2

CRS-1 Fabric Chassis Rear Cosmetic Kit

CRS-FCC-REAR-CM=

3.2

CRS-LIFT Brackets for Fabric Chassis

CRS-FCC-LIFT-BRKT=

3.2

CRS Fabric Chassis OIM Module

CRS-FCC-OIM-1S

3.2

CRS-1 Fabric Chassis AC Delta Power Supply

CRS-FCC-PS-ACD

3.2

CRS-1 Fabric Chassis AC Wye Option

CRS-FCC-PS-ACW

3.2

CRS-1 Fabric Chassis DC Power Option

CRS-FCC-PS-DC

3.2

Cisco CRS-1 Series Fabric Card Chassis Switch Fabric Card

CRS-FCC-SFC=

3.2

CRS-1 Fabric Chassis Integrated Switch Controller Card

CRS-FCC-SC-22GE Integrated Switch

3.4.1

Cisco CRS-1 General Chassis Hardware

Cisco CRS-1 PCMCIA Flash Disk 1 GB

CRS-FLASH-DISK-1G

3.2

Cisco CRS-1 PCM CIA Flash Disk 2 GB

CRS-FLASH-DISK-2G

3.7

Cisco CRS-1 PCMCIA Flash Disk 4 GB

CRS-FLASH-DISK-4G

3.8

Cisco CRS-1 Modular Services Card

CRS-MSC

3.2

Cisco CRS-1 Modular Service Card B

CRS-MSC-B

3.6

Cisco CRS-1 Series Forwarding Processor 40G

CRS-FP40

3.8.1

Cisco CRS-1 SFPs

Cisco CRS-1 2.5 G SFP LR Optic

POM-OC48-LR2-LC-C

3.2

Cisco CRS-1 2.5 G SFP SR Optic

POM-OC48-SR-LC-C

3.2

Cisco CRS-1 Fabric Cards

Cisco CRS-1 8-Slot Fabric Card/Single

CRS-8-FC/S

3.2

Cisco CRS-1 8-Slot Fabric Card Blank

CRS-8-FC-BLANK

3.2

Cisco CRS-1 8-Slot Fabric Handle

CRS-8-FC-HANDLE

3.2

Cisco CRS-1 16-Slot Fabric Card/Single

CRS-16-FC/S

3.2

Cisco CRS-1 Interface and Router Processor Cards

Cisco CRS-1 8-Slot Route Processor

CRS-8-RP

3.2

Cisco CRS-1 8-Slot Route Processor Blank

CRS-8-RP-BLANK

3.2

Cisco CRS-1 8-Slot Route Processor Handle

CRS-8-RP-HANDLE

3.2

Cisco Carrier 1 Series SPA Interface Processor 40G

CRS1-SIP-800

3.2

Cisco CRS-1 16-Slot Route Processor

CRS-16-RP

3.2

Cisco CRS-1 Distributed Route Processor

CRS-DRP

3.3

Cisco CRS-1 Distributed Route Processor CPU Module

CRS-DRP-B-CPU

3.4.1

Cisco CRS-1 Distributed Route Processor PLIM Module

CRS-DRP-B-PLIM

3.4.1

Cisco CRS-1 16-slot Route Processor, revision B

CRS-16-RP-B

3.3

Cisco CRS-1 SONET Interface Modules and SPAs

Cisco CRS-1 4xOC-192/STM64 POS/DPT Interface Module/VS

4OC192-POS/DPT-VS

3.2

Cisco CRS-1 4xOC-192/STM64 POS/DPT Interface Module/SR

4OC192-POS/DPT-SR

3.2

Cisco CRS-1 4xOC-192/STM64 POS/DPT Interface Module/IR

4OC192-POS/DPT-IR

3.2

Cisco CRS-1 4xOC-192/STM64 POS/DPT Interface Module/LR

4OC192-POS/DPT-LR

3.2

Cisco CRS-1 16xOC-48/STM16 POS/DPT Interface Module

16OC48-POS/DPT

3.2

Cisco CRS-1 1xOC-768/STM256 POS Interface Module/SR

1OC768-POS-SR

3.2

Cisco CRS-1 8-Port OC-12 Shared Port Adapter

SPA-8XOC12-POS

3.3

Cisco CRS-1 2-Port OC-48c/STM-16c POS/RPR Shared Port Adapter

SPA-2XOC48-POS/RPR

3.4

Cisco CRS-1 4-Port OC-48c/STM-16c POS/RPR Shared Port Adapter

SPA-4XOC48-POS/RPR

3.4

Cisco CRS-1 1-Port OC-192c/STM-64c POS/RPR Shared Port Adapter with XFP Optics

SPA-OC192POS-XFP

3.2

Cisco CRS-1 4-Port OC-3 Shared Port Adapter

SPA-4XOC3-POS

3.2

Cisco CRS-1 4-Port T3/E3 Serial Shared Port Adapter

SPA-4XT3/E3

3.4.1

Cisco CRS-1 1-Port OC-192/STM-64 POS/RPR SPA VSR Optics

SPA-OC192POS-VSR

3.4.1

ITU grid 40G PLIM

1OC768-ITU/C

3.3

3-Port Clear Channel OC-3 ATM SPA

SPA-3XOC3-ATM-V2

3.7

1-Port Clear Channel OC-12 ATM SPA

SPA-1XOC12-ATM-V2

3.7

Cisco CRS-1 Ethernet Interface Modules and SPAS

Cisco CRS-1 8x10 GbE Interface Module/LR

8-10GBE

3.2

10GBASE-LR XENPAK Module for Cisco CRS-1

CRS-XENPAK10GB-LR

3.2

10GBASE-LR XENPAK Module for Cisco CRS-1

XENPAK-10GB-LR+

3.4

Cisco 5-Port Gigabit Ethernet Shared Port Adapter, Version 2

SPA-5X1GE-V2

3.4

Cisco 8-Port Gigabit Ethernet Shared Port Adapter, Version 2

SPA-8X1GE-V2

3.4

Cisco 8-Port Gigabit Ethernet Shared Port Adapter

SPA-8X1GE

3.2

Cisco 10-Port Gigabit Ethernet Shared Port Adapter, Version 2

SPA-10X1GE-V2

3.4

Cisco 1-Port Ten Gigabit Ethernet Shared Port Adapter, Version 2

SPA-1X10GE-L-V2

3.4

10GBASE-DWDM XENPAK

CRS 1 CRS-XENPAK10GB-DWDM

3.2.2

ITU grid 4X10G PLIM

4-10GE-ITU/C

3.3

Cisco CRS-1 1-Port OC-768/STM-256c (C-band) DPSK DWDM PLIM

1OC768-DPSK/C

3.6

10GBASE-ER XENPAK Modular for Cisco CRS-1

XENPAK-10GB-ER+

3.4

1-port 10GbE SPA WAN/LAN PHY

SPA-1X10GE-WL-V2

3.5.2

Cisco CRS-1 Series 4x10GE Interface Module

4-10GE

3.8.1

Cisco CRS-1 Series 42x1GE Interface Module

42-1GE

3.8.1

Cisco CRS-1 Series 8-Port Ten Gigabit Ethernet Interface Module

8-10GBE-WL-XFP

3.9.1

Cisco CRS-1 Series 4-Port Ten Gigabit Ethernet Interface Module

4-10GBE-WL-XFP

3.9.1

Cisco CRS-1 Series 20x1GE Flexible Interface Module

20-1GE-FLEX

3.8.1

Cisco CRS-1 Series 2x10GE WAN/LAN Flexible Interface Module

2-10GE-WL-FLEX

3.8.1

Cisco CRS-1 Carrier Grade Service Engine Interface Modules

Cisco CRS-1 Series Carrier Grade Service Engine PLIM

CRS-CGSE-PLIM

3.9.1

Software Compatibility

Cisco IOS XR Software Release 3.9.3 is compatible with the following Cisco CRS-1 systems:

•Cisco CRS-1 4-Slot Line Card Chassis

•Cisco CRS-1 8-Slot Line Card Chassis

•Cisco CRS-1 16-Slot Line Card Chassis

•Cisco CRS-1 Multishelf

Other Firmware Support

The Cisco CRS-1 supports the following firmware code:

•The minimum ROMMON version required for this release is 1.54. For more information about ROMMON specifications, see http://www.cisco.com/web/Cisco_IOS_XR_Software/index.html. For information about upgrading the ROMMON, refer to the Cisco IOS XR ROM Monitor Guide for the Cisco CRS-1 Router at:
http://www.cisco.com/en/US/products/ps5763/products_installation_and_configuration_guides_list.html

•The minimum CPUCNTRL version required for this release is 2.07. For more information about CPU controller bits, refer to the Cisco IOS XR System Management Configuration Guide for the Cisco CRS-1 Router at: http://www.cisco.com/en/US/products/ps5763/products_installation_and_configuration_guides_list.html

•Check the firmware needed by running the show fpd package command in admin mode.
RP/0/RP0/CPU0:FQ-PE1(admin)#show fpd package
Mon Sep 27 08:32:32.106 PDT
=============================== ================================================
                                        Field Programmable Device Package
                                ================================================
                                                                 SW      Min Req   Min Req
Card Type            FPD Description            Type Subtype   Version   SW Ver    HW Vers
==================== ========================== ==== ======= =========== ========  =======
1OC768-ITU/C         OPTICS FIRMWARE 110B10     lc   fpga2     110.10        0.0       0.0
------------------------------------------------------------------------------------------
1OC768-DWDM-L        OPTICS FIRMWARE 110B10     lc   fpga2     110.10        0.0       0.0
------------------------------------------------------------------------------------------
1OC768-DPSK/C        OPTICS FIRMWARE 110B14     lc   fpga2     110.14        0.0       0.0
------------------------------------------------------------------------------------------
1OC768-DPSK/C-O      OPTICS FIRMWARE 110B14     lc   fpga2     110.14        0.0       0.0
------------------------------------------------------------------------------------------
1OC768-DPSK/C-E      OPTICS FIRMWARE 110B14     lc   fpga2     110.14        0.0       0.0
------------------------------------------------------------------------------------------
CRS-CGSE-PLIM        FPGA mCPU0 0.559           lc   fpga2       0.559       0.0       0.0
                     FPGA sCPU0 0.559           lc   fpga3       0.559       0.0       0.0
                     FPGA mCPU1 0.559           lc   fpga4       0.559       0.0       0.0
                     FPGA sCPU1 0.559           lc   fpga5       0.559       0.0       0.0
                     FPGA PLIM_SVC 0.41014      lc   fpga1       0.41014     0.0       0.0
------------------------------------------------------------------------------------------
CRS1-SIP-800         JACKET FPGA swv6.0         lc   fpga1       6.00        5.0       0.0
					FPGA swv6.0 hwv80          lc   fpga1       6.00        5.0       0.80
------------------------------------------------------------------------------------------
8-10GBE              FPGA swvA.0                lc   fpga1      10.00        0.0       0.0
------------------------------------------------------------------------------------------
OC48-POS-16-ED       FPGA PLIM_OC48 9.0         lc   fpga1       9.00        0.0       0.0
------------------------------------------------------------------------------------------
4-10GBE              FPGA sw_4p_v15.0           lc   fpga1      15.00        0.0       0.0
------------------------------------------------------------------------------------------
8-10GBE              FPGA sw_8p_v15.0           lc   fpga1      15.00        0.0       0.0
------------------------------------------------------------------------------------------
4-10GE               SQUIRREL FPGA 10.0         lc   fpga1      10.00        0.0       0.0
------------------------------------------------------------------------------------------
42-1GE               FPGA swv6.0                lc   fpga1       6.00        0.0       0.0
					FPGA swv6.0 hwv0.80        lc   fpga1       6.00        0.0       0.80
------------------------------------------------------------------------------------------
20-1GE-FLEX          FPGA swv6.0                lc   fpga1       6.00        0.0       0.0
					FPGA swv6.0 hwv0.80        lc   fpga1       6.00        0.0       0.80
------------------------------------------------------------------------------------------
2-10GE-WL-FLEX       FPGA swv6.0                lc   fpga1       6.00        0.0       0.0
					FPGA swv6.0 hwv0.80        lc   fpga1       6.00        0.0       0.80
------------------------------------------------------------------------------------------
Route Processor      ROMMONA swv1.54 asmp       lc   rommonA     1.54        0.0       0.0
                     ROMMONA swv1.54 dsmp       lc   rommonA     1.54        0.0       0.0
                     ROMMONB swv1.54 asmp       lc   rommon      1.54        0.0       0.0
                     ROMMONB swv1.54 dsmp       lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
SC                   ROMMONA swv1.54 asmp       lc   rommonA     1.54        0.0       0.0
                     ROMMONA swv1.54 dsmp       lc   rommonA     1.54        0.0       0.0
                     ROMMONB swv1.54 asmp       lc   rommon      1.54        0.0       0.0
                     ROMMONB swv1.54 dsmp       lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
RP                   ROMMONA swv1.54 asmp       lc   rommonA     1.54        0.0       0.0
                     ROMMONA swv1.54 dsmp       lc   rommonA     1.54        0.0       0.0
                     ROMMONB swv1.54 asmp       lc   rommon      1.54        0.0       0.0
                     ROMMONB swv1.54 dsmp       lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
Shelf Controller GE  ROMMONA swv1.54 asmp       lc   rommonA     1.54        0.0       0.0
                     ROMMONA swv1.54 dsmp       lc   rommonA     1.54        0.0       0.0
                     ROMMONB swv1.54 asmp       lc   rommon      1.54        0.0       0.0
                     ROMMONB swv1.54 dsmp       lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
RP                   ROMMONA swv1.54 asmp       lc   rommonA     1.54        0.0       0.0
                     ROMMONA swv1.54 dsmp       lc   rommonA     1.54        0.0       0.0
                     ROMMONB swv1.54 asmp       lc   rommon      1.54        0.0       0.0
                     ROMMONB swv1.54 dsmp       lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
Shelf Controller GE2 ROMMONA swv1.54 asmp       lc   rommonA     1.54        0.0       0.0
                     ROMMONA swv1.54 dsmp       lc   rommonA     1.54        0.0       0.0
                     ROMMONB swv1.54 asmp       lc   rommon      1.54        0.0       0.0
                     ROMMONB swv1.54 dsmp       lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
DRP                  ROMMONA swv1.54 asmp       lc   rommonA     1.52        0.0       0.0
                     ROMMONA swv1.54 dsmp       lc   rommonA     1.52        0.0       0.0
                     ROMMONA swv1.54 sp         lc   rommonA     1.52        0.0       0.0
                     ROMMONB swv1.54 asmp       lc   rommon      1.54        0.0       0.0
                     ROMMONB swv1.54 dsmp       lc   rommon      1.54        0.0       0.0
                     ROMMONB swv1.54 sp         lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
DRP_B                ROMMONA swv1.54 asmp       lc   rommonA     1.52        0.0       0.0
                     ROMMONA swv1.54 dsmp       lc   rommonA     1.52        0.0       0.0
                     ROMMONA swv1.54 sp         lc   rommonA     1.52        0.0       0.0
                     ROMMONB swv1.54 asmp       lc   rommon      1.54        0.0       0.0
                     ROMMONB swv1.54 dsmp       lc   rommon      1.54        0.0       0.0
                     ROMMONB swv1.54 sp         lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
S1S2S3               ROMMONA swv1.54 sp         lc   rommonA     1.52        0.0       0.0
                     ROMMONB swv1.54 sp         lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
S1S3                 ROMMONA swv1.54 sp         lc   rommonA     1.52        0.0       0.0
                     ROMMONB swv1.54 sp         lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
S2                   ROMMONA swv1.54 sp         lc   rommonA     1.52        0.0       0.0
                     ROMMONB swv1.54 sp         lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
Fabric HS123         ROMMONA swv1.54 sp         lc   rommonA     1.52        0.0       0.0
                     ROMMONB swv1.54 sp         lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
Fabric HS123 Star    ROMMONA swv1.54 sp         lc   rommonA     1.52        0.0       0.0
                     ROMMONB swv1.54 sp         lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
Fabric HS13 Star     ROMMONA swv1.54 sp         lc   rommonA     1.52        0.0       0.0
                     ROMMONB swv1.54 sp         lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
Fabric QQS123        ROMMONA swv1.54 sp         lc   rommonA     1.52        0.0       0.0
                     ROMMONB swv1.54 sp         lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
LED                  ROMMONA swv1.54 sp         lc   rommonA     1.52        0.0       0.0
                     ROMMONB swv1.54 sp         lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
40G-MSC              ROMMONA swv1.54 asmp       lc   rommonA     1.52        0.0       0.0
                     ROMMONA swv1.54 dsmp       lc   rommonA     1.52        0.0       0.0
                     ROMMONA swv1.54 sp         lc   rommonA     1.52        0.0       0.0
                     ROMMONB swv1.54 asmp       lc   rommon      1.54        0.0       0.0
                     ROMMONB swv1.54 dsmp       lc   rommon      1.54        0.0       0.0
                     ROMMONB swv1.54 sp         lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
MSC_B                ROMMONA swv1.54 asmp       lc   rommonA     1.52        0.0       0.0
                     ROMMONA swv1.54 dsmp       lc   rommonA     1.52        0.0       0.0
                     ROMMONA swv1.54 sp         lc   rommonA     1.52        0.0       0.0
                     ROMMONB swv1.54 asmp       lc   rommon      1.54        0.0       0.0
                     ROMMONB swv1.54 dsmp       lc   rommon      1.54        0.0       0.0
                     ROMMONB swv1.54 sp         lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
FP40                 ROMMONA swv1.54 asmp       lc   rommonA     1.53        0.0       0.0
                     ROMMONA swv1.54 dsmp       lc   rommonA     1.53        0.0       0.0
                     ROMMONA swv1.54 sp         lc   rommonA     1.53        0.0       0.0
                     ROMMONB swv1.54 asmp       lc   rommon      1.54        0.0       0.0
                     ROMMONB swv1.54 dsmp       lc   rommon      1.54        0.0       0.0
                     ROMMONB swv1.54 sp         lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
PSAL                 ROMMONA swv1.54 sp         lc   rommonA     1.52        0.0       0.0
                     ROMMONB swv1.54 sp         lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
PSAL                 ROMMONA swv1.54 sp         lc   rommonA     1.54        0.0       0.0
                     ROMMONB swv1.54 sp         lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
FAN                  ROMMONA swv1.54 sp         lc   rommonA     1.52        0.0       0.0
                     ROMMONB swv1.54 sp         lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
FC Fan Controller    ROMMONA swv1.54 sp         lc   rommonA     1.52        0.0       0.0
                     ROMMONB swv1.54 sp         lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
LED                  ROMMONA swv1.54 sp         lc   rommonA     1.52        0.0       0.0
                     ROMMONB swv1.54 sp         lc   rommon      1.54        0.0       0.0
------------------------------------------------------------------------------------------
SPA-4XT3/E3          SPA E3 Subrate FPGA        spa  fpga2       1.04        0.0       0.0
                     SPA T3 Subrate FPGA        spa  fpga3       1.04        0.0       0.0
                     SPA I/O FPGA               spa  fpga1       1.00        0.0       0.0
                     SPA ROMMON                 spa  rommon      2.12        0.0       0.0
------------------------------------------------------------------------------------------
SPA-2XT3/E3          SPA E3 Subrate FPGA        spa  fpga2       1.04        0.0       0.0
                     SPA T3 Subrate FPGA        spa  fpga3       1.04        0.0       0.0
                     SPA I/O FPGA               spa  fpga1       1.00        0.0       0.0
                     SPA ROMMON                 spa  rommon      2.12        0.0       0.0
------------------------------------------------------------------------------------------
SPA-OC192POS         SPA FPGA swv1.3            spa  fpga1       1.03        0.0       0.0
------------------------------------------------------------------------------------------
SPA-8XOC12-POS       SPA FPGA swv1.0            spa  fpga1       1.00        0.0       0.5
------------------------------------------------------------------------------------------
SPA-4XOC3-POS        SPA FPGA swv3.4            spa  fpga1       3.04        0.0       0.0
------------------------------------------------------------------------------------------
SPA-OC192POS-XFP     SPA FPGA swv1.2            spa  fpga1       1.02        0.0       0.0
------------------------------------------------------------------------------------------
SPA-8X1GE            SPA FPGA swv1.8            spa  fpga1       1.08        0.0       0.0
------------------------------------------------------------------------------------------
SPA-2XOC48POS/RPR    SPA FPGA swv1.0            spa  fpga1       1.00        0.0       0.0
------------------------------------------------------------------------------------------
SPA-4XOC48POS/RPR    SPA FPGA swv1.0            spa  fpga1       1.00        0.0       0.0
------------------------------------------------------------------------------------------
SPA-10X1GE-V2        SPA FPGA swv1.10           spa  fpga1       1.10        0.0       0.0
------------------------------------------------------------------------------------------
SPA-8X1GE-V2         SPA FPGA swv1.10           spa  fpga1       1.10        0.0       0.0
------------------------------------------------------------------------------------------
SPA-5X1GE-V2         SPA FPGA swv1.10           spa  fpga1       1.10        0.0       0.0
------------------------------------------------------------------------------------------
SPA-1X10GE-L-V2      SPA FPGA swv1.11           spa  fpga1       1.11        0.0       0.0
------------------------------------------------------------------------------------------
SPA-1X10GE-WL-V2     SPA FPGA swv1.11           spa  fpga1       1.11        0.0       0.0
------------------------------------------------------------------------------------------
SPA-1XOC3-ATM-V2     SPA FPGA swv1.2            spa  fpga1       1.03        0.0       0.0
------------------------------------------------------------------------------------------
SPA-2XOC3-ATM-V2     SPA FPGA swv1.2            spa  fpga1       1.03        0.0       0.0
------------------------------------------------------------------------------------------
SPA-3XOC3-ATM-V2     SPA FPGA swv1.2            spa  fpga1       1.03        0.0       0.0
------------------------------------------------------------------------------------------
SPA-1XOC12-ATM-V2    SPA FPGA swv1.2            spa  fpga1       1.03        0.0       0.0
------------------------------------------------------------------------------------------
Determining Your Software Version

To determine the version of Cisco IOS XR software running on your router, log into the router and enter the show version command:

Step 1 Establish a Telnet session with the router.

Step 2 Enter the show version command from EXEC mode.
RP/0/RP0/CPU0:FQ-PE1#show version
Sun Sep 26 09:02:52.591 PDT
Cisco IOS XR Software, Version 3.9.2[00]
Copyright (c) 2010 by Cisco Systems, Inc.
ROM: System Bootstrap, Version 1.54(20091016:214209) [CRS-1 ROMMON],
FQ-PE1 uptime is 1 day, 15 hours, 23 minutes
System image file is "bootflash:disk0/hfr-os-mbi-3.9.2/mbihfr-rp.vm"
cisco CRS-16/S (7455) processor with 4194304K bytes of memory.
7455 processor at 800Mhz, Revision 3.4
2 Management Ethernet
75 GigabitEthernet
36 SONET/SDH
35 Packet over SONET/SDH
1 Asynchronous Transfer Mode
8 TenGigE
4 T3
4 Serial network interface(s)
1019k bytes of non-volatile configuration memory.
38079M bytes of hard disk.
2053440k bytes of disk0: (Sector size 512 bytes).
Boot device on node 0/5/CPU0 is mem:
Package active on node 0/5/CPU0:
hfr-fpd, V 3.9.2[00], Cisco Systems, at disk0:hfr-fpd-3.9.2
    Built on Fri Sep 24 04:12:43 PDT 2010
    By sjc-lds-511 in /auto/srcarchive4/production/3.9.2/hfr/workspace for c4.2.1-p0
hfr-diags, V 3.9.2[00], Cisco Systems, at disk0:hfr-diags-3.9.2
    Built on Fri Sep 24 04:12:27 PDT 2010
    By sjc-lds-511 in /auto/srcarchive4/production/3.9.2/hfr/workspace for c4.2.1-p0
hfr-mcast, V 3.9.2[00], Cisco Systems, at disk0:hfr-mcast-3.9.2
    Built on Fri Sep 24 06:49:25 PDT 2010
    By sjc-lds-511 in /auto/srcarchive4/production/3.9.2/hfr/workspace for c4.2.1-p0
hfr-mpls, V 3.9.2[00], Cisco Systems, at disk0:hfr-mpls-3.9.2
    Built on Fri Sep 24 06:49:10 PDT 2010
    By sjc-lds-511 in /auto/srcarchive4/production/3.9.2/hfr/workspace for c4.2.1-p0
hfr-lc, V 3.9.2[00], Cisco Systems, at disk0:hfr-lc-3.9.2
    Built on Fri Sep 24 03:58:19 PDT 2010
    By sjc-lds-511 in /auto/srcarchive4/production/3.9.2/hfr/workspace for c4.2.1-p0
hfr-fwdg, V 3.9.2[00], Cisco Systems, at disk0:hfr-fwdg-3.9.2
    Built on Fri Sep 24 03:57:06 PDT 2010
    By sjc-lds-511 in /auto/srcarchive4/production/3.9.2/hfr/workspace for c4.2.1-p0
hfr-admin, V 3.9.2[00], Cisco Systems, at disk0:hfr-admin-3.9.2
    Built on Fri Sep 24 03:56:20 PDT 2010
    By sjc-lds-511 in /auto/srcarchive4/production/3.9.2/hfr/workspace for c4.2.1-p0
hfr-base, V 3.9.2[00], Cisco Systems, at disk0:hfr-base-3.9.2
    Built on Fri Sep 24 03:59:33 PDT 2010
    By sjc-lds-511 in /auto/srcarchive4/production/3.9.2/hfr/workspace for c4.2.1-p0
hfr-os-mbi, V 3.9.2[00], Cisco Systems, at disk0:hfr-os-mbi-3.9.2
    Built on Fri Sep 24 03:51:00 PDT 2010
    By sjc-lds-511 in /auto/srcarchive4/production/3.9.2/hfr/workspace for c4.2.1-p0
New Features in Cisco IOS XR Software Release 3.9.3

New Software Features Supported on all Platforms

There are no new platform software features in Cisco IOS XR Software Release 3.9.3.

Cisco CRS-1 Series Router Specific Software Features

Figure 1 Upgrade Chart

From

To

3.6.3

3.9.3

3.8.2

3.9.3

3.8.4

3.9.3

3.9.0

3.9.3

3.9.1

3.9.3¹

3.9.2

3.9.3²

¹When upgrading from release 3.9.1 to 3.9.3 the cgn configuration will be lost and will have to be reconfigured with service-type changes

²When upgrading from release 3.9.2 to 3.9.3 the cgn configuration will be lost and will have to be reconfigured with service-type changes

Note When upgrading from rel 3.9.1/3.9.2 to 3.9.3, the cgn config will be lost and will have to be reconfigured with service-type changes as shown in the configuration guide for rel 3.9.3

IPv4/IPv6 Stateless Translator (XLAT)

IPv4/IPv6 Stateless Translator (XLAT), running on the CRS-1 Carrier Grade Services Engine (CGSE), enables an IPv4-only endpoint situated in an IPv4-only network to communicate with an IPv6-only end-point situated in an IPv6-only network. This like-to-unlike address family connectivity paradigm provides backwards compatibility between IPv6 and IPv4.

A Stateless XLAT (SL-XLAT) does not create or maintain any per-session or per-flow data structures. Rather it is an algorithmic operation performed on the IP packet headers that results in the translation of an IPv4 packet to an IPv6 packet and vice-versa.

An SL-XLAT:

•No states maintained. Supports 1:1 IPv6-to-IPv4 address mappings. That is one IPv4 address is consumed for each IPv6-to-IPv4 translation.

•Supports asymmetric packet flows. Because it is stateless it is not necessary to pin individual session flows in both directions to a particular SL-XLAT vehicle.

•Offers basic IP transit between IPv4 and IPv6 networks.

Hardware

The CRS-1 SL-XLAT solution is composed of two primary hardware components.

•The first is the Carrier Routing System (CRS-1) router.

•The second hardware component is the Carrier-Grade Services Engine (CGSE). The CGSE is a physical line interface module (PLIM) that when attached to a single CRS-1 modular service card (forwarding engine) provides the hardware system running the SL-XLAT application or module. An individual SL-XLAT module will consume one CRS-1 linecard slot. Multiple SL-XLAT modules can be placed inside a single CRS-1 chassis to add capacity, scale and redundancy.

The CGSE PLIM itself is a multi-CPU processor bank composed of four Cavium Octeon CPU complexes with each supporting 16 x cores for a total of 64 x cores. Each Octeon complex has its own DRAM (2GB-8Gb) memory complex. The bandwidth available between the CGSE and the CRS-1 forwarding engine is 20Gb. The CGSE PLIM does not support any external I/O but rather interfaces to the CRS-1 routing space by means of a Services Virtual Interface (SVI). The SVI is a virtual interface connecting the SL-XLAT application to one or more VPN Routing and Forwarding (VRFs) spaces running on the CRS-1 router.

The CGSE does not run IOS-XR but instead a version of MonteVista Linux while the CRS-1 MSC forwarding engine it is bound to runs IOS-XR. The CGSE PLIM and SL-XLAT application will be managed and configured under IOS-XR. Packets arriving at a CRS-1 router that require SL-XLAT processing are diverted internally (across the switch fabric) to a SVI. Packets that do not require SL-XLAT processing are forwarded to the ingress linecard-switch fabric-egress linecard business as usual.

Software

The CRS-1 SL-XLAT is based on several important software components:

•IOS-XR operates across the CRS-1 Route Processor (RP) and on the distributed linecards including the MSC forwarding engine that is mated to the CGSE module. IOS-XR supports distributed process placement and process restart ability for maximum scale and availability. A service director component is utilized to assist in managing the CGSE hardware including detecting a primary CGSE failure and initiating switchover to a standby CGSE. In addition the entire SL-XLAT module and application is configured and managed under IOS-XR.

•COSLI Monte Vista Linux is the operating system running on the CGSE and supports the SL-XLAT application.

•IOS-XR Services Virtual Interface (SVI) is an IP-addressable virtual interface that connects the CGSE SL-XLAT application to one or more routing spaces. Thus IP routing can be used to divert packets to the SL-XLAT.

The post-DNS64 request/response packet flow:

1. IPv6 packet is forwarded across the IPv6 SVI and delivered to the SL-XLAT application.

Note If a more specific lookup yields an IPv6 next_hop or interface leading towards the native IPv6 Internet, the packet will be forwarded there and not the SVI.

2. Stateless IPv4/IPv6 translation is performed by the SL-XLAT application running on the CGSE. This involves the algorithmic translation of the IPv6 header to an IPv4 along with an updated checksum.

3. Resultant IPv4 packet is directed across the IPv4 SVI to the IPv4 routing space (VRF).

4. Route lookup in the IPv4 VRF yields a next_hop towards IPv4 host and packet is forwarded.

5. The reverse happens for packets returning from the IPv4 host and destined for the IPv6 host (e.g. steps 5-4-3-2-1). The SL-XLAT constructs the IPv4 translatable address of the destination IPv6 host by prepending the network-specific prefix (NSP) to the IPv4 destination address and appending some number of suffix bits. Lookups in the IPv6 VRF and normal IPv6 routing and forwarding delivers the packet to the IPv6 host.

Cisco Carrier-Grade Service Engine (CGSE)

Solution Components:

•CRS-1 with IOS XR

–High-capacity, carrier-class SP platform with Cisco IOS/XR

–Leverages XR infrastructure to divert packets to Multi-Service PLIM

–Uniform, integrated configuration & management

•Carrier Grade Service Engine

–Leverages existing 40G MSC hardware & software

–Flexible Linux-based development & test environment

–Supports required CGN - NAT44 performance & scale

–Cornerstone of 346 Backbone First IPv6 Transition Strategy

•CGSE PLIM

–Hardware:

CGN (NAT44, 6rd, Stateless NAT64..) function resides on CGSE PLIM

Quad Octeon multiprocessor architecture, 64 CPU cores

Standard interface to MSC, 10 Gbps full-duplex nominal

–Software:

IOS-XR on MSC, Linux on Octeon CPUs

Integrated configuration & management via IOS XR

•Service Virtual Interface (SVI)

–Two types of Service Virtual Interfaces are used in CGSE

ServiceInfra SVI

ServiceApp SVI

–There can be one and only one ServiceInfra SVI per CGSE Slot. This will be used for the Management Plane and is required to bring up CGSE. This is of local significance within the chassis.

–ServiceApp SVI is used to forward the data traffic to the Application (6rd). Scale of 256 ServiceApp interfaces per CGSE is validated. These interfaces can be advertised in IGP/EGP.

Configuring the CGSE

Prerequisites:

•Hardware:

–CGSE hardware in chassis

–Latest uboot and mans images in CGSE

•Software:

–Load comp-hfr-mini.vm

–Load hfr-cgn-p.pie and activate it

–Load hfr-fpd.pie and activate it

Bring Up the CGSE Board

•After installing the cgn service pie (the pie installation is similar to any other CRS-1 pie), make sure the uboot version (fpga2, fpga3, fpga4, fpga5) is 0.559 & MANS FPGA version is 0.41014 as depicted below.
RP/0/RP0/CPU0:#admin
RP/0/RP0/CPU0:(admin)#show hw-module fpd location 0/2/cpu0
===================================== ==========================================
                                      Existing Field Programmable Devices
                                      ==========================================
                                        HW                       Current SW Upg/
Location     Card Type                Version Type Subtype Inst   Version   Dng?
============ ======================== ======= ==== ======= ==== =========== ====
--------------------------------------------------------------------------------
0/1/CPU0     CRS-CGSE-PLIM              0.88  lc   fpga2   0       0.559    No 
                                              lc   fpga3   0       0.559    No 
                                              lc   fpga4   0       0.559    No 
                                              lc   fpga5   0       0.559    No 
                                              lc   fpga1   0       0.41014  No 
                                              lc   rommonA 0       1.52     No 
                                              lc   rommon  0       1.52     Yes
Note Latest uboot version is 559 & MANS is 0.41

Note If One or more FPD needs an upgrade. This can be accomplished using steps mentioned in next slide. Make sure fpd pie is loaded and activated.If found different, follow the upgrade procedure in Line Card Upgrade

•After insertion the card remains in "IOS XR RUN" state until you install the appropriate cgn service pie.

•After installing the cgn service pie, the card will go to "FAILED" state until you complete the configuration mentioned in next slide. The following log messages will appear on console.
LC/0/3/CPU0:Sep 28 23:36:36.815 : plim_services[241]: plim_services_init[2063] Uknown 
role Retrying.., Role = -7205769247857836031
LC/0/3/CPU0:Sep 28 23:37:59.341 : plim_services[241]: service_download_thread[3873] 
App img download max-retries exhausted, 'plim_services' detected the 'warning' 
condition 'Operation not okay'
LC/0/3/CPU0:Sep 28 23:37:59.342 : plim_services[241]: plim_services_tile_failed[752] 
TILE0 failed
RP/0/RP1/CPU0:Sep 28 23:38:18.494 : invmgr[240]: %PLATFORM-INV-6-NODE_STATE_CHANGE : 
Node: 0/3/0, state: FAILED
•After Successful Boot Up :
RP/0/RP0/CPU0:router#show platform
Sun Dec 20 07:15:38.893 UTC
Node            Type            PLIM            State           Config State
-----------------------------------------------------------------------------
0/0/CPU0        MSC             Services Plim   IOS XR RUN      PWR,NSHUT,MON
0/0/0           MSC(SPA)        CGSE-TILE       OK              PWR,NSHUT,MON
0/1/CPU0        MSC             Jacket Card     IOS XR RUN      PWR,NSHUT,MON
0/1/0           MSC(SPA)        8X1GE           OK              PWR,NSHUT,MON
•Control connection to CGSE, One ServiceInfra Interface per CGSE & IPv4 address of local significance. Min of 2 valid IPv4 unicast addresses are required per ServiceInfra SVI. The Serviceinfra interface removal/modification needs CGSE LC reload.
router(config)
interface ServiceInfra1
ipv4 address 3.1.1.2 255.255.255.252
service-location 0/0/CPU0 
logging events link-status
commit
router(config)
hw-module service cgn location 0/0/CPU0
commit
Note This config has to be replicated for Standby CGSE Card. The serviceinfra IP has to be different.

•Specify the service role ( cgn ) for the given CGSE location

You need to reload the card. It takes ~15min
router#
hw-module location 0/0/CPU0 reload
WARNING: This will take the requested node out of service.
Do you wish to continue?[confirm(y/n)] y
XLAT Configuration

•The IPv4 traffic is diverted to the IPv4 ServiceApp

•The IPv6 traffic is diverted to the IPv6 ServiceApp

•One CGN instance per CGSE

•Multiple XLAT instances per CGN instance

•Configure IPv4 and IPv6 Service Apps

•Configure CGN instance

•Configure XLAT instances

•Associate IPv4 and IPv6 ServiceApps to XLAT instance

XLAT ServiceApp Configuration

1. IPv4 ServiceApp

–Configure Traffic Type - nat64_stless

–Configure IPv4 address

–Configure static route to divert specific IPv4 subnets (corresponding to IPv6 hosts) to the IPv4 ServiceApp
conf t
int ServiceApp4
    service cgn cgn1 service-type nat64 stateless
    ipv4 add 2.0.0.1/24
    commit
exit
router static
  address-family ipv4 unicast
  136.136.136.0/24 ServiceApp4 2.0.0.2
   commit
   exit
end
2. IPv6 ServiceApp

–Configure Type - nat64_stless

–Configure IPv6 address

–Configure static route to divert IPv6 traffic corresponding to XLAT prefix to the IPv6 ServiceApp
conf t
int serviceApp6
    service cgn cgn1service-type nat64 stateless
    ipv6 address 2001:db8:fe00::1/40 
    commit
exit
router static
  address-family ipv6 unicast
  2001:db8:ff00::/40 ServiceApp6 2001:db8:fe00::2
  commit
  exit
end
XLAT Instance Configuration

•IPv4 ServiceApp name

–Service App on which IPv4 traffic enters/leaves

•IPv6 ServiceApp name

–Service App on which IPv6 traffic enters/leaves

•XLAT prefix

–IPv6 prefix corresponding to XLAT translation

•Ubit enabled/disabled

–whether bits 64..71 are reserved or can be used for xlat purposes

•IPv4 & IPv6 TCP MSS configuration

–IPv4 TCP traffic's MSS value will be set to the smaller of (incoming MSS value)

–IPv6 TCP traffic's MSS value will be set to the smaller of (incoming MSS value)

•Traceroute pool

–Non Translatable IPv6 source addresses are translated to the IPv4 addresses in this range using a hash mechanism

–Algorithm to chose IPv4 address from traceroute pool

TTL based - Chose address based on hop count of the pkt

Hash based - Hash IPv6 Source Address and use it for selection

Random - Randomly select an IPv4 address

•IPv4 TOS Setting

–By default IPv4 TOS field is copied from IPv6 Traffic Class field

–This value can be overridden based on the configured TOS value

•IPv6 Traffic Class Setting

–By default IPv6 Traffic Class field is copied from IPv4 TOS field

–This value can be overridden based on the configured Traffic Class value

•IPv4 DF override

–When translating a IPv6 pkt when the no Fragment Header IPv4 DF bit is set to 1.

–We can override this and set the DF bit to 0 if incoming IPv6 packets are smaller than 1280 bytes

–This is to prevent path-mtu blackholing issues.
conf t
service cgn cgn1
service-type nat64 stateless xlat1
              ipv6-prefix 2001:db8:ff00::/40
              ubit-reserved
              address-family ipv4 
                   interface ServiceApp4
                   tcp mss 1200
                   tos 64
              address-family ipv6
                    interface ServiceApp6
                    tcp mss 1200
                    traffic-class 32
                    df-override
              traceroute translation
                   address-pool 202.1.1.0/24
                   algorithm Hash
Show Commands

•Checking IPv4 and IPv6 traffic statistics on Regular Interfaces
show interface g0/2/0/5 accounting
GigabitEthernet0/2/0/5
  Protocol              Pkts In         Chars In     Pkts Out        Chars Out
  IPV4_UNICAST          2072532        196637302      1777587       1388008448
  ARP                         2              120            4              168
show interface g0/2/0/6 accounting
GigabitEthernet0/2/0/6
  Protocol              Pkts In         Chars In     Pkts Out        Chars Out
  IPV6_UNICAST          1777665       1423566488      2072607        254672848
  IPV6_MULTICAST              3              254            0                0
  ARP                         0                0            2               84
  IPV6_ND                    80             6464          125            10040
•Checking IPv4 and IPv6 traffic stats on Service Interfaces
show int ServiceApp4 acc
ServiceApp4
  Protocol              Pkts In         Chars In     Pkts Out        Chars Out
  IPV4_UNICAST          1782667       1377627406      2079198        201248986
show int ServiceApp6 acc
ServiceApp6
  Protocol              Pkts In         Chars In     Pkts Out        Chars Out
  IPV6_UNICAST          2079198        242832922      1782667       1427542082
•Show XLAT instance Statistics
show cgn nat64 stateless xlat1 statistics summary 
Stateless Nat64 IPv6 to IPv4 counters:
_
TCP Input Count: 64 
TCP NonTranslatable Drop Count: 128 
TCP Invalid NextHdr Drop Count: 192 
TCP NoDb Drop Count: 256 
TCP Output Count: 320
...
...
Stateless Nat64 IPv4 to IPv6 counters:
_
TCP Input Count: 384 
TCP No Db Drop Count: 448 
TCP Output Count: 512
...
...
Clear Command

•The following command clears the XLAT instance statistics

clear cgn nat64 stateless xlat1 statistics

Line Card Upgrade

•UPGRADE FROM_ UBOOT to 559 & MANS FPGA to 0.41014

Step 1 Load the fpd pie

Step 2 Uboot the line card
hw-module location 0/2/CPU0 uboot-mode     
WARNING: This will bring the requested node's PLIM to uboot mode.
Do you wish to continue?[confirm(y/n)]y
Step 3 Wait for the ready for UBOOT log message on the console
RP/0/RP0/CPU0:#LC/0/2/CPU0:Sep 29 02:38:40.418 : plim_services[239]:   
tile_fsm_uboot_doorbell_handler[3222] Plim moved to uboot-mode and ready for UBOOT 
upgrade
Step 4 Go to admin mode on the node and upgrade the FPGA MANS
upgrade hw-module fpd fpga1_location <> 
Step 5 Then the following locations for Uboot
upgrade hw-module fpd fpga2 location <>
upgrade hw-module fpd fpga3 location <>
upgrade hw-module fpd fpga4_location <>
upgrade hw-module fpd fpga5_location <> 
Step 6 Reload the card after the successful upgrade operation
hw-module location <> reload 
Step 7 After the card comes up, check for the uboot version . This can be done using the following command from admin mode.
show hw-module fpd location <> 
NAT44 Sample Configuration

The following is a NAT44 Sample Configuration

:
IPv4: 40.22.22.22/16
!
interface Loopback40
 description IPv4 Host for NAT44
 ipv4 address 40.22.22.22 255.255.0.0
!
interface Loopback41
 description IPv4 Host for NAT44
 ipv4 address 41.22.22.22 255.255.0.0
!
interface GigabitEthernet0/3/0/0.1
 description Connected to P2_CRS-8 GE 0/6/5/0.1
 ipv4 address 10.222.5.22 255.255.255.0
 dot1q vlan 1
!
router static
 address-family ipv4 unicast
  180.1.0.0/16 10.222.5.2
  181.1.0.0/16 10.222.5.2
!
!
Hardware Configuration for CSGE:
!
vrf InsideCustomer1
 address-family ipv4 unicast
 !
!
vrf OutsideCustomer1
 address-family ipv4 unicast
 !
!
hw-module service cgn location 0/3/CPU0
!
service-plim-ha location 0/3/CPU0 datapath-test
service-plim-ha location 0/3/CPU0 core-to-core-test
service-plim-ha location 0/3/CPU0 pci-test
service-plim-ha location 0/3/CPU0 coredump-extraction
!
!
interface GigabitEthernet0/6/5/0.1
 vrf InsideCustomer1
 ipv4 address 10.222.5.2 255.255.255.0
 dot1q vlan 1
!
interface GigabitEthernet0/6/5/1.1
 vrf OutsideCustomer1
 ipv4 address 10.12.13.2 255.255.255.0
 dot1q vlan 1
!
interface ServiceApp1
 vrf InsideCustomer1
 ipv4 address 1.1.1.1 255.255.255.252
 service cgn cgn1 service-type nat44
!
interface ServiceApp2
 vrf OutsideCustomer1
 ipv4 address 2.1.1.1 255.255.255.252
 service cgn cgn1 service-type nat44
!
interface ServiceInfra1
 ipv4 address 75.75.75.75 255.255.255.0
 service-location 0/3/CPU0
!  
!       
router static
 !
vrf InsideCustomer1
  address-family ipv4 unicast
   0.0.0.0/0 ServiceApp1
   40.22.0.0/16 10.222.5.22
   41.22.0.0/16 10.222.5.22
   181.1.0.0/16 vrf OutsideCustomer1 GigabitEthernet0/6/5/1.1 10.12.13.1
  !
 !
 vrf OutsideCustomer1
  address-family ipv4 unicast
   40.22.0.0/16 vrf InsideCustomer1 GigabitEthernet0/6/5/0.1 10.222.5.22
   41.22.0.0/16 vrf InsideCustomer1 GigabitEthernet0/6/5/0.1 10.222.5.22
   100.0.0.0/24 ServiceApp2
   180.1.0.0/16 10.12.13.1
   181.1.0.0/16 10.12.13.1
  !
 !
!
CGSE Configuration:
service cgn cgn1
 service-location preferred-active 0/3/CPU0
 service-type nat44 nat44
  portlimit 200
  alg ActiveFTP
  inside-vrf InsideCustomer1
   map outside-vrf OutsideCustomer1 address-pool 100.0.0.0/24
   protocol tcp
    static-forward inside
     address 41.22.22.22 port 80
    !
   !
   protocol icmp
    static-forward inside
     address 41.22.22.22 port 80
    !
   !
   external-logging netflow version 9
    server
     address 172.29.52.68 port 2055
     refresh-rate 600
     timeout 100 !
   !
  !
 !
!
IPv4: 180.1.1.1/16
!
interface Loopback180
 description IPv4 Host for NAT44
 ipv4 address 180.1.1.1 255.255.0.0
!
interface Loopback181
 description IPv4 Host for NAT44
 ipv4 address 181.1.1.1 255.255.0.0
!
interface GigabitEthernet0/6/5/1.1
 ipv4 address 10.12.13.1 255.255.255.0
 dot1q vlan 1
!    
router static
 address-family ipv4 unicast
  40.22.0.0/16 10.12.13.2
  41.22.0.0/16 10.12.13.2
  100.0.0.0/24 10.12.13.2 !
!
NAT64 Stateless Sample Configuration

The following is a NAT64 Stateless Sample Configuration:
IPv6 Configuration:
interface Loopback210
 description IPv6 Host for NAT64 XLAT
 ipv6 address 2001:db8:1c0:2:2100::/64
 ipv6 enable
!
interface GigabitEthernet0/3/0/0.20
 description Connected to P2_CRS-8 GE 0/6/5/0.20
 ipv6 address 2010::22/64
 ipv6 enable
 dot1q vlan 20
!
router static
 !
 address-family ipv6 unicast
  2001:db8:100::/40 2010::2
!
!
CGSE Hardware Configuration:
hw-module service cgn location 0/3/CPU0
!
service-plim-ha location 0/3/CPU0 datapath-test
service-plim-ha location 0/3/CPU0 core-to-core-test
service-plim-ha location 0/3/CPU0 pci-test
service-plim-ha location 0/3/CPU0 coredump-extraction
!
interface GigabitEthernet0/6/5/0.20
 description Connected to PE22_C12406 GE 0/3/0/0.20
 ipv6 address 2010::2/64
 ipv6 enable
 dot1q vlan 20
!
interface GigabitEthernet0/6/5/1.20
 description Connected to P1_CRS-8 GE 0/6/5/1.20
 ipv4 address 10.97.97.2 255.255.255.0
 dot1q vlan 20
!
interface ServiceApp4
 ipv4 address 7.1.1.1 255.255.255.252
 service cgn cgn1 service-type nat64 stateless
!
interface ServiceApp6
 ipv6 address 2011::1/64
 service cgn cgn1 service-type nat64 stateless
!
interface ServiceInfra1
 ipv4 address 75.75.75.75 255.255.255.0
 service-location 0/3/CPU0
!
router static
 address-family ipv4 unicast
  192.0.2.0/24 ServiceApp4
  198.51.100.0/24 10.97.97.1
 !
 address-family ipv6 unicast
  2001:db8:100::/40 ServiceApp6
  2001:db8:1c0:2::/64 2010::22
!
!
CGSE Configuration:
service cgn cgn1
 service-location preferred-active 0/3/CPU0
 !
 service-type nat64 stateless xlat
  ipv6-prefix 2001:db8:100::/40
  address-family ipv4
   tos 64
   interface ServiceApp4
   tcp mss 1200
  !
  address-family ipv6
   interface ServiceApp6
   traffic-class 32
   tcp mss 1200
   df-override
  !
  traceroute translation
   address-pool 202.1.1.0/24
   algorithm Hash
 !
!
IPv4 Hardware Configuration:
interface Loopback251
 description IPv4 Host for NAT64 XLAT
 ipv4 address 198.51.100.2 255.255.255.0
!
interface GigabitEthernet0/6/5/1.20
 description Connected to P2_CRS-8 GE 0/6/5/1.20
 ipv4 address 10.97.97.1 255.255.255.0
 dot1q vlan 20
!
router static
 address-family ipv4 unicast
  192.0.2.0/24 10.97.97.2 !
!
6RD (IPv6 Rapid Deployment)

Introduction - 6rd

•6RD (IPv6 Rapid Deployment) is a mechanism that allows a Service Provider to provide a unicast IPv6 service to customers over its IPv4 network.

•Defined in RFC 5969

•IPv4 Protocol Field value 41 ( inner IPv6)

6RD Definitions : -

•6RD CE /RG/CPE : The 6rd "Customer Edge" router that sits between an IPv6-enabled site and an IPv4-enabled SP network. In a residential broadband deployment this is sometimes referred to as the "Residential Gateway (RG)," "Customer Premises Equipment," (CPE) or "Internet Gateway Device" (IGD). This router has a 6rd tunnel interface acting as an endpoint for the IPv6 in IPv4 encapsulation and forwarding, at least one "6rd CE LAN Side" interface and "6rd CE WAN Side" interface, respectively.

•6RD Border Relay (BR): A 6rd-enabled "Border Relay" router located at the SP premises. The 6rd BR router has at least one IPv4 interface, a 6RD Tunnel Interface for multi-point tunneling, and at least one IPv6 interface that is reachable via the IPv6 Internet or IPv6-enabled portion of the SP network. A router running IOS can be a 6RD BR.

•6RD Delegated Prefix: The IPv6 prefix determined by the 6rd CE device for use by hosts within the customer site.

•6RD Prefix (SP Prefix) : An IPv6 prefix selected by the Service Provider for use by a 6rd domain. There is exactly one 6rd prefix for a given 6rd domain.

•CE LAN side : The functionality of a 6rd CE that serves the "Local Area Network (LAN)" or "customer-facing" side of the CE. The CE LAN side interface is fully IPv6 enabled

•CE WAN side : The functionality of a 6rd CE that serves the "Wide Area Network (WAN)" or "Service Provider- facing" side of the CE. The CE WAN side is IPv4 only.

•BR IPv4 address : The IPv4 address of the 6rd Border Relay for a given 6rd domain. This IPv4 address is used by the CE to send packets to a BR in order to reach IPv6 destinations outside of the 6rd domain.

•CE IPv4 address : The IPv4 address given to the CE as part of normal IPv4 Internet access (i.e., configured via DHCP, PPP, or otherwise). This address may be global or private [RFC1918] within the 6rd domain. This address is used by a 6rd CE to create the 6rd delegated prefix as well as to send and receive IPv4-encapsulated IPv6 packets.

Cisco Carrier-Grade Service Engine (CGSE)

Solution Components:

•CRS-1 with IOS XR

–High-capacity, carrier-class SP platform with Cisco IOS/XR

–Leverages XR infrastructure to divert packets to Multi-Service PLIM

–Uniform, integrated configuration & management

•Carrier Grade Service Engine

–Leverages existing 40G MSC hardware & software

–Flexible Linux-based development & test environment

–Supports required CGN - NAT44 performance & scale

–Cornerstone of 346 Backbone First IPv6 Transition Strategy

•CGSE PLIM

–Hardware:

CGN (NAT44, 6rd, Stateless NAT64..) function resides on CGSE PLIM

Quad Octeon multiprocessor architecture, 64 CPU cores

Standard interface to MSC, 10 Gbps full-duplex nominal

–Software:

IOS-XR on MSC, Linux on Octeon CPUs

Integrated configuration & management via IOS XR

•Service Virtual Interface (SVI)

–Two types of Service Virtual Interfaces are used in CGSE

ServiceInfra SVI

ServiceApp SVI

–There can be one and only one ServiceInfra SVI per CGSE Slot. This will be used for the Management Plane and is required to bring up CGSE. This is of local significance within the chassis.

–ServiceApp SVI is used to forward the data traffic to the Application (6rd). Scale of 256 ServiceApp interfaces per CGSE is validated. These interfaces can be advertised in IGP/EGP.

Configuring the CGSE

Bring Up the CGSE Board

•After installing the cgn service pie (the pie installation is similar to any other CRS-1 pie), make sure the uboot version (fpga2, fpga3, fpga4, fpga5) is 0.559 & MANS FPGA version is 0.41014 as depicted below.
RP/0/RP0/CPU0:#admin
RP/0/RP0/CPU0:(admin)#show hw-module fpd location all
===================================== ==========================================
                                      Existing Field Programmable Devices
                                      ==========================================
                                        HW                       Current SW Upg/
Location     Card Type                Version Type Subtype Inst   Version   Dng?
============ ======================== ======= ==== ======= ==== =========== ====
--------------------------------------------------------------------------------
0/1/CPU0     CRS-CGSE-PLIM              0.88  lc   fpga2   0       0.559    No 
                                              lc   fpga3   0       0.559    No 
                                              lc   fpga4   0       0.559    No 
                                              lc   fpga5   0       0.559    No 
                                              lc   fpga1   0       0.41014  No 
                                              lc   rommonA 0       1.52     No 
                                              lc   rommon  0       1.52     Yes
•If found different, follow the upgrade procedure in Line Card Upgrade

•After insertion the card remains in "IOS XR RUN" state until you install the appropriate cgn service pie.

•After installing the cgn service pie, the card will go to "FAILED" state until you complete the configuration mentioned in next slide. Following log messages will appear on console.
LC/0/3/CPU0:Sep 28 23:36:36.815 : plim_services[241]: plim_services_init[2063] Uknown 
role Retrying.., Role = -7205769247857836031
LC/0/3/CPU0:Sep 28 23:37:59.341 : plim_services[241]: service_download_thread[3873] 
App img download max-retries exhausted, 'plim_services' detected the 'warning' 
condition 'Operation not okay'
LC/0/3/CPU0:Sep 28 23:37:59.342 : plim_services[241]: plim_services_tile_failed[752] 
TILE0 failed
RP/0/RP1/CPU0:Sep 28 23:38:18.494 : invmgr[240]: %PLATFORM-INV-6-NODE_STATE_CHANGE : 
Node: 0/3/0, state: FAILED
•After Successful Boot Up :
RP/0/RP0/CPU0:router#show platform
Sun Dec 20 07:15:38.893 UTC
Node            Type            PLIM            State           Config State
-----------------------------------------------------------------------------
0/0/CPU0        MSC             Services Plim   IOS XR RUN      PWR,NSHUT,MON
0/0/0           MSC(SPA)        CGSE-TILE       OK              PWR,NSHUT,MON
0/1/CPU0        MSC             Jacket Card     IOS XR RUN      PWR,NSHUT,MON
0/1/0           MSC(SPA)        8X1GE           OK              PWR,NSHUT,MON
router(config)
interface ServiceInfra1
ipv4 address 3.1.1.2 255.255.255.252
service-location 0/0/CPU0
logging events link-status
commit
•Control connection to CGSE, One ServiceInfra Interface per CGSE & IPv4 address of local significance. Min of 2 valid IPv4 unicast addresses are required per ServiceInfra SVI. The Serviceinfra interface removal/modification needs CGSE LC reload.
router(config)
hw-module service cgn location 0/0/CPU0
commit
•Specify the service role ( cgn ) for the given CGSE location
router#
hw-module location 0/0/CPU0 reload
WARNING: This will take the requested node out of service.
Do you wish to continue?[confirm(y/n)] y
•You need to reload the card. It takes ~15min

CGSE Health Monitoring

•Enable CGSE data and control path monitoring in configuration mode, where R/S/CPU0 is the CGSE Location .

•All the error conditions result in card reload. If a redundant card exists, then the standby becomes active. Otherwise the same card will be reloaded and brought up as active again. The option of revertive switchover (that is disabled by default) and forced switchover is also available and can be used if required. The line card reload can be disabled in admin-config mode using hw-module reset auto disable location R/S/CPU0.
router(config)#
RP/0/RP0/CPU0:(config)#service-plim-ha location R/S/CPU0 datapath-test
RP/0/RP0/CPU0:(config)#service-plim-ha location R/S/CPU0 core-to-core-test
RP/0/RP0/CPU0:(config)#service-plim-ha location R/S/CPU0 pci-test
RP/0/RP0/CPU0:(config)#service-plim-ha location R/S/CPU0 coredump-extraction 
RP/0/RP0/CPU0:(config)#commit
• Attempted and Passed tests can be viewed for all 4 Octeons (service-cpu 0,1,2,3) of CGSE
RP/0/RP0/CPU0:#show controllers services ha-stats service-cpu 0 location 0/0/cpu0
==========================================================
 High Availability Statistics for MASTER OCTEON 0 
==========================================================
 TEST NAME              ATTEMPTED        PASSED
=============================================
 Datapath test            2327       2327
 PCI Heartbeat test       1296       1296
 Core  0 heartbeat           0          0
 Core  1 heartbeat        2327       2327
 Core  2 heartbeat        2327       2327
.....................   ..................           .....................     ..............
--------------------------------------------------------------------------------
6rd Configuration

Step 1 6rd CPE/RG Config Parameters

SP Prefix

2001:B000::/28

V4 Common Prefix length

0

V4 Common Suffix length

0

RG/CPE Delegated 6RD prefix

2001:B000:a010:1010::/60

CE1 (V4) tunnel transport source

10.1.1.1

BR (V4) tunnel transport address

100:1:1:1

*Static Routes

::/0 -> 6rd-virtual-int0 via 2001:B006:4010:1010::/ (default route)

2001:B000::/28 -> 6rd-virtual-int0 (direct connect to 6rd)

2001:B000:a010:1010::/60-> Null0 (delegated prefix null route)

2001:B000:a010:1010::/64 -> Ethernet0 (LAN interface)

Step 2 6rd BR (CGSE) Config Parameters

SP Prefix

2001:B000::/28

V4 Common Prefix length

0

V4 Common Suffix length

0

BR Delegated 6RD prefix

2001:B006:4010:1010::/60

BR (V4) source address

100:1:1:1

*Static Routes

100:1:1:1/32-> Serviceapp4

2001:B000::/28 -> Serviceapp6

2001:B006:4010:1010::/60 -> Null0 (BR delegated prefix null route)

2001:B006:4010:1010::/128 -> Serviceapp6 (BR anycast reachability route)

2001:B006:4010:1010::1/128 -> Serviceapp6 (BR unicast reachability route)

•Create cgn instance. One CGN instance per CGSE
router(config)#
service cgn demo
 service-location preferred-active 0/0/CPU0
•An IPv4 SVI is created to carry IPv4 pkt into the CGSE for Decapsulation and is handed over to native IPv6 via IPv6 SVI. Service-type should be "tunnel v6rd"
router(config)#
interface ServiceApp4
 ipv4 address 1.1.1.1 255.255.255.252
 service cgn demo 
service-type tunnel v6rd
 logging events link-status 
•An IPv6 SVI is created to carry IPv6 pkt into the CGSE for Encapsulation and is handed over to IPv4 N/W via IPv4 SVI. Service-type should be "tunnel v6rd"
router(config)#
interface ServiceApp6
 ipv4 address 5000::1/126
 service cgn demo service-type tunnel v6rd 
 logging events link-status 
•Configure 6rd instance (string "6rd1" in this Eg.). There can be 64 6rd instances per CGSE/Chassis.

•Configure 6rd Prefix, BR source IPv4 address & unicast IPv6 address in a single commit.

•"address-family" command will bind IPv4 & IPv6 Serviceapp interface to a particular 6rd instance "6rd1", for transmitting/receiving 6rd traffic.
router(config)#
service cgn demo					 
 service-type tunnel v6rd 6rd1
  br
   ipv6-prefix 2001:B000::/28
   source-address 100.1.1.1
   unicast address 2001:B006:4010:1010::1
  !
  address-family ipv4
   interface ServiceApp4
  !
  address-family ipv6
   interface ServiceApp6 
Note "Unicast address " Specifies unique IPv6 address for a particular CGSE. This will be used as source IPv6 address while replying to IPv6 ICMP queries destined for BR IPv6 anycast address

Step 3 Configure Routes to the CGSE

•To divert the traffic towards CGSE which is destined for BR
router(config)#
router static
 address-family ipv4 unicast
  100.1.1.1/32 1.1.1.2  (Serviceapp4 NextHop)
•Packets destined to 6rd Prefix are routed to CGSE
Router#show route ipv6
S    2001:b000::/28 is directly connected,00:13:44, ServiceApp6
S    2001:b006:4010:1010::/60 is directly connected,00:19:24, Null0
S    2001:b006:4010:1010::/128 is directly connected,00:13:44, ServiceApp6
S    2001:b006:4010:1010::1/128 is directly connected,00:13:44, ServiceApp6
C    5000::/64 is directly connected,00:13:44, ServiceApp6
L    5000::1/128 is directly connected,00:13:44, ServiceApp6
C    2001:db8::/64 is directly connected,01:23:55, GigE0/1/1/4
L    2001:db8::2/128 is directly connected,01:23:55, GigE0/1/1/4
Step 4 Show Commands

•show interface serviceapp 4 accounting

•show cgn tunnel v6rd 6rd1 statistics
RP/0/RP1/CPU0:#show cgn tunnel v6rd 6rd1 statistics 
Thu Oct 21 07:02:54.972 UTC
Tunnel 6rd configuration
=========================
Tunnel 6rd name: 6rd1
IPv6 Prefix/Length: 2001:db8::/32
Source address: 9.1.1.1
BR Unicast address: 2001:db8:901:101::1
IPv4 Prefix length: 0
IPv4 Suffix length: 0
TOS: 0, TTL: 255, Path MTU: 1280
Tunnel 6rd statistics
======================
IPv4 to IPv6 
=============
Incoming packet count 	: 0 (Total No. of Protocol pkts 41
	non Protocol 41)
Incoming tunneled packets count 	: 0 (Total No. of Protocol pkts 41
	non Protocol 41)
Decapsulated packets 	: 0
ICMP translation count 	: 0 (ICMPv4 TO ICMPv6 translated count)
Insufficient IPv4 payload drop count 	: 0 (Payload should carry IPv6 header)
Security check failure drops 	: 0
No DB entry drop count 	: 0 (6rd config is incomplete/missing)
Unsupported protocol drop count 	: 0 (IPv4 protocol type is not 41 (IPv6))
Invalid IPv6 source prefix drop count 	: 0 (IPv6 Source from RG doesn't have 6rd
	prefix)
IPv6 to IPv4
=============
Incoming packet count 	: 0
Encapsulated packets count 	: 0
No DB drop count 	: 0 (6rd config is not complete/missing)
Unsupported protocol drop count 	: 0 (Non ICMP pkts destined to IPv6 BR
	anycast/unicast address)
IPv4 ICMP
==========
Incoming packets count 	: 0
Reply packets count 	: 0
Throttled packet count 	: 0 (ICMP throttling in CGSE 64	 PKTS/sec
Nontranslatable drops 	: 0 (ICMPv4 error pkt (ipv4->TL) at least
	72 bytes)
Unsupported icmp type drop count 	: 0 (As per
http://tools.ieft.org/html/draft-ieft-behave-v6v4-xlate-22 )
IPv6 ICMP
==========
Incoming packets count                           : 0
Reply packets count                              : 0
Packet Too Big generated packets count           : 0
Packet Too Big not generated packets count       : 0
NA generated packets count                       : 0
TTL expiry generated packets count               : 0
Unsupported icmp type drop count                 : 0 (As per 
http://tools.ieft.org/html/draft-ieft-behave-v6v4-xlate-22)
Throttled packet count                           : 0 (ICMP throttling in CSGE 64
	pkts/core)
IPv4 to IPv6 Fragments
=======================
Incoming fragments count                         : 0 (No. of IPv4 Fragments Came in)
Reassembled packet count                         : 0 (No. of Pkts Reassembled from
	Fragments )
Reassembled fragments count                       : 0 (No. of Fragments Reassembled)
ICMP incoming fragments count                    : 0 (No. of ICMP Fragments Came in)
Total fragment drop count                        : 0 
Fragments dropped due to timeout                 : 0 (Fragment dropped due to 
	reassembly timeout) 
Reassembly throttled drop count                  : 0 (Fragments throttled)
Duplicate fragments drop count                   : 0 
Reassembly disabled drop count                   : 0 (Number of fragments dropped 
	while re-assembly is disabled.)
No DB entry fragments drop count                 : 0 (6rd Config is incomplete
	/missing)
Fragments dropped due to security check failure  : 0 
Insufficient IPv4 payload fragment drop count    : 0 (1st Fragment should have IPv6
	header)
Unsupported protocol fragment drops              : 0 (IPv4 protocol type is not 41
	(IPv6) & non ICMP)
Invalid IPv6 prefix fragment drop count          : 0 (IPv6 Source from RG doesn't have
	6rd prefix)
=====================================================================
IPv6 to IPv4 Fragments
=======================
Incoming ICMP fragment count                     : 0 
=================================================================================
=================================================================================
Step 5 Clear Command

•clear cgn tunnel v6rd 6rd1 statistics
RP/0/RP0/CPU0:BR1#clear cgn tunnel v6rd 6rd1 statistics
Clear all 6rd Counters "show cgn tunnel v6rd 6rd1 statistics" 
Ping to BR Anycast Address

•IPv6 Ping from RG to BR Anycast Address
/etc/init.d/service_wan_ipv6 # ping 2001:B006:4010:1010::
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2001:B006:4010:1010::, timeout is 2 seconds:
PING 2001:B006:4010:1010::(2001:B006:4010:1010::)56 data bytes
64 bytes from 2001:B006:4010:1010::1 : seq=1 ttl=62 time=1.122 ms
64 bytes from 2001:B006:4010:1010::1 : seq=2 ttl=62 time=0.914 ms
--- 2001:B006:4010:1010:: ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
Note Reply will have Configured IPv6 Unicast Address as Src address (2001:B006:4010:1010::1)
RP/0/RP0/CPU0:BR1#show cgn tunnel v6rd 6rd1 statistics  
IPv6 to IPv4
=============
Incoming packet count                            : 5
IPv6 ICMP
==========
Incoming packets count                           : 5
Reply packets count                              : 5
Enable Additional 6rd Features

•Common 6rd IPv4 Prefix & Suffix Length

–IPv4 Prefix Length : This common prefix can be provisioned on the router and therefore need not be carried in the IPv6 destination to identify a tunnel endpoint.

–IPv4 Suffix Length : All the 6RD CEs and the BR can agree on a common tail portion of the V4 address to identify a tunnel endpoint.

Note Note : All the BR parameters have to be given in Single Commit.

•6rd Tunnel TTL and TOS

–By default the IPv6 Traffic class and Hoplimit field will be copied to the IPv4 TTL and TOS fields respectively. This default behavior MAY be overridden by above configuration.

–tos value is in decimal
service cgn demo
   service-type tunnel v6rd 6rd1
    tos 160
    ttl 100
    commit
•Setting 6rd Tunnel Path MTU

–By default the 6rd Tunnel MTU value is 1280.
service cgn demo
   service-type tunnel v6rd 6rd1
    path-mtu 1480
    commit
•Enabling reassembly of Fragmented Tunnel Packets

•Fragmented Tunneled IPv4 pkts are reassembled by BR before Decapsulation
service cgn demo
   service-type tunnel v6rd 6rd1
    reassembly-enable
    commit
RP/0/RP0/CPU0:BR1#show cgn tunnel v6rd 6rd1 statistics
Incoming fragments count                         : 2
Reassembled packet count                         : 1
Reassembled fragments count                       : 2
ICMP incoming fragments count                    : 0
Total fragment drop count                        : 0
Fragments dropped due to timeout                 : 0
Duplicate fragments drop count                   : 0
No DB entry fragments drop count                 : 0
Fragments dropped due to security check failure  : 0
Insufficient IPv4 payload fragment drop count    : 0
Unsupported protocol fragment drops              : 0
Invalid IPv6 prefix fragment drop count          : 0
Incoming ICMP fragment count                     : 0
•ICMP Throttling

–By default CGSE throttles 1 per core ( we have 64 cores in CGSE)
RP/0/RP0/CPU0:BR1#config
RP/0/RP0/CPU0:BR1(config)#service cgn cgn1
 RP/0/RP0/CPU0:BR1(config-cgn)#protocol icmp rate-limit ?
  <0-65472>  ICMP rate limit per second, should be multiple of 64    
commit
•Reset DF bit

–Tunneled IPv4 packets from BR will have DF bit reset (0) which will allow fragmentation in the path to RG.

–By default it is set to 1 to support Anycast routing
service cgn demo
   service-type tunnel v6rd 6rd1
    reset-df-bit
    commit
•Additional Information:

–IPv6 Rapid Deployment on IPv4 Infrastructures (6rd) - http://tools.ietf.org/html/rfc5969

–ICMPv4 to ICMPv6 Translation as per http://tools.ietf.org/html/draft-ietf-behave-v6v4-xlate-22

–Basic Transition Mechanisms for IPv6 Hosts and Routers", RFC 4213, October 2005.

•"An Anycast Prefix for 6to4 Relay Routers", RFC 3068, June 2001.

•"Security Considerations for 6to4", RFC 3964, December 2004.

•Cisco CGSE CCO Docs :

–http://www.cisco.com/en/US/docs/routers/crs/crs1/plim/installation/guide/20gbpscrscgseplim.html#wp423456

–http://www.cisco.com/en/US/docs/routers/crs/software/crs_r3.9.1/cg_nat/configuration/guide/cgc391cgn.html#wp1265366

Line Card Upgrade

• UPGRADE FROM_ UBOOT to 559 & MANS FPGA to 0.41014

Step 1 Load the fpd pie

Step 2 Uboot the line card
hw-module location 0/2/CPU0 uboot-mode     
WARNING: This will bring the requested node's PLIM to uboot mode.
Do you wish to continue?[confirm(y/n)]y
Step 3 Wait for the ready for UBOOT log message on the console
RP/0/RP0/CPU0:#LC/0/2/CPU0:Sep 29 02:38:40.418 : plim_services[239]:   
tile_fsm_uboot_doorbell_handler[3222] Plim moved to uboot-mode and ready for UBOOT 
upgrade
Step 4 Go to admin mode on the node and upgrade the FPGA MANS
upgrade hw-module fpd fpga1_location <> 
Step 5 Then the following locations for Uboot
upgrade hw-module fpd fpga2 location <>
upgrade hw-module fpd fpga3 location <>
upgrade hw-module fpd fpga4_location <>
upgrade hw-module fpd fpga5_location <> 
Step 6 Reload the card after the successful upgrade operation
hw-module location <> reload 
Step 7 After the card comes up, check for the uboot version . This can be done using the following command from admin mode.
show hw-module fpd location <> 
XLAT and 6rd Commands

address (CGN NetflowV9 logging)

Use the address command to enable the IPv4 address for the Netflow v9 external logging server for logging the entries in the Network Address Translation (NAT) table. To disable the Netflow server configuration, use the no form of this command.

address <A.B.C.D> port <1-65535>
no address <A.B.C.D> port <1-65535>
Syntax Description

address

Address of the server to be used for logging

<A.B.C.D>

Address of the server

port

Port to be used for logging

<1-65535>

Port number. Range is from 1 to 65535.

Command Default

NetflowV9 logging is disabled.

Command Modes

CGN-INVRF

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

Updated Usage Guidelines.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This NAT44 specific command will configure the ipv4 address and portno for the netflowv9 external logging facility. The address corresponds to the IPv4 address of the NetflowV9 logging server port, which corresponds to the UDP port number in which the NetflowV9 logging server listens for the Netflow logs.

Note Only when the ipv4 address and port number for the logging server has been configured will the other 3 configurations for path-mtu, refresh-rate and timeout be applied.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the IPv4 address and port number 45 for NetFlow logging of the NAT table entries:
RP/0/RP1/CPU0:#config
Mon Oct 11 08:04:49.446 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat44 nat1 
RP/0/RP1/CPU0:(config-cgn-nat44)#inside-vrf insidevrf1 
RP/0/RP1/CPU0:(config-cgn-invrf)#external-logging netflow version 9 
RP/0/RP1/CPU0:(config-cgn-invrf-af-extlog)#server address 192.0.2.1 port 650 
RP/0/RP1/CPU0:(config-cgn-invrf-af-extlog)#show
Mon Oct 11 08:15:44.325 UTC
service cgn cgn1
 service-type nat44 nat1
  inside-vrf insidevrf1
   external-logging netflow version 9
    server
     address 192.0.2.1 port 650
Related Commands

Command

Description

external-logging (CGN)

Enables the external-logging facility for an inside VRF of a CGN instance.

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.

path-mtu (CGN)

Configures the path Maximum Transmission Unit (MTU) for the netflowv9-based external-logging facility.

refresh-rate (CGN)

Re sends the log template to the netflowv9 server.

server (CGN)

Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility.

service cgn (CGN)

Enables an instance for the CGN application.

timeout (CGN logging)

Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server

address (CGN static-forward)

Use the address command to enable the inside IPv4 address and port number for static forwarding. Use the no form of this command to disable the inside IPv4 address and port number for static forwarding.

address <A.B.C.D> port <1-65535>
no address <A.B.C.D> port <1-65535>
Syntax Description

address

Address of the server to be used for logging

<A.B.C.D>

Address of the server

port

Port to be used for logging

<1-65535>

Port number. Range is from 1 to 65535.

Command Default

No default behavior or values.

Command Modes

CGN-INVRF

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

Updated Usage Guidelines.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This NAT44 command will configure the static port forwarding for an inside-ipv4 address and inside-portno combination. With this configuration, packets received on inside with the configured inside-ipv4 address and inside-portno will be forwarded using displayed outside-ipv4address and outside-portno.

CGN can dynamically allocate one free public IP address and port number from the configured outside address pool for an inside address and port.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the inside IPv4 address and port for static forwarding.
RP/0/RP1/CPU0:#config
Mon Oct 11 09:07:27.535 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat44 nat1
RP/0/RP1/CPU0:(config-cgn-nat44)#inside-vrf insidevrf1
RP/0/RP1/CPU0:(config-cgn-invrf)#protocol tcp 
RP/0/RP1/CPU0:(config-cgn-invrf-proto)#static-forward inside address 198.51.100.1 port 
800 
RP/0/RP1/CPU0:(config-cgn-invrf-proto)#show 
Mon Oct 11 09:13:09.185 UTC
service cgn cgn1
 service-type nat44 nat1
  inside-vrf insidevrf1
   protocol tcp
    static-forward inside
     address 198.51.100.1 port 800
Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the address family configuration mode for the specified CGN instance.

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.

protocol (CGN-NAT44)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat44 (CGN)

Creates a NAT44 instance for the CGN application

show cgn nat44 inside-translation

Displays the translation table entries for an inside IPv4 address and inside VRF combination for a specified CGN instance.

tcp mss (CGN)

Adjusts the TCP maximum segment size (MSS) value for a ServiceApp interface.

tos (CGN)

Configures the ipv4 tunnel type of service

address-family ipv4 (CGN)

To enter the IPv4 address family configuration mode while configuring the Carrier Group NAT (CGN), use the address-family ipv4 command in an appropriate configuration mode. To disable support for an address family, use the no form of this command.

address-family ipv4 {interface ServiceApp <1-2000> | tcp mss <28-1500> | tos <0-255>}
no address-family ipv4
Syntax Description

address-family

Address-family related configuration

ipv4

IPv4 address family

interface

ServiceApp interface to be used

ServiceApp

SEAPP SVI Interface

<1-2000>

Number of service application interfaces to be configured. Range is from 1 to 2000.

tcp

Protocol TCP

mss

Maximum segment size for TCP in bytes

<28-1500>

Maximum segment size to be used in bytes

tos

Type of service value to be set when translating IPv6 to IPv4

<0-255>

Type of service to be set

Command Default

No default behavior or values.

Command Modes

CGN-NAT64

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

Updated Syntax and Usage Guidelines.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This command will configure the ipv4 address family for NAT64 stateless XLAT.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows the tcp mss for the ipv4 address family.
RP/0/RP1/CPU0:#config
Wed Sep 29 11:30:52.452 UTC
RP/0/RP1/CPU0:(config)#sevice cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat64 stateless xlat
RP/0/RP1/CPU0:(config-cgn-nat64-stateless)#address-family ipv4 
RP/0/RP1/CPU0:(config-cgn-nat64-stless-afi)#tcp mss 200
RP/0/RP1/CPU0:(config-cgn-nat64-stless-afi)#show
Wed Sep 29 11:34:30.508 UTC
service cgn cgn1
 service-type nat64 stateless xlat
  address-family ipv4
   tcp mss 200
Related Commands

Command

Description

mss (CGN)

Enables the TCP MSS adjustment value for an inside VRF of a specified CGN instance and to adjust the MSS value of the TCP SYN packets going through.

protocol (CGN-NAT44)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.

service cgn (CGN)

Enables an instance for the CGN application.

interface ServiceApp (CGN)

Enable an SVI interface

service-type nat64 (CGN)

Creates a nat64 stateless application

tcp mss (CGN)

Adjusts the TCP maximum segment size (MSS) value for a ServiceApp interface.

tos (CGN)

Configures the ipv4 tunnel type of service

address-family ipv6 (CGN)

Use the address-family ipv6 command to enter the IPv6 address family configuration mode. Use the no form of this command to disable support for an address family.

address-family ipv6 {interface ServiceApp <1-2000>} { df-override } { protocol { icmp | reset-mtu }} { tcp mss <28-1500>} { traffic-class <0-255>}
no address-family ipv6
Syntax Description

address-family

Address-family related configuration

ipv6

IPv6 address family

interface

ServiceApp interface to be used

ServiceApp

SEAPP SVI Interface

<1-2000>

Number of service application interfaces to be configured. Range is from 1 to 2000.

df-override

Override DF bit

protocol

Select a protocol

icmp

(Optional) ICMP protocol

reset-mtu

(Optional) Reset maximum transmission unit when packet is too big

tcp

Protocol TCP

mss

Maximum segment size for TCP in bytes

<28-1500>

Maximum segment size to be used in bytes

traffic-class

Traffic class to be set when translating from IPv4 to IPv6

<0-255>

Traffic class to be set

Defaults

No default behavior or values.

Command Modes

CGN-NAT64

Command History

Release

Modification

Release 3.9.3

This command was introduced.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This command will configure the ipv6 address family for NAT64 stateless XLAT.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows the traffic-class setting for the ipv6 address family.
RP/0/RP1/CPU0:#config
Wed Sep 29 12:24:55.726 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat64 stateless xlat1
RP/0/RP1/CPU0:(config-cgn-nat64-stateless)#address-family ipv6 
RP/0/RP1/CPU0:(config-cgn-nat64-stless-afi)#traffic-class 25 
RP/0/RP1/CPU0:(config-cgn-nat64-stless-afi)#show
Wed Sep 29 12:26:56.117 UTC
service cgn cgn1
 service-type nat64 stateless xlat1
  address-family ipv6
   traffic-class 25
Related Commands

Command

Description

address-family ipv6 (CGN)

Enters the address family configuration mode for the specified CGN instance.

df-override (CGN)

Use the df-override command to over ride the DF (Don't Fragment) bit.

protocol icmp reset-mtu (CGN)

When the ICMP packet size is less than 1280 bytes, the protocol icmp reset-mtu command will reset the packet size to 1280 when translating from ipv4 to ipv6

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat64 (CGN)

Creates a NAT64 instance for the CGN application

show cgn nat44 inside-translation

Displays the translation table entries for an inside IPv4 address and inside VRF combination for a specified CGN instance.

tcp mss (CGN)

Adjusts the TCP maximum segment size (MSS) value for a ServiceApp interface.

traffic-class (CGN)

Configures the traffic class value to be used when translating a packet from ipv4 to ipv6

alg ActiveFTP (CGN)

Use the alg ActiveFTP command to enable support for an Active FTP Application-Level Gateway (ALG) for the Active FTP. Use the no form of this command to disable ALG support for the Active FTP.

alg ActiveFTP
no alg ActiveFTP
Syntax Description

alg

Configure the Application Level Gateway type to be used

ActiveFTP

ActiveFTP

Command Default

By default, ActiveFTP ALG is disabled.

Command Modes

CGN-NAT44

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

Updated Usage Guidelines.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This is a NAT44 service type specific command to be applied per cgn instance.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure ALG for the active FTP connection for the CGN instance:
RP/0/RP0/CPU0:#config
Fri Sep 17 20:43:30.876 UTC
RP/0/RP0/CPU0:(config)#service cgn cgn1
RP/0/RP0/CPU0:(config-cgn)#service-type nat44 nat1
RP/0/RP0/CPU0:(config-cgn-nat44)#alg ActiveFTP 
RP/0/RP0/CPU0:(config-cgn-nat44)#show
Sat Sep 18 00:17:54.986 UTC
service cgn cgn1
 service-type nat44 nat1
  alg ActiveFTP
Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the address family configuration mode for the specified CGN instance.

alg rtsp

Enable support for the Real Time Streaming Protocol (rtsp).

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.

portlimit (CGN)

Limits the number of entries per source address.

protocol (CGN-NAT44)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat44 (CGN)

Creates a NAT44 instance for the CGN application

refresh-direction (CGN)

Configures the Network Address Translation (NAT) mapping refresh direction.

alg rtsp

Use the alg rtsp command to enable support for the Application-Level Gateway (ALG) Real Time Streaming Protocol (rtsp) . Use the no form of this command to disable alg rtsp support.

alg rtsp
no alg rtsp
Syntax Description

alg

Configure the Application Level Gateway type to be used

rtsp

Real time streaming protocol

Command Default

By default, the alg rtsp is disabled.

Command Modes

CGN-NAT44

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Router

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

The application needs to be told to lookout for RTSP packets. The alg rtsp configuration command will allow enabling of RTSP scan.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the alg rtsp for the CGN instance:
RP/0/RP0/CPU0:#config
Thu Nov 11 07:27:46.511 UTC
RP/0/RP0/CPU0:(config)#service cgn cgn1
RP/0/RP0/CPU0:(config-cgn)#service-type nat44 nat1
RP/0/RP0/CPU0:(config-cgn-nat44)#alg rtsp 
RP/0/RP0/CPU0:(config-cgn-nat44)#show
Thu Nov 11 07:31:10.482 UTC
service cgn cgn1
 service-type nat44 nat1
  alg rtsp
Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the address family configuration mode for the specified CGN instance.

alg ActiveFTP (CGN)

Enable support for an Active FTP Application-Level Gateway (ALG) for the Active FTP.

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.

portlimit (CGN)

Limits the number of entries per source address.

protocol (CGN-NAT44)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat44 (CGN)

Creates a NAT44 instance for the CGN application

refresh-direction (CGN)

Configures the Network Address Translation (NAT) mapping refresh direction.

br (6rd)

The br command enters the Border Relay configuration mode. To disable this feature, use the no form of this command.

br { ipv4 | ipv6-prefix | source-address | unicast }
no br
Syntax Description

br

Border Relay related configurations

ipv4

IPv4 related configurations

ipv6-prefix

IPv6 prefix

source-address

Source address for tunnel

unicast

Unicast

Defaults

No default behavior or values.

Command Modes

TUNNEL-6RD

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Router

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows the br configuration level commands how to configure the unicast address:
RP/0/RP1/CPU0:#config
Wed Sep 29 10:47:39.255 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type tunnel v6rd 6rd1
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd)#br
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd-br)#unicast address 2010:db8:ff00::
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd)#show
Wed Sep 29 10:29:48.215 UTC
service cgn cgn1
 service-type tunnel v6rd 6rd1
  br
   unicast address 2010:db8:ff00::
Related Commands

Command

Description

ipv4 prefix (6rd)

Assigns a value for the ipv4 tunnel prefix.

ipv4 suffix (6rd)

Assigns a value for the ipv4 tunnel suffix.

ipv6-prefix (6rd)

Configures the ipv6 prefix to be used for converting ipv4 addresses into ipv6 addresses and ipv4 addresses into ipv6 addresses

service cgn (CGN)

Enables an instance for the CGN application.

service-type tunnel (CGN)

Creates a v6rd tunnel application.

source-address (6rd)

Assigns an ipv4 address to be used as the tunnel source address.

unicast address (6rd)

Assigns an IPv6 address to be used for a 6rd Border Relay unicast configuration.

df-override (CGN)

Use the df-override command to SET the DF (Don't Fragment) bit to 0. The no form of this command restores the default behavior.

df-override
no df-override
Syntax Description

df-override

Override DF bit

Defaults

The df-override bit is set to 1

Command Modes

CGN-NAT64

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Router

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Use the df-override command to set the DF bit to 0 when translating IPv6 to IPv4 packets provided the original IPv6 packet size is less than 1280 bytes and there is no Fragment header.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the df-override for the NAT64 stateless configuration:
RP/0/RP1/CPU0:#config
Thu Sep 16 10:31:38.053 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat64 stateless xlat1
RP/0/RP0/CPU0:(config-cgn-nat64-stateless)#ipv6-prefix 2010:db8:ff00::/40
RP/0/RP1/CPU0:(config-cgn-nat64-stateless)#address-family ipv6
RP/0/RP1/CPU0:(config-cgn-nat64-stless-afi)#df-override
RP/0/RP1/CPU0:(config-cgn-nat64-stless-afi)#show
Thu Sep 16 10:32:40.146 UTC
service cgn cgn1
 service-type nat64 stateless xlat1
  address-family ipv6
   df-override
Related Commands

Command

Description

address-family ipv6 (CGN)

Enters the IPv6 address family configuration mode

interface ServiceApp (CGN)

Enables the SVI interface.

protocol icmp reset-mtu (CGN)

Resets the received packet size to 1280 when the received ipv4 ICMP packet size is less than 1280 bytes.

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat64 (CGN)

Creates a NAT64 instance for the CGN application

tcp mss (CGN)

Adjusts the TCP maximum segment size (MSS) value for a ServiceApp interface.

traffic-class (CGN)

Configures the traffic class value to be used when translating a packet from ipv4 to ipv6.

external-logging (CGN)

Use the external-logging command to enable the external-logging facility. Use the no form of this command to disable external-logging.

external-logging [ netflow version 9 ]
no external-logging netflow version 9
Syntax Description

netflow

Use netflow-v9 for logging.

version

Version of the Netflow protocol

9

Version 9

server

Specify the logging server information

Command Default

By default, external-logging is disabled.

Command Modes

CGN-INVRF

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

Updated Syntax and Usage Guidelines.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

The external-logging command enters CGN inside VRF external logging configuration mode.

You can use NetFlow to export NAT table entries.

The external-logging facility supports only netflow version 9.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to enter the configuration mode for the netflowv9 external-logging facility:
RP/0/RP1/CPU0:#config
Tue Oct 12 08:46:33.996 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat44 nat1
RP/0/RP1/CPU0:(config-cgn-nat44)#inside-vrf insidevrf1
RP/0/RP1/CPU0:(config-cgn-invrf)#external-logging netflow version 9
RP/0/RP1/CPU0:(config-cgn-invrf-af-extlog)#server        
RP/0/RP1/CPU0:Chun(config-cgn-invrf-af-extlog-server)#address 10.10.0.0 port 50
RP/0/RP1/CPU0:Chun(config-cgn-invrf-af-extlog-server)#show
Tue Oct 12 08:49:29.162 UTC
service cgn cgn1
 service-type nat44 nat1
  inside-vrf insidevrf1
   external-logging netflow version 9
    server
     address 10.10.0.0 port 50
Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the address family configuration mode for the specified CGN instance.

alg ActiveFTP (CGN)

Enables support for an Active FTP Application-Level Gateway (ALG) for the Active FTP.

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.

map (CGN)

Maps an outside VRF and address pool to an inside VRF and address pool.

portlimit (CGN)

Limits the number of entries per source address

protocol (CGN-INVRF)

Enters the ICMP, TCP, and UDP inside-vrf protocol configuration mode.

refresh-direction (CGN)

Re sends the log template to the netflowv9 server.

service cgn (CGN)

Enables an instance for the CGN application.

hw-module service cgn location (CGN)

use the hw-module service cgn location command in global configuration mode to enable a CGN service role on a specified location. The no form of this command disables the CGN service role at the specified location.

hw-module service cgn location node-id
no hw-module service cgn location node-id
Syntax Description

service

Configure service role

cgn

Configure the cgn service as the role for a node

location

Location to configure

node-id

Location of the service card for CGN that you want to configure.

The node-id argument is entered in the rack/slot/module notation.

Command Default

No default behavior or values.

Command Modes

CONFIG

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

The Syntax description updated.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

If no is used, the CGN service will be stopped at this particular location.

Task ID

Task ID

Operations

sbc

read, write

root-lr

read, write

Examples

The following example shows how to configure the CGN service for location 0/2/CPU0:
RP/0/RP1/CPU0:#config
Tue Oct 12 10:18:39.576 UTC
RP/0/RP1/CPU0:(config)#hw-module service cgn location 0/1/CPU0 
RP/0/RP1/CPU0:(config)#show
Tue Oct 12 10:19:41.200 UTC
Building configuration...
!! IOS XR Configuration 3.9.3.01I
hw-module service cgn location 0/1/CPU0
end
Related Commands

Command

Description

interface ServiceApp (CGN)

Enables the application SVI interface.

interface ServiceInfra (CGN)

Enables the infrastructure SVI interface.

service cgn (CGN)

Enables an instance for the CGN application.

service-location (CGN)

Enables the particular instance of the CGN application on the active and standby locations.

service-type nat44 (CGN)

Creates a NAT44 instance for the CGN application

service-type nat64 (CGN)

Creates a NAT64 instance for the CGN application

service-type tunnel (CGN)

Creates a 6rd tunnel instance for the CGN application

inside-vrf (CGN)

Use the inside-vrf command to enter inside VRF configuration mode. The no form of this command disables the inside vrf configuration.

inside-vrf vrf-name
no inside-vrf vrf-name
Syntax Description

inside-vrf

Configure inside VRF

vrf-name

Name for the inside VRF.

Command Default

No default behavior or values.

Command Modes

CONFIG-CGN

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

Updated example.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

The inside-vrf command enters CGN inside VRF configuration mode.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows the inside-vrf tcp mss protocol:
RP/0/RP1/CPU0:#config
Wed Sep 29 12:39:02.022 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat44 nat1
RP/0/RP1/CPU0:(config-cgn-nat44)#inside-vrf insidevrf1 
RP/0/RP1/CPU0:(config-cgn-invrf)#protocol tcp mss 28
RP/0/RP1/CPU0:(config-cgn-invrf)#show
Wed Sep 29 12:41:39.847 UTC
service cgn cgn1
 service-type nat44 nat1
  inside-vrf insidevrf1
   protocol tcp
    mss 28
Related Commands

Command

Description

external-logging (CGN)

Enables the external-logging facility for an inside VRF of a CGN instance.

map (CGN)

Maps an outside VRF and address pool to an inside vrf.

mss (CGN)

Enables the TCP MSS adjustment value for an inside VRF of a specified CGN instance and to adjust the MSS value of the TCP SYN packets going through.

path-mtu (CGN)

Configures the path MTU for the netflowv9-based external-logging facility for the inside VRF of a CGN instance.

protocol (CGN-NAT44)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.

refresh-rate (CGN)

Configures the refresh rate to log NetFlow-based external logging information for an inside VRF of a CGN instance.

server (CGN)

Configures the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility.

service cgn (CGN)

Enables an instance for the CGN application.

show cgn nat44 inside-translation

Displays the translation table entries for an inside IPv4 address and inside VRF combination for a specified CGN instance.

show cgn nat44 outside-translation

Displays the translation table entries for an outside or public IP source address and outside VRF combination for a specified CGN instance.

interface ServiceApp (CGN)

Use the interface ServiceApp command to enable the SVI interface. The no form of this command disables a particular service application interface.

interface ServiceApp <1-2000>
no interface ServiceApp <1-2000>
Syntax Description

interface

ServiceApp interface to be used

ServiceApp

SEAPP SVI Interface

<1-2000>

Number of service application interfaces to be configured. Range is from 1 to 2000.

Command Default

No default behavior or values.

Command Modes

CONFIG-CGN

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

Updated examples.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

The name of the serviceapp interfaces will be serviceapp n where n can be any number between 1 to 2000.

Note The total number of service application interfaces per Roddick PLIM card cannot exceed 889.

Task ID

Task ID

Operations

interface

read, write

Examples

The following example shows how to configure a nat64 stateless service application interface:
RP/0/RP0/CPU0:#config
Fri Sep 17 20:30:18.612 UTC
RP/0/RP0/CPU0:(config)#service cgn cgn1
RP/0/RP0/CPU0:(config-cgn)#service-type nat64 stateless xlat1
RP/0/RP0/CPU0:(config-cgn-nat64-stateless)#ipv6-prefix 2010:db8:ff00::/40
RP/0/RP0/CPU0:(config-cgn-nat64-stateless)#address-family ipv6
RP/0/RP0/CPU0:(config-cgn-nat64-stless-afi)#interface ServiceApp 461
RP/0/RP0/CPU0:(config-cgn-nat64-stless-afi)#show
Fri Sep 17 20:32:20.917 UTC
service cgn cgn1
 service-type nat64 stateless xlat1
  address-family ipv6
   interface ServiceApp461
The following example shows how to configure 6rd service application interface:
RP/0/RP1/CPU0:#config
Mon Oct  4 12:14:09.677 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type tunnel v6rd 6rd1
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd)#address-family ipv6 
RP/0/RP1/CPU0:(config-cgn-6rd-afi)#interface ServiceApp 46 
RP/0/RP1/CPU0:(config-cgn-6rd-afi)#show
Mon Oct  4 12:09:07.174 UTC
service cgn cgn1
 service-type tunnel v6rd 6rd1
  address-family ipv6
   interface ServiceApp46
Related Commands

Command

Description

interface ServiceInfra (CGN)

Enables the infrastructure SVI interface.

service cgn (CGN)

Enables an instance for the CGN application.

service-location (CGN)

Enables the particular instance of the CGN application on the active and standby locations.

interface ServiceInfra (CGN)

Use the interface ServiceInfra command in global configuration mode to enable the infrastructure SVI interface. The no form of this command disables a particular service infrastructure interface.

interface ServiceInfra <1-2000>
no interface ServiceInfra <1-2000>
Syntax Description

ServiceInfra

SEINFRA SVI Interface

<1-2000>

Number of service infrastructure interfaces to be configured. Range is from 1 to 2000.

Command Default

There is no default behavior.

Note There can only be 1 serviceinfra interface per Roddick card.

Command Modes

CONFIG-IF

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

Updated Usage Guidelines and Example.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Only one serviceinfra interface can be configured per Roddick PLIM card.

Note The Infra SVI interface and its IPv4 address configuration are required to boot the CGSE. The IPv4 address will be used as the source address of the netflow v9 logging packet

Task ID

Task ID

Operations

interface

read, write

Examples

The following example shows how to configure the service infrastructure interface:
RP/0/RP1/CPU0:#config
Tue Oct 12 11:39:15.999 UTC
RP/0/RP1/CPU0:(config)#interface ServiceInfra 1 
RP/0/RP1/CPU0:(config-if)#ipv4 address 3.1.1.2 255.255.255.252 
RP/0/RP1/CPU0:(config-if)#service-location 0/1/CPU0 
RP/0/RP1/CPU0:(config-if)#logging events link-status 
RP/0/RP1/CPU0:(config-if)#show
Tue Oct 12 11:41:51.751 UTC
interface ServiceInfra1
 ipv4 address 3.1.1.2 255.255.255.252
 service-location 0/1/CPU0
 logging events link-status
Related Commands

Command

Description

interface ServiceApp (CGN)

Enables the application SVI interface.

service cgn (CGN)

Enables an instance for the CGN application.

service-location (CGN)

Enables the particular instance of the CGN application on the active and standby locations.

ipv4 prefix (6rd)

Use the ipv4 prefix command to assign a value for the ipv4 prefix of the tunnel. When the no form of this command is specified, the ipv4 prefix is not used.

ipv4 prefix length <0-31>
no ipv4 prefix length <0-31>
Syntax Description

ipv4

IPv4 related configurations

prefix

IPv4 prefix length to be used while deriving delegated IPv6 prefix

length

IPv4 prefix length to be used while deriving delegated IPv6 prefix

<0-31>

IPv4 prefix length value

Defaults

Zero will be the ipv4 prefix length when no ipv4 prefix is assigned

Command Modes

CGN-TUNNEL

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Router

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This command will assign a value for the common ipv4 prefix length to be used as part of both ends of the tunnel.

This is an optional br tunnel configuration parameter. If this parameter is added or modified, the unicast address also should also be modified.

Note It has to be noted that the sum of the ipv4 prefix length and ipv4 suffix length should not exceed 31. This value will be used to calculate 6rd delegated prefix.

Note Once configured, the ipv4 prefix cannot be deleted individually. It should be deleted along with all the br tunnel configuration. If you want to ignore the prefix length, alternatively you can set it to zero along with the updated unicast address.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the ipv4 prefix:
RP/0/RP1/CPU0:#config
Wed Oct 13 06:32:09.370 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type tunnel v6rd 6rd1
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd)#br
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd-br)#ipv4 prefix length 16 
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd-br)#show
Wed Oct 13 06:33:57.046 UTC
service cgn cgn1
 service-type tunnel v6rd 6rd1
  br
   ipv4 prefix length 16
Related Commands

Command

Description

br (6rd)

Enters the Border Relay configuration mode.

ipv4 suffix (6rd)

Assigns a value for the ipv4 tunnel suffix.

ipv6-prefix (6rd)

Configures the ipv6 prefix to be used for converting ipv4 addresses into ipv6 addresses and ipv4 addresses into ipv6 addresses

service cgn (CGN)

Enables an instance for the CGN application.

service-type tunnel (CGN)

Creates a v6rd tunnel application.

source-address (6rd)

Assigns an ipv4 address to be used as the tunnel source address.

unicast address (6rd)

Assigns an IPv6 address to be used for a 6rd Border Relay unicast configuration.

ipv4 suffix (6rd)

Use the ipv4 suffix command to assign a value for the ipv4 tunnel suffix. When the no form of this command is specified, the ipv4 suffix is not used.

ipv4 suffix length <0-31>
no ipv4 suffix length <0-31>
Syntax Description

ipv4

IPv4 related configurations

suffix

IPv4 suffix length to be used while deriving delegated IPv6 prefix

length

IPv4 suffix length to be used while deriving delegated IPv6 prefix

<0-31>

IPv4 suffix length value

Defaults

Zero will be the ipv4 suffix length when no ipv4 suffix is assigned

Command Modes

CGN-TUNNEL

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Router

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This command will assign a value for the common ipv4 suffix length to be used as part of both ends of the tunnel.

This is an optional br tunnel configuration parameter. If this parameter is added or modified, the unicast address also should also be modified.

Note It has to be noted that the sum of the ipv4 prefix length and ipv4 suffix length should not exceed 31. This value will be used to calculate 6rd delegated prefix.

Note Once configured, the ipv4 suffix cannot be deleted individually. It should be deleted along with all the br tunnel configuration. If you want to ignore the prefix length, alternatively you can set it to zero along with the updated unicast address.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the ipv4 suffix:
RP/0/RP1/CPU0:#config
Wed Oct 13 07:00:35.747 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type tunnel v6rd 6rd1
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd)#br
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd-br)#ipv4 suffix length 15
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd-br)#show
Wed Oct 13 07:02:29.064 UTC
service cgn cgn1
 service-type tunnel v6rd 6rd1
  br
   ipv4 suffix length 15
Related Commands

Command

Description

br (6rd)

Enters the Border Relay configuration mode.

ipv4 prefix (6rd)

Assigns a value for the ipv4 tunnel prefix.

ipv6-prefix (6rd)

Configures the ipv6 prefix to be used for converting ipv4 addresses into ipv6 addresses and ipv4 addresses into ipv6 addresses

service cgn (CGN)

Enables an instance for the CGN application.

service-type tunnel (CGN)

Creates a v6rd tunnel application.

source-address (6rd)

Assigns an ipv4 address to be used as the tunnel source address.

unicast address (6rd)

Assigns an IPv6 address to be used for a 6rd Border Relay unicast configuration.

ipv6-prefix (6rd)

For a given 6rd domain there is exactly one 6rd prefix. The ipv6-prefix command is used to convert the ipv4 address into ipv6 address for use by the 6rd domain.

For NAT64 Stateless, the ipv6-prefix command is used for converting the ipv4 addresses into ipv6 addresses and ipv4 addresses into ipv6 addresses.

When the no form of this command is used there is no ipv6 prefix assigned for the application.

ipv6-prefix X:X::X/length <IPV6 subnet mask>
no ipv6-prefix X:X::X/length> <IPV6 subnet mask>
Syntax Description

ipv6-prefix

IPv6 prefix to be used to translate IPv4 address to IPv6 address

X:X::X/length

IPv6 address and prefix

IPV6 subnet mask

IPv6 address and prefix

Defaults

There is no default behavior.

Command Modes

TUNNEL-6RD

CGN-NAT64

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Router

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

The ipv6-prefix command is used in the NAT64 stateless and Border Relay (br) tunnel configurations.

The ipv6-prefix command will be used to generate a delegated ipv6 prefix for the Border Relay, br, related configurations. This is a mandatory br tunnel parameter. All mandatory parameters should be added or deleted at the same time.

Note For a given 6rd domain there is exactly one 6rd prefix.The ipv6-prefix command is used to convert the ipv4 address into ipv6 address for use by the 6rd domain.

Note For a 6rd tunnel configure the br: ipv6-prefix, ipv4 source-address and unicast IPv6 address in a single commit.

Note Once configured, the ipv6-prefix cannot be deleted individually. It should be deleted along with all the br tunnel configuration parameters.

The ipv6-prefix command will configure the ipv6 prefix to be used for converting the ipv4 addresses into ipv6 addresses and ipv4 addresses into ipv6 addresses.

The same ipv6-prefix can be used for multiple nat64 stateless instances under multiple CGNs for load balancing.

Note For NAT64 Stateless, the ipv6-prefix command is used for converting the ipv4 addresses into ipv6 addresses and ipv4 addresses into ipv6 addresses.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to enter the ipv6-prefix for the NAT64 stateless CGN instance:
RP/0/RP1/CPU0:#config
Wed Oct  6 10:18:21.502 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat64 stateless xlat1
RP/0/RP1/CPU0:(config-cgn-nat64-stateless)#ipv6-prefix 2010:db8:ff00::/40
RP/0/RP1/CPU0:(config-cgn-nat64-stateless)#show
Wed Oct  6 10:19:55.758 UTC
service cgn cgn1
 service-type nat64 stateless xlat1
  ipv6-prefix 2010:db8:ff00::/40
The following example shows how to enter the ipv6-prefix for the 6RD CGN instance:
RP/0/RP1/CPU0:#config
Wed Oct  6 10:30:55.107 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type tunnel v6rd 6rd1 
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd)#br 
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd-br)#ipv6-prefix 2010:db8:ff00::/40
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd-br)#show
Wed Oct  6 10:34:01.932 UTC
service cgn cgn1
 service-type tunnel v6rd 6rd1
  br
   ipv6-prefix 2010:db8:ff00::/40
Related Commands

Command

Description

br (6rd)

Enters the Border Relay configuration mode.

ipv4 prefix (6rd)

Assigns a value for the ipv4 tunnel prefix.

ipv4 suffix (6rd)

Assigns a value for the ipv4 tunnel suffix.

service cgn (CGN)

Enables an instance for the CGN application.

service-type tunnel (CGN)

Creates a v6rd tunnel application.

source-address (6rd)

Assigns an ipv4 address to be used as the tunnel source address.

unicast address (6rd)

Assigns an IPv6 address to be used for a 6rd Border Relay unicast configuration.

map (CGN)

Use the map command to map an outside VRF and address pool to an inside VRF and address pool. Use the no form of this command to remove the outside VRF and address pool mapping for the specified inside VRF.

map [outside-vrf outside-vrf-name] [address-pool < A.B.C.D/prefix IP>< subnet mask>]
no map [outside-vrf outside-vrf-name] address-pool address/prefix
Syntax Description

address-pool

Address-pool to which inside VRF to be mapped

A.B.C.D/prefix

Start address and prefix for the address pool

IP subnet mask

Start address and prefix for the address pool

outside-vrf

(Optional) Outside VRF configuration.

outside-vrf-name

(Optional) Name of outside VRF.

address-pool

Address-pool to which inside VRF to be mapped

A.B.C.D/prefix

Start address and prefix for the address pool

IP subnet mask

Start address and prefix for the address pool

Command Default

No default behavior or values.

Command Modes

CGN-INVRF

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

Updated Usage Guidelines and Example.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This is a NAT44 service type specific command to be applied per inside vrf per cgn instance.

The map command maps the inside VRF to an outside VRF and assigns an outside address pool for the mapping.

There will be only one NAT44 instance per cgn instance.

An inside-VRF can be present in one and only one CGN instance.

One inside VRF can be mapped to only one outside VRF.

There can be multiple non-overlapping address-pools in a particular outside VRF.

The address pools being used on a CRS box for the outside VRF's should never overlap with each other.

An outside-VRF can be present in multiple CGN instances with different address pools.

If the outside VRF name is not specified, the default VRF is enabled.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the outside VRF and to assign the outside address pool for the mapping:
RP/0/RP1/CPU0:#config
Wed Oct 13 08:09:12.904 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1 
RP/0/RP1/CPU0:(config-cgn)#service-type nat44 nat1   
RP/0/RP1/CPU0:(config-cgn-nat44)#inside-vrf insidevrf1 
RP/0/RP1/CPU0:(config-cgn-invrf)#map outside-vrf outsidevrf1 address-pool 10.0.0.1 
255.255.255.0 
RP/0/RP1/CPU0:(config-cgn-invrf)#show
Wed Oct 13 08:26:09.904 UTC
service cgn cgn1
 service-type nat44 nat1
  inside-vrf insidevrf1
   map outside-vrf outsidevrf1 address-pool 10.0.0.1/24
Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the address family configuration mode for the specified CGN instance.

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat44 (CGN)

Creates a NAT44 instance for the CGN application

show cgn nat44 inside-translation

Displays the translation table entries for an inside IPv4 address and inside VRF combination for a specified CGN instance.

show cgn nat44 outside-translation

Displays the translation table entries for an outside or public IP source address and outside VRF combination for a specified CGN instance.

mss (CGN)

Use the mss command to configure the inside-vrf TCP MSS (Maximum Segment Size). The no form of this command disables overriding the TCP MSS value in packets.

mss <28-1500>
no mss
Syntax Description

mss

Maximum segment size for TCP in bytes

<28-1500>

Maximum segment size to be used in bytes

Command Default

If not configured, the default value for tcp mss is 1460 bytes

Command Modes

CGN-INVRF

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

Updated Usage Guidelines and Example.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This is a NAT44 service type specific command to be applied per inside vrf per cgn instance.

The MSS value, which is configured by the mss command, overrides the MSS value that is set in the received TCP packets. The range for MSS value is from 28 to 1500.

The mss command adjusts the MSS value of the TCP SYN packets going through.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure TCP MSS value as 1100 for the CGN instance:
RP/0/RP1/CPU0:#config
Wed Oct 13 10:34:44.212 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat44 nat1
RP/0/RP1/CPU0:(config-cgn-nat44)#inside-vrf insidevrf1
RP/0/RP1/CPU0:(config-cgn-invrf)#protocol tcp 
RP/0/RP1/CPU0:(config-cgn-invrf-proto)#mss 1400 
RP/0/RP1/CPU0:(config-cgn-invrf-proto)#show
Wed Oct 13 10:36:23.896 UTC
service cgn cgn1
 service-type nat44 nat1
  inside-vrf insidevrf1
   protocol tcp
    mss 1400
Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the address family configuration mode for the specified CGN instance.

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.

protocol (CGN-NAT44)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat44 (CGN)

Creates a NAT44 instance for the CGN application

path-mtu (CGN)

Use the path-mtu command to configure the path Maximum Transmission Unit (MTU) for the netflowv9-based external-logging facility. Use the no form of this command to revert back to the default of 1500.

path-mtu <100-9200>
no path-mtu <100-9200>
Syntax Description

<100-9200>

Value in bytes is from 100 to 9200.

Command Default

The default path-mtu value is set to 1500.

Command Modes

CGN-INVRF

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

Updated Usage Guidelines and Example.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This NAT44 specific command will configure the value of the path-mtu for the netflowv9 based external logging facility for an inside vrf of cgn instance.

This command restricts the maximum size of the Netflow-v9 logging packet

The path-mtu value ranges from 100 to 9200.

The netflowv9-based external-logging facility can be used to export the NAT table entries.

Note Only when the ipv4 address and port number for the logging server has been configured will the configurations for path-mtu, refresh-rate and timeout be applied.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the path-mtu with the value of 2900 for the netflowv9-based external-logging facility:
RP/0/RP1/CPU0:#config
Wed Oct 13 11:07:53.464 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat44 nat1
RP/0/RP1/CPU0:(config-cgn-nat44)#inside-vrf insidevrf1
RP/0/RP1/CPU0:(config-cgn-invrf)#external-logging netflow version 9
RP/0/RP1/CPU0:(config-cgn-invrf-af-extlog)#server
RP/0/RP1/CPU0:Chun(config-cgn-invrf-af-extlog-server)#address 192.0.2.1 port 650
RP/0/RP1/CPU0:Chun(config-cgn-invrf-af-extlog-server)#path-mtu 1500
RP/0/RP1/CPU0:Chun(config-cgn-invrf-af-extlog-server)#show
Wed Oct 13 11:12:20.391 UTC
service cgn cgn1
 service-type nat44 nat1
  inside-vrf insidevrf1
   external-logging netflow version 9
    server
     address 192.0.2.1 port 650
     path-mtu 1500
Related Commands

Command

Description

address (CGN NetflowV9 logging)

Enables the IPv4 address for the Netflow v9 external logging server.

external-logging (CGN)

Enables the external-logging facility for an inside VRF of a CGN instance.

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.

path-mtu (CGN)

Configures the path Maximum Transmission Unit (MTU) for the netflowv9-based external-logging facility.

refresh-rate (CGN)

Re sends the log template to the netflowv9 server.

server (CGN)

Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility.

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat44 (CGN)

Creates a NAT44 instance for the CGN application.

timeout (CGN logging)

Configures the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server.

path-mtu (6rd)

The path-mtu command will configure the 6rd ipv4 tunnel MTU (Maximum Transmission Unit) size in bytes. When the no form of this command is specified the MTU value will be set to its default value.

path-mtu <1280-9216>
no path-mtu
Syntax Description

path-mtu

IPv6 MTU value

<1280-9216>

path-MTU value, in bytes. Range is from 1280 to 1480.

Defaults

The default value is 1280.

Command Modes

TUNNEL-6RD

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Router

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This command will configure the path MTU size in bytes for the ipv4 tunnel. If any packet comes with more than this path MTU, ICMP error will be sent back to the source.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the path-mtu with the value of 1280:
RP/0/RP1/CPU0:#config
Thu Sep 23 11:37:15.491 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type tunnel v6rd 6rd1 
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd)#path-mtu 1500 
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd)#show
Thu Sep 23 11:39:17.737 UTC
service cgn cgn1
 service-type tunnel v6rd 6rd1
  path-mtu 1500
Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the IPv4 address family configuration mode.

address-family ipv6 (CGN)

Enters the IPv6 address family configuration mode

br (6rd)

Enters the Border Relay configuration mode.

reassembly-enable (6rd)

Enables packet fragments to be reassembled.

reset-df-bit (6rd)

Enables resetting of DF bit.

service cgn (CGN)

Enables an instance for the CGN application.

service-type tunnel (CGN)

Creates a v6rd tunnel application.

tos (CGN)

Configures the ipv4 tunnel type of service

ttl (6rd)

Configures the ipv4 tunnel time to live

portlimit (CGN)

Use the portlimit command to limit the number of entries per source address. Use the no form of this command to revert back to the default value of 100.

portlimit <1-65535>
no portlimit <1-65535>
Syntax Description

portlimit

Limit the number of entries per address

<1-65535>

Value for the port limit. Range is from 1 to 65535.

Command Default

The default value is 100 when the port limit is not configured.

Command Modes

CGN-NAT44

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

Updated Usage Guidelines and Example.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This is a NAT44 service type specific command to be applied per cgn instance.

The portlimit command configures the port limit per subscriber for the system, including TCP, UDP, and ICMP. In addition, the portlimit command restricts the number of ports that is used by an IPv4 address; for example, it limits the number of CNAT entries per IPv4 address in the CNAT table.

Task ID

Task ID

Operations

cgn

read, write

Examples

This example shows how the port-limit needs can increased from the default value of 100 to a higher value of 500:
RP/0/RP1/CPU0:#config
Wed Oct 13 11:58:15.265 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat44 nat1 
RP/0/RP1/CPU0:(config-cgn-nat44)#portlimit 850 
RP/0/RP1/CPU0:(config-cgn-nat44)#show
Wed Oct 13 12:00:22.279 UTC
service cgn cgn1
 service-type nat44 nat1
  portlimit 850
Related Commands

Command

Description

alg ActiveFTP (CGN)

Enables support for an Active FTP Application-Level Gateway (ALG) for the Active FTP.

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.

protocol (CGN-NAT44)

Enters the ICMP, TCP, and UDP protocol configuration mode.

refresh-direction (CGN)

Configures the Network Address Translation (NAT) mapping refresh direction.

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat44 (CGN)

Creates a NAT44 instance for the CGN application.

protocol (CGN-INVRF)

Use the protocol command to enter the ICMP, TCP, and UDP inside-vrf protocol configuration mode. The no form of this command removes all the features that are enabled under the protocol configuration.

protocol {icmp | tcp | udp} {mss <28-1500>} {static-forward inside address <A.B.C.D> port <1-65535>}
no protocol {icmp | tcp | udp}
Syntax Description

protocol

Transport protocol

icmp

Enters ICMP protocol configuration mode.

tcp

Enters TCP protocol configuration mode.

udp

Enters UDP protocol configuration mode.

mss

Maximum segment size for TCP in bytes

<28-1500>

Maximum segment size to be used in bytes

static-forward

Configure a static port

inside

Inside network configuration

address

Inside address for static-forward

<A.B.C.D>

Inside IP address

port

Inside port number for static-forward

<1-65535>

Inside port number

Command Default

No default behavior or values.

Command Modes

CONFIG-CGN

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

Updated Syntax and Example.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows the ICMP protocol with static forwarding:
RP/0/RP1/CPU0:#config
Wed Oct 13 12:38:16.452 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat44 nat1
RP/0/RP1/CPU0:(config-cgn-nat44)#inside-vrf insidevrf1
RP/0/RP1/CPU0:(config-cgn-invrf)#protocol icmp 
RP/0/RP1/CPU0:(config-cgn-invrf-icmp)#static-forward inside address 192.0.2.1 port 650 
RP/0/RP1/CPU0:(config-cgn-invrf-icmp)#show
Wed Oct 13 12:42:05.211 UTC
service cgn cgn1
 service-type nat44 nat1
  inside-vrf insidevrf1
   protocol icmp
    static-forward inside
     address 192.0.2.1 port 650
#
Related Commands

Command

Description

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat44 (CGN)

Creates a NAT44 instance for the CGN application

show cgn nat44 inside-translation

Displays the translation table entries for an inside IPv4 address and inside VRF combination for a specified CGN instance.

show cgn nat44 outside-translation

Displays the translation table entries for an outside or public IP source address and outside VRF combination for a specified CGN instance.

static-forward inside (CGN)

Enables static port forwarding for the inside IPv4 address and port combination.

protocol (CGN-NAT44)

Use the protocol command to enter the ICMP, TCP, and UDP protocol configuration mode. The no form of this command remove all the features that are enabled under the protocol configuration mode.

protocol {icmp | tcp | udp} [{session} <active | initial>] {timeout <1-65535>}
no protocol {icmp | tcp | udp}
Syntax Description

protocol

Transport protocol

icmp

Enters ICMP protocol configuration mode.

tcp

Enters TCP protocol configuration mode.

udp

Enters UDP protocol configuration mode.

session

Session related configuration

active

Active session timeout

initial

Initial session timeout

timeout

Session timeout

<1-65535>

Timeout in seconds

Command Default

No default behavior or values.

Command Modes

CGN-NAT44

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Router

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

The protocol command enters the appropriate CGN AFI configuration mode.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the ICMP protocol for a CGN instance:
RP/0/RP1/CPU0:#config
Tue Sep 14 13:50:00.056 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat44 nat1
RP/0/RP1/CPU0:(config-cgn-nat44)#protocol icmp timeout 120 
RP/0/RP1/CPU0:(config-cgn-nat44)#show
Tue Sep 14 13:51:43.970 UTC
service cgn cgn1
 service-type nat44 nat1
  protocol icmp
   timeout 120
The following example shows how to configure the UDP protocol for a CGN instance:
RP/0/RP1/CPU0:#config
Tue Sep 14 13:45:51.136 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat44 nat1
RP/0/RP1/CPU0:(config-cgn-nat44)#protocol udp session initial timeout 120
RP/0/RP1/CPU0:(config-cgn-nat44)#protocol udp session active timeout 180
RP/0/RP1/CPU0:(config-cgn-nat44)#show
Tue Sep 14 13:47:41.918 UTC
service cgn cgn1
 service-type nat44 nat1
  protocol udp
   session initial timeout 120
   session active timeout 180
The following example shows how to configure the UDP protocol for a CGN instance:
RP/0/RP1/CPU0:#config
Thu Oct 14 07:05:20.608 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat44 nat1
RP/0/RP1/CPU0:(config-cgn-nat44)#protocol tcp session active timeout 180 
RP/0/RP1/CPU0:(config-cgn-nat44)#show
Thu Oct 14 07:06:46.470 UTC
service cgn cgn1
 service-type nat44 nat1
  protocol tcp
   session active timeout 180
Related Commands

Command

Description

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat44 (CGN)

Creates a NAT44 instance for the CGN application

show cgn nat44 inside-translation

Displays the translation table entries for an inside IPv4 address and inside VRF combination for a specified CGN instance.

show cgn nat44 outside-translation

Displays the translation table entries for an outside or public IP source address and outside VRF combination for a specified CGN instance.

protocol icmp reset-mtu (CGN)

The protocol icmp reset-mtu command will reset the received packet size to 1280 when the received ipv4 ICMP packet size is less than 1280 bytes. When the no form of this command is specified, the received icmp packet size will be copied when translating ipv4 to ipv6.

protocol icmp reset-mtu
no protocol icmp reset-mtu
Syntax Description

protocol

Select a protocol

icmp

ICMP protocol

reset-mtu

Reset maximum transmission unit when packet is too big

Defaults

Received packet size will be copied when translating ipv4 to ipv6 for icmp packets.

Command Modes

CGN-NAT64

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Router

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

When the icmp reset-mtu protocol is enabled, the ICMP packet size will be reset to 1280 when translating from ipv4 to ipv6 if the ICMP packet size is less than 1280 bytes.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the icmp reset-mtu protocol for a CGN instance:
RP/0/RP1/CPU0:#config
Thu Sep 16 11:27:57.172 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat64 stateless xlat1
RP/0/RP0/CPU0:(config-cgn-nat64-stateless)#ipv6-prefix 2010:db8:ff00::/40
RP/0/RP1/CPU0:(config-cgn-nat64-stateless)#address-family ipv6
RP/0/RP1/CPU0:(config-cgn-nat64-stless-afi)#protocol icmp
RP/0/RP1/CPU0:ChunniBab(config-cgn-nat64-stless-icmp)#reset-mtu
RP/0/RP1/CPU0:ChunniBab(config-cgn-nat64-stless-icmp)#show
Thu Sep 16 11:29:22.731 UTC
service cgn cgn1
 service-type nat64 stateless xlat1
  address-family ipv6
   protocol icmp
    reset-mtu
Related Commands

Command

Description

address-family ipv6 (CGN)

enter the IPv6 address family configuration mode.

ipv6-prefix (6rd)

Configures the ipv6 prefix to be used for converting ipv4 addresses into ipv6 addresses and ipv4 addresses into ipv6 addresses.

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat64 (CGN)

Creates a nat64 stateless application.

traceroute (CGN)

Configures a range of ipv4 addresses that are to be used for mapping when a non-translatable ipv6 address is received.

ubit-reserved (CGN)

When enabled it reserves bits 64-71 in the IPv6 addresses.

reassembly-enable (6rd)

Use the reassembly-enable command to reassemble fragmented packets. When the no form of this command is specified, packet fragments will not be reassembled.

reassembly-enable
no reassembly-enable
Syntax Description

reassembly-enable

Enable reassembly

Defaults

By default, reassembly is not allowed.

Command Modes

TUNNEL-6RD

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Router

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to apply the reassembly-enable for a 6rd tunnel:
RP/0/RP1/CPU0:#config
Thu Sep 23 12:48:36.222 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type tunnel v6rd 6rd1
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd)#reassembly-enable 
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd)#show
Thu Sep 23 12:49:35.929 UTC
service cgn cgn1
 service-type tunnel v6rd 6rd1
  reassembly-enable
Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the IPv4 address family configuration mode.

address-family ipv6 (CGN)

Enters the IPv6 address family configuration mode

br (6rd)

Enters the Border Relay configuration mode.

reset-df-bit (6rd)

Enables resetting of DF bit.

service cgn (CGN)

Enables an instance for the CGN application.

service-type tunnel (CGN)

Creates a v6rd tunnel application.

tos (CGN)

Configures the ipv4 tunnel type of service

ttl (6rd)

Configures the ipv4 tunnel time to live

refresh-direction (CGN)

Use the refresh-direction command to configure the Network Address Translation (NAT) mapping refresh direction. Use the no form of this command to revert back to bi-directional.

refresh-direction Outbound
no refresh-direction Outbound
Syntax Description

refresh-direction

NAT refresh direction to be used

Outbound

Configures only the refresh direction for outbound.

Command Default

The default is bidirectional when the NAT refresh-direction is not configured,

Command Modes

CONFIG-CGN

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

Updated Example.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This is a NAT44 service type specific command to be applied per cgn instance.

Translation entries that do not have traffic flowing for specific time period are timed out and deleted to prevent unnecessary usage of system resources. Any traffic for a particular translation entry refreshes the entry and prevents it getting timed out. Usually, the refresh is based on packets coming from both inside and outside. This is referred to as bi-directional refresh mechanism. However, bi-directional refresh can lead to denial of service (DoS) attacks because someone from the outside can periodically refresh the entries even though there is no inside traffic.

When NAT refresh direction is configured as Outbound, the translation entries are refreshed only by traffic flowing from inside to outside and prevents DoS attacks.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the mapping refresh direction for outbound:
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat44 nat1
RP/0/RP1/CPU0:(config-cgn-nat44)#refresh-direction outbound 
RP/0/RP1/CPU0:(config-cgn-nat44)#show
Wed Sep 15 07:49:07.201 UTC
service cgn cgn1
 service-type nat44 nat1
  refresh-direction Outbound
Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the address family configuration mode for the specified CGN instance.

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.

portlimit (CGN)

Limits the number of entries per source address.

protocol (CGN-NAT44)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat44 (CGN)

Creates a NAT44 instance for the CGN application

refresh-rate (CGN)

Use the refresh-rate command to resend the log template to the netflowv9 server. Use the no form of this command to revert back to the default value of 500 packets.

refresh-rate <1-600>
no refresh-rate <1-600>
Syntax Description

<1-600>

Value, in packets, for the refresh rate. Range is from 1 to 600.

Command Default

Default refresh-rate value is 500

Command Modes

EXTLOG-SERVER

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

Updated Usage Guidelines and Example.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

The netflowv9 based logging requires that a logging template be sent to the server periodically. The refresh-rate value implies that after sending these many packets to the server, the template will be resent. The timeout value implies that after these many minutes has elapsed since the template was last sent, the template will be resent to the logging server. The refresh-rate and timeout values are mutually exclusive, i.e. whichever expires first, will be taken into consideration for re sending the template.

Note Only when the ipv4 address and port number for the logging server has been configured will the configurations for path-mtu, refresh-rate and timeout be applied.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the refresh rate value of 60 for NetFlow logging for the NAT table entries:
RP/0/RP1/CPU0:#configure
Tue Oct  5 09:50:22.184 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat44 nat1
RP/0/RP1/CPU0:(config-cgn-nat44)#inside-vrf insidevrf1
RP/0/RP1/CPU0:(config-cgn-invrf)#external-logging netflow version 9
RP/0/RP1/CPU0:(config-cgn-invrf-af-extlog)#server
RP/0/RP1/CPU0:Chun(config-cgn-invrf-af-extlog-server)#refresh-rate 60
RP/0/RP1/CPU0:Chun(config-cgn-invrf-af-extlog-server)#show
Tue Oct  5 09:52:46.293 UTC
service cgn cgn1
 service-type nat44 nat1
  inside-vrf insidevrf1
   external-logging netflow version 9
    server
     refresh-rate 60
Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the address family configuration mode for the specified CGN instance.

external-logging (CGN)

Enables the external-logging facility for an inside VRF of a CGN instance.

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.

server (CGN)

Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility.

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat44 (CGN)

Creates a NAT44 instance for the CGN application

static-forward inside (CGN)

Displays the contents of the summary statistics.

reset-df-bit (6rd)

Use the reset-df-bit command to enable anycast mode functionality. When the no form of this command is specified the anycast mode functionality is disabled.

reset-df-bit
no reset-df-bit
Syntax Description

reset-df-bit

Enable resetting of DF bit

Defaults

Anycast mode is disabled.

Command Modes

TUNNEL-6RD

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Router

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the reset-df-bit:
RP/0/RP1/CPU0:#config
Wed Sep 29 06:59:27.886 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type tunnel v6rd 6rd1
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd)#reset-df-bit 
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd)#show
Wed Sep 29 07:00:55.596 UTC
service cgn cgn1
 service-type tunnel v6rd 6rd1
  reset-df-bit
Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the IPv4 address family configuration mode.

address-family ipv6 (CGN)

Enters the IPv6 address family configuration mode

br (6rd)

Enters the Border Relay configuration mode.

reassembly-enable (6rd)

Enables packet fragments to be reassembled.

service cgn (CGN)

Enables an instance for the CGN application.

service-type tunnel (CGN)

Creates a v6rd tunnel application.

tos (CGN)

Configures the ipv4 tunnel type of service

ttl (6rd)

Configures the ipv4 tunnel time to live

server (CGN)

Use the server command to enable the netflow external logging server IPv4 address and port for the netflowv9-based external-logging facility. Use the no form of this command to disable the IPv4 address and port for the netflow logging server. External logging of NAT Entries gets disabled.

server address <A.B.C.D> port <1-65535>
no server
Syntax Description

server

Specify the logging server information

address

Address of the server to be used for logging

<A.B.C.D>

IP address of the server

port

Port to be used for logging

<1-65535>

Port number

Command Default

Netflowv9 server for external-logging is disabled.

Command Modes

CGN-INVRF

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

Updated Usage Guidelines and Example.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

The NAT44 server command will configure the ipv4 address and portno for the server to be used for netflowv9 based external logging facility for an inside vrf of a cgn instance.

Note Only when the ipv4 address and port number for the logging server has been configured will the configurations for path-mtu, refresh-rate and timeout be applied.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the logging information for the IPv4 address and server:
RP/0/RP1/CPU0:#config
Tue Oct 12 08:46:33.996 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat44 nat1
RP/0/RP1/CPU0:(config-cgn-nat44)#inside-vrf insidevrf1
RP/0/RP1/CPU0:(config-cgn-invrf)#external-logging netflow version 9
RP/0/RP1/CPU0:(config-cgn-invrf-af-extlog)#server        
RP/0/RP1/CPU0:Chun(config-cgn-invrf-af-extlog-server)#address 10.10.0.0 port 50
RP/0/RP1/CPU0:Chun(config-cgn-invrf-af-extlog-server)#show
Tue Oct 12 08:49:29.162 UTC
service cgn cgn1
 service-type nat44 nat1
  inside-vrf insidevrf1
   external-logging netflow version 9
    server
     address 10.10.0.0 port 50
Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the address family configuration mode for the specified CGN instance.

external-logging (CGN)

Enables the external-logging facility for an inside VRF of a CGN instance.

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.

path-mtu (CGN)

Configures the path MTU for the netflowv9-based external-logging facility for the inside VRF of a CGN instance.

refresh-rate (CGN)

Configures the refresh rate to log NetFlow-based external logging information for an inside VRF of a CGN instance.

service cgn (CGN)

Enables an instance for the CGN application.

static-forward inside (CGN)

Displays the contents of the summary statistics.

timeout (CGN logging)

Configures the timeout value for NetFlow logging of NAT table entries for an inside VRF of a CGN instance.

service cgn (CGN)

To enable an instance for the CGN application, use the service cgn command in global configuration mode. To disable the instance of the CGN application, use the no form of this command.

service cgn instance-name
no service cgn instance-name
Syntax Description

cgn

CGN Configurations

instance-name

Name of the CGN instance that is configured.

Command Default

No default behavior or values.

Command Modes

CONFIG

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

The service cgn command enters CGN configuration mode.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the instance named cgn1 for the CGN application:
RP/0/RP1/CPU0:#config
Thu Oct 14 09:04:54.767 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#show
Thu Oct 14 09:05:22.500 UTC
service cgn cgn1
Related Commands

Command

Description

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat44 (CGN)

Creates a NAT44 instance for the CGN application

service-type nat64 (CGN)

Creates a NAT64 instance for the CGN application

service-type tunnel (CGN)

Creates a v6rd tunnel application.

service-location (CGN)

Use the service-location command in CGN configuration mode to enable the particular instance of the CGN application on the active and standby locations. Use the no form of this command to disable the instance to run at the location of the CGN application.

service-location preferred-active node-id [preferred-standby node-id]
no service-location preferred-active node-id [preferred-standby node-id]
Syntax Description

service-location

Location on which service to be started

preferred-active

Specifies the location in which the active CGN application starts.

preferred-standby

(Optional) Specifies the location in which the standby CGN application starts.

node-id

Location of the service card for CGN that you want to configure. The node-id argument is entered in the rack/slot/module notation.

Command Default

No default behavior or values.

Command Modes

config-cgn

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

No modification.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to specify active and standby locations for the CGN application:
RP/0/RP1/CPU0:#config
Wed Sep 29 13:41:36.358 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-location preferred-active 0/1/CPU0 
preferred-standby 0/3/CPU0
RP/0/RP1/CPU0:(config-cgn)#show
Wed Sep 29 13:45:19.086 UTC
service cgn cgn1
 service-location preferred-active 0/1/CPU0 preferred-standby 0/3/CPU0
Related Commands

Command

Description

hw-module service cgn location (CGN)

Enables a CGN service role on a specified location.

interface ServiceApp (CGN)

Enables the application SVI interface.

interface ServiceInfra (CGN)

Enables the infrastructure SVI interface.

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat44 (CGN)

Use the service-type nat44 command to create a NAT44 instance for the CGN application. The no form of this command will delete this instance of the nat44 application.

service-type nat44 instance [ alg | inside-vrf | portlimit | protocol | refresh-direction]
no service-type nat44 instance
Syntax Description

service-type

Select a service to configure

nat44

IPv4 to IPv4 Network address translation

instance

Name of the NAT44 instance

alg

Configure the Application Level Gateway type to be used

inside-vrf

Configure inside VRF

portlimit

Limit the number of entries per address

protocol

Transport protocol

refresh-direction

NAT refresh direction to be used

Defaults

There can only be 1 service-type NAT44 configuration per Roddick line card/chassis.

Command Modes

CONFIG-CGN

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Series Router.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

The NAT44 instance name should be unique across all the CGN NAT44 and NAT64 stateless instance names.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the nat44 instance named nat44 for the CGN application:
RP/0/RP0/CPU0:#config
Fri Sep 17 20:43:30.876 UTC
RP/0/RP0/CPU0:(config)#service cgn cgn1
RP/0/RP0/CPU0:(config-cgn)#service-type nat44 nat1
RP/0/RP0/CPU0:(config-cgn-nat44)#show
Fri Sep 17 20:44:10.344 UTC
service cgn cgn1
 service-type nat44 nat1
Related Commands

Command

Description

alg ActiveFTP (CGN)

Enables support for an Active FTP Application-Level Gateway (ALG) for the Active FTP.

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.

protocol (CGN-NAT44)

Enters the ICMP, TCP, and UDP protocol configuration mode.

refresh-direction (CGN)

Configures the Network Address Translation (NAT) mapping refresh direction.

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat64 (CGN)

Creates a NAT64 instance for the CGN application

service-type tunnel (CGN)

Creates a v6rd tunnel application.

service-type nat64 (CGN)

Use the service-type nat64 command to create a nat64 stateless application. The no form of this command will delete the nat64 stateless application.

service-type nat64 stateless instance [address-family | traceroute | ipv6-prefix | ubit-reserved ]
no service-type nat64 stateless instance
Syntax Description

service-type

Select a service to configure

nat64

IPv4 to IPv6 Network address translation

stateless

IPv4 to IPv6 stateless translation

instance

Name of the NAT64 stateless instance

address-family

Address family related configuration

traceroute

Traceroute related configurations

ipv6-prefix

IPv6 prefix to be used to translate IPv4 address to IPv6 address

ubit-reserved

Enable reserving ubits in IPv6 address

Defaults

There can only be 64 Service-type NAT64 configurations per Roddick line card or chassis.

Command Modes

CONFIG-CGN

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Series Router.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

The NAT64 stateless instance name(s) should be unique across all the CGN NAT44 and NAT64 stateless instance names.

There can only be 64 service-type NAT64 configurations per Roddick line card or chassis spanning over different cards.

Task ID

Task ID

Operations

CGN

read, write

Examples

The following example shows how to configure the nat64 stateless instance named xlat1for the CGN application:
RP/0/RP1/CPU0:#config
Wed Sep 15 08:02:39.358 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1   
RP/0/RP1/CPU0:(config-cgn)#service-type nat64 stateless xlat1 
RP/0/RP1/CPU0:(config-cgn-nat64-stateless)#show                
Wed Sep 15 08:15:41.097 UTC
service cgn cgn1
 service-type nat64 stateless xlat1
Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the address family configuration mode for the specified CGN instance.

address-family ipv6 (CGN)

Enters the IPv6 address family configuration mode

ipv6-prefix (6rd)

Configures the ipv6 prefix to be used for converting ipv4 addresses into ipv6 addresses and ipv4 addresses into ipv6 addresses

traceroute (CGN)

Configures a range of ipv4 addresses that are to be used for mapping when a non-translatable ipv6 address is received.

ubit-reserved (CGN)

When the ubit-reserved command is enabled bits 64-71 in the IPv6 addresses are reserved.

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat44 (CGN)

Creates a NAT44 instance for the CGN application

service-type tunnel (CGN)

Creates a v6rd tunnel application.

service-type tunnel (CGN)

Use the service-type tunnel command to create a v6rd tunnel application. The no form of this command will delete this instance of the v6rd tunnel application.

service-type tunnel v6rd instance {address-family | br | path-mtu | reassembly-enable | reset-df-bit | tos | ttl }
no service-type tunnel v6rd instance
Syntax Description

service-type

Select a service to configure

tunnel

Tunnel type

v6rd

6rd configurations

instance

Name of the 6rd instance

address-family

Address family related configuration

br

Border Relay related configurations

path-mtu

IPv6 MTU value

reassembly-enable

Enable reassembly

reset-df-bit

Enable resetting of DF bit

tos

Type Of Service to be used for IPv4 tunnel

ttl

Time To Live value to be used for IPv4 tunnel

Defaults

64 service-type v6rd tunnel configurations per Roddick line card or chassis.

Command Modes

CONFIG-CGN

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Series Router.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

The 6rd instance name should be unique across all the instance names like CGN instance name, NAT44 instance and NAT64 stateless instance names.

There can only be 64 Service-type v6rd tunnel configurations per Roddick line card or chassis spanning over different cards.

Task ID

Task ID

Operations

CGN

read, write

Examples

The following example shows how to configure the tunnel instance named nat64 for the CGN application:
RP/0/RP1/CPU0:#config
Thu Oct 14 12:46:34.188 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type tunnel v6rd 6rd1
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd)#show
Thu Oct 14 12:47:11.521 UTC
service cgn cgn1
 service-type tunnel v6rd 6rd1
Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the IPv4 address family configuration mode.

address-family ipv6 (CGN)

Enters the IPv6 address family configuration mode

br (6rd)

Enters the Border Relay configuration mode.

reassembly-enable (6rd)

Enables packet fragments to be reassembled.

reset-df-bit (6rd)

Enables resetting of DF bit.

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat44 (CGN)

Creates a NAT44 instance for the CGN application

service-type nat64 (CGN)

Creates a NAT64 instance for the CGN application

tos (CGN)

Configures the ipv4 tunnel type of service

ttl (6rd)

Configures the ipv4 tunnel time to live

session (CGN)

Use the session command to configure the timeout values for both active and initial sessions for TCP or UDP. The no form of this command reverts back to the default value for the TCP or UDP session time outs.

session {active | initial} timeout seconds
no session {active | initial} timeout seconds
Syntax Description

active

Configures the active session timeout for both TCP and UDP. The default value for UDP active session timeout is 120 seconds.

initial

Configures the initial session timeout.

timeout

Configures the timeout for either active or initial sessions.

seconds

Timeout for either active or initial sessions. Range is from 1 to 65535.

Command Default

If the value for the UDP initial session timeout is not configured, the default value for the UDP initial session timeout is 30.

If the value for the UDP active session timeout is not configured, the default value for the UDP active session timeout is 120.

If the value for the TCP initial session timeout is not configured, the default value for the TCP initial session timeout is 120.

If the value for the TCP active session timeout is not configured, the default value for the TCP active session timeout is 1800 (30 minutes).

Command Modes

AFI-PROTO

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

Updated Usage Guidelines and Examples.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

We recommend that you configure the timeout values for the protocol sessions carefully. For example, the values for the protocol and NAT functions must be configured properly.

If the no form of this command is specified, the following guidelines apply:

•UDP initial session timeout value reverts back to the default value of 30.

•UDP active session timeout value reverts back to the default value of 120.

•TCP initial session timeout value reverts back to the default value of 120.

•TCP active session timeout value reverts back to the default value of 1800.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the TCP initial and active timeout session values:
RP/0/RP1/CPU0:#config
Thu Oct 14 12:50:59.342 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat44 nat1 
RP/0/RP1/CPU0:(config-cgn-nat44)#protocol tcp 
RP/0/RP1/CPU0:(config-cgn-proto)#session active timeout 90
RP/0/RP1/CPU0:(config-cgn-proto)#session initial timeout 120
RP/0/RP1/CPU0:(config-cgn-proto)#show 
Thu Oct 14 12:54:56.576 UTC
service cgn cgn1
 service-type nat44 nat1
  protocol tcp
   session initial timeout 120
   session active timeout 90
The following example shows how to configure the UDP initial and active timeout values:
RP/0/RP1/CPU0:#config
Thu Oct 14 12:55:49.619 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat44 nat1
RP/0/RP1/CPU0:(config-cgn-nat44)#protocol udp
RP/0/RP1/CPU0:(config-cgn-proto)#session active timeout 90
RP/0/RP1/CPU0:(config-cgn-proto)#session initial timeout 120
RP/0/RP1/CPU0:(config-cgn-proto)#show
Thu Oct 14 12:57:52.000 UTC
service cgn cgn1
 service-type nat44 nat1
  protocol udp
   session initial timeout 120
   session active timeout 90
Related Commands

Command

Description

external-logging (CGN)

Enables the external-logging facility for an inside VRF of a CGN instance.

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.

map (CGN)

Maps an outside VRF and address pool to an inside VRF and address pool.

service cgn (CGN)

Enables an instance for the CGN application.

show cgn nat44 inside-translation

Displays the translation table entries for an inside IPv4 address and inside VRF combination for a specified CGN instance.

show cgn nat44 outside-translation

Displays the translation table entries for an outside or public IP source address and outside VRF combination for a specified CGN instance.

timeout (CGN)

Configures the timeout for the ICMP session for a CGN instance.

source-address (6rd)

Use the source-address command to assign an ipv4 address as the tunnel source address. When the no form of this command is used then there is no source address assigned to the tunnel.

source-address < A.B.C.D>
no source-address < A.B.C.D>
Syntax Description

source-address

Source address for tunnel

< A.B.C.D>

source IP address

Defaults

There is no default behavior.

Command Modes

TUNNEL-6RD

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Router

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Note For a 6rd tunnel configure the br: ipv6-prefix, ipv4 source-address and unicast IPv6 address in a single commit.

Note Once configured, the source-address cannot be deleted individually. It should be deleted along with all the br tunnel configuration parameters.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the v6rd tunnel source-address:
RP/0/RP1/CPU0:#config
Wed Sep 22 10:24:47.552 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type tunnel v6rd 6rd1
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd)#br
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd-br)#source-address 10.2.2.1 
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd-br)#show
Wed Sep 22 10:26:13.196 UTC
service cgn cgn1
 service-type tunnel v6rd 6rd1
  br
   source-address 10.2.2.1
Related Commands

Command

Description

br (6rd)

Enters the Border Relay configuration mode.

ipv4 prefix (6rd)

Assigns a value for the ipv4 tunnel prefix.

ipv4 suffix (6rd)

Assigns a value for the ipv4 tunnel suffix.

ipv6-prefix (6rd)

Configures the ipv6 prefix to be used for converting ipv4 addresses into ipv6 addresses and ipv4 addresses into ipv6 addresses

service cgn (CGN)

Enables an instance for the CGN application.

service-type tunnel (CGN)

Creates a v6rd tunnel application.

unicast address (6rd)

Assigns an IPv6 address to be used for a 6rd Border Relay unicast configuration.

static-forward inside (CGN)

Use the static-forward inside command to enable static port forwarding for an inside IPv4 address and inside port combination. The no form of this command disables static port forwarding.

static-forward inside address <A.B.C.D> port <1-65535>
no static-forward inside
Syntax Description

static-forward

Configure a static port

inside

Inside network configuration

address

Inside address for static-forward

<A.B.C.D>

Inside IP address

port

Inside port number for static-forward

<1-65535>

Inside port number

Command Default

No default behavior or values.

Command Modes

INVRF-AFI

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

Updated Syntax, Usage Guidelines and Example.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This is a NAT44 service type specific command to be applied per inside vrf per cgn instance.

This command will configure the static port forwarding for an inside-ipv4 address and inside-portno combination. With this configuration, packets received on inside with the configured inside-ipv4 address and inside-portno will be forwarded using displayed outside-ipv4 address & outside-portno.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure static forwarding for a port:
RP/0/RP1/CPU0:#config
Wed Oct 13 12:38:16.452 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat44 nat1
RP/0/RP1/CPU0:(config-cgn-nat44)#inside-vrf insidevrf1
RP/0/RP1/CPU0:(config-cgn-invrf)#protocol icmp 
RP/0/RP1/CPU0:(config-cgn-invrf-icmp)#static-forward inside address 192.0.2.1 port 650 
RP/0/RP1/CPU0:(config-cgn-invrf-icmp)#show
Wed Oct 13 12:42:05.211 UTC
service cgn cgn1
 service-type nat44 nat1
  inside-vrf insidevrf1
   protocol icmp
    static-forward inside
     address 192.0.2.1 port 650
Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the address family configuration mode for the specified CGN instance.

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.

protocol (CGN-NAT44)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat44 (CGN)

Creates a NAT44 instance for the CGN application

tcp mss (CGN)

Use the tcp mss command to adjust the TCP maximum segment size (MSS) value for a ServiceApp interface. Use the no form of this command to disable a particular service application interface.

tcp mss <28-1500>
no tcp mss
Syntax Description

tcp

Protocol tcp

mss

Maximum segment size for TCP in bytes

<28-1500>

Maximum segment size to be used in bytes

Command Default

Default is disabled for the TCP maximum segment size (MSS) adjustment.

Command Modes

CGN-NAT64

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Series Router.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

If this configuration does not exist, TCP determines the maximum segment size based on the settings specified by the application process, interface maximum transfer unit (MTU), or MTU received from Path MTU Discovery.

This is an NAT64 stateless translation command to be applied per instance of NAT64 stateless of a cgn instance. This command will enable rewriting of the TCP MSS value in the translated IPv4 packet (getting translated from IPv6 to IPv4), the incoming TCP MSS value is greater than the value configured by this command.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure TCP MSS value as 1000 for a NAT64 stateless ServiceApp interface
RP/0/RP1/CPU0:#config
Thu Sep 16 06:55:47.821 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat64 stateless xlat1
RP/0/RP1/CPU0:(config-cgn-nat64-stateless)#interface ServiceApp 2
RP/0/RP1/CPU0:(config-cgn-nat64-stless-afi)#address-family ipv4
RP/0/RP1/CPU0:(config-cgn-nat64-stless-afi)#tcp mss 1000 
RP/0/RP1/CPU0:(config-cgn-nat64-stless-afi)#show
Thu Sep 16 07:00:02.014 UTC
service cgn cgn1
 service-type nat64 stateless xlat1
  address-family ipv4
  interface ServiceApp2 
  tcp mss 1000
Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the address family configuration mode for the specified CGN instance.

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.

protocol (CGN-NAT44)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.

service cgn (CGN)

Enables an instance for the CGN application.

timeout (CGN)

Use the timeout command to configure the timeout in seconds for the ICMP, TCP and UDP sessions. The no form of this command reverts the timeout value back to the default.

timeout seconds
no timeout seconds
Syntax Description

seconds

Timeout value. Range is from 1 to 65535.

Command Default

If icmp timeout is not configured, the default ICMP timeout value is 60 seconds.

If udp init-session timeout is not configured, the default udp init-session timeout value is 30 seconds.

If udp active-session timeout is not configured, the default udp active-session timeout value is 120 sec.

If tcp init-session timeout is not configured, the default tcp init timeout value is 120 seconds.

If tcp active-session timeout is not configured, the default tcp active-session timeout value is 30 minutes (1800 seconds).

Command Modes

CGN-NAT44

Command History

Release

Modification

Release 3.9.1

This command was introduced.

Release 3.9.2

No modification.

Release 3.9.3

Updated Command Default and Usage Guidelines.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This is a NAT44 service type specific command to be applied per cgn instance.

This command will configure the initial and active timeout value in seconds for TCP or UDP sessions for a cgn instance. For ICMP the user will only be able to configure the timeout value.

Note The destination port/destination address timeout configuration is not supported for ICMP.

For TCP and UDP, the per port active timeout session will be prioritized according to the following criteria, higher to lower precedence:

3. An destination address and port combination

4. An destination address

5. An destination port

6. default protocol timeout

Enter up to 1000 timer entries (inclusive of port only, ip only or port/ip combo).

We recommend that you configure the timeout values for the protocol sessions carefully.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure a destination address and port combination value as 600 for the tcp session:
RP/0/RP0/CPU0:Chammeli#config
Mon Nov 15 12:44:17.954 UTC
RP/0/RP0/CPU0:Chammeli(config)#service cgn cgn1
RP/0/RP0/CPU0:Chammeli(config-cgn)#service-type nat44 nat1
RP/0/RP0/CPU0:Chammeli(config-cgn-nat44)#inside-vrf red
RP/0/RP0/CPU0:Chammeli(config-cgn-invrf)#protocol tcp 
RP/0/RP0/CPU0:Chammeli(config-cgn-invrf-proto)#address 40.1.1.2 port 80 timeout 600
RP/0/RP0/CPU0:Chammeli(config-cgn-invrf-proto)#show
Mon Nov 15 12:47:57.198 UTC
service cgn cgn1
 service-type nat44 nat1
  inside-vrf red
   protocol tcp
    address 40.1.1.2
     port 80 timeout 600
The following example shows how to configure a destination address value as 600 for the tcp 
session:
RP/0/RP0/CPU0:Chammeli#config
Mon Nov 15 12:55:30.276 UTC
RP/0/RP0/CPU0:Chammeli(config)#service cgn cgn1
RP/0/RP0/CPU0:Chammeli(config-cgn)#service-type nat44 nat1
RP/0/RP0/CPU0:Chammeli(config-cgn-nat44)#inside-vrf red
RP/0/RP0/CPU0:Chammeli(config-cgn-invrf)#protocol tcp
RP/0/RP0/CPU0:Chammeli(config-cgn-invrf-proto)#address 40.1.1.2 timeout 600
RP/0/RP0/CPU0:Chammeli(config-cgn-invrf-proto)#show
Mon Nov 15 12:57:21.841 UTC
service cgn cgn1
 service-type nat44 nat1
  inside-vrf red
   protocol tcp
    address 40.1.1.2
     timeout 600
The following example shows how to configure a destination port value as 600 for the tcp session:
RP/0/RP0/CPU0:Chammeli#config
Mon Nov 15 13:01:54.262 UTC
RP/0/RP0/CPU0:Chammeli(config)#service cgn cgn1
RP/0/RP0/CPU0:Chammeli(config-cgn)#service-type nat44 nat1
RP/0/RP0/CPU0:Chammeli(config-cgn-nat44)#inside-vrf red
RP/0/RP0/CPU0:Chammeli(config-cgn-invrf)#protocol tcp
RP/0/RP0/CPU0:Chammeli(config-cgn-invrf-proto)#port 80 timeout 600
RP/0/RP0/CPU0:Chammeli(config-cgn-invrf-proto)#show
Mon Nov 15 13:03:40.954 UTC
service cgn cgn1
 service-type nat44 nat1
  inside-vrf red
   protocol tcp
    port 80 timeout 600
Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the address family configuration mode for the specified CGN instance.

protocol (CGN-NAT44)

Enters ICMP, TCP, and UDP protocol configuration mode for a given CGN instance.

service cgn (CGN)

Enables an instance for the CGN application.

session (CGN)

Configures the timeout values for both active and initial sessions for TCP or UDP.

timeout (CGN logging)

Use the timeout command to configure the frequency at which the netflow-v9 template is refreshed or resent to the netflow-v9 server. The no form of this command to reverts the timeout back to the default value of 30 minutes.

timeout <1-3600>
no timeout <1-3600>
Syntax Description

<1-3600>

Value, in minutes, for the timeout. Range is from 1 to 3600.

Command Default

The default timeout value is 30 minutes.

Command Modes

CGN-INVRF

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Series Router.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

The netflowv9 based logging requires that a logging template be sent to the server periodically. The timeout value implies that after these many minutes has elapsed since the template was last sent, the template will be resent to the logging server. The refresh-rate value implies that after sending these many packets to the server, the template will be resent. The timeout and refresh-rate values are mutually exclusive, i.e. whichever expires first, will be taken into consideration for re sending the template.

Note Only when the ipv4 address and port number for the logging server has been configured will the configurations for path-mtu, refresh-rate and timeout be applied.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the timeout value as 50 for the NetFlow logging information for the NAT table entries:
RP/0/RP1/CPU0:#configure
Tue Oct  5 09:03:35.007 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat44 nat1
RP/0/RP1/CPU0:(config-cgn-nat44)#inside-vrf insidevrf1
RP/0/RP1/CPU0:(config-cgn-invrf)#external-logging netflow version 9 
RP/0/RP1/CPU0:(config-cgn-invrf-af-extlog)#server timeout 60 
RP/0/RP1/CPU0:(config-cgn-invrf-af-extlog)#show
Tue Oct  5 09:08:14.072 UTC
service cgn cgn1
 service-type nat44 nat1
  inside-vrf insidevrf1
   external-logging netflow version 9
    server
     timeout 60
Related Commands

Command

Description

address (CGN NetflowV9 logging)

Enables the IPv4 address for the Netflow v9 external logging server

external-logging (CGN)

Enables the external-logging facility for an inside VRF of a CGN instance.

inside-vrf (CGN)

Enters inside VRF configuration mode for a CGN instance.

path-mtu (CGN)

Configures the path Maximum Transmission Unit (MTU) for the netflowv9-based external-logging facility.

refresh-rate (CGN)

Re sends the log template to the netflowv9 server.

server (CGN)

Enables the logging server information for the IPv4 address and port for the server that is used for the netflowv9-based external-logging facility.

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat44 (CGN)

Creates a NAT44 instance for the CGN application

tos (CGN)

The tos command configures the ipv4 tunnel type of service. The no form of this command disables the type of service.

tos <0-255>
no tos <0-255>
Syntax Description

tos

Type Of Service to be used for IPv4 tunnel

<0-255>

Type of service to be set

Defaults

The default type of service is 0.

Command Modes

CGN-NAT64

TUNNEL-6RD

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Router.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This command is used to configure the type of service (TOS) for the ipv4 tunnel.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the NAT64 ipv4 tunnel type of service:
RP/0/RP1/CPU0:#config
Wed Sep 15 11:02:43.611 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type nat64 stateless xlat1
RP/0/RP1/CPU0:(config-cgn-nat64-stateless)#address-family ipv4
RP/0/RP1/CPU0:(config-cgn-nat64-stless-afi)#tos 255
RP/0/RP1/CPU0:(config-cgn-nat64-stless-afi)#show
Wed Sep 15 11:04:14.938 UTC
service cgn cgn1
 service-type nat64 stateless xlat1
  address-family ipv4
   tos 255
The following example shows how to configure the 6rd tunnel type of service:
RP/0/RP1/CPU0:#config
Wed Sep 29 07:27:34.087 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type tunnel v6rd 6rd1
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd)#tos 25 
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd)#show
Wed Sep 29 07:28:30.381 UTC
service cgn cgn1
 service-type tunnel v6rd 6rd1
  tos 25
Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the IPv4 address family configuration mode.

external-logging (CGN)

Enables the external-logging facility for an inside VRF of a CGN instance.

map (CGN)

Map an outside VRF and address pool to an inside VRF and address pool.

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat64 (CGN)

Creates a NAT64 instance for the CGN application

service-type tunnel (CGN)

Creates a v6rd tunnel application.

tcp mss (CGN)

adjusts the TCP maximum segment size (MSS) value for a ServiceApp interface.

ttl (6rd)

Configures the ipv4 tunnel time to live

traceroute (CGN)

The traceroute configures a range of ipv4 addresses that are to be used for mapping when a non-translatable ipv6 address is received. When the no form of this command is specified, there will be no pool of IPv4 addresses for mapping the non-translatable IPv6 source addresses.

traceroute translation address-pool <A.B.C.D/prefix IP subnet mask> algorithm <Hash | Random | TTL >
no traceroute translation
Syntax Description

traceroute

Traceroute related configurations

translation

Configurations related translating traceroute addresses

address-pool

IPv4 address pool for traceroute addresses

A.B.C.D/prefix

Start address and prefix for the address pool

IP subnet mask

Start address and prefix for the address pool

algorithm

Algorithm to translate IPv6 address to IPv4 address

Hash

Hashing

Random

Randomly generate

TTL

Time to live

Defaults

Ipv4 address/prefix for traceroute-pool

•the minimum value for prefix is 1

•the maximum value for prefix is 32

Command Modes

CGN-NAT64

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Router.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This traceroute command will configure a range of ipv4 addresses that are to be used for mapping when a non-translatable ipv6 address is received. One of the addresses from this block will be mapped to the ipv6 address.

The following ipv4 addresses will not be allowed to be configured through this command:

1. 127.0.0.1

2. addresses from 224.0.0.0 onwards

3. All zero address

4. Broadcast address

The value for prefix can be any value from 1 to 32. There will be only one such map per instance of stateless ipv4 to ipv6 service-type.

When there is no pool of IPv4 addresses to translate the non-translatable IPv6 source address, packets coming with non-translatable IPv6 source addresses will be dropped.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the address-pool:
RP/0/RP0/CPU0:#config
Sat Sep 18 00:52:30.424 UTC
RP/0/RP0/CPU0:(config)#service cgn cgn1
RP/0/RP0/CPU0:(config-cgn)#service-type nat64 stateless xlat1
RP/0/RP0/CPU0:(config-cgn-nat64-stateless)#traceroute translation address-pool 
121.1.2.0/24  
RP/0/RP0/CPU0:(config-cgn-nat64-stateless)#show
Sat Sep 18 01:01:55.117 UTC
service cgn cgn1
 service-type nat64 stateless xlat1
  traceroute translation
   address-pool 121.1.2.0/24
The following example shows how to configure the random algorithm:
RP/0/RP0/CPU0:#config
Sat Sep 18 01:31:24.788 UTC
RP/0/RP0/CPU0:(config)#service cgn cgn1
RP/0/RP0/CPU0:(config-cgn)#service-type nat64 stateless xlat1
RP/0/RP0/CPU0:(config-cgn-nat64-stateless)#traceroute translation algorithm Random 
RP/0/RP0/CPU0:(config-cgn-nat64-stateless)#show
Sat Sep 18 01:32:53.793 UTC
service cgn cgn1
 service-type nat64 stateless xlat1
  traceroute translation
   algorithm Random
The following example shows how to configure the hash algorithm:
RP/0/RP0/CPU0:#config
Sat Sep 18 01:31:24.788 UTC
RP/0/RP0/CPU0:(config)#service cgn cgn1
RP/0/RP0/CPU0:(config-cgn)#service-type nat64 stateless xlat1
RP/0/RP0/CPU0:(config-cgn-nat64-stateless)#traceroute translation algorithm Hash 
RP/0/RP0/CPU0:(config-cgn-nat64-stateless)#show
Sat Sep 18 01:32:53.793 UTC
service cgn cgn1
 service-type nat64 stateless xlat1
  traceroute translation
   algorithm Hash
The following example shows how to configure the TTL algorithm:
RP/0/RP0/CPU0:#config
Sat Sep 18 01:36:18.370 UTC
RP/0/RP0/CPU0:(config)#service cgn cgn1
RP/0/RP0/CPU0:(config-cgn)#service-type nat64 stateless xlat1
RP/0/RP0/CPU0:(config-cgn-nat64-stateless)#traceroute translation algorithm TTL
RP/0/RP0/CPU0:(config-cgn-nat64-stateless)#show
Sat Sep 18 01:37:42.283 UTC
service cgn cgn1
 service-type nat64 stateless xlat1
  traceroute translation
   algorithm TTL
Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the IPv4 address family configuration mode.

address-family ipv6 (CGN)

Enters the IPv6 address family configuration mode

ipv6-prefix (6rd)

Configures the ipv6 prefix to be used for converting ipv4 addresses into ipv6 addresses and ipv4 addresses into ipv6 addresses

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat64 (CGN)

Creates a NAT64 instance for the CGN application

ubit-reserved (CGN)

Reserves bits 64-71 in the IPv6 addresses.

traffic-class (CGN)

Use the traffic-class command to configure the traffic class value to be used when translating a packet from ipv4 to ipv6. When the no form of this command is specified, the traffic-class value will be copied from ipv4 packet.

traffic-class <0-255>
no traffic-class <0-255>
Syntax Description

traffic-class

Traffic class to be set when translating from IPv4 to IPv6

<0-255>

Traffic class to be set

Defaults

There is no default behavior.

Command Modes

CGN-NAT64

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Router.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the CGN-NAT64 traffic class value:
RP/0/RP0/CPU0:#config
Fri Sep 17 19:48:58.089 UTC
RP/0/RP0/CPU0:(config)#service cgn cgn1
RP/0/RP0/CPU0:(config-cgn)#service-type nat64 stateless xlat1
RP/0/RP0/CPU0:(config-cgn-nat64-stateless)#ipv6-prefix 2010:db8:ff00::/40
RP/0/RP0/CPU0:(config-cgn-nat64-stateless)#address-family ipv6 
RP/0/RP0/CPU0:(config-cgn-nat64-stless-afi)#interface ServiceApp 461
RP/0/RP0/CPU0:(config-cgn-nat64-stless-afi)#traffic-class 20 
RP/0/RP0/CPU0:(config-cgn-nat64-stless-afi)#show
Fri Sep 17 19:53:00.277 UTC
service cgn cgn1
 service-type nat64 stateless xlat1
  address-family ipv6
   interface ServiceApp461
   traffic-class 20
Related Commands

Command

Description

address-family ipv6 (CGN)

Enters the IPv6 address family configuration mode.

df-override (CGN)

Over rides the DF (Don't Fragment) bit.

tcp mss (CGN)

Adjusts the TCP maximum segment size (MSS) value for a ServiceApp interface.

service cgn (CGN)

Enables an instance for the CGN application.

service-type nat64 (CGN)

Creates a NAT64 instance for the CGN application

ttl (6rd)

Use the ttl command to configure the ipv4 tunnel time to live. The no form of this command disables the time to live.

ttl <value>
no ttl <value>
Syntax Description

ttl

Time To Live value to be used for IPv4 tunnel

<value>

Valid values are from 1 to 255.

Defaults

There is no default behavior.

Command Modes

TUNNEL-6RD

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Router.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

Task ID

Task ID

Operations

cgn

read, write

Examples

The following example shows how to configure the 6rd tunnel time to live, ttl, value:
RP/0/RP1/CPU0:#config
Wed Sep 29 07:43:18.178 UTC
RP/0/RP1/CPU0:(config)#service cgn cgn1
RP/0/RP1/CPU0:(config-cgn)#service-type tunnel v6rd 6rd1
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd)#ttl 25 
RP/0/RP1/CPU0:(config-cgn-tunnel-6rd)#show
Wed Sep 29 07:44:57.026 UTC
service cgn cgn1
 service-type tunnel v6rd 6rd1
  ttl 25
 !
Related Commands

Command

Description

address-family ipv4 (CGN)

Enters the IPv4 address family configuration mode.

address-family ipv6 (CGN)

Enters the IPv6 address family configuration mode

br (6rd)

Enters the Border Relay configuration mode.

path-mtu (6rd)

Configures the 6rd ipv4 tunnel MTU (Maximum Transmission Unit) size in bytes.

reassembly-enable (6rd)

Enables packet fragments to be reassembled.

reset-df-bit (6rd)

Enables resetting of DF bit.

service cgn (CGN)

Enables an instance for the CGN application.

service-type tunnel (CGN)

Creates a v6rd tunnel application.

tos (CGN)

Configures the ipv4 tunnel type of service

ubit-reserved (CGN)

When the ubit-reserved command is enabled bits 64-71 in the IPv6 addresses are reserved. If no form of this command is specified, then bits 64..71 in the IPv6 address will not be reserved and may be used to store the IPv4 address octets as part of translation.

ubit-reserved
no ubit-reserved
Syntax Description

ubit-reserved

Enable reserving ubits in IPv6 address

Defaults

There is no default behavior

Command Modes

CGN-NAT64

Command History

Release

Modification

Release 3.9.3

This command was introduced on the Cisco CRS-1 Router.

Usage Guidelines

To use this command, you must be in a user group associated with a task group that includes the proper task IDs. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator.

This is an NAT64 stateless translation command to be applied per instance of NAT64 stateless of a CGN instance. When this configuration is enabled bits 64-71 in the IPv6 addresses are reserved for purposes including U-Bit. These won't be used for translation purposes.

If no is specified, then bits 64..71 in the IPv6 address will not be reserved and may be used to store the IPv4 address octets as part of translation.

Task ID

Cisco IOS XR Software (End-of-Sale)

Release Notes for Cisco CRS-1 Series Router for Cisco IOS XR Software Release 3.9.3

Hierarchical Navigation

Downloads

Table Of Contents

Release Notes for Cisco CRS-1 for Cisco IOS XR Software Release 3.9.3

Key Changes from Previous Releases in Cisco IOS XR Release 3.9.3

Contents

Introduction

System Requirements

Feature Set Table

Memory Requirements

Hardware Supported

Software Compatibility

Other Firmware Support

Determining Your Software Version

New Features in Cisco IOS XR Software Release 3.9.3

New Software Features Supported on all Platforms

Cisco CRS-1 Series Router Specific Software Features

IPv4/IPv6 Stateless Translator (XLAT)

Hardware

Software

Cisco Carrier-Grade Service Engine (CGSE)

Configuring the CGSE

XLAT Configuration

XLAT ServiceApp Configuration

XLAT Instance Configuration

Show Commands

Clear Command

Line Card Upgrade

NAT44 Sample Configuration

NAT64 Stateless Sample Configuration

6RD (IPv6 Rapid Deployment)

Introduction - 6rd

Cisco Carrier-Grade Service Engine (CGSE)

Configuring the CGSE

CGSE Health Monitoring

6rd Configuration

Ping to BR Anycast Address

Enable Additional 6rd Features

Line Card Upgrade

XLAT and 6rd Commands

address (CGN NetflowV9 logging)

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

address (CGN static-forward)

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

address-family ipv4 (CGN)

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

address-family ipv6 (CGN)

Syntax Description

Defaults

Command Modes

Command History

Usage Guidelines

Examples

Related Commands

alg ActiveFTP (CGN)

Syntax Description

Command Default

Command Modes

Command History

Usage Guidelines