Product Bulletin No. 393294
Last Updated: April 2010
This Product Bulletin introduces Cisco IOS® Software Release 12.2SR and includes the following sections:
Cisco IOS Software Release 12.2SR Introduction
Cisco IOS Software Release 12.2S is designed for Service Provider edge and Enterprise campus networks that require world-class IP and Multiprotocol Label Switching (MPLS) services.
Release 12.2SR is the premier Cisco IOS Software for delivering industry-leading Carrier Ethernet, Broadband Aggregation and Subscriber Services, and MPLS Provider Edge functionality for next generation Service Provider edge, Enterprise MAN/WAN, and Federal networks that run the Cisco 7600 Series Routers, Cisco 7200 Series Routers, and the Cisco 7301 Router. Releases 12.2(33)SRD, 12.2(33)SRC, and 12.2(33)SRB are available from Cisco.com.
Release 12.2(33)SRD, the latest customer release of Release 12.2SR, delivers over 75 new Cisco IOS Software features and powerful new hardware support for the Cisco 7600 Series Routers. Release 12.2(33)SRD also provides support for the Cisco 7200 Series Routers, the Cisco 7201 Router, and the Cisco 7301 Router.
Release 12.2(33)SRC, the third release of 12.2SR supports the Cisco 7200 Series Routers, the Cisco 7201 Router, the Cisco 7301, and the Cisco 7600 Series Routers. Release 12.2(33)SRB, the second release of Release 12.2SR, is specific to the Cisco 7600 Series Routers.
Not all features may be supported on all platforms. Use Cisco Feature Navigator to find information about platform support and Cisco IOS Software image support. Access Cisco Feature Navigator at http://tools.cisco.com/ITDIT/CFN/jsp/index.jsp. You must have an account on Cisco.com.
Cisco IOS Software Release 12.2(33)SRE
Like all Cisco IOS® Software 12.2SR releases, Release 12.2(33)SRE integrates innovations that span multiple technology areas, including flexible Carrier Ethernet infrastructure, manageability, and quality of service (QoS). It also features further improvements in the areas of resiliency, subscriber-aware Ethernet on the Cisco® 7600 Series Ethernet Services Plus (ES+) line cards, mobility, and Layer 2 functionality.
Release 12.2(33)SRE also includes support for the Cisco 7600 Series ES Plus Extended Combo and Transport Line Cards, extending the capabilities of the existing ES+ portfolio.
The following sections include Cisco IOS Software Release 12.2(33)SRE hardware and software feature highlights.
Subscriber-aware Ethernet with Cisco Intelligent Services Gateway (ISG) support on ES+ cards
IP sessions on Gigabit EtherChannel support
Multicast coexistence with IP sessions
ISG Nas port Option 82+ Option 60 Transparent Auto Logon
DHCP Server User Authentication
Mobile
L2VPN support for ATM cell packing on static pseudowire
Cell packing for OC-48 ATM SPA, CEoPS SPA
End-to-end VCCV on multisegment pseudowire
Access circuit redundancy for MPLS pseudowire
SyncE L1 support on ES+ cards
2G grooming with CEoP SPA AIS processing
Hardware
Cisco 7600 Series Ethernet Services Plus Line Cards
The Cisco 7600 Series Ethernet Services Plus 40 Gbps (ES+40) Line Cards utilize an extensible design that enables service prioritization for voice, video, data, and wireless mobility services. Service providers and enterprises benefit from the improved economics, density, advanced Carrier Ethernet features, and the high performance of the ES+40 fixed-configuration line cards. With the same architecture and features, the Cisco 7600 Series Ethernet Services Plus 20 Gbps (ES+20) Line Cards are designed for networks with lower interface density requirements.
The Cisco® 7600 Series Ethernet Services Plus Extended Combination (ES Plus XC) Line Cards are designed for interface-flexible Ethernet services. They allow service prioritization for voice, video, data, and wireless mobility services and can connect to LAN, WAN, and Optical Transport Network Physical Layer (OTN PHY) interfaces as well as Gigabit Ethernet ports on the same physical line card. This unique form factor allows for configurations with redundant network-to-network 10 Gigabit Ethernet interfaces to reside on separate line card slots for resiliency, while offering user-to-network Gigabit Ethernet interfaces on the same slots for efficiency. Service providers and enterprises benefit from the efficiency gains in power consumption, optimized service scale, and feature capability as well as the flexibility in interface speeds for Ethernet solutions.
The Cisco 7600 Series Ethernet Services Plus Transport Line Cards are designed for cost-efficient Carrier Ethernet service delivery. The cards allow service prioritization for voice, video, data, and wireless mobility services and can connect to LAN, WAN, and OTN PHY interfaces. Service providers and enterprises benefit from the efficiency gains in power consumption, improved economics from higher density, and service scalability and feature capability optimized for cost-sensitive transport Ethernet solutions.
The ES+ programmable interface processors protect network investments and reduce total cost of ownership. The design maximizes connectivity options and offers superior service intelligence through programmable interface processors operating at line rate. Figure 1 shows the Cisco 7600 Series Ethernet Services Plus Extended Combo (ES+XC) Line Cards and Figures 2 and 3 show the Cisco 7600 Series Ethernet Services Plus Transport (ES+T) Line Cards.
Figure 1. Cisco 7600 Series ES+XC 20G and 40G Line Cards
Figure 2. Cisco 7600 Series ES+T 40G Line Cards (12.2(33)SRE1)
Figure 3. Cisco 7600 Series ES+T 20G Line Cards (12.2(33)SRE1)
Benefits
• The Cisco 7600 Series ES+XC Line Cards offer greater flexibility with 10 Gigabit Ethernet and Gigabit Ethernet ports on the same line card
• The Cisco 7600 Series ES+T Line Cards offer enhanced Ethernet service capabilities for lower-scale, cost-sensitive Ethernet deployments
• Higher density, greater scalability
– The line cards offer up to 40G density per slot
– ES+XC cards support 256,000 queues (128,000 ingress and 128,000 egress)
– ES+T cards support 16 Leaf-Node Queues
• Line rate with services enabled
– Line cards provide line-rate forwarding performance on Gigabit Ethernet and 10 Gigabit Ethernet interfaces with services enabled.
• Cisco Service Instance (EVC) Support
– The ES+ line cards support Cisco Service Instance (EVC) to enable flexible UNI
• WAN PHY, DWDM, and CWDM optics support
– The ES+ line cards support DWDM and CWDM optics to help reduce operational costs
– G.709/FEC capability on 10 Gigabit Ethernet interfaces
– WAN PHY capability on 10 Gigabit Ethernet interfaces
4500W DC Power Supply for the Cisco 7606-S Chassis
Cisco is now offering a new variable-output power supply, scalable from 1500 watts (W) to 4500W, for the Cisco 7606-S specifically designed for DC environments. The power supply features a variable-output design configurable for 4500W, 3000W, or 1500W output corresponding to three inputs, two inputs, or one input active:
• Equally sized, multiple inputs, which allow lower fusing requirements and maintain consistent wire gauge among 4500W, 3000W, and 1500W output configurations
• Industry-standard dual post terminals
• Terminal design that facilitates cable entry from left or right side
• Pawl type sliding power switch
• Compatible with Cisco 7606-S chassis
Figure 4. 4500W DC Power Supply for the Cisco 7606-S Chassis
Benefits
• Increased power capacity for high-density Ethernet modules in redundant power configurations
• X2-DWDM-XX.XX: RSP720-10GE, WS-X6708-10G line card
• X2-10GB-LRM: RSP720-10GE, WS-X6708-10G line card
• DWDM SFP for Cisco 7600 Series Supervisor Engine 32 (WS_SUP32-3B), 48 and 24 port High Performance Mixed Media Gigabit Ethernet interface module and WS-X6724-SFP/WS-X6748-SFP
Y.1731 implementation is based on standard 802.1ag for AIS and RDI (available since Release 12.2(33)SRD). Ethernet Locked Signal function (ETH-LCK) is used to communicate the administrative locking of a maintenance endpoint (MEP) and interruption of data traffic forwarding toward the MEP expecting this traffic, and to differentiate between a defect condition and an administrative locking.
Benefits
The main purpose of the ETH-LCK function is to inform the immediate clients of MEG level regarding maintenance/administrative conditions and consequential interruption of data traffic. It differentiates between a real fault scenario as opposed to an administrative/maintenance window where tests are being performed, such as 802.3ah loopback function, etc, enabling clients to isolate actual faults. The ETH-LCK messages are multicast in the direction opposite to the direction of the loopback tests/out-of-service tests as the case may be. These messages are sent for all the S-VLANs at the port for all services.
Standards-based implementation of 802.1ag. Feature parity with Release 12.2(33)SRD CFM implementation (switch port, routed port, EVC/bridge domain). This includes also Y.1731 AIS/RDI and LCK implementation.
Note: No interoperability with pre-standard version will be provided.
Benefits
Prior to Cisco IOS Software Release 12.2(33)SRE, the Cisco 7600 Series only supported the pre-standard version based on Draft 1.0. With Release 12.2(33)SRE, all CFM functions are fully compliant with the standardized version 802.1ag. The pre-standard version of CFM based on Draft 1.0 of 802.1ag has been deprecated and only the standardized version of CFM based on 802.1ag 2007 is available from Release 12.2(33)SRE. The Cisco 7600 Series will not support the Area Edge Bridge (AEB) function, which allows the integration between regions of the pre-standard regions and the standard regions.
In addition CFM enhancements include the implementation Y.1731 AIS/RDI and LCK implementations.
Ethernet Alarm Indication Signal (ETH-AIS) functionality allows the MEP that detects a connectivity failure at level N to mulitcast AIS in the direction away from the detected failure at the next most superior level for all S-VLAN affected by the failure.
AIS provides the following two key benefits:
• Alarm suppression so that an NMS does not receive and excessive number of redundant alarms for a particular fault.
• If MEP enters AIS state due to RX of AIS, it indicates that there is no troubleshooting required for that MEP.
• Informs clients that a transport path has failed.
ETH-RDI (Ethernet Remote Defect Indication) functionality allows a downstream MEP that detects a defect condition, such as receive signal failure or AIS, it will send RDI in the opposite upstream direction to its peer MEP or MEPs.
• RDI serves in informing upstream MEPs that there has been a downstream failure
Ethernet Lock (ETH-LCK): Please refer to section 2.2.1
Hardware
• Cisco 7600 Series Routers
• Cisco 7600-ES+ line cards, ES+20 line cards, SPAs
Support for standard CFM for VPLS (VFI). CFM MEP will be enabled on the VPLS instance under the VFI configuration.
This feature is also supported on scalable EoMPLS. The requirement is to forward CCM over pseudowires toward the core and receive CFM messages from the core and forward them to the access side. CFM is enabled on pseudowire endpoints.
Benefits
Prior to Release 12.2(33)SRE, CFM functionality was limited only as a Down MEP on the Bridge Domain and that too with the pre-standard version of CFM. CFM over Layer 2 VFI now is completely based on the standardized version of 802.1ag 2007. Release 12.2(33)SRE on the Cisco 7600 Series now supports the CFM over Layer 2 VFI with the Down MEP functionality on the network side. This allows end-to-end service management for VPLS domains at the provider level and customer domains.
Standards-based CFM MIP/MEP on scalable EoMPLS. The requirement is to forward CCM over pseudowires toward the core and receive CFM messages from the core and forward to the access side. CFM is enabled on pseudowire endpoints.
Benefits
Prior to Release 12.2(33)SRE, CFM functionality was limited to the support of only Down MEP on EVC based on the pre-standard version of 802.1ag. Release 12.2(33)SRE on the Cisco 7600 Series now allows the implementation of CFM Down MEP and Up MEP functionality for pseudowires completely.
This allows customer CFM functionality to extend over the pseduowires transparently while service provider CFM domains can coexist across the pseudowire.
IEEE 802.1ah is a standard extending the scale of Metro Ethernet services deployments. It provides higher scale for VLANs with the introduction of the Service Identifier I-SID with new 24-bits I-TAG values. MAC scale is also extended by encapsulating customer MAC addresses (C-MAC) into provider MAC addresses (B-MAC), thus isolating and hiding customer address spaces.
In Release 12.2(33)SRE, Cisco 7600 Series 802.1ah implementation enables the following deployments:
1. Native Layer 2 Ethernet IB-BEB functionality on the Cisco 7600 Series Router: This allows Layer 2 C-Bridges to be transported over native Layer 2 Ethernet B-Bridges in a one-box solution instead of a two-box solution.
2. 802.1ah and VPLS: This allows a provider to have 802.1ah access circuit into a VPLS core. In this case, the VPLS core behavior is similar to the B-Bridge.
Integrated with MPB, xconnect, or VPLS forwarding, 802.1ah provides flexible implementation options for service providers. 802.1ah can be implemented with 802.1q or 802.1ad encapsulation. It is supported on all variants of the ES+ cards. The 802.1ah encapsulation imposition and disposition is performed on the UNI subscriber-facing port.
Benefits
802.1ah provides extended scale to the customer MAC address and thus allows larger Metro Ethernet provider-edge deployments on a single Cisco 7600 Series Router. . The use of Service Identifier I-SID extends the scale of bridged services to 16,000 in Release 12.2(33)SRE.
Service group is an infrastructure construct allowing grouping multiple logical interfaces into a single logical entity. In Release 12.2(33)SRE, EVC grouping is supported. Multiple EVCs, regardless of the forwarding implemented, are grouped under single logical group. The group serves in turn to attach a shared QoS policy that will apply to all EVCs under a group.
Benefits
EVC service groups allow new service models with enhanced QoS management.
Multichassis Link Aggregation Control Protocol (mLACP)
Multichassis LACP (mLACP) is an innovation allowing dual-homing of devices connected via LACP port-channels to two separate routers. mLACP appears as standard IEEE 802.3ad to the dualhomed device. The implementation is supported via Inter-Chassis Communication Protocol signaling status of attachment links within specific port channels between the two routers. In addition, mLACP is integrated with a hot-standby pseudowire feature allowing advanced end-to-end resiliency implementations. In Release 12.2(33)SRE, mLACP is implemented for EVCs.
Benefits
mLACP is part of Layer 2 convergence enhancements. It is applicable for residential and business deployments and can be widely deployed for access resiliency.
Resilient Ethernet Protocol (REP) enables very fast convergence on Metro Ethernet Layer 2 networks and is supported on the switch port of the Cisco 7600 Series since Release 12.2(33)SRC on a switchport. In Release 12.2(33)SRE, REP will be enabled on ports with EVC configuration for bridge-domain (including VPLS with MAC withdrawal), xconnect and connect functions, and 802.1ah. REP will also support EVCs with a range of VLANs. The implementation includes port channel support.
Benefits
REP provides sub-second fast convergence for Layer 2 networks. Integration with VPLS enables reliable end-to-end Layer 2 VPN implementations. Starting with Release 12.2(33)SRE, REP will benefit from all EVC features support.
Multiple Spanning Tree (MST) Access Gateway (Reverse L2GP)
MST Access Gateway is a significant improvement for Spanning Tree-based deployments. Static preconfigured BPDUs are sent out on each ring access port of network provider edge routers (NPE) to simulate a per-access instantiation of the Spanning Tree Protocol in such a way that the NPEs appear to be either the root bridge or the second-best bridge with a zero-cost path to the root. This greatly simplifies the NPE protection mechanism for L2VPN.
Benefits
MST Access Gateway simplifies Spanning Tree deployments by removing full Spanning Tree Protocol processes from NPE routers, which reduces complexity and enhances scale. It also provides TCN isolation between the domains.
Gigabit Ethernet LAG on UNI with Advanced EVC Load Balancing
On EVC port channels, the load-balancing hash algorithm uses EVC ID. In some cases, this may result in undesirable traffic split on port-channel member links. This feature will allow manual assignment of EVC to a particular link in a link bundle. This allows service providers to explicitly load balance the traffic from various EVCs.
Benefits
Enhance load-balancing scheme on EVC port channel.
H-VPLS with Port-Channel Core Interface (VPLS LAG NNI)
Port channel and MPLS functions are supported on Cisco 7600 Series Routers. Starting with Release 12.2(33)SRE, port channels will be allowed as uplinks for VPLS. In addition, enhanced load-balancing mechanisms will be added to allow splitting the load from a single pseudowire across the port-channel member links and thus avoiding uneven traffic split challenges. MPLS Fast Reroute (FRR) support will be added in a subsequent software release.
Benefits
Allows taking benefits of core link bandwidth to achieve higher bandwidths with VPLS support.
Control Word is a mandatory part of non-Ethernet Any Transport over MPLS (AToM) pseudowires. It is optional and negotiated for EoMPLS pseudowire. This feature allows a user to enable, disable or set the control word to auto-sense mode, as part of the pseudowire configuration. For static pseudowire, the control word can be enabled or disabled through xconnect sub-mode. With this new CLI, it can be configured for dynamic pseudowire as well under a pseudowire class. As a part of this feature, users can also configure the VC type to type 4 or type 5 explicitly.
Benefits
Explicit configuration of control word and VC type allows interoperability with wider range of MPLS equipments with restrictions for control word or VC type support.
Static MAC support for EVC and pseudowire introduces a capability to bind statically unicast or multicast MAC addresses to a pseudowire (VPLS) or EFP. When defined, permanent static MAC entry will be programmed in the MAC table. This enhancement avoids flooding in some convergence scenarios.
Benefits
Static MAC on EVC and pseudowire allows limiting floods within 802.1ah provider space. It also allows building explicitly multicast trees on Layer 2 networks. In some deployment scenarios, static MAC can avoid MAC learning on a VLAN.
Layer 3/Layer 4 security ACLs (standard and extended) will be supported on EVC to allow traffic filtering based on Layer 3/Layer 4 information. This enhancement will be supported on all types of EVCs: xconnect, connect, and bridge domain.
Benefits
EVC is a Layer 2 construct. Introducing support for Layer 3/Layer 4 ACLs allows enhanced filtering for Layer 2 traffic based on Layer 3/Layer 4 security policies. It is also a base feature for Layer 3 SVI services.
This feature introduces the support of Custom Ethertype definition, as per SRD, for port channel links. Supported Ethertypes are 0x88a8, 0x9100, and 0x9200.
Benefits
Defining customizable Ethertype allows interoperating with 802.1ad switches and third-party equipment for VLAN tagged traffic.
MAC security features allow specifying the maximum number of MACs, stickiness, duplicate MAC avoidance, and static secure MACs on EVCs. This feature will be supported on EVCs on port channel interfaces.
Benefits
Introducing support for MAC security on port channels allows service providers to use port channels on UNI with full EVC security benefits.
DHCP snooping builds tables of IP and MAC assignments for access devices using DHCP and disallows further new requests from the MAC addresses with already existing bindings. It is an important DoS protection feature. Further, the snooping table is used for ARP inspection and IP Source Guard features. Additionally, with DHCP snooping on EVC Option 82, insertion is supported with port/circuit ID and subscriber identifier string. This feature will be supported on EVCs provisioned on port channel interfaces.
Benefits
Introducing support for DHCP snooping with Option 82 on port channels allows service providers to use port channels on UNI with full DOS mechanisms benefits.
EVC supports flexible VLAN-based classification today. Enhancements to EVC selection criteria include CoS or range of CoS values, VLAN and CoS (with restrictions), and Ethertype values (IPv4, IPv6, PPPoE).
Benefits
Enhanced EVC classification models allow simplified residential network infrastructures, better QoS alignment, interoperability with older ATM networks, and simplified migrations.
Four-Level Egress/Three-Level Ingress H-QoS on EFP Group
Service Group Support for EVCs
This new feature allows grouping of multiple EVCs under a single logical instance called Service Group Interface (SGI). A Service Group allows attaching service policies in order to implement H-QoS not only on a per-EVC basis but rather a per-group-of-EVCs basis. With the ES+ line card, 4-level QoS scheduling hierarchies can be implemented using a flat policy on SGI and H-QoS policies on the EVCs grouped in that SGI. On both the ES+ and ES20 line cards, 3-level QoS scheduling hierarchies can be implemented using an H-QoS policy on the SGI with no policies on the EVCs grouped in the SGI at the same time.
Benefits
The Service Group feature allows for aggregate per-customer QoS SLA enforcement while having multiple EVCs (one per service) delivered to the customer.
Layer 3 Classification and Marking on EVC on Cisco 7600 Series ES+20 Line Cards
EVC is a Layer 2 construct and policy maps configured on ES20 Series Line Cards did not initially support classifying based upon IP precedence or DSCP bits and marking of IP precedence or DSCP bits. This capability was added for the Cisco 7600 Series ES+ Line Cards in Release 12.2(33)SRD and is now added for ES+20 line cards as well.
Benefits
In some Carrier Ethernet deployments, access concentration devices such as DSLAM may not be able to mark 802.1p (CoS) bits correctly, hence the provider is required to classify on IP precedence and DSCP bits. With this enhancement, ES+20 line cards can be used to connect to such devices and perform the required classification.
Triple-nesting QoS on the Cisco 7600 Series SPA Interface Processor-400 (SIP-400) allows you to define Modular QoS CLI (MQC) policies with parent, child, and grandchild (three policies nested in each other). Queuing functions are supported for parent and child and policing only for grandchild. The MQC triple-nested policies can be applied on the: main interface, sub interface, EVC, FR DLCI, and ATM VC.
Nesting three policies in each other has been treated as a 4-level scheduling hierarchy by the SIP-400 regardless whether there are queuing functions configured in the grandchild policy or not. With this enhancement it is now verified whether queuing functions are configured, and if not the policy is accepted.
Benefits
With this enhancement it is possible to shape a customer connection, perform queuing inside the shaper, and mix multiple traffic classes inside a queue while policing/re-marking the traffic classes in the same queue in a different manner.
Per VC-QoS Classification for ATM Virtual Path Pseudowires
This feature allows for attaching an MQC policy on ingress on an ATM PVP that is configured for a VP-mode ATMoMPLS pseudowire (Cell Relay) in order to mark MPLS EXP for traffic sent into the pseudowire and across the MPLS network. The classes of the MQC policy are using "match atm-vci" classification in order to mark EXP differently on a per-VC basis inside the PVP.
Benefits
VP-mode pseudowires allow customers to transport multiple ATM VCs within a single ATMoMPLS pseudowire and increase the scalability of the network solution. This feature does make sure that, while increasing the scale, the ability to mark EXP differently on a per-VC basis is not lost.
Hardware
• Cisco 7600 Series Routers
• Cisco 7600 Series SIP-400
• 2- and 4-port OC-3/STM-1 ATM shared port adapter (SPA), 1-port OC-12/STM-4 ATM SPA, 1-port OC-48/STM-16 ATM SPA
This feature introduces a policer implemented on the Enhanced FlexWAN and SIP-200 line cards in order to limit the amount of IPv6 packets with Hop-by-Hop extension headers included.
Benefits
IPv6 packets with Hop-by-Hop extension headers included require processing by the MSFC RP on the supervisor or route switch processor. This policer makes sure that the amount of packets sent to the MSFC RP is limited to avoid high route-processor CPU loads and denial-of-service attacks.
BGP Support for 4-Byte Autonomous System Numbers (ASNs)
The IETF has proposed a 32-bit ASN scheme defined in RFC 4893 to allow for more ASNs. Both 2- and 4-byte ASNs will be supported. 4-byte ASNs will be supported for IPv4, VPNv4, and IPv6 address families.
Benefits
The number of 2-byte ASNs is limited and most of them are already allocated. The introduction of 4-byte ASNs prevents the scarcity of ASNs and the possibility that customers or providers cannot connect to the Internet because no ASN is available to them.
This feature allows tunneling of L3VPN MPLS traffic over GRE tunnels in order to implement MPLS connectivity over IPv4-only transport in case an ES+ line card is used for the MPLS core-facing ports. This feature has been introduced first by using SIP-400 line cards for MPLS core-facing ports and now is enhanced to include ES+ line cards as well.
Benefits
MPLS L3VPNs are commonly deployed by customers to separate departments, applications, and clients, but dedicated Layer 2 connectivity that allows MPLS transport may not be available. Often only IPv4 transport connectivity is available and in such case MPLS L3VPNs over GRE allow you to deploy the desired network architecture.
Hardware
• Cisco 7600 Series Routers
• Cisco 7600 Series ES+ for MPLS core-facing ports, any line card for customer-edge-facing ports
Dynamic Layer 3 VPNs (RFC 2547) with Multipoint GRE (mGRE) Tunnel Support for SIP-400 and ES+40 Cards on the Cisco 7600 Series Platform
MPLS VPN over mGRE uses IPv4-based mGRE tunnels (RFC 2784) for encapsulation of L3VPN packets between provider-edge routers in case there is only IPv4 transport available. The implementation follows RFC 4023 Encapsulating MPLS in IP or Generic Routing Encapsulation (GRE) and facilitates dynamic GRE tunnel creation mechanisms of mGRE such as Next Hop Resolution Protocol (NHRP). (For details refer to mGRE documentation.)
Benefits
mGRE eliminates the need to create and manage a mesh of point-to-point GRE tunnels. Instead a multipoint GRE tunnel is used with dynamic peer creation among the provider-edge routers that are configured with NHRP. mGRE greatly reduces the operational demands of L3VPN over GRE.
Hardware
• Cisco 7600 Series Routers
• Line cards: ES+ or SIP-400 for MPLS core-facing ports, any line card for customer-edge-facing ports
IS-IS MPLS LDP Synchronization and Autoconfiguration
The Label Distribution Protocol (LDP) Intermediate System-to-Intermediate System (IS-IS) AutoConfig and Synchronization feature reduces the packet loss as a result of the synchronization between Interior Gateway Protcol (IGP) and LDP convergence. The implementation requires information exchange between LDP and IGP. LDP needs to know the configuration state of IGPs on interfaces in order to automatically enable/disable an LDP on those interfaces. IGP needs to know the state of an LDP session on interfaces in order to avoid updating the RIB/FIB to use paths on which LDP label exchange has not converged.
Benefits
A common problem in networks tuned for IGP fast convergence is that when a previously failed link comes back up, LDP neighbor establishment takes longer than IGP convergence. In other words IGP is out of sync with LDP, reroutes traffic onto the recovered link, but traffic requiring MPLS transport is lost due to LDP neighbor ships not being established yet and MPLS not being ready.
With IGP LDP sync the IGP convergence is delayed until LDP and MPLS forwarding is ready and unnecessary traffic loss is avoided.
P2MP MPLS TE tunnels allow service providers to transport multicast traffic in an MPLS network. The P2MP tunnels are established between one head end and multiple tail ends with RSVP-TE signaling. Multicast groups are mapped to P2MP tunnels. RSVP-TE protocol extensions for P2MP LSP are defined in RFC 4875 and TE-FRR is supported as well.
Cisco 7600 Series implementation of P2MP-TE/FRR is based on egress replication model and allows for core-facing features to be applied including QoS.
Benefits
Using MPLS TE in a multipoint manner for multicast traffic combines the efficient transport of a multipoint tree with resiliency mechanisms of TE-FRR in order to allow for <50 ms protection in case of core network failures.
Release 12.2(33)SRE extends multicast high availability to support NSF/SSO and ISSU/eFSU to improve convergence upon route switch processor (RSP) switchover for Layer 3/Layer 2 multicast traffic.
Benefits
Improved convergence and resiliency in the event of a supervisor or RSP failover.
The L2VPN Pseudowire Preferential Forwarding feature allows you to configure pseudowires so that you can use ping, traceroute, and show commands to find status information before, during, and after a switchover. The implementation of this feature is based on Preferential Forwarding Status Bit Definition (draft-ietf-pwe3-redundancy-bit-xx.txt).
Benefits
The L2VPN Pseudowire Preferential Forwarding feature provides these enhancements for displaying information about the pseudowires:
• You can issue ping mpls commands on the backup pseudowires.
• You can display status of the pseudowires before, during, and after a switchover, using the show xconnect and show mpls l2transport vc commands.
The L2VPN Pseudowire Redundancy feature lets you configure your network to detect a failure in the network and reroute the Layer 2 service to another endpoint that can continue to provide service.
Benefits
This feature provides the ability to recover from a failure either of the remote provider-edge router or of the link between the provider-edge and customer-edge routers.
Hardware
• Cisco 7600 Series Routers
• Cisco 7600 Series ES+ Line Cards, SPA Interface Processor-400 (SIP400)
Stateful Switchover (SSO) is a key feature toward achieving a highly available and robust network. On a dual route processor (RP) configuration, such as on the Cisco 7600 Series Router, SSO allows the standby RP to take immediate control and maintain connectivity protocols in case of failure of the primary RP. Bidirectional Forwarding Detection (BFD) SSO implements the capability to switchover from the active RP to the standby RP.
When evaluating BFD SSO for the network, the customer should note the following considerations:
• BFD SSO is supported on both Cisco 76xx and 76xx-S chassis however some limitations in term of timers apply to help ensure proper functioning on the platform in conjunction with SSO.
• To enable echo mode the system must be configured with the no ip redirects command
Current performance and scale will vary based on device configuration and "real world" network conditions.
Benefits
BFD SSO awareness provides high availability capability for clients using BFD as the hello connectivity check mechanism to survive SSO.
BFD is the standard connectivity check mechanism for failure detection at the IP layer. This functionality enhances the current BFD implementation so that support for the IPv6 address family can be used. It provides the necessary infrastructure for running BFD over an IPv6-enabled network.
BFD clients such as OSPFv3 and static IPv6 route can use this capability and use BFD as the mechanism providing fast hellos.
Benefits
Provides fast failure-detection capability, which improves and optimizes network performance and availability for IPv6-based networks.
Allows the use of single hello fast detection mechanism, which can be used by multiple clients.
BFD MIB support provides the embedded management capability to system running BFD. With this capability, network operators can use standard SNMP to gather and retrieve data related to BFD operation from systems running BFD. Current implementation allows the retrieval of both IPv4 and IPv6 BFD related information.
Benefits
Provides MIB statistics for BFD operations for both BFD IPv4 and BFD IPv6 sessions.
Allows easy access with the use of standard SNMP and facilitates integration with current SNMP-based network management systems.
MPLS Traffic Engineering Path Protection Increased to Eight Paths
Up to eight protection paths can be signaled upon primary path failure. Only one of the configured protect-path options will be actively signaled at any given point of time. Backup path priorities are identified by path-option identifiers and are configurable for each backup path option.
Benefits
Increased path protection allows for improved fault protection in the event of multiple path failures.
BGP PIC Edge for IP/MPLS VPN and BGP Best External
The Border Gateway Protocol Prefix Independent Convergence (BGP PIC) edge feature includes a set of functions that allow fast BGP convergence in case of a BGP next-hop change. First the BGP and RIB process is improved in order to store not only one best path but rather a best and backup path. Second the Cisco IOS FIB infrastructure is improved in order to pre-install the backup path and to quickly switch onto it in case of a failure. Third BGP is further enhanced in order to force a BGP peer to always announce its best external path even though a better path is learned through iBGP.
Benefits
A router needs to rewrite all BGP prefixes to reflect a BGP next-hop change. As a consequence, the BGP convergence time is directly proportional to the number of BGP prefixes installed in the FIB table.
BGP PIC edge allows for installing a backup path in the FIB (forwarding plane) in order to perform fast recovery independent of the number of BGP prefixes in the FIB. This allows customers to achieve sub-second convergence even with hundreds of thousands of BGP prefixes managed by their routers.
BGP best external is an extension to BGP PIC to help ensure that a provider-edge router is always announcing its external path learned from the customer-edge router even if for the same prefix a better path is learned from the route reflector or another provider-edge router using iBGP. This helps to guarantee that customers can use BGP communities and BGP local_pref mechanisms to deploy active/standby exit-point topologies while helping ensure that provider-edge routers always receive both the active and standby BGP path and are able to use BGP PIC edge for fast restoration.
Subscriber-Aware Ethernet with Cisco ISG Support on Cisco 7600 Series ES+ Line Cards
Cisco Intelligent Services Gateway (ISG) is the premier policy management solution from Cisco, providing dynamic control of subscriber services and industry-leading subscriber control for PPP and native IP sessions. With this functionality, PPP or native IP subscribers obtain full lifecycle management, AAA support, and support for dynamic policy enforcement.
Release 12.2(33)SRE, extends the functionality that is currently available on the SIP-400 to the ES+ line cards.
Benefits
Cisco 7600 Series subscriber-aware Ethernet is an important strategy for service providers implementing triple-play that want to:
• Simplify client protocols for video and voice with DHCP-initiated IP session while maintaining HSI services with PPPoE
• Eliminate redundant investment in legacy BRAS by utilizing zero-touch subscriber management functions in the aggregation network
• Scale subscriber bandwidth while maintaining per-subscriber control
Service providers can now distribute provisioning and per-subscriber control into their Ethernet access infrastructures. Cisco 7600 Series features include:
Support for PPPoE or IP sessions on 1:1 Link Aggregation Control Protocol (LACP) port channels. The port channel is configured in active/standby mode and can operate across line cards. Session state is preserved on the port channel during a failover.
Benefits
Simple, low-cost redundancy options are now available using Link Aggregation to preserve PPPoE and IP sessions. The service is protected from line card or link failures to lower operational costs and improve customer satisfaction.
Hardware
• Cisco 7600 Series Routers
• Route switch processors: RSP-720-GE-3CXL and RSP-720-10G-3CXL
This feature allows the coexistence of IP sessions and IP multicast on the same sub-interface. Multicast will not be treated as in session traffic but as transparent pass-through. That feature will also bring changes to QoS model to allow applying policy on sub-interface with non-default class to help ensure differentiated treatment for video traffic.
Benefits
Simplifies management and improves scalability for video and triple-play service offerings by combining multicast and IP-session traffic on the same subinterface. Fewer VLANS are needed; correspondence between services improves for configuration and troubleshooting simplicity. Dynamic session management using ISG operates alongside IP multicast on the same service-VLAN (N:1 model).
Hardware
• Cisco 7600 Series Routers
• Route switch processors: RSP-720-GE-3CXL and RSP-720-10G-3CXL
DHCP-initiated IP sessions now support user authentication within the DHCP request prior to the assignment of the IP address. User authentication consists of the challenge-response to authenticate a user name and password in the context of DHCP [RFC2131]. EAP [RFC3748] is used within the DHCP request for authentication purposes. Implementation follows IETF draft-pruss-dhcp-auth-dsl-03.txt.
Benefits
Provides true user-name and password-level authentication for DHCP-initiated IP sessions to:
• Protect valuable content
• Eliminate fraud
• Protect the network and users from security threats
DHCP authentication brings IP sessions to the level of security that was previously only possible with PPP.
Hardware
• Cisco 7600 Series Routers
• Route switch processors: RSP-720-GE-3CXL and RSP-720-10G-3CXL
ISG NASPort Option 82 and Option 60 Transparent Auto Logon (TAL)
For IP session (DHCP-initiated) services, Option 82 and Option 60 are passed in RADIUS server in the NAS-Port ID for authorization. Option 82 can convey the identity of the line (or household), while Option 60 can identify the specific device.
Benefits
Service providers that offer triple-play, IPTV, or broadband service models now have simpler ways to manage subscriber access using information about the household and the CPE. Benefits include the ability to enable IP session wholesale models where customers can be authorized through RADIUS before being logged on. Service profiles may also be applied based on the device in the home.
Hardware
• Cisco 7600 Series Routers
• Route switch processors: RSP-720-GE-3CXL and RSP-720-10G-3CXL
L2VPN Support for ATM Cell Packing on Static Pseudowire
This feature allows for static configuration of virtual circuit labels, without using LDP signaling for virtual circuit label distribution. This feature adds support for static labels for TDM pseudowire on Circuit Emulation over Packet Switched Networks (CEoPs) SPAs.
Benefits
Static pseudowire support allows operators to form virtual circuits with provider edge routers that do not support LDP. It also provides increased scale to thousands of peers.
Virtual Circuit Connectivity Verification (VCCV) is extended to support end-to-end connectivity verification across a pseudowire switching point and to provide the ability to trace the path of a multi-segment pseudowire (MS-PW) over any number of segments. LSP ping can be used to verify connectivity between any set of provider-edge routers (terminating [T-PE] or switching [S-PE]), one or more hops away, in an MS-PW path. Path verification across multiple pseudowire segments can also be performed.
Benefits
Previously, VCCV could only be used to verify the connectivity across a single pseudowire and could not verify connectivity of VCs that spanned multiple administrative domains. This feature allows the operator to verify end-to-end VC connectivity in the case where the pseudowire spans multiple administrative domains and associated pseudowire switching points.
This feature enables a pair of Layer 2 attachment circuits to be operated in active/standby mode in order to provide redundant customer-edge attachment to a provider-edge node. With Release 12.2(33)SRE, ATM attachment circuits are supported in single-router automatic protection switching (APS) environments. This helps ensure data traffic downtime of less than 150 ms in the case of a switchover. Primary and backup access circuits are on the same Cisco 7600 Series chassis. This feature applies to attachment circuits connected to MPLS pseudowires.
Benefits
This feature allows a "working" and "protect" attachment-circuit pair to be associated with a single pseudowire rather than a separate pseudowire for each attachment circuit. When the working attachment circuit goes down, signaling and bring-up time of a backup pseudowire is no longer incurred as part of the switchover time, allowing for the 150 ms resiliency target to be achieved.
Virtual Circuit and Virtual Path Mode Cell Packing on Cisco 7600 Series SIP-400 for CEoPs and OC-48 ATM SPAs
This feature brings port-mode, virtual circuit (VC)-mode, and virtual path (VP)-mode cell packing to Circuit Emulation over Packet Switched Networks (CEoPs) and OC-48 ATM SPAs. Cell packing allows for the transport of multiple ATM cells in a single MPLS encapsulated frame. Port mode enables transport of all cells arriving on an ATM port over the MPLS cloud, while the VC mode transports of all cells belonging to a VC (cells with same VPI/VCI) over the MPLS tunnel in packed form. Similarly, VP mode transports all cells belonging to a VP (cells with same VPI) in packed form. The timer for cell packing is configurable. Release 12.2(33)SRE adds this support for OC-48 ATM and CEoPs SPAs. All variants of CEOP SPA are supported.
Benefits
Cell packing is a bandwidth-efficiency feature for ATM-over-MPLS transport, allowing the packing of multiple cells into an MPLS encapsulated payload. Cell packing allows the amortization of the MPLS, pseudowire, and Layer 2 headers over many ATM cells, rather than just one, making it more efficient than a single-cell-relay-based connection.
Support for delivering precise frequency over Gigabit Ethernet physical links as defined in ITU specifications for Ethernet Equipment Clock. This feature extends the physical-layer network synchronization capabilities traditionally provided by TDM and SONET network interfaces to Ethernet network interfaces, allowing a Metro Ethernet network to be part of an overall synchronous network implementation within a service provider network, providing that each element in the Metro Ethernet network is capable of Synchronous Ethernet support. ESMC is not supported in this release.
Benefits
The Cisco 7600 Series supports precise frequency across a Metro Ethernet network in order to serve applications that require precise and stable frequency and/or synchronization between client endpoints. Examples are mobile base stations and legacy TDM circuit emulation.
Hardware
• Cisco 7600 Series Routers
• Cisco 7600 Series ES+ Line Cards
Additional Information
Feature is compliant with G.8261/G.8262 as well as G.823/G.824/G.825 jitter and wander specifications. ESMC is not supported in Release 12.2(33)SRE.
Allows for multiple base stations (2G networks) to share a single VC-12 in CEOP over cSTM-1 or cE1. Before this enhancement, one BTS going down triggers an AIS for the entire VC-12, bringing all base stations sharing that VC-12 down. AIS generation per VC-12 will be disabled by default and can be enabled through the CLI.
Release 12.2(33)SRD Feature Highlights
The following sections include Release 12.2(33)SRD hardware and software feature highlights.
Like all 12.2SR releases, Release 12.2(33)SRD integrates Cisco IOS Software innovations that span multiple technology areas, including Carrier Ethernet Flexible Infrastructure, Manageability, and Quality of Service. It also features further improvements in the areas of Resiliency, Subscriber Aware Ethernet, Mobility, and Layer 2 functionality.
The 12.2(33)SRD Release also includes support for the Cisco 7600 Ethernet Services Plus (ES+) Series line cards that will be released in Q1CY2009. The 7600-ES+ series of line cards enables 40G per slot performance for video, voice, data, and mobility services.
Table 2. Release 12.2(33)SRD Highlights
Hardware
Carrier Ethernet Flexible Infrastructure
Carrier Ethernet Manageability
Carrier Ethernet Quality of Service
Cisco 7600 Series - Ethernet Services Plus 40G Line Cards*
SPA-8X1FE-TX-V2 & SPA-4X1FE-TX-V2 Support on Cisco 7600-SIP-400
Cisco 7200 Series Routers, Cisco 7201 Router, and Cisco 7301 Router Support
Service Instance (EVC) on Portchannel for Cisco 7600 40G Ethernet Services Plus Line Cards
Broadcast Storm Control on Switchports and Ports with Service Instances (EVCs)
DHCP Snooping on Service Instance (EVC)
Uni-Directional Link Detection on Service Instance (EVC)
Dual Rate Three Color ingress policer on Service Instances
IP SLAs Metro-Ethernet 2.0 (EVC)
Bandwidth Remaining Ratio Support
L2 Access Control List on Service Instance (EVC)
Resiliency
Subscriber Aware Ethernet
Mobile
L2 Enhancements
MST on Service Instance (EVC) Bridge Domain
NSF/SSO - E-LMI support
NSF/SSO - 802.3ah OAM support
NSF/SSO - CFM Support
Asymmetric Carrier Delay
SAE: DHCP - Relay Option 82 encapsulation
SAE: Authentication - DHCP Option 60 Support and VPN-ID Support
SAE: RSVP support for IP Sessions
IMA Core Facing Support
Port Mode Cell Relay Support
ISG Support on SAMI Blade
L2VPN Routed Mode Interworking: Ethernet/VLAN to ATM/FR/PPP on Cisco 7600
L2TPv3 - Layer-2 Tunneling Protocol Version 3 on Cisco Ethernet Services Plus Line Cards
Bridging using RFC1483 Routed Encapsulation (BRE) on 7600-SIP-400
Mini Protocol Analyzer using SPAN
* Ethernet Services Plus 40G Line cards will be available in Q1 CY2009
Hardware
Cisco 7600 Series Ethernet Services Plus 40G Line Cards
The Cisco® 7600 Series Ethernet Services Plus 40 Gbps (ES+40) Line Cards utilize an extensible design that enables service prioritization for voice, video, data, and wireless mobility services. Service Provider and Enterprise customers benefit from the improved economics, density, advanced Carrier Ethernet features, and the high performance of the ES+40 fixed-configuration line cards. With the same architecture and features, the Cisco 7600 Series Ethernet Services Plus 20 Gbps (ES+20) Line Cards are designed for networks with lower interface density requirements. In the following sections, the ES+40 and ES+20 Line Cards will be referred to as the ES+ series.
The ES+ series programmable interface processors protect network investments and reduce total cost of ownership. The design maximizes connectivity options and offers superior service intelligence through programmable interface processors operating at line rate. The family of Cisco 7600 ES+ series Line Cards is shown in Figure 5.
Figure 5. Cisco 7600 ES+ Series Line Cards: 4-port 10GE and 40-port GE; 2-port 10GE and 20-port GE
Benefits
• Higher density, greater scalability
– Offers up to 40G density per slot
– 256K queues (128K ingress and 128K egress)
– Available with DFC3C or DFC3CXL
• Line rate with services enabled
– Provides line rate forwarding performance on GE and 10GE interfaces with services enabled.
• Cisco Service Instance (EVC) Support
– ES+ supports Cisco Service Instance (EVC) to enable flexible UNI
• 10GE and GE port options
– Offers 4x10GE, 40xGE, 2x10GE, and 20xGE options
• DWDM and CWDM optics supports
– ES+ line cards support DWDM and CWDM optics that should reduce operational costs
SPA-8X1FE-TX-V2 & SPA-4X1FE-TX-V2 Support on Cisco 7600-SIP-400
The Cisco 4- and 8- port Fast Ethernet SPAs version 2 are now available on Cisco 7600-SIP-400, offering the benefits of network scalability with lower initial costs and easy upgrades. The Cisco SPA/SIP portfolio continues the company's focus on investment protection along with consistent feature support, broad interface availability, and the latest technology. The Cisco SPA/SIP portfolio allows deployment of different interfaces (packet over SONET/SDH [POS], ATM, Ethernet, etc.) on the same interface processor.
Fast Ethernet interfaces are commonly used to interconnect routers or other devices within a central office or data center or in a metropolitan-area network (MAN). With Cisco Fast Ethernet SPAs, users can mix and match SPA ports with other types of interfaces in the same slot. Each SPA provides standards-based Fast Ethernet implementation for compatibility and interoperability. The 8-port SPA is shown below in Figure 6.
The Cisco Fast Ethernet SPAs can be used in any combination of the following applications:
• Residential triple-play services
• Metro Ethernet services
• Converged residential and business services
• Internet peering
• Inter- and intra-point of presence (POP) aggregation
Figure 6. Cisco 8-Port 10BASE-T/100BASE-TX Fast Ethernet SPA
Benefits
• Member of the Cisco SIP/SPA portfolio
– Allows mixing and matching with other compatible port adaptors
– Provides improved slot economics when increasing density to reduce capital expenditures (CapEx)
• Expands interface breath on the 7600-SIP-400
– Adds Fast Ethernet interface to the 7600-SIP-400
Cisco 7200 Series Routers, Cisco 7201 Router, and Cisco 7301 Router Support
Cisco IOS Software Release 12.2(33)SRD includes support for the Cisco 7200 Series Routers and Cisco 7301 Router. Release 12.2(33)SRD also includes support for the Cisco 7201 Router, the latest generation of the Cisco 7200 Series Family.
Within the Cisco IOS Software Release 12.2S family, the migration path for new features on the Cisco 7200 Series Routers and Cisco 7301 Router is from Release 12.2SB to Release 12.2SR. Release 12.2(31)SB2 is the last Release 12.2SB release to include support for the Cisco 7200 Series Routers and Cisco 7301 Router.
Cisco 7200 Series Routers
The industry's most widely deployed universal services aggregation router for enterprise and service provider edge applications, the Cisco 7200 Series offers (See Figure 7):
• Exceptional price/performance - The NPE-G2 Network Processing Engine aggregates services at up to 2 Mpps
• A wide range of connectivity options and numerous features including serviceability and manageability
• Increased VPN performance with VPN Services Adapter
• Increased scalability and flexibility with the Port Adapter Jacket Card
Figure 7. Cisco 7200 Series Routers
Cisco 7201 Router
The Cisco 7201 Router is the latest generation of the Cisco 7200 Series Family. It is a compact, high performance Single Rack Unit (RU) router that uses the latest Cisco 7200VXR Network Processing Engine NPE-G2 coupled with a comprehensive range of interface options. (See Figure 8.)
Figure 8. Cisco 7201 Router
The Cisco 7201 Router addresses the demand for the same performance enhancements, and Cisco IOS Software features of the latest Cisco 7200VXR NPE-G2 but in a smaller form-factor and with low power consumption. The Cisco 7201 provides four built-in Gigabit Ethernet ports and one Port Adapter (PA) slot which make it ideal for various Service Providers and Enterprise applications. It also offers redundant and field-replaceable AC and DC power supplies
With its combination of scalable performance, compact architecture, high density, and low price per port, the Cisco 7301 is ideally suited for a variety of key applications within both the Service Provider and Enterprise markets.
Cisco 7301 Router
The Cisco 7300 Series is optimized for flexible, feature rich IP/MPLS services at the customer network edge, where service providers and enterprises link together. (See Figure 9.) With 3 built-in Gigabit Ethernet interfaces (copper or optical) and a single slot for any Cisco 7000 Series port adapter, the Cisco 7301 is highly flexible for a variety of applications. Additionally for broadband aggregation, the Cisco 7301 supports up to 16,000 subscribers sessions making it ideal for pay-as-you-grow broadband deployment models.
Service Instance (EVC) on Portchannel for Cisco 7600 40G Ethernet Services Plus Line Cards
802.3ad or port-channel has become a requirement for many Cisco 7600 customers. The predominant application for this feature is the aggregation of U-PE nodes or access nodes that don't have 10Gbps interfaces but require more than 1Gbps as an uplink. This translates to support on the Cisco 7600 for UNI facing link bundles/ether channels.
This particular feature allows for the bundling of EVC service instances into an 802.3ad bundle on the Ethernet Services Plus line cards.
Benefits
There are primarily two main reasons for implementing 802.3ad bundles:
1. increased bandwidth between nodes
2. increases redundancy by having link(s) protected by other member link(s) in the bundle
Broadcast Storm Control on Switchports and Ports with Service Instances (EVCs)
A traffic storm occurs when packets flood the LAN, creating excessive traffic and degrading network performance. The traffic storm control feature prevents LAN ports from being disrupted by a broadcast, multicast traffic storm on physical interfaces. Traffic storm control (also called traffic suppression) monitors incoming traffic levels over a 1-second traffic storm control interval and, during the interval, compares the traffic level with the traffic storm control level that you configure. The traffic storm control level is a percentage of the total available bandwidth of the port. Each port has a single traffic storm control level that is used for all types of traffic (broadcast, multicast).
Traffic storm control monitors the level of each traffic type for which you enable traffic storm control in 1-second traffic storm control intervals. Within an interval, when the ingress traffic for which traffic storm control is enabled reaches the traffic storm control level that is configured on the port, traffic storm control drops the traffic until the traffic storm control interval ends.
The following are examples of traffic storm control behavior:
• If you enable broadcast traffic storm control, and broadcast traffic exceeds the level within a 1-second traffic storm control interval, traffic storm control drops all broadcast traffic until the end of the traffic storm control interval.
• If you enable broadcast and multicast traffic storm control, and the combined broadcast and multicast traffic exceeds the level within a 1-second traffic storm control interval, traffic storm control drops all broadcast and multicast traffic until the end of the traffic storm control interval.
• If you enable broadcast and multicast traffic storm control, and broadcast traffic exceeds the level within a 1-second traffic storm control interval, traffic storm control drops all broadcast and multicast traffic until the end of the traffic storm control interval.
If you enable broadcast and multicast traffic storm control, and multicast traffic exceeds the level within a 1-second traffic storm control interval, traffic storm control drops all broadcast and multicast traffic until the end of the traffic storm control interval.
Benefits
This feature adds support for broadcast storm control on switch-ports and on ports with Service Instances on Ethernet Services and Ethernet Services Plus Line Cards.
DHCP snooping is a security feature that acts like a firewall between untrusted hosts and trusted DHCP servers. The DHCP snooping feature performs the following activities:
• Validates DHCP messages received from untrusted sources and filters out invalid messages.
• Rate-limits DHCP traffic from trusted and untrusted sources.
• Builds and maintains the DHCP snooping binding database, which contains information about untrusted hosts with leased IP addresses.
• Utilizes the DHCP snooping binding database to validate subsequent requests from untrusted hosts.
Other security features, such as dynamic ARP inspection (DAI) and IP Source Guard, also use information stored in the DHCP snooping binding database. DHCP snooping is enabled on a per-VLAN basis. By default, the feature is inactive on all VLANs. You can enable the feature on a single VLAN or a range of VLANs.
The DHCP snooping feature is implemented in software on the Route processor. Therefore, all DHCP messages for enabled VLANs are intercepted in the PFC and directed to the Route processor for processing.
Benefits
This feature addresses the support of DHCP snooping with service instances.
Uni-Directional Link Detection on Service Instances (EVCs)
UDLD is a Layer 2 protocol that works with Layer 1 mechanisms to determine the physical status of a link. At Layer 1, auto-negotiation takes care of physical signaling and fault detection. UDLD performs tasks that auto-negotiation cannot perform, such as detecting the identities of neighbors and shutting down misconnected ports. When you enable both auto-negotiation and UDLD, Layer 1 and 2 detections work together to prevent physical and logical unidirectional connections and the malfunctioning of other protocols.
Benefits
This feature extends the benefits of UDLD to a port that has a service instance configured underneath it.
IP Source Guard is a security feature that restricts IP traffic on untrusted Layer 2 ports by filtering traffic based on the DHCP snooping binding database or manually configured IP source bindings. This feature helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host. Any IP traffic coming into the interface with a source IP address other than that assigned (via DHCP or static configuration) will be filtered out on the untrusted Layer 2 ports.
The IP Source Guard feature is enabled in combination with the DHCP snooping feature on untrusted Layer 2 interfaces. It builds and maintains an IP source binding table that is learned by DHCP snooping or manually configured (static IP source bindings). An entry in the IP source binding table contains the IP address and the associated MAC and VLAN numbers.
Benefits
This feature extends the IP Source Guard benefits to a service instance on Ethernet Services Plus Line Cards.
Currently, the default ether type is 0x8100 on a Cisco 7600 for the Q-in-Q outer tag. However, a few non-Cisco vendors use 0x9100 or 0x9200 ether type for the Q-in-Q outer tag. For Cisco 7600 router to operate seamlessly with other vendors it is required to provide a mechanism to change the default ethertype.
Moreover, there is a need to support ethertype 0x88A8 to support provider bridge defined by IEEE 802.1ad. Custom ethertype feature is proposed as a solution for this problem that enable change of ethertype as per requirements. Under the custom ethertype model, ethertype 0x9100, 0x9200 and 0x88A8 can be configured using "dot1q tunneling" CLI under a physical port.
Benefits
This provides for a seamless interoperability with other vendors and solutions when using default ethertype.
The Cisco 7600 supports the Port Security feature on a per-port basis. With the advent of the Service Instance (EVC) infrastructure, it is now possible to provide the same type of functionality on a per-service instance basis. Since multiple customers and multiple services can be supported on a single port, it becomes useful to provide this functional to the granularity of the service instance. For instance, when a violation requires a shutdown, just the customer assigned to a given service instance is affected rather than all customers using the port.
MAC security operation is enabled on a service instance by configuring the "mac security" configuration command.
Benefits
The MAC Security functionality can be roughly divided into the following categories:
1. Configuration
• Enabling/Disabling MAC Security on service instance
• MAC Address whitelist configuration on service instance
• Sticky configuration
• Aging
• MAC Address limiting on service instance
• MAC Address limiting on BD
• Violation response configuration on service instance
The Private Hosts feature provides Layer 2 (L2) isolation between the hosts in a VLAN. You can use Private Hosts as an alternative to the Private VLAN isolated-trunks feature, which is currently not available on the Cisco 7600 router.
Service Providers (SPs) worldwide face increasing demand to provide their customers with triple-play services (voice, video, and data) over a single physical interface (copper or fiber). Typically, triple-play services are delivered over three different VLANs for each user, even though the VLAN for video traffic is often shared by multiple end users.
The key benefits of the Private Hosts feature are the ability to:
• Isolate traffic among hosts (subscribers) that share the same VLAN ID
• Reuse VLAN IDs across different subscribers, which improves VLAN scalability by making better use of the 4096 VLANs allowed
• Prevent MAC spoofing to prevent denial of service (DOS) attacks
The Private Hosts feature uses port-based Protocol-Independent MAC ACLs (PACLs) to provide Layer 2 isolation between hosts on trusted ports within a purely Layer 2 domain. The PACLs isolate the hosts by imposing Layer 2 forwarding constraints on the router ports.
Benefits
This feature addresses adding SVI's into the Private Host configuration, thus eliminating the need for an external router.
In the ITU-T specification Y.1731 a superset of fault management options have been defined that extend some of the Service Management functions outlined in the IEEE's Connectivity Fault Management (CFM) 802.1ag standard. Two of these are the Alarm Indication Signal (AIS) and the Remote Defect Indication (RDI)*. The added benefits of these two options are expanded upon below.
Alarm Indication Signal (ETH-AIS)
Ethernet Alarm Indication Signal function (ETH-AIS) is used to suppress alarms following detection of defect conditions at the server (sub) layer. Due to independent restoration capabilities provided within the Spanning Tree Protocol (STP) environments, ETH-AIS are not expected to be applied in the STP environments. In our case AIS is configurable and it's up to administrator to enable and disable AIS in STP environment or not.
Transmission of frames with ETH-AIS information can be enabled or disabled on a MEP (or on a Server MEP).
Frames with ETH-AIS information can be issued at the client Maintenance Level by a MEP, including a Server MEP upon detecting defect conditions. For example, the defect conditions may include:
• Signal fail conditions in the case that ETH-CC is enabled
• AIS condition or LCK condition in the case that ETH-CC is disabled.
For multipoint ETH connectivity, a MEP cannot determine the specific server (sub) layer entity that has encountered defect conditions upon receiving a frame with ETH-AIS information. More importantly, it cannot determine the associated subset of its peer MEPs for which it should suppress alarms since the received ETH-AIS information does not contain that information. Therefore, upon reception of a frame with ETH-AIS information, the MEP will suppress alarms for all peer MEPs whether there is still connectivity or not.
For a point-to-point ETH connection, however, a MEP has only a single peer MEP. Therefore, there is no ambiguity regarding the peer MEP for which it should suppress alarms when it receives the ETH-AIS information.
Only a MEP, including a Server MEP, is configured to issue frames with ETH-AIS information. Upon detecting a defect condition the MEP can immediately start transmitting periodic frames with ETH-AIS information at a configured client Maintenance Level. In Cisco IOS we send at MIP level configured at the interface. A MEP continues to transmit periodic frames with ETH-AIS information in the opposite direction of the defect until the defect condition is removed. AIS will automatically clear the defect condition of no AIS frames are received for a period of 3.5 times the AIS transmit interval.
Benefits
• AIS provides an mechanism for asynchronous notification of a failure in the network.
• AIS suppresses multiple redundant alarms from being transmitted to the NMS for a particular fault
Remote Defect Indication (ETH-RDI)
Ethernet Remote Defect Indication (ETH-RDI) can be used by a MEP to communicate to its peer MEPs that a defect condition has been encountered. ETH-RDI is used only when ETH-CC transmission is enabled as it is carried as bit in the Flags field of the ETH-CC message.
ETH-RDI has the following two applications:
• Single-ended fault management: The receiving MEP detects an RDI defect condition, which gets correlated with other defect conditions in this MEP and may become a fault cause. The absence of received ETH-RDI information in a single MEP indicates the absence of defects in the entire Maintenance.
• Contribution to far-end performance monitoring: It reflects that there was a defect condition in the far-end which is used as an input to the performance monitoring process.
A MEP that is in a defect condition transmits frames with ETH-RDI information. A MEP, upon receiving frames with ETH-RDI information, determines that its peer MEP has encountered a defect condition. However, for multipoint ETH connectivity, a MEP, upon receiving frames with ETH-RDI information, cannot determine the associated subset of its peer MEPs with which the MEP transmitting RDI information encounters defect conditions, as the transmitting MEP itself does not always have that information.
Benefits
• The Remote Defect Indication (RDI) serves to inform upstream MEPs that there has been a downstream failure and can be used as input to far-end performance monitoring.
* Remote Defect Indication is now included in the IEEE 802.1ag draft 8.1 (CFM) standard.
CFM Outward Facing (Down) MEP on Switchports
Existing Ethernet Connectivity Fault Management (CFM) provides for the provisioning of inward facing (UP) Maintenance End Points (MEP) on layer 2 switch ports. The CFM functionality was extended to support Outward Facing Maintenance End Points on Routed Ports for mainly monitoring the connectivity from CE to CE. With CFM being deployed in the core in bridges/switches, there comes a necessity to monitor the adjacent links with Outward Facing MEPs on switchport as well. The following figure illustrates where Outward (Down) MEPs are applied.
Figure 10. Outward MEP application
The following rules describe the behavior of an Outward (Down) MEP on switchport:
• It can send and receive CFM frames at its level via the wire connected to the port where the MEP is configured.
• It will drop all CFM frames at its level (or lower level) that come from the relay function side.
• It will drop all CFM frames at a lower level coming from the direction of the wire.
• It transparently forwards all CFM frames at a higher level, independent of whether they come in from the relay function side or the wire side. Not applicable to routed ports.
• If the port on which the MEP is configured is blocked by STP, the MEP can still transmit and receive CFM messages via the wire.
Benefits
• The Outward (Down) MEP on Switchport provides another option for CFM monitoring in Carrier Ethernet networks.
• This functionality compliments Y.1731 fault management functions.
The Service Instance (EVC) MIB has been implemented to support NMS functions for Cisco's flexible, scalable Carrier Ethernet Infrastructure. This includes the ability to retrieve information about the carrier Ethernet system. A partial list of reporting functions the Service Instance MIB can provide includes:
• Device capabilities in terms of Maximum EVC capability
• Currently configured EVCs, the nature of the EVC (point-to-point, or multipoint), and much more.
• Current EVC status (Active, Partially Active, etc.)
• Information on Flexible Service Mapping
• VLAN Matching Information
• VLAN Re-write operations in effect
• EVC forwarding information (Bridge Domain)
• Much more..
Benefits
• The Service Instance MIB allows operators to poll Service Instance information from NMS systems and provide operational status of provisioned services
The CISCO IEEE CFM MIB provides an excellent mechanism for managing the connectivity and the faults in providing EVC service. The CFM The MIB has several tables and objects that can be created, written and read by the network owners. It also provides for flexible allocation or rights. For instance, the owner may provide limited access to another provider, who can become the administrator of that table or object. The MIB interacts with the IF MIB and the scalable Carrier Ethernet Infrastructure sub-systems to provide information about connectivity and faults. A partial list of information the CISCO IEEE CFM MIB can provide includes:
• Information about the Maintenance Points configured on any given interface
• System Maintenance Point IDs,
• Maintenance Domain Levels including EVCs, MAs, MAC Address of an MP, etc.)
• VLANs associated with the Maintenance Points
• Much more.
Benefits
• The CISCO IEEE CFM (802.1ag) MIB allows operators to retrieve information about Connectivity Fault Management configuration and status in the network.
IEEE 802.3ah provides link level OAM monitoring for Service Providers utilizing native Ethernet to build out their Carrier Ethernet systems. Link Level OAM can provide early detection when a link is failing. Provide useful statistics about the general health of an interface. It can provide a means to put a link in to loopback for testing purposes. The 802.3ah MIB allows operators to retrieve information to an NMS that is available at the CLI. A partial list of the 802.3ah MIB capabilities includes:
• Providing status of the OAM enabled link (i.e. disabled, link fault, passive, active, etc.)
• Information about fault condition thresholds (i.e. Error Frames Thresholds)
• Interface Loopback status
• Much more.
Benefits
• The CISCO IEEE 802.3ah MIB allows operators to utilize an NMS to retrieve information about Link Level OAM that is available at the command line.
The Netflow MIB provides a simple and easy method to configure NetFlow, NetFlow aggregation caches, and NetFlow Data Export. You use the snmpget and snmpwalk tools to get NetFlow cache information and current NetFlow configuration information. The NetFlow MIB feature enables medium to small size enterprises to take advantage of NetFlow technology over SNMP at a reduced infrastructure cost. The MIB is created to provide Netflow information in these areas:
Dual Rate Three Color ingress policer on Service Instances
The Two Rate Three Color Marker (trTCM) meters an IP packet stream and marks its packets either conform, violate or exceed. This is based on the RFC 2698. Cisco IOS uses a token bucket algorithm to achieve this. The token bucket algorithm provides users with three actions for each packet: a conform action, an exceed action, and a violate action. Traffic entering the interface with traffic policing configured is placed into one of these categories.
Within these three categories, users can decide packet treatments. For instance, packets that conform can be configured to be transmitted; packets that exceed can be configured to be sent with a decreased priority; and packets that violate can be configured to be dropped.
Benefits
This feature allows the user to configure dual rates policing with 3 actions that can be specified (conform, exceed and violate) on the ingress of service instances.
With Release 12.2(33)SRD, the Cisco IOS IP Service Level Agreement (IPSLA) infrastructure has been extended to encompass the EVC infrastructure. Cisco IOS IPSLA enables customers to assure new business-critical IP applications, as well as IP services that utilize data, voice, and video, in an IP network. Cisco has augmented traditional service level monitoring and advanced the IP infrastructure to become IP application-aware by measuring both end-to-end and at the IP layer.
With Cisco IOS IP SLAs, users can verify service guarantees, increase network reliability by validating network performance, proactively identify network issues, and increase Return on Investment (ROI) by easing the deployment of new IP services. Cisco IOS IP SLAs use active monitoring to generate traffic in a continuous, reliable, and predictable manner, thus enabling the measurement of network performance and health.
Hardware
Routers
• Cisco 7200 Series Routers, Cisco 7301 Routers, Cisco 7600 Series Routers
Bandwidth Remaining Ration (BRR) is used to split bandwidth between users when the port is congested (i.e. oversubscribed). The configuration is simply "bandwidth remaining ratio <number>". Larger the number, the more bandwidth the session/sub-interface/evc the QoS policy-map is applied to will receive under congestion.
Priority rate propagation (PRP) is a knob that changes the baseline of calculation for BRR. PRP may be implicitly ON/OFF for a linecard, or may have a CLI that allows it to be explicitly turned ON/OFF. When PRP is ON, and a port is congested in egress, the bandwidth remaining on the link after all LLQ traffic has been serviced is split between users in the ratio configured.
Benefits
This feature brings the BRR support on SIP-400, Ethernet Services and Ethernet Services Plus modules on the Cisco 7600 platform.
Cisco's continued success in the carrier ethernet market is dependent on the availability of features that provide security, quality of service, and scalability, among other benefits. The ability to impose packet filters in a modular and scalable fashion is not only important for network security, but also for easier management of scaling networks. Therefore, the conventional methods of packet filtering are also being considered within the context of carrier ethernet technology.
Access Control Lists (ACLs) have provided the necessary packet filtering ability in routers and switches. Essentially a collection of sequential rules (ACEs), the ACL can be used to filter network traffic at a fine granularity.
Benefits
This feature addresses the requirement of making access control lists available on service instances (EVCs) on the Ethernet Services and Ethernet Services Plus line cards.
Spanning-Tree Protocol (STP) is a layer 2 link management protocol that provides path redundancy while preventing undesirable loops in the network. For a layer 2 Ethernet network to function properly, only one active path can exist between any two stations. In addition, STP forces redundant data paths into a standby (blocked) state. If a network segment in the spanning tree fails and a redundant path exists, the STP algorithm recalculates the spanning tree topology and activates the standby path.
With MSTP, a MSTP instance specifies a topology. A group of VLANs can be mapped to a MSTP instance, and ports with those VLANs share the same spanning tree, i.e. the set of forwarding and blocking ports will be the same. MSTP is completely independent of bridge domain.
It is now possible to use MSTP in the Service Instance (EVC) model without any changes to the semantics of the protocol as long as one continues to use VLAN IDs for service instance to MSTP instance mapping. EVC service instances can have encapsulations with a single tag as well as double tags. There is no confusion on which VLAN IDs in the service instances with single tag encapsulation will be used for MSTP instance mapping. In case of double tag encapsulations, the outer VLAN ID shall be used for the MST instance mapping, and the inner VLAN ID is ignored.
Benefits
• MSTP over Service Instance (EVC) Bridge Domain allows for Service Providers to take advantage of Cisco's scalable Carrier Ethernet Infrastructure, while utilizing the resilient capabilities of the MST protocol.
Cisco IOS Software Release 12.2(33)SRD delivers High Availability (HA) functionality for Ethernet Local Management Interface (E-LMI) for Cisco 7600 Series Routers.
Ethernet Local Management Interface (E-LMI) Nonstop Forwarding (NSF) with Stateful Switchover (SSO) improves the availability of a network that uses E-LMI to provide Carrier Ethernet services. E-LMI NSF/SSO provides the ability to detect failures and handle them with minimal disruption to the service being provided. E-LMI NSF is achieved by Stateful Switchover (SSO) and Nonstop Forwarding (NSF) mechanisms. A standby route processor (RP) provides control-plane redundancy. The control plane state and data plane provisioning information for the E-LMI are checkpointed to the standby RP to provide NSF for E-LMI upon switchover from the primary RP.
Benefits
• NSF with SSO together for E-LMI provides the ability to detect failures and handle them with minimal disruption to the E-LMI service being provided
Cisco IOS Software Release 12.2(33)SRD delivers High Availability (HA) functionality for 802.3ah OAM for Cisco 7600 Series Routers.
802.3ah Nonstop Forwarding (NSF) with Stateful Switchover (SSO) improves the availability of a network that uses E-LMI to provide Carrier Ethernet services. 802.3ah NSF/SSO provides the ability to detect failures and handle them with minimal disruption to the service being provided. 802.3ah NSF is achieved by Stateful Switchover (SSO) and Nonstop Forwarding (NSF) mechanisms. A standby route processor (RP) provides control-plane redundancy. The control plane state and data plane provisioning information for the 802.3ah are checkpointed to the standby RP to provide NSF for E-LMI upon switchover from the primary RP.
Benefits
• NSF with SSO together for 802.3ah provides the ability to detect failures and handle them with minimal disruption to the 802.3ah service being provided
Cisco IOS Software Release 12.2(33)SRD delivers High Availability (HA) functionality for Connection Fault Management (CFM) for Cisco 7600 Series Routers.
Connection Fault Management (CFM) Nonstop Forwarding (NSF) with Stateful Switchover (SSO) improves the availability of a network that uses CFM to provide Carrier Ethernet OAM services. CFM NSF/SSO provides the ability to detect failures and handle them with minimal disruption to the service being provided. CFM NSF is achieved by Stateful Switchover (SSO) and Nonstop Forwarding (NSF) mechanisms. A standby route processor (RP) provides control-plane redundancy. The control plane state and data plane provisioning information for the CFM are checkpointed to the standby RP to provide NSF for CFM upon switchover from the primary RP.
Benefits
• NSF with SSO together for CFM provides the ability to detect failures and handle them with minimal disruption to the CFM service being provided
In redundant link deployment scenario, a link/port may be declared UP during line card boot-up even before it is ready for forwarding, which leads to loss of traffic under switchover cases. By providing a separate notification times for link UP and DOWN, it can prevent the traffic loss.
Benefits
The Asymmetric Carrier Delay enables users to set different delay timers for link UP and link Down notification. By setting a larger link UP timer, it can prevent traffic blackhole resulting from false declaration of link up. At the same time, a smaller timer for link Down notification will facilitate the fast detection of link failure.
Hardware
Routers
Cisco 7600 Series Routers
Line Cards and SPA's:
• SIP-200 with 4 or 8-port FE SPA
• SIP-400 with 4 or 8-port FE SPA, 2-port GE SPA, or 5-port GE SPA
IOS DHCP relay is enhanced to add an encapsulated option 82. IOS creates a composite value from the existing option 82 in the received DHCP message plus new information added by Radius via ISG during the initial authorization of the session. For example, the VPN-ID can added to the DHCP request before it is forwarded on the the server. The DHCP server can then use the VPN-ID to pick a specific address pool for wholesaling, or for other policy enforcement purposes.
Figure 11. DHCP Relay Option 82 handling
Benefits
Enables wholesaling in an IP session and DHCP-relay architecture with Transparent Auto Logon. The service provider can provide the scalable zero-touch provisioning of triple play services, with unique QOS, in a wholesale environment.
Hardware
Routers
• Cisco 7200 Series Routers, Cisco 7301 Routers, Cisco 7600 Series Routers with RSP720 and 7600-SIP-400
SAE: Authentication - DHCP Option 60 Support and VPN-ID Support
DHCP Vendor Class Identifier (Option 60) provides a new way for a service provider to differentiate between devices on a customer's premises when provisioning IP sessions. With Cisco support for Option 60 in ISG, the type of premises device can be used to authorize access and set-up the end-customer's services using Cisco Intelligent Services Gateway (ISG) functionality. For example, the ption 60 value can identify a certain type of Set Top Box. When used in conjunction with DHCP Option 82 and the VPN-ID, Cisco also supports new models for wholesaling using IP sessions.
Benefits
Improves customer exerience while improving network security for FTTH and 3-play deployments. Allows for the precise application of services, including QOS, that is tuned to the CPE in a highly-scalable way.
Hardware
Routers
• Cisco 7200 Series Routers, Cisco 7301 Routers, Cisco 7600 Series Routers with RSP720 and 7600-SIP-400
12.2SRD now provides support for RSVP on the same interface as IP sessions. RSVP can be used to deterrmine the availability of end-to-end network resources in parallel to the application of services using ISG.
Benefits
Service Providers can further improve network utilization and scalability while offering 3-play services with IP sessions.
Hardware
Routers
• Cisco 7200 Series Routers, Cisco 7301 Routers, Cisco 7600 Series Routers with RSP720 and 7600-SIP-400
IMA core facing support has become a requirement for many Cisco 7600 customers. This feature allows the use of IMA interfaces as interface facing the core. This address the market which uses ATM interfaces and would like to take advantage of bundling multiple ATM interfaces towards the core.
Benefits
There are primarily two main reasons for implementing IMA core facing:
• increased bandwidth between nodes using ATM interfaces
• increases redundancy by having link(s) protected by other member link(s) in the bundle
Hardware
Routers
• Cisco 7600 Series Routers
• Line cards: 7600-SIP-400 with SPA-24CHT1-CE-ATM, or SPA-1CHOC3-CE-ATM
Cell Relay can be done in 3 modes - VC, VP and Port. The VC mode involves transport of all cells belonging to a VC (cells with same VPI/VCI) over the MPLS tunnel in either the Single or Packed form. Similarly VP mode transports cells belonging to a VP (cells with same VPI) over the MPLS tunnel, either in Single or Packed form. The Port mode involves transport of all the cells arriving on an ATM port over the MPLS cloud, separately or packed together.
Benefits
The ability to support port mode relay on ATM ports
Intelligent Service Gateway (ISG) is a Cisco IOS feature set that provides a structured framework in which edge access devices can deliver flexible and scalable services to subscribers.
Because almost any IP device can be voice-, video-, or data-enabled, service providers are delivering many services to many screens over converged fixed and mobile networks. Today's consumers of data, voice and video (triple-play) services demand a unified, high-performance experience at home, at work and on the move. The Cisco ISG controls subscriber access at the edge of the network to enable the provisioning and management of broadband networks for a broad range of access and edge technologies, subscriber numbers and service types, effectively linking subscriber service requests with distributed policy control to help ensure a high quality of experience for the emerging "Connected Life."
ISG on the SAMI has been designed with High Scalability and Wireless Deployment Scenarios in mind. With a massively distributed control plane contained within a single c7600 chassis, immense numbers of aggregated wireless customers can be terminated with very rich feature support.
What Is ISG?
Intelligent Service Gateway functionality provides advanced subscriber awareness, resource provisioning and access control capabilities. Cisco ISG distributes service intelligence to the Internet Protocol (IP) network edge. This simplifies creation and speeds delivery of advanced IP services over Cisco IP Next-Generation Networks (IP NGNs).
ISG handles the following key aspects of subscriber management:
• Full IP Session Support
• Subscriber identification
• Service and policy determination
• Session policy enforcement
• Session life-cycle management
• Accounting for access and service usage
• Session state monitoring
In addition, ISG provides a dynamic element to the provisioning and activation of services through control policies and Change of Authorization (CoA) extensions to the RADIUS protocol. This allows for "zero-touch" provisioning of an individual subscribers experience, all without impacting service to the end-user.
An ISG-enabled device may be deployed at the access edge and service edge of a network and is applicable to a range of subscriber network environments, such as digital subscriber line (DSL), public wireless LAN (PWLAN), mobile wireless, and WiMAX. Moreover, ISG has been designed to accommodate a flexible distribution of subscriber and service information within a given solution.
It is also possible to define services directly on an ISG. In all cases, service activation may be triggered as a result of a locally defined control policy, user profile associations, or CoA commands from an external policy server or portal application.
Benefits
Advanced Subscriber Management - ISG allows for numerous methods of identifying subscribers with the concept of the multi-dimensional id.
Broad Range of Ingress and Egress Methods - ISG allows a wide range of Layer 2 and Layer 3 access methods to be utilized.
Advanced Policy and User LifeCycle Management - Manage users or allow users to manage themselves. With CoA, user sessions can be managed dynamically in real time in ways never before possible.
Hardware
Routers
• Cisco 7600 Series Routers with Cisco SAMI Application blade
L2VPN Routed Mode Interworking: Ethernet/VLAN to ATM/FR/PPP
Routed interworking is used in cases where an SP wants to provide IP or other L3 routing protocol connectivity to different sites irrespective of their L2 connectivity to these sites and the sites can belong to a single customer or to multiple customers. In such cases, the SP doesn't participate in the customer's L3 network (e.g. routing functionality).
7600 supports various combinations of IP/Routed interworking including VLAN-to-Any combination. From 12.2SRD release onwards, PFC-based Ethernet-to-Any IP/Routed interworking is phased out. The 7600 VLAN to-Any IP/Routed interworking (this is also referred to as SVI/VLAN-based IP/Routed interworking) is the recommended combination for customers.
Benefits
Until the 12.2SRC release, the SVI/VLAN-based IP routed Interworking combination only works when the core-facing linecard is Flexwan, Enhanced Flexwan, and 7600-SIP-200. From 12.2SRD release, this feature is supported on the 7600-SIP400, 7600-SIP-600, ES-20, and ES+ line cards.
L2TPv3 - Layer-2 Tunneling Protocol Version 3 on Cisco Ethernet Services Plus Line Cards
Cisco IOS® Release 12.2(33)SRD offers Layer 2 Tunneling Protocol (L2TP) Version 3 on the Ethernet Services Plus Line Cards. L2TPv3 helps enable service providers to deliver traditional Layer 2 services entirely from their IP infrastructures.
Offering a traditional Layer 2 service such as Frame Relay using an IP network infrastructure can lower the cost of providing the same service compared to offering the same service using a dedicated Layer 2 network. IP network infrastructures support multiple service types, and multi-service networks can spread network investments and operating costs across a larger and more diverse customer base. L2TPv3 also allows a service provider to extend the geographic reach of its traditional Layer 2 service to areas where its Layer 2 networks do not currently exist. Traditional Layer 2 services can now be offered as far as the IP network can reach.
Using L2TPv3, service providers can now enhance their product portfolios to include managed Internet, intranet, and extranet services without adding complexity and expense. Customer equipment investments are protected as customers continue to connect to the service provider through their existing infrastructures.
On the Cisco 7600 series routers, L2TPv3 is a line card feature that was traditionally only implemented on the 7600-SIP-400 line card. In the 12.2(33)SRD Release, L2TPv3 is supported on the 7600-ES+20/40 line cards in hardware, with the same capabilities (excluding the non-Ethernet interface support) and restrictions as the 7600-SIP-400. The minimum hardware requirement for enabling the L2TPv3 service on a 7600 router are an L2TPv3-aware line card (such as the 7600-SIP-400/ES+) at the Layer 2 CE- facing side and an IP interface on any line card at the IP core-facing side. A service card is not required for L2TPv3.
7600-ES+40 line card supports 16,000 Psuedowires (up form 8,000 on 7600-SIP-400) with 512 tunnels and Ethernet (only) attachment circuit types.
Benefits
• Drive down the cost of providing traditional Layer 2 services through superior cost efficiencies of multiservice IP infrastructures and service bundling
• Extend their existing Layer 2 networks without expanding their legacy networks
Hardware
Routers
• Cisco 7600 Series Routers
• Line Cards: 7600-SIP-400, Cisco 7600 Ethernet Services Plus Series Line Cards
Bridging using RFC1483 Routed Encapsulation (BRE) on 7600-SIP-400
Bridging Routed Encapsulation (BRE) provides a network migration solution for ATM Service Providers starting to offer Ethernet Access services. Such service provider needs to migrate one of their network endpoints to an Ethernet service. This means that the routed connection from one router now goes across ATM cloud, gets terminated on an ATM sub-interface PVC, and then bridged traffic to another Ethernet router.
With the 12.2(33) SRD Release, Cisco 7600 now supports BRE on the 7600-SIP-400 in addition to the 7600-SIP-200.
Benefits
• Investment protection
– Service providers can continue to use the ATM and Ethernet equipment and reduce capital expenditures as they evolve their network.
• Increased SIP/SPA interface selection
– With the addition of 7600-SIP-400, there is an increase in the breadth of interface selections that supports BRE
Mini protocol analyzer provides a standalone packet capture tool to assist in remote troubleshooting. This feature allows the capture and inspection of packets on a live box using CLI. 7600 can passively capture the packets to local memory and display the packets on the console or export the captured buffer to external servers for post processing.
The captured packets are dumped on local flash disk in a standard PCAP format and can be later sourced to a common packet analyzing tools such as ethereal. This provides a powerful diagnostic tool to network administrators to quickly define and capture interesting traffic for troubleshooting purposes without any service disruption.
Benefits
• Improved troubleshooting
– Allows the capture and inspection of packets on a Cisco 7600 using CLI.
The following sections include Release 12.2(33)SRC hardware and software feature highlights.
Like all Release 12.2SR releases, this Release 12.2(33)SRC integrates Cisco IOS Software innovations that span multiple technology areas, including Broadband, Quality of Service, Layer 2 VPN, MPLS and Layer 3 VPN, IP Addressing and Services, and IPv6, IP Routing, and Infrastructure and Embedded Management.
Table 3. Release 12.2(33)SRC Highlights
Hardware
Broadband
Quality of Service
Layer 2 VPN
Cisco 7600 Series Route Switch Processor 720-10GE (RSP720-3C-10GE & RSP720-3CXL-10GE)
8-Port 10 Gigabit Ethernet Module for Cisco 7600 Series Routers
Wireless Services Module (WiSM) for Cisco 7600 Series Routers
PA-MC-T3-EC and PA-MC-2T3-EC for Cisco 7200 and 7301 Series Routers
Cisco 7200 Series Routers, Cisco 7201 Router, and Cisco 7301 Router Support
Cisco ISG Session Control High Availability (SSO/EFSU)
Cisco ISG Support for Cisco 7600 Series Routers
Cisco ISG: Service Control Engine Common Control Bus
Cisco ISG: MQC Support for IP Sessions
Cisco ISG: IP Session Keepalives (ARP and ICMP)
Broadband PPP - Features for Cisco 7600 Series Routers
Authentication, Authorization and Accounting Enhancements
Tunnel-Based Admission Control Support for Cisco 7600 Series Routers
Per-User QoS for Cisco 7600 Series Routers
Per-Session QoS for Cisco 7600 Series Routers
Per-Session Shaping and Queuing on LNS for Cisco 7600 Series Routers
Traffic Shaping Overhead Accounting for ATM for Cisco 7600 Series Routers
GRE Tunnel Marking for Cisco 7200 Series Routers
High Availability for Any Transport over MPLS (AToM): NSF with SSO;EFSU
AToM Tunnel Selection for Cisco 7200 Series Routers and the Cisco 7301 Router
MPLS PW Status Signaling
Per Subinterface MTU for Ethernet over MPLS (EoMPLS)
High Availability for Virtual Private LAN Service (VPLS): NSF with SSO; EFSU
H-VPLS N-PE Redundancy for QinQ or MPLS Access
VPLS MAC Address Withdrawal
TDM Local Switching
L2VPN PW Redundancy - ATM Attachment Circuits
MPLS and Layer 3 VPN
IP Addressing and Services, and IPv6
IP Routing
Cisco IOS Infrastructure and Embedded Management
Cisco IOS MPLS TE/RSVP Enhancements
Cisco IOS MPLS LDP Enhancements
Cisco IOS MPLS Embedded Management Enhancements
Cisco IOS MPLS Layer 3 VPN Enhancements
HSRP Group Shutdown
VRRP Stateful Switchover/Enhanced Fast Software Upgrade
Cisco 7600 Series Route Switch Processor 720-10GE (RSP720-3C-10GE & RSP720-3CXL-10GE)
The Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet uplinks is specifically designed to deliver high scalability, performance, and fast convergence required for today's and tomorrow's demanding voice, video, data, and mobility (quadruple-play) services. The RSP720-10GE offers Carrier Ethernet Service Providers tremendous flexibility, scalability and performance at the access or aggregation edge while deploying advanced IP video and triple-play (voice, video, and data) system applications in both the residential and business services markets. In essence, it gives Service Providers and Enterprises true service convergence with the ability to manage a wide variety of applications over a range of access mediums using a single platform, the Cisco 7600 Series. (See Figure 12).
Note: The RSP720-10GE in Release 12.2(33)SRC is orderable on a limited basis. Contact your Cisco sales representative for details.
Figure 12. Cisco 7600 Series Route Switch Processor 720-10GE
Benefits
• Integrated 720-Gbps switch fabric
– Offers Layer 2 forwarding rates of up to 30 million packets per second (Mpps)
– Provides bandwidth capacity of 40 Gbps per slot
– Allows additional slots for increased port density
• Hardware-based Cisco Express Forwarding
– Offers Layer 3 (IP and MPLS) forwarding rates of 30 Mpps
• 10GE and GE port options
– Offers 2x10Gigabit Ethernet and 3xGigabit Ethernet ports options (including 1x 10/100/1000 RJ45 port) on the RSP
– Interfaces are configured either in 10GE port mode only or in mixed-mode
• Faster CPU and added memory - Performance improvements include:
– Faster protocol convergence times
– Improved Internet Group Management Protocol (IGMP) snooping times
– Improved router boot-up times
– Faster rates of establishing Dynamic Host Configuration Protocol (DHCP) server, Label Distribution Protocol (LDP), IP sessions, and traffic engineering
8-Port 10 Gigabit Ethernet Module for Cisco 7600 Series Routers
The 8-port 10 Gigabit Ethernet module doubles the 10 Gigabit Ethernet density on the Cisco 7600 Series, providing up to 64 ports of 10 Gigabit Ethernet in a single Cisco 7600 Series chassis. (See Figure 13).
There are two versions of the Series 8-port 10 Gigabit Ethernet module:
Both modules contain the WS-X6708-10GE base board and a distributed forwarding card. The base module supports up to eight pluggable X2 optics and has a 40 Gbps connection to the fabric and is therefore 2:1 oversubscribed. The distributed forwarding card provides hardware-based MAC learning and forwards traffic at 48 Mpps. 8-port 10 Gigabit Ethernet module can demonstrate up to 64 Gbps local switching. Besides port density, it also has increased port buffering and enhanced queuing and scheduling mechanisms for congestion management.
Figure 13. 8-Port 10 Gigabit Ethernet Module for Cisco 7600 Series Routers
Benefits
• Increased port density
– 8 ports per module (up to 64 ports per chassis)
– Consolidates chassis for bandwidth aggregation
• Increased port buffering
– 200MB per port
– More efficient transmissions for long haul connections
• New scheduler
– Shaped Round Robin (SRR) in egress
– More efficient handling of bursty traffic
• New queuing mechanism
– Differentiated Services Code Point (DSCP)-based queue mapping
– Allows both ingress and egress queuing based on Layer 3 TOS and provides more granular classes of traffic
• Increased memory
– Default 1 GB DRAM
– Storage of larger forwarding table
Hardware
Routers
• Cisco 7604, 7606, 7606-S, 7609, 7609-S, and 7613
Wireless Services Module for Cisco 7600 Series Routers
Wireless Services Module (WiSM) support for Cisco 7600 Series Routers provides unparalleled security, mobility, redundancy, and ease of use for business-critical wireless LANs (WLANs). It delivers the most secure wireless system available for Enterprise-scale WLANs. As a Cisco 7600 Series module, it delivers centralized security policies, wireless Intrusion Prevention System (IPS) capabilities, award-winning RF management, Quality of Service (QoS), and Layer 3 fast secure roaming for WLANs. As a key component of the Cisco Unified Wireless Network, the Cisco WiSM provides the control, security, redundancy, and reliability that network managers need to scale and manage their wireless networks easily. (See Figure 14).
Figure 14. Cisco 7600 Series Wireless Services Module
The Cisco WiSM is a member of the Cisco Wireless LAN Controller family. It works in conjunction with Cisco Aironet® access points, the Cisco Wireless Control System (WCS) and the Cisco Wireless Location Appliance to support mission-critical wireless data, voice, and video applications. It provides real-time communication between access points and other WLAN controllers to deliver a secure and unified wireless solution.
The Cisco WiSM smoothly integrates into existing Cisco 7600 Series Enterprise networks. It communicates using the emerging Lightweight Access Point Protocol (LWAPP) standard to establish secure connectivity between access points and modules across Layer 3 networks. This protocol enables the automation of important WLAN configuration and management functions for cost-effective WLAN operations. With this integrated approach to large-scale wireless networking, customers can realize significant total cost of ownership benefits by streamlining support costs and reducing planned and unplanned network downtime.
Because the Cisco WiSM supports 802.11a/b/g and the IEEE 802.11n draft 2.0 standard, organizations can deploy the solution that best meets their individual requirements. Organizations can offer robust coverage with 802.11 a/b/g or deliver greater performance with 5x the throughput and unprecedented reliability using 802.11n and Cisco's Next-Generation Wireless Solutions and Cisco Enterprise Wireless Mesh.
Benefits
• Cisco 7600 Series Integration - Embedded system for the Cisco 7600 Series infrastructure, delivering centralized security policies, IPS, RF management, QoS, and Layer 3 fast secure roaming for WLANs
• Enterprise Scalability - Scalable architecture provides business-critical wireless services for deployments of all sizes
• Enterprise Reliability - Automated recovery from failures of Cisco Aironet access points, Cisco WiSMs, and Cisco 7600 Series Supervisor Engine 720 maximizes the availability of the wireless network
• Integrated RRM - Creates an intelligent RF control plane for self-configuration, self-healing, and self-optimization
• Zero-Configuration Deployment - The Cisco WiSM is deployed without manually configuring access points or modifying existing network infrastructures
• Intrusion Detection, Location, and Containment - Integrated wireless intrusion protection preserves the integrity of wireless networks and sensitive corporate information
• Mobility Management - Users can roam between access points and across bridged and routed subnets without requiring changes to the underlying infrastructure
• Intuitive Management Interfaces - Better visibility and control of the air space reduces operational costs
PA-MC-T3-EC and PA-MC-2T3-EC for Cisco 7200 and 7301 Series Routers
The 1- and 2-port multichannel T3 port adapters for the Cisco 7200 Series Routers and Cisco 7301 Router are enhanced versions of the previous multichannel T3 port adapters (part numbers PA-MC-T3 and PA-MC-2T3+). (See Figure 15).
The new port adapters address specific scalability challenges by increasing performance and lowering CPU usage. They offload advanced capabilities and features from the CPU, delivering them directly to meet Enterprise and Service Provider WAN link-aggregation service requirements. Each port adapter T3 interface can be independently configured for either multichannel T3 or clear-channel packet-over-T3 operation. With T3 port configurations, connections to DS-3 and subrate DS-3 services can be provisioned. With multichannel T3 port configurations, up to 28 T1 links per T3 interface can be brought in on a singlewide port adapter. Each T1 can be further channelized to DS-0, making the port adapters highly flexible interfaces for WAN provisioning.
Figure 15. Cisco 1- and 2-Port Multichannel Enhanced Capability Port Adapters
The combination of multichannel T3 and clear-channel functions makes the Cisco 1- and 2-Port Multichannel Enhanced Capability Port Adapters ideal for today's rapidly changing WAN environment. Specific features such as MLPPP, MLFR, LFI, and FRF.12 have been offloaded from the CPU to further enable agile response to new services while using existing infrastructure connections to better advantage.
As an integral part of a service node where customer bandwidth needs are uncertain, the port adapters allow Service Providers to avoid determining beforehand how ports will be allocated between DS-0, DS-1, and DS-3 connections. For Enterprise remote-site connection, the flexibility to support DS-0, DS-1, and DS-3 connections means the port adapters reduce equipment expenditures by integrating the capabilities and services of numerous port adapters onto a single adapter. They also provide investment protection by growing with the Enterprise to meet the needs of both today's DS-0 and DS-1 aggregation networks and tomorrow's T3 aggregation networks.
Benefits
• Operation Modes
– Multichannel (channelized) - 28 T1 ports multiplexed onto a single T3 connection per interface
– Clear channel (unchanelized) - Offers an unchannelized 45-Mbps T3 clear channel per interface
• Performance
– Line rate - Provides full T3 line usage and throughput
– New intelligent software architecture - Lower CPU usage increases router efficiency and improves resource usage, enabling more services
• Feature Offloads
– MLPPP - Port adapter intelligence alleviates heavy processing of CPU-intensive features
– MLFR - Lowers CPU processing while performing fragmentation and defragmentation
– LFI - Reduces delay on slower-speed links by breaking up large datagrams and interleaving low-delay traffic packets with the smaller packets resulting from the fragmented datagram
– FRF.12 - Controls delay and delay variation when real-time traffic such as voice is carried across the same interfaces as data
Cisco 7200 Series Routers, Cisco 7201 Router, and Cisco 7301 Router Support
Starting with Cisco IOS Software Release 12.2(33)SRC, Release 12.2SR includes support for the Cisco 7200 Series Routers and the Cisco 7301 Router. Release 12.2(33)SRC also includes support for the Cisco 7201 Router, the latest generation of the Cisco 7200 Series Family.
Within the Cisco IOS Software Release 12.2S family, the migration path for new features on the Cisco 7200 Series Routers and the Cisco 7301 Router is from Release 12.2SB to Release 12.2SR. Release 12.2(31)SB2 is the last Release 12.2SB release to include support for the Cisco 7200 Series Routers and the Cisco 7301 Router.
Cisco 7200 Series Routers
The industry's most widely deployed universal services aggregation router for Enterprise and Service Provider edge applications, the Cisco 7200 Series offers (See Figure 16):
• Exceptional price/performance - The NPE-G2 Network Processing Engine aggregates services at up to 2 Mpps
• A wide range of connectivity options and numerous features including serviceability and manageability
• Increased VPN performance with VPN Services Adapter
• Increased scalability and flexibility with the Port Adapter Jacket Card
Figure 16. Cisco 7200 Series Routers
Cisco 7201 Router
The Cisco 7201 Router is the latest generation of the Cisco 7200 Series Family. It is a compact, high performance single Rack Unit (RU) router that uses the latest Cisco 7200VXR Network Processing Engine NPE-G2 coupled with a comprehensive range of interface options. (See Figure 17.)
Figure 17. Cisco 7201 Router
The Cisco 7201 Router addresses the demand for the same performance enhancements, and Cisco IOS Software features of the latest Cisco 7200VXR NPE-G2 but in a smaller form-factor and with low power consumption. The Cisco 7201 provides four built-in Gigabit Ethernet ports and one Port Adapter (PA) slot which make it ideal for various Service Providers and Enterprise applications. It also offers redundant and field-replaceable AC and DC power supplies.
With its combination of scalable performance, compact architecture, high density, and low price per port, the Cisco 7301 is ideally suited for a variety of key applications within both the Service Provider and Enterprise markets.
Cisco 7301 Router
The Cisco 7300 Series is optimized for flexible, feature rich IP/MPLS services at the customer network edge, where Service Providers and Enterprises link together. (See Figure 18.) With 3 built-in Gigabit Ethernet interfaces (copper or optical) and a single slot for any Cisco 7000 Series port adapter, the Cisco 7301 is highly flexible for a variety of applications. Additionally for broadband aggregation, the Cisco 7301 supports up to 16,000 subscribers sessions making it ideal for pay-as-you-grow broadband deployment models.
Figure 18. Cisco 7301 Router
The following are some of the key Cisco IOS Software highlights on the Cisco 7200 Series, the Cisco 7201, and the Cisco 7301 Routers in Release 12.2(33)SRC:
Bidirectional Forwarding Detection (BFD)
BFD is a detection protocol designed to provide fast forwarding path failure detection times for all media types, encapsulations, topologies, and routing protocols. BFD also provides a consistent failure detection method for network administrators.
BFD support was first introduced to Release 12.2SR in Release 12.2(33)SRA for the Cisco 7600 Series Routers. Release 12.2(33)SRB and Release 12.2(33)SRC include BFD enhancements which are highlighted in the later sections of this document. For more detailed information on BFD support in Release 12.2SR, please visit: http://www.cisco.com/en/US/products/ps6922/products_feature_guides_list.html
MPLS Traffic Engineering (TE) - Fast ReRoute
The MPLS TE - Fast Reroute (FRR) Link and Node Protection feature provides link protection (backup tunnels that bypass only a single link of the Label-Switched Path (LSP)), node protection (backup tunnels that bypass next-hop nodes along LSPs), and the following FRR features:
The Cisco implementation of IPv6 VPN provider edge router over MPLS is referred to as Cisco 6VPE and enables IPv6 sites in a VPN that communicate with each other over an MPLS IPv4 core network using MPLS Label Switched Paths (LSPs).
Multiprotocol Label Switching (MPLS) Label Distribution Protocol (LDP) Interior Gateway Protocol (IGP) Synchronization ensures that LDP is fully established before the IGP path is used for switching. This feature is only supported on interfaces running OSPF or IS-IS processes.
MPLS LDP-IGP Synchronization was first introduced to Release 12.2SR in Release 12.2(33)SRB for the Cisco 7600 Series Routers. In Release 12.2(33)SRB and Release 12.2(33)SRC, MPLS LDP-IGP Synchronization is not supported with IS-IS. Only OSPF is supported. For more detailed information on MPLS LDP-IGP Synchronization in Release 12.2(33)SRB, please visit: http://www.cisco.com/en/US/products/sw/iosswrel/ps1829/products_feature_guide09186a00802d95dd.html
IP SLAs for MPLS Pseudo Wire (PWE3) via VCCV
IP SLAs for MPLS Pseudo Wire (PWE3) via VCCV is used to schedule pseudo-wire ping operations and provide monitoring and alerts for Round Trip Time (RTT), failure, and connection threshold violations via SNMP Traps.
Cisco IOS IP Service Level Agreement (IP SLA) is a capability embedded in Cisco IOS Software. IP SLAs allow Cisco customers to understand IP service levels, increase productivity, lower operational costs, and reduce the frequency of network outages. IP SLA utilizes active monitoring of network performance and can be used for network troubleshooting, network assessment and health monitoring. The feature reduces MPLS network trouble shooting time and allows proactive monitoring of MPLS network performance. IP SLAs Pseudo Wire (PWE) Health Monitor automatically tests connectivity for PWE between MPLS network edges. Threshold violations and scalable operation scheduling are also available.
Multicast VPN Extranet allows VPN closed user groups to share information and common multicast information to be distributed across multiple VPN customers.
An extranet can be viewed as part of a company's intranet that is extended to users outside the company. Extranet is a VPN connecting the corporate site or sites to external business partners or suppliers, to securely share part of the information of a business or operations among them. MPLS VPNs inherently provide security, ensuring that users access only appropriate information. The MPLS VPN Extranet service offers users unicast connectivity without comprising the integrity of their corporate data. Multicast VPN Extranet extends this service offering to include multicast connectivity to the extranet community of interest. It allows Service Providers to offer the next generation of flexible extranet services, helping to enable business partnerships between different Enterprises.
The MPLS LDP MD5 Global Configuration feature provides a configuration enhancement for enabling MD5-based session authentication of LDP sessions, which helps prevent unauthorized LDP peer applications from establishing LDP sessions with the local LDP process and also helps to block spoofed TCP messages.
Any Transport over MPLS (AToM) Tunnel Selection allows you to specify the path that AToM traffic uses.
AToM Tunnel Selection was first introduced to Release 12.2SR in Release 12.2(33)SRA for the Cisco 7600 Series Routers, and is further highlighted later in this document. For more detailed information on AToM Tunnel Selection in Release 12.2(33)SRA, please visit: http://www.cisco.com/en/US/products/ps6922/products_feature_guide09186a008067cf79.html
Multi-Topology Routing
Multi-Topology Routing (MTR) is a new and exciting technology that extends the capabilities of Cisco routing technologies. Multi-Topology Routing adds a service differentiation dimension to traditional destination based routing. In other words, different classes of services can follow different paths across the network.
The MPLS VPN carrier class feature portfolio is further enriched with MPLS VPN PE-CE link protection. Upon PE-CE link failure, VPN end-to-end convergence can be improved with an egress PE (Point of Local Repair) switching VPN traffic to an alternative egress PE before the control plane has converged.
Cisco Intelligent Services Gateway Session Control High Availability (SSO/EFSU)
Cisco IOS Software Release 12.2(33)SRC delivers Cisco IOS High Availability features with sub-second switchover during periods of hardware or software failure for Cisco Intelligent Services Gateway (ISG) PPP Sessions, IP Sessions or IP interface sessions on Cisco 7600 Series Routers.
Cisco ISG Session Control Stateful Switchover (SSO) enhancements extend Cisco SSO technologies to include PPPoEoX Sessions, IP Sessions, IOS Policy Manager and DHCP. With these enhancements, seamless route processor switchover is provided for dynamic session services available on a deployed Cisco ISG/BRAS. Cisco SSO protects from hardware or software faults on an active route processor by synchronizing session state information, including session initiator type, DHCP information, and Radius Change of Authorization (CoA) messages, with a standby router processor.
Release 12.2(33)SRC also delivers Cisco ISG Session Control Enhanced Fast Software Upgrade (ISSU/EFSU). Cisco IOS ISSU is the industry's first, true, in-service upgrade solution for the Broadband edge, mitigating network downtime due to upgrading or downgrading Cisco IOS Software images on Cisco 7600 Series Routers with redundant supervisor engines. Based on Nonstop Forwarding/Stateful Switchover (NSF/SSO), Cisco 7600 Series Routers implement Enhanced Fast Software Upgrade (eFSU), which allows users to upgrade or downgrade complete Cisco IOS Software images with only a short system outage. EFSU enables rapid software upgrades for new line cards, new power supplies, new features, or software fixes.
Currently, only session based-services are protected by SSO and EFSU. Services which apply to flow-based traffic classification (traffic classes) will have high availability services added to them in an upcoming release.
Benefits
Cisco ISG Session Control High Availability enhancements provide a route-processor protection solution with the following benefits:
• Provides automatic fault detection and seamless recovery - Allows for the persistence of PPP, Interface, or IP Sessions during an RP switchover scenario; the control plane recovers gracefully minimizing network churn.
• Reduces costs - Decreases network downtime expenses, including SLA penalties, lost revenue opportunities, user and administrative productivity costs, and emergency network expenditures
Cisco Intelligent Services Gateway Support for Cisco 7600 Series Routers
First introduced in Cisco IOS Software Release 12.2SB for Cisco 7200 Series Routers, the Cisco 7301 Router, and Cisco 10000 Series Routers, Release 12.2(33)SRC introduces Cisco Intelligent Services Gateway (ISG) support for Cisco 7600 Series Routers.
Cisco ISG is a Cisco IOS Software feature set that provides a structured framework in which edge access devices can deliver flexible and scalable services to subscribers. Because almost any IP device can be voice-, video-, or data-enabled, Service Providers are delivering many services to many screens over converged fixed and mobile networks. Today's consumers of data, voice and video (triple-play) services demand a unified, high-performance experience at home, at work, and on the move.
Cisco ISG controls subscriber access at the network edge to enable the provisioning and management of broadband networks for a broad range of access and edge technologies, subscriber numbers and service types, effectively linking subscriber service requests with distributed policy control to help ensure a high quality of experience for the emerging "Connected Life."
Cisco ISG provides advanced subscriber awareness, resource provisioning, and access control capabilities. Cisco ISG distributes service intelligence to the Internet Protocol (IP) network edge, which simplifies service creation and speeds delivery of advanced IP services over Cisco IP Next-Generation Networks (IP NGNs).
Cisco ISG handles the following key aspects of subscriber management:
• Subscriber identification
• Service and policy determination
• Session policy enforcement
• Session life-cycle management
• Accounting for access and service usage
• Session state monitoring
Cisco ISG also provides a dynamic element to the provisioning and activation of services through control policies and Change of Authorization (CoA) extensions to the RADIUS protocol. This element allows for "zero-touch" provisioning of an individual subscriber experience, all without impacting service to the end-user.
A Cisco ISG-enabled device may be deployed at the access edge and service edge of a network and is applicable to a range of subscriber network environments, such as a Digital Subscriber Line (DSL), public wireless LAN (PWLAN), and mobile wireless. Moreover, Cisco ISG has been designed to accommodate a flexible distribution of subscriber and service information within a given solution. Figure 12 illustrates the range of deployment types for which service profile data for individual subscribers may be stored in an Authentication, Authorization, and Accounting (AAA) database and retrieved and cached on demand.
Figure 19. Cisco ISG Sample Topology
It is also possible to define services directly on a Cisco ISG-enabled device. In all cases, service activation may be triggered as a result of a locally defined control policy, user profile associations, or CoA commands from an external policy server or portal application.
Benefits
• Advanced Subscriber Management - Cisco ISG allows for numerous methods of identifying subscribers with the concept of the multi-dimensional id.
• Broad Range of Ingress and Egress Methods - Cisco ISG allows a wide range of Layer 2 and Layer 3 access methods to be utilized.
• Advanced Policy and User LifeCycle Management - Manage users or allow users to manage themselves. With CoA, user sessions can be managed dynamically in real time in ways never before possible.
Hardware
Routers
• Cisco 7200 Series Routers, Cisco 7301 Router, Cisco 7600 Series Routers
Cisco ISG: Service Control Engine (SCE) Common Control Bus
Cisco ISG in Cisco IOS Software and the Service Control Engine (SCE) are critical components of the Cisco NGN SP network. Cisco ISG is becoming the primary mechanism for PPP and IP Session by which subscribers are authenticated and administered into a broadband network of any type. The scaleable, high performance deep-packet-inspection capabilities of SCE make it the platform of choice for the delivery of granular application-based services. Together, they provide an ideal toolset to implement high-touch broadband services.
The ISG-SCE common control bus project provides a mechanism by which Cisco ISG and SCE can communicate to co-manage subscriber sessions, without requiring coordination and orchestration by additional components (namely a policy-server or AAA server). The primary benefit that emerges is the simplification of the design and implementation of these platforms into an operational network. This reduces the dependency on third party components and reduces overall solution cost. (See Figure 20.)
This new, tighter integration between these two Cisco products, with Cisco ISG providing subscriber management and Layer 1-4 policies, and SCE providing Layer 5 through 7 deep packet inspection capabilities, open up numerous possible use cases including:
• Parental Control - Limit access to restricted websites for a specific user; limit access to specific applications for specific users at specific times of day
• Value Added Premium Packages - Offer differential services based on specific application traffic for a specific user
• Application Boost - Boost the bandwidth of a specific application
• Limit Resources for Basic Subscribers - In tiered services models, the basic level of service could have specific limits placed on specific users
Figure 20. Cisco ISG and SCE Integration
Benefits
• Simplified Architecture - Only one interface needs to be utilized to control both ISG and SCE
• Advanced Per-User Per-Application Services - By utilizing the best of both ISG and SCE products, new use cases can be created
Hardware
Routers
• Cisco 7200 Series Routers, Cisco 7301 Router, Cisco 7600 Series Routers
Within ISG Sessions, full Modular QoS CLI (MQC) support was previously only available for dynamic PPP Sessions. With the inclusion of MQC support for IP Sessions in Cisco IOS Software Release 12.2(33)SRC, full MQC support is now available for setting QoS shapers and policers on IP Sessions, IP Subnet Sessions, and IP Interface Sessions.
MQC is a Command-Line Interface (CLI) structure that allows users to create traffic polices and attach these polices to interfaces. A traffic policy contains a traffic class and one or more QoS features. A traffic class is used to classify traffic, while the QoS features in the traffic policy determine how to treat the classified traffic.
Benefits
ISG Session Control High Availability enhancements provide a route-processor protection solution with the following benefits:
• Common Configuration - The same configuration used to define QoS characteristics for other WAN interfaces now applies to IP Sessions
• Flexible Services - Increased flexibility in defining QoS behavior for IP Sessions beyond simple rate policing.
Hardware
Routers
• Cisco 7200 Series Routers, Cisco 7301 Router, Cisco 7600 Series Routers
IP Session Keepalives provides end-to-end keepalive support for IP and IP interface sessions, similar to the functionality supplied by PPP keepalives for PPP sessions. (See Figure 14.) This determines if an individual customer premises end-device (PC, set top box, CPE, etc.) is still connected to an aggregation network in an IP-only environment. Often in public and private networks, users may walk away with or power down their client devices without gracefully signing-off from the network. This can lead to a longer-lasting session context for the user in a Cisco ISG if the session doesn't periodically ensure user connectivity or existence.
Two types of keepalives are provided by this functionality:
ARP Keepalives - ARP Keepalives are used in a network where the Cisco SG/BRAS is directly connected to the client host device without any Layer 3 device in the circuit. Cisco ISG will be able to reach the client device by Layer 2 ARP Ping. The primary advantages of using ARP ping are that ARP has a relatively low packet overhead and that firewalls usually don't block ARP Pings.
ICMP Keepalives - ICMP Keepalives are used in a network where the Cisco ISG/BRAS is not directly connected to the client host device or if there are any Layer 3 devices between the host and the Cisco ISG/BRAS. In a layer 3 path, only ICMP keepalives will be able to be used.
Session lifecycle management can also be controlled by idle-timers, absolute timers, or disconnect events, but IP Session keepalives allow the system to have greater control of when a user session should be disconnected.
When traffic has not been seen for the configured amount of time, the ICMP or ARP ping is sent directly to the end-device. If no response is received, the session is torn down, the resources are returned to the system, and an accounting stop record is sent to the AAA server.
Figure 21. IP Session Keepalives
Benefits
• Advanced Session Life Cycle Management - Cisco ISG can proactively disconnect sessions where the end-device is no longer present freeing up system resources.
• More Accurate Billing - By disconnecting sessions as soon as the end device is powered off or moved, more accurate usage information is obtained.
• Greater Security - Remove sessions as quickly as possible when no longer in use to reduce the chance of address spoofing.
Hardware
Routers
• Cisco 7200 Series Routers, Cisco 7301 Router, Cisco 7600 Series Routers
Broadband PPP Features for Cisco 7600 Series Routers
Cisco IOS Software Release 12.2(33)SRC equips Cisco 7600 Series Routers with a wide range of broadband Point-to-Point Protocol (PPP) features that extend broadband capabilities and enable a much wider range of network configurations and environments.
This broadband PPP feature set allows Service Providers to deploy next-generation policy and subscriber management for their PPPoE-based subscribers. Many Service Providers are looking to transition to IP-based access for their subscribers to reduce Service Provider costs while also benefiting from the easy management and provisioning of value-added services. As Service Providers make this transition they are faced with the challenge of supporting their legacy PPPoE-based subscribers.
The Broadband PPP feature set on Cisco 7600 Series Routers allows Service Providers to seamlessly deploy the routers to support their PPPoE-based subscribers while allowing them to benefit from other next generation features, such as PPPoE SSO/EFSU, which provides high availability for PPPoE sessions by preserving PPPoE sessions during a RP switchover. Without SSO/EFSU support, all PPPoE sessions are reset during a route processor switchover. PPPoE SSO support provides minimal interruption in Layer 2 connectivity.
Following PPP broadband features are supported on Cisco 7600 Series Routers:
• The broadband PPP feature set allows Service Providers to offer next generation network features to their existing PPPoE subscribers. The feature set also allows a smooth transition of legacy PPPoE subscribers to IP based access.
• PPPoE SSO/EFSU enhancements allow minimal layer 2 interruption in a RP switchover scenario. The control plane recovers gracefully restoring PPPoE sessions as well as minimizing network churn. By preserving user sessions and minimizing packet loss, PPPoE SSO/EFSU reduces the impact of service outages on network users and delivers increased network uptime at the provider edge. PPPoE SSO/EFSU decreases downtime expenses, including SLA penalties, lost revenue opportunities, user and administrative productivity costs, and emergency network expenditures.
Authentication, Authorization and Accounting Enhancements
Cisco IOS Software Release 12.2(33)SRC enhances Cisco IOS Software Authentication, Authorization and Accounting (AAA) capabilities with following new features:
• Throttling of AAA Accounting Records
• Inclusion of RADIUS Attribute Accounting-Session-Id in Access Requests
Throttling of AAA Accounting Records
AAA Remote Authentication Dial-In User Service (RADIUS) protocol operates over User Datagram Protocol (UDP) transport layer and can not take advantage of a transport layer built-in flow control mechanism such as those available in Transmission Control Protocol (TCP).
The ever increasing demand for reduced capital spending has resulted in development of NAS/BRAS platforms with higher port/interface density and capability to efficiently generate high volume RADIUS load in a dynamic network environment. Ironically such improvement in scaling exacerbates the lack of flow control problem in RADIUS. The heavy RADIUS load from AAA client experiencing a changing network condition such as reload, may cause irrecoverable failure in the RADIUS server.
Throttling of AAA records helps to limit RADIUS load on RADIUS servers and its surrounding network by allowing the customers to configure a required throttling rate to reduce sudden bursts of RADIUS traffic on the RADIUS servers.
Inclusion of RADIUS Attribute Accounting-Session-Id in Access Requests
The Accounting Session ID is the only identifier provided by the RADIUS protocol that can relate authentication and accounting requests with absolute certainty.
The new commands introduced in this feature enables the sending of RADIUS attribute 44 (Accounting Session ID) in all RADIUS packets, not just in accounting packets sent after user authentication. This method of operation allows Service Providers to track all packets associated with a given subscriber session by the session ID. It also allows the policy servers at the Service Provider to use the CoA interface of Cisco ISG to dynamically manage a subscriber session using Accounting Session Id.
Benefits
Following are benefits of Throttling of AAA Accounting Records:
• Helps protect the health of RADIUS servers by avoiding sudden bursts of RADIUS traffic to the servers
• Avoids loss of critical accounting data at RADIUS servers by preventing sudden bursts of accounting records sent to the AAA server from NAS/BRAS
Following are benefits of Inclusion of RADIUS Attribute Accounting-Session-Id in Access Requests:
• Allows Service Providers to correlate various RADIUS records generated for a subscriber session through Accounting Session Id
• Allows Service Providers to extend their policy managers to use Accounting session id to dynamically manage subscriber sessions
Hardware
Routers
• Cisco 7200 Series Routers, Cisco 7301 Router, Cisco 7600 Series Routers
Tunnel-Based Admission Control Support for Cisco 7600 Series Routers
MPLS TE Tunnel-Based Admission Control (TBAC) enables classic Resource Reservation Protocol (RSVP) unicast flows traveling across a Multiprotocol Label Switching-Traffic Engineering (MPLS-TE) core to be aggregated over an MPLS TE tunnel. TBAC aggregates traffic from multiple, classic RSVP sessions across different forms of tunneling technologies that include MPLS TE tunnels, which act as aggregate reservations in the core.
Benefits
To understand the benefits of TBAC, you should be familiar with how Call Admission Control (CAC) works for RSVP and QoS. TBAC benefits include the following:
• Cost Effective - Real-time traffic is very sensitive to loss and delay. CAC avoids QoS degradation for real-time traffic because CAC ensures that the accepted load always matches the current network capacity. As a result, you do not have to overprovision the network to compensate for absolute worst peak traffic or for reduced capacity in case of failure.
• Highly Accurate - CAC uses RSVP signaling, which follows the exact same path as the real-time flow, and routers make a CAC decision at every hop. This ensures that the CAC decision is very accurate and dynamically adjusts to the current conditions such as a reroute or an additional link. Also, RSVP provides an explicit CAC response (admitted or rejected) to the application, so that the application can react appropriately and fast; for example, sending a busy signal for a voice call, rerouting the voice call on an alternate VoIP route, or displaying a message for video on demand.
• Combining RSVP and MPLS TE - TBAC allows you to combine the benefits of RSVP with those of MPLS TE. Specifically, you can use MPLS TE inside the network to ensure that the transported traffic can take advantage of Fast Reroute protection (50 millisecond restoration), Constraint Based Routing (CBR), and aggregate bandwidth reservation.
• Seamless Deployment - TBAC allows you to deploy IPv4 RSVP without any impact on the MPLS part of the network because IPv4 RSVP is effectively tunneled inside MPLS TE tunnels that operate unchanged as per regular RSVP TE. No upgrade or additional protocol is needed in the MPLS core.
• Enhanced Scaling Capability - TBAC aggregates multiple IPv4 RSVP reservations ingressing from the same MPLS TE head-end router into a single MPLS TE tunnel and egressing from the same MPLS TE tail-end router.
Along with Per-Session QoS, Per-User QoS is a key QoS enhancement in Cisco IOS Software Release 12.2(33)SRC for Broadband Aggregation.
Per-User QoS provides the ability to apply QoS features (such as traffic classification, shaping, queuing, and policing) on a per-user basis. Per-User QoS can be configured using either a virtual template or a RADIUS server.
Policy Maps and QoS Features
A policy map specifies the QoS feature to be applied to network traffic. Examples of QoS features that can be specified in a policy map include traffic classification, shaping, queuing, and policing, among others. Each QoS feature is configured using the appropriate QoS commands. A RADIUS server is then used to "push" the information in the policy map between the nodes of the network topology.
Per-User Traffic Shaping
Traffic shaping allows you to control the traffic going out an interface in order to match its flow to the speed of the remote target interface. Traffic shaping ensures that the traffic conforms to policies contracted for it. Thus, traffic adhering to a particular profile can be shaped to meet downstream requirements, eliminating bottlenecks in topologies with data-rate mismatches.
Per-User Queuing
The queuing mechanism, Weighted Fair Queuing (WFQ), offers dynamic, fair queuing that divides bandwidth across queues of traffic based on weights. WFQ ensures that all traffic is treated fairly, given its weight. Class-Based WFQ (CBWFQ) extends the standard WFQ functionality to provide support for user-defined traffic classes. For CBWFQ, you define traffic classes based on match criteria including protocols, Access Control Lists (ACLs), and input interfaces. Packets satisfying the match criteria for a class constitute the traffic for that class. A FIFO queue is reserved for each class, and traffic belonging to a class is directed to the queue for that class.
Two Methods for Configuring Per-User QoS
When you configure Per-User QoS, you can choose one of the following configuration methods:
• Configure the feature using a virtual template - This method is considered a "legacy" method. It is of earlier origin and is still an available option for those familiar with using virtual templates.
• Configure the feature using a RADIUS server - This method takes advantage of more recent technology and is the recommended method.
Benefits
The ability to apply QoS features on a per-user basis helps Internet Service Providers (ISPs) to adhere to the Service Level Agreement (SLA) established for handling traffic. Applying QoS on a per-user basis provides a higher degree of granularity when managing traffic in the network.
Along with Per-User QoS, Per-Session QoS is a key QoS enhancement in Cisco IOS Software Release 12.2(33)SRC for Broadband Aggregation.
Per-Session QoS provides the ability to apply QoS features (such as traffic classification, shaping, queuing, and policing) on a per-session basis. The Per-Session QoS feature can be configured using either a virtual template or a RADIUS server.
Policy Maps and QoS Features
A policy map specifies the QoS feature to be applied to network traffic. Examples of QoS features that can be specified in a policy map include traffic classification, shaping, queuing, and policing, among others. Each QoS feature is configured using the appropriate QoS commands. A RADIUS server is then used to "push" the information in the policy map between the nodes of the network topology.
Per-Session Traffic Shaping
Traffic shaping allows you to control the traffic going out an interface in order to match its flow to the speed of the remote target interface. Traffic shaping ensures that the traffic conforms to policies contracted for it. Thus, traffic adhering to a particular profile can be shaped to meet downstream requirements, eliminating bottlenecks in topologies with data-rate mismatches.
Per-Session Queuing
The queuing mechanism, Weighted Fair Queuing (WFQ), offers dynamic, fair queuing that divides bandwidth across queues of traffic based on weights. WFQ ensures that all traffic is treated fairly, given its weight. Class-Based WFQ (CBWFQ) extends the standard WFQ functionality to provide support for user-defined traffic classes. For CBWFQ, you define traffic classes based on match criteria including protocols, Access Control Lists (ACLs), and input interfaces. Packets satisfying the match criteria for a class constitute the traffic for that class. A FIFO queue is reserved for each class, and traffic belonging to a class is directed to the queue for that class.
Two Methods for Configuring Per-Session QoS
When configuring Per-Session QoS, you can choose one of the following configuration methods:
• Configure the feature using a virtual template - This method is considered a "legacy" method. It is of earlier origin and is still an available option for those familiar with using virtual templates.
• Configure the feature using a RADIUS server - This method takes advantage of more recent technology and is the recommended method.
Benefits
The ability to apply QoS features on a per-session basis helps ISPs to adhere to the SLA established for handling traffic. Applying QoS on a per-session basis provides a higher degree of granularity when managing traffic on the network.
Per-Session Shaping and Queuing on LNS for Cisco 7600 Series Routers
Per-Session Shaping and Queuing on LNS supports traffic shaping and Class-Based WFQ (CBWFQ). With Per-Session Shaping and Queuing on LNS, traffic shaping and CBWFQ is implemented on a per-session basis (ie: when traffic arrives at the interface).
Traffic shaping allows you to control the traffic going out an interface in order to match its flow to the speed of the remote target interface. Traffic shaping ensures that the traffic conforms to policies contracted for it. Thus, traffic adhering to a particular profile can be shaped to meet downstream requirements, eliminating bottlenecks in topologies with data-rate mismatches.
WFQ offers dynamic, fair queuing that divides bandwidth across queues of traffic based on weights. WFQ ensures that all traffic is treated fairly, given its weight. CBWFQ extends the WFQ functionality to provide support for user-defined traffic classes. For CBWFQ, you define traffic classes based on match criteria including protocols, Access Control Lists (ACLs), and input interfaces. Packets satisfying the match criteria for a class constitute the traffic for that class. A FIFO queue is reserved for each class, and traffic belonging to a class is directed to the queue for that class.
Figure 22 shows a sample topology for per-session shaping and queuing on LNS. Downstream traffic is forwarded from the ISP (the source) to an ISP subscriber (the destination) during a PPP session. From an LNS at the ISP, the traffic is transmitted over an L2TP tunnel to an L2TP Access Concentrator (LAC), and then to the subscriber.
Figure 22. Per-Session Shaping and Queuing Sample Topology
Benefits
• The ability to shape or queue traffic on a per-session basis helps to avoid traffic congestion and allows the ISP to adhere to the SLA established for handling traffic.
• Shaping or queuing traffic on a per-session basis provides a higher degree of granularity when managing traffic on the network.
Traffic Shaping Overhead Accounting for ATM for Cisco 7600 Series Routers
The Modular QoS CLI (MQC) Traffic Shaping Overhead Accounting for ATM feature enables a Broadband Remote Access Server (BRAS) to account for various encapsulation types when applying QoS to packets.
Typically, in Ethernet Digital Subscriber Line (DSL) environments, the encapsulation from the router to the Digital Subscriber Line Access Multiplexer (DSLAM) is Gigabit Ethernet and the encapsulation from DSLAM to Customer-Premises Equipment (CPE) is ATM. ATM overhead accounting enables the router to account for ATM encapsulation on the subscriber line and for the overhead added by cell segmentation. This enables the Service Provider to prevent overruns at the subscriber line and ensures that the router executes QoS features on the actual bandwidth used by ATM packets.
Release 12.2(33)SRC supports the following subscriber line encapsulation types and traffic shaping overhead accounting on Cisco 7600 Series Routers:
Generic Routing Encapsulation (GRE) is a tunneling protocol developed by Cisco that can encapsulate a wide variety of protocol packet types inside IP tunnels, creating a virtual point-to-point link to Cisco routers at remote points over an IP Internetwork.
The QoS: Tunnel Marking for GRE Tunnels feature allows you to define and control QoS for incoming customer traffic on the PE router in a Service Provider network. The feature lets you set (mark) either the IP precedence value or the Differentiated Services Code Point (DSCP) in the header of a GRE tunneled packet.
GRE tunnel marking can be implemented by using a QoS marking command, such as set ip {dscp | precedence} [tunnel], and it can also be implemented in QoS traffic policing. This feature simplifies administrative overhead previously required to control customer bandwidth by allowing you to mark the GRE tunnel header on the incoming interface on the PE routers.
Figure 23 shows traffic being received from the CE1 router through the incoming interface on the PE1 router on which tunnel marking occurs. The traffic is encapsulated (tunneled) and the tunnel header is marked on the PE1 router. The marked packets travel (tunnel) through the core and are decapsulated automatically on the exit interface of the PE2 router. This feature is designed to simplify classifying Customer Edge (CE) traffic and is configured only in the Service Provider network. This process is transparent to the customer sites. The CE1 and CE2 routers simply exist as a single network.
Figure 23. Sample Tunnel Marking Topology
Benefits
• GRE tunnel marking provides a simple mechanism to control the bandwidth of customer GRE traffic.
• This feature is configured entirely within the Service Provider network and only on interfaces that carry incoming traffic on the PE routers.
• Generally used within the mVPN scenario to mark mGRE tunnels in addition to mark Tunnel LSP.
High Availability for Any Transport over MPLS (AToM): NSF with SSO; EFSU
Cisco IOS Software Release 12.2(33)SRC delivers High Availability (HA) functionality for Any Transport over MPLS (AToM) for Cisco 7600 Series Routers.
Any Transport over MPLS (AToM) Nonstop Forwarding (NSF) with Stateful Switchover (SSO) improves the availability of a network that uses AToM to provide Layer 2 VPN services. AToM NSF/SSO provides the ability to detect failures and handle them with minimal disruption to the service being provided. AToM NSF is achieved by Stateful Switchover (SSO) and Nonstop Forwarding (NSF) mechanisms. A standby Route Processor (RP) provides control-plane redundancy. The control plane state and data plane provisioning information for the Attachment Circuits (ACs) and AToM pseudowires (PWs) are checkpointed to the standby RP to provide NSF for AToM L2VPNs upon switchover from the primary RP.
Any Transport over MPLS (AToM) supports Enhanced Fast Software Upgrade (EFSU) to minimize downtime for software upgrades. Apply bug fixes and deploy new features and services through in-service upgrade of the complete Cisco IOS Software image. A subset of ISSU, EFSU helps to minimize outage time during a software upgrade by preloading new line card software images onto supported line cards.
Benefits
• NSF with SSO together for AToM provides the ability to detect failures and handle them with minimal disruption to the AToM service being provided. The following are the AToM services protected by AToM NSF with SSO:
– Ethernet over MPLS
– Frame Relay over MPLS
– ATM AAL5 over MPLS
– ATM Cell Relay over MPLS
– PPP over MPLS
– HDLC over MPLS
– TDM over MPLS
• AToM support for EFSU provides the ability to upgrade router software while the router continues to forward traffic. EFSU increases network availability and reduces the downtime required for software upgrades.
– Rapid deployment of new features/services as well as maintenance updates
– Reduces planned downtime and operational expenses
– Ability to streamline and minimize planned downtime windows
Hardware
Routers
• Supervisor Engines: Sup720 3B/3BXL, RSP720, and Sup32
AToM Tunnel Selection for Cisco 7200 Series Routers and the Cisco 7301 Router
First introduced to Release 12.2SR in Release 12.2(33)SRA for the Cisco 7600 Series Routers, Release 12.2(33)SRC adds support for Cisco 7200 Series Routers and the Cisco 7301 Router.
Any Transport over MPLS (AToM) Tunnel Selection allows you to specify the path that AToM traffic uses. You can specify either a Multiprotocol Label Switching (MPLS) traffic engineering tunnel or a destination IP address and Domain Name System (DNS) name. If the specified path is unreachable, you can specify that the Virtual Circuits (VCs) should use the default path, which is the path that MPLS Label Distribution Protocol (LDP) uses for signaling. The option of having a backup LDP path is enabled by default; you must explicitly disable it.
Benefits
AToM Tunnel Selection allows you to specify the path that Any Transport over MPLS (AToM) traffic uses.
MPLS Pseudowire (PW) Status Signaling supports Provider Edge router (PE) signaling using LDP PW Status TLV (type-length-value) to indicate PW status to remote PE peers.
Benefits
Supports Signaling of Pseudowire Status per RFC 4447 Pseudowire Setup and Maintenance Using the Label Distribution Protocol (LDP).
A pseudowire label mapping message can be signaled as soon as the pseudowire is administratively enabled to setup the pseudowire, irrespective of what the pseudowire status is. Further, a pseudowire status can be signaled using a status message without the need to withdraw the pseudowire label mapping message.
Per Subinterface MTU for Ethernet over MPLS (EoMPLS)
Per Subinterface MTU for Ethernet over MPLS (EoMPLS) provides a submode configuration Command-Line Interface (CLI) that allows per-subinterface setting of the MTU in xconnect configuration mode.
On Gigabit Ethernet (GE) interfaces the Maximum Transmission Unit (MTU) is inherited by the subinterfaces. Typically this MTU is 1500, which works well for customer-facing Ethernet connections. However, a Service Provider may want a different, typically larger, MTU for core-facing subinterfaces. Using this option, a Service Provider can configure the MTU on subinterfaces as desired.
Benefits
The submode configuration CLI option allows Service Providers to configure MTU values as required for different purposes, as in the following examples.
• Allows a Service Provider to use a subinterface default MTU of 1500 for customer-facing Ethernet subinterfaces and to configure an MTU of 2000 for core-facing subinterfaces.
• Allows a Service Provider to use a subinterface default MTU of 1500 for customer-facing VLAN subinterfaces and to configure a jumbo, 4470 or larger, MTU for core-facing subinterfaces.
High Availability for Virtual Private LAN Service (VPLS): NSF with SSO; EFSU
Cisco IOS Software Release 12.2(33)SRC delivers High Availability (HA) functionality for Cisco Virtual Private LAN Service (VPLS) for Cisco 7600 Series Routers.
High availability for Cisco VPLS is provided by Cisco Nonstop Forwarding (NSF) with Stateful Switchover (SSO). Cisco VPLS supports Enhanced Fast Software Upgrade (EFSU) to minimize downtime for software upgrades. Apply bug fixes and deploy new features and services through in-service upgrade of the complete Cisco IOS Software image. A subset of ISSU, EFSU helps to minimize outage time during a software upgrade by preloading new line card software images onto supported line cards.
Benefits
• Cisco VPLS NSF/SSO builds on AToM NSF/SSO for Ethernet over MPLS (EoMPLS) and improves the availability of a VPLS network. As with AToM NSF/SSO, VPLS NSF/SSO provides the ability to detect failures and handle them with minimal disruption to the service being provided. VPLS NSF is achieved by Cisco SSO and NSF mechanisms.
• VPLS support for EFSU provides the ability to upgrade router software while the router continues to forward traffic. EFSU increases network availability and reduces the downtime required for software upgrades.
– Rapid deployment of new features/services as well as maintenance updates
– Reduces planned downtime and operational expenses
– Ability to streamline and minimize planned downtime windows
Hardware
Routers
• Supervisor Engines: Sup720 3B/3BXL, RSP720, and Sup32
Hierarchical VPLS (H-VPLS) N-PE redundancy allows a User-facing Provider Edge routers/switches (U-PEs) to be dual-homed to their respective Network-facing Provider Edge router/switch (N-PE) in a loop-free topology with QinQ or MPLS as the access/aggregation domain. Upon PW failure detection by a U-PE, PW Redundancy selects the backup N-PE, and then a MAC address withdrawal message is sent by the U-PE to the N-PE2 backup.
Benefits
• Provides higher availability for VPLS networks by providing backup connectivity to an alternate N-PE with a failover mechanism for the U-PEs attached as spokes to an N-PE hub in a Hierarchical VPLS topology, thereby eliminating the N-PE as a single point of failure.
• MAC address withdrawal improves recovery from an N-PE failure by signaling for removal of now-stale MAC addresses in affected VPLS Virtual Forwarding Instances (VFIs), stopping switching of traffic onto the broken path.
In a Hierarchical VPLS (H-VPLS) topology using Network-facing Provider Edge router/switch (N-PE) Redundancy, when a User-facing Provider Edge routers/switches (U-PEs) detects loss of Pseudowire (PW) connectivity to its active N-PE and the backup PW on the U-PE moves out of the hot-standby state to the established state, the VPLS MAC Address Withdrawal mechanism sends LDP-based MAC Withdrawal messages to the N-PE and to the VPLS Virtual Forwarding Instance (VFI).
Benefits
• VPLS MAC Address Withdrawal improves recovery from an N-PE failure by signaling for removal of now-stale MAC addresses in affected VPLS VFIs, stopping switching of traffic onto the broken path.
• VPLS MAC Address Withdrawal supports VPLS N-PE Redundancy for either QinQ or MPLS Access.
Circuit Emulation over Packet Switched Networks (CEoPs) allows customers to provide Time Division Multiplexing (TDM) circuit service over a packet switched network. TDM Local Switching enables TDM circuit emulation between two interfaces of the same type or between interfaces of different types on the same router. Figure 24 shows a sample topology.
Figure 24. TDM Local Switching Sample Topology
Both CEs are connected to the PE through channelized T1 controllers acting as serial interfaces, so that IP addresses can be configured on the serial interfaces.
Benefits
• TDM Local Switching enables connection of TDM circuits among Customer Edge (CE) devices attached to the same Provider Edge (PE) router.
• The PE interfaces can be on the same line card or on two different line cards.
Hardware
Routers
• Cisco 7600 Series Routers with CEoP SPA and SIP-400
Supports ATM attachment circuits (ACs) for L2VPN PW Redundancy.
Benefits
The L2VPN Pseudowire Redundancy feature enables you to set up your network to detect a failure in the network and reroute the L2 service - in this case ATM service - to another endpoint that can continue to provide service.
Hardware
Routers
• Cisco 7600 Series Routers with CEoP SPA and SIP-400
Cisco IOS MPLS Traffic Engineering (TE) offers standards-based feature capabilities for MPLS traffic management, including explicit path configuration and protection, via signaling of TE/Resource Reservation Protocol (RSVP) Tunnels. In addition to RFC-compliant TE/RSVP signaling procedures, Cisco MPLS TE also offers a number of value-added feature capabilities, which enable improved configuration and usability of MPLS TE functionality, such as coexistence support with theCisco High Availability (HA) feature set, including NSF with SSO and EFSU.
Cisco IOS Software Release 12.2(33)SRC includes the following new MPLS TE feature enhancements:
• MPLS TE - BFD-triggered TE Fast Re-Route (FRR)
• MPLS TE - Path Protection (Including NSF/SSO and EFSU Support)
• MPLS TE Support for Bundle Interfaces
BFD-triggered TE Fast Re-Route (FRR)
Bidirectional Forwarding Detection (BFD) is introduced as a new link failure detection mechanism for MPLS TE to trigger switchover to a TE backup path. (See Figure 25.) BFD, as a generalized Hello protocol, offers a standards-based and interoperable link failure detection solution, which now can be leveraged for MPL TE Fast Re-Route (FRR). BFD can offer failure detection times of approximately 150ms (platform dependent) and complement existing link failure detection mechanisms currently already supported for MPLS TE FRR:
• LOS signal detection (on POS links only)
• Fast RSVP Hellos
Figure 25. BFD-triggered TE FRR
MPLS TE - Path Protection (Including NSF/SSO and EFSU Support)
In addition to MPLS TE node and link protection, TE Path Protection offers additional protection capabilities for MPLS network connectivity established through TE/RSVP. TE Path Protection offers an end-to-end failure recovery mechanism for MPLS TE tunnels. In addition to the primary TE tunnel (protected tunnel), one or more backup paths (TE tunnels) are established by MPLS TE. When a failure is detected on the protected TE tunnel by the head-end, traffic is redirected to one of the standby/backup tunnels to temporarily carry the tunnel's traffic.
Path Protection can be used with a single area (OSPF or IS-IS), inter-area (OSPF or IS-IS), or Inter-AS (BGP, EBGP, and static) and offers full MPLS HA supports, including NSF/SSO and EFSU.
MPLS TE Support for Bundle Interfaces
MPLS TE, including TE FRR, now provides support for bundle interfaces, including Etherchannel and MLPPP interfaces, on Cisco 7600 Series Routers. Table 3 lists a detailed feature support matrix.
Table 4. MPLS TE Support for Bundle Interfaces Support Matrix
TE FRR Trigger Mechanism
Cisco 7600 Bundle Interface Types
Ether Channel Interface
MLPPP Interface
POS Bundle Interface1
Minimum links as TE FRR trigger
Supported
Supported
No Support
BFD as TE FRR trigger
No Support
No Support
No Support
Percentage bandwidth as TE FRR trigger
No Support
No Support
No Support
RSVP Fast Hello as TE FRR trigger
Supported
Supported
No Support
Notes:
1. POS Bundle interfaces not supported on Cisco 7600 platform in Cisco 7600-2/Cobra release.
Benefits
Following are key benefits of the new MPLS TE feature enhancements:
• BFD-triggered TE Fast Re-Route (FRR) - Offers a standards-based and interoperable, vendor independent, link failure detection mechanism for MPLS TE Fast Re-Route (FRR).
• MPLS TE Path Protection (including NSF/SSO and EFSU Support) - Offers enhanced MPLS traffic protection via end-to-end failure recovery capabilities of MPLS TE tunnels.
• MPLS TE Support for Bundle Interfaces - Offers traffic protection capabilities of bundle interface configurations.
Cisco IOS MPLS LDP offers standards-based feature capabilities for MPLS label information signaling between MPLS-enabled routers. In addition to RFC3036-compliant MPLS signaling, Cisco MPLS LDP also offers a number of value-added feature capabilities, which enable improved configuration and usability of MPLS LDP functionality. MPLS LDP feature capabilities are focused on MPLS LDP Command-Line Interface (CLI) configuration enhancements, enhanced security, and coexistence support with the Cisco High Availability (HA) feature set, including Cisco NSF with SSO and ISSU/EFSU.
Cisco IOS Software Release 12.2(33)SRC includes the following new MPLS LDP feature enhancements:
The MPLS LDP MD5 Global Configuration feature provides a configuration enhancement for enabling MD5-based session authentication of LDP sessions, which helps prevent unauthorized LDP peer applications from establishing LDP sessions with the local LDP process and also helps to block spoofed TCP messages. This feature enables configuration of LDP MD5 support globally (ie: for all LDP-enabled interfaces on a MPLS-enabled router) instead of on a per-LDP peer basis. In addition, MD5 session authentication can be enabled for a selective set of LDP sessions via access-control lists.
New LDP feature enhancements are introduced, which enable dynamic change and configuration of MD5 keys for LDP session authentication. (See Figure 26.) Through a configurable MD5 keychain, multiple MD5 authentication keys with specific activation intervals can be configured for a given LDP session. The new LDP enhancements complement existing MD5 LDP session authentication capabilities, which only enabled configuration of one single MD5 key per LDP session.
LDP allocates a local label for every route learned from its Interior Gateway Protocol (IGP). In the absence of any inbound and outbound label filtering, these local labels are stored and advertised to remote LDP peers. The number of labels allocated in LDP and the number of advertisements is proportional to the number of routes learned from the IGP; the number of routes is proportional to the number of peers. During LDP session establishment, LDP may be notified of a large number of routes in succession.
New LDP CLI commands are introduced to control allocation of local MPLS labels and exchange of label mappings with remote nodes via use of prefix lists. The amount of memory used and the number of label binding advertisements by LDP can be reduced via enabling these local label allocation filtering rules, which improves convergence time for LDP.
Benefits
Following are key benefits of the new MPLS LDP feature enhancements:
• MPLS LDP - Lossless MD5 LDP Session Authentication - No need to tear down LDP session to activate new MD5 key for LDP session authentication. Configurable key chain enables flexible scheduling of multiple MD5 keys to be used for LDP session authentication.
• MPLS LDP - Local Label Allocation Filtering - Enhanced LDP local label filtering capabilities, which reduce memory used by LDP for maintaining its Label Information Base (LIB) and improve LDP convergence (exchange of LDP label information between MPLS-enabled nodes).
Hardware
Routers
• Cisco 7200 Series Routers, Cisco 7301 Router, Cisco 7600 Series Routers
Cisco IOS MPLS embedded management offers standards-based management capabilities for IP/MPLS networks. The Cisco industry leading MPLS management feature portfolio offers network operators detailed MPLS resource monitoring and MPLS connectivity troubleshooting capabilities, which include MPLS-specific SNMP MIBs, MPLS OAM, and MPLS-enabled NetFlow features.
Cisco IOS Software Release 12.2(33)SRC includes new MPLS VPN MIB enhancements that complete Cisco support for RFC-compliant MPLS embedded management capabilities. The MPLS embedded management feature portfolio includes the following feature capabilities:
MPLS MIBs
• MPLS LSR MIB - RFC3813
• MPLS LDP MIB - RFC3815
• MPLS TE MIB - IETF draft version 05
• MPLS VPN MIB - RFC4382
MPLS OAM
• MPLS LSP Ping/Trace for MPLS core (LDP IPv4 and RSVP IPv4 FEC support) - RFC4379
• IP SLA automation for MPLS LSP Ping/Trace
• MPLS LSP Ping for L2VPNs (via VCCV) - RFC4379
• MPLS Multi-path (ECMP) Tree Trace - RFC4379
• IP SLA automation for MPLS Multi-path (ECMP) Tree Trace
MPLS Netflow
• MPLS-aware NetFlow
• MPLS Prefix Application Label (PAL)
MPLS-L3VPN-MIB Updates
Within Cisco IOS Software Release 12.2(33)SRC, with the upgrade from IETF draft version 05 to RFC4382, various changes have been made to the MPLS-L3VPN-STD-MIB modules, which are summarized in Table 4.
The embedded management capabilities for MPLS can be used in various usage scenarios ranging from manual CLI-based trouble shooting to fully automated trouble shooting systems. (See Figure 27.) In addition to MPLS MIB, OAM, and NetFlow features, Cisco also offers complementary management tools, which can be integrated with the embedded MPLS management capabilities.
• Auto IP SLA - Automatic execution of MPLS OAM probes.
Depending on the level of automation and integration needed, an operator may decide to only leverage MPLS OAM capabilities manually through CLI access or to leverage the Cisco Auto IP SLA and MDE solution to deploy a fully automated MPLS management system architecture.
Benefits
Following are key benefits of the MPLS embedded management solution:
• Enables enhanced MPLS resource monitoring - MPLS MIB modules provide standard SNMP access to a wide variety of MPLS-specific resources supported on Label Switched Routers (LSR), including MPLS label forwarding and LDP session information. Existing SNMP-based management applications can be configured to retrieve and collect MPLS-specific management information via the new MPLS MIB modules.
• Increases operational efficiency - MPLS OAM tools, such as LSP Ping and LSP Trace, enable fast detection and isolation of complex MPLS connectivity problems, which improves trouble resolution time and will help reduce network downtime.
• Provides a comprehensive solution for addressing MPLS network and service availability - Cisco's MPLS embedded management capabilities, together with Cisco Auto IP SLA automation and automated trouble resolution capabilities via the Cisco MPLS Diagnostics Expert (MDE), provide a comprehensive end-to-end solution for MPLS network monitoring and trouble resolution.
Hardware
Routers
• Cisco 7200 Series Routers, Cisco 7301 Router, Cisco 7600 Series Routers
Stephen Speirs (sspeirs@cisco.com), Cisco MPLS Diagnostics Expert (MDE)
Cisco IOS MPLS Layer 3 VPN Enhancements
Cisco IOS Multiprotocol Label Switching Virtual Private Network (MPLS VPN), also known as Layer 3 MPLS VPN, provides efficient and standard-based virtual routing and forwarding using MPLS and multi-protocol BGP. In addition to IETF standard compliance, Cisco MPLS VPN also offers a number of value-added feature and carrier-grade capabilities such as High Availability including "Enhanced Fast Software Upgrade," expanded management tools, and advanced inter-provider feature set.
Cisco IOS Software Release 12.2(33)SRC includes the following new Layer 3 MPLS VPN feature enhancements:
• MPLS VPN - Inter-AS option AB
• MPLS VPN - Half Duplex VRF (HDVRF)
• MPLS VPN - PE-CE Link Protection
Benefits
• MPLS VPN Inter-AS option AB Inter-provider Services - Provides an improved inter-as peering solution that retains the benefit of inter-as option A forwarding plane with per VRF IP forwarding and IP QoS on inter-as link. The solution, requiring a single BGP session between peering ASBR, represents a significant control plane scalability improvement when compared with option A peering solution. As an additional enhancement, CSC can be provisioned per VRF.
• MPLS VPN Half Duplex VRF - Provides a scalable mechanism to deploy VPN in "Hub & Spoke" topology under which all spoke traffic must traverse to a central location. It allows MPLS Service Providers to provide wholesale transport service for "hub & spoke" type of Internet access to ISP. The feature imposes no restriction on PE-CE protocol selection as well as subscriber's distribution on PEs and VRFs.
• MPLS VPN PE-CE Link Protection - The MPLS VPN carrier class feature portfolio is further enriched with MPLS VPN PE-CE link protection. Upon PE-CE link failure, VPN end-to-end convergence can be improved with an egress PE (Point of Local Repair) switching VPN traffic to an alternative egress PE before the control plane has converged.
This feature gives the ability for a router to stop acting as a member of an HSRP group, based on a tracked object state, without decommissioning the router.
Benefits
This allows for automatically disabling an entire HSRP group when a condition is met, hence avoiding sending a packet to a gateway when not needed.
Hardware
Routers
• Supervisor Engines: Sup720 3B/3BXL, RSP720, and Sup32
VRRP Stateful Switchover/Enhanced Fast Software Upgrade
The Stateful Switchover (SSO)-Aware Virtual Router Redundancy Protocol (VRRP) feature enables the Cisco IOS VRRP subsystem software to detect that a standby Route Processor (RP) is installed and the system is configured in SSO redundancy mode. Further, if the active RP fails, no change occurs to the VRRP group itself and traffic continues to be forwarded through the current active gateway router.
Prior to this feature, when the primary RP failed on the active VRRP router, it would stop participating in the VRRP group and trigger another router in the group to take over as the active VRRP router.
The SSO-Aware VRRP feature is required to preserve the forwarding path for traffic destined to VRRP virtual IP through a RP switchover.
Configuring SSO on the edge router enables the traffic on the Ethernet links to continue during an RP failover without the Ethernet traffic switching over to another VRRP router.
With this feature, VRRP SSO information is synchronized to the standby RP, allowing traffic that is sent using the VRRP virtual IP address to be continuously forwarded during a switchover without a loss of data or a path change.
VRRP supports EFSU, so upgrading from one Cisco IOS Software version to another happens seamlessly in a router with two RPs.
Benefits
The addition of SSO to the VRRP redundancy scheme provides unparallel gateway high availability.
Hardware
Routers
• Supervisor Engines: Sup720 3B/3BXL, RSP720, and Sup32
The DHCPv4 server is enhanced to offer better manageability in large scale scenarios. Cisco IOS Software Release 12.2(33)SRC includes the following new DHCPv4 server management enhancements:
• DHCPv4 Server MIB
• DHCP Server Per interface lease limit
• DHCP Server Per interface statistics
Benefits
Larger scale DHCPv4 server deployment is easier to manage.
Hardware
Routers
• Supervisor Engines: Sup720 3B/3BXL, RSP720, and Sup32
Cisco IOS Software Release 12.2(33)SRC includes DHCPv6 Relay enhancements to support a stateless relay - remote Id and Interface Id options are supported. DHCPv6 Relay now works in conjunction with Prefix Delegation and adds or removes corresponding routes in the relay agent routing table. (See Figure 28.)
Figure 27. DHCPv6 Option Handling at the Relay Agent
Benefits
DHCPv6 Prefix Delegation is now fully deployable when a relay is involved with route maintenance and relay options to enable prefix selection at the server side (remote Id) and proper message forwarding at the relay side (interface Id).
Hardware
Routers
• Supervisor Engines: Sup720 3B/3BXL, RSP720, and Sup32
Cisco IOS Software supports RFC 2011 (IP MIB) and RFC2096 (FORWARDING MIB), which are proposed standards for IPv4 only. When IPv6 was first introduced in Cisco IOS Software, the Internet Engineering Task Force (IETF) had two variants of MIBs for IPv6. The first variant, referred as IPv6-only MIBs (RFC2465 [IP MIB] and RFC2466 [ICMP MIB]), were never implemented in Cisco IOS Software and have since been deprecated at the IETF. The second variant, referred to as draft-ietf-ipv6-rfc2011-update (IP MIB) and draft-ietf-ipv6-rfc2096-update (FORWARDING MIB), were version independent MIBs used to access information about both the IPv4 and IPv6 stack. The ID-00 of those MIBs was implemented in Cisco IOS Software as Cisco-IETF-IP-MIB and Cisco-IETF-IP-Forwarding-MIB but only for their IPv6 information.
Recently, the IETF published RFC 4292 (IP MIB) and RFC 4293 (IP Forwarding MIB), which are the official version for the updated MIBs. Cisco IOS Software Release 12.2(33)SRC provides an updated implementation of the updated IP and IP Forwarding MIBs for IPv6 that complies with RFC 4292 and RFC 4293.
Benefits
• IETF standard compliancy for IPv6 information
• Support for Interface Stats table
Standards
• RFC 4292, IP Forwarding Table MIB
• RFC 4293, Management Information Base for the Internet Protocol (IP)
Hardware
Routers
• Cisco 7600 Series Routers, Cisco 7200 Series Routers, Cisco 7301 Router
Bidirectional Forwarding Detection (BFD) is a detection protocol designed to provide fast forwarding path failure detection times for all media types, encapsulations, topologies, and routing protocols. This detection is typically accomplished through hardware detection mechanisms. However, not all of the hardware mechanisms have the capability to detect failures, for example Ethernet failures.
BFD also provides a consistent failure detection method for network administrators. Because the network administrator can use BFD to detect forwarding path failures at a uniform rate, rather than the variable rates for different routing protocol hello mechanisms, network profiling and planning is easier, and reconvergence time is consistent and predictable.
Initial support for BFD on the Cisco 7600 Series Routers was in Release 12.2(33)SRA. Release 12.2(33)SRB added support for BFD Version 1 and BFD Echo Mode. Release 12.2(33)SRC adds support for the Cisco 7200 Series Routers and the Cisco 7301 Router, and further enhances BFD by including the following new features:
• BFD Static Routes for Cisco 7600 Series Routers
• BFD VRF Aware Support for Cisco 7600 Series Routers, Cisco 7200 Series Routers, and Cisco 7301 Router
• BFD WAN Interfaces Support for Cisco 7600 Series Routers, Cisco 7200 Series Routers, and Cisco 7301 Router
• BFD SSO Phase 1 for Cisco 7600 Series Routers, Cisco 7200 Series Routers, and Cisco 7301 Router
In addition to the above new features, Release 12.2(33)SRC also provides support for more than 128 sessions of BFD with aggressive timers (Note: this feature is hardware dependent). As BFD is becoming the de-facto liveliness detection protocol, it is critical to be able to run concurrently a high number of BFD sessions on a single device.
BFD Static Routes for Cisco 7600 Series Routers
Static routes allow users to manually configure routing information for a prefix. This routing information points to an interface or a gateway in order to reach the specified prefix. The routing information is valid only when the interface or the gateway is reachable. If a static route is no longer valid, then any other alternate route that is learned via a dynamic routing protocol may be used to reach the prefix. It is important to delete the static route information if it is no longer valid quickly to achieve faster convergence.
Currently, static route information is updated only when the interface or the gateway goes down. Static routes with BFD allow faster detection of an interface or a gateway down, and thereby achieving faster convergence.
BFD VRF Aware Support for Cisco 7600 Series Routers, Cisco 7200 Series Routers, and Cisco 7301 Router
BFD VRF Aware Support extends BFD failure detection capability within a VRF context. With Cisco IOS Software Release 12.2(33)SRC, network operators can run BFD from a VRF based interface so that any failure in the forwarding path between PE and CE devices can be detected even though the physical link might still be up. The combination of BFD VRF support along with the different embedded OAM MPLS tools such as MPLS Ping and Traceroute give network operators a comprehensive end-to-end solution to address overall network reliability and enhance their L3VPN service availability.
BFD WAN Interfaces Support for Cisco 7600 Series Routers, Cisco 7200 Series Routers, and the Cisco 7301 Router
For failure detection on WAN interfaces, network operators usually rely on the physical layer (such as Loss of Signal (LOS) for POS interfaces). For IP traffic over WAN interfaces, situations exist where the next-hop is not reachable but the interface remains up and hence the lack of reachability in the forwarding path is not detected. BFD provides failure detection in the forwarding path.
BFD WAN Interfaces Support enables the use of BFD as fast failure detection in the forwarding path for interfaces such as: ATM, POS, and Frame Relay. Moreover, as part of the BFD WAN Interfaces Support feature, BFD support for VLAN interface (802.1q) is also available.
Deployment Example: Various Service Providers are launching ADSL2+ services aggregated on IP-DSLAMs and carried over Metro Ethernet networks towards the PE. The CPE is connected to the IP-DSLAM via ADSL2+ which is via ATM interfaces. BFD can provide a standard failure detection mechanism in this case for the ATM interfaces.
BFD WAN Interfaces Support in Release 12.2(33)SRC includes support for the following interface types:
• ATM interface with AAL5 MUX, AAL5 SNAP, AAL0 encapsulations
• ATM sub interface
• POS interface with HDLC and PPP Encapsulations
• POS sub interface
• Serial interface, Serial interfaces with FR Encapsulation
• Serial sub interface with FR Encapsulation
• VLAN interface (802.1q)
BFD SSO Phase 1 for Cisco 7600 Series Routers, Cisco 7200 Series Routers, and the Cisco 7301 Router
Stateful Switchover (SSO) is a key feature toward achieving a highly available and robust network. On a dual Route Processor (RP) configuration, such as on the Cisco 7600 Series Routers, SSO allows the standby RP to take immediate control and maintain connectivity protocols in case of failure of the primary RP.
Stateful Switchover (SSO) for Cisco 7600 Series Routers Phase I - implements the capability in case of planned switchover from the active RP to the standby RP. To avoid remote peers detecting a failure in the forwarding plane following the loss of BFD sessions, the BFD state is transitioned to AdminDown on both the local and remote peers. During planned RP switchovers, BFD sessions can be decommissioned by setting them to Admin Down state. The sessions can be brought back to UP state once the switchover is complete. This prevents the remote peers from informing its clients (ie: Routing) as BFD sessions have gone down.
Benefits
• BFD Static Routes
– Minimal impact on data forwarding - By converging static routes faster when an interface or a gateway goes down, the router forwards the traffic along the right path to the final destination quickly.
– Improved network reliability - By quickly converging and using the latest routing information, the impact on services is minimal.
• BFD VRF Aware Support - Offers the capability to improve convergence on the PE-CE link and ultimately improves overall layer3 VPN network reliability and availability.
• BFD WAN Interfaces Support - Extends BFD support to the most commonly used WAN interface type so that fast failure detection in the forwarding path (based on a single standard protocol) can be achieved and therefore increase overall network availability and reliability.
• BFD SSO Phase 1 (AdminDown capability) - Offers the capability during planned switchovers to suppress temporarily failure detections so that the higher level protocols still stay up. This capability allows aggressive BFD timers to be set.
Hardware
Routers
• BFD Static Routes: Cisco 7600 Series Routers
• BFD VRF Aware Support: Cisco 7600 Series Routers, Cisco 7200 Series Routers, Cisco 7301 Router
• BFD WAN Interfaces Support: Cisco 7600 Series Routers, Cisco 7200 Series Routers, Cisco 7301 Router
• BFD SSO Phase 1: Cisco 7600 Series Routers, Cisco 7200 Series Routers, Cisco 7301 Router
OSPF Graceful Shutdown feature allows network administrator to take out a router from the network gracefully without impacting data traffic. When a user issues an OSPF shutdown command, the router informs all its neighbors that it is going down by sending OSPF messages indicating that all links originating from the router are not useful for data forwarding. In addition, it also sends an empty hello message to bring down any adjacency relationships with neighbors. The router is reachable even after the graceful shutdown for troubleshooting or upgrading the software or hardware.
Benefits
• Enables software and hardware upgrades in a single route processor device - Users can gracefully shutdown the router from the network, and then upgrade software or hardware in the router as needed.
• Enables trouble shooting and debugging of a router without impacting data traffic - After shutting down the router gracefully, users can login to the router to debug or trouble shoot any problems.
An OSPF router exchanges topology information with neighboring routers for building routing tables. OSPF mechanism allows a user to configure MD5 or a simple password for authenticating an adjacent router before any information is exchanged. The OSPF generic TTL Security mechanism provides an additional security mechanism by ensuring that the neighboring OSPF router is exactly the number of hops away as specified in the configuration. When an OSPF router receives a message from another OSPF neighbor, it compares the TTL in IP header with the TTL that is configured for that neighbor. Only when the TTL matches, the OSPF router will process the message from the neighbor.
The flexible configuration of this feature allows the user to configure the TTL per OSPF process or per interface. When TTL is configured per OSPF process, this TTL is used to validate all neighbors on all interfaces on that router. If a TTL is configured on an interface, it will override the TTL configured at the process level.
Note: This feature needs to be configured on all neighboring routers so that these routers can insert the appropriate TTL value in the IP header.
Benefits
Easier and Simpler OSPF Security Mechanism - This feature provides an additional security mechanism that is easier and simpler by simply configuring the number of hops between two OSPF routers. This ensures that a remote hacker cannot form an adjacency with any OSPF router in the network.
Cisco IOS Scripting with Tool Command Language (Tcl) provides the ability to run Tcl version 8.3.4 commands from the Cisco IOS Software Command-Line Interface (CLI).
Tcl is a standard scripting language, and a partial implementation of Tcl has been in Cisco IOS Software in support of internal applications, such as Cisco IOS Software Interactive Voice Response (IVR).
Tcl version 8.3.4 provides support for the Embedded Syslog Manager (ESM) feature as well as exposing a Tcl Shell (tclsh) for use in the Cisco IOS Software CLI.
SNMP MIB Object Access
Designed to make access to Simple Network Management Protocol (SNMP) MIB objects easier, a set of UNIX-like SNMP commands has been created. The Tcl shell is enabled either manually or by using a Tcl script, and the new commands can be entered to allow you to perform specified get and set actions on MIB objects. To increase usability, the new commands have names similar to those used for UNIX SNMP access.
Benefits
• Powerful Scripting Capability - Powerful method of custom-processing the events or states within a router, and taking a variety of actions based on them.
• Easy to Learn - Industry standard language.
• Complete Coverage of Cisco IOS Software Commands - All Cisco IOS Software CLI commands may be referenced by Tcl scripts, in both EXEC and CONFIG mode.
• Customization of Cisco IOS Software Commands - Tcl scripts can be used to create customized commands, grouping multiple IOS commands, processing and customizing output, even creating auto-refreshing commands for real-time refresh at the CLI level.
Hardware
Routers
• Cisco 7600 Series Routers, Cisco 7200 Series Routers, Cisco 7301 Router
Embedded Syslog Manger (ESM) is a customizable framework integrated in Cisco IOS Software for correlating, augmenting, filtering, and routing syslog messages generated by the Cisco IOS logger. (See Figure 28.) ESM allows complete control over system message logging at the source. ESM provides a programmatic interface to allow you to write custom filters that meet your specific needs in dealing with system logging.
ESM allows the user to configure post-processing of syslog messages with selected ESM filters, via new message queue in parallel with standard Cisco IOS syslog message stream. Either filtered or non-filtered syslog streams may be configured for individual syslog destinations. ESM leverages the Cisco IOS Scripting (Tcl 8.3.4).
Figure 28. Embedded Syslog Manager Version 1.0
Benefits
• Customization - Fully customizable processing of system logging messages, with support for multiple, interfacing syslog collectors.
• Severity Escalation for Key Messages - Ability to configure unique severity levels for syslog messages instead of using the system-defined severity levels.
• Specific Message Targeting - Ability to route specific messages or message types, based on type of facility or type of severity, to different syslog collectors.
• SMTP-Base Email Alerts - Capability for notifications using TCP to external servers, such as TCP-based syslog collectors or Simple Mail Transfer Protocol (SMTP) servers.
• Message Limiting - Ability to limit and manage syslog "message storms" by correlating device-level events.
Hardware
Routers
• Cisco 7600 Series Routers, Cisco 7200 Series Routers, Cisco 7301 Router
The CNS Interactive CLI feature introduces a new XML interface that allows you to send interactive commands to a router, such as commands that generate prompts for user input.
Benefits
• Interactive commands can be aborted before they have been fully processed. For example, for commands that generate a significant amount of output, the XML interface can be customized to limit the size of the output or the length of time allowed for the output to accumulate.
• The capability to use a programmable interface to abort a command before its normal termination (similar to manually aborting a command) can greatly increase the efficiency of diagnostic applications that might use this functionality.
• The new XML interface also allows for multiple commands to be processed in a single session. The response for each command is packaged together and sent in a single response event.
Hardware
Routers
• Cisco 7600 Series Routers, Cisco 7200 Series Routers, Cisco 7301 Router
The Command Scheduler (KRON) Policy for System Startup feature enables support for the Command Scheduler upon system startup.
Command Scheduler has two basic processes. A policy list is configured containing lines of fully-qualified EXEC CLI commands to be run at the same time or same interval. One or more policy lists are then scheduled to run after a specified interval of time, at a specified calendar date and time, or upon system startup. Each scheduled occurrence can be set to run either once only or on a recurring basis.
Benefits
• The Command Scheduler allows customers to schedule fully-qualified EXEC mode CLI commands to run once, at specified intervals, at specified calendar dates and times, or upon system startup.
• Using the CNS image agent feature, remote routers residing outside a firewall or using Network Address Translation (NAT) addresses can use Command Scheduler to launch CLI at intervals, to update the image running in the router.
Hardware
Routers
• Cisco 7600 Series Routers, Cisco 7200 Series Routers, Cisco 7301 Router
The HTTP TACAC+ Accounting Support feature adds the ability to log accounting records for HTTP transfers to the Cisco IOS HTTP(S) 1.1 server.
Benefits
Network administrators track network changes by configuring an accounting mechanism. This is accomplished by installing an accounting server on the network and configuring each device connected to the network to log the state changes (or events) it experiences to this accounting server. State changes occur for several reasons such as the following:
• Administrator configuring the device
• Remote users configuring the device
• Local users configuring the device
Each such event is framed as an accounting record, which is sent to the accounting server.
The HTTP TACAC+ Accounting Support feature adds the capability to generate and log accounting records for these HTTP requested configuration changes.
Hardware
Routers
• Cisco 7600 Series Routers, Cisco 7200 Series Routers, Cisco 7301 Router
HTTP access over IPv6 is automatically enabled if an HTTP server is enabled and the router has an IPv6 address. If the HTTP server is not required, it should be disabled.
Hardware
Routers
• Cisco 7600 Series Routers, Cisco 7200 Series Routers, Cisco 7301 Router
The following sections include Release 12.2(33)SRB hardware and software feature highlights.
Like all Release 12.2SR releases, this release integrates innovations that span multiple technology areas, including Cisco IOS Carrier Ethernet, High Availability, Quality of Service, MPLS and VPNs, IP Addressing and Services, IP Multicast and Routing, and Infrastructure and Embedded Management.
Table 6. Release 12.2(33)SRB Highlights
Hardware
Carrier Ethernet
High Availability
Quality of Service
Cisco 7600 RSP720-3C-GE and RSP720-3CXL-GE
Cisco 7600 Series Ethernet Services 20 Gbps (ES20) Line Cards
1This functionality was first introduced to Release 12.2SR in Release 12.2(33)SRA.
Hardware
Cisco 7600 RSP720-3C-GE and RSP720-3CXL-GE
The Cisco 7600 Series Route Switch Processor 720 (RSP 720) is specifically designed to deliver high scalability, performance, and fast convergence required for today's and tomorrow's demanding voice, video, data, and mobility (quadruple-play) services. The Cisco 7600 RSP 720 offers Service Providers and Enterprises true service convergence with the ability to manage a wide variety of applications over a range of access mediums using a single platform. (See Figure 29.)
Figure 29. Cisco 7600 Route Switch Processor 720
The Cisco 7600 RSP 720 delivers a rich set of IP features in hardware for applications such as subscriber aggregation, IP forwarding, Layer 2 and Layer 3 MPLS VPNs, and Ethernet over MPLS (EoMPLS) with Quality of Service (QoS) and security features.
Release 12.2(33)SRB introduces support for the new Policy Feature Card (PFC-3C or PFC-3CXL), which performs Layer 2 and Layer 3 forwarding in hardware with constant performance, even with intensive features enabled such as ACLs, QoS, Generic Routing Encapsulation (GRE), or Network Address Translation (NAT).
Benefits
• Integrated 720G fabric, 40G per slot
• Integrated 2-port GE uplinks (2-port 10GE uplinks in future)
• Faster route computation and routing convergence
• Increased routing table capacity
• Faster system boot time >2x
• Support for larger system configuration files 2x
Hardware
Routers
• Chassis: Cisco 7604, 7606, 7606-S, 7609, 7609-S, and 7613
Cisco 7600 Series Ethernet Services 20 Gbps (ES20) Line Cards
The Cisco 7600 Series Ethernet Services 20 Gbps (ES20) Line Cards utilize an extensible design that enables service prioritization for voice, video, data, and wireless mobility services. (See Figure 30.) Service Provider and Enterprise customers benefit from the improved economics, density, advanced Carrier Ethernet features, and the high performance of the ES20 fixed-configuration line cards.
The ES20 programmable interface processors protect network investments and reduce total cost of ownership. The design maximizes connectivity options and offers superior service intelligence through programmable interface processors operating at line rate.
Figure 30. Cisco 7600 Series Ethernet Services 20 Gbps (ES20) Line Cards, 2-port 10GE and 20-port GE
Designed for Carrier Ethernet, IP/MPLS PE Edge in mid-size and smaller Service Provider and Enterprise WAN applications, the Cisco 7600 Series Ethernet Services 20G (7600-ES20) supports up to 20 Gbps of bandwidth with 20 ports of Gigabit or 2 ports of 10G Ethernet interface models. The cards feature hierarchical QoS, locally significant VLANs, and up to 32K VLAN IDs per line card for rich services at scale. The 7600-ES20 line cards provide the unique ability to combine both Layer 2 and Layer 3 services on the same line card. The combination of native Ethernet Layer 2 switching, bridging, VPLS, Ethernet over MPLS (EoMPLS), and Layer 3 IP/MPLS routing distinguishes this line card among other products on the market, particularly in Carrier Ethernet applications.
Benefits
• 2-port 10 GE or 20-port GE-Offers economical, high-density, high-performance, premium Carrier Ethernet services with excellent scalability
• Line rate with services enabled-Provides line-rate forwarding performance of 64-byte Ethernet frames on GE and 10 GE interfaces with services enabled
• 512 MB packet memory-Up to 200 ms combined bidirectional buffering
• Two (2), 20-Gbps Fabric Channels-Utilizes the 7600 Series 720-Gbps switch fabric for data forwarding; two (2) fabric channels are utilized that are not present in slots 1 through 8 on 7613 chassis
• Supports OIR of the ES20 Line Cards-Provides hitless OIR to minimize impact of add/change/remove operations
The Cisco 7606-S Router is a compact, high-performance router designed in a 6-slot form factor for deployment at the network edge, where robust performance and IP/Multiprotocol Label Switching (MPLS) services are necessary to meet the requirements of both Enterprises and Service Providers. (See Figure 31.) It enables Carrier Ethernet Service Providers to deploy an advanced network infrastructure that supports a range of IP video and triple-play (voice, video, and data) system applications in both the residential and business services markets. The Cisco 7606-S also delivers WAN and Metropolitan-Area Network (MAN) networking solutions at the Enterprise edge.
With a powerful combination of speed and services in a compact form factor, the Cisco 7606-S is an outstanding choice for multiple applications. Whether deployed as a high-speed WAN aggregator, as a device for peering, as a residential broadband services aggregator, or as a device for Metro Ethernet aggregation and uplink, the Cisco 7606-S meets requirements for redundancy, high availability, and rack density. In the Point-of-Presence (POP) data center or the metropolitan network, the Cisco 7606-S sets new standards as part of the industry-leading Cisco 7600 Series Routers.
Figure 31. Cisco 7606-S Router
As part of the Cisco 7600 Series, the Cisco 7606-S Router is an enhancement on the highly successful 6-slot chassis (Cisco 7606). This enhanced chassis delivers numerous design improvements, including:
• Improved failover mechanisms in the hardware, which when paired with the proper Cisco IOS® Software image, can achieve 100 ms failover
• Ability to deliver higher power of up to 750W per slot
• High-speed fan tray module with 5 speeds on a side-to-side airflow design
