Configuration Tasks
This section describes how to configure the Fast Ethernet and Gigabit Ethernet SPAs and includes information about verifying the configuration.
This section includes the following topics:
Required Configuration Tasks
This section lists the required configuration steps to configure the Fast Ethernet and Gigabit Ethernet SPAs. The commands in the section are applicable for both Fast Ethernet and Gigabit Ethernet SPAs; however, the examples below are for configuring a Gigabit Ethernet SPA. If you are configuring a Fast Ethernet SPA, replace the gigabitethernet command with the fastethernet command.
Some of the required configuration commands implement default values that might be appropriate for your network. If the default value is correct for your network, then you do not need to configure the command. These commands are indicated by “(As Required)” in the Purpose column.
Note
Cisco Discovery Protocol (CDP) is disabled by default on Cisco 7600 SIP-400 interfaces.
To configure the Fast Ethernet or Gigabit Ethernet SPAs, complete the following steps:
|
|
|
Step 1 |
Router# configure terminal |
Enters global configuration mode. |
Step 2 |
Router(config)# interface fastethernet slot / subslot / port [ . subinterface-number ] or Router(config)# interface gigabitethernet slot / subslot / port [ . subinterface-number ] or Router(config)# interface tengigabitethernet slot / subslot / port [ . subinterface-number ] |
Specifies the Fast Ethernet, Gigabit Ethernet or Ten Gigabit Ethernet interface to configure, where:
|
Step 3 |
Router(config-if)# ip address [ ip-address mask { secondary } | dhcp { client-id interface-name }{ hostname host-name }] |
Sets a primary or secondary IP address for an interface that is using IPv4, where:
- ip-address —Specifies the IP address for the interface.
- mask —Specifies the mask for the associated IP subnet.
- secondary —(Optional) Specifies that the configured address is a secondary IP address. If this keyword is omitted, the configured address is the primary IP address.
- dhcp —Specifies that IP addresses will be assigned dynamically using DHCP.
- client-id interface-name —Specifies the client identifier. The interface-name sets the client identifier to the hexadecimal MAC address of the named interface.
- hostname host-name —Specifies the hostname for the DHCP purposes. The host-name is the name of the host to be placed in the DHCP option 12 field.
Note The DHCP options with this command are not available for all Gigabit Ethernet SPAs and Fast Ethernet SPAs. |
Step 4 |
Router(config-if)# ip accounting mac-address { input | output } |
(Optional) Enables MAC address accounting. MAC address accounting provides accounting information for IP traffic based on the source and destination MAC addresses of the LAN interfaces, where:
- input —Specifies MAC address accounting for traffic entering the interface.
- output —Specifies MAC address accounting for traffic leaving the interface.
|
Step 5 |
Router(config-if)# mtu bytes |
(As Required) Specifies the maximum packet size for an interface, where:
- bytes— Specifies the maximum number of bytes for a packet.
The default is 1500 bytes. |
Step 6 |
Router(config-if)# standby [ group-number ] ip [ ip-address [ secondary ]] |
(Required for Hot Standby Router Protocol [HSRP] Configuration Only) Creates (or enables) the HSRP group using its number and virtual IP address, where:
- group-number —(Optional) Specifies the group number on the interface for which HSRP is being enabled. The range is 0 to 255; the default is 0. If there is only one HSRP group, you do not need to enter a group number.
- ip-address —( Optional on all but one interface if configuring HSRP) Specifies the virtual IP address of the hot standby router interface. You must enter the virtual IP address for at least one of the interfaces; it can be learned on the other interfaces.
- secondary —(Optional) Specifies the IP address is a secondary hot standby router interface. If neither router is designated as a secondary or standby router and no priorities are set, the primary IP addresses are compared and the higher IP address is the active router, with the next highest as the standby router.
This command enables HSRP but does not configure it further. For additional information on configuring HSRP, refer to the HSRP section of the Cisco IP Configuration Guide publication that corresponds to your Cisco IOS software release. |
Step 7 |
Router(config-if)# no shutdown |
Enables the interface. |
Specifying the Interface Address on a SPA
SPA interface ports begin numbering with “0” from left to right. Single-port SPAs use only the port number 0. To configure or monitor SPA interfaces, you need to specify the physical location of the SPA interface processor (SIP), SPA, and interface in the command-line-interface (CLI.) The interface address format is slot / subslot / port, where:
- slot —Specifies the chassis slot number in the Cisco 7600 series router where the SIP is installed.
- subslot —Specifies the secondary slot of the SIP where the SPA is installed.
- port —Specifies the number of the individual interface port on a SPA.
The following example shows how to specify the first interface (0) on a SPA installed in the first subslot of a SIP (0) installed in chassis slot 3:
Router(config)# interface serial 3/0/0
This command shows a serial SPA as a representative example, however the same slot / subslot / port format is similarly used for other SPAs (such as Asynchronous Transfer Mode [ATM] and packet over SONET [POS]) and other non-channelized SPAs.
Modifying the MAC Address on the Interface
The Gigabit Ethernet SPAs use a default MAC address for each port that is derived from the base address that is stored in the electrically erasable programmable read-only memory (EEPROM) on the backplane of the Cisco 7600 series router.
To modify the default MAC address of an interface to some user-defined address, use the following command in interface configuration mode:
|
|
Router(config-if)# mac-address ieee-address |
Modifies the default MAC address of an interface to some user-defined address, where:
- ieee-address— Specifies the 48-bit IEEE MAC address written as a dotted triple of four-digit hexadecimal numbers ( xxxx.yyyy.zzzz).
|
To return to the default MAC address on the interface, use the no form of the command.
Verifying the MAC Address
To verify the MAC address of an interface, use the show interfaces gigabitethernet privileged EXEC command and observe the value shown in the “address is” field.
The following example shows that the MAC address is 000a.f330.2e40 for interface 1 on the SPA installed in subslot 0 of the SIP installed in slot 2 of the Cisco 7600 series router:
Router# show interfaces gigabitethernet 2/0/1
GigabitEthernet2/0/1 is up, line protocol is up
Hardware is GigEther SPA, address is 000a.f330.2e40 (bia 000a.f330.2e40)
Internet address is 2.2.2.1/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Full-duplex, 1000Mb/s, link type is force-up, media type is SX
output flow-control is on, input flow-control is on
(Additional output removed for readability)
Gathering MAC Address Accounting Statistics
The ip accounting mac-address [ input | output ] command can be entered to enable MAC Address Accounting on an interface. After enabling MAC Address Accounting, MAC address statistics can be gathered by entering the show interfaces mac-accounting command.
Configuring HSRP
Hot Standby Router Protocol (HSRP) provides high network availability because it routes IP traffic from hosts without relying on the availability of any single router. HSRP is used in a group of routers for selecting an active router and a standby router. (An active router is the router of choice for routing packets; a standby router is a router that takes over the routing duties when an active router fails, or when preset conditions are met).
HSRP is enabled on an interface by entering the standby [ group-number ] ip [ ip-address [ secondary ]] command. The standby command is also used to configure various HSRP elements. This document does not discuss more complex HSRP configurations. For additional information on configuring HSRP, see the refer to the HSRP section of the Cisco IP Configuration Guide publication that corresponds to your Cisco IOS software release.
In the following HSRP configuration, standby group 2 on GigabitEthernet port 2/1/0 is configured at a priority of 110 and is also configured to have a preemptive delay should a switchover to this port occur:
Router(config)#
interface GigabitEthernet 2/1/0
Router(config-if)#
standby 2 ip 120.12.1.200
Router(config-if)#
standby 2 priority 110
Router(config-if)#
standby 2 preempt
Verifying HSRP
To display HSRP information, use the show standby command in EXEC mode:
Local state is Active, priority 100, may preempt
Next hello sent in 0:00:00
Hot standby IP address is 198.92.72.29 configured
Standby router is 198.92.72.21 expires in 0:00:07
Standby virtual mac address is 0000.0c07.ac00
Tracking interface states for 2 interfaces, 2 up:
Customizing VRRP
Customizing the behavior of Virtual Router Redundancy Protocol (VRRP) is optional. Be aware that as soon as you enable a VRRP group, that group is operating. It is possible that if you first enable a VRRP group before customizing VRRP, the router could take over control of the group and become the master virtual router before you have finished customizing the feature. Therefore, if you plan to customize VRRP, it is a good idea to do so before enabling VRRP.
To customize your VRRP configuration, use any of the following VRRP commands in Table 13-1 in interface configuration mode.
Table 13-1 VRRP Commands
|
|
Router(config-if)# vrrp group authentication text text-string |
Authenticates VRRP packets received from other routers in the group. If you configure authentication, all routers within the VRRP group must use the same authentication string, where:
- group—Virtual router group number for which authentication is being configured. The group number is configured with the vrrp ip command.
- text text-string—Authentication string (up to eight alphanumeric characters) used to validate incoming VRRP packets.
|
Router(config-if)# vrrp group description text |
Assigns a text description to the VRRP group, where:
- group—Virtual router group number.
- text—Text (up to 80 characters) that describes the purpose or use of the group.
|
Router(config-if)# vrrp group priority level |
Sets the priority level of the router within a VRRP group. The default value is 100, where:
- group—Virtual router group number.
- level —Priority of the router within the VRRP group. The range is from 1 to 254. The default is 100.
|
Router(config-if)# vrrp group preempt [delay seconds] |
Configures the router to take over as master virtual router for a VRRP group if it has a higher priority than the current master virtual router. This command is enabled by default. You can use it to change the delay, where:
- group—Virtual router group number of the group for which preemption is being configured. The group number is configured with the vrrp ip command.
- delay seconds—(Optional) Number of seconds that the router will delay before issuing an advertisement claiming master ownership. The default delay is 0 seconds.
|
Router(config-if)# vrrp group timers advertise [msec] interval |
Configures the interval between successive advertisements by the master virtual router in a VRRP group, where:
- group—Virtual router group number to which the command applies.
- msec—(Optional) Changes the unit of the advertisement time from seconds to milliseconds. Without this keyword, the advertisement interval is in seconds.
- interval—Time interval between successive advertisements by the master virtual router. The unit of the interval is in seconds, unless the msec keyword is specified. The default is 1 second.
|
Router(config-if)# vrrp group timers learn |
Configures the router, when it is acting as backup virtual router for a VRRP group, to learn the advertisement interval used by the master virtual router, where:
- group—Virtual router group number to which the command applies.
|
Enabling VRRP
To enable VRRP on an interface, use the following commands beginning in global configuration mode:
|
|
|
Step 1 |
Router(config)# interface type number |
Configures an interface, where:
- type—Interface type.
- number—Interface number.
|
Step 2 |
Router(config-if)# vrrp group ip ipaddress |
Enables VRRP on an interface and identifies the primary IP address of the virtual router, where:
- group—Virtual router group number to which the command applies.
- ipaddress—IP address of the virtual router.
|
Step 3 |
Router(config-if)# vrrp group ip ipaddress [secondary] |
(Optional) Enables VRRP on an interface. After you identify a primary IP address, you can use the vrrp ip command again with the secondary keyword to indicate additional IP addresses supported by this group, where:
- group—Virtual router group number to which the command applies.
- ipaddress—IP address of the virtual router.
- secondary—(Optional) Indicates additional IP addresses supported by this group.
|
Verifying VRRP
To verify VRRP, use either of the following commands in EXEC mode:
|
|
Router# show vrrp [brief | group] |
Displays a brief or detailed status of one or all VRRP groups on the router, where:
- brief—(Optional) Provides a summary view of the group information.
- group—(Optional) Virtual router group number of the group for which information is to be displayed. The group number is configured with the vrrp ip command.
|
Router# show vrrp interface type number [brief] |
Displays the VRRP groups and their status on a specified interface, where:
- type—Interface type.
- number—Interface number.
- brief—(Optional) Provides a summary view of the group information.
|
Modifying the Interface MTU Size
The Cisco IOS software supports three different types of configurable maximum transmission unit (MTU) options at different levels of the protocol stack:
- Interface MTU—Checked by the SPA on traffic coming in from the network. Different interface types support different interface MTU sizes and defaults. The interface MTU defines the maximum packet size allowable (in bytes) for an interface before drops occur. If the frame is smaller than the interface MTU size, but is not smaller than the minimum frame size for the interface type (such as 64 bytes for Ethernet), then the frame continues to process.
- IP MTU—Can be configured on an interface or subinterface and is used by the Cisco IOS software to determine whether fragmentation of a packet takes place. If an IP packet exceeds the IP MTU size, then the packet is fragmented.
- Tag or Multiprotocol Label Switching (MPLS) MTU—Can be configured on an interface or subinterface and allows up to six different labels, or tag headers, to be attached to a packet. The maximum number of labels is dependent on your Cisco IOS software release.
Different encapsulation methods and the number of MPLS MTU labels add additional overhead to a packet. For example, Subnetwork Access Protocol (SNAP) encapsulation adds an 8-byte header, dot1q encapsulation adds a 2-byte header, and each MPLS label adds a 4-byte header ( n labels x 4 bytes).
For the Fast Ethernet and Gigabit Ethernet SPAs on the Cisco 7600 series router, the default MTU size is 1500 bytes. When the interface is being used as a Layer 2 port, the maximum configurable MTU is 9216 bytes. The SPA automatically adds an additional 22 bytes to the configured MTU size to accommodate some of the additional overhead.
Interface MTU Configuration Guidelines
When configuring the interface MTU size on a Fast Ethernet and Gigabit Ethernet SPA on a Cisco 7600 series router, consider the following guidelines:
- The default interface MTU size accommodates a 1500-byte packet, plus 22 additional bytes to cover the following additional overhead:
–
Layer 2 header—14 bytes
–
Dot1q header—4 bytes
–
CRC—4 bytes
Note
Depending on your Cisco IOS software release, a certain maximum number of MPLS labels are supported. If you need to support more than two MPLS labels, then you need to increase the default interface MTU size.
- If you are using MPLS, be sure that the mpls mtu command is configured for a value less than or equal to the interface MTU.
- If you are using MPLS labels, then you should increase the default interface MTU size to accommodate the number of MPLS labels. Each MPLS label adds 4 bytes of overhead to a packet.
Interface MTU Guidelines for Layer 2 Ports
On Layer 2 ports, it is important to understand the idea of the jumbo MTU. The jumbo MTU can be configured using the system jumbomtu command, although this command is only supported under the following scenarios:
- The port is a member of a Layer 2 EtherChannel.
- The new MTU size on the Layer 2 port is less than the currently configured maximum MTU for the port.
If neither of the above conditions applies to your configuration, neither does “jumbo MTU.”
Note
Fast Ethernet SPAs cannot function as Layer 2 ports.
Interface MTU Configuration Task
To modify the MTU size on an interface, use the following command in interface configuration mode:
|
|
Router(config-if)# mtu bytes |
Configures the maximum packet size for an interface, where:
- bytes— Specifies the maximum number of bytes for a packet.
The default is 1500 bytes and the maximum configurable MTU is 9216 bytes. |
To return to the default MTU size, use the no form of the command.
Verifying the MTU Size
To verify the MTU size for an interface, use the show interfaces gigabitethernet privileged EXEC command and observe the value shown in the MTU field.
The following example shows an MTU size of 1500 bytes for interface port 1 (the second port) on the Gigabit Ethernet SPA installed in the top subslot (0) of the SIP that is located in slot 2 of the Cisco 7600 series router:
Router# show interfaces gigabitethernet 2/0/1
GigabitEthernet2/0/1 is up, line protocol is up
Hardware is GigEther SPA, address is 000a.f330.2e40 (bia 000a.f330.2e40)
Internet address is 2.2.2.1/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Configuring the Encapsulation Type
By default, the interfaces on the Fast Ethernet and Gigabit Ethernet SPAs support Advanced Research Projects Agency (ARPA) encapsulation. They do not support configuration of service access point or SNAP encapsulation for transmission of frames; however, the interfaces will properly receive frames that use service access point and SNAP encapsulation.
The only other encapsulation supported by the SPA interfaces is IEEE 802.1Q encapsulation for virtual LANs (VLANs).
Configuring Autonegotiation on an Interface
Fast Ethernet and Gigabit Ethernet interfaces use a connection-setup algorithm called autonegotiation. Autonegotiation allows the local and remote devices to configure compatible settings for communication over the link. Using autonegotiation, each device advertises its transmission capabilities and then agrees upon the settings to be used for the link.
For the Fast Ethernet and Gigabit Ethernet interfaces on the Cisco 7600 series router, flow control is autonegotiated when autonegotiation is enabled. Autonegotiation is enabled by default.
The following guidelines should be followed regarding autonegotiation:
- If autonegotiation is disabled on one end of a link, it must be disabled on the other end of the link. If one end of a link has autonegotiation disabled while the other end of the link does not, the link will not come up properly on both ends.
- Autonegotiation is not supported on the 10-Port Gigabit Ethernet SPA on the Cisco 7600 SIP-600.
- Flow control can be configured separately of autonegotiation when Ethernet SPAs are installed in a Cisco 7600 SIP-600.
- Flow control is enabled by default.
- Flow control will be on if autonegotiation is disabled on both ends of the link.
- Flow control cannot be disabled on a Fast Ethernet SPA.
Disabling Autonegotiation
Autonegotiation is automatically enabled and can be disabled on the Fast Ethernet interfaces on the Cisco 7600 SIP-200, and the Gigabit Ethernet interfaces on the Cisco 7600 SIP-400 or Cisco 7600 SIP-600. During autonegotiation, advertisement for flow control, speed, and duplex occurs. If the Gigabit Ethernet interface is connected to a link that has autonegotiation disabled, autonegotiation should either be re-enabled on the other end of the link or disabled on the Fast Ethernet or Gigabit Ethernet SPA, if possible. Both ends of the link will not come up properly if only one end of the link has disabled autonegotiation.
Note
Speed and duplex configurations are negotiated using autonegotiation. However, the only values that are negotiated are 100 Mbps for speed and full-duplex for duplex for Fast Ethernet SPAs, and 1000 Mbps for speed and full-duplex for duplex for Gigabit Ethernet SPAs. Therefore, from a user’s perspective, these settings are not negotiated, but enabled using autonegotiation.
To disable autonegotiation on Fast Ethernet or Gigabit Ethernet SPAs, use the following commands in interface configuration mode:
|
|
Router(config-if)# no negotiation auto |
Disables autonegotiation on a Fast Ethernet SPA interface on the Cisco 7600 SIP-200 or a Gigabit Ethernet SPA interfaces on the Cisco 7600 SIP-400. No advertisement of flow control occurs. |
Router(config-if)# speed nonegotiate |
Disables autonegotation of speed on Gigabit Ethernet SPA interfaces on the Cisco 7600 SIP-600. |
Enabling Autonegotiation
Autonegotiation is automatically enabled and can be disabled unless it is on a SPA installed in a Cisco 7600 SIP-400, or on a 10-Port Gigabit Ethernet SPA, 5-Port Gigabit Ethernet SPA, or a 10-Port Gigabit Ethernet SPA when installed in a Cisco 7600 SIP-600. See the “Configuring Flow Control for an Ethernet SPA Interface on a Cisco 7600 SIP-600” section. To re-enable autonegotiation on a Fast Ethernet or Gigabit Ethernet interface, use the following commands in interface configuration mode:
|
|
Router(config-if)# negotiation auto |
Enables autonegotiation on a Fast Ethernet SPA interface on a Cisco 7600 SIP-200 or a Gigabit Ethernet SPA interfaces on the Cisco 7600 SIP-400. Advertisement of flow control occurs. |
Router(config-if)# no speed nonegotiate |
Re-enables autonegotation on Gigabit Ethernet SPA interfaces on the Cisco 7600 SIP-600. |
SFP-GE-T Support
The SFP-GE-T supports speeds of 10 Mbps, 100 Mbps, and 1000 Mbps. Speed is not autonegotiated; you must configure it using the speed command. Only full-duplex mode is supported.
Note
Because autonegotiation of full-duplex is not supported, you must manually configure full-duplex mode.
You can configure each Ethernet interface independently using any combination of 10 Mbps, 100 Mbps, or 1000 Mbps.
To set the interface speed, use the following command in the interface configuration mode:
|
|
Router(config-if)# speed {10 | 100 | 1000 | auto} |
Configures the interface speed. Accepted values are:
- 10 for 10 Mbps operation
- 100 for 100 Mbps operation
- 1000 for 1000 Mbps operation
|
Configuring an Ethernet VLAN
For information on configuring Ethernet VLANs, see the “Creating or Modifying an Ethernet VLAN” section of the “Configuring VLANs” chapter in the Cisco 7600 Series Cisco IOS Software Configuration Guide publication that corresponds to your Cisco IOS software release.
Configuring a Subinterface on a VLAN
You can configure subinterfaces on the Fast Ethernet SPA interfaces and Gigabit Ethernet SPA interfaces on a VLAN using IEEE 802.1Q encapsulation. Cisco Discovery Protocol (CDP) is disabled by default on the 2-Port Gigabit Ethernet SPA interfaces and subinterfaces on the Cisco 7600 SIP-400.
To configure a SPA subinterface on a VLAN, use the following commands beginning in interface configuration mode:
Note
On any Cisco 7600 SIP-600 Ethernet port subinterface using VLANs, a unique VLAN ID must be assigned. This VLAN ID cannot be in use by any other interface on the Cisco 7600 series router.
|
|
|
Step 1 |
Router(config)# interface fastethernet slot / subslot / port . subinterface-number or Router(config)# interface gigabitethernet slot / subslot / port . subinterface-number or Router(config)# interface tengigabitethernet slot / subslot / port . subinterface-number |
Specifies the Fast Ethernet, Gigabit Ethernet or Ten Gigabit Ethernet interface to configure, where:
|
Step 2 |
Router(config-subif)# encapsulation dot1q vlan-id |
Defines the encapsulation format as IEEE 802.1Q (“dot1q”), where vlan-id is the number of the VLAN (1–4094). |
Step 3 |
Router(config-if)# ip address ip-address mask [ secondary ] |
Sets a primary or secondary IP address for an interface, where:
- ip-address —Specifies the IP address for the interface.
- mask —Specifies the mask for the associated IP subnet.
- secondary —(Optional) Specifies that the configured address is a secondary IP address. If this keyword is omitted, the configured address is the primary IP address.
|
Verifying Subinterface Configuration on a VLAN
To verify the configuration of a subinterface and its status on the VLAN, use the show vlans privileged EXEC command.
The following example shows the status of subinterface number 1 on port 0 on the SPA in VLAN number 200:
VLAN ID:200 (IEEE 802.1Q Encapsulation)
Protocols Configured: Received: Transmitted:
VLAN trunk interfaces for VLAN ID 200:
GigabitEthernet4/1/0.1 (200)
Total 0 packets, 0 bytes input
Total 2 packets, 120 bytes output
Configuring Layer 2 Switching Features
The Cisco 7600 series router supports simultaneous, parallel connections between Layer 2 Ethernet segments. After you review the SPA-specific guidelines described in this document, refer to the “Configuring Layer 2 Ethernet Interfaces” section of the Cisco 7600 Series Router Cisco IOS Software Configuration GuideCatalyst 6500 Series Switch Cisco IOS Software Configuration Guide, 12.2SX for more information about configuring the Layer 2 switching features.
Configuring Multipoint Bridging
Multipoint bridging (MPB) enables the connection of multiple ATM PVCs, Frame Relay permanent virtual circuits (PVCs), Bridging Control Protocol (BCP) ports, and WAN Gigabit Ethernet subinterfaces into a single broadcast domain (virtual LAN), together with the LAN ports on that VLAN. This enables service providers to add support for Ethernet-based Layer 2 services to the proven technology of their existing ATM and Frame Relay legacy networks. Customers can then use their current VLAN-based networks over the ATM or Frame Relay cloud. This also allows service providers to gradually update their core networks to the latest Gigabit Ethernet optical technologies, while still supporting their existing customer base.
For MPB configuration guidelines and restrictions and feature compatibility tables, see the “Configuring Multipoint Bridging” section.
Configuring the Bridging Control Protocol
The Bridging Control Protocol (BCP) enables forwarding of Ethernet frames over SONET networks and provides a high-speed extension of enterprise LAN backbone traffic through a metropolitan area. The implementation of BCP on the SPAs includes support for IEEE 802.1D, IEEE 802.1Q Virtual LAN (VLAN), and high-speed switched LANs.
For BCP configuration guidelines and restrictions and feature compatibility tables, see the “BCP Feature Compatibility” section of Chapter5, “Configuring the SIPs and SSC”
Configuring AToM over GRE
MPLS over generic routing encapsulation (MPLSoGRE) encapsulates MPLS packets inside IP tunnels, creating a virtual point-to-point link across non-MPLS networks. This allows users of primarily MPLS networks to continue to use existing non-MPLS legacy networks until migration to MPLS is possible. AToM (any transport over MPLS) over GRE includes support the following transports:
- ATM over MPLS
- Frame Relay over MPLS (FRoMPLS)
- High-Level Data Link Control (HDLC) over MPLS
- Scalable Ethernet over MPLS (EoMPLS)
- Circuit Emulation over Packet (CEoP)
- Hardware-based EoMPLS
AToMoGRE is supported only on the following hardware:
- SIP-400, 5x1 GE SPA, 2x1 GE SPA (Core facing)
- ATM SPA (SPA-2xOC3-ATM, SPA-4xOC3-ATM, SPA-1xOC12-ATM, SPA-1xOC48-ATM, CEoPs SPA (such as OC3, 24T1/E1) with Inverse Multiplexing (IMA) support, and all Ethernet interfaces
- Sup32, Sup720, RSP720
AToMoGRE supports the following features:
Figure 13-1 PE-to-PE GRE Tunnel
Figure 13-2 P-to-PE GRE Tunnel
Figure 13-3 P-to-P GRE Tunnel
- IPv4 on customer edge (CE) facing interfaces.
- IPv4 on core facing interfaces.
- GRE 4-byte headers (no option fields).
- Nondedicated physical interface supporting both tunneled and nontunneled traffic.
- Multiple routes for the tunnel between the Cisco 7600 SIP-400 physical interface or subinterface and the IP cloud may exist. The routing protocol will pick only one route for MPLSoGRE traffic.
- No software-imposed limit on the maximum number of tunnels. The Cisco 7600 SIP-400 supports a maximum number of 128 tunnels. Tunnel traffic can be routed through Cisco 7600 SIP-400 main interfaces or subinterfaces.
- The Cisco 7600 SIP-400 physical interface or subinterface used for the tunnel endpoint can be used to carry native MPLS and AToMoMPLS and its variations: Hardware-based EoMPLS, FRoMPLS, PPPoMPLS, HDLCoMPLS, Scalable EoMPLS, and CEoP.
Note
Switched Virtual Interfaces (SVI) are not supported with MPLSoGRE.
AToMoGRE Configuration Guidelines
The following guidelines apply to AToMoGRE:
- Ingress/egress features are not supported on the tunnel interface; they are supported on the physical interface or subinterface.
- Unsupported GRE options are: sequencing, checksum, key, source route.
- Some tunnel options are not supported: Carry Security Options of Client Packet, Unidirectional Link Routing, Mobile IP Path MTU Discovery.
- The Cisco 7600 SIP-400 physical interface or subinterface used for the tunnel endpoint cannot be used to carry Software-based EoMPLS and VPLS. Advanced features such as Carrier Supporting Carrier (CSC) and Inter-Autonomous Systems (Inter-AS) are not supported.
- AToM over GRE cannot be combined with the AToM Tunnel Select feature.
Configuring mVPNoGRE
The multicast Virtual Private Network over generic routing encapsulation (mVPNoGRE) provides a mechanism to send unicast and multicast packets across a non-MPLS network. This is accomplished by creating a GRE tunnel across the non-MPLS network. When MPLS (unicast VRF) or mVPN (multicast VRF) packets are sent across the non-MPLS network, they are encapsulated within a GRE packet and transverse the non-MPLS network through the GRE tunnel. Upon receiving the GRE packet at the other side of the non-MPLS network, it removes the GRE header and forwards the inner MPLS or unicast VRF or mVPN packet to its final destination.
Note
For mVPNoGRE, there is one outer packet and two inner packets. The outer packet is unicast GRE. The first inner packet is multicast GRE (mVPN), and the second inner packet is normal (customer) multicast.
Note
mVPNoGRE is not supported on Fast Ethernet SPAs on the Cisco 7600 SIP-200.
PE-to-PE Tunneling
mVPNoGRE uses the Provider Edge-to-Provider Edge (PE-to-PE) tunneling variation. mVPNoGRE provides a scalable way to connect multiple customer networks across a non-MPLS network. It does this by multiplexing traffic destined to multiple customer networks through a single GRE tunnel.
On each side of the non-MPLS network, each Customer Edge (CE) router is assigned a VPN Routing and Forwarding (VRF) number by the PE router. The IP networks behind the CE routers are learned by the PE router through a routing protocol such as BGP, OSPF or RIP. Routes to these networks are then stored in the VRF routing table for that CE router.
The PE router on one side of the non-MPLS network is learned by the PE router on the other side of the non-MPLS network though a routing protocol running within the non-MPLS network. Routes between the PE routers are stored in the main or default routing table.
Routes of the customer networks behind the PE router are learned by the other PE router through BGP and are not known to the non-MPLS network. This is accomplished by defining a static route to the BGP neighbor (the other PE router) through a GRE tunnel across the non-MPLS network. When routes are learned from the BGP neighbor, they will have the next-hop of the GRE tunnel and thus all customer network traffic will be sent using the GRE tunnel.
GRE Tunnel Attached to a Cisco 7600 SIP-400 Interface or Subinterface
For the Cisco 7600 series router to perform the MPLS and mVPN processing and have the Cisco 7600 SIP-400 perform the GRE processing, interfaces or subinterfaces must have an IP address. The MPLS and protocol independent multicast (PIM) configuration must be on the tunnel interface. The Cisco 7600 series router views the Cisco 7600 SIP-400 main interface or subinterface as an MPLS or PIM interface, so MPLS and mVPN processing is performed, and provides the Cisco 7600 SIP-400 with the correlation information needed to perform GRE processing.
Tunnel Interface Configuration
The ip pim sparse-mode command must be configured on the tunnel interface. It should not be configured on the physical interface or subinterface facing core. It is automatically configured on the Cisco 7600 SIP-400 interface or subinterface when a tunnel is attached to the interface or subinterface. The tunnel source IP address is typically a lookback address.
Displaying Unicast Routes
The display of unicast routes (Main Routing Table) shows the next hop for the BGP neighbor to be the Cisco 7600 SIP-400 interface or subinterface. On a router that natively supports this feature, the next hop for the BGP neighbor is the tunnel interface.
The following example shows the output from the show ip route command:
router# show ip route | inc Tunnel
S 4.4.4.4 is directly connected, Tunnel0
C 1.0.0.0 is directly connected, Tunnel0
Displaying Multicast Routes
The display of multicast routes (groups) shows the output interface for the 239.0.0.0/8 group to be the Cisco 7600 SIP-400 interface or subinterface. On a router that natively supports this feature, the output interface is the tunnel interface.
The following example shows the output from the show ip mroute command:
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group
V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 224.0.1.40), 01:23:02/00:03:22, RP 2.2.2.2, flags: SJCL
Incoming interface: Null, RPF nbr 0.0.0.0
Tunnel0, Forward/Sparse-Dense, 00:03:45/00:03:22
Loopback0, Forward/Sparse-Dense, 01:23:02/00:02:30
(*, 239.1.1.2), 01:23:01/00:02:35, RP 2.2.2.2, flags: SJCZ
Incoming interface: Null, RPF nbr 0.0.0.0
Tunnel0, Forward/Sparse-Dense, 00:03:45/00:02:34
MVRF vpn1, Forward/Sparse-Dense, 01:23:01/00:02:12
(2.2.2.2, 239.1.1.2), 01:22:50/00:03:29, flags: T
Incoming interface: Loopback0, RPF nbr 0.0.0.0, RPF-MFD
Tunnel0, Forward/Sparse-Dense, 00:03:45/00:02:54, H
(4.4.4.4, 239.1.1.2), 00:03:33/00:02:59, flags: TZ
Incoming interface: Tunnel0, RPF nbr 1.0.0.2, RPF-MFD
MVRF vpn1, Forward/Sparse-Dense, 00:03:33/00:02:26, H
(*, 239.1.1.1), 01:23:01/stopped, RP 2.2.2.2, flags: SJCZ
Incoming interface: Null, RPF nbr 0.0.0.0
MVRF vpn3, Forward/Sparse-Dense, 01:23:01/00:02:11
(2.2.2.2, 239.1.1.1), 01:22:50/00:02:59, flags: PT
Incoming interface: Loopback0, RPF nbr 0.0.0.0, RPF-MFD
Outgoing interface list: Null
router# show ip mroute vrf vpn1
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group
V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 224.0.1.40), 01:23:11/00:02:24, RP 200.200.200.200, flags: SJCL
Incoming interface: Null, RPF nbr 0.0.0.0
Loopback200, Forward/Sparse-Dense, 01:23:11/00:02:24
Tunnel16, Forward/Sparse-Dense, 00:03:40/00:02:32
(*, 224.1.2.3), 00:02:43/stopped, RP 200.200.200.200, flags: S
Incoming interface: Null, RPF nbr 0.0.0.0
Tunnel16, Forward/Sparse-Dense, 00:02:43/00:02:43
(100.0.1.2, 224.1.2.3), 00:00:17/00:03:20, flags: T
Incoming interface: GigabitEthernet2/0/0.1, RPF nbr 0.0.0.0, RPF-MFD
Tunnel16, Forward/Sparse-Dense, 00:00:17/00:03:12, H
(*, 224.1.2.2), 00:02:43/stopped, RP 200.200.200.200, flags: S
Incoming interface: Null, RPF nbr 0.0.0.0
Tunnel16, Forward/Sparse-Dense, 00:02:44/00:02:42
(100.0.1.2, 224.1.2.2), 00:00:18/00:03:20, flags: T
Incoming interface: GigabitEthernet2/0/0.1, RPF nbr 0.0.0.0, RPF-MFD
Tunnel16, Forward/Sparse-Dense, 00:00:18/00:03:11, H
(*, 224.1.2.1), 00:02:44/stopped, RP 200.200.200.200, flags: S
Incoming interface: Null, RPF nbr 0.0.0.0
Tunnel16, Forward/Sparse-Dense, 00:02:44/00:02:44
(100.0.1.2, 224.1.2.1), 00:00:19/00:03:19, flags: T
Incoming interface: GigabitEthernet2/0/0.1, RPF nbr 0.0.0.0, RPF-MFD
Tunnel16, Forward/Sparse-Dense, 00:00:19/00:03:10, H
Displaying Tunnel-to-Interface Mappings
The show cwan mplsogre command displays the tunnel-to-interface mappings. The following example illustrates the output of the show cwan mplsogre command:
Router# show cwan mplsogre
IP Address: 6.0.0.1 IP Mask: 255.0.0.0
IP Address: 8.0.0.1 IP Mask: 255.0.0.0
Src Address: 6.0.0.1, Dst Address: 7.0.0.1
Static Routes to Tunnel: 1
IP Address: 4.0.0.1 IP Mask: 255.255.255.255
Scalable EoMPLS
In Cisco IOS Release 12.2(33)SRA and later, Scalable EoMPLS now allows a Cisco 7600 SIP-400-based line card to face the CE. This configuration allows the platform to scale the number of EoMPLS virtual connections (VCs) that it can support from 4K to 12K. When AToM xconnect commands are placed on Cisco 7600 SIP-400 subinterfaces, the line card performs AToM imposition and disposition. Supervisor hardware will perform only MPLS switching on traffic from these interfaces. Additionally, configuring xconnect commands on Cisco 7600 SIP-400 subinterfaces will not consume globally significant VLANs on a per-xconnect basis. This change also provides the ability to support FRR on EoMPLS VCs with the same model as other CEF/MFI-based AToM configurations.
To achieve this scalability, Cisco 7600 SIP-400 must be the CE facing line card as opposed to the current model of a LAN line card facing the CE. With Cisco 7600 SIP-400 configured for Scalable EoMPLS, any line card capable of switching MPLS packets may be core facing.
On a Sup720 system, configuring EoMPLS under a non-VLAN interface is considered hardware-based EoMPLS. Configuring EoMPLS on a VLAN interface is considered to be software-based MPLS. Configuring EoMPLS on Cisco 7600 SIP-400 subinterfaces is considered to be Scalable EoMPLS.
Configuring Flow Control Support on the Link
Flow control is turned on or off based on the result of autonegotiation. Flow control is not supported on the Cisco 7600 SIP-200 and Cisco 7600 SIP-400, so it will always negotiate to off. Flow control can be configured independently of autonegotiation on the Cisco 7600 SIP-600. For information on this process, see the “Configuring Autonegotiation on an Interface” section.
This section discusses the following topics:
Verifying Flow Control Status for an Ethernet SPA Interface on a Cisco 7600 SIP-200
The following example shows how to verify that flow control pause frames are being transmitted and received for a Fast Ethernet SPA on the Cisco 7600 SIP-200.
Router# show hw sub 2 counter mac
Show counters info for Subslot 2:
good_octets_received: 2046026640038
good_frames_received: 31969140675
broadcast_frames_received: 2
multicast_frames_received: 3562
good_octets_sent: 1373554315151
good_frames_sent: 22892514199
unrecog_mac_control_received: 0
rx_over_flow_events: 234082101
tx_fifo_full_packet_drops : 0
spi4_rx_frames: 2814271686
spi4_tx_frames: 1328805298
Verifying Flow Control Status for a Gigabit Ethernet SPA Interface on a Cisco 7600 SIP-400
To verify flow control status on a Gigabit Ethernet interface on a SPA, use the show interfaces gigabitethernet privileged EXEC command and view the “output flow-control is” and “input flow-control is” output lines to see if input and output flow control is on or off. The “pause input” and “pause output” counters of the output of this command can be used to view the number of pause frames sent or received by the interface.
The following example shows that zero pause frames have been transmitted and received by the MAC device for interface port 1 (the second port) on the SPA located in subslot 0 of the SIP that is installed in slot 2 of the Cisco 7600 series router:
Router# show interfaces gigabitethernet 2/0/1
GigabitEthernet2/0/1 is up, line protocol is up
Hardware is GigEther SPA, address is 000a.f330.2e40 (bia 000a.f330.2e40)
Internet address is 2.2.2.1/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Full-duplex, 1000Mb/s, link type is force-up, media type is SX
output flow-control is off, input flow-control is off
ARP type: ARPA, ARP Timeout 04:00:00
Last input 03:18:49, output 03:18:44, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
1703 packets input, 638959 bytes, 0 no buffer
Received 23 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog, 1670 multicast, 0 pause input
1715 packets output, 656528 bytes, 0 underruns
0 output errors, 0 collisions, 4 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier, 0 pause output
0 output buffer failures, 0 output buffers swapped out
Configuring Flow Control for an Ethernet SPA Interface on a Cisco 7600 SIP-600
On the Cisco 7600 SIP-600, flow control can be configured on Ethernet SPA interfaces by entering the flowcontrol send command to configure the interface to transmit pause frames or the flowcontrol receive command to configure the interface to receive pause frames.
|
|
Router(config-if)# flowcontrol send [desired | off | on] |
Enables transmission of outgoing pause frames. The following options can be configured with this command:
- desired—Allows, but does not require, outgoing pause frames to leave the interface.
- off—Disables transmission of outgoing pause frames.
- on—Enables transmission of outgoing pause frames.
|
Router(config-if)# flowcontrol receive [desired | off | on] |
Enables the interface to receive incoming pause frames. The following options can be configured with this command:
- desired—Allows, but does not require, the interface to receive incoming pause frames.
- off—Does not allow incoming pause frames to enter the interface.
- on—Allows incoming pause frames to enter the interface.
|
Note
When a user configures flow control for either the transmit or receive direction, it is automatically enabled for both transmit and receive directions simultaneously.
Fast Ethernet SPAs have flow control enabled by default and it cannot be disabled.
Configuring 2-Port Gigabit Synchronous Ethernet SPA in Unicast Mode
In unicast mode, the slave port and the master port need to know each other’s IP address. Unicast mode has one to one mapping between the slave and the master. One master can have just one slave and vice-versa. Unicast mode is not a good option for scalability.
The command used for configuring 2-Port Gigabit Synchronous Ethernet SPA on unicast mode is clock-port.
|
|
Router(config-ptp-clk)#clock-port |
Configures 2-Port Gigabit Synchronous Ethernet SPA on unicast mode. The following options can be configured with this command:
|
Before configuring 2-Port Gigabit Synchronous Ethernet SPA on different modes, you need to configure the ToP 32 bit mask IP address. Note that ToP interface is addressed as ToP slot/subslot/2.
The following example shows the configuration of ToP 32 bit mask IP address:
Router(config)#int top2/0/2
Router(config-if)#ip address 8.8.8.2 255.255.255.255
Router#sh run int top2/0/2
Building configuration...
Current configuration : 72 bytes
ip address 8.8.8.2 255.255.255.255
The following example shows the configuration of 2-Port Gigabit Synchronous Ethernet SPA on the unicast mode:
Router# configure terminal
Router(config)# ptp clock ordinary domain 0
Router(config-ptp-clk) clock-port SLAVE slave
Router(config-ptp-port)# transport ipv4 unicast interface ToP5/2/2
Router(config-ptp-port)# clock-source 8.8.8.1
Router(config)# ptp clock ordinary domain 0
Router(config-ptp-clk)# clock-port MASTER Master
Router(config-ptp-port)# transport ipv4 unicast interface ToP5/2/2
Router(config-ptp-port)#clock destination 8.8.8.2
Router(config-ptp-port)#sync interval <>
Router (config-ptp-port)#announce interval <>
Configuring 2-Port Gigabit Synchronous Ethernet SPA in Unicast Neg Mode
In unicast neg mode, master port knows the slave port at the outset. Slave port sends negotiation TLV when active and master port figures out that there is some slave port for synchronization. Unicast neg mode is a good option for scalability as one master has multiple slaves.
The command used for configuring 2-Port Gigabit Synchronous Ethernet SPA on unicast neg mode is clock-port.
|
|
Router(config-ptp-clk)#clock-port |
Configures 2-Port Gigabit Synchronous Ethernet SPA on unicast neg mode. The following options can be configured with this command:
|
The following example shows the configuration of 2-Port Gigabit Synchronous Ethernet SPA on the unicast neg mode:
Router# configure terminal
Router(config)# ptp clock ordinary domain 0
Router(config-ptp-clk) clock-port SLAVE slave
Router(config-ptp-port)# transport ipv4 unicast interface ToP5/2/2 negotiation
Router(config-ptp-port)# clock-source 8.8.8.1
Router(config)# ptp clock ordinary domain 0
Router(config-ptp-clk)# clock-port MASTER Master
Router(config-ptp-port)# transport ipv4 unicast interface ToP5/2/2 negotiation
Router(config-ptp-port)#sync interval <>
Router (config-ptp-port)#announce interval <>
Configuring 2-Port Gigabit Synchronous Ethernet SPA in Multicast Mode
In multicast mode, the master port sends sync message and announce on 224.0.1.129. The master port explicitly specifies multicast egress interface. The slave receives multicast message from the master port and gets to know master port’s IP address. To this IP address, slave port sends a unicast delay request. Master sends delay response back to slave port’s ip addreess in unicast mode. Multi cast mode is a good option for scalability as master needs to send just one set of sync messages instead of as many as number of slaves port.
The command used for configuring 2-Port Gigabit Synchronous Ethernet SPA on multicast mode is clock-port.
|
|
Router(config-ptp-clk)#clock-port |
Configures 2-Port Gigabit Synchronous Ethernet SPA on multicast mode. The following options can be configured with this command:
|
The following example shows the configuration of 2-Port Gigabit Synchronous Ethernet SPA on the multicast mode:
Router# configure terminal
Router(config)# ptp clock ordinary domain 0
Router(config-ptp-clk) clock-port SLAVE slave
Router(config-ptp-port)# transport ipv4 multicast-mix interface ToP5/2/2 negotiation
Router(config)# ptp clock ordinary domain 0
Router(config)# multicast-source Gi3/3
Router(config)# multicast-source Vlan100
Router(config-ptp-clk)# clock-port MASTER Master
Router(config-ptp-port)# transport ipv4 multicast-mix interface ToP5/2/2 negotiation
Router(config-ptp-port)#sync interval <>
Router (config-ptp-port)#announce interval <>
Verifying the PTP modes
Use the show ptp clock dataset current command to display the sample output.
Router#show ptp clock dataset current
CLOCK [Ordinary Clock, domain 0]
Offset From Master: 757720306ns
Use the show ptp clock dataset default command to display the sample output.
Router#show ptp clock dataset default
CLOCK [Ordinary Clock, domain 0]
Clock Identity: 0x0:A:8B:FF:FF:5C:A:80
Accuracy: Greater than 10s
Offset (log variance): 52592
Use the ptp clock dataset parent domain command to display the sample output.
Router# show ptp clock dataset parent domain 0
CLOCK [Ordinary Clock, domain 0]
Observed Parent Offset (log variance): 65535
Observed Parent Clock Phase Change Rate: 0
Identity: 0x0:D0:4:FF:FF:B8:6C:0
Offset (log variance): 52592
Use the show ptp clock dataset time-properties domain command to display the sample output.
Router# show ptp clock dataset time-properties domain 0
CLOCK [Ordinary Clock, domain 0]
Current UTC Offset Valid: TRUE
Frequency Traceable: TRUE
Configuring ToD on 1588V2 Master
These commands are used to configure ToD on a 1588V2 master:
|
|
Router(config-ptp-clk)# tod <slot>/<subslot> <Cisco/ntp/ubx> |
Configures ToD on 1588V2. |
Router(config-ptp-clk)# input 1pps <slot>/<subslot> |
Provides the input to the master. |
This example shows the configuration of ToD on 1588V2 Master:
Router(config)# ptp clock ordinary domain 0
Router(config-ptp-clk)# tod 3/3 cisco
Router(config-ptp-clk)# input 1pps 3/3
Router(config-ptp-clk)# clock-port MASTER master
Router(config-ptp-clk)# transport ipv4 unicast interface Gi3/3/1 negotiation
Router(config-ptp-clk)# end
Verifying ToD Configuration on the 1588V2 Master
This example helps you verify the ToD configuration for 1588V2 Master.
Router# show ptp clock runn dom 0
PTP Ordinary Clock [Domain 0]
State Ports Pkts sent Pkts rcvd
Name Tx Mode Role Transport State Sessions
MASTER unicast master To3/1/2 - 1
MASTER [To3/1/2] [Sessions 1]
Peer addr Pkts in Pkts out In Errs Out Errs
Use the show platform ptp tod all command to display the sample output.
Router# show platform ptp tod all
--------------------------------
ToD/1PPS Info for SPA 3/1
--------------------------------
ToD CLOCK : Mon Aug 30 09:36:47 UTC 2010
Configuring ToD on 1588V2 Slave
These commands are used to configure ToD on the 1588V2 slave:
|
|
Router(config-ptp-clk)# tod <slot>/<subslot> <Cisco/ntp/ubx> |
Configures ToD on 1588V2. |
Router(config-ptp-clk)# output 1pps <slot>/<subslot> |
Provides the output from the slave. |
This example shows the ToD configuration on the 1588V2 slave:
Router(config)# ptp clock ordinary domain 0
Router(config-ptp-clk)# tod 3/3 cisco
Router(config-ptp-clk)# output 1pps 3/3
Router(config-ptp-clk)# clock-port SLAVE slave
Router(config-ptp-clk)# transport ipv4 unicast interface Gi3/3/1 negotiation
Router(config-ptp-clk)# clock source 1.1.1.1
Router(config-ptp-clk)# end
Verifying ToD Configuration on the 1588V2 Slave
This example helps you verify the ToD configuration on the1588V2 slave.
Router# show ptp clock runn dom 0
PTP Ordinary Clock [Domain 0]
State Ports Pkts sent Pkts rcvd
Name Tx Mode Role Transport State Sessions
SLAVE unicast slave To3/1/2 - 1
SLAVE [To3/1/2] [Sessions 1]
Peer addr Pkts in Pkts out In Errs Out Errs
Use the show platform ptp tod all command to display the sample output.
Router# show ptp clock runn dom 0
PTP Ordinary Clock [Domain 0]
State Ports Pkts sent Pkts rcvd
PHASE_ALIGNED 1 21428 109772
Name Tx Mode Role Transport State Sessions
SLAVE unicast slave To3/1/2 - 1
SLAVE [To3/1/2] [Sessions 1]
Peer addr Pkts in Pkts out In Errs Out Errs
Router# show platform ptp tod all
--------------------------------
ToD/1PPS Info for SPA 3/1
--------------------------------
ToD CLOCK : Mon Aug 30 09:52:08 UTC 2010
--------------------------------
Configuring Boundary Clock for 2-Port Gigabit Synchronous Ethernet SPA on Cisco 7600 SIP-400
Use the following configuration to configure the 2-Port Gigabit Synchronous Ethernet SPA on the Cisco SIP-400:
ptp clock boundary domain 0
transport ipv4 unicast interface To2/0/2 negotiation
clock source 133.133.133.133
transport ipv4 unicast interface Top2/0/2 negotiation
Configuring Network Clock for 2-Port Gigabit Synchronous Ethernet SPA on Cisco 7600 SIP-400
The 2-Port Gigabit Synchronous Ethernet SPA supports time, phase and frequency awareness through Ethernet networks. The 2-Port Gigabit Synchronous Ethernet SPA on the Cisco SIP-400 enables clock selection and translation between the various clock frequencies. If the 2-Port Gigabit Synchronous Ethernet SPA interoperates with devices that do not support synchronization, synchronization features can be disabled or partially enabled to maintain backward compatibility.
The network clock can be configured in global configuration mode and interface configuration mode:
Configuring Network Clock in Global Configuration Mode
Use the following commands to configure the 2-Port Gigabit Synchronous Ethernet SPA on the Cisco SIP-400:
|
|
Router(config)# [no] network-clock synchronization automatic |
Enables G.781 based automatic clock selection process. G.781 is the ITU-T Recommendation that specifies the synchronization layer functions. |
Router(config)# [no] network-clock eec {1 | 2} Example Router(config)# network-clock eec 1 |
Configures the clocking system hardware with the desired parameters. These are the options:
- For option 1, the default value is EEC-Option 1 (2048).
- For option 2, the default value is EEC-Option 2 (1544).
|
Router(config)#[no] network-clock synchronization ssm option {1| 2 {GEN1 | GEN2}} Example Router(config)#network-clock synchronization ssm option 2 GEN1 |
Configures the router to work in a synchronized network mode as described in G.781. The following are the options:
- Option 1: refers to synchronization networks designed for Europe (SDH/ E1 framings are compatible with this option).
- Option 2: refers to synchronization networks designed for the US (SONET/T1 framings are compatible with this option).
The default option is 1 and while choosing option 2, you need to specify the second generation message (GEN2) or first generation message (GEN1).
Note Network-clock configurations that are not common between options need to be configured again. |
Router(config)#[no] network-clock synchronization mode QL-enabled |
Configures the automatic selection process for quality level QL-enabled mode. Note QL-enabled mode succeeds only if there are any synchronization interfaces that are capable of sending SSM. |
Router(config)#[no] esmc process |
Enables or disables the ESMC process at system level. Note This command fails if there is no SyncE capable interface installed in the platform. |
Router(config)#network-clock hold-off {0 | <50-10000>} global Example Router(config)#network-clock hold-off 75 global |
Configures general hold-off timer in milliseconds. The default value is 300 milliseconds. Note Displays a warning message for values below 300 ms and above 1800 ms. |
Router(config)#network-clock external <slot/card/port> hold-off {0 | <50-10000>} Example Router(config)#network-clock external 3/1/1 hold-off 300 |
Overrides hold-off timer value for external interface. Note Displays a warning message for values above 1800 ms, as waiting longer causes the clock to go into the holdover mode. |
Router(config)#network-clock wait-to-restore <0-86400> global Example Router(config)#network-clock external wait-to-restore 1000 global |
Sets the value for the wait-to-restore timer globally. The wait to restore time is configurable in the range of 0 to 86400 seconds. The default value is 300 seconds.
Caution Ensure that you set the wait-to-restore values above 50 seconds to avoid a timing flap.
|
Router(config)# [no] network-clock input-source <priority> {interface <interface_name> <slot/card/port> | top <slot/card/port/session> | {external <slot/card/port> [t1 {sf | efs | d4} | e1 [crc4| fas| cas [crc4] | 2m | 10m]}} Example Router(config)# network-clock input-source 23 top 2/0/1/3 Example for GPS interface Router(config)# network-clock input-source 1 external 3/0/0 10m |
Configures a clock source line interface, an external timing input interface, GPS interface, or a packet-based timing recovered clock as the input clock for the system and defines its priority. Priority is a number between 1 and 250. This command also configures the type of signal for an external timing input interface. These signals are:
- T1 with Standard Frame format or Extended Standard Frame format.
- E1 with or without CRC4
- 2 MHz signal
- Default for Europe or Option I is e1 crc4 if the signal type is not specified.
- Default for North America or Option II is t1 esf if signal type is not specified.
Note The no version of the command reverses the command configuration, implying that the priority has changed to undefined and the state machine is informed. |
Router(config)#[no] network-clock revertive |
Specifies whether or not the clock source is revertive. Clock sources with the same priority are always non-revertive. The default value is non-revertive. In non-revertive switching, a switch to an alternate reference is maintained even after the original reference recovers from the failure that caused the switch. In revertive switching, the clock switches back to the original reference after that reference recovers from the failure, independent of the condition of the alternate reference. |
Router(config)#network-clock quality-level {tx | rx} <value> {interface <interface name> <slot/card/port> | external <slot/card/port> | controller <slot/card/port>} Example Router(config)# network-clock quality-level rx QL-PRC external 4/0/0 e1 crc4 |
Specifies the QL value for line or external timing input or output. The value is based on a global interworking Option.
- If Option 1 is configured, the available values are QL-PRC, QL-SSU-A, QL-SSU-B, QL-SEC, and QL-DNU.
- If Option 2 is configured with GEN 2, the available values are QL-PRS, QL-STU, QL-ST2, QL-TNC, QL-ST3, QL-SMC, QL-ST4 and QL-DUS.
- If option 2 is configured with GEN1, the available values are QL-PRS, QL-STU, QL-ST2, QL-SMC, QL-ST4 and QL-DUS
|
Router(config)#network-clock output-source line <priority> {interface <interface_name> | controller {t1 | e1} <slot/card/port>} {external <slot/card/port> [t1 {sf | efs | d4} | e1 [crc4| fas| cas [crc4] | 2m | 10m] } Example Router(config)# network-clock output-source line 1 interface GigabitEthernet3/0/0 |
Transmits the line clock sources to external timing output interfaces. Note A line can be configured to be the output source for only one external interface. This command provides the station clock output as per G.781. We recommend that you use the interface level command instead of global commands. Global command should preferably be used for interfaces that do not have an interface sub mode. For more information on configuring network clock in interface level mode, see Configuring Network Clock in Interface Configuration Mode. |
Router(config)#network-clock output-source system <priority> {external <slot/card/port> [t1 {sf | efs | d4} | e1 [crc4| fas| cas [crc4] | 2m | 10m] } Example Router(config)#network-clock output-source system 55 external 3/0/1 t1 efs |
Allows transmitting the system clock to external timing output interfaces. This command provides station clock output as per G.781. We recommend that you use the interface level command instead of global commands. Global command should preferably be used for interfaces that do not have an interface sub mode. For more information on configuring network clock in interface level mode, see Configuring Network Clock in Interface Configuration Mode. |
Router(config)#[no] network-clock synchronization participate <slot number> Example Router(config)# [no] network-clock synchronization participate 2 |
Enables or disables a slot from participating in network-clock algorithm. By default all slots are participating slots. Note A slot cannot be disabled from participation if it's primary source, secondary source, or system to external is valid. |
Configuring Network Clock in Interface Configuration Mode
Use the following commands in the interface configuration mode to configure the network clock and timers on the Cisco 7600 SIP-400, 2-Port Gigabit Synchronous Ethernet SPA.
|
|
Router(config-if)#[no] clock cleanup bits <slot> <subslot> [t1 {sf | esf} | e1 crc4 | 2m | japan] Example: Router(config-if)#clock cleanup bits 2/0 t1 esf |
Enables or disables clock clean up on 2-Port Gigabit Synchronous Ethernet SPA. |
Router(config-if)#clock source {internal | line| loop} Example: Router(config-if)#clock source internal |
Sets the clock source on the interface to:
- Line: The system clock selection process selects the clock source line as the interface and uses the system clock for TX.
- Internal: The system clock selection process does not select clock source as the interface but it uses the system clock for TX.
- Loop: The system clock selection process selects the clock source line as the interface. For TX clock the interface uses the clock source received on the same interface.
Note By default, the clock source on the interface is set to internal. |
Router(config-if)#synchronous mode |
Configures the ethernet interface to synchronous mode and this automatically enables the ESMC and Quality Level process on the interface. Note This command is applicable to Synchronous Ethernet capable interfaces. The default value is asynchronous mode. |
Router(config-if)#esmc mode [tx | rx |<cr>] Example: Router(config-if)# esmc mode tx |
Enables or disables ESMC process on the interface. Note If the interface is configured as line source but does not receive ESMC message from peer node on the interface, then the interface is removed from selectable clock source list. By default this is enabled for synchronous mode and disabled for asynchronous mode. Note This command is not supported for non-synchronous ethernet interfaces. |
Router(config-if)#network-clock source quality-level <value> {tx | rx} Example: Router(config-if)# network-clock source quality-level QL-PRC |
The command forces QL value to local clock selection process and it is considered by the clock selection process as a value from network. The value is based on global interworking Option.
- If Option 1 is configured, the available values are QL-PRC, QL-SSU-A, QL-SSU-B, QL-SEC, and QL-DNU.
- If Option 2 is configured with GEN 2, the available values are QL-PRS, QL-STU, QL-ST2, QL-TNC, QL-ST3, QL-SMC, QL-ST4 and QL-DUS.
- If option 2 is configured with GEN1, the available values are QL-PRS, QL-STU, QL-ST2, QL-SMC, QL-ST4 and QL-DUS
|
Router(config-if)#network-clock hold-off <0 | 50-10000> Example: Router(config-if)#network-clock hold-off 1000 |
Configures hold-off timer for interface. The default value is 300 milliseconds. |
Router(config-if)#[no] network-clock wait-to-restore <0-86400> Example: Router(config-if)#network-clock wait-to-restore 1000 |
Configures the wait-to-restore timer on the SyncE interface.
Caution Ensure that you set the wait-to-restore values above 50 seconds to avoid timing flap.
|
Router(config-if)# [no] esmc mode ql-disabled |
Disables the quality level mode. The default mode for synchronous ethernet is ql-enabled. Note This command is not supported for non-synchronous ethernet interfaces. |
Managing Synchronization
You can manage the synchronization using the following management commands:
|
|
Router(config)# network-clock set lockout {interface interface_name slot/card/port | external slot/card/port} Example: Router(config)#network-clock set lockout interface tenGigabitEthernet 7/1 Router(config)#network-clock clear lockout interface tenGigabitEthernet 7/1 |
Locks out a clock source. A clock source flagged as lock-out is not selected for SyncE. To clear the lock-out on a source, use network-clock clear lockout {interface interface_name slot/card/port | external slot/card/port} command. Note Lockout takes precedence over force switch and force switch overrides the manual switch. |
Router(config)# network-clock switch force {interface interface_name slot/card/port | external slot/card/port} Example: Router(config)#network-clock switch force interface tenGigabitEthernet 7/1 t1 |
Forcefully selects a synchronization source irrespective of whether the source is available and is within the range. |
Router(config)# network-clock switch manual {interface interface_name slot/card/port | external slot/card/port} Example: Router(config)#network-clock switch manual interface tenGigabitEthernet 7/1 t1 |
Manually selects a synchronization source, provided the source is available and is within the range. |
Router(config)# network-clock clear switch {t0 | external <slot/card/port> [10m | 2m]} Example: Router(config)#network-clock clear switch t0 |
Clears the forced switch and manual switch commands. |
Sample configuration
Example 13-1 Configuration for QL-enabled mode clock selection.
network-clock synchronization automatic
network-clock synchronization mode QL-enabled
network-clock input-source 1 interface TenGigabitEthernet12/1
network-clock input-source 1 interface ATM6/0/0
interface TenGigabitEthernet12/1
Example 13-2 Configuration for Line to External
network-clock synchronization automatic
network-clock synchronization mode QL-enabled
network-clock input-source 1 External 3/0/0
network-clock output-source line 1 interface GigabitEthernet3/0/0 External 3/0/0 e1 crc4
interface GigabitEthernet3/0/0
Example 13-3 Configuration for Hybrid Mode Clock Selection
network-clock synchronization automatic
network-clock input-source 1 interface ToP3/0/2
network-clock quality-level rx QL-PRC interface ToP3/0/2
Example 13-4 GPS Configuration
network-clock input-source 1 External 3/0/0 10m
network-clock input-source 1 External 3/0/0 10m
Verifying the Synchronous Ethernet configuration
Use the show network-clock synchronization command to display the sample output.
Router#show network-clocks synchronization
Symbols: En - Enable, Dis - Disable, Adis - Admin Disable
* - Synchronization source selected
# - Synchronization source force selected
& - Synchronization source manually switched
Automatic selection process : Enable
Equipment Clock : 2048 (EEC-Option1)
T0 : TenGigabitEthernet12/1
Hold-off (global) : 300 ms
Wait-to-restore (global) : 300 sec
Interface SigType Mode/QL Prio QL_IN ESMC Tx ESMC Rx
Internal NA NA/Dis 251 QL-SEC NA NA
*Te12/1 NA Sync/En 1 QL-PRC - -
AT6/0/0 NA NA/En 1 QL-SSU-A NA NA
Use the show network-clock synchronization detail command to display all details of network-clock synchronization parameters at the global and interface levels.
Router# show network-clocks synchronization detail
Symbols: En - Enable, Dis - Disable, Adis - Admin Disable
* - Synchronization source selected
# - Synchronization source force selected
& - Synchronization source manually switched
Automatic selection process : Enable
Equipment Clock : 2048 (EEC-Option1)
T0 : TenGigabitEthernet12/1
Hold-off (global) : 300 ms
Wait-to-restore (global) : 300 sec
Number of synchronization sources: 2
sm(netsync NETCLK_QL_ENABLE), running yes, state 1A
Last transition recorded: (sf_change)-> 1A (ql_change)-> 1A (sf_change)-> 1A (ql_change)-> 1A (ql_change)-> 1A (sf_change)-> 1A (ql_change)-> 1A (sf_change)-> 1A (sf_change)-> 1A (ql_change)-> 1A
Interface SigType Mode/QL Prio QL_IN ESMC Tx ESMC Rx
Internal NA NA/Dis 251 QL-SEC NA NA
*Te12/1 NA Sync/En 1 QL-PRC - -
AT6/0/0 NA NA/En 1 QL-SSU-A NA NA
---------------------------------------------
Local Interface: Internal
QL Transmit Configured: -
Mode: Synchronous(Ql-enabled)
QL Transmit Configured: -
QL Transmit Configured: -
Use the show interface accounting command to display the sample output.
Router#show interfaces tenGigabitEthernet 12/1 accounting
Protocol Pkts In Chars In Pkts Out Chars Out
ESMC 3246 194760 7099 823484
Use the show esmc command to display the sample output.
Interface: TenGigabitEthernet12/1
Administative configurations:
ESMC Information rate: 1 packet/second
Interface: TenGigabitEthernet12/2
Administative configurations:
ESMC Information rate: 1 packet/second
Use the show esmc detail command to display all details of esmc parameters at the global and interface levels.
Interface: TenGigabitEthernet12/1
Administative configurations:
ESMC Information rate: 1 packet/second
ESMC Tx interval count: 1
Interface: TenGigabitEthernet12/2
Administative configurations:
ESMC Information rate: 1 packet/second
ESMC Tx interval count: 1
Troubleshooting the Synchronous Ethernet configuration
The following debug commands are available for troubleshooting the Synchronous Ethernet configuration on the Cisco 7600 ES+ Line Card:
|
|
debug platform ssm |
Debugs issues related to SSM such as Rx, Tx,QL values and so on. |
debug platform network-clock |
Debugs issues related to network clock such as alarms, OOR, active-standby sources not selected correctly and so on. |
debug esmc error debug esmc event debug esmc packet [interface <interface name>] debug esmc packet rx [interface <interface name>] debug esmc packet tx [interface <interface name>] |
Verifies whether the ESMC packets are transmitted or received with proper quality level values. |
Troubleshooting Scenarios
Note
Before you troubleshoot, ensure that all the network clock synchronization configurations are complete.
Table 13-2 provides the troubleshooting scenarios encountered while configuring the synchronous ethernet.
Table 13-2 Troubleshooting scenarios
|
|
Incorrect clock limit set or disabled queue limit mode |
- Verify that there are no alarms on the interfaces. Use the show network-clock synchronization detail RP command to confirm.
Warning We suggest you do not use these debug commands without TAC supervision.
- Use the show network-clock synchronization command to confirm if the system is in revertive mode or non-revertive mode and verify the non-revertive configurations as shown in this example:
RouterB#show network-clocks synchronization Symbols: En - Enable, Dis - Disable, Adis - Admin Disable NA - Not Applicable - Synchronization source selected # - Synchronization source force selected & - Synchronization source manually switched Automatic selection process : Enable Equipment Clock : 1544 (EEC-Option2) Clock Mode : QL-Enable ESMC : Enabled SSM Option : GEN1 T0 : POS3/1/0 Hold-off (global) : 300 ms Wait-to-restore (global) : 0 sec Tsm Delay : 180 ms Revertive : Yes<<<<If it is non revertive then it will show NO here. Nominated Interfaces Interface SigType Mode/QL Prio QL_IN ESMC Tx ESMC Rx Internal NA NA/Dis 251 QL-ST3 NA NA SONET 3/0/0 NA NA/En 3 QL-ST3 NA NA *PO3/1/0 NA NA/En 1 QL-ST3 NA NA |
|
SONET 2/3/0 NA NA/En 4 QL-ST3 NA NA |
|
- Reproduce the current issue and collect the logs using the debug network-clock errors, debug network-clock event, and debug network-clock sm RP commands.
Warning We suggest you do not use these debug commands without TAC supervision.
- Contact Cisco technical support if the issue persists.
|
Incorrect quality level (QL) values when you use the show network-clock synchronization detail command. |
- Use the network clock synchronization SSM ( option 1 |option 2) command to confirm that there is no framing mismatch. Use the show run interface command to validate the framing for a specific interface. For the SSM option 1 framing should be SDH or E1 and for SSM option 2, it should be SONET or T1.
- Reproduce the issue using the debug network-clock errors, debug network-clock event and debug platform ss m RP commands or enable the debug hw-module subslot command (this command is specific to SIP-400).
Warning We suggest you do not use these debug commands without TAC supervision.
|
Error message “%NETCLK-6-SRC_UPD: Synchronization source SONET 2/3/0 status (Critical Alarms(OOR)) is posted to all selection process" displayed. |
- Interfaces with alarms or OOR cannot be the part of selection process even if it has higher queue limit or priority. Use the debug platform network-clock RP command to troubleshoot network clock issues.
- Reproduce the issue using the debug platform network-clock command enabled in a route processor or enable the debug network-clock event and debug network-clock errors RP commands.
Warning We suggest you do not use these debug commands without TAC supervision.
|
|
|
Incorrect clock limit set or disabled queue limit mode |
- Verify that there are no alarms on the interfaces. Use the show network-clock synchronization detail RP command to confirm.
Warning We suggest you do not use these debug commands without TAC supervision.
- Use the show network-clock synchronization command to confirm if the system is in revertive mode or non-revertive mode and verify the non-revertive configurations as shown in this example:
RouterB#show network-clocks synchronization Symbols: En - Enable, Dis - Disable, Adis - Admin Disable NA - Not Applicable - Synchronization source selected # - Synchronization source force selected & - Synchronization source manually switched Automatic selection process : Enable Equipment Clock : 1544 (EEC-Option2) Clock Mode : QL-Enable ESMC : Enabled SSM Option : GEN1 T0 : POS3/1/0 Hold-off (global) : 300 ms Wait-to-restore (global) : 0 sec Tsm Delay : 180 ms Revertive : Yes<<<<If it is non revertive then it will show NO here. Nominated Interfaces Interface SigType Mode/QL Prio QL_IN ESMC Tx ESMC Rx Internal NA NA/Dis 251 QL-ST3 NA NA SONET 3/0/0 NA NA/En 3 QL-ST3 NA NA *PO3/1/0 NA NA/En 1 QL-ST3 NA NA |
|
SONET 2/3/0 NA NA/En 4 QL-ST3 NA NA |
Configuring EtherChannels
An EtherChannel bundles individual Ethernet links into a single logical link that provides the aggregate bandwidth of up to eight physical links.
Note
EtherChannel is only supported on the 10-Port Gigabit Ethernet SPA and the 1-Port 10-Gigabit Ethernet SPA on the Cisco 7600 SIP-600. EtherChannel is not supported on the Cisco 7600 SIP-400 or on a Fast Ethernet SPA on the Cisco 7600 SIP-200.
For additional information on EtherChannels, see the “Configuring EtherChannels” section in the “Configuring Layer 3 and Layer 2 EtherChannel” chapter of the Cisco 7600 Series Router Cisco IOS Software Configuration Guide publication that corresponds to your Cisco IOS software release.
Configuring Virtual Private LAN Service (VPLS) and Hierarchical VPLS
VPLS enables geographically separate LAN segments to be interconnected as a single bridged domain over a packet switched network, such as IP, MPLS, or a hybrid of both bridging techniques.
VPLS with EoMPLS uses an MPLS-based provider core, where the PE routers have to cooperate to forward customer Ethernet traffic for a given VPLS instance in the core. VPLS uses the provider core to join multiple attachment circuits together to simulate a virtual bridge that connects the multiple attachment circuits together. From a customer point of view, there is no topology for VPLS. All of the CE devices appear to connect to a logical bridge emulated by the provider core.
For VPLS and hierarchical virtual private LAN service (H-VPLS) configuration guidelines, restrictions, and feature compatibility tables, see the “Configuring Virtual Private LAN Service” section.
Note
H-VPLS is not available on Fast Ethernet SPAs.
Configuring Connectivity Fault Management (CFM)
A Metro Ethernet network consists of networks from multiple operators supported by one service provider and connects multiple customer sites to form a virtual private network (VPN). Networks provided and managed by multiple independent service providers have restricted access to each others equipment. Because of the diversity in these multiple-operator networks, failures must be isolated quickly. As a Layer 2 network, Ethernet needs to be capable of reporting network faults at Layer 2.
IEEE 802.3ah is a point-to-point and per physical wire OAM protocol that detects and isolates connectivity failures in the network.
Ethernet Connectivity Fault Management (CFM) is an end-to-end per-service-instance Ethernet layer Operation, Administration, and Management (OAM) protocol. It includes proactive connectivity monitoring, fault verification, and fault isolation for large Ethernet metropolitan-area and wide-area networks (MANs and WANs). See the Ethernet Connectivity Fault Management document for more information on this feature.
CFM includes a family of protocols that provides capabilities to detect, verify, isolate, and report end-to-end Ethernet connectivity faults. The protocols employ regular Ethernet frames that travel in-band with the customer traffic. Devices that cannot interpret CFM Messages forward them as normal data frames. CFM frames are distinguishable by Ether-Type 89-02 (and MAC Address for multicast messages). This technology was standardized by the IEEE standard 802.1ag-2007.
Connectivity Fault Management (CFM) is the indispensable capability service providers require to deploy large-scale multi-vendor Metro Ethernet services. This feature upgrades the implementation of CFM to be compliant with the IEEE 802.1ag with the current standard, 802.1ag-2007 and implementation of CFM over L2VFI (Layer 2 Virtual Forwarding Instance Information), Xconnect, EVC, and Switchport.
IEEE 802.1ag draft 8.1 Metro Ethernet Connectivity Fault Management (CFM) incorporates several OAM facilities that allow you to manage Metro Ethernet networks, including an Ethernet continuity check, end-to-end ethernet traceroute facilty using Linktrace message (LTM), Linktrace reply (LTR), ethernet ping facility using Loopback Message (LBM), and a Loopback Reply (LBR). These Metro Ethernet CFM protocol elements quickly identifies problems in the network.
CFM Concepts
An understanding of the following concepts is essential for configuring the CFM for Cisco 7600:
- A maintenance domain (MD) is an administrative domain used to manage and administer a network. A Domain is assigned a unique maintenance level, in the range of 0 to 7, by the administrator. This maintenance level is useful for defining the hierarchical relationship of domains. Maintenance Domains may nest or touch, but cannot intersect. For two nested domains, the outer domain must have a higher maintenance level than the one it engulfs. A maintenance domain is defined by provisioning bridge ports are interior to the domain.
- A Maintenance Association (MA) identifies a service that can be uniquely identified within the maintenance domains. The CFM protocol runs within a particular Maintenance Association
- Maintenance association end points (MEPs) reside at the edge of the maintenance domains and are active elements of Ethernet CFM. They periodically transmit messages to and receive messages from other MEPs within a domain.
- Maintenance domain intermediate points (MIPs) are internal to the maintenance domain and are passive elements of Ethernet CFM. They catalog information received from MEPs, and only respond to particular CFM messages
- Protocols (Continuity Check, Loopback, and Linktrace) that are used to manage faults.
–
Continuity Check Messages (CCM) are multicast heart-beat messages exchanged periodically between maintenance association End Points. They allow Maintenance association End Points to discover other Maintenance association End Points within a Maintenance Association, and allow Maintenance association Intermediate Points to discover Maintenance association End Points. They are transmitted frequently enough so that consecutive message can be lost without causing the information to time out in any of the receiving Maintenance association End Points.
–
Link Trace or Traceroute Messages (LTM) are multicast messages that are intercepted at the Maintenance Points along the path and processed, and either retransmitted or dropped. Each hop where there is a Maintenance Point at the same level, an LTR message transmits back to the originating MEP. It is similar in concept to IP Traceroute.
–
Loopback Messages are sent by MEPs to indicate whether or not the destination is reachable. Loopback does not allow hop-by-hop discovery of the path. Loopback messages are destined for unicast addresses
- Fault alarms are unsolicited notifications generated when CFM detects a fault in a Maintenance Association and alert the system administrator.
- Y.1731 is an ITU-T standard that extends support for Ethernet loopback, multicast loopback, AIS, maintenance communication channel and performance measurements to the CFM frame format.
The following table highlights the support for Y1731 Loopback for SIP-600 on 7600 platform:
|
|
VLAN LCK |
Supported |
PORT LCK |
Supported |
EEP LCK |
Not Supported |
VLAN LCK on L2 PC |
Not Supported |
EFP LCK on EVC PC |
Not Supported |
VLAN LCK on L3 PC |
Not Supported |
PORT LCK on L2/L3/EVC PC |
Not Supported |
PORT LCK on L2/L3/EVC PC member |
Not Supported |
VLAN/EFP LCK on L2/L3/EFP PC member |
Not Supported |
EFP LCK on xconnect |
Not Supported |
LCK on VFI MEP |
Not Supported |
For more information on CFM, see Cisco IOS Carrier Ethernet Configuration Guide, Release 12.2SR at
http://www.cisco.com/en/US/docs/ios-xml/ios/cether/configuration/12-2sr/ce-elmi.html
For more information about the commands used in this section, see Cisco IOS Ethernet Command Reference guide at http://www.cisco.com/en/US/docs/ios/cether/command/reference/ce_book.html
Ethernet CFM Support on Cisco 7600 SIP Line Cards
The following guidelines apply to the Cisco 7600 series routers SIP line cards:
- Ethernet SPAs on SIP-400 cannot be configured as switchport..
- SIP-400 only supports CFM D8.1 over routed ports and L2 VFI.
- SIP-600 supports CFM D8.1 over switchports and routed ports.
- SIP-200 does not support CFM D8.1.
- CFM D8.1 QinQ configuration is not supported on sub- interface.
- Ping and traceroute do not work with OFM on supervisor and LAN ports.
- With lower CC intervals, CC packets are transmitted in bursts. Rate-limiters should be configured appropriately; otherwise, remote MEPs may flap.
- Port-mep ping and traceroute for Meps on trunk port native vlans, fails. This will work only on ES-20 and ES-40 LCs..
- 802.3ah E-OAM-The remote-loopback TEST status is not retained across switchovers and works with longer OAM timeout value greater than 10 secs.
- CFM D1.0 to D8.1 Migration works with reduced scale of 2k MEPs on routed ports.
- Null Maintenance Domain name is not supported
- You must explicitly configure Maintenance Associations that have services for VLAN for devices that have MPs. This is not required for EVC since the EVC name is used for MA implicitly
- Port Maintenance End Point is not supported for MEPs with no VLANs
- You cannot configure MIPs at a lower or an equal level to a MEP on port
- Scheduled linktrace is not supported
- Multiple domains with the same level can be configured, that is, different domain names at the same maintenance level. Associating a single domain name with multiple maintenance levels is not supported.
- Routed (Layer 3) ports may only have outward facing MEPs; no MIPs are allowed. MIP configuration on a routed port will be rejected and an error message will be generated.
- Configuring a MEP on an interface with a level higher than the MIP level will generate an error message.
- A single interface may belong to multiple domains, configuring multiple instances of the ethernet cfm mep level command for different domains is supported.
- A specified domain must be configured or an error message will be displayed.
- If an interface is provisioned to be a MIP for a certain maintenance level, and MEP is configured for a VLAN on the same level, an error message will be displayed.
- If the VLAN for which a MEP is configured gets removed from an interface, the MEP configuration will be removed as well, since the definition of the MEP is tied to the VLAN.
- Hardware EoMPLS is not supported.
Supported Line Cards
CFM is disabled by default; it must be enabled explicitly. Use the [no] ethernet cfm global command to enable or disable CFM D8.1 feature on the following line cards:
- ES20 and ES40:Switchports, routed ports, EVC BD and and Layer 2 Virtual Forwarding Instance (L2VFI). Refer to the Cisco 7600 Series Ethernet Services 20G Line Card Configuration Guide
- SIP400:Routed ports, and Layer 2 Virtual Forwarding Instance ( L2VFI).
- SIP600:Switchports, and routed ports.
Configuring Maintenance Domains and Maintenance Points
This section describes configuring maintenance domains and maintenance points.
Configuring the Ethernet Domain
Use the following command to configure the Ethernet domain:
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
ethernet cfm domain domain-name level 0 to 7 direction outward
DETAILED STEPS
|
|
enable
|
Enables privileged EXEC mode.
- Enter your password if prompted.
|
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Router(config)# ethernet cfm domain domain-name level 0 to 7 direction outward Example Router(config)# ethernet cfm domain domain1 level 5 direction outward |
Defines a CFM Maintenance domain at a particular maintenance level. It sets the router into config-ether-cfm configuration mode, where parameters specific to the maintenance domain can be set.
- Direction outward (optional)—Specifies the domain direction. Specifying a domain as outward allows for the creation of multiple outward domains at the same level containing an overlapping set of vlans. The set of vlans in an outward domain can also overlap with inward domains. Note that the set of vlans between inward domains at the same level must still be unique.
|
Configuring Maintenance Points
To set a port as internal to a maintenance domain and define it as a MEP, use the following command.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
interface interface
4.
ethernet cfm mep level 0 to 7 inward | outward domain-name mpid id vlan vlan-id | any | vlan-id - vlan-id vlan-id - vlan-id
DETAILED STEPS
\
|
|
enable
|
Enables privileged EXEC mode.
- Enter your password if prompted.
|
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Router(config)# interface interface Example Router(config)# interface interface1 |
Enters the interface configuration mode |
Router(config-interface)# ethernet cfm mep level 0 to 7 inward | outward domain-name mpid id vlan vlan-id | any | vlan-id - vlan-id vlan-id - vlan-id Example Router(config-interface1)# ethernet cfm mep level 7 inward domain1 mpid 22718 vlan 32 |
- inward | outward—Indicates the direction of the MEP as either inward (towards the bridge) or outward (towards the wire). The default is inward facing.
- domain-name —A string of maximum length of 256 characters.
- id —A string of maximum length of 256 characters.
- vlan-id —An integer from 1 to 4095.
Note A comma must be entered to separate each VLAN ID range from the next range.
Note Hyphen must be entered to separate the starting and ending VLAN ID values that are used to define a range of VLAN IDs.
|
Configuring CFM in the EVC
Use the commands in the following sections to configure CFM on the EVC.
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
ethernet cfm global
4.
ethernet cfm mip {autocreate|filter}
5.
ethernet cfm mip auto-create level
6.
ethernet cfm mip auto-create level {evc|vlan}
7.
ethernet cfm mip auto-create level evc name
8.
ethernet cfm domain domain level
9.
service {word|number|vlan-id |vpn-id}
10.
service evc {evc|port}
11.
service evc evc name
12.
service evc {direction|vlan}
DETAILED STEPS
|
|
|
Step 1 |
enable
|
Enables privileged EXEC mode.
- Enter your password if prompted.
|
Step 2 |
configure terminal
Router# configure terminal |
Enters global configuration mode. |
Step 3 |
ethernet cfm global
PE1(config)#ethernet cfm global |
Enables CFM globally. |
Step 4 |
ethernet cfm mip {autocreate|filter}
PE1(config)#ethernet cfm mip |
Creates a MaintenanceIntermediate Point (MIP) for every VLAN on an interface using the autocreate or the filter options. Ensure that you have created a domain using the ethernet cfm domain command. If you do not have a domain configured at the same level, the ethernet cfm mip level command is rejected. You cannot configure a MIP at a level lower than the level of already configured maintenance end points (MEPs) on an interface. |
Step 5 |
ethernet cfm mip auto-create level
PE1(config)#ethernet cfm mip auto-create level |
Automatically creates a MIP in the ethernet interface and sets the maintenance level number. The acceptable range of maintenance levels are 0-7. |
Step 6 |
ethernet cfm mip auto-create level {evc|vlan}
PE1(config)#ethernet cfm mip auto-create level 7 evc PE1(config)#ethernet cfm mip auto-create level 7 vlan ? <1-4094> VLAN id |
Sets the EVC or the Vlan values based on the selected option. The acceptable range of vlan values are 1-4094. |
Step 7 |
ethernet cfm domain domain level
PE1(config)#ethernet cfm domain DOMAIN_PROVIDER_L5_1 level 5 |
Defines a connectivity fault management (CFM) maintenance domain at a particular maintenance level and put the command-line interface (CLI) into Ethernet CFM configuration mode (config-ether-cfm), use the ethernet cfm domain level command in global configuration mode. |
Step 8 |
service {word|number|vlan-id|vpn-id}
PE1(config-ecfm)#service vlan100 |
Sets a universally unique ID for a customer service instance (CSI) or the maintenance association number value, primary VLAN ID and VPN ID within a maintenance domain in Ethernet connectivity fault management (CFM) configuration mode. |
Step 9 |
service evc {evc|port}
PE1(config-ecfm)#service vlan100 evc |
Configures a service EVC or port before you configure a maintenance endpoint (MEP) for a domain. |
Step 10 |
service evc evc name
PE1(config-ecfm)#service vlan100 evc vlan100 |
Assigns a unique EVC name. |
Step 11 |
service evc {direction|vlan}
PE1(config-ecfm)#service vlan100 evc vlan100 |
Specifies the service direction and the VLAN range of 1-4094. |
Step 12 |
service evc direction
PE1(config-ecfm)#service vlan100 evc vlan100 direction down |
Sets the LAN direction to DOWN in the evc service instance. |
Sample Configuration
The following example shows the CFM configuration for an EVC interface.
interface GigabitEthernet3/0/10
description connec to CE1 GigabitEthernet0/0
ip arp inspection limit none
no ip address
mls qos trust dscp
ethernet uni id customer1
service instance 1 ethernet evc10
encapsulation dot1q 2
ethernet lmi ce-vlan map 1-10
bridge-domain 2
cfm mep domain L7 mpid 1502
The following example shows CFM configuration over a switchport interface configuration mode.
interface GigabitEthernet3/0/10
switchport
switchport mode trunk
shutdown
mls qos trust dscp
no keepalive
ethernet cfm mep domain L7 mpid 1001 vlan 10
end
The following example shows CFM configuration over a switchport interface configuration mode.
ethernet cfm domain L6 level 6
service xconn evc xconn
Verifying Ethernet CFM Configuration
The following commands can be used to verify CFM configuration:
|
|
Router# show ethernet cfm maintenance-points local [ mep | mip ] [ interface interface-name | domain domain-name | level { 0 to 7 }] |
Displays the local maintenance points configured on the device. Allows filtering of output as follows:
- Displays all maintenance points independent of domain or interface.
- Displays all maintenance points on a particular interface independent of domain
- Displays all maintenance points on a particular interface belonging to a given domain
- Displays all maintenance points belonging to a given domain independent of interface
The display may also be restricted to either MEPs or MIPs.
- domain-name— ( optional) A string of maximum length of 256 characters.
|
The show ethernet cfm maintenance-points local displays the local maintenance points that are configured:
Router# show ethernet cfm maintenance-points local
MPID DomainName Level Type VLAN Port CC-Status MAC
1522 DOMAIN_PROVIDER_L5_1 5 MEP I 2 Et2/0.1 Enabled aabb.cc00.0100
1502 DOMAIN_PROVIDER_L5_1 5 MEP O 2 Et0/0.1 Enabled aabb.cc00.0100
1523 DOMAIN_PROVIDER_L5_1 5 MEP O 3 Et2/0.2 Enabled aabb.cc00.0100
1503 DOMAIN_PROVIDER_L5_1 5 MEP I 3 Et0/0.2 Enabled aabb.cc00.0100
1302 DOMAIN_OPERATOR_L3_1 3 MEP I 2 Et0/0.1 Enabled aabb.cc00.0100
1303 DOMAIN_OPERATOR_L3_1 3 MEP I 3 Et0/0.2 Enabled aabb.cc00.0100
7 MIP Et2/0.2 aabb.cc00.0100
7 MIP Et2/0.1 aabb.cc00.0100
7 MIP Et0/0.2 aabb.cc00.0100
7 MIP Et0/0.1 aabb.cc00.0100
|
|
Router# ping ethernet < mac-address > { domain domain-name | level {0 to 7}} vlan vlan-id [ source mpid ] |
Sends Ethernet CFM loopback messages to the destination MAC address.
- mac-address —MAC Address of remote maintenance point, in the format abcd.abcd.abcd.
- domain-name —A string of maximum. length of 256 characters.
- v lan-id —An integer from 1 to 4095.
|
The ping ethernet command shows loopback messages on the destination MAC address:
Sending 5, 100-byte Ethernet CFM Echoes to <mac-address>, timeout is 2 seconds:
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/4 ms
|
|
Router# show ethernet cfm statistics mpid mpid |
Displays the CFM statistics. Note The mpid is an integer value between 1 and 8191. |
The show ethernet cfm statistics command shows loopback messages on the destination MAC address:
Router-c7606# show ethernet cfm statistics MPID: 100
Last clearing of counters: 00:00:10
Transmitted: 10 Rcvd Seq Errors: 0
Transmitted: 5 Rcvd Seq Errors: 0
Rcvd In Order: 10 Rcvd Bad MSDU: 0
Debugging the Ethernet CFM Configuration
Use the following commands to debug the Ethernet CFM configuration:
|
|
Router# debug ethernet cfm events domain domain-name | vlan vlan-id | evc evc-name |
Enables Ethernet CFM event debugging and provides the capability to filter out debug messages per:
- Maintenance Domain, or
- VLAN, or
- Combination of Maintenance Domain and VLAN, or
- EVC
|
Router# debug ethernet cfm errors |
Enables Ethernet CFM error debugging. |
Router# debug ethernet-cfm packets domain domain-name vlan vlan-id | evc evc-name |
Enables Ethernet CFM message debugging and provides the capability to filter out debug messages per:
- Maintenance Domain, or
- VLAN, or
- Combination of Maintenance Domain and VLAN, or
- EVC
|
Router# debug ethernet cfm all domain domain-name vlan vlan-id | evc evc-name |
Enables all Ethernet CFM debug commands and provides the capability to filter out debug messages per:
- Maintenance Domain, or
- VLAN, or
- Combination of Maintenance Domain and VLAN, or
- EVC
|
Router# debug ethernet cfm diagnostic events | packets cc | filter | lb | lt |
Enables Ethernet CFM diagnostic debugging. These debugging messages may or may not be tied to a particular service-instance, or they may be low-level platform-specific messages. Packet diagnostics are further broken down into the following debugs:
- cc - Continuity Check
- filter - MIP and MEP filtering
- lb - Loopback
- lt - Linktrace
|
Router# debug ethernet-cfm packets domain domain-name vlan vlan-id | evc evc-name |
Enables Ethernet CFM Messages debugging. and provides capability to filter out debug messages per:
- Maintenance Domain, or
- VLAN, or
- Combination of Maintenance Domain and VLAN, or
- EVC
|
Troubleshooting CFM Features
Table 13-3 provides troubleshooting solutions for the CFM features.
Table 13-3 Troubleshooting Scenarios
|
|
When you configure CFM, the message “Match registers are not available” is displayed. |
Use the show platform mrm info command on the SP console to verify the match registers. Based on the derived output, perform these tasks: 1. Check the hardware limitations on the affected ports. 2. Enable CFM across the system to allow co-existence with other protocols. 3. Ensure that no CFM traffic is present in any supervisor or ports. 4. Configure STP mode to Multiple Spanning Tree (MST) and re-enable CFM or disable CFM completely. For more information on match registers, see Ethernet Connectivity Fault Management at http://www.cisco.com/en/US/docs/ios/12_2sr/12_2sra/feature/guide/srethcfm.html. CFM uses two match registers to identify the control packet type and each VLAN spanning tree also uses a match register to identify its control packet type. For both protocols to work on the same system, each line card should support three match registers, and at least one supporting only a 44 bit MAC match. |
CFM configuration errors |
CFM configuration error occurs when when a MEP receives a continuity check with an overlapping MPID. To verify the source of the error, use the command show ethernet cfm errors configuration or show ethernet cfm errors. |
CFM ping and traceroute result is "not found" |
Complete these steps: 1. Use show run ethernet cfm to view all CFM global configurations. 2. Use show ethernet cfm location main to view local MEPs and their CCM statistics 3. Use show ethernet cfm peer meps command to View CFM CCM received from Peer MEPs. 4. Use trace ethernet cfm command to start a CFM trace. |
CFM connectivity is down and issues at the maintenance domain levels |
Use the ping ethernet {mac-address | mpid id | multicast} domain domain-name { vlan vlan-id | port | evc evc-name } or t raceroute ethernet {mac-address | mpid id } domain domain-name { vlan vlan-id | port | evc evc-name } commands to verify ethernet CFM connectivity. Share the output with TAC for further investigation. |
Loop trap error |
Use the show ethernet cfm error command to check for Loop Trap errors as shown here:
CE(config-if)#do sh ethernet cfm err
-------------------------------------------------------------------------------
Level Vlan MPID Remote MAC Reason Service ID
-------------------------------------------------------------------------------
5 711 550 1001.1001.1001 Loop Trap Error OUT
-------------------------------------------------------------------------------
Level Vlan MPID Remote MAC Reason Service ID
-------------------------------------------------------------------------------
5 711 550 1001.1001.1001 Loop Trap Error OUT
|
Module has insufficient match registers |
Complete these steps: 1. Verify and confirm if a unsupported line card is inserted into the router. 2. If yes, perform a OIR to remove the unsupported line card. |
CFM is deactivated |
Complete these steps: 1. Check if all the line cards have free match reagisters. 2. Check if CFM is activated on supervisor cards. CFM is not supported on supervisor cards that has two match registers. In this scenario, CFM is automatically disabled on the SUP ports and enabled on rest of the line cards. |
Configuring Ethernet Operations, Administration, and Maintenance
The Gigabit Ethernet SPAs support OAM as defined by IEEE 802.3ah, Ethernet in the First Mile. IEEE 802.3ah operates on a single point-to-point link between two devices using slow protocol packets called OAM protocol data units (OAMPDUs) that are never forwarded.
IEEE 802.3ah defines five functional areas, of which the Gigabit Ethernet SPAs on the Cisco 7600 series router support the following three:
- OAM discovery—Supports identification of OAM support and capabilities on a peer device.
- Link monitoring—Provides event notification and link information. It also supports polling and response (but not writing) of the 802.3ah MIB.
- Remote failure indication—Supports informing a peer device that the receive path is down. This requires support of unidirectional operation on the link.
Ethernet OAM Configuration Guidelines
When configuring Ethernet OAM on the SPAs, consider the following guidelines:
- See Table 13-4 for information about where the OAM features for SPA interfaces are supported.
- On Gigabit Ethernet links, the unidirectional fault signaling support in OAM and the autonegotiation capabilities of Gigabit Ethernet (IEEE 802.3z) are mutually exclusive. You must disable autonegotiation for OAM fault signaling to be sent over unidirectional links.
- Ethernet OAM requires point-to-point links where OAMPDUs are created and terminated.
- On a 7600 HA system, you have to explicitly set the timeout session to more than 5 seconds. Use the ethernet oam timeout < time > command to configure the timeout session. If the timeout session is less than 5 seconds, the EOAM sessions do not get terminated while switchover.
- When configuring Ethernet OAM interface modes, consider the following guidelines:
–
At least one of the peer interfaces must be in active mode.
–
The peer interfaces either can be both in active mode, or one can be in active mode and the other in passive mode.
–
You can change Ethernet OAM modes without disabling OAM.
- When using templates to configure Ethernet OAM interfaces, consider the following guidelines:
–
If you use a template to configure common or global OAM characteristics and apply it an interface, you can override any of the configuration statements in the template by configuring the same command at the interface with a different value.
–
You can define multiple templates to create different sets of link monitoring characteristics.
–
You can only apply one template to any single Ethernet OAM interface.
Table 13-4 provides information about where the OAM features for SPA interfaces are supported.
Table 13-4 Ethernet OAM Feature Compatibility by SIP and SPA Combination
|
|
|
|
- OAM discovery
- Link monitoring
- Remote failure indication (Dying Gasp only)
|
Not supported. |
In Cisco IOS Release 12.2(33)SRA:
- 2-Port Gigabit Ethernet SPA
|
In Cisco IOS Release 12.2(33)SRA:
- 1-Port 10-Gigabit Ethernet SPA
- 5-Port Gigabit Ethernet SPA
- 10-Port Gigabit Ethernet SPA
|
Remote loopback |
Not supported. |
Not supported. |
Not supported. |
MIB variable retrieval |
Not supported. |
Not supported. |
Not supported. |
Ethernet OAM Configuration Tasks
The following sections describe the Ethernet OAM configuration tasks:
Enabling OAM on an Interface
OAM is disabled on an interface by default. When you enable OAM on an interface, the interface automatically advertises to the remote peer that it supports link monitoring during OAM discovery. Link monitoring support must be agreed upon by the peer interfaces for monitoring to operate across the link.
Once link monitoring support is achieved between the peer interfaces, the interface will start the link monitoring operation, and send event OAMPDUs when errors occur locally, and interpret event OAM PDUs received by the remote peer.
You do not need to explicitly configure link monitoring support, or start the link monitoring operation on the link unless you have previously disabled monitoring support or operation on the interface.
To enable OAM features on a Gigabit Ethernet interface, use the following commands beginning in global configuration mode:
|
|
|
Step 1 |
Router(config)# interface type slot / subslot / port |
Specifies the Ethernet SPA interface, where
Note Ethernet OAM can be defined on a main Gigabit Ethernet interface only—not on subinterfaces. |
Step 2 |
Router(config-if)# ethernet oam [ max-rate oampdus | min-rate num-seconds | mode { active | passive } | timeout seconds ] |
Enables OAM on a Gigabit Ethernet interface, where:
- max-rate oampdus —(Optional) Specifies the maximum number of OAMPDUs that can be sent per second as an integer in the range of 1 to 10. The default is 10.
- min-rate num-seconds —(Optional) Specifies the number of seconds (in the range 1–10) during which at least one OAMPDU must be sent. The default is 1 second.
- mode { active | passive }—(Optional) Specifies the client mode for OAM discovery and link negotiation, where:
– active — Specifies that the interface initiates OAMPDUs for protocol negotiation as soon as the interface becomes active. This is the default. At least one of the OAM peers must be configured in active mode. – passive —Specifies that the interface waits in a listening mode to receive an incoming OAMPDU for protocol negotiation from a peer. The passive interface begins sending OAMPDUs once it receives OAMPDUs from the peer. |
|
|
Note If you configure an interface in passive mode, then you must be sure that the peer is in active mode for successful OAM operation.
- timeout seconds —Specifies the amount of time, in seconds (in the range 2–30), after which a device declares its OAM peer to be nonoperational and resets its state machine. The default is 5 seconds.
|
Enabling and Disabling a Link Monitoring Session
The OAM peer interfaces must establish a link monitoring session before the actual operation of link monitoring can begin. If you have enabled OAM on the interface, and have not explicitly disabled link monitoring support on the interface, then you do not need to explicitly configure link monitoring support on the interface to establish a session.
The ethernet oam link-monitor supported command automatically runs in the background when you configure the ethernet oam interface configuration command. Be sure that at least one of the Ethernet OAM peers is configured for active mode so that a session can be established.
To explicitly configure and enable a link monitoring session on an interface, use the following command in interface configuration mode:
|
|
Router(config-if)# ethernet oam link-monitor supported |
Enables link monitoring support on an Ethernet OAM interface. |
To disable a link monitoring session on an interface, use the following command in interface configuration mode:
|
|
Router(config-if)# no ethernet oam link-monitor supported |
Disables link monitoring support on an Ethernet OAM interface. |
Starting and Stopping Link Monitoring Operation
If a link monitoring session is established among the Ethernet OAM peer interfaces, then sending and receiving of Event Notification OAMPDUs can begin between the peers. This link monitoring operation across the link automatically starts when you enable OAM on the interface.
The ethernet oam link-monitor on command automatically runs in the background when you configure the ethernet oam interface configuration command.
You can stop and restart the operation of link monitoring (or, the sending and receiving of Event Notification OAMPDUs on a link). Stopping link monitoring operation is not the same thing as disabling link monitoring support. When you stop link monitoring operation, the interface is still configured to support link monitoring with its peer, but just is not actively sending and receiving Event Notification OAMPDUs.
To explicitly configure and start link monitoring operation on an interface, use the following command in interface configuration mode:
|
|
Router(config-if)# ethernet oam link-monitor on |
Starts link monitoring on an Ethernet OAM interface. |
To stop link monitoring operation on an interface, use the following command in interface configuration mode:
|
|
Router(config-if)# no ethernet oam link-monitor on |
Stops link monitoring on an Ethernet OAM interface. |
Configuring Link Monitoring Options
When OAM link monitoring is active, Event Notification OAMPDUs are sent to a remote OAM client when errors are detected locally. You can configure certain windows and thresholds to define when these error event notifications are triggered. If you do not modify the link monitoring options, default values are used for the window periods and low thresholds.
The Gigabit Ethernet SPAs support the following types of error events as defined by IEEE 802.3ah:
- Errored Symbol Period (errored symbols per second)—This event occurs when the number of symbol errors during a specified period exceeds a threshold. These are coding symbol errors (for example, a violation of 4B/5B coding).
- Errored Frame (errored frames per second)—This event occurs when the number of frame errors during a specified period exceeds a threshold.
- Errored Frame Period (errored frames per N frames)—This event occurs when the number of frame errors within the last N frames exceeds a threshold.
- Errored Frame Seconds Summary (errored seconds per M seconds)—This event occurs when the number of errored seconds (one second intervals with at least one frame error) within the last M seconds exceeds a threshold.
Cisco Systems adds the following types of vendor-specific error events:
- Receive CRC (errored frames per second)—This event occurs when the number of frames received with CRC errors during a specified period exceeds a threshold.
- Transmit CRC (errored frames per second)—This event occurs when the number of frames transmitted with CRC errors during a specified period exceeds a threshold.
The link monitoring options can be configured in a global template that can be applied to one or more interfaces, and also can be explicitly configured at the interface.
Specifying Errored Symbol Period Link Monitoring Options
The errored symbol period link monitoring options include the ability to specify the number of symbols to be tracked or counted for errors, and the high and low thresholds for triggering the Errored Symbol Period Link Event.
To specify errored symbol period link monitoring options, use the following commands in interface configuration or template configuration mode:
|
|
Router(config-if)# ethernet oam link-monitor symbol-period window million-symbol-units |
(Optional) Specifies the number of symbols (in the range 1–65535, as a multiple of 1 million symbols) to be included in the error counting according to the specified thresholds. The default window unit is 100, or 100 million symbols. |
Router(config-if)# ethernet oam link-monitor symbol-period threshold low low-symbols |
(Optional) Specifies the low errored symbol threshold as a number of symbol errors (in the range 0–65535). If the number of error symbols in the window period is equal to or greater than low-symbols, then the Errored Symbol Period Link Event will be generated. The default low threshold is 0 symbols. |
Router(config-if)# ethernet oam link-monitor symbol-period threshold high {none | high-symbols } |
(Optional) Specifies the high errored symbol threshold as a number of error symbols (in the range 1–65535). If the number of error symbols in the window period is equal to or greater than high-symbols, then a user defined action will be triggered. There is no default for the high threshold, so you must explicitly configure a value to enable it. For more information about configuring a user-defined action, see “Specifying a High Threshold Action” section. |
Specifying Errored Frame Link Monitoring Options
The errored frame link monitoring options include the ability to specify a period of time during which frame errors are tracked or counted, and the high and low thresholds for triggering the Errored Frame Link Event. The Gigabit Ethernet SPAs on the Cisco 7600 series router count general frame errors, such as CRC errors and corrupted packets, as errored frames.
To specify errored frame link monitoring options, use the following commands in interface configuration or template configuration mode:
|
|
Router(config-if)# ethernet oam link-monitor frame window 100-millisecond-units |
(Optional) Specifies a period of time (in the range 10–600, as a multiple of 100 milliseconds) during which error counting occurs according to the specified thresholds. The default window unit is 10, or 1000 milliseconds. |
Router(config-if)# ethernet oam link-monitor frame threshold low low-frames |
(Optional) Specifies the low error frame threshold as a number of frames (in the range 0–65535). If the number of error frames in the window period is equal to or greater than low-frames, then the Errored Frame Link Event will be generated. The default low threshold is 0 frame errors. |
Router(config-if)# ethernet oam link-monitor frame threshold high {none | high-frames } |
(Optional) Specifies the high error frame threshold as a number of error frames (in the range 1–65535). If the number of error frames in the window period is equal to or greater than high-frames, then a user defined action will be triggered. There is no default for the high threshold, so you must explicitly configure a value to enable it. Use the none keyword to disable the high threshold. For more information about configuring a user-defined action, see “Specifying a High Threshold Action” section. |
Specifying Errored Frame Period Link Monitoring Options
The errored frame period link monitoring options include the ability to specify the number of error frames to be tracked or counted for errors, and the high and low thresholds for triggering the Errored Frame Period Link Event. The Gigabit Ethernet SPAs on the Cisco 7600 series router count general frame errors, such as CRC errors and corrupted packets, as errored frames.
To specify errored frame period link monitoring options, use the following commands in interface configuration or template configuration mode:
|
|
Router(config-if)# ethernet oam link-monitor frame-period window 10000-frame-units |
(Optional) Specifies the number of frames (in the range 1000–65535, as a multiple of 10000 frames) to be included in the error counting according to the specified thresholds. The default window unit is 1000, or 10000000 frames. |
Router(config-if)# ethernet oam link-monitor frame-period threshold low low-frames |
(Optional) Specifies the low error frame threshold as a number of frames (in the range 0–65535). If the number of error frames in the window period is equal to or greater than low-frames, then the Errored Frame Period Link Event will be generated. The default low threshold is 0 frame errors. |
Router(config-if)# ethernet oam link-monitor frame-period threshold high {none | high-frames } |
(Optional) Specifies the high error frame threshold as a number of frames (in the range 1–65535). If the number of error frames in the window period is equal to or greater than high-frames, a user defined action will be triggered. There is no default for the high threshold, so you must explicitly configure a value to enable it. Use the none keyword to disable the high threshold. For more information about configuring a user-defined action, see “Specifying a High Threshold Action” section. |
Specifying Errored Frame Seconds Summary Link Monitoring Options
The errored frame seconds summary link monitoring options include the ability to specify a period of time during which tracking of a number of errored-seconds periods (one-second intervals with at least one frame error) occurs, and the high and low thresholds for triggering the Errored Frames Seconds Summary Link Event.
To specify errored frame seconds summary link monitoring options, use the following commands in interface configuration or template configuration mode:
|
|
Router(config-if)# ethernet oam link-monitor frame-seconds window 100-millisecond-units |
(Optional) Specifies a period of time (in the range 100–9000, as a multiple of 100 milliseconds) during which tracking of an errored-seconds period occurs according to the specified thresholds. The default window unit is 100, or 10000 milliseconds. |
Router(config-if)# ethernet oam link-monitor frame-seconds threshold low low-errored-seconds |
(Optional) Specifies the low errored seconds threshold as a number of errored seconds (in the range 0–900). If the number of errored seconds in the window period is equal to or greater than low-errored-seconds, then the Errored Frame Seconds Summary Link Event will be generated. The default low threshold is 0 error seconds. |
Router(config-if)# ethernet oam link-monitor frame-seconds threshold high {none | high-errored-seconds } |
(Optional) Specifies the high errored seconds threshold as a number of errored seconds (in the range 1–900). If the number of errored seconds in the window period is equal to or greater than high-errored-seconds, then a user defined action will be triggered. There is no default for the high threshold, so you must explicitly configure a value to enable it. Use the none keyword to disable the high threshold. For more information about configuring a user-defined action, see “Specifying a High Threshold Action” section. |
Specifying Receive CRC Link Monitoring Options
The receive CRC link monitoring options include the ability to specify a period of time during which tracking of frames received with CRC occurs, and the high and low thresholds for triggering the error. Receive CRC link monitoring is a Cisco-specific implementation and is only locally significant to the Ethernet OAM interface on the Cisco 7600 series router.
To specify receive CRC link monitoring options, use the following commands in interface configuration or template configuration mode:
|
|
Router(config-if)# ethernet oam link-monitor receive-crc window 100-millisecond-units |
(Optional) Specifies a period of time (in the range 10–1800, as a multiple of 100 milliseconds) during which tracking of frames received with CRC errors occurs according to the specified thresholds. The default window unit is 10, or 1000 milliseconds. |
Router(config-if)# ethernet oam link-monitor receive-crc threshold low low-frames |
(Optional) Specifies the low CRC threshold as a number of frames (in the range 0–65535). If the number of frames received with CRC errors in the window period is equal to or greater than low-frames, then the Receive CRC error will be generated. The default low threshold is 1 frame. |
Router(config-if)# ethernet oam link-monitor receive-crc threshold high {none | high-frames } |
(Optional) Specifies the high CRC threshold as a number of frames (in the range 1–65535). If the number of frames received with CRC errors in the window period is equal to or greater than high-frames, a user defined action will be triggered. There is no default for the high threshold, so you must explicitly configure a value to enable it. Use the none keyword to disable the high threshold. For more information about configuring a user-defined action, see “Specifying a High Threshold Action” section. |
Specifying Transmit CRC Link Monitoring Options
The transmit CRC link monitoring options include the ability to specify a period of time during which tracking of frames transmitted with CRC occurs, and the high and low thresholds for triggering the error. Transmit CRC link monitoring is a Cisco-specific error event and is only locally significant to the Ethernet OAM interface on the Cisco 7600 series router.
To specify transmit CRC link monitoring options, use the following commands in interface configuration or template configuration mode:
|
|
Router(config-if)# ethernet oam link-monitor transmit-crc window 100-millisecond-units |
(Optional) Specifies a period of time (in the range 10–1800, as a multiple of 100 milliseconds) during which tracking of frames received with CRC errors occurs according to the specified thresholds. The default window unit is 10, or 1000 milliseconds. |
Router(config-if)# ethernet oam link-monitor transmit-crc threshold low low-frames |
(Optional) Specifies the low CRC threshold as a number of frames (in the range 0–65535). If the number of frames transmitted with CRC errors in the window period is equal to or greater than low-frames, then the Receive CRC error will be generated. The default low threshold is 1 frame. |
Router(config-if)# ethernet oam link-monitor transmit-crc threshold high {none | high-frames } |
(Optional) Specifies the high CRC threshold as a number of frames (in the range 1–65535). If the number of frames transmitted with CRC errors in the window period is equal to or greater than high-frames, a user defined action will be triggered. There is no default for the high threshold, so you must explicitly configure a value to enable it. Use the none keyword to disable the high threshold. For more information about configuring a user-defined action, see “Specifying a High Threshold Action” section. |
Specifying a High Threshold Action
When you configure high thresholds for OAM link monitoring, you can specify an action to be taken when the high threshold is exceeded.
When configuring high threshold actions, consider the following guidelines:
- There is no default action.
- If you configure a high threshold but do not configure any corresponding action, only a message appears on the syslog and no other action is taken on the interface.
- If you want to associate different high threshold actions for different kinds of link monitoring functions, you can use configuration templates. However, only one configuration template can be applied to any Ethernet OAM interface.
- Only one high threshold action can be configured for any Ethernet OAM interface.
To configure an action when a high threshold for an error is exceeded on an Ethernet OAM interface, use the following command in interface configuration or template configuration mode:
|
|
Router(config-if)# ethernet oam link-monitor high-threshold action { error-disable-interface | failover } |
(Optional) Configures the action when a high threshold error is exceeded, where:
- error-disable-interface —Shuts down the Ethernet OAM interface.
- failover —(EtherChannel interface only) Configures the interface for an automatic failover of traffic from one port in an EtherChannel to another port in the same EtherChannel when one of the ports in the channel exceeds the high error threshold within the specified interval. The port failover only occurs if there is at least one operational port available in the EtherChannel.
The failed port will be put into an error disable state. If the failed port is the last port in the EtherChannel, the port will not be put into an error disable state and continues to pass traffic regardless of the type of errors being received. Single, nonchanneling ports go into the error disable state when the error threshold is exceeded within the specified interval. |
Configuring Remote Failure Indication Actions
When an RFI event occurs locally, the local client sends an Information OAMPDU to its peer with a bit selected that indicates the type of failure. The Gigabit Ethernet SPAs on the Cisco 7600 series router process all of the following types of Remote Failure Indication (RFI) conditions as defined by IEEE 802.3ah:
- Critical Event—This type of RFI is sent when an unspecified critical event has occurred. These events are vendor specific, and the failure indication might be sent immediately and continuously.
- Dying Gasp—This type of RFI is sent when an unrecoverable condition (for example, a power failure) has occurred. The conditions for a dying gasp RFI are vendor specific, and the failure indication might be sent immediately and continuously. The Gigabit Ethernet SPAs on the Cisco 7600 series router generate a Dying Gasp RFI when an interface is error-disabled or administratively shut down. This is the only type of RFI that the Gigabit Ethernet SPAs on the Cisco 7600 series router generate.
- Link Fault—This type of RFI is sent when a loss of signal is detected by the receiver (for example, a peer's laser is malfunctioning). A link fault is sent once per second in the Information OAMPDU. The link fault RFI applies only when the physical sublayer is capable of independent transmit and receive.
When the Gigabit Ethernet SPAs receive an OAMPDU with an RFI bit selected, a syslog message is created providing the failure reason, as shown in the following example:
%ETHERNET_OAM-SP-6-RFI: The client on interface Gi1/1 has received a remote failure indication from its remote peer (failure reason = remote client administratively turned off)
You can configure a response, or action, by the local client to shut down the OAM interface when it receives Information OAMPDUs with a Dying Gasp RFI bit selected.
To configure an error disable action for the local Ethernet OAM interface, use the following command in interface configuration or template configuration mode:
|
|
Router(config-if)# ethernet oam remote-failure dying-gasp action error-disable-interface |
(Optional) Specifies that the local Ethernet OAM interface is shut down upon receipt of an Information OAMPDU from its peer that indicates a Dying Gasp. |
Configuring Global Ethernet OAM Options Using a Template
Create configuration templates when you have a common set of link-monitoring or remote-failure characteristics that you want to apply to multiple Ethernet OAM interfaces. This streamlines Ethernet OAM interface configuration.
Although you can configure multiple configuration templates, only one template can be associated with any single Ethernet OAM interface. You can override any commands defined within a template by explicitly configuring the same command (that is predefined by the template) in interface configuration mode.
To configure global Ethernet OAM interface options using a template, use the following command beginning in global configuration mode:
|
|
|
Step 1 |
Router(config)# template template-name |
Creates or selects a template and enters template configuration mode, where template-name is an up to 32-character string defining the name of the template. |
Step 2 |
Router(config-template)# ethernet oam link-monitor command or Router(config-template)# ethernet oam remote-failure command |
Specify one or more ethernet oam configuration commands. Repeat this step for the number of commands that you want to configure. For information about link monitoring commands, see the “Configuring Link Monitoring Options” section. |
Step 3 |
Router(config-template)# exit |
Exit template configuration mode and return to global configuration mode. |
Step 4 |
Router(config)# interface type slot / subslot / port |
Specifies the Ethernet SPA interface, where
Note Ethernet OAM only can be defined on a main Gigabit Ethernet interface—not on subinterfaces. |
Step 5 |
Router(config-if)# source template template-name |
Attaches the template called template-name and applies the set of configuration commands defined by the named template to the specified interface. |
Verifying Ethernet OAM Configuration
To verify the Ethernet OAM configuration, use the following commands in privileged EXEC configuration mode:
|
|
Router# show ethernet oam discovery [ interface type slot / subslot / port ] |
Displays information about OAM functions negotiated during the OAM discovery phase of establishing an OAM session, where:
|
Router# show ethernet oam statistics [ interface type slot / subslot / port ] |
Displays statistics for information OAMPDUs and local and remote faults, where:
|
Router# show ethernet oam status [ interface type slot / subslot / port ] |
Displays information about link monitoring configuration and status on the local OAM client, where:
|
Router# show ethernet oam summary |
Displays information about the OAM session with the remote OAM client, where:
|
This section includes the following topics:
Verifying an OAM Session
To verify an OAM session, use the show ethernet oam summary command.
The following example shows that the local OAM client is established on the second Gigabit Ethernet SPA interface (1) located in subslot 1 of the SIP installed in chassis slot 6 of the Cisco 7600 series router (Gi6/1/1).
The local client interface is in session with a remote client with MAC address 0012.7fa6.a700 and organizationally unique identifier (OUI) 00000C, which is the OUI for Cisco Systems. The remote client is in active mode, and has established capabilities for link monitoring and remote loopback for the OAM session.
Router# show ethernet oam summary
Symbols: * - Master Loopback State, # - Slave Loopback State
Capability codes: L - Link Monitor, R - Remote Loopback
U - Unidirection, V - Variable Retrieval
Interface MAC Address OUI Mode Capability
Gi6/1/1 0012.7fa6.a700 00000C active L R
Verifying OAM Discovery Status
To verify OAM Discovery status on the local client and remote peer, use the show ethernet oam discovery command as shown in the following example:
Router# show ethernet oam discovery interface gigabitethernet6/1/1
Administrative configurations:
Unidirection: not supported
Link monitor: supported (on)
Remote loopback: not supported
MIB retrieval: not supported
Loopback status: no loopback
MAC address: 0030.96fd.6bfa
Vendor(oui): 0x00 0x00 0x0C (cisco)
Administrative configurations:
Unidirection: not supported
Remote loopback: not supported
MIB retrieval: not supported
Verifying Information OAMPDU and Fault Statistics
To verify statistics for information OAMPDUs and local and remote faults, use the show ethernet oam statistics command as shown in the following example:
Router# show ethernet oam statistics interface gigabitethernet6/1/1
Information OAMPDU Tx : 588806
Information OAMPDU Rx : 988
Unique Event Notification OAMPDU Tx : 0
Unique Event Notification OAMPDU Rx : 0
Duplicate Event Notification OAMPDU TX : 0
Duplicate Event Notification OAMPDU RX : 0
Loopback Control OAMPDU Tx : 1
Loopback Control OAMPDU Rx : 0
Variable Request OAMPDU Tx : 0
Variable Request OAMPDU Rx : 0
Variable Response OAMPDU Tx : 0
Variable Response OAMPDU Rx : 0
Unsupported OAMPDU Tx : 0
Unsupported OAMPDU Rx : 0
Frames Lost due to OAM : 0
0 Errored Symbol Period records
0 Errored Frame Period records
0 Errored Frame Second records
0 Errored Symbol Period records
0 Errored Frame Period records
0 Errored Frame Second records
Verifying Link Monitoring Configuration and Status
To verify link monitoring configuration and status on the local client, use the show ethernet oam status command. The highlighted “Status” field in the following example shows that link monitoring status is supported and enabled (on).
Router# show ethernet oam status interface gigabitethernet6/1/1
PDU max rate: 10 packets per second
PDU min rate: 1 packet per 1 second
High threshold action: no action
Window: 1 million symbols
Low threshold: 1 error symbol(s)
Window: 10 x 100 milliseconds
Low threshold: 1 error frame(s)
Window: 1 x 100,000 frames
Low threshold: 1 error frame(s)
Window: 600 x 100 milliseconds
Low threshold: 1 error second(s)
Verifying Status of the Remote OAM Client
To verify the status of a remote OAM client, use the show ethernet oam summary and show ethernet oam status commands.
To verify the remote client mode and capabilities for the OAM session, use the show ethernet oam summary command and observe the values in the Mode and Capability fields. The following example shows that the local client (local interface Gi6/1/1) is connected to the remote client
Router# show ethernet oam summary
Symbols: * - Master Loopback State, # - Slave Loopback State
Capability codes: L - Link Monitor, R - Remote Loopback
U - Unidirection, V - Variable Retrieval
Interface MAC Address OUI Mode Capability
Gi6/1/1 0012.7fa6.a700 00000C active L R
Configuring IP Subscriber Awareness over Ethernet
Container interfaces are used to apply hardware specific features like Security Access Control List (ACL) and Policy Based Routing (PBR) which then can be inherited to all IP session interfaces attached to a container interface.
To form the association between a container interface and an IP session interface/subinterface, use the container command under IP session interfaces/subinterfaces.
It is required to configure the VRF (not required in the case of global VRF) on the container and the subinterface in order to make an association between them using the container command.
|
|
|
Step 1 |
Router(config)# interface gigabitethernet slot / subslot / port . subinterface-number access |
Specifies the GigabitEthernet interface to configure, where:
- slot / subslot —Specifies the location of the interface. See the “Specifying the Interface Address on a SPA” section.
- port.subinterface-number —Specifies a secondary interface (subinterface) number.
- access —Indentifies the subscriber in the access-side network on subinterfaces.
|
Step 2 |
Router(config)# ip vrf forwarding vrf-name |
Defines the VRF. |
Step 3 |
Router(config-subif)# container container number |
Defines the virtual interface and that would be allocated as the internal VLAN which would be shared by all the IP session interfaces which are tied with the container interface. |
Step 4 |
Router(config-subif)# encapsulation dot1q vlan-id |
Defines the encapsulation format as IEEE 802.1Q (“dot1q”), where vlan-id is the number of the VLAN (1–4095). |
IP Subscriber Awareness over Ethernet Restrictions
There are restrictions being imposed because the internal VLAN is shared by multiple subinterfaces. The restrictions are as follows:
- IP Subscriber awareness over Ethernet is only supported on a Cisco 7600 SIP-400.
- Security ACL will not be supported on per IP subscriber interface basis. However, security ACL feature will be supported on a per group basis.
- Only single route-map policy can be applied on all subinterfaces that are sharing the Internal VLAN. If route-map is defined based on source IP address, then source IP address range should be easily definable and should not cause a configuration bloat.
- unicast Reverse Path Forwarding (uRPF) check can be done only on an internal VLAN level that is shared by subinterfaces, and not at subinterface level. Because of this restriction, a subscriber sharing the same internal VLAN may be able to spoof the IP address of some other subscribers.
- IPv4 multicast is not supported on IP session interfaces. IPv4 multicast does not have any functionality on a per-group basis, as replication is always required on a interface basis and not on a group basis.
There are also some configuration restrictions for link redundancy:
- There is no mechanism to synchronize the route installed by the DHCP to multiple routers; it will be difficult to use IP unnumbered' on and IP session interface. Instead, numbered IP addresses will be used on IP session interface and DHCP will assign IP addresses to the subscriber from the same subnet assigned to the IP session interface.
- It is required to configure the HSRP group for each IP session interface so the Cisco 7600 series router can scale to a 16K HSRP group.
Configuring a Backup Interface for Flexible UNI
The Backup Interface for Flexible UNI feature allows you to configure redundant user-to-network interface (UNI) connections for Ethernet interfaces, which provides redundancy for dual-homed devices.
You can configure redundant (flexible) UNIs on a network provider-edge (N-PE) device in order to supply flexible services through redundant user provider-edge (U-PE) devices. The UNIs on the N-PEs are designated as primary and backup and have identical configurations. If the primary interface fails, the service is automatically transferred to the backup interface.
Note
The configurations on the primary and backup interfaces must be identical.
The primary interface is the interface for which you configure a backup. During operation, the primary interface is active and the backup (secondary) interface operates in standby mode. If the primary interface goes down (due to loss of signal), the router begins using the backup interface.
While the primary interface is active (up) the backup interface is in standby mode. If the primary interface goes down, the backup interface transitions to the up state and the router begins using it in place of the primary. When the primary interface comes back up, the backup interface transitions back to standby mode. While in standby mode, the backup interface is effectively down and the router does not monitor its state or gather statistics for it.
This feature provides the following benefits:
- Supports the following Ethernet virtual circuit (EVC) features:
–
Frame matching: EVC with any supported encapsulation (Dot1q, default, untagged)
–
Frame rewrite: Any supported (ingress and egress with push, pop, and translate)
–
Frame forwarding: MultiPoint Bridging over Ethernet (MPB-E), xconnect, connect
–
Quality of Service (QoS) on EVC
- Supports Layer 3 (L3) termination and L3 VRF
- Supports several types of uplinks: MPLS, VPLS, and switchports
The Backup Interface for Flexible UNI feature makes use of these Ethernet components:
- Ethernet virtual circuit (EVC)—An association between two or more UNIs that identifies a point-to-point or point-to-multipoint path within the provider network. For more information about EVCs, see the description of “Flexible QinQ Mapping and Service Awareness” at the following URL:
http://www.cisco.com/en/US/docs/routers/7600/install_config/ES20_config_guide/baldcfg.html
- Ethernet flow point (EFP)—The logical demarcation point of an EVC on an interface. An EVC that uses two or more UNIs requires an EFP on the associated ingress interface and egress interface of every device that the EVC passes through.
Configuration Guidelines
Observe these guidelines as you configure a backup interface for Flexible UNI on the router:
- Hardware and software support:
–
Supported on the Cisco 7600-ES20-2x10G and 7600-ES20-20x1G line cards.
–
Supported on the Cisco 7600 SIP-400 with Gigabit Ethernet SPAs. In an EVC configuration, version 2 SPAs are required. For IP termination, the SPAs can be version 1 or version 2.
–
Supported with the Route Switch Processor 720, Supervisor Engine 720, and Supervisor Engine 32.
–
Requires Cisco IOS Release 12.2SRB1 or later.
- You can use the same IP address on both the primary and secondary interfaces. This enables the interface to support L3 termination (single or double tagged).
- The configurations on the primary and backup interfaces must match. The router does not check that the configurations match; however, the feature does not work if the configurations are not the same.
Note
If the configuration includes the xconnect command, you must specify a different VCID on the primary and backup interfaces.
- The duplicate resources needed for the primary and secondary interfaces are taken from the total resources available on the router and thus affect available resources. For example, each xconnect consumes resources on both the primary and backup interfaces.
- Local switching (connect) between primary and backup interfaces uses twice the number of physical interfaces. This limitation is due to lack of support for local switching on EVCs on the same interface.
- Any features configured on the primary and backup interfaces (such as bridge-domain, xconnect, and connect) transition up or down as the interface itself transitions between states.
- Switchover time between primary and backup interfaces is best effort. The time it takes the backup interface to transition from standby to active mode depends on the link-state detection time and the amount of time needed for EVCs and their features to transition to the up state.
- Configuration changes and administrative actions made on the primary interface are automatically reflected on the backup interface.
- The router monitors and gathers statistics for the active interface only, not the backup. During normal operation, the primary interface is active; however, if the primary goes down, the backup becomes active and the router begins monitoring and gathering statistics for it.
- When the primary interface comes back up, the backup interface always transitions back to standby mode. Once the signal is restored on the primary interface, there is no way to prevent the interface from being restored as the primary.
Configuration Instructions
To configure a backup interface for a flexible UNI on an Ethernet port, perform the following steps:
Note
You must apply the same configuration to both the primary and backup interfaces or the feature does not work. To configure EVC service instances on the interfaces, use the service instance, encapsulation, rewrite, bridge-domain, and xconnect commands. For information, see the following URLs:
http://www.cisco.com/en/US/docs/routers/7600/install_config/ES20_config_guide/baldcfg.html
|
|
|
Step 1 |
Router(config)# interface type slot / subslot/port Router(config)# interface gigabitethernet3/0/0 |
Selects the primary interface. This is the interface you are creating a backup interface for. For example, interface gigabitEthernet 3/0/0 selects the interface for port 0 of the Gigabit Ethernet card installed in slot 3, subslot 0.
- type specifies the interface type. Valid values are gigabitethernet or tengigabitethernet.
- slot / subslot / port specifies the location of the interface.
|
Step 2 |
Router(config-if)# backup interface type interface Router(config-if)# backup interface gigabitethernet4/0/1 |
Selects the interface to serve as a backup interface. |
Step 3 |
Router(config-if)# backup delay enable - delay disable-delay Router(config-if)# backup delay 0 0 |
(Optional) Specifies a time delay (in seconds) for enabling or disabling the backup interface.
- enable-delay is the amount of time to wait after the primary interface goes down before bringing up the backup interface.
- disable-delay is the amount of time to wait after the primary interface comes back up before restoring the backup interface to the standby (down) state
Note For the backup interface for Flexible UNI feature, do not change the default delay period (0 0) or the feature may not work correctly. |
Step 4 |
Router(config-if)# backup load enable-percent disable-percent Router(config-if)# backup load 50 10 |
(Optional) Specifies the thresholds of traffic load on the primary interface (as a percentage of the total capacity) at which to enable and disable the backup interface.
- enable-percent —Activate the backup interface when the traffic load on the primary exceeds this percentage of its total capacity.
- disable-percent —Deactivate the backup interface when the combined load of both primary and backup returns to this percentage of the primary’s capacity.
Applying the settings from the example to a primary interface with 10-MB capacity, the router enables the backup interface when traffic load on the primary exceeds 5 Mbytes (50%), and disables the backup when combined traffic on both interfaces falls below 1 MB (10%). |
Step 5 |
Router(config-if)# exit |
Exits interface configuration mode and returns to global configuration mode. |
Step 6 |
Router(config)# connect primary interface srv-inst interface srv-inst Router(config)# connect backup interface srv-inst interface srv-inst Router(config)# connect primary gi3/0/0 2 gi3/0/1 2 Router(config)# connect backup gi4/0/0 2 gi4/0/1 2 |
(Optional) Creates a local connection between a single service instance ( srv-inst) on two different interfaces. The connect primary command creates a connection between primary interfaces, and connect backup creates a connection between backup interfaces. In the example, a local connection is configured between service instance 2 on primary interfaces (gi3/0/0 and gi3/0/1) and on backup interfaces (gi4/0/0 and gi4/0/1). |
Step 7 |
Router(config)# connect primary interface srv-inst1 interface srv-inst2 Router(config)# connect backup interface srv-inst1 interface srv-inst2 Router(config)# connect primary gi3/0/0 2 gi3/0/0 3 Router(config)# connect backup gi4/0/0 2 gi4/0/0 3 |
(Optional) Enables local switching between different service instances ( srv-inst1 and srv-inst2) on the same port. Use the connect primary command to create a connection on a primary interface, and connect backup to create a connection on a backup interface. In the example, we are configuring local switching between service instances 2 and 3 on both the primary (gi3/0/0) and backup interfaces (gi4/0/0). |
Step 8 |
Router(config-if)# exit |
Exits interface configuration mode. |
The following example shows a sample configuration in which:
- gi3/0/1 is the primary interface and gi4/0/1 is the backup interface.
- Each interface supports two service instances (2 and 4), and each service instance uses a different type of forwarding (bridge-domain and xconnect).
- The xconnect command for service instance 2 uses a different VCID on each interface.
service instance 4 ethernet
rewrite ingress tag pop 1 symmetric
service instance 2 ethernet
rewrite ingress tag pop 1 symmetric
xconnect 10.0.0.0 2 encap mpls
service instance 4 ethernet
rewrite ingress tag pop 1 symmetric
service instance 2 ethernet
rewrite ingress tag pop 1 symmetric
xconnect 10.0.0.0 5 encap mpls
Verifying the Flexible UNI Backup Interface Configuration
This section lists the commands to display information about the primary and backup interfaces configured on the router. In the examples that follow, the primary interface is gi3/0/0 and the secondary (backup) interface is gi3/0/11.
- To display a list of backup interfaces, use the show backup command in privileged EXEC mode. Our sample output shows a single backup (secondary) interface:
Primary Interface Secondary Interface Status
----------------- ------------------- ------
GigabitEthernet3/0/0 GigabitEthernet3/0/11 normal operation
- To display information about a primary or backup interface, use the show interfaces command in privileged EXEC mode. Issue the command on the interface for which you want to display information. The following examples show the output displayed when the command is issued on the primary (gi3/0/0) and backup (gi3/0/11) interfaces:
GigabitEthernet3/0/0 is up, line protocol is up (connected)
Hardware is GigEther SPA, address is 0005.dc57.8800 (bia 0005.dc57.8800)
Backup interface GigabitEthernet3/0/11, failure delay 0 sec, secondary disable delay 0 sec, kickin load not set, kickout load not set
NPE-11# show int gi3/0/11
GigabitEthernet3/0/11 is standby mode, line protocol is down (disabled)
If the primary interface goes down, the backup (secondary) interface is transitioned to the up state, as shown in the command output that follows. Notice how the command output changes if you reissue the show backup and show interfaces commands at this time: the status retrieved by the show backup status changes, the line protocol for gi3/0/0 is now down (notconnect), and the line protocol for gi3/0/11 is now up (connected).
NPE-11# !!! Link gi3/0/0 (active) goes down…
22:11:11: %LINK-DFC3-3-UPDOWN: Interface GigabitEthernet3/0/0, changed state to down
22:11:12: %LINK-DFC3-3-UPDOWN: Interface GigabitEthernet3/0/11, changed state to up
22:11:12: %LINEPROTO-DFC3-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/0, changed state to down
22:11:13: %LINEPROTO-DFC3-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/11, changed state to up
Primary Interface Secondary Interface Status
----------------- ------------------- ------
GigabitEthernet3/0/0 GigabitEthernet3/0/11 backup mode
GigabitEthernet3/0/0 is down, line protocol is down (notconnect)
Hardware is GigEther SPA, address is 0005.dc57.8800 (bia 0005.dc57.8800)
Backup interface GigabitEthernet3/0/11, failure delay 0 sec, secondary disable delay 0 sec,
NPE-11# show int gi3/0/11
GigabitEthernet3/0/11 is up, line protocol is up (connected)
Troubleshooting
Table 13-5 provides troubleshooting solutions for the backup interface of the Flexible UNI feature.
Table 13-5 Troubleshooting Scenarios
|
|
The backup interface is in a standby state or the line protocol is down |
Use the show interfaces command on the specific interface in privileged EXEC mode to display interface and line protocol details. Share the output with TAC for further investigation. This sample output of the command displayed when the command on the primary (gi3/0/0) and backup (gi3/0/11) interfaces: NPE-11# show int gi3/0/0 GigabitEthernet3/0/0 is up, line protocol is up (connected) Hardware is GigEther SPA, address is 0005.dc57.8800 (bia 0005.dc57.8800) Backup interface GigabitEthernet3/0/11, failure delay 0 sec, secondary disable delay 0 sec, kickin load not set, kickout load not set [...] NPE-11# show int gi3/0/11 GigabitEthernet3/0/11 is standby mode, line protocol is down (disabled) |
Flexible QinQ Mapping and Service Awareness on the 1-Port 10-Gigabit Ethernet SPA
The Flexible QinQ Mapping and Service Awareness on 1-Port 10-Gigabit Ethernet SPA feature allows service providers to offer triple-play services, residential Internet access from a digital subscriber line access multiplexer (DSLAM), and business Layer 2 and Layer 3 VPN by providing for termination of double-tagged dot1q frames onto a Layer 3 subinterface at the access node.
The access node connects to the DSLAM through the 1-Port 10-Gigabit Ethernet SPA. This provides a flexible way to identify the customer instance by its VLAN tags, and to map the customer instance to different services.
Flexible QinQ Mapping and Service Awareness on the1-Port 10-Gigabit Ethernet SPA is supported only through Ethernet Virtual Connection Services (EVCS) service instances.
EVCS uses the concepts of EVCs (Ethernet virtual circuits) and service instances. An EVC is an end-to-end representation of a single instance of a Layer 2 service being offered by a provider to a customer. It embodies the different parameters on which the service is being offered. A service instance is the instantiation of an EVC on a given port on a given router.
Figure 13-4 shows a typical metro architecture where the access switch facing the DSLAM provides VLAN translation (selective QinQ) and grooming funcitonality and where the serivce routers (SR) provide QinQ termination into a Layer 2 or Layer 3 service.
Figure 13-4 Typical Metro Architecture
Flexible QinQ Mapping and Service Awareness on the 1-Port 10-Gigabit Ethernet SPA provides the following functionality:
- VLAN connect with local significance (VLAN local switching)
–
Single tag Ethernet local switching where the received dot1q tag traffic from one port is cross-connected to another port by changing the tag. This is a 1-to-1 mapping service and there is no MAC learning involved.
–
Double tag Ethernet local switching where the received double tag traffic from one port is cross-connected to another port by changing both tags. The mapping to each double tag combination to the cross-connect is 1-to-1. There is no MAC learning involved.
- Selective QinQ (1-to-2 translation)
–
xconnect—Selective QinQ adds an outer tag to the received dot1q traffic and then tunnels it to the remote end with Layer 2 switching or EoMPLS.
–
Layer 2 switching—Selective QinQ adds an outer tag to the received dot1q traffic and then performs Layer 2 switching to allow switch virtual interface (SVI) based on the outer tag for configuring additional services.
- Double tag translation (2-to-2 translation) Layer 2 switching—Two received tagged frames are popped and two new tags are pushed.
- Double tag termination (2-to-1 tag translation)
–
Ethernet MultiPoint Bridging over Ethernet (MPBE)—The incoming double tag is uniquely mapped to a single dot1q tag that is then used to do MPBE
–
Double tag MPBE—The ingress line uses double tags in the ingress packet to look up the bridging VLAN. The double tags are popped and the egress line card adds new double tags and sends the packet out.
–
Double tag routing—Same as regular dot1q tag routing except that double tags are used to identify the hidden VLAN.
- Local VLAN significance—VLAN tags are significant only to the port.
- Scalable EoMPLS VC—Single tag packets are sent across the tunnel.
- QinQ policing and QoS
- Layer 2 protocol data unit (PDU) packet—If the Layer 2 PDUs are tagged, packets are forwarded transparently; if the Layer 2 PDUs are untagged, packets are treated per the physical port configuration.
Restrictions and Usage Guidelines
When configuring Flexible QinQ Mapping and Service Awareness on the 1-Port 10-Gigabit Ethernet SPA, follow these restrictions and usage guidelines:
–
Service Instances: 16, 000
–
Input matching pairs: 8,000
–
Bridge-domains: 16, 000
–
Local switching: 32,000
–
Xconnect:16, 000
–
Subinterface: 2,000
–
Shaping: Parent queue is 2,000 and child queue is 16,000
–
Marking: Parent queue is 2,000 and child queue is 16,000
- Modular QoS CLI (MQC) actions supported include:
–
Shaping
–
Bandwidth
–
Two priority queues per policy
–
The set cos command, set cos-inner command, set cos cos-inner command, and set cos-inner cos command
–
WRED aggregate
–
Queue-limit
SUMMARY STEPS
1.
enable
2.
configure terminal
3.
interface gigabitethernet slot/subslot/port[.subinterface-number] or interface tengigabitethernet slot/subslot/port[.subinterface-number]
4.
[no] service instance id {Ethernet service-name}
5.
encapsulation dot1q vlan-id
6.
rewrite ingress tag {push {dot1q vlan-id | dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | pop {1 | 2} | translate {1-to-1 {dot1q vlan-id | dot1ad vlan-id}| 2-to-1 dot1q vlan-id | dot1ad vlan-id}| 1-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | 2-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id}} [symmetric]
DETAILED STEPS
|
|
|
Step 1 |
enable Router> enable |
Enables privileged EXEC mode.
- Enter your password if prompted.
|
Step 2 |
configure terminal Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface gigabitethernet slot/subslot/port[.subinterface-number] or interface tengigabitethernet slot/subslot/port[.subinterface-number] Router(config)# interface gigabitethernet 4/0/0 |
Specifies the Gigabit Ethernet or the Ten Gigabit Ethernet interface to configure, where:
- slot/subslot/port—Specifies the location of the interface.
- subinterface-number—(Optional) Specifies a secondary interface (subinterface) number.
|
Step 4 |
[no] service instance id {Ethernet [service-name} Router(config-if)# service instance 101 ethernet |
Creates a service instance (an instantiation of an EVC) on an interface and sets the device into the config-if-srv submode. |
Step 5 |
encapsulation dot1q vlan-id Router(config-if-srv)# encapsulation dot1q 13 |
Defines the matching criteria to be used in order to map ingress dot1q frames on an interface to the appropriate service instance. |
Step 6 |
rewrite ingress tag {push {dot1q vlan-id | dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | pop {1 | 2} | translate {1-to-1 {dot1q vlan-id | dot1ad vlan-id}| 2-to-1 dot1q vlan-id | dot1ad vlan-id}| 1-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | 2-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id}} [symmetric] Router(config-if-srv)# rewrite ingress tag push dot1q 20 |
Specifies the tag manipulation that is to be performed on the frame ingress to the service instance. |
Single Tag VLAN Connect
In this example, an incoming frame with a dot1q tag of 10 enters TenGigabitEthernet1/0/1. It is index directed to TenGigabitEthernet1/0/2 and exits with a dot1q tag of 11. No MAC learning is involved.
Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 10
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 11
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router# connect EVC1 TenGigabitEthernet1/0/1 100 TenGigabitEthernet1/0/2 101
Double Tag VLAN Connect
In this example, an incoming frame with an outer dot1q tag of 10 and inner tag of 20 enters TenGigabitEthernet1/0/1. It is index directed to TenGigabitEthernet1/0/2 and exits with an outer dot1q tag of 11 and inner tag 21. No MAC learning is involved.
Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 10 second-dot1q 20
Router(config-if-srv)# rewrite ingress tag pop 2 symmetric
Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 11 second-dot1q 21
Router(config-if-srv)# rewrite ingress tag pop 2 symmetric
Router# connect EVC1 TenGigabitEthernet1/0/1 100 TenGigabitEthernet1/0/2 101
Selective QinQ with Connect
This configuration uses EoMPLS to perform packet forwarding. This is index directed.
! DSLAM facing port - single tag packet from link
Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 10-20,30,50-60
!L2/QinQ facing port double tag packets
Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 11 second-dot1q any
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
! connecting service instances
Router# connect EVC1 TenGigabitEthernet1/0/1 100 TenGigabitEthernet1/0/2 101
Selective QinQ with Xconnect
This configuration uses EoMPLS to perform packet forwarding. This is not index directed.
Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 10-20,30,50-60
Router(config-if-srv)# xconnect 2.2.2.2 999 pw-class vlan-xconnect
Router(config)# interface Loopback1
Router(config-if)# ip address 1.1.1.1 255.255.255.255
Router(config)# interface TenGigabitEthernet2/0/1
Router(config-if)# ip address 192.168.1.1 255.255.255.0
Router(config-if)# mpls ip
Router(config-if)# mpls label protocol ldp
Router(config)# interface TenGigabitEthernet2/0/1
Router(config-if)# ip address 192.169.1.1 255.255.255.0
Router(config-if)# mpls ip
Router(config-if)# mpls label protocol ldp
Router(config)# interface Loopback1
Router(config-if)# ip address 2.2.2.2 255.255.255.255
! CE facing EoMPLS configuration
Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# service instance 1000
Router(config-if-srv)# encapsulation dot1q 1000 second-dot1q any
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-if-srv)# xconnect 1.1.1.1 999 pw-class vlan-xconnect
Selective QinQ with Layer 2 Switching
This configuration uses Layer 2 Switching to perform packet forwarding. The forwarding mechanism is the same as MPB-E, only the rewrites for each service instance are different.
! DSLAM facing port, single tag incoming
Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 10-20
Router(config-if-srv)# bridge-domain 11
Router(config)# interface VLAN11
Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# switchport
Router(config-if)# switchport mode trunk
Router(config-if)# switchport trunk vlan allow 11
Double Tag Translation (2-to-2 Tag Translation)
In this case, double-tagged frames are received on ingress. Both tags are popped and two new tags are pushed. The packet is then Layer 2 switched to the bridge-domain VLAN.
Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 100 second-dot1q 10
Router(config-if-srv)# rewrite ingress tag translate 2-to-2 dot1q 200 second-dot1q 20 second-dot1q 10
Router(config-if-srv)# bridge-domain 200
Router(config)# interface VLAN200
Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 200 second-dot1q 20
Router(config-if-srv)# bridge-domain 200
Double Tag Termination (2 to 1 Tag Translation)
This example falls under the Layer 2 switching case.
Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 200 second-dot1q 20
Router(config-if-srv)# rewrite ingress tag pop 2 symmetric
Router(config-if-srv)# bridge-domain 10
Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 10
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-if-srv)# bridge-domain 10
Router(config)# interface TenGigabitEthernet1/0/3
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 30
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-if-srv)# bridge-domain 10
Verification
Use the following commands to verify operation.
|
|
Router# show ethernet service evc [id evc-id | interface interface-id] [detail] |
Displays information pertaining to a specific EVC if an EVC ID is specified, or pertaining to all EVCs on an interface if an interface is specified. The detailed option provides additional information on the EVC. |
Router# show ethernet service instance [id instance-id interface interface-id | interface interface-id] [detail] |
Displays information about one or more service instances: If a service instance ID and interface are specified, only data pertaining to that particular service instance is displayed. If only an interface ID is specified, displays data for all service instances s on the given interface. |
Router# show ethernet service interface [interface-id] [detail] |
Displays information in the Port Data Block (PDB). |
Router# show mpls l2 vc detail |
Displays detailed information related to the virtual connection (VC). |
Router# show mpls forwarding |
Displays the contents of theMPLS Label Forwarding Information Base (LFIB). Note Output should have the label entry l2ckt. |
Router# show platform software efp-client |
Displays service instance details. |
Troubleshooting
Table 13-6 provides the troubleshooting solutions for the Flexible mapping feature.
Table 13-6 Troubleshooting
|
|
Erroneous TCAM entries. |
Use the show hw-module subslot subslot tcam command to verify and the TCAM entries. Share the output with TAC for further investigation. |
Incorrect virtual VLAN IDs on a QinQ subinterface. |
Use the test hw-mod subslot subslot command to verify the virtual VLAN ID values on a QinQ subinterface. Share the output with TAC for further investigation. |
Wrong interface configured and tag manipulation incorrectly programmed. |
Use the command show platform np interface detail to verfiy the interface and tag details. Share the output with TAC for further investigation. |
VLAN ID is incorrectly programmed |
Use the command show hw-module subslot subslot tcam all_entries vlan to verify the VLAN ID details. Share the output with TAC for further investigation. |
Inner, outer start/end VLANs incorrectly programmed. |
Use the show platform np efp command to verify the VLAN details. Share the output with TAC for further investigation. |
Erroneous TCAM entries on the platform |
Use the show plat soft qos tcamfeature and show plat soft qos tcamt commands to verify the TCAM entries. Share the output with TAC for further investigation. |
Configuring MultiPoint Bridging over Ethernet on the 1-Port 10-Gigabit Ethernet SPA
The MultiPoint Bridging over Ethernet (MPBE) on the 1-Port 10-Gigabit Ethernet SPA feature provides Ethernet LAN switching with MAC learning, local VLAN significance, and full QoS support. MPBE also provides Layer 2 switchport-like features without the full switchport implementation. MPBE is supported only through Ethernet Virtual Connection Services (EVCS) service instances.
EVCS uses the concepts of EVCs (Ethernet virtual circuits) and service instances. An EVC is an end-to-end representation of a single instance of a Layer 2 service being offered by a provider to a customer. It embodies the different parameters on which the service is being offered. A service instance is the instantiation of an EVC on a given port on a given router.
For MPBE, an EVC packet filtering capability prevents leaking of broadcast/multicast bridge-domain traffic packets from one service instance to another. Filtering occurs before and after the rewrite to ensure that the packet goes only to the intended service instance.
You can use MPBE to:
- Simultaneously configure Layer 2 and Layer 3 services such as Layer 2 VPN, Layer 3 VPN, and Layer 2 bridging on the same physical port.
- Define a broadcast domain in a system. Customer instances that are part of a broadcast domain can be in the same physical port or in different ports.
- Configure mutltiple service instances with different encapuslations and map them to a single bridge domain.
- Perform local switching between service instances under the same bridge domain.
- Span across different physical interfaces using service instances that are part of the same bridge domain.
- Use encapsulation VLANs as locally significant (physical port).
- Replicate flooded packets from the core to all service instances under the bridge domain.
- Configure a Layer 2 tunneling service or Layer 3 terminating service under the bridge domain VLAN.
MPBE accomplishes this by manipulating VLAN tags for each service instance and mapping the manipulated VLAN tags to Layer 2 or Layer 3 services. Possible VLAN tag manipulations include:
- Single tag termination
- Single tag tunneling
- Single tag translation
- Double tag termination
- Double tag tunneling
- Double tag translation
- Selective QinQ translation
Restrictions and Usage Guidelines
When configuring the MultiPoint Bridging over Ethernet on the 1-Port 10-Gigabit Ethernet SPA, follow these restrictions and usage guidelines:
- Each service instance is considered as a separate circuit under the bridge-domain.
- Encapsulation can be dot1q or QinQ packets.
- 60 MPB VCs are supported under one bridge-domain.
- Internet Group Management Protocol (IGMP) snooping is supported with MPB VCs.
- Split Horizon is supported with MPB VCs.
- Bridge protocol data unit (BDPU) packets are either tunneled or dropped.
- For ingress policing, only the drop action and the accept action for the police command are supported. Marking is not supported as part of the policing.
- Ingress shaping is not supported.
- For ingress marking, supports match vlan command, match vlan-inner command, match cos command, match cos-inner command, set cos command, and set cos-inner command.
- For egress marking, set cos command and set cos-inner command are supported; match inner-cos command and match inner-vlan command are not supported.
SUMMARY STEPS
1.
enable
2.
configure terminal
interface gigabitethernet slot/subslot/port[.subinterface-number] or interface tengigabitethernet slot/subslot/port[.subinterface-number]
3.
[no] service instance id {Ethernet [service-name}
4.
encapsulation dot1q vlan-id
5.
rewrite ingress tag {push {dot1q vlan-id | dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | pop {1 | 2} | translate {1-to-1 {dot1q vlan-id | dot1ad vlan-id}| 2-to-1 dot1q vlan-id | dot1ad vlan-id}| 1-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | 2-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id}} [symmetric]
6.
[no] bridge-domain bridge-id
DETAILED STEPS
|
|
|
Step 1 |
enable Router> enable |
Enables privileged EXEC mode.
- Enter your password if prompted.
|
Step 2 |
configure terminal Router# configure terminal |
Enters global configuration mode. |
Step 3 |
interface gigabitethernet slot/subslot/port[.subinterface-number] or interface tengigabitethernet slot/subslot/port[.subinterface-number] Router(config)# interface gigabitethernet4/0/0 |
Specifies the Gigabit Ethernet or the Ten Gigabit Ethernet interface to configure, where:
- slot/subslot/port—Specifies the location of the interface.
- subinterface-number—(Optional) Specifies a secondary interface (subinterface) number.
|
Step 4 |
[no] service instance id {Ethernet service-name} Router(config-if)# service instance 101 ethernet |
Creates a service instance (an instantiation of an EVC) on an interface and sets the device into the config-if-srv submode. |
Step 5 |
encapsulation dot1q vlan-id Router(config-if-srv)# encapsulation dot1q 10 |
Defines the matching criteria to be used in order to map ingress dot1q frames on an interface to the appropriate service instance. |
Step 6 |
[no] rewrite ingress tag {push {dot1q vlan-id | dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | pop {1 | 2} | translate {1-to-1 {dot1q vlan-id | dot1ad vlan-id}| 2-to-1 dot1q vlan-id | dot1ad vlan-id}| 1-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | 2-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id}} [symmetric] Router(config-if-srv)# rewrite ingress tag push dot1q 200 |
This command specifies the tag manipulation that is to be performed on the frame ingress to the service instance. Note If this command is not configured, then the frame is left intact on ingress (the service instance is equivalent to a trunk port). |
Step 7 |
[no] bridge-domain bridge-id Router(config-subif)# bridge domain 12 |
Binds the service instance to a bridge domain instance where bridge-id is the identifier for the bridge domain instance. |
Single Tag Termination Example
In this example, the single tag termination indentifies customers based on a single VLAN tag and maps the single-VLAN tag to the bridge-domain.
Router(config)# interface TenGigabitEthernet1/2/0
Router(config-if)# service instance 10 ethernet
Router(config-if-srv)# encapsulation dot1q 10
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-if-srv)# bridge domain 12
Single Tag Tunneling Example
In this single tag tunneling example, the incoming VLAN tag is not removed but continues with the packet.
Router(config)# interface TenGigabitEthernet1/2/0
Router(config-if)# service instance 10 ethernet
Router(config-if-srv)# encapsulation dot1q 10
Router(config-if-srv)# bridge-domain 200
Single Tag Translation Example
In this single-tag translation example, the incoming VLAN tag is removed and VLAN 200 is added to the packet.
Router(config)# interface TenGigabitEthernet3/0/0
Router(config-if)# service instance 10 ethernet
Router(config-if-srv)# encapsulation dot1q 10
Router(config-if-srv)# rewrite ingress tag translate 1-to-1 dot1q 200 symmetric
Router(config-if-srv)# bridge-domain 200
Double Tag Termination Configuration Example
In this double-tag termination example, the ingress receives double tags that indentify the bridge VLAN; the double tags are stripped (terminated) from the packet.
Router(config)# interface TenGigabitEthernet2/0/0
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 10 inner 20
Router(config-if-srv)# rewrite ingress tag pop 2 symmetric
Router(config-if-srv)# bridge-domain 200
Router(config-if)# service instance 2
Router(config-if-srv)# encapsulation dot1q 40 inner 30
Router(config-if-srv)# rewrite ingress tag pop 2 symmetric
Router(config-if-srv)# bridge-domain 200
Double-Tag Translation Configuration Example
In this example, double tagged frames are received on ingress. Both tags are popped and two new tags are pushed. The packet is then Layer 2-switched to the bridge-domain VLAN.
Router(config)# interface TenGigabitEthernet1/0/0
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 10 second-dot1q 20
Router(config-if-srv)# rewrite ingress tag translate 2-to-2 dot1q 40 second dot1q 30 symmetric
Router(config-if-srv)# bridge-domain 200
Router(config-if)# service instance 2 ethernet
Router(config-if-srv)# encapsulation dot1q 40 second-dot1q 30
Router(config-if-srv)# rewrite ingress tag translate 2-to-2 dot1q 10 second dot1q 20 symmetric
Router(config-if-srv)# bridge-domain 200
Selective QinQ Configuration Example
In this example, a range of VLANs is configured and plugged into a single MPB VC.
Router(config)# interface TenGigabitEthernet1/0/0
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 10-20
Router(config-if-srv)# bridge-domain 200
Router(config)# interface TenGigabitEthernet2/0/0
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 10-30
Router(config-if-srv)# bridge-domain 200
Untagged Traffic Configuration Example
In this example, untagged traffic is bridged to the bridge domain and forwarded to the switchport trunk.
Router(config)# interface GigabitEthernet2/0/1
Router(config-if)# no ip address
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation untagged
Router(config-if-srv)# bridge-domain 11
Router(config)# interface TenGigabitEthernet1/0/0
Router(config-if)# switchport
Router(config-if)# switchport mode trunk
Router(config-if)# switchport allowed vlan 11
MPBE with Split Horizon Configuration Example
In this example, unknown unicast traffic is flooded on the bridge domain except for the interface from which the traffic originated.
Router(config)# interface GigabitEthernet2/0/0
Router(config-if)# no ip address
Router(config-if)# service instance 1000 ethernet
Router(config-if-srv)# encapsulation dot1q 100 second-dot1q 10-20
Router(config-if-srv)# bridge-domain 100 split-horizon
Router(config-if)# service instance 1001 ethernet
Router(config-if-srv)# encapsulation dot1q 101 second-dot1q 21-30
Router(config-if-srv)# bridge-domain 101 split-horizon
Router(config-if)# service instance 1010 ethernet
Router(config-if-srv)# encapsulation dot1q 100
Router(config-if-srv)# rewrite ingress tag symmetric translate 1-to-2 dot1q 10 second-dot1q 100 symmetric
Router(config-if-srv)# bridge-domain 10 split-horizon
Router(config-if)# mls qos trust dscp
In this example, service instances are configured on Ethernet interfaces and terminated on the bridge domain.
Router(config)# interface GigabitEthernet2/0/0
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 1000
Router(config-if-srv)# bridge-domain 10
Router(config)# interface GigabitEthernet1/0/0
Router(config-if)# switchport
Router(config-if)# switchport mode trunk
Router(config-if)# switchport trunk allowed vlan 10
In this example, VPLS is configured in the core with multiple bridge domains.
neighbor 20.0.0.2 encapsulation mpls
neighbor 20.0.0.2 encapsulation mpls
neighbor 20.0.0.2 encapsulation mpls
Verification
Use the following commands to verify operation.
.
|
|
Router# show ethernet service evc [id evc-id | interface interface-id] [detail] |
Displays information pertaining to a specific EVC if an EVC ID is specified, or pertaining to all EVCs on an interface if an interface is specified. The detail option provides additional information on the EVC. |
Router# show ethernet service instance [id instance-id interface interface-id | interface interface-id] [detail] |
Displays information about one or more service instances: If a service instance ID and interface are specified, only data pertaining to that particular service instance is displayed. If only an interface ID is specified, displays data for all service instances on the given interface. |
Router# show ethernet service interface [interface-id] [detail] |
Displays information in the Port Data Block (PDB). |
Router# show mpls l2 vc detail |
Displays detailed information related to the virtual connection (VC). |
Router# show mpls forwarding (Output should have the label entry l2ckt) |
Displays the contents of the MPLS Label Forwarding Information Base (LFIB). |
Router# show platform software efp-client |
Displays service instance details. |
Configuring QoS on Ethernet SPAs
The SIPs and SPAs support many QoS features using modular QoS CLI (MQC) configuration. For information about the QoS features supported by the Ethernet SPAs, see the “Configuring QoS Features on a SIP” section.
For Fast Ethernet SPAs and the 2-Port Gigabit Ethernet SPA, the following QoS behavior applies:
- In both the ingress and egress directions, all QoS features calculate packet size similarly to how packet size calculation is performed by the FlexWAN and Enhanced FlexWAN modules on the Cisco 7600 series router.
- Specifically, all features consider the IEEE 802.3 Layer 2 headers and the Layer 3 protocol payload. The CRC, interframe gap, and preamble are not included in the packet size calculations.
Note
For Fast Ethernet SPAs, QoS cannot change the speed of an interface (for example, Fast Ethernet SPAs cannot change QoS settings whenever an interface speed is changed between 100M to 10M). When the speed is changed, the user must also adjust the QoS setting accordingly.
Over-subscription on Gigabit Ethernet SPAs
Ethernet SPAs have the capability to classify incoming frames from the link to low or high priority queues. This capability is used to provide oversubscription handling for SIP-400. This allows the SIP-400 to prioritize high-priority control traffic over lower priority traffic, providing greater connection stability during periods of over-subscription.
Table 13-7 lists the incoming frames on the ingress side that can be prioritized into the following classes. If any packet is marked with the priority values listed in Table 13-7 , it moves to a high priority queue; else, it moves to a low priority queue.
Table 13-7 Prioritization of Incoming Frames
|
|
0 (Highest) |
Intelligent SPAs SPA IPC control traffic |
1 |
Classified high priority traffic Note This includes frames with these attributes:
- IPv4 TOS 6,7
- DSCP 48,56
- MPLS EXP 6,7
- IPV6 EF
- 802.1p (COS) 6,7: 802.1p (COS) marking preceedes all the other marking criteria. This is present only with VLAN-tagged packets.
|
2 |
Unclassified traffic |
3 (Lowest) |
Classified low priority traffic |
Note
The Gigabit Ethernet SPAs only look at the 802.1p bits to make the classification decision if the packet is tagged, L3 bits are ignored on tagged packets.
Supported Features and Restrictions
In 12.2(33) SRB and later releases, oversubscription is supported on the SIP-400 card with certain SPA combinations. On the ingress side, oversubscription is supported on SPAs that :
- Have the capability to do packet classification, and
- Use separate SPI4 queues for different priorities.
In Cisco IOS 12.2(33)SRB Release, oversubscription is only supported for two 2-Port Copper and Optical Gigabit Ethernet SPAs.
In the Cisco IOS 12.2(33)SRC Release support for oversubscription is extended to the 1-Port 10-Gigabit Ethernet SPA. Ingress oversubscription is only supported on Ethernet SPAs.
Cisco IOS 12.2(33)SRC Release supports the following specific SPA combinations:
- Any combination of POS, ATM, CEoPs, and serial or channelized SPAs up to OC-48 aggregate bandwidth
- One 2-Port Gigabit Ethernet SPA or 2-Port Copper and Optical Gigabit Ethernet SPA and up to OC-24 equivalents of POS, ATM, CEoPs, and serial or channelized SPAs.
- One2-Port Copper and Optical Gigabit Ethernet SPA or two 2-Port 5GEv2 SPAs. (These are the ingress oversubscription combinations. This is the only case where the SIP-400 is oversubscribed on ingress.
Except for the 1-Port 10 GE-v2 SPA, all of them are also supported in the Cisco IOS 12.2(33)SRB Release. If the combination of SPAs installed on the SIP-400 is not in accordance with the given list, the following console message is displayed:
Error Message Total SPA bandwidth exceeds line card capacity, installed combination of SPA interfaces is not supported.
A maximum of 32 total ingress SPI4 ports are supported on the SIP-400. All supported combinations listed in the previous section require fewer than 32 SPI4 ports. However, if a SPA is inserted which causes the total required to exceed 32 SPI4 ports, that SPA will not be able to power up.
Each ATM or POS SPA requires one ingress SPI4 port per physical port. Each Gigabit Ethernet SPA interface requires two ingress SPI4 ports. If the maximum ingress SPI4 ports required exceeds 32 because of the SPA combination installed, the fourth GigE SPA will not be permitted to power up. The following message is displayed on the console:
Error Message SPI4 port limit exceeded, SPA in subslot number has been powered down.
As long as the SPI port limits are not exceeded, the SPAs will be permitted to power up.
Quality-of-Service (QoS)
QoS on SIP-400
The mls qos trust command is not supported on SIP-400 interfaces. Instead, the bits are always be set in the DBUS header as follows:
- Packet Type Method used to set COS bits in DBUS header
- Untagged bridged packet COS bits in DBUS header are cleared
- Tagged bridged packet COS bits from tag header are copied to COS bits in DBUS header
- Routed packet IP precedence/DSCP value used to set COS bits in DBUS header
QoS on SIP-600
The SIP-600 line card supports the mls qos trust commands. The packet fields from which the DBUS COS bits are derived depends on the packet type and whether the ingress port is trusted.
Ingress oversubscription performance
On SIP-400, when using a mix of low and high priority traffic, a maximum of 2.5 Gbps untagged or tagged high priority traffic can be forwarded with no high priority packet drops at any packet size. When the amount of high priority traffic exceeds 2.5 Gbps, some high priority packet drops may occur.
Egress oversubscription performance
On SIP-400, when using a mix of low and high priority traffic, a maximum of 3.0 Gbps worth of untagged or tagged high priority traffic can be forwarded with no high priority drops at any packet size.
Listed below are some circumstances where performance degradation can be seen:
- Performance degrades with smaller packets.
- Dot1q tagged packets.
If additional checks need to be performed on the dot1q packet to process MPB-E, MPLSoGRE, dot1q-tunneling or EoMPLS information.
- QOS features applied to the main Ethernet interface or a dot1q subinterface can degrade performance.
- Hierarchical searches of parent or child policies lower performance due to multiple key formation and searches.
- When a single policer is applied to all the interfaces, packets from each interface have to contend for one SRAM lock for that policer, causing packets to wait for the lock before proceeding.
- Certain set actions causes recalculations of the CRC in the IP header, increasing the amount of cycles required for processing the newly formed IP packet.
QOS Configuration Example for SIP-400 Ethernet Interfaces
This example illustrates how to properly configure a SIP-400 linecard to ensure high priority traffic is not dropped on ingress or egress.
Step 1
First, a class map to select high priority traffic should be defined.
The following class map is designed to match the SPA classification rules:
match mpls experimental topmost 5 6 7
Step 2
Next, policy maps must be configured. A child policy map is required since IOS does not support priority classes on the parent level for ingress. A queue limit is set for all non-priority traffic to ensure a sufficient number of buffers are available for the high priority packets.
In the parent policy map, the shape command is used since at least one QOS parameter must be configured. However, this service policy is to be applied to Gigabit Ethernet interfaces so no shaping occurs with a shape value of one Gbps.
service-policy video-child
Step 3
Finally, the parent service policy should be applied to each SIP-400 interface. If high priority traffic is expected in both directions on the interface, the same service policy should be applied for both ingress and egress sides.
service-policy input video
service-policy output video
service-policy input video
service-policy output video
service-policy input video
service-policy output video
service-policy input video
service-policy output video
service-policy input video
service-policy output video
SIP-400-5#show hardware subslot 0 drops-rx spi4
Show receive drops info for Subslot 0:
Bad Pkt drop counter : 0x0
Ingress EOP error pkt counter : 0x0
VLAN Rx Osub Drop Counter SRAM:
Addr:0x5 Pkt: 4366664 Byte: 261999840
Addr:0x6 Pkt: 4366661 Byte: 261999660
Addr:0x7 Pkt: 4366661 Byte: 261999660
Addr:0x8 Pkt: 4366662 Byte: 261999720
Addr:0x9 Pkt: 264 Byte: 15840
ISAEDA Rx Osub Drop Counter SRAM:
Addr:0x13FF Pkt: 17466912 Byte:1048014720
VLAN TCAM Catch All Drops:
VLAN Rx Unicast Send : Pkt: 0 Byte: 0
VLAN Rx Mcast Send : Pkt: 0 Byte: 0
VLAN Rx Bcast Send : Pkt: 0 Byte: 0
VLAN Rx Osub Drop : Pkt: 0 Byte: 0
HSRPDA TCAM Catch All Drops:
Saving the Configuration
To save your running configuration to nonvolatile random-access memory (NVRAM), use the following command in privileged EXEC configuration mode:
|
|
Router# copy running-config startup-config |
Writes the new configuration to NVRAM. |
For information about managing your system image and configuration files, refer to the Cisco IOS Configuration Fundamentals Configuration Guide and Cisco IOS Configuration Fundamentals Command Reference publications that correspond to your Cisco IOS software release.
Shutting Down and Restarting an Interface on a SPA
You can shut down and restart any of the interface ports on a SPA independently of each other. Shutting down an interface stops traffic and enters the interface into an “administratively down” state.
There are no restrictions for online insertion and removal (OIR) on Fast Ethernet or Gigabit Ethernet SPAs. Fast Ethernet and Gigabit Ethernet SPAs can be removed from a SIP at any time. SIPs populated with any type of SPAs can be removed from the router at any time.
If you are preparing for an OIR of a SPA, it is not necessary to independently shut down each of the interfaces prior to deactivation of the SPA. The hw-module subslot [x/y] reload command automatically stops traffic on the interfaces and deactivates them along with the SPA in preparation for OIR.
In similar fashion, you do not need to independently restart any interfaces on a SPA after OIR of a SPA or SIP.
To shut down an interface on a SPA, use the following command in interface configuration mode:
|
|
Router(config-if)# shutdown |
Disables an interface. |
To restart an interface on a SPA, use the following command in interface configuration mode:
|
|
Router(config-if)# no shutdown |
Restarts a disabled interface. |