Configuring the Cisco 7600 Series Ethernet Services 20G Line Card

Table Of Contents

Configuring the Cisco 7600 Series Ethernet Services 20G Line Card

Required Configuration Tasks

Identifying Slots and Subslots for the Cisco 7600 Series Ethernet Services 20G Line Card

Configuring High Availability Features

ISSU Support for ES20 Line Card

Configuring Layer 2 Features

Flexible QinQ Mapping and Service Awareness on 7600-ESM-2X10GE and 7600-ESM-20X1GE

Configuring MultiPoint Bridging over Ethernet on 7600-ESM-2X10GE and 7600-ESM-20X1GE

Backup Interface for Flexible UNI

Configuring Multicast Features

IGMP/PIM Snooping for VPLS Pseudowire on 7600-ESM-2X10GE and 7600-ESM-20X1GE

Configuring MPLS Features

Configuring Any Transport over MPLS

Configuring MPLS Traffic Engineering Class-Based Tunnel Selection

Configuring Virtual Private LAN Service

Resetting a Cisco 7600 Series Ethernet Services 20G Line Card


Configuring the Cisco 7600 Series Ethernet Services 20G Line Card


This chapter provides information about configuring the Cisco 7600 Series Ethernet Services 20G (ES20) line card on the Cisco 7600 series router. It includes the following sections:

Required Configuration Tasks

Configuring High Availability Features

Configuring High Availability Features

Configuring Layer 2 Features

Configuring Multicast Features

Configuring MPLS Features

Resetting a Cisco 7600 Series Ethernet Services 20G Line Card

For information about managing your system images and configuration files, refer to the Cisco IOS Configuration Fundamentals Configuration Guide and Cisco IOS Configuration Fundamentals Command Reference publications that correspond to your Cisco IOS software release.

For more information about some of the commands used in this chapter, see "Command Summary for the Cisco 7600 Series Ethernet Services 20G Line Card", and the Cisco IOS Release 12.2 SR Command References at http://www.cisco.com/univercd/cc/td/doc/product/software/ios122sr/cr/index.htm.

Also refer to the related Cisco IOS software command reference and master index publications. For more information about accessing these publications, see the "Related Documentation" section on page -viii.

Required Configuration Tasks

As of Cisco IOS Release 12.2SRB, there are not any features that require direct configuration on the ES20 line card. You do not need to attach to the ES20 line card itself to perform any configuration.

Identifying Slots and Subslots for the Cisco 7600 Series Ethernet Services 20G Line Card

For information on how to specify the physical locations of a ES20 line card on the Cisco 7600 series routers, see Identifying Slots and Subslots for the Cisco 7600 Series Ethernet Services 20G Line Cards, page 2-2 in the Cisco 7600 Series Ethernet Services 20G Line Card Hardware Installation Guide.

Configuring High Availability Features

This section provides ES20 line card-specific information about configuring high availability features.

ISSU Support for ES20 Line Card

The ES20 line card supports In-Service Software Upgrade (ISSU) with Enhanced Fast Software Upgrade (eFSU). ISSU allows for the upgrade and downgrade of Cisco IOS images at different release levels on the active and standby supervisors. ISSU procedure also applies to upgrade and downgrade of line card images. A new line card image is loaded, as necessary, when the supervisor engine software is upgraded or downgraded.

For information, see the Cisco 7600 Series Cisco IOS Software Configuration Guide, 12.2SR at http://www.cisco.com/univercd/cc/td/doc/product/core/cis7600/software/122sr/swcg/index.htm.

Configuring Layer 2 Features

This section provides ES20 line card-specific information about configuring the Layer 2 interworking features on the Cisco 7600 series router. It includes the following topics:

Flexible QinQ Mapping and Service Awareness on 7600-ESM-2X10GE and 7600-ESM-20X1GE

Configuring MultiPoint Bridging over Ethernet on 7600-ESM-2X10GE and 7600-ESM-20X1GE

Backup Interface for Flexible UNI

Flexible QinQ Mapping and Service Awareness on 7600-ESM-2X10GE and 7600-ESM-20X1GE

The Flexible QinQ Mapping and Service Awareness on 7600-ESM-2X10GE and 7600-ESM-20X1GE feature allows service providers to offer triple-play services, residential internet access from a DSLAM, and business Layer 2 and Layer 3 VPN by providing for termination of double-tagged dot1q frames onto a Layer 3 subinterface at the access node.

The access node connects to the DSLAM through the 7600-ESM-2X10GE or 7600-ESM-20X1GE. This provides a flexible way to identify the customer instance by its VLAN tags, and to map the customer instance to different services.

Flexible QinQ Mapping and Service Awareness on 7600-ESM-2X10GE and 7600-ESM-20X1GE is supported only through Ethernet Virtual Connection Services (EVCS) service instances.

EVCS uses the concepts of EVCs (Ethernet virtual circuits) and service instances. An EVC is an end-to-end representation of a single instance of a Layer 2 service being offered by a provider to a customer. It embodies the different parameters on which the service is being offered. A service instance is the instantiation of an EVC on a given port on a given router.

Figure 2-1 shows a typical metro architecture where the access switch facing the DSLAM provides VLAN translation (selective QinQ) and grooming funcitonality and where the serivce routers (SR) provide QinQ termination into a Layer 2 or Layer 3 service.

Figure 2-1

Flexible QinQ Mapping and Service Awareness on 7600-ESM-2X10GE and 7600-ESM-20X1GE provides the following functionality:

VLAN connect with local significance (VLAN local switching)

Single tag Ethernet local switching where the received dot1q tag traffic from one port is cross connected to another port by changing the tag. This is a 1-to-1 mapping service and there is no MAC learning involved.

Double tag Ethernet local switching where the received double tag traffic from one port is cross connected to another port by changing both tags. The mapping to each double tag combination to the cross-connect is 1-to-1. There is no MAC learning involved.

Selective QinQ (1-to-2 translation)

xconnect—Selective QinQ adds an outer tag to the received dot1q traffic and then tunnels it to the remote end with Layer 2 switching or EoMPLS.

Layer 2 switching—Selective QinQ adds an outer tag to the received dot1q traffic and then performs Layer 2 switching to allow SVI based on the outer tag for configuring additional services.

Double tag translation (2-to-2 translation) Layer 2 switching— Two received tagged frames are popped and two new tags are pushed.

Double tag termination (2-to-1 tag translation)

Ethernet MultiPoint Bridging over Ethernet (MPBE)—The incoming double tag is uniquely mapped to a single dot1q tag that is then used to do MPBE

Double tag MPBE—The ingress line uses double tags in the ingress packet to look up the bridging VLAN. The double tags are popped and the egress line card adds new double tags and sends the packet out.

Double tag routing—Same as regular dot1q tag routing except that double tags are used to identify the hidden VLAN.

Local VLAN significance—VLAN tags are significant only to the port.

Scalable EoMPLS VC—Single tag packets are sent across the tunnel.

QinQ policing and QoS

Layer 2 protocol data unit (PDU) packet—If the Layer 2 PDUs are tagged, packets are forwarded transparently; if the Layer 2 PDUs are untagged, packets are treated per the physical port configuration.

Restrictions and Usage Guidelines

When configuring Flexible QinQ Mapping and Service Awareness on 7600-ESM-2X10GE and 7600-ESM-20X1GE, follow these restrictions and usage guidelines:

Service Scalability:

Service Instances - 16, 000

Bridge-domains - 4,000 per ES20 line card and per Cisco 7600 series router

Local switching - 8,000 per ES20 line card and per Cisco 7600 series router

Xconnect - 16, 000 per ES20 line card and per Cisco 7600 series router

Subinterface - 2,000

QoS Scalability:

Shaping - 2,000 hierarchy shaper, 16,000 hardware queues

Modular QoS CLI (MQC) actions supported include:

Shaping

Bandwidth

Two priority queues per policy

The set cos command, set cos-inner command, set cos cos-inner command, and set cos-inner cos command

WRED aggregate

Queue-limit

SUMMARY STEPS

1. enable

2. configure terminal

3. interface gigabitethernet slot/subslot/port[.subinterface-number] or interface tengigabitethernet slot/subslot/port[.subinterface-number]

4. [no] service instance id {Ethernet service-name}

5. encapsulation dot1q vlan-id

6. rewrite ingress tag {push {dot1q vlan-id | dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | pop {1 | 2} | translate {1-to-1 {dot1q vlan-id | dot1ad vlan-id}| 2-to-1 dot1q vlan-id | dot1ad vlan-id}| 1-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | 2-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id}} symmetric

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:
Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface gigabitethernet slot/subslot/port[.subinterface-number]

or

interface tengigabitethernet slot/subslot/port[.subinterface-number]

Example:

Router(config)# interface gigabitethernet 4/0/0

Specifies the Gigabit Ethernet or the Ten Gigabit Ethernet interface to configure, where:

slot/subslot/port—Specifies the location of the interface.

subinterface-number—(Optional) Specifies a secondary interface (subinterface) number.

Step 4 

[no] service instance id {Ethernet [service-name}

Example:

Router(config-if)# service instance 101 ethernet

Creates a service instance (an instantiation of an EVC) on an interface and sets the device into the config-if-srv submode.

Step 5 

 encapsulation dot1q vlan-id

Example:

Router(config-if-srv)# encapsulation dot1q 13

Defines the matching criteria to be used in order to map ingress dot1q frames on an interface to the appropriate service instance.

Step 6 

rewrite ingress tag {push {dot1q vlan-id | dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | pop {1 | 2} | translate {1-to-1 {dot1q vlan-id | dot1ad vlan-id}| 2-to-1 dot1q vlan-id | dot1ad vlan-id}| 1-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | 2-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id}} symmetric

Example:

Router(config-if-srv)# rewrite ingress tag push dot1q 20 symmetric

Specifies the tag manipulation that is to be performed on the frame ingress to the service instance.

Examples

Single Tag VLAN Connect

In this example, an incoming frame with a dot1q tag of 10 enters TenGigabitEthernet1/0/1. It is index directed to TenGigabitEthernet1/0/2 and exits with a dot1q tag of 11. No MAC learning is involved.


! DSLAM facing port
Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 10
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric 
!L2 facing port
Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 11
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
! connect service
Router# connect EVC1 TenGigabitEthernet1/0/1 100 TenGigabitEthernet1/0/2 101

Double Tag VLAN Connect

In this example, an incoming frame with an outer dot1q tag of 10 and inner tag of 20 enters TenGigabitEthernet1/0/1. It is index directed to TenGigabitEthernet1/0/2 and exits with an outer dot1q tag of 11 and inner tag 21. No MAC learning is involved.


! DSLAM facing port
Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q second-dot1q 20
Router(config-if-srv)# rewrite ingress tag pop 2 symmetric
!L2 facing port
Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 11 second-dot1q 21
Router(config-if-srv)# rewrite ingress tag pop 2 symmetric
! connect service
Router# connect EVC1 TenGigabitEthernet1/0/1 100 TenGigabitEthernet1/0/2 101

Selective QinQ with Connect

This configuration uses EoMPLS to perform packet forwarding. This is index directed.

! DSLAM facing port - single tag packet from link
Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 10-20,30,50-60
!L2/QinQ facing port double tag packets
Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 11 second-dot1q any
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
! connecting service instances
! QinQ outer dot1q is 11
Router# connect EVC1 TenGigabitEthernet1/0/1 100 TenGigabitEthernet1/0/2 101

Selective QinQ with Xconnect

This configuration uses EoMPLS to perform packet forwarding. This is not index directed.


! DSLAM facing port
Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 10-20,30,50-60
Router(config-if-srv)# xconnect 2.2.2.2 999 pw-class vlan-xconnect
!
Router(config)# interface Loopback1
Router(config-if)# ip address 1.1.1.1 255.255.255.255
! MPLS core facing port
Router(config)# interface TenGigabitEthernet2/0/1
Router(config-if)# ip address 192.168.1.1 255.255.255.0
Router(config-if)# mpls ip
Router(config-if)# mpls label protocol ldp
! MPLS core facing port
Router(config)# interface TenGigabitEthernet2/0/1
Router(config-if)# ip address 192.169.1.1 255.255.255.0
Router(config-if)# mpls ip
Router(config-if)# mpls label protocol ldp
!
Router(config)# interface Loopback1
Router(config-if)# ip address 2.2.2.2 255.255.255.255

! CE facing EoMPLS configuration
Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# service instance 1000
Router(config-if-srv)# encapsulation dot1q 1000 second-dot1q any
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-if-srv)#xconnect 1.1.1.1 999 pw-class vlan-xconnect

Selective QinQ with Layer 2 Switching

This configuration uses Layer 2 Switching to perform packet forwarding. The forwarding mechanism is the same as MPB-E, only the rewrites for each service instance are different.


! DSLAM facing port, single tag incoming
Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 10-20
Router(config-subif)# bridge-domain 11
! QinQ VLAN
Router(config)# interface VLAN11
!QinQ facing port
Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# switchport
Router(config-if)# switchport mode trunk
Router(config-if)# switchport trunk vlan allow 11

Double Tag Translation (2-to-2 Tag Translation)

In this case, double-tagged frames are received on ingress. Both tags are popped and two new tags are pushed. The packet is then Layer 2 switched to the bridge-domain VLAN.


! QinQ facing port
Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 100 second-dot1q 10
Router(config-if-srv)# rewrite ingress tag translate 2-to-2 dot1q 200 second-dot1q 20 
second-dot1q 10
Router(config-if-srv)# rewrite ingress tag symmetric 2-2 translation dot1q 100 
second-dot1q 10
Router(config-subif)# bridge-domain 200
! QinQ VLAN
Router(config)# interface VLAN200
! 
Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 200 second-dot1q 20
Router(config-subif)# bridge-domain 200

Double Tag Termination (2 to 1 Tag Translation)

This example falls under the Layer 2 switching case.


! Double tag traffic
Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 200 second-dot1q 20
Router(config-if-srv)# rewrite ingress tag pop 2 symmetric
Router(config-subif)# bridge-domain 10
!
Router(config)# interface TenGigabitEthernet1/0/2
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 10
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-subif)# bridge-domain 10
!
Router(config)# interface TenGigabitEthernet1/0/3
Router(config-if)# service instance 101 ethernet
Router(config-if-srv)# encapsulation dot1q 30
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-subif)# bridge-domain 10

Verification

Use the following commands to verify operation.

Command
Purpose

Router# show ethernet service evc [id evc-id | interface interface-id] [detail]

Displays information pertaining to a specific EVC if an EVC ID is specified, or pertaining to all EVCs on an interface if an interface is specified. The detailed option provides additional information on the EVC.

Router# show ethernet service instance [id instance-id interface interface-id | interface interface-id] [detail]

Displays information about one or more service instances: If a service instance ID and interface are specified, only data pertaining to that particular service instance is displayed. If only an interface ID is specified, displays data for all service instances s on the given interface.

Router# show ethernet service interface [interface-id] [detail]

Displays information in the Port Data Block (PDB).

Router# show mpls l2 vc detail

Displays detailed information related to the virtual connection (VC).

Router# show mpls forwarding (Output should have the label entry l2ckt)

Displays the contents of the Multiprotocol Label Switching (MPLS) Label Forwarding Information Base (LFIB).

Router# show platform software efp-client

Displays service instance details.


Configuring MultiPoint Bridging over Ethernet on 7600-ESM-2X10GE and 7600-ESM-20X1GE

The MultiPoint Bridging over Ethernet (MPBE) on 7600-ESM-2X10GE and 7600-ESM-20X1GE feature provides Ethernet LAN switching with MAC learning, local VLAN significance, and full QoS support. MPBE also provides Layer 2 switchport-like features without the full switchport implementation. MPBE is supported only through Ethernet Virtual Connection Services (EVCS) service instances.

EVCS uses the concepts of EVCs (Ethernet virtual circuits) and service instances. An EVC is an end-to-end representation of a single instance of a Layer 2 service being offered by a provider to a customer. It embodies the different parameters on which the service is being offered. A service instance is the instantiation of an EVC on a given port on a given router.

For MPBE, an EVC packet filtering capability prevents leaking of broadcast/multicast bridge-domain traffic packets from one service instance to another. Filtering occurs before and after the rewrite to ensure that the packet goes only to the intended service instance.

You can use MPBE to:

Simultaneously configure Layer 2 and Layer 3 services such as Layer 2 VPN, Layer 3 VPN, and Layer 2 bridging on the same physical port.

Define a broadcast domain in a system. Customer instances that are part of a broadcast domain can be in the same physical port or in different ports.

Configure mutltiple service instances with different encapuslations and map them to a single bridge domain.

Perform local switching between service instances under the same bridge domain.

Span across different physical interfaces using service instances that are part of the same bridge domain.

Use encapsulation VLANs as locally significant (physical port).

Replicate flooded packets from the core to all service instances under the bridge domain.

Configure a Layer 2 tunneling service or Layer 3 terminating service under the bridge domain VLAN.

MPBE accomplishes this by manipulating VLAN tags for each service instance and mapping the manipulated VLAN tags to Layer 2 or Layer 3 services. Possible VLAN tag manipulations include:

Single tag termination

Single tag tunneling

Single tag translation

Double tag termination

Double tag tunneling

Double tag translation

Selective QinQ translation

Restrictions and Usage Guidelines

When configuring the MultiPoint Bridging over Ethernet on 7600-ESM-2X10GE and 7600-ESM-20X1GE feature, follow these restrictions and usage guidelines:

Each service instance is considered as a separate circuit under the bridge-domain.

Encapsulation can be dot1q or QinQ packets.

120 MPB VCs are supported under one bridge-domain. 60 per group of 10 GIG ports complex.

60 MPB VCs are supported under one bridge-domain.

IGMP snooping is supported with MPB VCs.

Split Horizon is supported with MPB VCs.

BPDU packets are either tunneled or dropped.

For ingress policing, only the drop action and the accept action for the police command are supported. Marking is not supported as part of the policing.

Ingress shaping is not supported.

For ingress marking, supports match vlan command, match vlan-inner command, match cos command, match cos-inner command, set cos command, and set cos-inner command.

For egress marking, set cos command and set cos-inner command are supported; match inner-cos command and match inner-vlan command are not supported.

Summary Steps

1. enable

2. configure terminal

3. interface gigabitethernet slot/subslot/port[.subinterface-number] or interface tengigabitethernet slot/subslot/port[.subinterface-number]

4. [no] service instance id {Ethernet [service-name}

5. encapsulation dot1q vlan-id

6. rewrite ingress tag {push {dot1q vlan-id | dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | pop {1 | 2} | translate {1-to-1 {dot1q vlan-id | dot1ad vlan-id}| 2-to-1 dot1q vlan-id | dot1ad vlan-id}| 1-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | 2-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id}} symmetric

7. [no] bridge-domain bridge-id

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:
Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface gigabitethernet slot/subslot/port[.subinterface-number]

or

interface tengigabitethernet slot/subslot/port[.subinterface-number]

Example:

Router(config)# interface gigabitethernet4/0/0

Specifies the Gigabit Ethernet or the Ten Gigabit Ethernet interface to configure, where:

slot/subslot/port—Specifies the location of the interface.

subinterface-number—(Optional) Specifies a secondary interface (subinterface) number.

Step 4 

[no] service instance id {Ethernet [service-name}

Example:

Router(config-if)# service instance 101 ethernet

Creates a service instance (an instantiation of an EVC) on an interface and sets the device into the config-if-srv submode.

Step 5 

encapsulation dot1q vlan-id

Example:

Router(config-if-srv)# encapsulation dot1q 10

Defines the matching criteria to be used in order to map ingress dot1q frames on an interface to the appropriate service instance.

Step 6 

[no] rewrite ingress tag {push {dot1q vlan-id | dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | pop {1 | 2} | translate {1-to-1 {dot1q vlan-id | dot1ad vlan-id}| 2-to-1 dot1q vlan-id | dot1ad vlan-id}| 1-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | 2-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id}} symmetric

Example:

Router(config-if-srv)# rewrite ingress tag push dot1q 200 symmetric

This command specifies the tag manipulation that is to be performed on the frame ingress to the service instance.

Note If this command is not configured, then the frame is left intact on ingress (the service instance is equivalent to a trunk port).

Step 7 

[no] bridge-domain bridge-id

Example:

Router(config-subif)# bridge domain 12

Binds the service instance to a bridge domain instance where bridge-id is the identifier for the bridge domain instance.

Examples

Single Tag Termination Example

In this example, the single tag termination indentifies customers based on a single VLAN tag and maps the single-VLAN tag to the bridge-domain.

Router(config)# interface TenGigabitEthernet1/2/0
Router(config-if)# service instance 10 ethernet
Router(config-if-srv)# encapsulation dot1q 10 
Router(config-if-srv)# rewrite ingress tag pop 1 symmetric
Router(config-if-srv)# bridge domain 12
}

Single Tag Tunneling Example

In this single tag tunneling example, the incoming VLAN tag is not removed but continues with the packet.

Router(config)# interface TenGigabitEthernet1/2/0
Router(config-if)# service instance 10 ethernet
Router(config-if-srv)# encapsulation dot1q 10
Router(config-if-srv)# bridge-domain 200

Single Tag Translation Example

In this single-tag translation example, the incoming VLAN tag is removed and VLAN 200 is added to the packet.


Router(config)# interface TenGigabitEthernet3/0/0
Router(config-if)# service instance 10 ethernet
Router(config-if-srv)# encapsulation dot1q 10
Router(config-if-srv)# rewrite ingress tag translate 1-to-1 dot1q 200 symmetric
Router(config-if-srv)# bridge-domain 200

Double Tag Termination Configuration Example

In this double-tag termination example, the ingress receives double tags that indentify the bridge VLAN; the double tags are stripped (terminated) from the packet.

Router(config)# interface TenGigabitEthernet2/0/0
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 10 inner 20
Router(config-if-srv)# rewrite ingress tag pop 2 symmetric 
Router(config-if-srv)# bridge-domain 200
Router(config-if)# service instance 2
Router(config-if-srv)# encapsulation dot1q 40 inner 30
Router(config-if-srv)# rewrite ingress tag pop 2 symmetric 
Router(config-if-srv)# bridge-domain 200

Double-Tag Translation Configuration Example

In this example, double tagged frames are received on ingress. Both tags are popped and two new tags are pushed. The packet is then Layer 2-switched to the bridge-domain VLAN.


Router(config)# interface TenGigabitEthernet1/0/0		
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 10 second-dot1q 20
Router(config-if-srv)# rewrite ingress tag translate 2-to-2 dot1q 40 second dot1q 30 
symmetric
Router(config-if-srv)# bridge-domain 200
Router(config-if)# service instance 2 ethernet
Router(config-if-srv)# encapsulation dot1q 40 second-dot1q 30
Router(config-if-srv)# rewrite ingress tag translate 2-to-2 dot1q 10 second dot1q 20 
symmetric
Router(config-if-srv)# bridge-domain 200

Selective QinQ Configuration Example

In this example, a range of VLANs is configured and plugged into a single MPB VC.

Router(config)# interface TenGigabitEthernet1/0/0
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 10-20
Router(config-if-srv)# bridge-domain 200

Router(config)# interface TenGigabitEthernet2/0/0				
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation dot1q 10-30
Router(config-if-srv)# bridge-domain 200

Untagged Traffic Configuration Example

In this example, untagged traffic is bridged to the bridge domain and forwarded to the switchport trunk.

Router(config)# interface GigabitEthernet2/0/1
Router(config-if)# no ip address
Router(config-if)# service instance 1 ethernet
Router(config-if-srv)# encapsulation untagged
Router(config-if-srv)# bridge-domain 11
Router(config)# interface TenGigabitEthernet1/0/0
Router(config-if)# switchport
Router(config-if)# switchport mode trunk
Router(config-if)# switchport allowed vlan 11

MPBE with Split Horizon Configuration Example

In this example, unknown unicast traffic is flooded on the bridge domain except for the interface from which the traffic originated.

Router(config)# interface GigabitEthernet2/0/0
Router(config-if)# no ip address
Router(config-if)# service instance 1000 ethernet
Router(config-if-srv)# encapsulation dot1q 100 second-dot1q 10-20
Router(config-if-srv)# bridge-domain 100 split-horizon
Router(config-if)# service instance 1001 ethernet
Router(config-if-srv)# encapsulation dot1q 101 second-dot1q 21-30
Router(config-if-srv)# bridge-domain 101 split-horizon
Router(config-if)# service instance 1010 ethernet
Router(config-if-srv)# encapsulation dot1q 100
Router(config-if-srv)# rewrite ingress tag symmetric translate 1-to-2 dot1q 10 
second-dot1q 100 symmetric
Router(config-if-srv)# bridge-domain 10 split-horizon
Router(config-if)# mls qos trust dscp

In this example, service instances are configured on Ethernet interfaces and terminated on the bridge domain.


Router(config)# interface GigabitEthernet2/0/0
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 1000
Router(config-if-srv)# bridge-domain 10

Router(config)# interface GigabitEthernet1/0/0
Router(config-if)# switchport
Router(config-if)# switchport mode trunk
Router(config-if)# switchport trunk allowed vlan 10

In this example, VPLS is configured in the core with multiple bridge domains.

!
l2 vfi vpls10 manual
 vpn id 10
 neighbor 20.0.0.2 encapsulation mpls
!
l2 vfi vpls100 manual
 vpn id 100
 neighbor 20.0.0.2 encapsulation mpls
!
l2 vfi vpls11 manual
 vpn id 11
 neighbor 20.0.0.2 encapsulation mpls
!         
interface Vlan100
 mtu 9216
 no ip address
 xconnect vfi vpls1
end

Verification

Use the following commands to verify operation.

Command
Purpose

Router# show ethernet service evc [id evc-id | interface interface-id] [detail]

Displays information pertaining to a specific EVC if an EVC ID is specified, or pertaining to all EVCs on an interface if an interface is specified. The detailed option provides additional information on the EVC.

Router# show ethernet service instance [id instance-id interface interface-id | interface interface-id] [detail]

Displays information about one or more service instances: If a service instance ID and interface are specified, only data pertaining to that particular service instance is displayed. If only an interface ID is specified, displays data for all service instances s on the given interface.

Router# show ethernet service interface [interface-id] [detail]

Displays information in the Port Data Block (PDB).

Router# show mpls l2 vc detail

Displays detailed information related to the virtual connection (VC).

Router# show mpls forwarding (Output should have the label entry l2ckt)

Displays the contents of the Multiprotocol Label Switching (MPLS) Label Forwarding Information Base (LFIB).

Router# show platform software efp-client

Displays service instance details.


.

Backup Interface for Flexible UNI

The Backup Interface for Flexible UNI feature allows you to configure redundant user-to-network interface (UNI) connections for Ethernet interfaces, which provides redundancy for dual-homed devices.

You can configure redundant (flexible) UNIs on a network provider-edge (N-PE) device in order to supply flexible services through redundant user provider-edge (U-PE) devices. The UNIs on the N-PEs are designated as primary and backup and have identical configurations. If the primary interface fails, the service is automatically transferred to the backup interface.

Figure 2-2 shows an example of how Flexible UNIs can be used when the Cisco 7600 series router is configured as a dual-homed N-PE (NPE1) and as a dual-homed U-PE (UPE2).

Figure 2-2 Backup Interface for Dual-Homed Devices


Note The configurations on the primary and backup interfaces must be identical.


The primary interface is the interface for which you configure a backup. During operation, the primary interface is active and the backup (secondary) interface operates in standby mode. If the primary interface goes down (due to loss of signal), the router begins using the backup interface.

While the primary interface is active (up) the backup interface is in standby mode. If the primary interface goes down, the backup interface transitions to the up state and the router begins using it in place of the primary. When the primary interface comes back up, the backup interface transitions back to standby mode. While in standby mode, the backup interface is effectively down and the router does not monitor its state or gather statistics for it.

This feature provides the following benefits:

Supports the following Ethernet virtual circuit (EVC) features:

Frame matching: EVC with any supported encapsulation (Dot1q, default, untagged)

Frame rewrite: Any supported (ingress and egress with push, pop, and translate)

Frame forwarding: MultiPoint Bridging over Ethernet (MPB-E), xconnect, connect

Quality of Service (QoS) on EVC

Supports Layer 3 (L3) termination and L3 Virtual Routing and Forwarding (VRF)

Supports several types of uplinks: MultiProtocol Label Switching (MPLS), Virtual Private LAN Service (VPLS), and switchports

The Backup Interface for Flexible UNI feature makes use of these Ethernet components:

Ethernet virtual circuit (EVC)—An association between two or more UNIs that identifies a point-to-point or point-to-multipoint path within the provider network. For more information about EVCs, see the "Flexible QinQ Mapping and Service Awareness on 7600-ESM-2X10GE and 7600-ESM-20X1GE" section.

Ethernet flow point (EFP)—The logical demarcation point of an EVC on an interface. An EVC that uses two or more UNIs requires an EFP on the associated ingress interface and egress interface of every device that the EVC passes through.

Restriction and Usage Guidelines

Observe these restrictions and usage guidelines as you configure a backup interface for Flexible UNI on the router:

Hardware and software support:

Supported on the Cisco 7600-ES20-2x10G and 7600-ES20-20x1G line cards.

Supported with the Route Switch Processor 720, Supervisor Engine 720, and Supervisor Engine 32.

Requires Cisco IOS Release 12.2SRB1 or later.

You can use the same IP address on both the primary and secondary interfaces. This enables the interface to support L3 termination (single or double tagged).

The configurations on the primary and backup interfaces must match. The router does not check that the configurations match; however, the feature does not work if the configurations are not the same.


Note If the configuration includes the xconnect command, you must specify a different VCID on the primary and backup interfaces.


The duplicate resources needed for the primary and secondary interfaces are taken from the total resources available on the router and thus affect available resources. For example, each xconnect consumes resources on both the primary and backup interfaces.

Local switching (connect) between primary and backup interfaces uses twice the number of physical interfaces. This limitation is due to lack of support for local switching on EVCs on the same interface.

Any features configured on the primary and backup interfaces (such as bridge-domain, xconnect, and connect) transition up or down as the interface itself transitions between states.

Switchover time between primary and backup interfaces is best effort. The time it takes the backup interface to transition from standby to active mode depends on the link-state detection time and the amount of time needed for EVCs and their features to transition to the up state.

Configuration changes and administrative actions made on the primary interface are automatically reflected on the backup interface.

The router monitors and gathers statistics for the active interface only, not the backup. During normal operation, the primary interface is active; however, if the primary goes down, the backup becomes active and the router begins monitoring and gathering statistics for it.

When the primary interface comes back up, the backup interface always transitions back to standby mode. Once the signal is restored on the primary interface, there is no way to prevent the interface from being restored as the primary.

Configuration Instructions

To configure a backup interface for a flexible UNI on an Ethernet port, perform the following steps:

 
Command or Action
Purpose

Step 1 

Router(config)# interface type slot/subslot/port

Example:

Router(config)# interface gigabitethernet3/0/0

Selects the primary interface. This is the interface you are creating a backup interface for. For example, interface gigabitEthernet 3/0/0 selects the interface for port 0 of the Gigabit Ethernet card installed in slot 3, subslot 0.

type specifies the interface type. Valid values are gigabitethernet or tengigabitethernet.

slot/subslot/port specifies the location of the interface.

Step 2 

Router(config-if)# backup interface type interface

Example:

Router(config)# backup interface gigabitethernet4/0/1

Selects the interface to serve as a backup interface.

Note You must apply the same configuration to both the primary and backup interfaces or the feature does not work. To configure EVC service instances on the interfaces, use the service instance, encapsulation, rewrite, bridge-domain, and xconnect commands. For information, see the "Configuring MultiPoint Bridging over Ethernet on 7600-ESM-2X10GE and 7600-ESM-20X1GE" section and the "Configuring Any Transport over MPLS" section.

Step 3 

Router(config-if)# backup delay enable-delay disable-delay

Example:

Router(config-if)# backup delay 0 0

(Optional) Specifies a time delay (in seconds) for enabling or disabling the backup interface.

enable-delay is the amount of time to wait after the primary interface goes down before bringing up the backup interface.

disable-delay is the amount of time to wait after the primary interface comes back up before restoring the backup interface to the standby (down) state

Note For the backup interface for Flexible UNI feature, do not change the default delay period (0 0) or the feature may not work correctly.

Step 4 

Router(config-if)# backup load enable-percent disable-percent

Example:

Router(config-if)# backup load 50 10

(Optional) Specifies the thresholds of traffic load on the primary interface (as a percentage of the total capacity) at which to enable and disable the backup interface.

enable-percent—Activate the backup interface when the traffic load on the primary exceeds this percentage of its total capacity.

disable-percent—Deactivate the backup interface when the combined load of both primary and backup returns to this percentage of the primary's capacity.

Applying the settings from the example to a primary interface with 10-Mbyte capacity, the router enables the backup interface when traffic load on the primary exceeds 5 Mbytes (50%), and disables the backup when combined traffic on both interfaces falls below 1 Mbyte (10%).

Step 5 

Router(config-if)# exit

Exits interface configuration mode and returns to global configuration mode.

Step 6 

Router(config)# connect primary interface srv-inst interface srv-inst

Router(config)# connect backup interface srv-inst interface srv-inst

Example:

Router(config-if)# connect primary gi3/0/0 2 gi3/0/1 2
Router(config-if)# connect backup gi4/0/0 2 gi4/0/1 2

(Optional) Creates a local connection between a single service instance (srv-inst) on two different interfaces.

The connect primary command creates a connection between primary interfaces, and connect backup creates a connection between backup interfaces.

In the example, a local connection is configured between service instance 2 on primary interfaces (gi3/0/0 and gi3/0/1) and on backup interfaces (gi4/0/0 and gi4/0/1).

Step 7 

Router(config)# connect primary interface srv-inst1 interface srv-inst2

Router(config)# connect backup interface srv-inst1 interface srv-inst2

Example:

Router(config-if)# connect primary gi3/0/0 2 gi3/0/0 3
Router(config-if)# connect backup gi4/0/0 2 gi4/0/0 3

(Optional) Enables local switching between different service instances (srv-inst1 and srv-inst2) on the same port.

Use the connect primary command to create a connection on a primary interface, and connect backup to create a connection on a backup interface.

In the example, we are configuring local switching between service instances 2 and 3 on both the primary (gi3/0/0) and backup interfaces (gi4/0/0).

Step 8 

Router(config-if)# exit

Exits interface configuration mode.

The following example shows a sample configuration in which:

gi3/0/1 is the primary interface and gi4/0/1 is the backup interface.

Each interface supports two service instances (2 and 4), and each service instance uses a different type of forwarding (bridge-domain and xconnect).

The xconnect command for service instance 2 uses a different VCID on each interface.


int gi3/0/1
  backup interface gi4/0/1
  service instance 4 ethernet
    encapsulation dot1q 4
    rewrite ingress tag pop 1 symmetric
    bridge-domain 4
  service instance 2 ethernet
    encapsulation dot1q 2
    rewrite ingress tag pop 1 symmetric
    xconnect 10.0.0.0 2 encap mpls

int gi4/0/1
  service instance 4 ethernet
    encapsulation dot1q 4
    rewrite ingress tag pop 1 symmetric
    bridge-domain 4
  service instance 2 ethernet
    encapsulation dot1q 2
    rewrite ingress tag pop 1 symmetric
    xconnect 10.0.0.0 5 encap mpls

Verification

This section lists the commands to display information about the primary and backup interfaces configured on the router. In the examples that follow, the primary interface is gi3/0/0 and the secondary (backup) interface is gi3/0/11.

To display a list of backup interfaces, use the show backup command in privileged EXEC mode. Our sample output shows a single backup (secondary) interface:


NPE-11# show backup 
Primary Interface     Secondary Interface    Status
-----------------     -------------------    ------
GigabitEthernet3/0/0  GigabitEthernet3/0/11  normal operation


To display information about a primary or backup interface, use the show interfaces command in privileged EXEC mode. Issue the command on the interface for which you want to display information. The following examples show the output displayed when the command is issued on the primary (gi3/0/0) and backup (gi3/0/11) interfaces:


NPE-11# show int gi3/0/0 
GigabitEthernet3/0/0 is up, line protocol is up (connected)
  Hardware is GigEther SPA, address is 0005.dc57.8800 (bia 0005.dc57.8800)
  Backup interface GigabitEthernet3/0/11, failure delay 0 sec, secondary disable delay 
0 sec, kickin load not set, kickout load not set
[...]

NPE-11# show int gi3/0/11 
GigabitEthernet3/0/11 is standby mode, line protocol is down (disabled)


If the primary interface goes down, the backup (secondary) interface is transitioned to the up state, as shown in the command output that follows. Notice how the command output changes if you reissue the show backup and show interfaces commands at this time: the show backup status changes, the line protocol for gi3/0/0 is now down (notconnect), and the line protocol for gi3/0/11 is now up (connected).


NPE-11# !!! Link gi3/0/0 (active) goes down... 
22:11:11: %LINK-DFC3-3-UPDOWN: Interface GigabitEthernet3/0/0, changed state to down
22:11:12: %LINK-DFC3-3-UPDOWN: Interface GigabitEthernet3/0/11, changed state to up
22:11:12: %LINEPROTO-DFC3-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/0, 
changed state to down
22:11:13: %LINEPROTO-DFC3-5-UPDOWN: Line protocol on Interface GigabitEthernet3/0/11, 
changed state to up

NPE-11# sh backup      
Primary Interface     Secondary Interface    Status
-----------------     -------------------    ------
GigabitEthernet3/0/0  GigabitEthernet3/0/11  backup mode

NPE-11# sh int gi3/0/0 
GigabitEthernet3/0/0 is down, line protocol is down (notconnect)
  Hardware is GigEther SPA, address is 0005.dc57.8800 (bia 0005.dc57.8800)
  Backup interface GigabitEthernet3/0/11, failure delay 0 sec, secondary disable delay 
0 sec,

NPE-11# sh int gi3/0/11 
GigabitEthernet3/0/11 is up, line protocol is up (connected)

Example

Figure 2-3 and the table that follows show a sample configuration of a backup interface for Flexible UNI. The configuration includes several EVCs (service instances), configured as follows:

Service instance EVC4 is configured on primary and backup interfaces (links) that terminate in a bridge domain, with a VPLS uplink onto NPE12.

Service instance EVC2 is configured as scalable Ethernet over MPLS, peering with an SVI VPLS on NPE12.

Figure 2-3 Backup Interface for Flexible UNI Configuration


NPE10 Configuration:

int ge2/4.4
  description npe10 to npe11 gi3/0/11 - backup - bridged
  encap dot1q 4
  ip address 100.4.1.33 255.255.255.0

int ge2/4.2
  description npe10 to npe11 gi3/0/11 - backup - xconnect
  encap dot1q 2
  ip address 100.2.1.33 255.255.255.0

U-PE2 Configuration:

int ge1/3.4
  description npe14 to npe11 gi3/0/0 - primary - bridged
  encap dot1q 4
  ip address 100.4.1.22 255.255.255.0

int ge1/3.2
  description npe14 to npe11 gi3/0/0 - primary - xconnect
  encap dot1q 2
  ip address 100.2.1.22 255.255.255.0 


U-PE2 Configuration:

int fa1/0.4
  description 72a to npe12 - bridged
  encap dot1q 4
  ip address 100.4.1.12 255.255.255.0

int fa1/0.2
  description 72a to npe12 - xconnect
  encap dot1q 2
  ip address 100.2.1.12 255.255.255.0 
interface gigabitEthernet3/0/0
  backup interface gigabitEthernet3/0/11
  service instance 2 ethernet
    encapsulation dot1q 2
    rewrite ingress tag pop 1 symmetric
    xconnect 12.0.0.1 2 encapsulation mpls
  service instance 4 ethernet
    encapsulation dot1q 4
    rewrite ingress tag pop 1 symmetric
    bridge-domain 4

interface gigabitEthernet3/0/11
  service instance 2 ethernet
    encapsulation dot1q 2
    rewrite ingress tag pop 1 symmetric
    xconnect 12.0.0.1 21 encapsulation mpls
  service instance 4 ethernet
    encapsulation dot1q 4
    rewrite ingress tag pop 1 symmetric
    bridge-domain 4

interface GE-WAN 4/3
  description npe11 to npe12
  ip address 10.3.3.1 255.255.255.0
  mpls ip
l2 vfi vlan4 manual
  vpn id 4
  neighbor 12.0.0.1 4 encapsulation mpls
interface Vlan 4
  xconnect vfi vlan4 
l2 vfi vlan4 manual
  vpn id 4
  neighbor 11.0.0.1 4 encap mpls
interface Vlan4
  description npe12 to npe11 xconnect
  xconnect vfi vlan4
l2 vfi vlan2 manual
  vpn id 2
  neighbor 11.0.0.1 2 encap mpls
  neighbor 11.0.0.1 21 encap mpls
Interface Vlan2
  xconnect vfi vlan2
interface GE-WAN 9/4
  description npe12 to npe11
  ip address 10.3.3.2 255.255.255.0
  mpls ip

interface fastEthernet 8/2
  description npe12 to 72a
  switchport
  switchport trunk encap dot1q
  switchport mode trunk
  switchport trunk allowed vlan 2-4


Configuring Multicast Features

This section provides information about configuring ES20 line card-specific multicast features.

IGMP/PIM Snooping for VPLS Pseudowire on 7600-ESM-2X10GE and 7600-ESM-20X1GE

The Internet Group Management Protoco (IGMP)/Protocol Independent Multicast (PIM) Snooping for VPLS Pseudowire on 7600-ESM-2X10GE and 7600-ESM-20X1GE feature provides the ability to send Layer 2 multicast frames from customer equipment (CE) in a VPLS virtual forwarding instance (VFI) or from a multipoint bridging VLAN only to those remote peer CEs that have sent an IGMP request to join the multicast group.

IGMP)/PIM Snooping for VPLS Pseudowire on 7600-ESM-2X10GE and 7600-ESM-20X1GE manages multicast traffic at Layer 2 by configuring Layer 2 LAN ports dynamically to forward multicast traffic only to those ports that want to receive it. In VPLS or multipoint bridging, IGMP snooping can be set up on per VLAN or VFI basis to build the membership tree because each of the remote legs of a VLAN or VFI can be identified with a virtual port and VLAN ID.

Restrictions and Usage Guidelines

When configuring the IGMP/PIM Snooping for VPLS Pseudowire on 7600-ESM-2X10GE and 7600-ESM-20X1GE feature, follow these restrictions and usage guidelines:

IGMP/PIM snooping is enabled by default under the bridge-domain VLAN (use the no ip igmp snooping command to disable default behavior).

When IGMP snooping is globally enabled, it enables IGMP snooping on all the existing VLAN interfaces. When IGMP snooping is globally disabled, it disables IGMP snooping on all the existing VLAN interfaces.

System support for 32,000 IGMP groups with no line card-specific limitation.

Supports MultiPoint Bridging over Ethernet on 7600-ESM-2X10GE and 7600-ESM-20X1GE

Supports Virtual Private LAN Service (VPLS)

Use the show ip igmp snooping privileged EXEC command to verify your IGMP settings.

IGMP snooping only works when there is no tunneling operation (there should not be any VLAN tags in the packet when it is put on the bridge-domain VLAN).

SUMMARY STEPS

1. enable

2. configure terminal

3. interface vlan vlanid

4. no ip address ip-address mask [secondary]

5. ip igmp snooping

6. ipv6 mld snooping

7. xconnect vfi vfi name

DETAILED STEPS

 
Command
Purpose

Step 1 

enable

Example:
Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface vlan vlanid

Example:

Router(config)# interface vlan 12

Creates a unique VLAN ID number and enters subinterface configuration mode.

Step 4 

no ip address ip-address mask [secondary]
Example:
Router(config)# no ip address

Disables IP processing and enters interface configuration mode.

Step 5 

ip igmp snooping
Example:
Router(config-if)# ip igmp snooping

Enables IGMP snooping. To disable IGMP snooping, use the no form of this command.

Step 6 

ipv6 mld snooping 
Example:
Router(config)# ipv6 mld snooping 

Enables Multicast Listener Discovery version 2 (MLDv2) snooping globally. To disable the MLDv2 snooping globally, use the no form of this command.

Step 7 

xconnect vfi vfi name
Example:
Router(config-if)# xconnect vfi vfi16

Specifies the Layer 2 VFI that you are binding to the VLAN port.

Example

This is a VLAN configuration.

Router(config)# interface Vlan700
Router(config)# no ip address
Router(config-if)# ip igmp snooping
Router(config-if)# ipv6 mld snooping
Router(config-if)# xconnect vfi vfi700

Verification

Use the show ip igmp interface vlan command to verify a configuration.

Configuring MPLS Features

This section describes the MPLS features that have ES20 line card-specific configuration guidelines.

This section includes the following topics:

Configuring Any Transport over MPLS

Configuring MPLS Traffic Engineering Class-Based Tunnel Selection

Configuring Virtual Private LAN Service

Configuring Any Transport over MPLS

Any Transport over MPLS (AToM) transports Layer 2 packets over a Multiprotocol Label Switching (MPLS) backbone. AToM uses a directed Label Distribution Protocol (LDP) session between edge routers for setting up and maintaining connections. Forwarding occurs through the use of two levels of labels, switching between the edge routers. The external label (tunnel label) routes the packet over the MPLS backbone to the egress Provider Edge (PE) at the ingress PE. The VC label is a demuxing label that determines the connection at the tunnel endpoint (the particular egress interface on the egress PE as well as the virtual path identifier [VPI]/virtual channel identifier [VCI] value for an ATM Adaptation Layer 5 [AAL5] protocol data unit [PDU], the data-link connection identifier [DLCI] value for a Frame Relay PDU, or the virtual LAN [VLAN] identifier for an Ethernet frame).

Scalable EoMPLS on 7600-ESM-2X10GE and 7600-ESM-20X1GE

The Scalable EoMPLS on 7600-ESM-2X10GE and 7600-ESM-20X1GE feature improves EoMPLS scalability on the Cisco 7600 router. With Scaleable EoMPLS, the CE-facing line card performs all EoMPLS imposition and disposition label processing. From the core-side line card perspective, the AToM packets in and out of the router appear as generic MPLS frames.

Restrictions and Usage Guidelines

When configuring the Scalable EoMPLS on 7600-ESM-2X10GE and 7600-ESM-20X1GE feature, follow these restrictions and usage guidelines:

Scalable EoMPLS is supported with EVCs (ethernet virtual circuits). An EVC is an end-to-end representation of a single instance of a layer 2 service being offered by a provider to a customer.

Scalable EoMPLS is supported as a mapped service for the QinQ termination

VC type 4 and VC type 5 are supported.

Control word operation is supported.

For ingress policing, only the drop action and the accept action for the police command are supported.

Ingress COoS marking is not supported.

For QoS marking, mapping of the incoming VLAN dot1q p-bits to the outgoing MPLS EXP bits is supported.

For QoS marking, mapping of the incoming MPLS EXP bits to the outgoing VLAN dot1q p-bits is supported.

For QoS shaping, egress pseudowire shaping is supported. Matching is based on the MPLS EXP bits.

The Dot1q Transparency for EoMPLS feature is supported.

SUMMARY STEPS

1. enable

2. configure terminal

3. interface gigabitethernet slot/subslot/port[.subinterface-number] or interface tengigabitethernet slot/subslot/port[.subinterface-number]

4. [no] service instance id {Ethernet [service-name}

5. encapsulation dot1q vlan id

6. rewrite ingress tag {push {dot1q vlan-id | dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | pop {1 | 2} | translate {1-to-1 {dot1q vlan-id | dot1ad vlan-id}| 2-to-1 dot1q vlan-id | dot1ad vlan-id}| 1-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | 2-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id}} symmetric

7. xconnect peer-id vc-id encapsulation mpls

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

enable

Example:

Router> enable

Enables privileged EXEC mode.

Enter your password if prompted.

Step 2 

configure terminal

Example:

Router# configure terminal

Enters global configuration mode.

Step 3 

interface gigabitethernet slot/subslot/port[.subinterface-number]

or

interface tengigabitethernet slot/subslot/port[.subinterface-number]

Example:

Router(config)# interface gigabitethernet 4/0/0

Specifies the Gigabit Ethernet or the Ten Gigabit Ethernet interface to configure, where:

slot/subslot/port—Specifies the location of the interface.

subinterface-number—(Optional) Specifies a secondary interface (subinterface) number.

Step 4 

[no] service instance id {Ethernet [service-name}

Example:

Router(config-if)# service instance 101 ethernet

Creates a service instance (an instantiation of an EVC) on an interface and sets the device into the config-if-srv submode.

Step 5 

encapsulation dot1q vlan id

Example:

Router(config-if-srv)# encapsulation dot1q 5

Defines the matching criteria to map ingress dot1q frames on an interface to the appropriate service instance.

Note Use the encapsulation dot1q default command to configure the default service instance on a port. Use the encapsulation dot1q untagged command to map untagged Ethernet frames on an ingress interface to a service instance.

Step 6 

rewrite ingress tag {push {dot1q vlan-id | dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | pop {1 | 2} | translate {1-to-1 {dot1q vlan-id | dot1ad vlan-id}| 2-to-1 dot1q vlan-id | dot1ad vlan-id}| 1-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id} | 2-to-2 {dot1q vlan-id second-dot1q vlan-id | dot1ad vlan-id dot1q vlan-id}} symmetric

Example:

Router(config-if-srv)# rewrite ingress tag dot1q single symmetric

Specifies the tag manipulation that is to be performed on the frame ingress to the service instance.

Step 7 

xconnect peer-id vc-id encapsulation mpls
Example:
Router(config-if-srv)# xconnect 10.0.0.1 
123 encapsulation mpls

Configures scalable EoMPLS on a service instance. On the ingress side, after proper encapsulation manipulations, a packet is tunneled in an EoMPLS VC and transmitted on the core.

Examples

The following is an example of a basic configuration:

This is the customer-facing port at router 1.

Router(config)# interface TenGigabitEthernet1/0/1
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 100
Router(config-if-srv)# rrewrite ingress tag translate 1-to-2 dot1q 5 second-dot1q 5 
symmetric
Router(config-if-srv)# xconnect 2.2.2.2 100 encapsulation mpls

This is the global configuration at router 1.

Router(config)# interface loopback1
Router(config-if)# ip address 1.1.1.1 255.255.255.255

!MPLS core facing port
Router(config-if)# ip address 20.1.1.1 255.255.255.0
Router(config-if)# mpls label protocol ldp
Router(config-if)# mpls ip

This is the customer-facing port at router 2.

Router(config)# interface TenGigabitEthernet2/0/2
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 100
Router(config-if-srv)# rrewrite ingress tag translate 1-to-2 dot1q 5 second-dot1q 5 
symmetric
Router(config-if-srv)# xconnect 1.1.1.1 100 encapsulation mpls

This is the global configuration at router 2.

Router(config)# interface loopback1
Router(config-if)# ip address 2.2.2.2 255.255.255.255

!MPLS core facing port

Router(config-if)# ip address 20.1.1.2 255.255.255.0
Router(config-if)# mpls label protocol ldp
Router(config-if)# mpls ip

The following is an example of single tag VLAN configuration for tunneling a single VLAN service instance.

! Customer facing port

Router(config)# interface TenGigabitEthernet2/0/2
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 100
Router(config-if-srv)# rrewrite ingress tag translate 1-to-2 dot1q 5 second-dot1q 5 
symmetric
Router(config-if-srv)# xconnect 1.1.1.1 100 encapsulation mpls

The following is an example of double tag VLAN configuration for tunneling double tag VLAN frames.

! Customer facing port

Router(config)# interface TenGigabitEthernet2/0/2
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 100 second-dot1q 200
Router(config-if-srv)# rrewrite ingress tag translate 2-to-2 dot1q 5 second-dot1q 5 
symmetric
Router(config-if-srv)# xconnect 1.1.1.1 100 encapsulation mpls

The following is an example of a selective QinQ xconnect configuration.

! Customer facing port

Router(config)# interface TenGigabitEthernet2/0/2
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation dot1q 10-20, 30, 50-60
Router(config-if-srv)# xconnect 1.1.1.1 100 encapsulation mpls

The following is an example of a port-based xconnect tunnel configuration that tunnels all incoming packets to the remote peer.

!All tag and non-tag packets aggregation
Router(config)# interface TenGigabitEthernet2/0/2
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation default
Router(config-if-srv)# xconnect 1.1.1.1 100 encapsulation mpls

!All non-tag packets aggregation
Router(config)# interface TenGigabitEthernet2/0/2
Router(config-if)# service instance 100 ethernet
Router(config-if-srv)# encapsulation untagged
Router(config-if-srv)# xconnect 1.1.1.1 100 encapsulation mpls

Verification

Use the following commands can be used to verify operation.

Command
Purpose

Router# show ethernet service evc [id evc-id | interface interface-id] [detail]

Displays information pertaining to a specific EVC if an EVC ID is specified, or pertaining to all EVCs on an interface if an interface is specified. The detailed option provides additional information on the EVC.

Router# show ethernet service instance [id instance-id interface interface-id | interface interface-id] [detail]

Displays information about one or more service instances. If a service instance ID and interface are specified, only data pertaining to that particular service instance is displayed. If only an interface ID is specified, displays data for all service instances s on the given interface.

Router# show ethernet service interface [interface-id] [detail]

Displays information in the Port Data Block (PDB) .

Router# show mpls l2 vc min VC ID max VC ID detail

Displays detailed information related to the virtual connection (VC).

Router# show mpls l2transport vc

Displays the state of VCs.

Router# show mpls forwarding (Output should have the label entry l2ckt)

Displays the contents of the Multiprotocol Label Switching (MPLS) Label Forwarding Information Base (LFIB).

Router# show platform software efp-client

Displays service instance details.


.

Configuring MPLS Traffic Engineering Class-Based Tunnel Selection

Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Class-Based Tunnel Selection (CBTS) enables you to dynamically route and forward traffic with different class of service (CoS) values onto different TE tunnels between the same tunnel headend and the same tailend. The TE tunnels can be regular TE tunnels or DiffServ-aware TE (DS-TE) tunnels.

The set of TE (or DS-TE) tunnels from the same headend to the same tailend that you configure to carry different CoS values is referred to as a "tunnel bundle." Tunnels are "bundled" by creating a master tunnel and then attaching member tunnels to the master tunnel. After configuration, CBTS dynamically routes and forwards each packet into the tunnel that meets the following requirements:

Is configured to carry the CoS of the packet

Has the right tailend for the destination of the packet

Because CBTS offers dynamic routing over DS-TE tunnels and requires minimum configuration, it greatly eases deployment of DS-TE in large-scale networks.

CBTS can distribute all CoS values on eight different tunnels.

CBTS also allows the TE tunnels of a tunnel bundle to exit headend routers through different interfaces.

CBTS configuration involves performing the following tasks:

Creating multiple (DS-) TE tunnels with the same headend and tailend and indicating on each of these tunnels which CoSs are to be transported on the tunnel.

Creating a master tunnel, attaching the member tunnels to it, and making the master tunnel visible for routing.

MPLS Traffic Engineering Class-Based Tunnel Selection Restrictions and Usage Guidelines

When configuring MPLS Traffic Engineering Class-Based Tunnel Selection (CBTS), follow these restrictions and usage guidelines:

CBTS has the following prerequisites:

MPLS enabled on all tunnel interfaces

Cisco Express Forwarding (CEF) or distributed CEF (dCEF) enabled in general configuration mode

CBTS has the following restrictions:

For a given destination, all CoS values are carried in tunnels terminating at the same tailend. Either all CoS values are carried in tunnels or no values are carried in tunnels. In other words, for a given destination, you cannot map some CoS values in a DS-TE tunnel and other CoS values in a Shortest Path First (SPF) Label Distribution Protocol (LDP) or SPF IP path.

No LSP is established for the master tunnel and regular traffic engineering attributes (bandwidth, path option, fast reroute) are irrelevant on a master tunnel. TE attributes (bandwidth, bandwidth pool, preemption, priorities, path options, and so on) are configured completely independently for each tunnel.

CBTS does not allow load-balancing of a given EXP value in multiple tunnels. If two or more tunnels are configured to carry a given experimental (EXP) value, CBTS picks one of these tunnels to carry this EXP value.

CBTS supports aggregate control of bumping (that is, it is possible to define default tunnels to be used if other tunnels go down. However, CBTS does not allow control of bumping if the default tunnel goes down. CBTS does not support finer-grain control of bumping. For example, if the voice tunnel goes down, redirect voice to T2, but if video goes down, redirect to T3.

The operation of CBTS is not supported with Any Transport over MPLS (AToM), MPLS TE Automesh, or label-controlled (LC) ATM.

Creating Multiple MPLS Member TE or DS-TE Tunnels with the Same Headend and the Same Tailend

Perform the following task to create multiple MPLS member TE or DS-TE tunnels with the same headend and same tailend and to configure EXP values to be carried by each of these tunnels. The procedure begins in global configuration mode.

SUMMARY STEPS

1. interface tunnel number

2. ip unnumbered type number

3. tunnel destination {hostname | ip-address}

4. tunnel mode mpls traffic-eng

5. tunnel mpls traffic-eng bandwidth [sub-pool | global] bandwidth

6. tunnel mpls traffic-eng exp [list-of-exp-values] [default]

7. exit

DETAILED STEPS

 
Command
Purpose

Step 1 

interface tunnel number

Example:

Router(config)# interface tunnel 7

Configures a tunnel interface type and enters interface configuration mode.

number—Number of the tunnel interface that you want to create or configure.

Step 2 

ip unnumbered type number

Example:

Router(config-if)# ip unnumbered loopback0

Enables IP processing on an interface without assigning an explicit IP address to the interface.

type—Type of another interface on which the router has an assigned IP address.

number—Number of another interface on which the router has an assigned IP address. It cannot be another unnumbered interface.

Step 3 

tunnel destination {hostname | ip-address}

Example:

Router(config-if)# tunnel destination 10.5.5.5

Specifies the destination of the tunnel for this path option.

hostname—Name of the host destination.

ip-address—IP address of the host destination expressed in four-part, dotted decimal notation.

Step 4 

tunnel mode mpls traffic-eng

Example:

Router(config-if)# tunnel mode mpls traffic-eng

Sets the mode of a tunnel to MPLS for TE.

Step 5 

tunnel mpls traffic-eng bandwidth [sub-pool | global] bandwidth

Example:
Router(config-if)# tunnel mpls traffic-eng bandwidth 
100

Configures the bandwidth for the MPLS TE tunnel. If automatic bandwidth is configured for the tunnel, use the tunnel mpls traffic-eng bandwidth command to configure the initial tunnel bandwidth, which is adjusted by the auto-bandwidth mechanism.

sub-pool—(Optional) Indicates a subpool tunnel.

global—(Optional) Indicates a global pool tunnel. Entering this keyword is not necessary, because all tunnels are global pool in the absence of the sub-pool keyword. But if users of pre-DiffServ-aware Traffic Engineering (DS-TE) images enter this keyword, it is accepted.

bandwidth—Bandwidth, in kilobits per second, set aside for the MPLS traffic engineering tunnel. Range is between 1 and 4294967295.

Note You can configure any existing mpls traffic-eng command on these TE or DS-TE tunnels.

Step 6 

tunnel mpls traffic-eng exp [list-of-exp-values] [default]

Example:

Router(config-if)# tunnel mpls traffic-eng exp 9

Specifies an EXP value or values for an MPLS TE tunnel.

list-of-exp-values—EXP value or values that are are to be carried by the specified tunnel. Values range from 0 to 7.

default—The specified tunnel is to carry all EXP values that are:

Not explicitly allocated to another tunnel

Allocated to a tunnel that is currently down

Step 7 

exit

Example:

Router(config-if)#

Exits to global configuration mode.

Repeat Step 1 through Step 7 on the same headend router to create additional tunnels from this headend to the same tailend.

Creating a Master Tunnel, Attaching Member Tunnels, and Making the Master Tunnel Visible

Perform the followings task to create a master tunnel, attach member tunnels to it, and make the master tunnel visible for routing. The procedure begins in global configuration mode.

Summary Steps

1. interface tunnel number

2. ip unnumbered type number

3. tunnel destination {hostname | ip-address}

4. tunnel mode mpls traffic-eng exp-bundle master

5. tunnel mode mpls traffic-eng exp-bundle member tunnel-id

6. tunnel mpls traffic-eng autoroute announce

7. tunnel mpls traffic-eng autoroute metric {absolute | relative} value

DETAILED STEPS

 
Command
Purpose

Step 1 

interface tunnel number

Example:

Router(config)# interface tunnel 7

Configures a tunnel interface type and enters interface configuration mode.

number—Number of the tunnel interface that you want to create or configure.

Step 2 

ip unnumbered type number

Example:

Router(config-if)# ip unnumbered loopback0

Enables IP processing on an interface without assigning an explicit IP address to the interface.

type—Type of another interface on which the router has an assigned IP address.

number—Number of another interface on which the router has an assigned IP address. It cannot be another unnumbered interface.

Step 3 

tunnel destination {hostname | ip-address}

Example:

Router(config-if)# tunnel destination 10.5.5.5

Specifies the destination of the tunnel for this path option.

hostname—Name of the host destination.

ip-address—IP address of the host destination expressed in four-part, dotted decimal notation.

Step 4 

tunnel mode mpls traffic-eng exp-bundle master

Example:

Router(config-if)# tunnel mode mpls traffic-eng exp-bundle master

Specifies this is the master tunnel for the CBTS configuration.

Step 5 

tunnel mode mpls traffic-eng exp-bundle member tunnel-id

Example:

Router(config-if)# tunnel mode mpls traffic-eng exp-bundle member Tunnel20000

Attaches a member tunnel to the master tunnel.

tunnel-id—Number of the tunnel interface to be attached to the master tunnel.

Repeat this command for each member tunnel.

Step 6 

tunnel mpls traffic-eng autoroute announce

Example:

Router(config-if)# tunnel mpls traffic-eng autoroute announce

Specifies that the Interior Gateway Protocol (IGP) should use the tunnel (if the tunnel is up) in its enhanced shortest path first (SPF) calculation.

Step 7 

tunnel mpls traffic-eng autoroute metric {absolute | relative} value

Example:

Router(config-if)# tunnel mpls traffic-eng autoroute metric relative -1

(Optional) Specifies the MPLS TE tunnel metric that the IGP-enhanced SPF calculation uses.

absolute—Indicates the absolute metric mode; you can enter a positive metric value.

relative—Indicates the relative metric mode; you can enter a positive, negative, or zero value.

value—Metric that the IGP enhanced SPF calculation uses. The relative value can be from -10 to 10.

Note Even though the value for a relative metric can be from -10 to +10, configuring a tunnel metric with a negative value is considered a misconfiguration. If the metric to the tunnel tailend appears to be 4 from the routing table, then the cost to the tunnel tailend router is actually 3 because 1 is added to the cost for getting to the loopback address. In this instance, the lowest value that you can configure for the relative metric is -3.


Note Alternatively, static routing could be used instead of autoroute to make the TE or DS-TE tunnels visible for routing.


EXAMPLE

The following example shows how to configure Multiprotocol Label Switching (MPLS) Traffic Engineering (TE) Class-Based Tunnel Selection (CBTS). Tunnel1, Tunnel2, and Tunnel3 are member tunnels, and Tunnel4 is the master tunnel.

Router(config)# interface Tunnel1
Router(config-if)# ip unnumbered loopback0
Router(config-if)# interface destination 24.1.1.1
Router(config-if)# tunnel mode mpls traffic-eng
Router(config-if)# tunnel mpls traffic-eng bandwidth sub-pool 30000
Router(config-if)# tunnel mpls traffic-eng exp 5

Router(config)# interface Tunnel2
Router(config-if)# ip unnumbered loopback0
Router(config-if)# interface destination 24.1.1.1
Router(config-if)# tunnel mode mpls traffic-eng
Router(config-if)# tunnel mpls traffic-eng bandwidth 50000
Router(config-if)# tunnel mpls traffic-eng exp 3 4

Router(config)# interface Tunnel3
Router(config-if)# ip unnumbered loopback0
Router(config-if)# interface destination 24.1.1.1
Router(config-if)# tunnel mode mpls traffic-eng
Router(config-if)# tunnel mpls traffic-eng bandwidth 10000
Router(config-if)# tunnel mpls traffic-eng exp default

Router(config)# interface Tunnel4
Router(config-if)# interface destination 24.1.1.1
Router(config-if)# tunnel mpls traffic-eng exp-bundle master
Router(config-if)# tunnel mpls traffic-eng exp-bundle member Tunnel1
Router(config-if)# tunnel mpls traffic-eng exp-bundle member Tunnel2
Router(config-if)# tunnel mpls traffic-eng exp-bundle member Tunnel3

Router(config-if)# tunnel mpls traffic-eng autoroute enable

Verifying That the MPLS TE or DS-TE Tunnels Are Operating and Announced to the IGP

The following show commands can be used to verify that the MPLS TE or DS-TE tunnels are operating and announced to the IGP. The commands are all entered in privileged EXEC configuration mode.

Command
Purpose

show mpls traffic-eng topology {A.B.C.D | igp-id {isis nsap-address | ospf A.B.C.D} [brief]}

Shows the MPLS traffic engineering global topology as currently known at this node.

A.B.C.DSpecifies the node by the IP address (router identifier to interface address).

igp-idSpecifies the node by IGP router identifier.

isis nsap-addressSpecifies the node by router identification (nsap-address) if you are using Integrated Intermediate System-to-Intermediate System (IS-IS).

ospf A.B.C.DSpecifies the node by router identifier if you are using Open Shortest Path First (OSPF).

briefProvides a less-detailed version of the topology.

show mpls traffic-eng exp

Displays EXP mapping.

show ip cef [type number] [detail]

Displays entries in the forwarding information base (FIB) or displays a summary of the FIB.

type number —Identifies the interface type and number for which to display FIB entries.

detail—Displays detailed FIB entry information.

show mpls forwarding-table [network {mask | length} [detail]]

Displays the contents of the MPLS label forwarding information base (LFIB).

network—Identifies the destination network number.

mask—Identifies the network mask to be used with the specified network.

length—Identifies the number of bits in the destination mask.

detail—Displays information in long form (includes length of encapsulation, length of MAC string, maximum transmission unit [MTU], and all labels).

show mpls traffic-eng autoroute


Displays tunnels that are announced to the Interior Gateway Protocol (IGP).


The show mpls traffic-eng topology command output displays the MPLS TE global topology:

Router# show mpls traffic-eng topology 10.0.0.1
IGP Id: 10.0.0.1, MPLS TE Id:10.0.0.1 Router Node  (ospf 10  area 0) id 1
link[0]: Broadcast, DR: 180.0.1.2, nbr_node_id:6, gen:18
	  frag_id 0, Intf Address:180.0.1.1
	  TE metric:1, IGP metric:1, attribute_flags:0x0
	  SRLGs: None 
	  physical_bw: 100000 (kbps), max_reservable_bw_global: 1000 (kbps)
	  max_reservable_bw_sub: 0 (kbps)
	                         Global Pool       Sub Pool
	       Total Allocated   Reservable        Reservable
	       BW (kbps)         BW (kbps)         BW (kbps)
	       ---------------   -----------       ----------
	bw[0]:            0             1000                0
	bw[1]:            0             1000                0
	bw[2]:            0             1000                0
	bw[3]:            0             1000                0
	bw[4]:            0             1000                0
	bw[5]:            0             1000                0
	bw[6]:            0             1000                0
	bw[7]:          100              900                0

link[1]: Broadcast, DR: 180.0.2.2, nbr_node_id:7, gen:19
	  frag_id 1, Intf Address:180.0.2.1
	  TE metric:1, IGP metric:1, attribute_flags:0x0
	  SRLGs: None 
	  physical_bw: 100000 (kbps), max_reservable_bw_global: 1000 (kbps)
	  max_reservable_bw_sub: 0 (kbps)
	                         Global Pool       Sub Pool
	       Total Allocated   Reservable        Reservable
	       BW (kbps)         BW (kbps)         BW (kbps)
	       ---------------   -----------       ----------
	bw[0]:            0             1000                0
	bw[1]:            0             1000                0
	bw[2]:            0             1000                0
	bw[3]:            0             1000                0
	bw[4]:            0             1000                0
	bw[5]:            0             1000                0
	bw[6]:            0             1000                0
	bw[7]:            0             1000                0

The show mpls traffic-eng exp command output displays EXP mapping information about a tunnel:

Router# show mpls traffic-eng exp
Destination: 10.0.0.9
	Master:	Tunnel10		Status: IP

	Members: 	Status	Conf EXP	Actual EXP
	Tunnel1	UP/ACTIVE	5	5
	Tunnel2	UP/ACTIVE	default	0 1 2 3 4 6 7
	Tunnel3	UP/INACTIVE(T)	2
	Tunnel4	DOWN	3
	Tunnel5	UP/ACTIVE(NE)	

(T)=Tailend is different to master
(NE)=There is no exp value configured on this tunnel.

The show ip cef detail command output displays detailed FIB entry information for a tunnel:

Router# show ip cef tunnel1 detail

IP CEF with switching (Table Version 46), flags=0x0
31 routes, 0 reresolve, 0 unresolved (0 old, 0 new), peak 2
2 instant recursive resolutions, 0 used background process
8 load sharing elements, 8 references
6 in-place/0 aborted modifications
34696 bytes allocated to the FIB table data structures
universal per-destination load sharing algorithm, id 9EDD49E1
1(0) CEF resets
Resolution Timer: Exponential (currently 1s, peak 1s)
Tree summary:
8-8-8-8 stride pattern
short mask protection disabled
31 leaves, 23 nodes using 26428 bytes
Table epoch: 0 (31 entries at this epoch)
Adjacency Table has 13 adjacencies
10.0.0.9/32, version 45, epoch 0, per-destination sharing
0 packets, 0 bytes
tag information set, all rewrites inherited
local tag: tunnel head
via 0.0.0.0, Tunnel1, 0 dependencies
traffic share 1
next hop 0.0.0.0, Tunnel1
valid adjacency
tag rewrite with Tu1, point2point, tags imposed {12304}
0 packets, 0 bytes switched through the prefix
tmstats: external 0 packets, 0 bytes
internal 0 packets, 0 bytes

The show mpls forwarding-table detail command output displays detailed information from the MPLS LFIB:

Router# show mpls forwarding 10.0.0.9 detail

Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop    
tag    tag or VC   or Tunnel Id      switched   interface              
Tun hd Untagged    10.0.0.9/32       0          Tu1        point2point  
	MAC/Encaps=14/18, MRU=1500, Tag Stack{12304}, via Fa6/0
	00027D884000000ED70178A88847 03010000
	No output feature configured
Per-exp selection: 1  
Untagged    10.0.0.9/32       0          Tu2        point2point  
	MAC/Encaps=14/18, MRU=1500, Tag Stack{12305}, via Fa6/1
	00027D884001000ED70178A98847 03011000
	No output feature configured
Per-exp selection: 2  3  
Untagged    10.0.0.9/32       0          Tu3        point2point  
	MAC/Encaps=14/18, MRU=1500, Tag Stack{12306}, via Fa6/1
	00027D884001000ED70178A98847 03012000
	No output feature configured
Per-exp selection: 4  5  
Untagged    10.0.0.9/32       0          Tu4        point2point  
	MAC/Encaps=14/18, MRU=1500, Tag Stack{12307}, via Fa6/1
	00027D884001000ED70178A98847 03013000
	No output feature configured
Per-exp selection: 0  6  7 

The show mpls traffic-eng autoroute command output displays tunnels that are announced to the Interior Gateway Protocol (IGP).

Router# show mpls traffic-eng autoroute

MPLS TE autorouting enabled
destination 10.0.0.9, area ospf 10  area 0, has 4 tunnels
Tunnel1     (load balancing metric 20000000, nexthop 10.0.0.9)
(flags: Announce)
Tunnel2     (load balancing metric 20000000, nexthop 10.0.0.9)
(flags: Announce)
Tunnel3     (load balancing metric 20000000, nexthop 10.0.0.9)
(flags: Announce)
Tunnel4     (load balancing metric 20000000, nexthop 10.0.0.9)
(flags: Announce)

Configuring Virtual Private LAN Service

Virtual Private LAN Service (VPLS) enables geographically separate LAN segments to be interconnected as a single bridged domain over a packet switched network, such as IP, MPLS, or a hybrid of both.

VPLS solves the network reconfiguration problems at the customer equipment (CE) that is associated with Layer 2 Virtual Private Network (L2VPN) implementations. The current Cisco IOS software L2VPN implementation builds a point-to-point connection to interconnect the two attachment VCs of two peering customer sites. To communicate directly among all sites of an L2VPN network, a distinct emulated VC needs to be created between each pair of peering attachment VCs.

For example, when two sites of the same L2VPN network are connected to the same PE, you must establish two separate emulated VCs towards a given remote site, instead of sharing a common emulated VC between these two sites. For an L2VPN customer who uses the service provider backbone to interconnect its LAN segments, the current implementation effectively turns its multiaccess broadcast network into a fully meshed point-to-point network, which requires extensive reconfiguration on the existing CE devices.

VPLS is a multipoint L2VPN architecture that connects two or more customer devices using EoMPLS bridging techniques. VPLS with EoMPLS uses an MPLS-based provider core, where the PE routers have to cooperate to forward customer Ethernet traffic for a given VPLS instance in the core.

VPLS uses the provider core to join multiple attachment circuits together to simulate a virtual bridge that connects the multiple attachment circuits together. From a customer point of view, there is no topology for VPLS. All of the CE devices appear to connect to a logical bridge emulated by the provider core.

Hierarchical Virtual Private LAN Service (H-VPLS) with MPLS to the Edge

In a flat or non-hierarchical VPLS configuration, a full mesh of pseudowires (PWs) is needed between all PE nodes. A pseudowire defines a VLAN and its corresponding pseudoport.

Hierarchical Virtual Private LAN Service (H-VPLS) reduces both signaling and replication overhead by using a combination of full-mesh and hub-and-spoke configurations. Hub-and-spoke configurations operate with split horizon to allow packets to be switched between PWs, which effectively reduce the number of PWs between PEs.

Figure 2-4 H-VPLS with MPLS to the Edge Network

In the H-VPLS with MPLS to the edge architecture, Ethernet Access Islands (EAIs) work in combination with a VPLS core network, with MPLS as the underlying transport mechanism. EAIs operate like standard Ethernet networks. In Figure 2-4, devices CE1, CE2a and CE2b reside in an EAI. Traffic from any CE devices within the EAI is switched locally within the EAI by the user-facing provider edge (UPE) device along the computed spanning-tree path. Each UPE device is connected to one or more network-facing provider edge (NPE) devices using PWs. The traffic local to the UPE is not forwarded to any network-facing provider edge (NPE) devices.

VPLS Configuration Guidelines

When configuring VPLS on a Cisco 7600 Series Ethernet Services 20G line card, consider the following guidelines:

The Cisco 7600 Series Ethernet Services 20G line card supports up to 4000 VPLS domains per Cisco 7600 series router.

The Cisco 7600 Series Ethernet Services 20G line card supports up to 60 VPLS peers per domain per Cisco 7600 series router.

The Cisco 7600 Series Ethernet Services 20G line card supports up to 30,000 pseudowires, used in any combination of domains and peers up to the 4000-domain or 60-peer maximums. For example, support of up to 4000 domains with 7 peers, or up to 60 peers in 500 domains.

When configuring VPLS on a Cisco 7600 Series Ethernet Services 20G line card, consider the following guidelines:

QinQ (the ability to map a single 802.1Q tag or a random double tag combination into a VPLS instance, a Layer 3 MPLS VPN, or an EoMPLS VC) is not supported.

H-VPLS with QinQ edge—Requires a Cisco 7600 Series Ethernet Services 20G line cards in the uplink, and any LAN port or Cisco 7600 Series Ethernet Services 20G line cards on the downlink.

H-VPLS with MPLS edge requires either an optical service module, Cisco 7600 SIP-600, Cisco 7600 SIP-400, or Cisco 7600 Series Ethernet Services 20G line cards in both the downlink (facing UPE) and uplink (MPLS core).

The Cisco 7600 Series Ethernet Services 20G line cards provide Transparent LAN Services (TLS) and Ethernet Virtual Connection Services (EVCS).

The Cisco 7600 Series Ethernet Services 20G line cards support the following VPLS features:

H-VPLS with MPLS edge

H-VPLS with QinQ edge

VPLS with point-to-multipoint EoMPLS and fully-meshed PE configuration

For information about configuring VPLS on the Cisco 7600 Series Ethernet Services 20G line cards, consider the guidelines in this document and then refer to the "Configuring Virtual Private LAN Services on the Optical Services Modules" section of the Cisco 7600 Series Router Module Configuration Notes for the Cisco 7600 series routers at the following URL:

http://www.cisco.com/en/US/products/hw/routers/ps368/products_configuration_guide_chapter09186a00801e5c06.html#wp1338115

Resetting a Cisco 7600 Series Ethernet Services 20G Line Card

To reset an ES20 line card, use the following command in privileged EXEC configuration mode:

Command
Purpose

Router# hw-module module slot reset

Turns power off and on to the ES20 line card in the specified slot, where:

slot—Specifies the chassis slot number where the ES20 line card is installed.