Alcatel-Lucent 7750 SR-OS Configuration Manual Download Page 408 | Manualshive

Page: 408 / 674

background image

ACL Filter Policy Overview

Page 408

7750 SR OS Router Configuration Guide

ACL Filter Policy Overview

ACL Filter policies, also referred to as Access Control Lists (ACLs) or filter for short, are sets of
ordered rules specifying packet match criteria and actions to be performed upon a match. Filters
are applied to services or network ports to control network traffic into (ingress) or out of (egress) a
service access port (SAP) or network. There are three main types of filter policies: IPv4, IPv6, and
MAC filter policies. The same filter can be applied to ingress traffic, egress traffic, or both. Ingress
filters affect only inbound traffic destined for the routing complex, and egress filters affect only
outbound traffic sent from the routing complex.

Configuring an entity with a filter policy is optional. By default, there are no filters associated with
services or interfaces, and therefore, all traffic is allowed on the ingress and egress interfaces. The
filter must be explicitly created and associated. There are different types of filter policies as
defined by the scope argument of the filter policy. An exclusive filter is intended to be used by a
single SAP/interface, a template filter is intended to be shared by multiple SAP/interfaces in the
system, and an embedded filter is intended to define common filter rules that can then be used
(embedded) by other filters in the system. Filter policies are created with a unique filter ID, but
each filter has also a unique filter name argument that can be defined once the filter policy has been
created. Either filter ID or filter name can then be used throughout the system to manage filter
policies and their associations.

On a Layer 2 SAP, either a single IP (v4 or v6) or a single MAC filter policy can be applied in a
given direction. On a Layer 3 SAP and network interfaces, a single IP (v4 or v6) can be applied in
a given direction. The ingress and egress direction policies can be same or different. For dual stack
IPv4/IPv6 SAPs/interfaces, if both IPv4 and IPv6 filter policies are defined, the policy applied will
be based on the outer IP header of the packet. Note that non-IP packets are not hitting an IP filter
policy, so the default action in the IP filter policy will not apply to these packets.

«
...
406
407
408
409
410
...
»

Summary of Contents for 7750 SR-OS

Page 1: ...01 Alcatel Lucent Alcatel Lucent and the Alcatel Lucent logo are trademarks of Alcatel Lucent All other trademarks are the property of their respective owners The information presented is subject to c...

Page 2: ...ritten permission from Alcatel Lucent Alcatel Lucent Alcatel Lucent and the Alcatel Lucent logo are trademarks of Alcatel Lucent All other trademarks are the property of their respective owners The in...

Page 3: ...ng an Inactive BGP Route from a VPRN 41 DHCP Relay 42 Internet Protocol Versions 43 IPv6 Applications 45 DNS 47 IPv6 Provider Edge Router over MPLS 6PE 48 Bi directional Forwarding Detection 50 BFD Co...

Page 4: ...ence 93 Configuration Commands 109 Generic Commands 109 Router Global Commands 110 Router L2TP Commands 129 Router Interface Commands 149 Router Advertisement Commands 194 Show Commands 201 L2TP Show...

Page 5: ...eral 324 Configuring VRRP with CLI 325 VRRP Configuration Overview 326 Preconfiguration Requirements 326 Basic VRRP Configurations 327 VRRP Policy 327 VRRP IES Service Parameters 328 Configure VRRP fo...

Page 6: ...irection Captive Portal 419 ISID Filters 422 VID Filters 423 Arbitrary Bit Matching of VID Filters 425 Port Group Configuration Example 426 Creating and Applying ACL Policies 427 Applying Filters 429...

Page 7: ...er Commands 485 Filter Log Commands 486 ACL Filter Policy Commands 489 General Filter Entry Commands 494 IP v4 v6 Filter Entry Commands 496 Match List Configuration Commands 512 MAC Filter Entry Comma...

Page 8: ...owd Collectors 618 Version 9 and Version 10 Templates 619 Enabling Cflowd on Interfaces and Filters 629 Specifying Cflowd Options on an IP Interface 630 Interface Configurations 630 Service Interfaces...

Page 9: ...CP Value Table 432 Table 10 IP Option Values 435 Table 11 MAC Match Criteria Exclusivity Rules 439 Cflowd Table 12 Template Set 619 Table 13 Basic IPv4 Template 619 Table 14 MPLS IPv4 Template 620 Tab...

Page 10: ...Page 10 7750 SR OS Router Configuration Guide List of Tables...

Page 11: ...cy Management Example 411 Figure 15 IOM CPM Filter Policy using Individual Address Prefixes 413 Figure 16 IOM CPM Filter Policy Using an Address Prefix Match List 414 Figure 17 Embedded Filter Policy...

Page 12: ...Page 12 7750 SR OS Router Configuration Guide List of Figures...

Page 13: ...nd provides concepts and descriptions of the implementation flow as well as Command Line Interface CLI syntax and command usage Audience This manual is intended for network administrators who are resp...

Page 14: ...es 7750 SR OS MPLS Guide This guide describes how to configure Multiprotocol Label Switching MPLS and Label Distribution Protocol LDP 7750 SR OS Services Guide This guide describes how to configure se...

Page 15: ...Preface 7750 SR OS Router Configuration Guide Page 15 This guide describes all supported RADIUS Authentication Authorization and Accounting attributes...

Page 16: ...eller contact the technical support staff for that distributor or reseller for assistance If you purchased an Alcatel Lucent service agreement contact your welcome center at Web http www alcatel lucen...

Page 17: ...d in an overall logical configuration flow Each section describes a software area and provides CLI syntax and command usage to configure parameters for a functional area Table 1 Configuration Process...

Page 18: ...Getting Started Page 18 7750 SR OS Router Configuration Guide...

Page 19: ...o configure basic router parameters Topics in this chapter include Configuring IP Router Parameters on page 20 Interfaces on page 20 Autonomous Systems AS on page 37 Confederations on page 38 Proxy AR...

Page 20: ...ollowing router features can be configured Interfaces on page 20 Creating an IP Address Range on page 24 Autonomous Systems AS on page 37 Confederations on page 38 Proxy ARP on page 40 Refer to 7750 S...

Page 21: ...nterfaces in this context Network domains are not applicable to loopback and system interfaces The network domain information will only be used for ingress VPLS sap queue allocation It will not be tak...

Page 22: ...ssociated during the configuration of the following entities The termination point of service tunnels The hops when configuring MPLS paths and LSPs The addresses on a target router for BGP and LDP pee...

Page 23: ...address prefix In loose mode uRPF checks whether the packet has a source address with a corresponding prefix in the routing table loose mode does not check whether the interface expects to receive a p...

Page 24: ...ices When defining a range that is a superset of a previously defined service prefix the subset will be replaced with the superset definition For example if a service prefix exists for 10 10 10 0 24 a...

Page 25: ...l application of QPPB a BGP route is advertised with a BGP community attribute that conveys a particular QoS Routers that receive the advertisement accept the route into their routing table and set th...

Page 26: ...network and these traffic flows can be identified with known routes For example the operator of an ISP network may want to give priority to traffic originating in a particular ASN the ASN of a conten...

Page 27: ...tent Provider AS 300 Route Policy Accept all routes with AS_PATH ending with ASN 300 and set fcto high 1 QoSPolicy Lookup the destination IP address of all packets arriving on this interface to determ...

Page 28: ...y low high The use of this command is illustrated by the following example config router policy options begin community gold members 300 100 policy statement qppb_policy entry 10 from protocol bgp com...

Page 29: ...instance QPPB is supported for BGP routes belonging to any of the address families listed below IPv4 AFI 1 SAFI 1 IPv6 AFI 2 SAFI 1 VPN IPv4 AFI 1 SAFI 128 VPN IPv6 AFI 2 SAFI 128 Note that a VPN IP...

Page 30: ...show router static route This feature uses a qos keyword to the show router route table command When this option is specified the output includes an additional line per route entry that displays the...

Page 31: ...oup interfaces config service ies sub if grp if When the qos route lookup command with the destination parameter is applied to an IP interface and the destination address of an incoming IP packet matc...

Page 32: ...nd priority of a packet matching an ECMP route is based on the particular next hop used to forward the packet When Edge PIC 1 is enabled some BGP routes may have a backup next hop in the forwarding ta...

Page 33: ...fc2 is explicitly configured in or out and fc2 is not mapped to a priority mode queue then the packet is assigned this profile state In both cases there is no consideration of whether or not fc1 was m...

Page 34: ...from original dot1p exp DSCP mapping or policy default From new base FC From original FC and sub class Policer Policer From new base FC unless overridden by DE 1 If DE 1 override then low otherwise fr...

Page 35: ...base FC From original FC and sub class Profile mode queue Policer From new base FC unless overridden by DE 1 If DE 1 override then low otherwise from QPPB If no DEI or QPPB overrides then follows ori...

Page 36: ...g table manager instance There are several ways to obtain the router ID On each router the router ID can be derived in the following ways Define the value in the config router router id context The va...

Page 37: ...area no routing information obtained from outside the area can be used This protects intra area routing from the injection of bad routing information Routers that belong to more than one area are call...

Page 38: ...uch as next hop metric and local preference settings are preserved The confederation appears and behaves like a single AS Confederations have the following characteristics A large AS can be sub divide...

Page 39: ...confederations must be explicitly created Figure 2 depicts a confederation configuration example Figure 2 Confederation Configuration SRSG005 Confederation Member 1 Confederation Member 2 ALA D ALA B...

Page 40: ...to support DSLAM and other edge like environments proxy ARP supports policies that allow the provider to configure prefix lists that determine for which target networks proxy ARP will be attempted and...

Page 41: ...guration option that allows the best BGP route learned by a VPRN to be exported as a VPN IP route even when that BGP route is inactive due to the presence of a more preferred BGP VPN route from anothe...

Page 42: ...IP Router Parameters Page 42 7750 SR OS Router Configuration Guide DHCP Relay Refer to 7750 SROS Triple Play Guide for information about DHCP and support provided by the 7750 SR as well as configurati...

Page 43: ...defined that is used to send a packet to any one of a group of nodes Header format simplification Some IPv4 header fields have been dropped or made optional to reduce the common case processing cost o...

Page 44: ...s zero the payload length is carried in a jumbo payload hop by hop option Next Header 8 bit selector Identifies the type of header immediately following the IPv6 header This field uses the same values...

Page 45: ...ternet exchange peering Figure 4 shows an IPv6 Internet exchange where multiple ISPs peer over native IPv6 Figure 4 IPv6 Internet Exchange IPv6 transit services Figure 5 shows IPv6 transit provided by...

Page 46: ...nt router supports dynamic IPv6 over IPv4 tunneling The ipv4 source and destination address are taken from configuration the source address is the ipv4 system address and the ipv4 destination is the n...

Page 47: ...The DNS client is extended to use IPv6 as transport and to handle the IPv6 address in the DNS AAAA resource record from an IPv4 or IPv6 DNS server An assigned name can be used instead of an IPv6 addre...

Page 48: ...quires no backbone infrastructure upgrades and no re configuration of core routers because forwarding is purely based on MPLS labels 6PE is a cost effective solution for IPv6 deployment Figure 8 Examp...

Page 49: ...prefixes that it advertises and can accept an arbitrary label from its peers LDP is used to create the MPLS full mesh between the 6PE routers and the IPv4 addresses that are embedded in the next hop...

Page 50: ...rding Detection that allows either of the two systems to send a sequence of BFD echo packets to the other system which loops them back within that system s forwarding plane If a number of these echo p...

Page 51: ...e protocol The initial protocol version is 0 Diag A diagnostic code specifying the local system s reason for the last transition of the session from Up to some other state Possible values are 0 No dia...

Page 52: ...if that value is unknown Desired Min TX Interval This is the minimum interval in microseconds that the local system would like to use when transmitting BFD control packets Required Min RX Inter val Th...

Page 53: ...ence process This greatly accelerates the overall RSVP TE response to network failures All encapsulation types supporting IPv4 and IPv6 is supported as all BFD packets are carried in IPv4 and IPv6 pac...

Page 54: ...ss in the packet The echo function is useful when the local router does not have sufficient CPU power to handle a periodic polling rate at a high frequency As a result it relies on the echo sender to...

Page 55: ...erfaces IES Over Spoke SDP One application for a central BFD implementation is so BFD can be supported over spoke SDPs used to inter connection IES or VPRN interfaces When there are spoke SDPs for int...

Page 56: ...or IES VPRN over Spoke SDP Fig_31 Metro POP 1 Metro POP 2 Metro POP 4 Metro POP 3 Primary Path BFD Secondary Path Note In this case BFD is run between the IES VPRN interfaces independent of the SPD LS...

Page 57: ...failure detection In this application the BFD session can run between the IP interfaces associated with the LAG or VSM interface but there is only one session between the two nodes There is no requir...

Page 58: ...ion Guide Aggregate Next Hop This feature adds the ability to configure an indirect next hop for aggregate routes The indirect next hop specifies where packets will be forwarded if they match the aggr...

Page 59: ...st be assigned to each IP interface System interface This creates an association between the logical IP interface and the system loopback address The system interface address is the circuitless addres...

Page 60: ...nfederations can be configured before protocol connections such as BGP and peering parameters are configured IPv6 interfaces and associated routing protocols may only be configured on the following sy...

Page 61: ...n page 64 Configuring Interfaces on page 65 Configuring a System Interface on page 65 Configuring a Network Interface on page 65 Configuring IPv6 Parameters on page 67 Configuring Proxy ARP on page 80...

Page 62: ...em interface Configure appropriate routing protocols A system interface and network interface should be configured System Interface The system interface is associated with the network entity such as a...

Page 63: ...PF and BGP The most basic router configuration must have the following System name System address The following example displays a router configuration A ALA A config info Router Configuration router...

Page 64: ...onfigure a name for the device The name is used in the prompt string Only one system name can be configured If multiple system names are configured the last one configured will overwrite the previous...

Page 65: ...eleted Configuring a System Interface To configure a system interface CLI Syntax config router interface interface name address ip address mask ip address netmask broadcast all ones host ones secondar...

Page 66: ...onfiguration interface system address 10 10 0 4 32 exit interface to ALA 2 address 10 10 24 4 24 port 1 1 1 egress filter ip 10 exit exit A ALA A config router To enable CPU protection CLI Syntax conf...

Page 67: ...ipv6 info detail port 1 2 37 ipv6 packet too big 100 10 param problem 100 10 redirects 100 10 time exceeded 100 10 unreachables 100 10 exit A ALA 49 config router if ipv6 exit all Use the following CL...

Page 68: ...l Endpoint IPv4 System Address on page 74 Configuring an IPv4 BGP Peer on page 75 An Example of a IPv6 Over IPv4 Tunnel Configuration on page 76 Tunnel Ingress Node This configuration shows how the in...

Page 69: ...nterface ip int name address ip address mask ip address netmask broad cast all ones host ones ipv6 address ipv6 address prefix length eui 64 The following displays configuration output showing interfa...

Page 70: ...splays the OSPF configuration to learn the IPv4 system address of the tunnel endpoint CLI Syntax config router ospf area area id interface ip int name The following displays a configuration showing OS...

Page 71: ...icy name policy name upto 5 max router id ip address group name family ipv4 vpn ipv4 ipv6 mcast ipv4 type internal external neighbor ip address local as as number private peer as as number The followi...

Page 72: ...IPv6 routes into BGP CLI Syntax config router bgp export policy name policy name upto 5 max router id ip address group name family ipv4 vpn ipv4 ipv6 mcast ipv4 type internal external neighbor ip add...

Page 73: ...e configured CLI Syntax config router configure router static route C8C8 C801 128 indirect 200 200 200 1 interface ip int name address ip address mask ip address netmask broad cast all ones host ones...

Page 74: ...displays the OSPF configuration to learn the IPv4 system address of the tunnel endpoint CLI Syntax config router ospf area area id interface ip int name The following displays OSPF configuration info...

Page 75: ...name policy name upto 5 max router id ip address group name family ipv4 vpn ipv4 ipv6 mcast ipv4 type internal external neighbor ip address local as as number private peer as as number The following...

Page 76: ...outes into BGP CLI Syntax config router bgp export policy name policy name upto 5 max router id ip address group name family ipv4 vpn ipv4 ipv6 mcast ipv4 type internal external neighbor ip address lo...

Page 77: ...ent interval seconds min advertisement interval seconds mtu mtu bytes other stateful configuration prefix ipv6 prefix prefix length autonomous on link preferred lifetime seconds infinite valid lifetim...

Page 78: ...if info address 10 11 10 1 24 port 1 3 37 ipv6 address 10 1 24 exit A ALA 49 config router if An Example of a IPv6 Over IPv4 Tunnel Configuration The IPv6 address is the next hop as it is received th...

Page 79: ...ALA 49 configure router info policy options policy statement ospf3 description Plcy Stmnt For From ospf3 To bgp entry 10 description Entry From Protocol ospf3 To bgp from protocol ospf3 exit to protoc...

Page 80: ...mation about route policies refer to the OS Routing Protocols Guide Apply the policy statement to the proxy arp configuration in the config router interface context CLI Syntax config router policy opt...

Page 81: ...it default action accept exit exit A ALA 49 config router policy options Use the following CLI to configure proxy ARP CLI Syntax config router interface interface name local proxy arp proxy arp policy...

Page 82: ...esponding to all prefixes for which it activated an LDP FEC For a given prefix two route entries are populated in RTM One corresponds to the LDP shortcut next hop and has an owner of LDP The other one...

Page 83: ...Shortcut Forwarding Plane Once LDP activated a FEC for a given prefix and programmed RTM it also programs the ingress Tunnel Table in IOM with the LDP tunnel information When an IPv4 packet is receiv...

Page 84: ...e The transit message appears as a user packet to the ingress LER node A locally generated response to a received ICMP ping or trace route message All other control plane packets that require an RTM l...

Page 85: ...ust assume it is an egress LER for the FEC until the route disappears from the routing table or the next hop advertised a binding for the FEC prefix In the latter case the SR OS router becomes a trans...

Page 86: ...onfigured protocols are not automatically restarted with the new router ID The next time a protocol is initialized the new router ID is used An interim period of time can occur when different protocol...

Page 87: ...the following CLI syntax to configure a confederation CLI Syntax config router confederation confed as num members member as num The following example displays the commands to configure the confedera...

Page 88: ...ntax to configure an autonomous system CLI Syntax config router autonomous system as number The following displays an autonomous system configuration example A ALA A config router info IP Configuratio...

Page 89: ...SFMs are being actively used when there is an SFM failure multicast traffic needs to be rerouted around the node Some scenarios include There is only one SFM installed in the system One SFM active or...

Page 90: ...mes are configured the last one configured will overwrite the previous entry Use the following CLI syntax to change the system name CLI Syntax config system name system name The following example disp...

Page 91: ...LA A config router if address 10 0 0 25 24 A ALA A config router if no shutdown To modify a port perform the following steps Example A ALA A config router interface to sr1 A ALA A config router if shu...

Page 92: ...e an interface can be deleted 1 Before an IP interface can be deleted it must first be administratively disabled with the shutdown command 2 After the interface has been shut down it can then be delet...

Page 93: ...mand Hierarchies Configuration Commands Router Commands on page 94 Router L2TP Commands on page 96 Router Interface Commands on page 99 Router Interface IPv6 Commands on page 102 Router Advertisement...

Page 94: ...r id service prefix ip prefix mask ip prefix netmask exclusive no service prefix ip prefix mask ip prefix netmask sgt qos application dscp app name dscp dscp value dscp name application dot1p app name...

Page 95: ...ig router bfd bfd template name create bfd template name transmit interval transmit interval no transmit interval receive interval receive interval no receive interval cv tx transmit interval no cv tx...

Page 96: ...val hello interval no hello interval idle timeout idle timeout no idle timeout lns group lns group id no lns group load balance method per session per tunnel no load balance method local address ip ad...

Page 97: ...imeout infinite no idle timeout load balance method per session per tunnel no load balance method local address ip address no local address local name host name no local name max retries estab max ret...

Page 98: ...figuration Guide configure router l2tp tunnel selection blacklist add tunnel never add tunnel on reason reason upto 8 max no add tunnel add tunnel max list length count no max list length max time min...

Page 99: ...on no cflowd cpu protection policy id no cpu protection delayed enable seconds no delayed enable description description string no description dist cpu protection policy name no dist cpu protection eg...

Page 100: ...stance instance id ingress fp redirect group queue group name ingress instance instance id no qos no remote proxy arp secondary ip addr mask ip addr netmask broadcast all ones host ones igp inhibit no...

Page 101: ...ute next hop policy no template template name include group group name pref pref no include group group name no exclude group group name no srlg enable protection type link node no protection type nh...

Page 102: ...np no bfd icmp6 packet too big number seconds no packet too big param problem number seconds no param problem redirects number seconds no redirects time exceeded number seconds no time exceeded unreac...

Page 103: ...advertisement interval min advertisement interval seconds no min advertisement interval mtu mtu bytes no mtu no other stateful configuration prefix ipv6 prefix prefix length no autonomous no on link p...

Page 104: ...ip int name mac ieee address interface ip address ip int name statistics interface dist cpu protection detail interface policy accounting class index l2tp group tunnel group name statistics group conn...

Page 105: ...ame all next hop type type qos alternative route table family summary route table tunnel endpoints ip prefix prefix length longer exact detail rtr advertisement interface interface name prefix ipv6 pr...

Page 106: ...ess dhcp6 statistics ip int name ip address forwarding table slot number grt lookup icmp redirect route all ip address icmp6 all icmp6 global icmp6 interface interface name interface ip int name ip ad...

Page 107: ...ame router router instance ip no arp icmp no icmp icmp6 ip int name no icmp6 no interface ip int name ip address no neighbor packet ip int name ip address headers protocol id no packet ip int name ip...

Page 108: ...IP Router Command Reference Page 108 7750 SR OS Router Configuration Guide...

Page 109: ...onfiguration file shutdown and no shutdown are always indicated in system generated configuration files The no form of the command puts an entity into the administratively enabled state Default no shu...

Page 110: ...te The use of aggregate routes can reduce the number of routes that need to be advertised to neighbor routers leading to smaller routing table sizes Overlapping aggregate routes may be configured in t...

Page 111: ...r as number ip address This optional parameter specifies the BGP aggregator path attribute to the aggregate route When configuring the aggregator a two octet AS number used to form the aggregate route...

Page 112: ...num members as number as number up to 15 max no confederation confed as num members as number up to 15 max Context config router Description This command creates confederation autonomous systems withi...

Page 113: ...rameters max ecmp routes The maximum number of equal cost routes allowed on this routing table instance expressed as a decimal integer Setting ECMP max ecmp routes to 1 yields the same result as enter...

Page 114: ...on The no form of this command disables the IP FRR feature on the system Default no ip fast reroute mc maximum routes Syntax mc maximum routes number log only threshold threshold no mc maximum routes...

Page 115: ...igured LSPs THe range is configured as follows The minimum value of label is always 32 The maximum value in the range is then 32 number The allowed values of number are as follows for max lsp labels V...

Page 116: ...rm of the command removes the description string from the context Default no description Parameters string The description character string Allowed values are any string up to 80 characters long compo...

Page 117: ...addresses using service prefix is to provide a mechanism to reserve one or more address ranges for services When services are defined the address must be in the range specified as a service prefix If...

Page 118: ...tion dscp app name dscp dscp value dscp name application dot1p app name dot1p dot1p priority no application dscp app name dot1p app name Context config router sgt qos Description This command configur...

Page 119: ...cp53 cp54 cp55 cp57 cp58 cp59 cp60 cp61 cp62 cp63 fc name Specifies the forward class name Values be l2 af l1 h2 ef h1 nc bfd template Syntax bfd template name create no bfd template name Context con...

Page 120: ...emplate Description This command specifies the receive timer used for BFD packets If the template is used for a BFD session on an MPLS TP LSP then this timer is used for CC packets Default no receive...

Page 121: ...plier Syntax multiplier multiplier no multiplier Context config router bfd bfd template Description This command specifies the detect multiplier used for a BFD session If a BFD control packet is not r...

Page 122: ...m overload Context config router Description This command if enabled will cause the OSPF for the service to enter an overload state when the node has fewer than the full set of SFMs functioning Once a...

Page 123: ...e check test will be removed from the associated static route Default No static routes are defined Parameters ip prefix prefix length The destination address of the static route Values ipv4 prefix a b...

Page 124: ...ined by the configuration of the ecmp command prefix list prefix list name all none Specifies the prefix list to be considered metric metric The cost metric for the static route expressed as a decimal...

Page 125: ...ess specified the respective defaults for preference and metric will be applied The ip addr configured can be either on the network or the access side and is normally at least one hop away from this n...

Page 126: ...ndirect or blackhole keywords are specified The remote end of the BFD session must also be configured to originate or accept the BFD session controlling the static route state mcast family Enables sub...

Page 127: ...e ability to log transitions between active and in active based on the CPE connectivity check Events should be sent to the system log syslog and SNMP traps Sample Output B Dut C configure router manag...

Page 128: ...hop is allowed with any extra parameters B Dut C config router show router management static static arp static route B Dut C config router show router management static route Static Route Table Route...

Page 129: ...This command what string to put in the Calling Number AVP for L2TP control messages related to a session in this L2TP protocol instance Parameters ascii spec Specifies the L2TP calling number AVP Valu...

Page 130: ...eference level In case that the tunnel spec selection algorithm evaluates into a tunnel that is currently unavailable for example tunnel in a blacklist then the selection algorithm will try to select...

Page 131: ...t in case that CDN message with the Result Codes 6 Invalid destination is received cdn tmp no facilities A tunnel will be forced to the blacklist in case that CDN message with the Result Code 4 is rec...

Page 132: ...er address than the one initially configured never When specified no tunnels will be placed on blacklist under any circumstance This parameter will available to preserve backward compatibility max lis...

Page 133: ...max period of time Values remove from blacklist The peer or tunnel in the blacklist will be removed completely from the blacklist and made eligible for the selection process once the max time expires...

Page 134: ...w peer IP address and does not change the destination address insubsequent L2TP messages reject Specifies that this system rejects any source IP address change of received L2TP control messages and dr...

Page 135: ...e tunnel between the LAC and LNS There is a one to one relationship between established L2TP sessions and their associated calls Parameters session limit Specifies the number of sessions allowed Defau...

Page 136: ...removes the value from the configuration Default no destruct timeout Parameters destruct timeout Specifies the automatic removal of dynamic L2TP sessions in seconds that are no longer active Default...

Page 137: ...ns group lns group id no lns group Context config router l2tp group Description This command configures the ISA LNS group Parameters lns group id Specifies the LNS group ID Values 1 4 load balance met...

Page 138: ...uring the authentication phase of tunnel establishment It can be used to distinguish tunnels The no form of the command removes thename from the configuration Default local name Parameters host name S...

Page 139: ...7 password Syntax password password hash hash2 no password Context config router l2tp group config router l2tp group tunnel Description This command configures the password between L2TP LAC and LNS Th...

Page 140: ...hentication policy Context config router l2tp group ppp Description This command configures the authentication policy Parameters auth policy name Specifies the authentication policy name Values 32 cha...

Page 141: ...ntax mtu mtu bytes no mtu Context config router l2tp group ppp Description This command configures the maximum PPP MTU size Parameters mtu bytes Specifies in bytes the maximum PPP MTU size Values 512...

Page 142: ...ed between the available tunnels If necessary new tunnels are set up until the maximum number is reached The distribution aims at an equal ratio of the actual number of sessions to the maximum number...

Page 143: ...tunnel Description This command specifies if this tunnel is to be automatically set up by the system no auto establish avp hiding Syntax avp hiding never sensitive always no avp hiding Context config...

Page 144: ...Syntax hello interval hello interval hello interval infinite no hello interval Context config router l2tp group tunnel Description This command configures the number of seconds between sending Hellos...

Page 145: ...2tp group tunnel Description This command configures a preference number that indicates the relative preference assigned to a tunnel when using a weighted session assignment The no form of the command...

Page 146: ...to the blacklist in case that CDN message with the Result Codes 6 Invalid destination is received cdn tmp no facilities A tunnel will be forced to the blacklist in case that CDN message with the Resul...

Page 147: ...configured never When specified no tunnels will be placed on blacklist under any circumstance This parameter will available to preserve backward compatibility max list length Syntax max list length u...

Page 148: ...he max period of time Values remove from blacklist The peer or tunnel in the blacklist will be removed completely from the blacklist and made eligible for the selection process once the max time expir...

Page 149: ...S TP LSPs IP routing protocols are blocked on interfaces of this type If an interface is configured as unnumbered mpls tp then it can only be associated with an Ethernet port or VLAN using the port co...

Page 150: ...nfiguration Guide unnumbered mpls tp then it can only be associated with an Ethernet port or VLAN using the port command Either a unicast multicast or broadcast remote MAC address may be configured us...

Page 151: ...MPLS LSPs that explicitly reference that IP address When a new IP address is defined interface specific configurations for MPLS RSVP will need to be re added If the no form of the command is executed...

Page 152: ...roadcast address This is an IP address that corresponds to the local subnet described by the ip addr and the mask length or mask with all the host bits set to binary 1 This is the default broadcast ad...

Page 153: ...rm of the command reverts to the default value Default 14400 seconds 4 hours Parameters seconds The minimum number of seconds a learned ARP entry is stored in the ARP table expressed as a decimal inte...

Page 154: ...s the minimum echo receive interval in milliseconds for the session Values 100 100000 Default 0 type cpm np Selects the CPM network processor as the local termination point for the BFD session See Imp...

Page 155: ...g CPU protection policy for the interface The CPU protection policies are configured in the config sys security cpu protection policy cpu protection policy id context Parameters policy id Specifies an...

Page 156: ...e destination address port dst ip Specifies using destination address and if l4 load balancing is enabled destination port in the hash ignore source address port enable ingress stats Syntax no enable...

Page 157: ...name group name upto 5 max Context config router interface Description This command configures interface SRLG Group memberships for this interface local proxy arp Syntax no local proxy arp Context co...

Page 158: ...All user and specified control packets for which the longest prefix match in RTM yields the FEC prefix will be forwarded over the LDP LSP When an IPv4 packet is received on an ingress network interfa...

Page 159: ...sed at the next flooding of link attributes by IGP However if the LDP synchronization timer is still running the new cost value will only be advertised after the timer expired Also the new cost value...

Page 160: ...ocation algorithm checks whether the value present is IPv4 v6 0x0800 0r 0x0866D If the check passes the hash algorithm checks the first nibble at the expected IP header location for IPv4 IPv6 0x0100 0...

Page 161: ...e This is to allow the reset of the network to reconverge after a router failure before the anycase based label assignments are flushed from the forwarding plane Values 0 65535 Default 90 network doma...

Page 162: ...umber port_number format for example 1 1 3 specifies port 3 of the MDA installed in MDA slot 1 on the card installed in chassis slot 1 SONET SDH interfaces When the port id represents a POS interface...

Page 163: ...uests Thus the 7750 SR OS configuration can state that if it has a packet that has a certain IP address to send it to the corresponding ARP address Default no proxy arp policy Parameters policy name T...

Page 164: ...c and priority profile determined from the sap ingress or network qos policy associated with the IP interface If the source address of the incoming packet matches a route with no QoS information the f...

Page 165: ...r forwarding class basis The no form of the command removes the network QoS policy association from the network IP interface and the QoS policy reverts to the default Default no qos Parameters network...

Page 166: ...ow the prefix mask length The subnet mask length when the IP prefix is specified in CIDR notation When the IP prefix is specified in CIDR notation a forward slash separates the ip address from the mas...

Page 167: ...ing IGP static arp Syntax static arp ip addr ieee mac addr unnumbered no static arp unnumbered Context config router interface Description This command configures a static Address Resolution Protocol...

Page 168: ...te an interface that is configured with the strip label parameter with a port the port must be configured as single fiber for the command to be valid Default no strip label teid load balancing Syntax...

Page 169: ...ce This is equivalent to executing the tos marking state trusted command Default trusted Parameters trusted The default prevents the ToS field to not be remarked by egress network IP interfaces unless...

Page 170: ...riority associated with that route overriding the fc and priority profile determined from the sap ingress or network qos policy associated with the IP interface If the source address of the incoming p...

Page 171: ...ck Syntax no urpf check Context config router if config router if ipv6 Description This command enables unicast RPF uRPF Check on this interface The no form of the command disables unicast RPF uRPF Ch...

Page 172: ...mbine to create a local IP prefix The defined IP prefix must be unique within the context of the routing instance It cannot overlap with other existing IP prefixes defined as local subnets on other IP...

Page 173: ...ion of the IP address the remainder of the IP address is used to determine the host portion of the IP address Allowed values are integers in the range 1 32 Note that a mask length of 32 is reserved fo...

Page 174: ...interface Description This command creates the context to configure or apply IP interface attributes such as administrative group admin group or Shared Risk Loss Group SRLG admin group Syntax admin gr...

Page 175: ...cifies the integer value associated with the group The association of group name and value should be unique within an IP MPLS domain Values 0 31 admin group Syntax admin group group name group name up...

Page 176: ...ll also exclude the SRLGs of the outgoing interface of the primary LSP path in the computation of the path of the FRR backup LSP This provides path disjointness between the primary path and the second...

Page 177: ...ub TLVs when the traffic engineering option is enabled in IS IS or OSPF IES and VPRN interfaces do not have their attributes advertised in TE TLVs The no form of this command deletes one or more of th...

Page 178: ...schedule a new LFA SPF to re compute the LFA next hop for the prefixes associated with these templates Parameters template name Specifies the name of the template up to 32 characters include group Sy...

Page 179: ...gs to one of the groups in an include group statement but also belongs to other groups that are not part of any include group statement in the route next hop policy The pref option is used to provide...

Page 180: ...rotection is preferred in the selection of an LFA next hop for all IP prefixes and LDP FEC prefixes to which a route next hop policy template is applied The default in SR OS implementation is node pro...

Page 181: ...areas However the command in an OSPF interface context can only be executed under the area in which the specified interface is primary and then applied in that area and in all other areas where the i...

Page 182: ...d creates a loopback interface for use in multihoming resiliency This address is considered the secondary multihoming address and is only used to resolve routes advertised by the primary router in the...

Page 183: ...ter Configuration 7750 SR OS Router Configuration Guide Page 183 reconverge after a router failure before the anycast based label assignments are flushed from the forwarding plane Values 0 65535 Defau...

Page 184: ...tering is performed flowspec Syntax no flowspec Context config router interface ingress Description This command enables IPv4 flowspec filtering on a network IP interface Filtering is based on all of...

Page 185: ...ip ip filter ip ipv6 ipv6 filter id Context config router if ingress config router if egress Description This command associates an IP filter policy with an IP interface Filter policies control packe...

Page 186: ...e router interface Default mask reply Replies to ICMP mask requests redirects Syntax redirects number seconds no redirects Context config router if icmp Description This command enables and configures...

Page 187: ...the command disables the generation of TTL expired messages Default ttl expired 100 10 Maximum of 100 TTL expired message in 10 seconds Parameters number The maximum number of ICMP TTL expired message...

Page 188: ...ration of ICMP destination unreachables on the router interface Default unreachables 100 10 Maximum of 100 unreachable messages in 10 seconds Parameters number The maximum number of ICMP unreachable m...

Page 189: ...one Parameters ipv6 address prefix length Specify the IPv6 address on the interface Values ipv6 address prefix ipv6 address x x x x x x x x eight 16 bit pieces x x x x x x d d d d x 0 FFFF H d 0 255 D...

Page 190: ...icmp6 Description This command configures the rate for ICMPv6 param problem messages Parameters number Limits the number of param problem messages issued per the time frame specifed in the seconds par...

Page 191: ...the time frame in seconds that is used to limit the number of time exceeded messages issued per time frame Values 1 60 unreachables Syntax unreachables number seconds no unreachables Context config r...

Page 192: ...discovery policy for the interface Parameters policy name The neighbor discovery policy name Allowed values are any string up to 32 characters long composed of printable 7 bit ASCII characters If the...

Page 193: ...ameters ipv6 address The IPv6 address assigned to a router interface Values ipv6 address x x x x x x x x eight 16 bit pieces x x x x x x d d d d x 0 FFFF H d 0 255 D mac address Specifies the MAC addr...

Page 194: ...d configures router advertisement properties on a specific interface The interface must already exist in the config router interface context Default No interfaces are configured by default Parameters...

Page 195: ...Description This command configures the maximum interval between sending router advertisement messages Default 600 Parameters seconds Specifies the maximum interval in seconds between sending router...

Page 196: ...for IPv6 Default no other stateful configuration prefix Syntax no prefix ipv6 prefix prefix length Context config router router advert if Description This command configures an IPv6 prefix in the rout...

Page 197: ...ions but packets received on such an interface are processed as expected Default 604800 Parameters seconds Specifies the remaining length of time in seconds that this prefix will continue to be prefer...

Page 198: ...ax retransmit timer milli seconds no retransmit timer Context config router router advert if Description This command configures the retransmission frequency of neighbor solicitation messages Default...

Page 199: ...if Description This command enables sending router advertisement messages using the VRRP virtual MAC address provided that the virtual router is currently the master If the virtual router is not the m...

Page 200: ...Router Advertisement Commands Page 200 7750 SR OS Router Configuration Guide...

Page 201: ...ity NextHopType 10 0 0 0 8 0 0 0 0 0 False False Inactive 100 33 Blackhole No of Aggregates 1 A CPM133 config router arp Syntax arp ip int name ip address mask mac ieee mac address summary local dynam...

Page 202: ...outer ARP 10 10 0 3 ARP Table IP Address MAC Address Expiry Type Interface 10 10 0 3 04 5d ff 00 00 00 00 00 00 Oth system A ALA A A ALA A show router ARP to ser1 Label Description IP Address The IP a...

Page 203: ...command displays interface or policy authentication statistics Parameters interface ip int name ip address Specifies an existing interface name or IP address Values ip int name 32 chars max ip addres...

Page 204: ...00 100 3 122 1 4 2 pim 455 464 iom No of BFD sessions 2 A Dut D A Dut C show router bfd session src 11 120 1 4 dest 11 120 1 3 BFD Session Remote Address 11 120 1 3 Admin State Up Oper State Up 3 Prot...

Page 205: ...nterface Lsp Name State Tx Intvl Rx Intvl Multipl Remote Address Info Protocols Tx Pkts Rx Pkts Type wp lsp 32 Down 1 1000 1000 3 0 0 0 0 0 mplsTp N A N A cpm np wp lsp 33 Down 1 1000 1000 3 0 0 0 0 0...

Page 206: ...p Protecting path interface Syntax interface interface name Context show router bfd Description This command displays interface information Output BFD interface Output The following table describes th...

Page 207: ...he session type Values iom central cpm np Output BFD Session Output The following table describes the show BFD session output fields Sample Output A Dut B show router bfd session BFD Session Label Des...

Page 208: ...ols static bgp Rx Interval 10 Tx Interval 10 Multiplier 3 Echo Interval 0 Up Time 0d 07 24 54 Up Transitions 1 Down Time None Down Transitions 0 Version Mismatch 0 Forwarding Information Local Discr 2...

Page 209: ...0 3 10 2 1 3 pim isis 51529 51279 iom port 1 3 Up 3 500 500 3 10 3 1 3 pim isis 51529 51279 iom port 1 4 Up 3 500 500 3 10 4 1 3 pim isis 51529 51279 iom port 1 5 Up 3 500 500 3 10 5 1 3 pim isis 5152...

Page 210: ...dhcp Context show router Description This command enables the context to display DHCP related information dhcp6 Syntax dhcp6 Context show router Description This command enables the context to displa...

Page 211: ...CP clients Transmitted Pack ets The number of packets transmitted to the DHCP clients Received Mal formed Packets The number of malformed packets received from the DHCP clients Received Untrusted Pack...

Page 212: ...ge 0 15 No Server Id option in msg from server 0 16 Missing or illegal Client Id option in client msg 0 17 Server Id option in client msg 0 18 Server DUID in client msg does not match our own 0 19 Cli...

Page 213: ...Up Up A ALA 1 ecmp Syntax ecmp Context show router Description This command displays the ECMP settings for the router Output ECMP Settings Output The following table describes the output fields for th...

Page 214: ...Displays the router IP interface table to display Values ipv4 Displays only those peers that have the IPv4 family enabled ipv6 Displays the peers that are IPv6 capable ip prefix prefix length Display...

Page 215: ...sport RSVP LSP 1 Total Entries 1 A Dut C show router fib 1 FIB Display Prefix Protocol NextHop 1 1 2 0 24 ISIS 1 1 3 1 to_Dut A 1 2 3 2 to_Dut B 1 1 3 0 24 LOCAL 1 1 3 0 to_Dut A 1 1 9 0 24 ISIS 1 1 3...

Page 216: ...Commands Page 216 7750 SR OS Router Configuration Guide 20 12 0 46 32 STATIC vprn1 mda 3 1 100 0 0 1 32 TMS vprn1 mda 1 1 vprn1 mda 3 1 138 203 71 202 32 STATIC 10 12 0 2 itfToArborCP_02 Total Entrie...

Page 217: ...s routes only matching the specified ip address and length Values ipv4 prefix a b c d host bits must be set to 0 ipv4 prefix length 0 32 ipv6 ipv6 prefix pref x x x x x x x x eight 16 bit pieces x x x...

Page 218: ...ments 0 Neighbor Solicits 5 Neighbor Advertisements 5 A SR 3 show router auth Time Exceeded The number of messages that exceeded the time threshold Echo Request The number of echo requests Router Soli...

Page 219: ...ded 0 Pkt Too Big 0 Echo Request 0 Echo Reply 0 Label Description Total The total number of all messages Destination Unreachable The number of message that did not reach the destination Time Exceeded...

Page 220: ...ndex Parameters ip address Only displays the interface information associated with the specified IP address Values ipv4 address a b c d host bits must be 0 ipv6 address x x x x x x x x eight 16 bit pi...

Page 221: ...3 04 Global If Index 30 Lag Link Map Prof none Label Description Interface Name The IP interface name Type n a No IP address has been assigned to the IP interface so the IP address type is not applica...

Page 222: ...EID Load Balance Disabled uRPF Chk disabled uRPF Ipv6 Chk disabled PTP HW Assist Disabled Rx Pkts N A Rx Bytes N A Rx V4 Pkts N A Rx V4 Bytes N A Rx V6 Pkts N A Rx V6 Bytes N A Tx Pkts 410 Tx Bytes 40...

Page 223: ...1 Unnumbered If system n a Interfaces 1 A ALA A show router interface Interface Table Router Base Interface Name Adm v4 v6 Opr v4 v6 Mode Port SapId IP Address PfxState ip 100 0 0 2 Up Up Up Up Networ...

Page 224: ...F FE00 4 64 PREFERRED ip 22 2 4 4 Up Up Up Up Network 6 2 12 22 2 4 4 24 n a 3FFE 1602 404 120 PREFERRED FE80 200 FF FE00 4 64 PREFERRED ip 23 2 4 4 Up Up Up Up Network 6 2 13 23 2 4 4 24 n a 3FFE 170...

Page 225: ...4 Pri 10 10 34 3 24 Up Up Network to ser5 Pri 10 10 35 3 24 Up Up Network to ser6 n a n a Up Down Network management Pri 192 168 2 93 20 Up Up Network A ALA A Detailed IP Interface Output The followin...

Page 226: ...e interface in seconds which is the time an ARP entry is maintained in the ARP cache without being refreshed ICMP Mask Reply False The IP interface will not reply to a received ICMP mask request True...

Page 227: ...out 14400 IP Oper MTU 1564 ICMP Mask Reply True Arp Populate Disabled Cflowd None LdpSyncTimer None Strip Label Disabled LSR Load Balance system uRPF Chk disabled uRPF Ipv6 Chk disabled PTP HW Assist...

Page 228: ...ne IP Addr mask 20 12 0 46 32 Address Type Primary IGP Inhibit Disabled Broadcast Address Host ones HoldUp Time 0 Track Srrp Inst 0 Details Description tms 3 1 If Index 5 Virt If Index 5 Last Oper Chg...

Page 229: ...is getting distributed to various It doesn t account for the pkts dropped in HW level Status TMS status could be Up Down Version TMS software version Mitigations Number of active mitigations on this T...

Page 230: ...FE80 200 FF FE00 3 64 PREFERRED Details Description Not Specified If Index 3 Virt If Index 3 Last Oper Chg 01 27 2014 16 42 40 Global If Index 19 Lag Link Map Prof none Port Id 1 1 4 TOS Marking Trust...

Page 231: ...xy ND Disabled Policies none Secure ND Details Secure ND Disabled ICMP Details Redirects Number 100 Time seconds 10 Unreachables Number 100 Time seconds 10 TTL Expired Number 100 Time seconds 10 IPCP...

Page 232: ...Rx V6 Pkts N A Rx V6 Bytes N A Tx Pkts 0 Tx Bytes 0 Tx V4 Pkts 0 Tx V4 Bytes 0 Tx V4 Discard Pk 0 Tx V4 Discard Byt 0 Tx V6 Pkts 0 Tx V6 Bytes 0 Tx V6 Discard Pk 0 Tx V6 Discard Byt 0 uRPF Chk Fail P...

Page 233: ...Tx Bytes 953088 Tx Discard Pkts 0 TMS Health Information Status Up Version Peakflow TMS 5 6 build BF42 Mitigations 1 Status message Unavailable Summary IP Interface Output The following table describ...

Page 234: ...1 1 0 0 No of Routes 1 Flags L LFA nexthop available A SRR A SRR show router isis routes 1 1 1 0 24 alternative Route Table Prefix Flags Metric Lvl Typ Ver SysID Hostname NextHop MT AdminTag Alt Nexth...

Page 235: ...LFA nexthop available A Dut B A Dut B show router isis routes alternative Route Table Prefix Flags Metric Lvl Typ Ver SysID Hostname NextHop MT AdminTag Alt Nexthop Alt Metric 10 20 1 2 32 0 1 Int 3 D...

Page 236: ...32 Push 131069BU 1 1 1 10 10 1 2 10 20 1 3 32 Swap 131069 131069BU 1 1 1 10 10 1 2 10 20 1 3 32 Push 262143 1 1 2 10 10 2 3 10 20 1 3 32 Swap 131069 262143 1 1 2 10 10 2 3 10 20 1 4 32 Push 131068 1...

Page 237: ...20 1 2 32 10 20 1 3 131070U 262141 1 1 2 10 10 2 3 10 20 1 3 32 10 20 1 2 131069U 131069 1 1 1 10 10 1 2 10 20 1 3 32 10 20 1 3 262143 1 1 2 10 10 2 3 10 20 1 4 32 10 20 1 2 131068N 131068 1 1 1 10 1...

Page 238: ...min status Up three way hello N A hello interval N A hello multiplier 35 0 1 tracking support Disabled Improved Assert N A spmsi pim ssm 225 0 0 0 32 join tlv packing N A data delay interval 3 seconds...

Page 239: ...domain name Context show router Description This command displays network domains information Parameters detail Displays detailed network domains information network domain name Displays information f...

Page 240: ...Description Network domain 1 No Of Ifs Associated 2 No Of SDPs Associated 0 Network Domain default Description Default Network Domain No Of Ifs Associated 3 No Of SDPs Associated 0 A Dut T config rou...

Page 241: ...st name to display the route policy entries as path name Specify the route policy AS path name to display route policy entries community name Specify a route policy community name to display informati...

Page 242: ...IPv4 family enabled and not those capable of exchanging IP VPN routes ipv6 Displays the BGP peers that are IPv6 capable mcast ipv4 Displays the BGP peers that are IPv4 multicast capable mcast ipv6 Dis...

Page 243: ...0 0 16 E Remote BGP VPN 00h06m38s 170 2 1 1 9 tunneled 0 No of Routes 4 Flags L LFA nexthop available B BGP backup route available E best external BGP route available n Number of times nexthop is rep...

Page 244: ...le Router Base Dest Prefix Flags Type Proto Age Pref Next Hop Interface Name Metric 10 10 1 0 24 Local Local 00h01m25s 0 ip 10 10 1 2 0 10 10 2 0 24 L Remote ISIS 00h00m58s 15 10 10 12 3 13 10 10 3 0...

Page 245: ...2 0 10 10 5 0 24 Remote ISIS 00h02m01s 15 10 10 12 3 13 10 10 1 1 LFA 20 10 10 6 0 24 Remote ISIS 00h02m01s 15 10 10 4 4 20 10 10 12 3 LFA 13 10 10 9 0 24 Remote ISIS 00h02m01s 15 10 10 4 4 20 10 10 1...

Page 246: ...ute table Route Table Router Base Dest Prefix Type Proto Age Pref Next Hop Interface Name Metric 11 2 103 0 24 Remote OSPF 00h59m02s 10 21 2 4 2 2 11 2 103 0 24 Remote OSPF 00h59m02s 10 22 2 4 2 2 11...

Page 247: ...of Routes 1 indicates that the route matches on a longer prefix A ALA A A Dut C show router route table Route Table Router Base Dest Prefix Flags Type Proto Age Pref Next Hop Interface Name Metric 1...

Page 248: ...SPF 65844 1001 10 10 10 0 2 32 10 10 13 1 Remote OSPF 65844 2001 10 10 10 0 4 32 10 10 34 4 Remote OSPF 3523 1001 10 10 10 0 5 32 10 10 35 5 Remote OSPF 1084022 1001 10 10 10 12 0 24 10 10 13 1 Remote...

Page 249: ...ge Pref Next Hop Interface Name Metric 10 20 1 5 32 Remote OSPF 00h03m55s 10 10 20 1 5 tunneled RSVP 1 100 No of Routes 1 A Dut C show router route table protocol tms Route Table Router Base Dest Pref...

Page 250: ...by the router by protocol Total active and available routes are also displayed Sample Output A ALA A show router route table summary Route Table Summary Active Available Static 1 1 Direct 6 6 BGP 0 0...

Page 251: ...eight 16 bit pieces x x x x x x d d d d x 0 FFFF H d 0 255 D prefix length 1 128 Output Router Advertisement Table Output The following table describes the output fields for router advertisement Labe...

Page 252: ...Indicates that DHCPv6 is not available for address config uration Reachable Time The time in milliseconds that a node assumes a neighbor is reachable after receiving a reachability confirmation Retra...

Page 253: ...166 Nbr Solicitation Rx 143 Max Advert Interval 601 Min Advert Interval 201 Managed Config TRUE Other Config TRUE Reachable Time 00h00m00s400ms Router Lifetime 00h30m01s Retransmit Time 00h00m00s400m...

Page 254: ...r Config FALSE TRUE Reachable Time 00h00m00s0ms 00h00m00s400ms Router Lifetime 00h30m00s 00h30m01s Retransmit Time 00h00m00s0ms 00h00m00s400ms Hop Limit 64 63 Link MTU 0 1500 Prefix not present in nei...

Page 255: ...h30m01s Retransmit Time 00h00m00s0ms 00h00m00s400ms Hop Limit 64 63 Link MTU 0 1500 Prefix not present in own router advertisement Prefix 2 120 Autonomous Flag TRUE On link flag TRUE Preferred Lifetim...

Page 256: ...g table describes the output fields for the ARP table Sample Output A ALA A show router static arp ARP Table IP Address MAC Address Age Type Interface 10 200 0 253 00 00 5a 40 00 01 00 00 00 Sta to se...

Page 257: ...router Description This command displays the static entries in the routing table If no options are present all static routes are displayed sorted by prefix Parameters family Specify the type of routin...

Page 258: ...ddress and mask Pref The route preference value for the static route Metric The route metric value for the static route Type BH The static route is a black hole route The Nexthop for this type of rout...

Page 259: ...ALA A show router static route preference 4 Route Table IP Addr mask Pref Metric Type Nexthop Interface Active 192 168 254 0 24 4 1 BH black hole n a Y A ALA A A ALA A show router static route next h...

Page 260: ...ity 100 33 CPE check disabled No of Static Routes 1 service prefix Syntax service prefix Description This command displays the address ranges reserved by this node for services sorted by prefix Output...

Page 261: ...specific application Values arp bgp cflowd dhcp dns ftp icmp igmp isis ldp mld msdp ndis ntp ospf pimradius rip rsvpsnmp snmp notification srrp ssh syslog tacplus telnet tftp traceroute vrrp pppoe dsc...

Page 262: ...d operational states for the RIP protocol ISIS The administrative and operational states for the IS IS protocol MPLS The administrative and operational states for the MPLS protocol RSVP The administra...

Page 263: ...1 Triggered Policies No A Performance A Performance configure router ospf 1 31 shutdown A Performance show router status Router Status Router Base Admin State Oper State Router Up Up OSPFv2 0 Up Up OS...

Page 264: ...PIM not configured ECMP Max Routes 1 Single SFM Overload Enabled hold off 30 sec Single SFM State normal Single SFM Start 004 19 03 39 680 Single SFM Interval 0d 00 16 06 Triggered Policies No A Perf...

Page 265: ...it means the MP BGP NH resolution is refering to the core routing instance for IP reachability For a VPRN service this object specifies the lookup to be used by the routing instance if no SDP to the d...

Page 266: ...el Disabled Admin State Up Oper State Up Acct Pol None Collect Stats Disabled Ingress Label 0 Egress Label 3 Ingr Mac Fltr Id n a Egr Mac Fltr Id n a Ingr IP Fltr Id n a Egr IP Fltr Id n a Ingr IPv6 F...

Page 267: ...ive Information Admin State Disabled Oper State Disabled Hello Time 10 Hello Msg Len 0 Max Drop Count 3 Hold Down Time 10 Statistics I Fwd Pkts 0 I Dro Pkts 0 I Fwd Octs 0 I Dro Octs 0 E Fwd Pkts 2979...

Page 268: ...cvd 0 Cfg BPDUs tx 0 TCN BPDUs rcvd 0 TCN BPDUs tx 0 TC bit BPDUs rcvd 0 TC bit BPDUs tx 0 RST BPDUs rcvd 0 RST BPDUs tx 0 Number of SDPs 1 A Dut C show router tunnel table sdp 17407 Tunnel Table Rout...

Page 269: ...IP Router Configuration 7750 SR OS Router Configuration Guide Page 269 LDP 1 1 SDP 1 1 A ALA A config service...

Page 270: ...Parameters tunnel group name Displays information for the specified tunnel group statistics Displays statistics for the specified tunnel group Sample Output A Dut C show router l2tp group L2TP Groups...

Page 271: ...d Aut Active Total Tunnels 3 0 0 2 3 Sessions 8 0 N A 5 8 Pkt Ctl Pkt Err Octets Rx 51 0 1224 Tx 51 0 2796 A Dut C peer Syntax peer ip address peer ip address statistics peer draining unreachable Cont...

Page 272: ...Tun Total Ses Total 10 10 20 101 0 0 unreach LAC 1 1 No of peers 1 A Dut C A Dut C show router l2tp peer 10 10 20 101 Peer IP 10 10 20 101 Role LAC Draining false Tunnels 1 Tunnels Active 0 Sessions 1...

Page 273: ...ngCallRequest 1 IncomingCallConnected 1 ZeroLengthBody 1 originalTransmittedMsgType StartControlConnectionReply 1 IncomingCallReply 1 ZeroLengthBody 3 last cleared time N A session Syntax session conn...

Page 274: ...up group name Specifies a string to identify a Layer Two Tunneling Protocol Tunnel group assignment id assignment id Specifies a string that distinguishes this Layer Two Tunneling Protocol tunnel loca...

Page 275: ...10043 20227 established 658210606 658178048 10043 32558 established No of sessions 6 A Dut C A Dut C show router l2tp session state closed detail L2TP Session Status Connection ID 143531662 State clo...

Page 276: ...20 CDN Result generalError General Error noError No of sessions 3 A Dut C A Dut C show router l2tp session session id 946 L2TP Session Summary ID Control Conn ID Tunnel ID Session ID State 143524786 1...

Page 277: ...ment ID isp1 tunnel 3 Error Message Terminated by PPPoE RX PADT Control Conn ID 143523840 Remote Conn ID 1148557524 Tunnel ID 2190 Remote Tunnel ID 17525 Session ID 7822 Remote Session ID 39124 Time S...

Page 278: ...100 L2TP Session Summary ID Control Conn ID Tunnel ID Session ID State 236926987 236912640 3615 14347 closed 236927915 236912640 3615 15275 closed 658187773 658178048 10043 9725 established 658198275...

Page 279: ...lesaler com L2TP Session Summary ID Control Conn ID Tunnel ID Session ID State 143524786 143523840 2190 946 established 143526923 143523840 2190 3083 established 143531662 143523840 2190 7822 closed 2...

Page 280: ...1026712216 Tunnel ID 9161 Remote Tunnel ID 15666 Session ID 31720 Remote Session ID 25240 Time Started 02 02 2010 09 08 54 Time Established 02 02 2010 09 08 54 Time Closed N A CDN Result noError Gene...

Page 281: ...Output A Dut C show router l2tp statistics L2TP Statistics Tunnels Sessions Active 3 Active 6 Setup history since 04 17 2009 18 38 41 Total 4 Total 9 Failed 0 Failed 0 Failed Auth 0 A Dut C tunnel Sy...

Page 282: ...nection id Specifies the identification number for a Layer Two Tunneling Protocol connection Values 1 429496729 detail Displays detailed L2TP session information session id session id v2 Displays info...

Page 283: ...Connection ID 236912640 State closedByPeer IP 10 20 1 3 Peer IP 10 10 20 100 Name lac1 wholesaler com Remote Name lns2 retailer1 net Assignment ID isp1 tunnel 2 Group Name isp1 group 2 Error Message...

Page 284: ...ter l2tp tunnel tunnel id 2190 statistics L2TP Tunnel Statistics Connection ID 143523840 Attempts Failed Active Total Sessions 3 0 2 3 Rx Tx Ctrl Packets 47 47 Ctrl Octets 954 1438 Error Packets 0 0 A...

Page 285: ...Max Retr Not Estab 5 Session Limit 1000 AVP Hiding never Transport Type udpIp Challenge never Time Started 04 17 2009 18 41 14 Time Idle N A Time Established 04 17 2009 18 41 14 Time Closed N A Stop...

Page 286: ...2009 18 41 03 Time Idle 04 17 2009 18 43 20 Time Established 04 17 2009 18 41 03 Time Closed 04 17 2009 18 43 20 Stop CCN Result generalReq General Error noError No of tunnels 1 A Dut C A Dut C show...

Page 287: ...ID Rem Tu ID State Ses Active Group Ses Total Assignment 658178048 10043 33762 draining 3 isp1 group 2 3 isp1 tunnel 2 No of tunnels 1 A Dut C A Fden Dut2 BSA2 show router l2tp tunnel connection id 6...

Page 288: ...ur 4 acceptedMsgType StartControlConnectionRequest 1 StartControlConnectionConnected 1 IncomingCallRequest 1 IncomingCallConnected 1 ZeroLengthBody 3 originalTransmittedMsgType StartControlConnectionR...

Page 289: ...router Description This command clears all or specific ARP entries The scope of ARP cache entries cleared depends on the command line option s specified Parameters all Clears all ARP cache entries ip...

Page 290: ...atistics src ip ip address dst ip ip address statistics all Context clear router bfd Description This command clears BFD statistics Parameters src ip ip address Specifies the address of the local endp...

Page 291: ...okup Syntax grt lookup Context clear router Description This command re evaluates route policies for GRT icmp redirect route Syntax icmp redirect route all ip address Context clear router Description...

Page 292: ...ace name or IP interface address Default All IP interfaces icmp Specifies to reset the ICMP statistics for the IP interface s used for ICMP rate limiting urpf stats Resets the statistics associated wi...

Page 293: ...or interface name is specified then statistics are cleared for all configured interfaces If an IP address or interface name is specified then only data regarding the specified interface is cleared Par...

Page 294: ...ment all router advertisement interface interface name Context clear router Description This command clears all router advertisement counters Parameters all Clears all router advertisement counters fo...

Page 295: ...ce Description This command enables the trace The no form of the command disables the trace trace point Syntax no trace point module module name type event type class event class task task name functi...

Page 296: ...nfigures route table debugging icmp Syntax no icmp Context debug router ip Description This command enables ICMP debugging icmp6 Syntax icmp6 ip int name no icmp6 Context debug router ip Description T...

Page 297: ...fied IP interface name Values 32 characters maximum ip address Only displays the interface information associated with the specified IP address headers Only displays information associated with the pa...

Page 298: ...ption This command enables debugging for tunnel tables mtrace Syntax no mtrace Context debug router Description This command configures debugging for mtrace tms Syntax no tms interface tms interface a...

Page 299: ...IP Router Configuration 7750 SR OS Router Configuration Guide Page 299...

Page 300: ...Debug Commands Page 300 7750 SR OS Router Configuration Guide...

Page 301: ...P on page 305 Configurable Parameters on page 306 VRRP Priority Control Policies on page 314 VRRP Virtual Router Policy Constraints on page 314 VRRP Virtual Router Instance Base Priority on page 314 V...

Page 302: ...n hosts directly attached to this LAN the routers sharing the IP interface prevent a single point of failure by limiting access to this gateway address VRRP can be implemented on IES service interface...

Page 303: ...single Alcatel Lucent IP interface The virtual routers must be in the same subnet Each virtual router has its own VRID state machine and messaging instance IP Address Owner VRRP can be configured in e...

Page 304: ...the forwarding responsibility if the master becomes unavailable This allows any of the virtual router IP addresses on the LAN to be used as the default first hop router by end hosts This enables a hi...

Page 305: ...his message domain must have the same VRID configured The most important parameter to be defined on a non owner virtual router instance is the priority The priority defines a virtual router s selectio...

Page 306: ...eritance on page 308 Master Down Interval on page 309 Preempt Mode on page 309 VRRP Message Authentication on page 310 Authentication Data on page 312 Virtual MAC Address on page 312 Inherit Master VR...

Page 307: ...ters may be configured with a priority of 254 through 1 The default value is 100 Multiple non owners can share the same priority value When multiple non owner backup virtual routers are tied transmit...

Page 308: ...ced If a VRRP advertisement message is received with an advertisement interval set to a value different than the local value and the inherit parameter is disabled the message is discarded without proc...

Page 309: ...ower priority master The IP address owner will always become master when available Preempt mode cannot be set to false on the owner virtual router The default value for preempt mode is true When preem...

Page 310: ...n methods which provide varying degrees of security The supported authentication types are 0 No Authentication 1 Simple Text Password 2 IP Authentication Header Authentication Type 0 No Authentication...

Page 311: ...the criteria are silently dropped Authentication Type 1 Simple Text Password The use of type 1 indicates that VRRP advertisement messages are authenticated with a clear simple text password All virtua...

Page 312: ...AC address configuration must be the same for all virtual routers participating as a virtual router or indeterminate connectivity by the attached IP hosts will result All VRRP advertisement messages a...

Page 313: ...Pv6 Virtual Router Instance Operationally Up Once the IPv6 virtual router is properly configured with a minimum of one link local backup address the parent interface s router advertisement must be con...

Page 314: ...RRP virtual router instances may be associated with the same IP interface allowing multiple priority control policies to be associated with the IP interface An applied VRRP priority control policy onl...

Page 315: ...apply simultaneously creating a dynamic priority value The base priority for the instance less the sum of the delta values derives the actual priority value in use An explicit priority event is a con...

Page 316: ...a in use priority limit is used as the in use priority for the virtual router instance Otherwise the in use priority is set to the base priority less the sum of the delta events Each event generates a...

Page 317: ...be defined each with its own priority value If the LAG transitions from one threshold to the next the previous threshold priority value is subtracted from the total delta sum while the new threshold p...

Page 318: ...hold 4 ports down Hold Set Timer Expired Set to hold set parameter 102 Three ports down Event State Set 5 ports down Event Threshold 4 ports down Hold Set Timer 3 seconds 103 All ports up Event State...

Page 319: ...ute Unknown Priority Event The route unknown priority event defines a task that monitors the existence of a given route prefix in the system s routing table The route monitoring task can be constraine...

Page 320: ...the active route table that matches the defined match criteria the route unknown priority event is considered false or cleared When a route prefix does not exist within the active route table matching...

Page 321: ...MP echo request messages destined to the non owner virtual router instance IP addresses are silently discarded in both the master and backup modes Non Owner Access Telnet When non owner access Telnet...

Page 322: ...IP interface when destined to a virtual router IP address operating in backup mode Enabling non owner access SSH does not guarantee SSH access proper management and security features must be enabled t...

Page 323: ...mentation Flow ENABLE START CONFIGURE VRRP PRIORITY CONTROL POLICIES optional CONFIGURE IES VPRN SERVICE CONFIGURE ROUTER INTERFACE CONFIGURE INTERFACE CONFIGURE INTERFACE SPECIFY ADDRESS SECONDARY AD...

Page 324: ...subnet The backup addresses explicitly define which IP addresses are in the VRRP advertisement message IP address list In the owner mode the backup IP address must be identical to one of the interfac...

Page 325: ...sic VRRP Configurations on page 327 Common Configuration Tasks on page 331 Configuring VRRP Policy Components on page 333 VRRP Configuration Management Tasks on page 338 Modifying a VRRP Policy on pag...

Page 326: ...rovides dynamic fail over of the forwarding responsibility if the master becomes unavailable The VRRP implementation allows one master per IP subnet All other VRRP instances in the same domain must be...

Page 327: ...A VRRP configuration must include the following Policy ID Define at least one of the following priority events Port down LAG port down Host unreachable Route unknown The following example displays a s...

Page 328: ...er instance can manage up to 16 backup IP addresses For IPv6 only one virtual router instance can be configured on an IES service interface VRRP parameters configured within an IES service must includ...

Page 329: ...config router router advert A nlt7750 3 config service ies info description VLAN 921 for DSC 101 Application interface DSC 101 Application create address 10 152 2 220 28 vrrp 217 backup 10 152 2 222 p...

Page 330: ...face Each virtual router instance can manage up to 16 backup IP addresses For IPv6 only one virtual router instance can be configured on a router interface VRRP parameters configured on a router inter...

Page 331: ...participating routers in a VRRP instance must be configured with the same vrid All participating non owner routers can specify up to 16 backup IP addresses IP addresses the master is representing The...

Page 332: ...each subnet The following displays an IP interface configuration example A SR1 config router info echo IP Configuration interface system address 10 10 0 1 32 exit interface testA address 123 123 123...

Page 333: ...olicy Components The following displays a VRRP policy configuration example A SR1 config vrrp info policy 1 delta in use limit 50 priority event port down 1 1 2 hold set 43200 priority 100 delta exit...

Page 334: ...in case of failure VRRP can be configured the following ways Non Owner VRRP Example on page 334 Owner Service VRRP on page 335 Non Owner VRRP Example The following displays a basic non owner VRRP con...

Page 335: ...RRP The following displays the owner VRRP configuration example A SR4 config router info echo IP Configuration interface test2 address 10 10 10 23 24 vrrp 1 owner backup 10 10 10 23 authentication typ...

Page 336: ...be configured the following ways Router Interface VRRP Non Owner on page 336 Router Interface VRRP Non Owner The following displays a non owner interface VRRP configuration example A SR2 config info...

Page 337: ...VRRP Owner The following displays router interface owner VRRP configuration example A SR2 config router info interface vrrpowner address 10 10 10 23 24 vrrp 1 owner backup 10 10 10 23 authentication t...

Page 338: ...Parameters on page 340 Deleting VRRP on an Interface or Service on page 340 Modifying a VRRP Policy To access a specific VRRP policy you must specify the policy ID To display a list of VRRP policies...

Page 339: ...rface or to an IES service Each instance in which the policy is applied must be deleted The Applied column in the following example displays whether or not the VRRP policies are applied to an entity A...

Page 340: ...ntering the owner keyword is optional when entering the vrid for modification purposes Deleting VRRP on an Interface or Service The vrid does not need to be shutdown to remove the virtual router insta...

Page 341: ...d Hierarchies Configuration Commands VRRP Network Interface Commands on page 342 Router Interface IPv6 Commands on page 343 Router Interface IPv6 VRRP Commands on page 344 VRRP Priority Control Event...

Page 342: ...unnumbered vrrp virtual router id owner no vrrp virtual router id authentication key authentication key hash key hash hash2 no authentication key no backup ip address no bfd enable service id interfa...

Page 343: ...ket too big number seconds no packet too big param problem number seconds no param problem redirects number seconds no redirects time exceeded number seconds no time exceeded unreachables number secon...

Page 344: ...ssage interval no ping reply policy vrrp policy id no policy no preempt priority priority no priority no shutdown no standby forwarding no telnet reply no traceroute reply VRRP Priority Control Event...

Page 345: ...t down port id hold clear seconds no hold clear hold set seconds no hold set priority priority level delta explicit no priority no route unknown ip prefix mask hold clear seconds no hold clear hold se...

Page 346: ...istics router vrrp interface ip int name vrid virtual router id interface ip int name vrid virtual router id ipv6 statistics interface interface name vrid virtual router id statistics statistics inter...

Page 347: ...VRRP 7750 SR OS Router Configuration Guide Page 347 no packets interface ip int name vrid virtual router id no packets interface ip int name vrid virtual router id ipv6...

Page 348: ...Page 348 7750 SR OS Router Configuration Guide...

Page 349: ...sage authentication data fields The first field contains the first four characters with the first octet starting with IETF RFC bit position 0 containing the first character The second field similarly...

Page 350: ...P addresses that are advertised within VRRP advertisement messages This communicates the IP addresses that the master is representing to backup virtual routers receiving the messages Advertising a cor...

Page 351: ...of the parent IP interface defined IP addresses primary and secondary For non owner virtual router instances the virtual router IP addresses each must be within one of the parental IP interface IP ad...

Page 352: ...P interface is not configured the virtual router IP address assignment fails Parent Primary IP Address Changed When a virtual router IP address is set and the associated parent IP interface IP address...

Page 353: ...pecified ipv6 addr must be equal to one of the existing parental IP interface IP addresses link local or global or the backup command will fail For non owner virtual router instances the backup comman...

Page 354: ...the operationally down state Special Cases Assigning the Virtual Router ID Address Once the vrid is created on the parent IP interface IP addresses need to be assigned to the virtual router instance I...

Page 355: ...Router IP Address Parental Association and Non Owner Virtual Router IP Address Parental Association on the parental IP interface must already exist If an associated IP address on the parental IP inte...

Page 356: ...used for the BFD are set by the BFD command under the IP interface The specified interface may not be configured with BFD when it is the virtual router will then initiate the BFD session The no form o...

Page 357: ...effect ediately When the virtual router MAC on a master virtual router instance changes a gratuitous ARP is ediately sent with a VRRP advertisement message If the virtual router instance is disabled o...

Page 358: ...virtual router master or backup and the state of the master int inherit parameter When a non owner is operating as master for the virtual router the configured message interval is used as the operati...

Page 359: ...within the chassis The policy can be associated with more than one virtual router instance The priority events within the policy either override or diminish the base priority set with the priority co...

Page 360: ...in the non owner vrrp nodal context The owner may not be preempted because the priority of non owners can never be higher than the owner The owner always preempts all other virtual routers when it is...

Page 361: ...y Context config router if vrrp config router if ipv6 vrrp Description This command enables the non owner master to reply to ICMP echo requests directed at the vritual router instances IP addresses No...

Page 362: ...al router instance provides a mechanism to maintain the virtual routers without causing false backup master state changes If the shutdown command is executed no VRRP advertisement messages are generat...

Page 363: ...ses Default no ssh reply SSH requests to the virtual router instance IP addresses are discarded standby forwarding Syntax no standby forwarding Context config router if vrrp config router if ipv6 vrrp...

Page 364: ...virtual router instance IP addresses Default no telnet reply Telnet requests to the virtual router instance IP addresses are discarded traceroute reply Syntax no traceroute reply Context config route...

Page 365: ...annot be changed vrrp master int inherit Owner virtual router instances do not accept VRRP advertisement messages the advertisement interval field is not evaluated and cannot be inherited ping reply t...

Page 366: ...Page 366 7750 SR OS Router Configuration Guide have the owner parameter removed The vrid must be deleted and than recreated without the owner keyword to remove ownership...

Page 367: ...ority control event overrides the delta priority control events the delta in use limit has no effect Setting the limit to a higher value than the default of 1 limits the effect of the delta priority c...

Page 368: ...s It is a parental node for the various VRRP priority control policy commands that define the policy parameters and priority event conditions The virtual router instance priority command defines the i...

Page 369: ...oes not apply to a service but applies to the base router instance Values 1 2147483647 priority event Syntax no priority event Context config vrrp policy vrrp priority id Description This command crea...

Page 370: ...onds no hold set Context config vrrp policy priority event host unreachable config vrrp policy priority event lag port down config vrrp policy priority event port down config vrrp policy priority even...

Page 371: ...id channel id config vrrp policy priority event route unknown prefix mask length Description This command controls the effect the set event has on the virtual router instance in use priority When the...

Page 372: ...s no longer used in the in use priority calculation When explicit is specified the priority level value is used to override the base priority of the virtual router instance if the priority event is se...

Page 373: ...set When an event transitions from clear to set the set is processed ediately and must be reflected in the associated virtual router instances in use priority value As the event transitions from clea...

Page 374: ...c type sap net net sap The POS channel on the port monitored by the VRRP priority control event The port id channel id can only be monitored by a single event in this policy The channel can be monitor...

Page 375: ...an arbitrary LAG The lag id does have to already exist within the system The operational state of the lag port down event will indicate Set non existent Set one port down Set two ports down Set three...

Page 376: ...e priority of all associated virtual router instances must be reevaluated The events hold set timer has no effect on the removal procedure Default no lag port down No LAG priority control events are c...

Page 377: ...re evaluated after removal Default no number down No threshold for the LAG priority event is created Parameters number of lag ports down The number of LAG ports down to create a set event threshold T...

Page 378: ...a successful message attempt clears the consecutive drop counter The event is not cleared until the consecutive drop counter is less than the drop count value and the hold set timer has a value of zer...

Page 379: ...the state to be set while the previous attempt was successful When an event transitions from clear to set the set is processed ediately and must be reflected in the associated virtual router instance...

Page 380: ...d by multiple VRRP priority control policies The IP address can be used in one or multiple ping requests Each VRRP priority control host unreachable and ping destined to the same ip addr is uniquely i...

Page 381: ...rding to the message identifier and sequence number With each consecutive attempt to send an ICMP echo request message the timeout timer is loaded with the timeout value The timer decrements until An...

Page 382: ...out is received that reply is silently discarded while incrementing the priority event reply discard counter The no form of the command reverts to the default value Default 1 Parameters seconds The n...

Page 383: ...allow default optional parameter extends the less specific match to include the default route 0 0 0 0 The no form of the command prevents RTM lookup results that are less specific than the route pref...

Page 384: ...rotocol Context config vrrp policy priority event route unknown prefix mask length Description This command adds one or more route sources to match the route unknown IP route prefix for a route unknow...

Page 385: ...ute unknown route prefix The rip parameter is not exclusive from the other available protocol parameters If protocol is executed without the rip parameter a returned route prefix with a source of RIP...

Page 386: ...an event transitions from clear to set the set is processed ediately and must be reflected in the associated virtual router instances in use priority value As the event transitions from clear to set...

Page 387: ...lues 0 32 ip address The IP address of the host for which the specific event will monitor connectivity The ip addr can only be monitored by a single event in this policy The IP address can be monitore...

Page 388: ...Page 388 7750 SR OS Router Configuration Guide...

Page 389: ...information for the specified VRRP instance on the IP interface Default All VRIDs for the IP interface Values 1 255 ipv6 Specifies the IPv6 instance Output VRRP Instance Output The following table de...

Page 390: ...wn timer is indirectly derived from the value in the advertisement interval field of the VRRP message received from the current master No When the VRRP instance is operating as a backup and the master...

Page 391: ...IP address of the VRRP master Primary IP The IP address of the VRRP owner Up Time The date and time when the operational state of the event last changed Virt MAC Addr The virtual MAC address used in A...

Page 392: ...p Oper State Up Up Time 09 23 2004 06 53 45 Virt MAC Addr 00 00 5e 00 01 01 Auth Type None Config Mesg Intvl 1 In Use Mesg Intvl 1 Master Inherit Intvl No Base Priority 100 In Use Priority 100 Policy...

Page 393: ...Up Up Time 09 23 2004 06 55 12 Virt MAC Addr 00 00 5e 00 02 0a Config Mesg Intvl 1 0 In Use Mesg Intvl 1 0 Master Inherit Intvl Yes Base Priority 100 In Use Priority 100 Policy ID n a Preempt Mode Yes...

Page 394: ...he policy ID Default All event types and qualifiers Values port down port id lag port down lag id host unreachable host ip addr route unknown route prefix mask mc ipsec non forwarding specific qualifi...

Page 395: ...nless this value is 0 Description A text string which describes the VRRP policy Event Type ID A delta priority event is a conditional event defined in a priority con trol policy that subtracts a given...

Page 396: ...e ID Event Oper State Hold Set Priority In Remaining Effect Use Host Unreach 10 10 200 252 n a Expired 20 Del No Host Unreach 10 10 200 253 n a Expired 10 Del No Route Unknown 10 10 100 0 24 n a Expir...

Page 397: ...th the priority control policy happen simultane ously This sum is subtracted from the base priority of the virtual router to give the in use priority Delta Limit The delta in use limit for a VRRP poli...

Page 398: ...P pri ority control event can transition to the cleared state to dampen flap ping events Priority The base priority used by the virtual router instance Priority Effect Delta The priority level value i...

Page 399: ...7 04 54 35 A ALA A A ALA A show vrrp policy 1 event host unreachable VRRP Policy 1 Event Host Unreachable 10 10 200 252 Description 10 10 200 253 reachability Current Priority None Applied No Current...

Page 400: ...0 100 0 24 Priority 1 Priority Effect Explicit Less Specific No Default Allowed No Next Hop s None Protocol s None Hold Set Config 0 sec Hold Set Remaining Expired Value In Use No Current State n a tr...

Page 401: ...VRRP 7750 SR OS Router Configuration Guide Page 401 Sample Output A ALA 48 show router vrrp statistics VRRP Global Statistics VR Id Errors 0 Version Errors 0 Checksum Errors 0 A ALA 48...

Page 402: ...Values 1 999 absolute When the absolute keyword is specified the raw statistics are displayed without pro cessing No calculations are performed on the delta or rate statistics rate When the rate keywo...

Page 403: ...interface n2 At time t 0 sec Base Statistics Master Transitions 1 Discontinuity Time 09 09 2004 01 57 Adv Sent 1365 Adv Received 0 Pri Zero Pkts Sent 0 Pri Zero Pkts Rcvd 0 Preempt Events 0 Preempted...

Page 404: ...Clears IPv6 information for the specified interface statistics Syntax statistics policy policy id Context clear router vrrp Description This command enables the context to clear and reset VRRP entitie...

Page 405: ...the specified VRRP instance on the IP inter face Default All VRRP instances on the IP interface Values 1 255 policy vrrp policy id Clears VRRP statistics for all or the specified VRRP priority contro...

Page 406: ...vents The no form of the command disables debugging Parameters ip int name Displays the specified interface name vrid virtual router id Displays the specified VRID ipv6 Debugs the specified IPv6 VRRP...

Page 407: ...y Guide and CPM security and Management Interface described in SROS Router Configuration Guide Topics in this chapter include ACL Filter Policy Overview on page 408 on page 411 ACL Filter Policy Scale...

Page 408: ...of filter policies as defined by the scope argument of the filter policy An exclusive filter is intended to be used by a single SAP interface a template filter is intended to be shared by multiple SA...

Page 409: ...e packet does not match any of the entries the system executes the default action specified in the filter policy Each filter policy is assigned a unique filter ID Each filter policy is defined with Sc...

Page 410: ...ce N A Router interface Egress multicast group Egress multicast group Egress multicast group IES interface SAP spoke SDP N A IES interface SAP spoke SPD subscriber interface VPRN interface SAP spoke S...

Page 411: ...ically maps and downloads policies to each FlexPath only as needed by services and interfaces configured on that FlexPath Statistics for filters aggregate all statistics across all FlexPaths that have...

Page 412: ...trap will be raised for the impacted filter policies It is recommended that the operator remove extra filter entries as operational conditions such as an IOM reset for example may cause different filt...

Page 413: ...tch list for CPM and IOM filter policies are introduced to eliminate above operational complexity by simplifying the IOM and CPM filter policy management on a list of a match criterion Instead of defi...

Page 414: ...hanges may result in acceptance of filter policy configuration changes that cannot be programmed in hardware because of the resource exhaustion If that is the case when attempting to program a filter...

Page 415: ...prefixes Duplicates are not removed when populated by different auto generation matches and static configuration A configuration will fail if auto generation of address prefix would result in filer po...

Page 416: ...filter an operator may wish to change or deactivate an embedded filter policy entry in one of the embedding filter thus allowing for customizing of the common embedded filter policy rules by the embed...

Page 417: ...resources available Figure 17 shows implementation of embedded filter policy using IPv4 ACL filter policy example with an embedded filter 10 being used to define common filter rules that are then emb...

Page 418: ...The destination with the highest priority value is selected There are no default redirect policies Each redirect policy must be explicitly configured and specified in an IPv4 filter entry To facilita...

Page 419: ...eb redirection 1 The customer gets an IP address using DHCP if the customer is trying to set a static IP he will be blocked by the anti spoofing filter 2 The customer tries to connect to a website 3 T...

Page 420: ...requested URL SAP The customer s SAP SUB The customer s subscriber identification string CID A string that represents the circuit id or interface id of the subscriber host hexadecimal format RID A str...

Page 421: ...is available only when used with subscriber management Refer to the subscriber management section of the SROS Triple Play Guide and the SR OS Router Configuration Guide Since most web sites are access...

Page 422: ...tination may be flooded in the BVPLS context as unknown unicast in the BVPLS context for both IVPLS and PBB Epipe To restrict distribution of this traffic for local PBB services ISID filters can be de...

Page 423: ...1 x 0 The matching is based on the port configuration and the SAP configuration In the industry the QinQ tags are often referred to as the C VID Customer VID and S VID service VID The terms outer tag...

Page 424: ...nsparently by the Service Tags Too Deep to be Service Delimiting or to be Used for VID Filtering Tag Available for Matching and Indication of Which Match Criteria to Use 20 10 Payload MAC 10 20 30 Pay...

Page 425: ...onal check for the 0 VID tag may be required when using certain wild card operations For example frames with no tags on null encapsulated ports will match a value of 0 in outer tag and inner tag becau...

Page 426: ...1 1 would have a filter as shown below while port A sap 1 1 1 2 would not mac filter 4 create default action forward type vid entry 1 create match frame type ethernet_II outer tag 30 4095 exit action...

Page 427: ...tion and Implementation Flow Figure 22 displays the process to create a filter policy and apply that policy to a service or network port CREATE A REDIRECT POLICY CREATE IP FILTER SPECIFY DESTINATION P...

Page 428: ...and Applying Filter Policies CREATE AN IP OR MAC FILTER FILTER ID CREATE FILTER ENTRIES ENTRY ID SPECIFY SCOPE DEFAULT ACTION DESCRIPTION SPECIFY ACTION PACKET MATCHING CRITERIA SAVE CONFIGURATION CRE...

Page 429: ...ilters are applied to a SAP packets received at the egress SAP are checked against the matching criteria in the filter entries If the packet completely matches all criteria in an entry the checking st...

Page 430: ...col for example TCP UDP IGMPv6 against the Next Header field of the outer IPv6 header of the packet Note next header matching allows also to match on presence of some of the IPv6 extension headers See...

Page 431: ...allows the filter to search for matching 802 1p frame etype Entering an Ethernet type II Ethertype value to be used as a filter match criterion The Ethernet type field is a two byte field used to ide...

Page 432: ...the use of inner tag outer tag match criteria and must be set to vid to allow the use of inner tag outer0 tag match criteria DSCP Values Table 9 DSCP Name to DSCP Value Table DSCP Name Decimal DSCP Va...

Page 433: ...cp33 33 af41 34 cp35 35 af42 36 cp37 37 af43 38 cp39 39 cs5 40 cp41 41 cp42 42 cp43 43 cp44 44 cp45 45 ef 46 cp47 47 nc1 48 cs6 cp49 49 cp50 50 cp51 51 cp52 52 cp53 53 cp54 54 cp55 55 cp56 56 cp57 57...

Page 434: ...ying ACL Policies Page 434 7750 SR OS Router Configuration Guide nc2 58 cs7 cp60 60 cp61 61 cp62 62 Table 9 DSCP Name to DSCP Value Table Continued DSCP Name Decimal DSCP Value Hexadecimal DSCP Value...

Page 435: ...1 0 2 130 SEC Security 1 0 3 131 LSR Loose source router 1 0 5 133 E SEC Extended security 1 0 6 134 CIPSO Commercial security 1 0 8 136 SID Stream id 1 0 9 137 SSR Strict source route 1 0 14 142 VIS...

Page 436: ...ID 2 using the renum filter policy command When a filter consists of a single entry the filter executes actions as follows If a packet matches all the entry criteria the entry s specified action is pe...

Page 437: ...Source Address 10 10 10 103 Destination Address 10 10 10 105 FILTER ENTRY ID 20 Action Forward REMAINING PACKETS ARE DROPPED PER THE DEFAULT ACTION DROP FORWARD PACKETS WITH MATCHING SA AND DA FORWAR...

Page 438: ...APs A specific filter must be explicitly associated with a specific service in order for packets to be matched Each filter policy must consist of at least one filter entry Each entry represents a coll...

Page 439: ...matching criteria MAC filters cannot be applied to routable VPLS MAC filters cannot be applied to network interfaces Some of the MAC filter of type normal match criteria fields are exclusive to each o...

Page 440: ...ilter entry without an action parameter specified will be considered incomplete and be inactive Log Filter Summarization logging is the collection and summarization of log messages for 1 specific log...

Page 441: ...S Router Configuration Guide Page 441 In case the mini table has no more free entries only total counter is incremented At expiry of the summarization interval the mini table for each type is flushed...

Page 442: ...Configuration Notes Page 442 7750 SR OS Router Configuration Guide...

Page 443: ...Creating an IP Filter Policy on page 445 Creating an IPv6 Filter Policy on page 450 Applying IPv4 v6 Filter Policies to a Network Port on page 457 Creating a Redirect Policy on page 458 Configuring Po...

Page 444: ...a sample configuration of an IP filter policy The configuration blocks all incoming TCP session except Telnet and allows all outgoing TCP sessions from IP net 10 67 132 0 24 Figure 24 depicts the int...

Page 445: ...a Match List for Filter Policies on page 455 Applying IPv4 v6 Filter Policies to a Network Port on page 457 Creating an IP Filter Policy Configuring and applying filter policies is optional Each filt...

Page 446: ...750 SR OS Router Configuration Guide IP Filter Policy The following displays an exclusive filter policy configuration example A ALA 7 config filter info ip filter 12 create description IP filter scope...

Page 447: ...packets are handled either dropped or forwarded Enter a filter entry ID The system does not dynamically assign a value Assign an action either drop or forward Specify matching criteria The following d...

Page 448: ...ays an http redirect configuration example A ALA 48 config filter ip filter info description filter main scope exclusive entry 10 create description no 91 match dst ip 10 10 10 91 24 src ip 10 10 0 10...

Page 449: ...eate description no 91 filter sample interface disable sample match exit action forward redirect policy redirect1 exit A ALA 7 config filter ip filter Within a filter entry you can also specify that t...

Page 450: ...Creating an IPv6 Filter Policy Configuring and applying IPv6 filter policies is optional IPv6 Filter Policy must be configured separately from IP IPv4 filter policy The configuration mimics IP Filter...

Page 451: ...specified MAC normal MAC isid MAC vid A filter policy ID A default action either drop or forward Filter policy scope either exclusive or template At least one filter entry Matching criteria specified...

Page 452: ...plays an ISID filter configuration example A ALA 7 config filter info mac filter 90 create description filter wan man scope template type isid entry 1 create description drop local isids match isid 10...

Page 453: ...D filter configuration example A TOP_NODE config filter mac filter info default action forward type vic entry 1 create match frame type ethernet_II ouiter tag 85 4095 exit action drop exit entry 2 cre...

Page 454: ...n specified in the entry determine how the packets are handled either dropped or forwarded Enter a filter entry ID The system does not dynamically assign a value Assign an action either drop or forwar...

Page 455: ...pecify at least one list argument a valid IPv4 address prefix for example Optionally a description can also be defined The following displays an IPv4 address prefix list configuration example and usag...

Page 456: ...t displays IP and MAC filters assigned to an ingress and egress SAP and spoke SDP A ALA 48 config service epipe info sap 1 1 1 1 1 create ingress filter ip 10 exit egress filter mac 92 exit exit spoke...

Page 457: ...is used to associate an existing filter policy or if defined a Filter Name for that Filter ID policy can be used in the CLI The following displays an IP filter applied to an interface at ingress A ALA...

Page 458: ...ng displays a redirection policy configuration A ALA 7 config filter info redirect policy redirect1 create destination 10 10 10 104 create description SNMP_to_104 priority 105 snmp test SNMP 1 interva...

Page 459: ...I performs packet inspection modification and either drops the traffic or forwards the traffic back into the box through SAP 1 1 21 1 Traffic will then be sent to spoke sdp 3 5 SAP 1 1 23 5 is configu...

Page 460: ...1 split horizon group split create disable learning static mac 00 00 00 31 11 01 create exit sap 1 1 22 1 split horizon group dpi create disable learning static mac 00 00 00 31 12 01 create exit sap...

Page 461: ...p split create exit stp shutdown exit sap 1 1 5 5 split horizon group split create ingress filter mac 100 exit static mac 00 00 00 31 15 05 create exit sap 1 1 21 1 split horizon group split create di...

Page 462: ...olicy Entries The system exits the matching process when the first match is found and then executes the actions in accordance with the specified action Because the ordering of entries is important the...

Page 463: ...on forward exit entry 40 create match dst ip 10 10 10 91 24 src ip 10 10 10 106 24 exit action drop exit exit A ALA 7 config filter A ALA 7 config filter info ip filter 11 create description filter ma...

Page 464: ...the no form of the command to remove the command parameters or return the parameter to the default setting Example config filter ip filter description New IP filter info config filter ip filter entry...

Page 465: ...on Guide Page 465 entry 15 create description no 91 match dst ip 10 10 10 91 24 src ip 10 10 10 103 24 exit action forward exit entry 30 create match dst ip 10 10 10 91 24 src ip 10 10 0 200 24 exit a...

Page 466: ...ter command in all context where the filter is used The following illustrates an example of removing a filter filter ID 11 from an ingress ePipe SAP Example config service epipe 5 config service epipe...

Page 467: ...l test url http www alcatel com config filter redirect policy dest url test interval 10 config filter redirect policy dest url test timeout 10 config filter redirect policy dest url test return code 1...

Page 468: ...direct1 policy from the filter configuration Example config filter ip filter 11 config filter ip filter entry 1 config filter ip filter entry action forward redirect policy redirect2 config filter ip...

Page 469: ...ilter policies can also be created by copying an existing policy and renaming the new filter The following displays the command usage to copy an existing IP filter 11 to create a new filter policy 12...

Page 470: ...Filter Management Tasks Page 470 7750 SR OS Router Configuration Guide...

Page 471: ...n page 478 Copy Filter Commands on page 479 Show Commands on page 479 Clear Commands on page 479 Monitor Commands on page 480 Configuration Commands DHCP Filter Policy Commands config filter dhcp filt...

Page 472: ...rride action forward lsp lsp name action forward router router instance action forward router service name service name action gtp local breakout action nat nat policy name action reassemble no action...

Page 473: ...tcp syn true false no tcp syn filter name filter name no filter name group inserted entries application application location location renum old entry id new entry id scope exclusive template embedded...

Page 474: ...forward router router instance action forward router service name service name action http redirect rdr url string action nat nat policy name flavor flavor no action description description string no...

Page 475: ...try id scope exclusive template embedded no scope shared radius filter wmark low low watermark high high watermark no shared radius filter wmark sub insert credit control start entry entry id count co...

Page 476: ...description log log id no log match frame type 802dot3 802dot2 llc 802dot2 snap ethernet_II no match dot1p dot1p value dot1p mask no dot1p dsap dsap value dsap mask no dsap dst mac ieee address ieee...

Page 477: ...cription description string no description no prefix ip prefix prefix length ipv6 prefix list ipv6 prefix list name create no ipv6 prefix list ipv6 prefix list name no apply path bgp peers index group...

Page 478: ...no shutdown snmp test test name create no snmp test test name drop count consecutive failures hold down seconds no drop count interval seconds no interval oid oid string community community string no...

Page 479: ...s ip ip filter id entry entry id detail ipv6 ipv6 embedded inactive ipv6 ipv6 filter id embedded inactive ipv6 ipv6 filter id detail ipv6 ipv6 filter id associations ipv6 ipv6 filter id type entry typ...

Page 480: ...tor Commands monitor filter ip ip filter id entry entry id interval seconds repeat repeat absolute rate filter ipv6 ipv6 filter id entry entry id interval seconds repeat repeat absolute rate filter ma...

Page 481: ...match list ip prefix list config filter match list ip filter config filter match list port list Description This command creates a text description stored in the configuration file for a configuratio...

Page 482: ...CL is a template that can be applied to multiple services or multiple network ports as long as the scope of the policy is template Any changes made to the existing policy using any of the sub commands...

Page 483: ...d Parameters filter id specifies the IPv6 filter policy ID number Values 1 65535 create Keyword required when first creating the configuration context Once the context is created one can navigate into...

Page 484: ...any string up to 32 characters long composed of printable 7 bit ASCII characters If the string contains special characters spaces etc the entire string must be enclosed within double quotes There is...

Page 485: ...string exact invert match option dhcp option number match string ascii string exact invert match no option Context config filter dhcp filter entry Description This command configures the action to tak...

Page 486: ...ecifies the destination of the filter log ID is a Syslog server The syslog id parameter is the number of the Syslog server definition Values 1 10 shutdown Syntax no shutdown Context config filter log...

Page 487: ...r summary minitable is flushed and recreated with different key information Log packets received during the reconfiguration time will be handled as if summary was not active The no form of the command...

Page 488: ...SR OS Router Configuration Guide The no form of the command configures the memory filter log to accept filter log entries until full When the memory filter log is full filter logging for the log filt...

Page 489: ...fset active inactive no embed filter filter id Context config filter ip filter config filter ipv6 filter Description This command embeds a previously defined IPv4 or IPv6 embedded filter policy into t...

Page 490: ...is command configures the filter policy scope as exclusive template or embedded If the scope of the policy is template and is applied to one or more services or network interfaces the scope cannot be...

Page 491: ...lter ranges for filter entry insertion at which a table full alarm will be cleared by the agent Values 1 8000 sub insert credit control Syntax sub insert credit control start entry entry id count coun...

Page 492: ...ption This command configures the insert point for shared host rules from RADIUS entry entry id Identifies a filter on this system Values 1 65535 count count Specifies the count Values 1 65535 sub ins...

Page 493: ...type filter type Context config filter mac filter Description This command configures the type of mac filter as normal ISID or VID types Default normal Parameters filter type Specifies which type of e...

Page 494: ...ntries removed from the filter are immidately removed from all services or network ports where that filter is applied Default none Parameters entry id An entry id uniquely identifies a match criteria...

Page 495: ...lter log ID The filter log ID must exist before a filter entry can be enabled to use the filter log ID The no form of the command disables logging for the filter entry Default no log Parameters log id...

Page 496: ...sdp id vc id action http redirect rdr url string allow radius override action nat nat policy name flavor flavor no action Context config filter ip filter entry config filter ipv6 filter entry Descript...

Page 497: ...Ps are supported including q in q BCP and bridged Ethernet in Frame Relay Refer to Common CLI Command Descriptions on page 661 for SAP CLI command syntax and parameter descriptions sdp sdp id vc id sp...

Page 498: ...of packets if the ingress interface is in cflowd acl mode Default no filter sample interface disable sample Syntax no interface disable sample Context config filter ip filter entry config filter ipv6...

Page 499: ...7 The no form the command removes the protocol from the match criteria Values 0 255 values can be expressed in decimal hexidecimal or binary DHB keywords none crtp crudp egp eigrp encap ether ip gre i...

Page 500: ...the entry id Parameters next header Specifies the IPv6 next header to match Note that this parameter is analogous to the protocol parameter used in IP Filter match criteria Values 0 42 45 49 52 59 61...

Page 501: ...er ip filter entry match config filter ipv6 filter entry match Description This command configures a destination IP address range to be used as an IP filter match criterion To match on the destination...

Page 502: ...iterion in dotted decimal notation Values ipv6 address x x x x x x x x eight 16 bit pieces x x x x x x d d d d x 0 FFFF H d 0 255 D prefix length The IPv6 prefix length for the ipv6 address expressed...

Page 503: ...ort number The destination port number to be used as a match criteria expressed as a decimal integer Values 0 65535 port list name A string of up to 32 characters of printable ASCII characters If spec...

Page 504: ...f the command removes the match criterion Default no fragment Parameters true Specifies to match on all fragmented IP packets A match will occur for all packets that have either the MF more fragment b...

Page 505: ...ket without an ESP Extension Header hop by hop opt Syntax hop by hop opt true false no hop by hop opt Context config filter ipv6 filter entry match Description This command enables match on existence...

Page 506: ...6 type field in the ICMP ICMPv6 header of an IP or IPv6 packet as a filter match criterion Note that an entry containing Layer 4 match criteria will not match non initial 2nd 3rd etc fragments of a fr...

Page 507: ...to use as the match criteria This 8 bit mask can be configured using the following formats Default 255 decimal exact match Values 1 255 decimal multiple option Syntax multiple option true false no mul...

Page 508: ...ld present in the IP header an option field of zero An option field of zero is considered as no option present port Syntax port lt gt eq port number port port list port list name port range port numbe...

Page 509: ...f 10 1 0 0 255 255 0 0 may also be used The no form of the command removes the source IP address match criterion Default no src ip Parameters ip address The valid IP prefix for the IP match criterion...

Page 510: ...r match gt specifies all port numbers greater than src port number match eq specifies that src port number must be an exact match src port number The source port number to be used as a match criteria...

Page 511: ...o not have the ACK bit set in the control bits of the TCP header of the IP packet tcp syn Syntax tcp syn true false no tcp syn Context config filter ip filter entry match config filter ipv6 filter ent...

Page 512: ...Pv4 address prefixes An IPv4 prefix match list cannot be deleted if it is referenced by a filter policy Please see general description related to match list usage in filter policies Default none Param...

Page 513: ...y path bgp peers Syntax bgp peers index group reg exp neighbor reg exp no bgp peers index Context config filter match list ip pfx list apply path config filter match list ipv6 pfx list apply path Desc...

Page 514: ...ilter policies Parameters port list name A string of up to 32 characters of printable ASCII characters If special characters are used the string must be enclosed within double quotes Default no ports...

Page 515: ...p IPv6 address space An IPv6 prefix addition will be blocked if resource exhaustion is detected anywhere in the system because of Filter Policies that use this IPv6 address prefix list Default No pref...

Page 516: ...rlap IPv4 address space An IPv4 prefix addition will be blocked if resource exhaustion is detected anywhere in the system because of Filter Policies that use this IPv4 address prefix list Default none...

Page 517: ...ers drop Specifies packets matching the entry criteria will be dropped forward Specifies packets matching the entry criteria will be forwarded Only Ethernet SAPs are supported including q in q BCP bri...

Page 518: ...eyword configures an Ethernet frame type to be used for the MAC filter match criteria Default 802dot3ethernet_II Values 802dot3 802dot2 llc 802dot2 snap ethernet_II 802dot3 Specifies the frame type is...

Page 519: ...ample if a packet ingresses on a null encapsulated SAP and the customer packet is IEEE 802 1Q or 802 1p tagged the 802 1p bits will be present for a match evaluation On the other hand if a customer ta...

Page 520: ...the no form of the command to remove the dsap value as the match criterion Default no dsap Parameters dsap value The 8 bit dsap match criteria value in hexadecimal Values 0x00 0xFF hex mask This is op...

Page 521: ...field is a two byte field used to identify the protocol carried by the Ethernet frame For example 0800 is used to identify the IPv4 packets The Ethernet type field is used by the Ethernet version II f...

Page 522: ...ext config filter mac filter entry match Description This command configures the matching of the second tag that is carried transparently through the service The inner tag on ingress is the second tag...

Page 523: ...will contain the next tag which is still the first tag carried transparently through the service On SAPs with two service delimiting tags two tags stripped outer tag will contain 0 even if there are...

Page 524: ...e OUI fields but the same PID field will both match the same filter entry based on a snap pid match criteria The no form of the command removes the snap pid value as the match criteria Default no snap...

Page 525: ...3 Ethernet Frame The snap pid field etype field ssap and dsap fields are mutually exclusive and may not be part of the same match criteria MAC Match Criteria Exclusivity Rules on page 439 describes f...

Page 526: ...r id and the dest filter id are MAC filter IDs source filter id The source filter id identifies the source filter policy from which the copy command will attempt to copy The filter policy must exist w...

Page 527: ...trol location location Specifies at what location the inserted entries must be grouped Values top bottom renum Syntax renum old entry id new entry id Context config filter ip filter config filter ipv6...

Page 528: ...tination ping test config filter destination snmp test Description This command configures parameters to perform connectivity ping tests to validate the ability for the destination to receive redirect...

Page 529: ...t Default 1 Parameters seconds Specifies the amount of time in seconds between consecutive requests sent to the far end host Values 1 60 timeout Syntax timeout seconds no timeout Context config filter...

Page 530: ...ng up to 32 characters long composed of printable 7 bit ASCII characters If the string contains special characters spaces etc the entire string must be enclosed within double quotes oid Syntax oid oid...

Page 531: ...licy destination Description The context to enable URL test parameters IP filters can be used to selectively cache some web sites Default none Parameters test name The name of the URL test Allowed val...

Page 532: ...thin the specified range lower priority priority Specifies the amount to lower the priority of the destination when the return code falls within the specified range raise priority priority Specifies t...

Page 533: ...Filters Filter Id Applied Description 10 No test dhcp filter Num filter entries 1 B TechPubs config B TechPubs config show filter dhcp 10 DHCP Filter Filter Id 10 Applied No Entries 0 Description tes...

Page 534: ...text show filter Description This command shows IP filter information Parameters ip filter id Displays detailed information for the specified filter ID and its filter entries Values 1 65535 entry entr...

Page 535: ...1 Template Yes 3 Template Yes 6 Template Yes 10 Template No 11 Template No Num IP filters 5 A ALA 49 A Dut C config filter show filter ip Label Description Filter Id The IP filter ID Scope Template Th...

Page 536: ...te The filter policy is of type template Exclusive The filter policy is of type exclusive Entries The number of entries configured in this filter ID Description The IP filter policy description Applie...

Page 537: ...eria TCP syn False Configures a match on packets with the SYN flag set to false True Configured a match on packets with the SYN flag set to true Off The state of the TCP SYN flag is not considered as...

Page 538: ...rd Radius Ins Pt n a CrCtl Ins Pt n a Entries 2 insert By Bgp On Matches packets that contain the option field or have an option field of zero be used as IP filter match criteria Int Sampling Off Inte...

Page 539: ...6 Dscp Undefined ICMP Type Undefined ICMP Code Undefined Fragment Off Option present Off Sampling Off Int Sampling On IP Option 0 0 Multiple Option Off TCP syn Off TCP ack Off Match action Forward Ne...

Page 540: ...mbedded N A System IP Filters Total 1 Filter Id Description _tmnx_ofs_test of switch test embedded filter Num IP filters 5 A bksim4001 show filter ip _tmnx_ofs_test IP Filter Filter Id _tmnx_ofs_test...

Page 541: ...0 1 24 Dest Port None Protocol Undefined Dscp Undefined ICMP Type Undefined ICMP Code Undefined Fragment Off Option present Off Sampling Off Int Sampling On IP Option 0 0 Multiple Option Off TCP syn O...

Page 542: ...e Service Access Point on which the filter policy ID is applied Ingress The filter policy ID is applied as an ingress filter policy on the inter face Egress The filter policy ID is applied as an egres...

Page 543: ...ng the filter entry Forward The explicit action to perform is forwarding of the packet If the action is Forward then if configured the nexthop infor mation should be displayed including Nexthop IP add...

Page 544: ...pling On IP Option 0 0 Multiple Option Off TCP syn Off TCP ack Off Match action Drop Ing Matches 0 Egr Matches 0 A ALA 49 Output Show Filter Associations with TOD suite specified If a filter is referr...

Page 545: ...ID has not been applied Yes The filter policy ID is applied Def Action Forward The default action for the filter ID for packets that do not match the filter entries is to forward Drop The default acti...

Page 546: ...etailed information for the specified IPv6 filter ID and filter entries Values 1 65535 entry entry id Displays information on the specified IPv6 filter entry ID for the specified filter ID Values 1 99...

Page 547: ...5 Failed out of resources A ALA 48 Label Description Filter Id The IP filter ID Scope Template The filter policy is of type template Exclusive The filter policy is of type exclusive Applied No The fil...

Page 548: ...ive Entries The number of entries configured in this filter ID Description The IP filter policy description Applied No The filter policy ID has not been applied Yes The filter policy ID is applied Def...

Page 549: ...syn False Configures a match on packets with the SYN flag set to false True Configured a match on packets with the SYN flag set to true Off The state of the TCP SYN flag is not considered as part of t...

Page 550: ...Off Specifies not to search for packets that contain the option field or have an option field of zero On Matches packets that contain the option field or have an option field of zero be used as IP fil...

Page 551: ...the inter face Egress The filter policy ID is applied as an egress filter policy on the interface Type The type of service of the service ID Entry The filter ID filter entry ID If the filter entry ID...

Page 552: ...for mation should be displayed including Nexthop IP address Indi rect IP address or Interface IP interface name Ing Matches The number of ingress filter matches hits for the filter entry Src Port The...

Page 553: ...ned TCP syn Off TCP ack Off Match action Drop Ing Matches 0 Egr Matches 0 A ALA 48 Output Show Filter Counters The following table describes the output fields when the counters keyword is specified Of...

Page 554: ...default action for the filter ID for packets that do not match the filter entries is to forward Drop The default action for the filter ID for packets that do not match the filter entries is to drop Fi...

Page 555: ...mm is the month dd is the day hh is the hour mm is the minute and ss is the second Filter The filter ID and the entry ID which generated the filter log entry in the form Filter_ID Entry_ID Desc The d...

Page 556: ...s of the frame after the Ethernet header Total Log Instances Allowed Specifies the maximum allowed instances of filter logs allowed on the system Total Log Instances In Use Specifies the instances of...

Page 557: ...0 5 Flags TOS c0 Protocol 89 Hex 02 01 00 30 0a 0a 00 01 00 00 00 00 ba 90 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 00 03 02 01 A ALA A config show filter log bindings Filter Log Bindings Total Log...

Page 558: ...ow filter Description This command displays MAC filter information Parameters mac filter id Displays detailed information for the specified filter ID and its filter entries Values 1 65535 associations...

Page 559: ...t been applied Yes The filter policy ID is applied Def Action Forward The default action for the filter ID for packets that do not match the filter entries is to forward Drop The default action for th...

Page 560: ...ified Ethertype The Ethertype value match criterion DSAP The DSAP value match criterion Undefined indicates no value specified SSAP SSAP value match criterion Undefined indicates no value specified Sn...

Page 561: ...n Drop Entries 1 Filter Association Mac Service Id 1001 Type VPLS SAP 1 1 1 1001 Egress A ALA 49 Filter Entry Counters Output When the counters keyword is specified the filter entry output displays th...

Page 562: ...e default action for the filter ID for packets that do not match the filter entries is to forward Drop The default action for the filter ID for packets that do not match the filter entries is to drop...

Page 563: ...ecified Lawful Intercept filter ID entry entry id Displays information on the specified Lawful Intercept filter entry ID for the specified filter ID only Values 1 65535 Output No Parameters Specified...

Page 564: ...ID match frame type is Ethernet IEEE 802 3 Ethernet II The entry ID match frame type is Ethernet Type II Src MAC The source MAC address and mask match criterion When both the MAC address and mask are...

Page 565: ...ameType Ethernet Description test 30 Src Mac Dest Mac LI Source Yes Ing Matches 0 pkts Egr Matches 0 pkts Entry 50 FrameType Ethernet Description entry 50 Src Mac 00 00 01 66 00 00 00 00 0f ff 00 00 D...

Page 566: ...ervice Id 60 Type VPLS SAP 1 1 6 7 Ingress SAP 1 1 6 9 Egress Filter Entry Counters Output When the counters keyword is specified the filter entry output displays the filter matches hit information Th...

Page 567: ...the filter ID for packets that do not match the filter entries is to forward Drop The default action for the filter ID for packets that do not match the filter entries is to drop Filter Match Criteria...

Page 568: ...tion association Appends association information Output Redirect Policy Output The following table describes the fields in the redirect policy command output Label Description Redirect Policy Specifie...

Page 569: ...ecifies the amount of time in seconds that is allowed for receiving a response from the far end host If a reply is not received within this time the far end host is considered unresponsive Interval Sp...

Page 570: ...tion 10 10 10 106 Description Not Specified Admin Priority 90 Oper Priority 90 Admin State Up Oper State Down URL Test URL_to_Proxy Interval 10 Timeout 10 Drop Count 3 Hold Down 0 Hold Remain 0 Last A...

Page 571: ...ch criteria in IPv4 ACL and CPM filter policies Parameters ip prefix list name A string of up to 32 characters of printable ASCII characters If special characters are used the string must be enclosed...

Page 572: ...ences Context show filter match list Description This command displays TCP UDP port values or ranges for match criteria in IPv4 and IPv6 ACL and CPM filter policies Parameters port list name A string...

Page 573: ...ified filter policy entry will be cleared Values 1 65535 ingress Specifies to only clear the ingress counters egress Specifies to only clear the egress counters ipv6 Syntax ipv6 ip filter id entry ent...

Page 574: ...egress Context clear filter Clears the counters associated with the MAC filter policy By default all counters associated with the filter policy entries are reset The scope of which counters are clear...

Page 575: ...repeat repeat Configures how many times the command is repeated Default 10 Values 1 999 absolute When the absolute keyword is specified the raw statistics are displayed without pro cessing No calculat...

Page 576: ...seconds repeat repeat absolute rate Context monitor Description This command monitors the counters associated with the MAC filter policy Parameters mac filter id The MAC filter policy ID Values 1 6553...

Page 577: ...s Hybrid OpenFlow Switch H OFS functionality The hybrid model allows operators to deploy Software Defined Network SDN traffic steering using OpenFlow OF atop of the existing routing switching infrastr...

Page 578: ...tch instance is configured on the router and controlled by a single OpenFlow controller The OF controller s and router exchange OpenFlow messages using the OpenFlow protocol version 1 3 1 over the TCP...

Page 579: ...rvice router interface an operator must 1 Create an ingress line card policy 2 Assign that line card ingress filter policy to the 7x50 service router interface 3 Embed H OFS instance into those line c...

Page 580: ...ules for that instance For instance the rules can be created prior to the H OFS instance embedding into a filter policy or prior to a filter policy with H OFS instance embedded being assign to an inte...

Page 581: ...management entities the controller should not program an entry in its Flow Table that would match all traffic as this would stop evaluation of the filter policy al_0368 Optional Filter Rules Any Type...

Page 582: ...g channel re establishment OpenFlow rules continue to be applied to the arriving traffic OF controller is expected to re synchronize the OF table when the channel is re established HA support for OF c...

Page 583: ...LOGICAL port encodes an LSP follows 0100 0000 0000 0000 xxxx xxxx xxxx xxxx where the first octet indicates the router s logical port the second octet indicates the platform s tunnel set to all 0 s an...

Page 584: ...LSP In some deployments an SDN controller may need to learn from the router H OFS logical ports status To support that function the OF switch supports optional status reporting using asynchronous OF p...

Page 585: ...card is recommended Some platforms may not support all OF functionality based on underlying H W For example if underlying H W does not support IPv6 then OF IPv6 functionality will not be supported if...

Page 586: ...Configuration Notes Page 586 7750 SR OS Router Configuration Guide...

Page 587: ...ho multiple value no echo multiple no logical port status rsvp te mpls tp no flowtable of table id max size size no max size no match action drop fall through no no match action no logical port status...

Page 588: ...OpenFlow Command Reference Page 588 7750 SR OS Router Configuration Guide...

Page 589: ...The no form of the command deletes the OpenFlow switch instance from the context Default no of switch Parameters string Specifies the name of the OpenFlow switch instance a string up to 32 characters...

Page 590: ...o echo interval Context config open flow of switch Description This command configures the Echo Request interval for monitoring the OpenFlow control channels to the controller s for this OpenFlow swit...

Page 591: ...te Enables reporting on RSVP TE LSP logical ports mpls te Enables reporting on MPLS TE logical ports shutdown Syntax no shutdown Context config open flow of switch Description This command administra...

Page 592: ...Description This command configures the action for the Flow Table when a packet does not match any entry for the controller The OpenFlow switch instance must be shutdown to modify this parameter The...

Page 593: ...on and operations as per parameters specified Parameters none Displays a summary for H OFS instances configured ofs name Specifies the name of the configured H OFS instance up to 32 characters control...

Page 594: ...1 2 Port 6633 Role equal Generation ID 0 Open Flow Channel Information Channel ID 1 Version 4 Connection Type primary Operational Status Up Operational Flags socketStateEstablished helloReceived hello...

Page 595: ...0 0 Barrier Request 0 0 0 Barrier Reply 0 0 0 Get Q Cfg Req 0 0 0 Get Q Cfg Reply 0 0 0 Role Request 0 0 0 Role Reply 0 0 0 Get Async Req 0 0 0 Get Async Reply 0 0 0 Set Async 0 0 0 Meter Modify 0 0 0...

Page 596: ...vided no focus on part of a flow table Parameters ofs name Specifies the name of the OFS instance up to 32 characters of table id Specifies the identifier for the OpenFlow table cookie id Specifies th...

Page 597: ...Controller 20 11 2 1 6631 Filter Hnd 0x4300000100000001 Filter Pri 1 EthType 0x86dd Src IP 3FFE 101 2 0 0 0 0 128 Dst IP 3FFE 303 2 0 0 0 0 128 IP Proto DSCP be Src Port Dst Port ICMP Type ICMP Code L...

Page 598: ...Show Commands Page 598 7750 SR OS Router Configuration Guide...

Page 599: ...Chapter This chapter provides information to configure Cflowd Topics in this chapter include Cflowd Overview on page 600 Operation on page 601 Cflowd Filter Matching on page 605 Cflowd Configuration...

Page 600: ...matrices and pure flow structures The amount of data stored depends on the cflowd configurations Cflowd maintains a list of data flows through a router A flow is a uni directional traffic stream defi...

Page 601: ...maximum number of entries are already in the flow cache the earliest expiry entry is removed The earliest expiry entry flow is the next flow that will expire due to the active or inactive timer expir...

Page 602: ...n and sampled traffic type IPv4 IPv6 or MPLS for each individual flow captured Figure 29 depicts Version 5 Version 8 Version 9 and Version 10 flow processing Figure 29 V5 V8 V9 V10 and Flow Processing...

Page 603: ...hen other measures are met that apply to aggressively age flows as the cache becomes too full such as overflow percent Version 8 There are several different aggregate flow types including AS matrix De...

Page 604: ...specifications from the IETF as the IP Flow Information Export IPFIX standard Like Version 9 the version 10 format uses templates to allow for different data elements regarding a flow that is to be ex...

Page 605: ...t criteria to determine acceptability With cflowd only the first packet of a flow is checked If the first packet is forwarded an entry is added to the cflowd cache Subsequent packets in the same flow...

Page 606: ...s which specify an action of interface disable sample in which traffic that matches these filter entries will not be subject to cflowd sampling Cflowd ACL where IP filters must be created with entries...

Page 607: ...be configured for cflowd to be operational Cflowd is enabled globally At least one collector must be configured and enabled A cflowd option must be specified and enabled on a router interface Sampling...

Page 608: ...Page 608 7750 SR OS Router Configuration Guide...

Page 609: ...wd Configuration on page 613 Common Configuration Tasks on page 614 Enabling Cflowd on page 616 Configuring Global Cflowd Parameters on page 617 Configuring Cflowd Collectors on page 618 Dependencies...

Page 610: ...is every 1000th packet Excessive sampling over an extended period of time for example more than every 1000th packet can burden router processing resources The following data is maintained for each ind...

Page 611: ...lows that are captured Collectors A collector defines how data flows should be exported from the flow cache A maximum of 5 collectors can be configured Each collector is identified by a unique IP addr...

Page 612: ...refix and mask source AS and ingress interface Destination prefix Flows are aggregated based on destination prefix and mask destination AS and egress interface Source destination prefix Flows are aggr...

Page 613: ...e collector must be configured and enabled Sampling must be enabled on either An IP filter entry and applied to a service or an port An interface applied to a port The following example displays a cfl...

Page 614: ...before it will be automatically exported to defined collectors Inactive timeout Controls the minimum amount of time before a flow is declared inactive If no traffic is sampled for an existing flow fo...

Page 615: ...ng Cflowd on Interfaces and Filters on page 629 CLI Syntax config cflowd active timeout minutes cache size num entries inactive timeout seconds template retransmit seconds overflow percent rate sample...

Page 616: ...collector to be active Use the following CLI syntax to enable cflowd CLI Syntax config cflowd no shutdown The following example displays the default values when cflowd is initially enabled No collecto...

Page 617: ...owing CLI commands to configure cflowd parameters CLI Syntax config cflowd active timeout minutes cache size num entries inactive timeout seconds overflow percent rate sample rate template retransmit...

Page 618: ...tdown template set basic mpls ip The following example displays a basic cflowd configuration A ALA 1 config cflowd info active timeout 20 inactive timeout 10 overflow 10 rate 100 collector 10 10 10 1...

Page 619: ...used to export the flow data Each flow exported to a collector configured for either v9 or v10 formats will be sent using one of the above flow template sets As described above which template is used...

Page 620: ...IPv4 TOS 5 IP version 60 ICMP Type Code 32 Direction 61 BGP Source ASN 16 BGP Dest ASN 17 Source IPv4 Prefix Length 9 Dest IPv4 Prefix Length 13 1 Only sent to collectors configured for v10 format Tab...

Page 621: ...est Port 11 Forwarding Status 89 TCP control Bits Flags 6 IPv4 Protocol 4 IPv4 TOS 5 IP version 60 ICMP Type Code 32 Direction 61 BGP Source ASN 16 BGP Dest ASN 17 Source IPv4 Prefix Length 9 Dest IPv...

Page 622: ...d ID IPv6 Src Addr 27 IPv6 Dest Addr 28 IPv6 Nexthop 62 IPv6 BGP Nexthop 63 IPv4 Nexthop 15 IPv4 BGP Nexthop 18 Ingress Interface 10 Egress Interface 14 Packet Count 2 Byte Count 1 Start Time 22 End T...

Page 623: ...1 BGP Source ASN 16 BGP Dest ASN 17 IPv6 Src Mask 29 IPv6 Dest Mask 30 1 Only sent to collectors configured for v10 format Table 16 MPLS IPv6 Template Field Name Field ID IPv6 Src Addr 27 IPv6 Dest Ad...

Page 624: ...Dest Port 11 Forwarding Status 89 TCP control Bits Flags 6 Protocol 4 IPv6 Extension Hdr 64 IPv6 Next Header 193 IPv6 Flow Label 31 TOS 5 IP version 60 IPv6 ICMP Type Code 139 Direction 61 BGP Source...

Page 625: ...e Field Name Field ID Start Time 22 End Time 21 Flow Start Milliseconds1 1 Only sent to collectors configured for v10 format 152 Flow End Milliseconds1 153 Ingress Interface 10 Egress Interface 14 Pac...

Page 626: ...7 IPv6 Dest Addr 28 IPv6 Nexthop 62 Ingress Interface 10 Egress Interface 14 Packet Count 2 Byte Count 1 Start Time 22 End Time 21 Flow Start Milliseconds1 152 Flow End Milliseconds1 153 Src Port 7 De...

Page 627: ...at Table 19 Ethernet L2 IP Flow Template1 Field Name Field ID MAC Src Addr 56 MAC Dest Addr 80 Ingress Physical Interface 252 Egress Physical Interface 253 Dot1q VLAN ID 243 Dot1q Customer VLAN ID 245...

Page 628: ...Port 7 Dest Port 11 TCP control Bits Flags 6 Protocol 4 IPv6 Option Header 64 IPv6 Next Header 196 IPv6 Flow Label 31 TOS 5 IP Version 60 ICMP Type Code 32 1 Ohe Ethernet L2 IP flow template is only s...

Page 629: ...discusses the following cflowd configuration management tasks Specifying Cflowd Options on an IP Interface on page 630 Interface Configurations on page 630 Service Interfaces on page 631 Specifying S...

Page 630: ...Router Configuration Guide 4 To omit certain types of traffic from being sampled when the interface sampling is enabled the config filter ip filter entry interface disable sample option may be enabled...

Page 631: ...bled on a service interface cflowd collects routed traffic flow samples through a router for analysis Cflowd is supported on IES and VPRN services interfaces only Layer 2 traffic is excluded All packe...

Page 632: ...cted See Interfcace Configuration For configuration information refer to the IP Router Confguration Overview section of the 7750 SR OS Router Configuration Guide 4 On the IP filter being used the entr...

Page 633: ...for traffic sampling to occur on an enabled entity If a specific collector UDP port is not identified then by default flows are sent to port 2055 Cflowd can also be dependent on the following entity c...

Page 634: ...ilter sampled No traffic is sampled on this interface IP filter mode or cflowd not enabled on interface ACL interface disable sample Command is ignored No sampling occurs Interface mode interface inte...

Page 635: ...odify global cflowd parameters CLI Syntax config cflowd active timeout minutes no active timeout cache size num entries no cache size inactive timeout seconds no inactive timeout overflow percent no o...

Page 636: ...ation prefix no source prefix no autonomous system type origin peer no description description string no shutdown template set basic mpls ip l2 ip If a specific collector UDP port is not identified th...

Page 637: ...o collector ip address port no aggregation no as matrix no destination prefix no protocol port no raw no source destination prefix no source prefix autonomous system type origin peer no autonomous sys...

Page 638: ...ide Show Commands show cflowd collector ip address port detail interface ip int name ip address status Tools Commands tools dump cflowd top protocols clear top flows ipv4 ipv6 mpls clear packet size i...

Page 639: ...ption This command configures the maximum amount of time before an active flow is aged out of the active cache If an individual flow is active for this amount of time the flow is aged out and a new fl...

Page 640: ...e flow collector must be specified The UDP port number is an optional parameter If it is not set the default of 2055 is used for all collector versions To connect to a IPFIX version 10 collector using...

Page 641: ...this command removes all aggregation types from the collector configuration Default no aggregation as matrix Syntax no as matrix Context config cflowd collector aggregation Description This command sp...

Page 642: ...Version 5 The no form of this command removes this type of aggregation from the collector configuration Default none source destination prefix Syntax no source destination prefix Context config cflow...

Page 643: ...cflowd collector Description This command creates a text description stored in the configuration file for a configuration context The no form of this command removes the description string from the c...

Page 644: ...flow information This template is only applicable for v10 IPFIX collectors inactive timeout Syntax inactive timeout seconds no inactive timeout Context config cflowd Description This command specifie...

Page 645: ...Syntax rate sample rate no rate Context config cflowd Description This command specifies the rate N at which traffic is sampled and sent for flow analysis A packet is sampled every N packets for examp...

Page 646: ...Page 646 7750 SR OS Router Configuration Guide...

Page 647: ...le 21 Show Cflowd Collector Output Fields Label Description Host Address The IP address of a remote Cflowd collector host to receive the exported Cflowd data Port The UDP port number on the remote Cfl...

Page 648: ...ollector Cflowd Collectors Host Address Port Version AS Type Admin Oper Sent 138 120 135 103 2055 v5 peer up up 1380 records 138 120 135 103 9555 v8 origin up up 90 records 138 120 135 103 9996 v9 up...

Page 649: ...t to this remote collector host Aggregation Type The bit mask which specifies the aggregation scheme s used to aggre gate multiple individual flows into an aggregated flow for export to this remote ho...

Page 650: ...source destination prefix Disabled 0 0 0 raw Disabled 0 0 0 Address 138 120 135 103 Port 9996 Description Test v9 Collector Version 9 Admin State up Oper State up Packets Sent 51 Last Changed 09 03 2...

Page 651: ...A Down ipv6NamedIf Base 380 i f both Up N A Down 1234 5678 9 128 Up Interfaces 3 Label Description Interface Displays the physical port identifier IPv4 Address Displays the primary IPv4 address for th...

Page 652: ..._7600 1 13 1 2 24 Interface Up Up To_E 1 11 1 2 24 Interface Up Up To_G2 150 153 1 1 24 Interface Up Up To_Sr1_Sonet 150 140 1 2 24 Interface Up Down Main 120 1 1 1 24 Filter Down Down New 120 2 1 1 2...

Page 653: ...ows The current number of active flows being collected Total Pkts Rcvd The rate at which traffic is sampled and forwarded for Cflowd analysis Total Pkts Dropped The total number of packets dropped Agg...

Page 654: ...ow matched 224428382 Total flows flushed 150000 Version Info Version Status Sent Open Errors 5 Enabled 92 0 0 8 Enabled 46 0 0 9 Enabled 56 1 0 10 Enabled 39 1 0 Cflowd Status Cflowd Admin Status Enab...

Page 655: ...decimal pro tocol number Total Flows Displays the total number of flows recorded since the last clearing of cflowd statistics with this protocol type Flows Sec Displays the average number of flows det...

Page 656: ...ed since the cflowd top flow table was last cleared or initialized Output Tools Dump Cflowd Top Flows Output The following table describes the tools dump cflowd top flows output fields Table 25 Tools...

Page 657: ...17 0x23 2001 0db8 85a3 0000 0000 8a2e 1234 5678 1234567890 1500 13600 S Port Src Port Displays the source protocol port number Msk Displays the route prefix length for route to source IP address AS D...

Page 658: ...v6 clear Context tools dump cflowd Description This command displays packet size distribution for sampled IP traffic Values are displays in decimal format 1 0 100 500 50 Separate statistics are mainta...

Page 659: ...iption Clears the raw and aggregation flow caches which are sending flow data to the configured collectors This action will trigger all the flows to be discarded The cache restarts flow data collectio...

Page 660: ...Page 660 7750 SR OS Router Configuration Guide...

Page 661: ...uration Guide Page 661 Common CLI Command Descriptions In This Chapter This section provides information about common Command Line Interface CLI syntax and command usage Topics in this chapter include...

Page 662: ...d bundle ppp 1 1 1 bpgrp id bpgrp ima 1 lag id lag 63 aps id aps 1 dot1q port id bundle id bpgrp id lag id aps id qtag1 port id qtag1 1 1 3 100 bundle id bundle ppp 1 1 1 bpgrp id bpgrp ima 1 lag id q...

Page 663: ...um 1 336 bpgrp id bpgrp type bpgrp num bpgrp keyword type ima fr ppp bpgrp num 1 2000 aps id aps group id channel aps keyword group id 1 64 ccag id ccag id path id cc type cc id ccag keyword id 1 8 pa...

Page 664: ...es for the port and encapsulation types Port Type Encap Type Allowed Values Comments Ethernet Null 0 The SAP is identified by the port Ethernet Dot1q 0 4094 The SAP is identified by the 802 1Q tag on...

Page 665: ...et of the interface subnet and the routing context specified matches with the one of the interface This context will provide a SAP to the tunnel The operator may associate an ingress and egress QoS po...

Page 666: ...Common CLI Command Descriptions Page 666 7750 SR OS Router Configuration Guide...

Page 667: ...ions via MD5 RFC 2439 BGP Route Flap Dampening RFC 2558 Multiprotocol Extensions for BGP 4 RFC 2918 Route Refresh Capability for BGP 4 RFC 3107 Carrying Label Information in BGP 4 RFC 3392 Capabilitie...

Page 668: ...or IPv6 RFC 2462 IPv6 Stateless Address Auto configuration RFC 2463 Internet Control Message Protocol ICMPv6 for the Internet Protocol Version 6 Specification RFC 2464 Transmission of IPv6 Packets ove...

Page 669: ...Serv aware TE RFC 3906 Calculating Interior Gateway Protocol IGP Routes Over Traffic Engineering Tunnels RFC 4090 Fast reroute Extensions to RSVP TE for LSP Tunnels RFC 4124 Protocol Extensions for S...

Page 670: ...ult IP MTU for use over ATM AAL5 RFC 2514 Definitions of Textual Conventions and OBJECT_IDENTITIES for ATM Management RFC 2515 Definition of Managed Objects for ATM Management RFC 2684 Multiprotocol E...

Page 671: ...er MPLS ANCP L2CP RFC5851 ANCP framework draft ietf ancp protocol 02 txt ANCP Protocol Voice Video Performance ITU T G 107 The E Model A computational model for use in planning ETSI TS 101 329 5 Annex...

Page 672: ...KMIB RFC 2572 SNMP MPD MIB RFC 2573 SNMP TARGET NOTIFICATION MIB RFC 2574 SNMP USER BASED SMMIB RFC 2575 SNMP VIEW BASEDACM MIB RFC 2576 SNMP COMMUNITY MIB RFC 2578 Structure of Management Information...

Page 673: ...ion values 435 MAC 431 packets 430 policies 409 policy entries 409 redirect policies 418 scope 438 configuring basic 444 IP filter policy 445 450 MAC filter policy 451 redirect policy 458 management t...

Page 674: ...Router Configuration Guide configuring basic 327 command reference 342 IES parameters 334 non owner 334 owner 335 management tasks 338 overview 326 router interface 332 336 non owner 336 owner 337 VR...

Reviews:

No comments

Related manuals for 7750 SR-OS

Brand: Panasonic Pages: 18

Brand: Paradyne Pages: 16

Brand: Raritan Pages: 4

InterReach Fusion ADCP-77-044

Brand: TE Connectivity Pages: 236

Brand: Q-See Pages: 2

BroadLink SP3353

Brand: MicroNet Pages: 66

Brand: Intellinet Pages: 2

Storagelibrary T24

Brand: Tandberg Data Pages: 28

Brand: ZyXEL Communications Pages: 485

ReadyNAS 3220 Series

Brand: NETGEAR Pages: 4

Brand: SMC Networks Pages: 56

24-Port 1000BASE-T

Brand: Comet Labs Pages: 44

Brand: ACTi Pages: 12

Brand: Allynk Technology Pages: 39

Brand: E-TOP Pages: 90

Brand: BinTec Pages: 35

Brand: ICP DAS USA Pages: 60

Router 3000 Series

Brand: 3Com Pages: 37

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands