manualshive.com logo in svg

Cisco NCS 6000 Series, Configuration Manual, Page: 299 / 498

Share
Download
Cisco NCS 6000 Series Configuration Manual Download Page 299

Label Distribution Protocol IGP Auto-configuration for OSPF

Label Distribution Protocol (LDP) Interior Gateway Protocol (IGP) auto-configuration simplifies the procedure
to enable LDP on a set of interfaces used by an IGP instance, such as OSPF. LDP IGP auto-configuration can
be used on a large number of interfaces (for example, when LDP is used for transport in the core) and on
multiple OSPF instances simultaneously.

LDP IGP auto-configuration can also be explicitly disabled on an individual interface basis under LDP using
the

igp auto-config disable

command. This allows LDP to receive all OSPF interfaces minus the ones explicitly

disabled.

See

MPLS Configuration Guide for Cisco NCS 6000 Series Routers

for information on configuring LDP IGP

auto-configuration.

OSPF Authentication Message Digest Management

All OSPF routing protocol exchanges are authenticated and the method used can vary depending on how
authentication is configured. When using cryptographic authentication, the OSPF routing protocol uses the
Message Digest 5 (MD5) authentication algorithm to authenticate packets transmitted between neighbors in
the network. For each OSPF protocol packet, a key is used to generate and verify a message digest that is
appended to the end of the OSPF packet. The message digest is a one-way function of the OSPF protocol
packet and the secret key. Each key is identified by the combination of interface used and the key identification.
An interface may have multiple keys active at any time.

To manage the rollover of keys and enhance MD5 authentication for OSPF, you can configure a container of
keys called a

keychain

with each key comprising the following attributes: generate/accept time, key

identification, and authentication algorithm.

GTSM TTL Security Mechanism for OSPF

OSPF is a link state protocol that requires networking devices to detect topological changes in the network,
flood Link State Advertisement (LSA) updates to neighbors, and quickly converge on a new view of the
topology. However, during the act of receiving LSAs from neighbors, network attacks can occur, because
there are no checks that unicast packets are originating from a neighbor that is one hop away or multiple hops
away over virtual links.

For virtual links, OSPF packets travel multiple hops across the network; hence, the TTL value can be
decremented several times. For these type of links, a minimum TTL value must be allowed and accepted for
multiple-hop packets.

To filter network attacks originating from invalid sources traveling over multiple hops, the Generalized TTL
Security Mechanism (GTSM), RFC 3682, is used to prevent the attacks. GTSM filters link-local addresses
and allows for only one-hop neighbor adjacencies through the configuration of TTL value 255. The TTL value
in the IP header is set to 255 when OSPF packets are originated, and checked on the received OSPF packets
against the default GTSM TTL value 255 or the user configured GTSM TTL value, blocking unauthorized
OSPF packets originated from TTL hops away.

Path Computation Element for OSPFv2

A PCE is an entity (component, application, or network node) that is capable of computing a network path
or route based on a network graph and applying computational constraints.

Routing Configuration Guide for Cisco NCS 6000 Series Routers, IOS XR Release 6.4.x

277

Implementing OSPF

Label Distribution Protocol IGP Auto-configuration for OSPF

Summary of Contents for NCS 6000 Series

Page 1: ...sco NCS 6000 Series Routers IOS XR Release 6 4 x First Published 2018 03 01 Americas Headquarters Cisco Systems Inc 170 West Tasman Drive San Jose CA 95134 1706 USA http www cisco com Tel 408 526 4000 800 553 NETS 6387 Fax 408 527 0883 ...

Page 2: ... OR IMPLIED INCLUDING WITHOUT LIMITATION THOSE OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING USAGE OR TRADE PRACTICE IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT SPECIAL CONSEQUENTIAL OR INCIDENTAL DAMAGES INCLUDING WITHOUT LIMITATION LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO US...

Page 3: ...ew 4 BGP Router Identifier 4 BGP Default Limits 5 BGP Next Hop Tracking 5 Next Hop as the IPv6 Address of Peering Interface 6 Scoped IPv4 Table Walk 7 Reordered Address Family Processing 7 New Thread for Next Hop Processing 7 show clear and debug Commands 7 Autonomous System Number Formats in BGP 7 2 byte Autonomous System Number Format 8 4 byte Autonomous System Number Format 8 as format Command ...

Page 4: ...g Information Base 25 BGP Best Path Algorithm 25 Comparing Pairs of Paths 26 Order of Comparisons 28 Best Path Change Suppression 28 Administrative Distance 29 Route Dampening 30 Minimizing Flapping 31 BGP Routing Domain Confederation 31 BGP Route Reflectors 31 Remotely Triggered Blackhole Filtering with RPL Next hop Discard Configuration 34 Configuring Destination based RTBH Filtering 34 Verifica...

Page 5: ...ng BGP Timers 51 Changing the BGP Default Local Preference Value 52 Configuring the MED Metric for BGP 52 Configuring BGP Weights 53 Tuning the BGP Best Path Calculation 54 Indicating BGP Back door Routes 55 Configuring Aggregate Addresses 56 Redistributing iBGP Routes into IGP 57 Redistributing Prefixes into Multiprotocol BGP 58 Configuring BGP Route Dampening 60 Applying Policy When Updating the...

Page 6: ...Re enable BGP Nonstop Routing 84 Configuring BGP Additional Paths 85 Originating Prefixes with AiGP 87 Configuring VRF Dynamic Route Leaking 88 Configuration Examples for Implementing BGP 89 Enabling BGP Example 89 Displaying BGP Update Groups Example 91 BGP Neighbor Configuration Example 91 BGP Confederation Example 92 BGP Route Reflector Example 94 BGP Nonstop Routing Configuration Example 94 Pr...

Page 7: ...BGP Flowspec 118 Preserving Redirect Nexthop 120 Validate BGP Flowspec 121 Disabling BGP Flowspec 121 Disable Flowspec Redirect and Validation 122 Configuration Examples for Implementing BGP Flowspec 123 Flowspec Rule Configuration 123 Drop Packet Length 125 Remark DSCP 125 Additional References for BGP Flowspec 125 Implementing BFD 127 C H A P T E R 4 Prerequisites for Implementing BFD 127 Restri...

Page 8: ...requisites for Configuring BFD on Bundle Menmber Links 147 Specifying the BFD Destination Address on a Bundle 147 Enabling BFD Sessions on Bundle Members 148 Configuring the Minimum Thresholds for Maintaining an Active Bundle 148 Configuring BFD Packet Transmission Intervals and Failure Detection Times on a Bundle 149 Configuring Allowable Delays for BFD State Change Notifications Using Timers on ...

Page 9: ...BFD over LSP Sessions on Line Cards 165 Configuring BFD Object Tracking 166 Configuration Examples for Configuring BFD 167 BFD Over BGP Example 167 BFD Over OSPF Examples 167 BFD Over Static Routes Examples 168 BFD on Bundled VLANs Example 168 BFD Over Bridge Group Virtual Interface Example 168 BFD on Bundle Member Links Examples 170 Echo Packet Source Address Examples 172 Echo Latency Detection E...

Page 10: ...83 Goodbye Message 184 Percentage of Link Bandwidth Used for EIGRP Packets 184 Floating Summary Routes for an EIGRP Process 184 Split Horizon for an EIGRP Process 186 Adjustment of Hello Interval and Hold Time for an EIGRP Process 186 Stub Routing for an EIGRP Process 187 Route Policy Options for an EIGRP Process 188 EIGRP v4 v6 Authentication Using Keychain 189 How to Implement EIGRP 189 Enabling...

Page 11: ...dress Family Configuration Mode 203 Interface Configuration Mode 203 Interface Address Family Configuration Mode 203 IS IS Interfaces 204 Multitopology Configuration 204 IPv6 Routing and Configuring IPv6 Addressing 204 Limit LSP Flooding 204 Flood Blocking on Specific Interfaces 205 Mesh Group Configuration 205 Maximum LSP Lifetime and Refresh Interval 205 Single Topology IPv6 Support 205 Multitop...

Page 12: ... Configuring Authentication for IS IS 223 Configuring Keychains for IS IS 224 Configuring MPLS Traffic Engineering for IS IS 225 Tuning Adjacencies for IS IS 227 Setting SPF Interval for a Single Topology IPv4 and IPv6 Configuration 230 Customizing Routes for IS IS 231 Configuring MPLS LDP IS IS Synchronization 234 Tagging IS IS Interface Routes 235 Setting the Priority for Adding Prefixes to the ...

Page 13: ... Components 261 Autonomous Systems 261 Areas 262 Routers 262 OSPF Process and Router ID 263 Supported OSPF Network Types 264 Route Authentication Methods for OSPF 264 Plain Text Authentication 264 MD5 Authentication 264 Authentication Strategies 264 Key Rollover 265 Neighbors and Adjacency for OSPF 265 Designated Router DR for OSPF 265 Default Route for OSPF 265 Link State Advertisement Types for ...

Page 14: ... OSPFv2 Unequal Cost Load Balancing 279 UCMP Paths Calculation 279 Unequal Cost Multipath Load balancing for OSPF 279 How to Implement OSPF 280 Enabling OSPF 280 Configuring Stub and Not So Stubby Area Types 282 Configuring Neighbors for Nonbroadcast Networks 284 Configuring Authentication at Different Hierarchical Levels for OSPF Version 2 288 Controlling the Frequency That the Same LSA Is Origin...

Page 15: ...m IP Fast Reroute Per link Computation 323 Enabling OSPF Interaction with SRMS Server 324 Configure Remote Loop Free Alternate Paths for OSPF 326 Configuration Examples for Implementing OSPF 334 Cisco IOS XR Software for OSPF Version 2 Configuration Example 334 CLI Inheritance and Precedence for OSPF Version 2 Example 335 MPLS TE for OSPF Version 2 Example 336 ABR with Summarization for OSPFv3 Exa...

Page 16: ...ration 354 Overview of RIB 354 RIB Data Structures in BGP and Other Protocols 354 RIB Administrative Distance 354 RIB Support for IPv4 355 RIB Statistics 355 IP Fast Reroute 356 RIB Quarantining 356 Route and Label Consistency Checker 356 How to Deploy and Monitor RIB 357 Verifying RIB Configuration Using the Routing Table 357 Disabling RIB Next hop Dampening 358 Configuring RCC and LCC 359 Enabli...

Page 17: ...ic on an Interface 370 Out bound RIP Traffic on an Interface 370 How to Implement RIP 371 Enabling RIP 371 Customizing RIP 372 Control Routing Information 374 Creating a Route Policy for RIP 376 Configuration Examples for Implementing RIP 377 Configuring a Basic RIP Configuration Example 377 Configuring Route Policies for RIP Example 378 Configuring Passive Interfaces and Explicit Neighbors for RI...

Page 18: ...ttribute 397 When Attributes Are Modified 398 Default Drop Disposition 399 Control Flow 399 Policy Verification 400 Policy Statements 401 Remark 401 Disposition 402 Action 404 If 404 Boolean Conditions 405 apply 406 Attach Points 407 BGP Policy Attach Points 407 OSPF Policy Attach Points 430 OSPFv3 Policy Attach Points 433 IS IS Policy Attach Points 435 EIGRP Policy Attach Points 437 RIP Policy At...

Page 19: ...IOS Route Maps to Cisco IOS XR Routing Policy Language Example 463 VRF Import Policy Configuration Example 464 Additional References 464 Implementing Static Routes 467 C H A P T E R 1 2 Prerequisites for Implementing Static Routes 467 Restrictions for Implementing Static Routes 467 Information About Implementing Static Routes 468 Static Route Functional Overview 468 Default Administrative Distance...

Page 20: ...ting RCMD 473 C H A P T E R 1 3 Route Convergence Monitoring and Diagnostics 473 Configuring Route Convergence Monitoring and Diagnostics 474 Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x xx Contents ...

Page 21: ...es to This Document Summary Date Initial release of this document March 2018 Obtaining Documentation and Submitting a Service Request For information on obtaining documentation using the Cisco Bug Search Tool BST submitting a service request and gathering additional information see What s New in Cisco Product Documentation To receive new and revised Cisco technical content directly to your desktop...

Page 22: ...Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x xxii Preface Obtaining Documentation and Submitting a Service Request ...

Page 23: ...nd tells you where they are documented New and Changed Routing Features on page 1 New and Changed Routing Features Table 2 Routing Features Added or Modified in IOS XR Release 6 4 x Where Documented Changed in Release Description Feature Not Applicable Not Applicable No new features introduced None Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 1 ...

Page 24: ...Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 2 New and Changed Routing Features New and Changed Routing Features ...

Page 25: ...ion for other commands that might appear while performing a configuration task search online in the Cisco IOS XR software master command index Note Feature History for Implementing BGP This feature was introduced Release 5 0 0 BGP Nonstop Routing was made a default feature Release 5 2 3 Prerequisites for Implementing BGP on page 3 Information About Implementing BGP on page 4 How to Implement BGP o...

Page 26: ...shed BGP must be assigned a router ID The router ID is sent to BGP peers in the OPEN message when a BGP session is established BGP attempts to obtain a router ID in the following ways in order of preference By means of the address configured using the bgp router id command in router configuration mode By using the highest IPv4 address on a loopback interface in the system if the router is booted w...

Page 27: ...fication message is sent to the neighbor and the peering with the neighbor is terminated when the number of prefixes received from the peer for a given address family exceeds the maximum limit either set by default or configured by the user for that address family It is possible that the maximum number of prefixes for a neighbor for a given address family has been configured after the peering with...

Page 28: ...mand The trigger delay is address family dependent The BGP next hop tracking feature allows you to specify that BGP routes are resolved using only next hops whose routes have the following characteristics To avoid the aggregate routes the prefix length must be greater than a specified value The source protocol must be from a selected list ensuring that BGP routes are not used to resolve next hops ...

Page 29: ...read ensures that BGP convergence is not adversely impacted by other events that may take a significant amount of time show clear and debug Commands The show bgp nexthops command provides statistical information about next hop notifications the amount of time spent in processing those notifications and details about each next hop registered with the RIB The clear bgp nexthop performance statistics...

Page 30: ... format command configures the ASN notation to asdot The default value if the as format command is not configured is asplain BGP Configuration BGP in Cisco IOS XR software follows a neighbor based configuration model that requires that all configurations for a particular neighbor be grouped in one place under the neighbor configuration Peer groups are not supported for either sharing configuration...

Page 31: ...llows RP 0 RP0 CPU0 router config bgp neighbor 192 23 1 2 RP 0 RP0 CPU0 router config bgp nbr remote as 2002 RP 0 RP0 CPU0 router config bgp nbr address family ipv4 unicast An address family configuration submode inside the neighbor configuration submode is available for entering address family specific neighbor configurations In Cisco IOS XR software the configuration is as follows RP 0 RP0 CPU0 ...

Page 32: ...include session groups and address family groups and can comprise the complete configuration for a neighbor After a neighbor group is configured a neighbor can inherit the configuration of the group using the use command If a neighbor is configured to use a neighbor group the neighbor inherits the entire BGP configuration of the neighbor group The following example shows how to enter neighbor grou...

Page 33: ... the item is configured directly on the neighbor that value is used In the example that follows the advertisement interval is configured both on the neighbor group and neighbor configuration and the advertisement interval being used is from the neighbor configuration RP 0 RP0 CPU0 router config router bgp 140 RP 0 RP0 CPU0 router config bgp neighbor group AS_1 RP 0 RP0 CPU0 router config bgp nbrgr...

Page 34: ...0 RP0 CPU0 router config bgp nbr use session group AS_2 RP 0 RP0 CPU0 router config bgp nbr use neighbor group AS_1 The following output from the show bgp neighbors command shows that the advertisement interval used is 15 seconds RP 0 RP0 CPU0 router show bgp neighbors 192 168 0 1 BGP neighbor is 192 168 0 1 remote AS 1 local AS 140 external link Remote router ID 0 0 0 0 BGP state Idle Last read 0...

Page 35: ...is POLICY_1 0 accepted prefixes Prefix advertised 0 suppressed 0 withdrawn 0 maximum limit 524288 Threshold for warning message 75 Connections established 0 dropped 0 Last reset 00 01 14 due to BGP neighbor initialized External BGP neighbor not directly connected To illustrate the same rule the following example shows how to set the advertisement interval to 15 from the session group and 25 from t...

Page 36: ...configured to use the neighbor configuration or the neighbor group configuration RP 0 RP0 CPU0 router config router bgp 140 RP 0 RP0 CPU0 router config bgp neighbor group AS_1 RP 0 RP0 CPU0 router config bgp nbrgrp remote as 1 RP 0 RP0 CPU0 router config bgp nbrgrp exit RP 0 RP0 CPU0 router config bgp neighbor group adv_15 RP 0 RP0 CPU0 router config bgp nbrgrp remote as 10 RP 0 RP0 CPU0 router co...

Page 37: ...and examples that follow are based on this sample configuration RP 0 RP0 CPU0 router config router bgp 142 RP 0 RP0 CPU0 router config bgp af group GROUP_3 address family ipv4 unicast RP 0 RP0 CPU0 router config bgp afgrp next hop self RP 0 RP0 CPU0 router config bgp afgrp route policy POLICY_1 in RP 0 RP0 CPU0 router config bgp afgrp exit RP 0 RP0 CPU0 router config bgp session group GROUP_2 RP 0...

Page 38: ... CPU0 router config bgp afgrp exit RP 0 RP0 CPU0 router config bgp af group GROUP_2 address family ipv4 unicast RP 0 RP0 CPU0 router config bgp afgrp use af group GROUP_3 RP 0 RP0 CPU0 router config bgp afgrp send community ebgp RP 0 RP0 CPU0 router config bgp afgrp send extended community ebgp RP 0 RP0 CPU0 router config bgp afgrp capability orf prefix both The following example displays sample o...

Page 39: ...outer config bgp session group GROUP_1 RP 0 RP0 CPU0 router config bgp sngrp use session group GROUP_2 RP 0 RP0 CPU0 router config bgp sngrp update source Loopback 0 RP 0 RP0 CPU0 router config bgp sngrp exit RP 0 RP0 CPU0 router config bgp session group GROUP_2 RP 0 RP0 CPU0 router config bgp sngrp use session group GROUP_3 RP 0 RP0 CPU0 router config bgp sngrp ebgp multihop 2 RP 0 RP0 CPU0 route...

Page 40: ...d community ebgp RP 0 RP0 CPU0 router config bgp afgrp send extended community ebgp RP 0 RP0 CPU0 router config bgp afgrp capability orf prefix both RP 0 RP0 CPU0 router config bgp afgrp exit RP 0 RP0 CPU0 router config bgp session group GROUP_3 RP 0 RP0 CPU0 router config bgp sngrp timers 30 90 RP 0 RP0 CPU0 router config bgp sngrp exit RP 0 RP0 CPU0 router config bgp neighbor group GROUP_1 RP 0 ...

Page 41: ...ddress family independent configuration parameters from the GROUP_2 neighbor group The GROUP_1 neighbor group also inherits IPv4 unicast configuration parameters from the GROUP_2 neighbor group RP 0 RP0 CPU0 router show bgp neighbor group GROUP_2 users Session n GROUP_1 IPv4 Unicast n GROUP_1 No Default Address Family BGP does not support the concept of a default address family An address family m...

Page 42: ...difications a simple pass all policy is configured RP 0 RP0 CPU0 router config route policy pass all RP 0 RP0 CPU0 router config rpl pass RP 0 RP0 CPU0 router config rpl end policy RP 0 RP0 CPU0 router config commit Use the route policy BGP command in the neighbor address family configuration mode to apply the pass all policy to a neighbor The following example shows how to allow all IPv4 unicast ...

Page 43: ...eate a routing black hole where BGP advertises routes to neighbors that BGP does not install in its global routing table and forwarding table Update Groups The BGP Update Groups feature contains an algorithm that dynamically calculates and optimizes update groups of neighbors that share outbound policies and can share the update messages The BGP Update Groups feature separates update group replica...

Page 44: ... route policy keyword which you can use to apply a route policy that is configured with the cost community set clause aggregate address redistribute network How BGP Cost Community Influences the Best Path Selection Process The cost community attribute influences the BGP best path selection process at the point of insertion POI By default the POI follows the Interior Gateway Protocol IGP metric com...

Page 45: ...specific exit path is preferred by the BGP best path selection process See the scenario described inInfluencing Route Preference in a Multiexit IGP Network on page 24 The cost community comparison in BGP is enabled by default Use the bgp bestpath cost community ignore command to disable the comparison Note SeeBGP Best Path Algorithm on page 25 for information on the BGP best path selection process...

Page 46: ...d with two different IDs 10 0 0 1 POI IGP cost community ID 1 cost number 100 172 16 0 1 POI IGP cost community ID 2 cost number 100 192 168 0 1 POI IGP cost community ID 1 cost number 200 The single advertised path includes the aggregate cost communities as follows POI IGP ID 1 Cost 2147483647 POI IGP ID 2 Cost 2147483647 Influencing Route Preference in a Multiexit IGP Network This figure shows a...

Page 47: ...oute with paths is added to the RIB by a protocol RIB checks the current best paths for the route and the added paths for cost extended communities If cost extended communities are found the RIB compares the set of cost communities If the comparison does not result in a tie the appropriate best path is chosen If the comparison results in a tie the RIB proceeds with the remaining steps of the best ...

Page 48: ...ight command or using a routing policy Note 4 If the paths have unequal local preferences the path with the higher local preference is chosen If a local preference attribute was received with the path or was set by a routing policy then that value is used in this comparison Otherwise the default local preference value of 100 is used The default value can be changed using the bgp default local pref...

Page 49: ...ed internal and the MED is compared with other internal paths If the AS path starts with confederation segments followed by an AS_SEQUENCE then the neighbor AS is the first AS number in the AS_SEQUENCE and the MED is compared with other paths that have the same neighbor AS If no MED attribute was received with the path then the MED is considered to be 0 unless the bgp bestpath med missing as worst...

Page 50: ...est path change can be suppressed or not whether the new best path should be used or continue using the existing best path The existing best path can continue to be used if the new one is identical to the point at which the best path selection algorithm becomes arbitrary if the router id is the same Continuing to use the existing best path can avoid churn in the network This suppression behavior d...

Page 51: ...protocol Administrative distance is used to discriminate between routes learned from more than one protocol The route with the lowest administrative distance is installed in the IP routing table By default BGP uses the administrative distances shown in Table 3 BGP Default Administrative Distances on page 29 Table 3 BGP Default Administrative Distances Function Default Value Distance Applied to rou...

Page 52: ...ugh Enhanced IGRP with a distance of 90 so the Enhanced IGRP route is successfully installed in the IP routing table and is used to forward traffic If the Enhanced IGRP learned route goes down the eBGP learned route is installed in the IP routing table and is used to forward traffic Although BGP treats network 160 10 0 0 as a local entry it does not advertise network 160 10 0 0 as it normally woul...

Page 53: ... mesh is to divide an autonomous system into multiple subautonomous systems and group them into a single confederation To the outside world the confederation looks like a single autonomous system Each autonomous system is fully meshed within itself and has a few connections to other autonomous systems in the same confederation Although the peers in different autonomous systems have eBGP sessions t...

Page 54: ...tes advertised from Router A it advertises them to Router C and vice versa This scheme eliminates the need for the iBGP session between routers A and C Figure 4 Simple BGP Model with a Route Reflector The internal peers of the route reflector are divided into two groups client peers and all other routers in the autonomous system nonclient peers A route reflector reflects routes between these two g...

Page 55: ...t be fully meshed Along with route reflector aware BGP speakers it is possible to have BGP speakers that do not understand the concept of route reflectors They can be members of either client or nonclient groups allowing an easy and gradual migration from the old BGP model to the route reflector model Initially you could create a single cluster with a route reflector and a few clients All other iB...

Page 56: ... When a route reflector reflects a route from its clients to nonclient peers and vice versa it appends the local cluster ID to the cluster list If the cluster list is empty a new cluster list is created Using this attribute a route reflector can identify if routing information is looped back to the same cluster due to misconfiguration If the local cluster ID is found in the cluster list the advert...

Page 57: ...e undesirable traffic to be forwarded to a null0 interface and dropped Consider below topology where a rogue router is sending traffic to a border router Figure 6 Topology to Implement RTBH Filtering Configurations applied on the Trigger Router Configure a static route redistribution policy that sets a community on static routes marked with a special tag and apply it in BGP route policy RTBH trigg...

Page 58: ...d d damped h history valid best i internal r RIB failure S stale N Nexthop discard Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path N i10 7 7 7 32 192 168 102 2 0 100 0 RP 0 RSP0 CPU0 router show bgp 10 7 7 7 32 BGP routing table entry for 10 7 7 7 32 Versions Process bRIB RIB SendTblVer Speaker 12 12 Last Modified Jul 4 14 37 29 048 for 00 20 52 Paths 1 available bes...

Page 59: ...hain management BGP is able to use the keychain to implement hitless key rollover for authentication Key rollover specification is time based and in the event of clock skew between the peers the rollover process is impacted The configurable tolerance specification allows for the accept window to be extended before and after by that margin This accept window facilitates a hitless key rollover for a...

Page 60: ...GP NSR does not force any software upgrades on other routers in the network and peer routers are not required to support NSR When a route processor switchover occurs due to a fault the TCP connections and the BGP sessions are migrated transparently to the standby route processor and the standby route processor becomes active The existing protocol state is maintained on the standby route processor ...

Page 61: ...lternate routes Also rack loss may cause the CPUs on route processors of active racks to slow as they attempt to define new paths for some routes Note BGP Best External Path The Border Gateway Protocol BGP best external path functionality supports advertisement of the best external path to the iBGP and Route Reflector peers when a locally selected bestpath is from an internal peer BGP selects one ...

Page 62: ...col transports packets of one protocol over another protocol by means of encapsulation Service Providers can provide IP services between their networks that are connected together by a public network using GRE encapsulation to carry data securely over the public network The packet that needs to be transported is first encapsulated in a GRE header which is further encapsulated in another protocol l...

Page 63: ...tion while being added as neighbors on the BGP router The following behavior is to be noted while using BGP selective multipath BGP selective multipath does not impact best path calculations A best path is always included in the set of multipaths For VPN prefixes the PE paths are always eligible to be multipaths For information on the maximum paths and multipath commands see the Cisco ASR 9000 Ser...

Page 64: ...br address family ipv4 unicast RP 0 RP0 CPU0 router config bgp nbr af multipath RP 0 RP0 CPU0 router config bgp nbr af commit RP 0 RP0 CPU0 router config bgp nbr neighbor 2 2 2 2 RP 0 RP0 CPU0 router config bgp nbr address family ipv4 unicast RP 0 RP0 CPU0 router config bgp nbr af multipath RP 0 RP0 CPU0 router config bgp nbr af commit RP 0 RP0 CPU0 router config bgp nbr neighbor 3 3 3 3 RP 0 RP0 ...

Page 65: ...e BGP instances do not communicate with each other and do not set up peering with each other Each individual instance can set up peering with another router independently Multi AS BGP enables configuring each instance of a multi instance BGP with a different AS number Multi Instance and Multi AS BGP provides these capabilities Mechanism to consolidate the services provided by multiple routers usin...

Page 66: ...s into various categories based on factors such as severity likelihood of occurrence of UPDATE errors or type of attributes Errors encountered in each category are handled according to the draft Session reset will be avoided as much as possible during the error handling process Error handling for some of the categories are controlled by configuration commands to enable or disable the default behav...

Page 67: ...group command mode Use the attribute command in attribute filter group command mode to either discard an attribute or treat the update message as a Withdraw action BGP VRF Dynamic Route Leaking The Border Gateway Protocol BGP dynamic route leaking feature provides the ability to import routes between the default vrf Global VRF and any other non default VRF to provide connectivity between a global ...

Page 68: ...o be configured under the neighbor If the neighbor is configured as an external BGP eBGP peer you must configure an inbound and outbound route policy on the neighbor using the route policy command Note While establishing eBGP neighborship between two peers BGP checks if the two peers are directly connected If the peers are not directly connected BGP does not try to establish a relationship by defa...

Page 69: ...ute policy drop as 1234 RP 0 RP0 CPU0 router config rpl if as path passes through 1234 then RP 0 RP0 CPU0 router config rpl apply check communities RP 0 RP0 CPU0 router config rpl else RP 0 RP0 CPU0 router config rpl pass RP 0 RP0 CPU0 router config rpl endif Optional Ends the definition of a route policy and exits route policy configuration mode end policy Example Step 3 RP 0 RP0 CPU0 router conf...

Page 70: ... number Example Step 11 RP 0 RP0 CPU0 router config bgp nbr remote as 2002 Specifies either the IPv4 or IPv6 address family and enters address family configuration submode address family ipv4 ipv6 unicast Example Step 12 To see a list of all the possible keywords and arguments for this command use the CLI help RP 0 RP0 CPU0 router config bgp nbr address family ipv4 unicast Optional Applies the spe...

Page 71: ...er and autonomous systems that belong to the confederation Configuring a routing domain confederation reduces the internal BGP iBGP mesh by dividing an autonomous system into multiple autonomous systems and grouping them into a single confederation Each autonomous system is fully meshed within itself and has a few connections to another autonomous system in the same confederation The confederation...

Page 72: ...tly adjacent external peers are immediately reset Use the bgp fast external fallover disable command to disable automatic resetting Turn the automatic reset back on using the no bgp fast external fallover disable command eBGP sessions flap when the node reaches 3500 eBGP sessions with BGP timer values set as 10 and 30 To support more than 3500 eBGP sessions increase the packet rate by using the lp...

Page 73: ...ies the autonomous system number and enters the BGP configuration mode allowing you to configure the BGP routing process router bgp as number Example RP 0 RP0 CPU0 router config router bgp 123 Step 2 Sets a default keepalive time and a default hold time for all neighbors timers bgp keepalive hold time Example Step 3 RP 0 RP0 CPU0 router config bgp timers bgp 30 90 Places the router in neighbor con...

Page 74: ...e default of 100 making it either a more preferable path over 100 or less preferable path under 100 bgp default local preference value Example RP 0 RP0 CPU0 router config bgp bgp default local preference 200 Step 3 commit Step 4 Configuring the MED Metric for BGP Perform this task to set the multi exit discriminator MED to advertise to peers for routes that do not already have a metric set routes ...

Page 75: ...ntrol the best path selection process If you have particular neighbors that you want to prefer for most of your traffic you can use the weight command to assign a higher weight to all routes learned from that neighbor Before you begin The clear bgp command must be used for the newly configured weight to take effect Note SUMMARY STEPS 1 configure 2 router bgp as number 3 neighbor ip address 4 remot...

Page 76: ...rguments for this command use the CLI help RP 0 RP0 CPU0 router config bgp nbr address family ipv4 unicast Assigns a weight to all routes learned through the neighbor weight weight value Example Step 6 RP 0 RP0 CPU0 router config bgp nbr af weight 41150 commit Step 7 Tuning the BGP Best Path Calculation Perform this task to change the default BGP best path calculation behavior SUMMARY STEPS 1 conf...

Page 77: ...hs learned from confederation peers bgp bestpath med confed Example Step 5 RP 0 RP0 CPU0 router config bgp bgp bestpath med confed Configures the BGP software to ignore the autonomous system length when performing best path selection bgp bestpath as path ignore Example Step 6 RP 0 RP0 CPU0 router config bgp bgp bestpath as path ignore Configure the BGP speaker in the autonomous system to compare t...

Page 78: ...P 0 RP0 CPU0 router config bgp address family ipv4 unicast Configures the local router to originate and advertise the specified network network ip address prefix length ip address mask backdoor Example Step 4 RP 0 RP0 CPU0 router config bgp af network 172 20 0 0 16 commit Step 5 Configuring Aggregate Addresses Perform this task to create aggregate entries in a BGP routing table SUMMARY STEPS 1 con...

Page 79: ...and community information from contributing paths RP 0 RP0 CPU0 router config bgp af aggregate address 10 0 0 0 8 as set The as confed set keyword generates autonomous system confederation set path information from contributing paths The summary only keyword filters all more specific routes from updates The route policy route policy name keyword and argument specify the route policy used to set th...

Page 80: ...o inject prefixes from another routing protocol into multiprotocol BGP Specifically prefixes that are redistributed into multiprotocol BGP using the redistribute command are injected into the unicast database SUMMARY STEPS 1 configure 2 router bgp as number 3 address family ipv4 ipv6 unicast 4 Do one of the following redistribute connected metric metric value route policy route policy name redistr...

Page 81: ... redistributed into BGP Do one of the following Step 4 redistribute connected metric metric value route policy route policy name redistribute eigrp process id match external internal metric metric value route policy route policy name redistribute isis process id level 1 1 inter area 2 metric metric value route policy route policy name redistribute ospf process id match external 1 2 internal nssa e...

Page 82: ...e possible keywords and arguments for this command use the CLI help RP 0 RP0 CPU0 router config bgp address family ipv4 unicast Configures BGP dampening for the specified address family bgp dampening half life reuse suppress max suppress time route policy route policy name Example Step 4 RP 0 RP0 CPU0 router config bgp af bgp dampening 30 1500 10000 120 commit Step 5 Applying Policy When Updating ...

Page 83: ...se the CLI help RP 0 RP0 CPU0 router config bgp address family ipv4 unicast Applies the specified policy to routes being installed into the routing table table policy policy name Example Step 4 RP 0 RP0 CPU0 router config bgp af table policy tbl plcy A commit Step 5 Setting BGP Administrative Distance Perform this task to specify the use of administrative distances that can be used to prefer one c...

Page 84: ...neighbor group is configured each neighbor can inherit the configuration through the use command If a neighbor is configured to use a neighbor group the neighbor by default inherits the entire configuration of the neighbor group which includes the address family independent and address family dependent configurations The inherited configuration can be overridden if you directly configure commands ...

Page 85: ...ample Step 3 To see a list of all the possible keywords and arguments for this command use the CLI help RP 0 RP0 CPU0 router config bgp address family ipv4 unicast Exits the current configuration mode exit Example Step 4 RP 0 RP0 CPU0 router config bgp af exit Places the router in neighbor group configuration mode neighbor group name Example Step 5 RP 0 RP0 CPU0 router config bgp neighbor group nb...

Page 86: ...ied neighbor group use neighbor group group name Example Step 12 RP 0 RP0 CPU0 router config bgp nbr use neighbor group nbr grp A Creates a neighbor and assigns a remote autonomous system number to it remote as as number Example Step 13 RP 0 RP0 CPU0 router config bgp nbr remote as 2002 commit Step 14 Configuring a Route Reflector for BGP Perform this task to configure a route reflector for BGP Al...

Page 87: ...flectors serving the cluster It is configured with a specified cluster ID to identify the cluster bgp cluster id cluster id Example RP 0 RP0 CPU0 router config bgp bgp cluster id 192 168 70 1 Step 3 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer neighbor ip address Example RP 0 RP0 CPU0 router config bgp neighbor Step 4 172 168...

Page 88: ...e 2 route policy name 3 end policy 4 router bgp as number 5 neighbor ip address 6 address family ipv4 ipv6 unicast 7 route policy route policy name in out 8 commit DETAILED STEPS Purpose Command or Action configure Step 1 Optional Creates a route policy and enters route policy configuration mode where you can define the route policy route policy name Example Step 2 RP 0 RP0 CPU0 router config rout...

Page 89: ...ess family configuration submode address family ipv4 ipv6 unicast Example Step 6 To see a list of all the possible keywords and arguments for this command use the CLI help RP 0 RP0 CPU0 router config bgp nbr address family ipv4 unicast Applies the specified policy to inbound routes route policy route policy name in out Example Step 7 RP 0 RP0 CPU0 router config bgp nbr af route policy drop as 1234...

Page 90: ...n from the neighbor s Adj RIB In Discard Attribute Discards this attribute The matching attributes alone are discarded and the rest of the Update message is processed normally Configuring BGP Next Hop Trigger Delay Perform this task to configure BGP next hop trigger delay The Routing Information Base RIB classifies the dampening notifications based on the severity of the changes Event notification...

Page 91: ...s in the next hop field of BGP updates Disabling the calculation of the best next hop to use when advertising a route causes all routes to be advertised with the network device as the next hop Next hop processing can be disabled for address family group neighbor group or neighbor address family Note SUMMARY STEPS 1 configure 2 router bgp as number 3 neighbor ip address 4 remote as as number 5 addr...

Page 92: ...the local network device as the next hop commit Step 7 Configuring BGP Community and Extended Community Advertisements Perform this task to specify that community extended community attributes should be sent to an eBGP neighbor These attributes are not sent to an eBGP neighbor by default By contrast they are always sent to iBGP neighbors This section provides examples on how to enable sending comm...

Page 93: ...ss family configuration mode for the specified address family Use either ipv4 or ipv6 address address family ipv4 labeled unicast unicast ipv6 labeled unicast unicast Step 5 family keyword with one of the specified address family sub mode identifiers Example RP 0 RP0 CPU0 router config bgp nbr address family ipv6 unicast IPv6 address family mode supports these sub modes labeled unicast unicast IPv...

Page 94: ...ress mask length as set as confed set summary only route policy route policy name address family ipv4 ipv6 unicast redistribute connected metric metric value route policy route policy name address family ipv4 ipv6 unicast redistribute eigrp process id match external internal metric metric value route policy route policy name address family ipv4 ipv6 unicast redistribute isis process id level 1 1 i...

Page 95: ...RP0 CPU0 router config set extcommunity cost cost_A Ends the definition of a route policy and exits route policy configuration mode end policy Example Step 4 RP 0 RP0 CPU0 router config end policy Enters BGP configuration mode allowing you to configure the BGP routing process router bgp as number Example Step 5 RP 0 RP0 CPU0 router config router bgp 120 Applies the cost community to the attach poi...

Page 96: ...gth ip address mask route policy route policy name neighbor ip address remote as as number address family ipv4 ipv6 unicast route policy route policy name in out commit Step 8 Displays the cost community in the following format show bgp ip address Step 9 Example Cost POI cost community ID cost number RP 0 RP0 CPU0 router show bgp 172 168 40 24 Configuring Software to Store Updates from a Neighbor ...

Page 97: ...uter bgp 120 Step 2 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer neighbor ip address Example RP 0 RP0 CPU0 router config bgp neighbor 172 168 40 24 Step 3 Specifies either an IPv4 or IPv6 address family unicast and enters address family configuration submode address family ipv4 ipv6 unicast Example Step 4 To see a list of all...

Page 98: ...er 3 neighbor ip address 4 remote as as number 5 keychain name 6 commit DETAILED STEPS Purpose Command or Action configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode allowing you to configure the BGP routing process router bgp as number Example RP 0 RP0 CPU0 router config router bgp 120 Step 2 Places the router in neighbor configuration mode for BGP routing...

Page 99: ...xample RP 0 RP0 CPU0 router config router bgp 127 Step 2 Places the router in neighbor configuration mode for BGP routing and configures the neighbor IP address as a BGP peer neighbor ip address Example RP 0 RP0 CPU0 router config bgp neighbor 172 168 40 24 Step 3 Disables all active sessions for the specified neighbor shutdown Example Step 4 RP 0 RP0 CPU0 router config bgp nbr shutdown commit Ste...

Page 100: ... address of the neighbor to be reset RP 0 RP0 CPU0 router clear bgp ipv4 unicast 10 0 0 1 soft in The as number argument specifies that all neighbors that match the autonomous system number be reset The external keyword specifies that all external neighbors are reset Resetting Neighbors Using BGP Outbound Soft Reset Perform this task to trigger an outbound soft reset of the specified address famil...

Page 101: ... the graceful keyword is specified the routes from the neighbor are not removed from the BGP table immediately but are marked as stale After the session is re established any stale route that has not been received again from the neighbor is removed SUMMARY STEPS 1 DETAILED STEPS Purpose Command or Action Clears a BGP neighbor Example Step 1 RP 0 RP0 CPU0 router clear bgp ipv4 unicast 10 0 0 3 Clea...

Page 102: ...as the contents of BGP routing tables caches and databases Information provided can be used to determine resource usage and solve network problems You can also display information about node reachability and discover the routing path that the packets of your device are taking through the network SUMMARY STEPS 1 show bgp cidr only 2 show bgp community community list exact match 3 show bgp regexp re...

Page 103: ...ed routes dampened routes flap statistics Step 5 performance statistics received prefix filter routes The advertised routes keyword displays all routes the router advertised to the neighbor Example The dampened routes keyword displays the dampened routes that are learned from the neighbor RP 0 RP0 CPU0 router show bgp neighbors 10 0 101 1 The flap statistics keyword displays flap statistics of the...

Page 104: ...plays status and summary information for the BGP process The output shows various global and address show bgp process Example Step 1 family specific BGP configurations A summary of the RP 0 RP0 CPU0 router show bgp process number of neighbors update messages and notification messages sent and received by the process is also displayed Displays a summary of the neighbors for the IPv4 unicast address...

Page 105: ...but not started the amount of elapsed time since the program was placed is displayed in the Waiting to start column Monitoring BGP Update Groups This task displays information related to the processing of BGP update groups SUMMARY STEPS 1 show bgp update group neighbor ip address process id index summary performance statistics DETAILED STEPS Purpose Command or Action Displays information about BGP...

Page 106: ...TEPS 1 configure 2 router bgp as number 3 nsr disable 4 commit DETAILED STEPS Purpose Command or Action configure Step 1 Specifies the BGP AS number and enters the BGP configuration mode for configuring BGP routing processes router bgp as number Example Step 2 RP 0 RP0 CPU0 router config router bgp 120 Disables BGP Nonstop routing nsr disable Example Step 3 RP 0 RP0 CPU0 router config bgp nsr disa...

Page 107: ...Step 4 Configuring BGP Additional Paths Perform these tasks to configure BGP Additional Paths capability SUMMARY STEPS 1 configure 2 route policy route policy name 3 if conditional expression then action statement else 4 pass endif 5 end policy 6 router bgp as number 7 address family ipv4 unicast ipv6 unicast 8 additional paths receive 9 additional paths send 10 additional paths selection route po...

Page 108: ...ou to configure the BGP routing process router bgp as number Example RP 0 RP0 CPU0 router config router bgp 100 Step 6 Specifies the address family and enters address family configuration submode address family ipv4 unicast ipv6 unicast Example Step 7 RP 0 RP0 CPU0 router config bgp address family ipv4 unicast Configures receive capability of multiple paths for a prefix to the capable peers additi...

Page 109: ...imported into BGP through network statement The value assigned is the value of next hop to the route or as set by a route policy SUMMARY STEPS 1 configure 2 route policy aigp_policy 3 set aigp metricigp cost 4 exit 5 router bgp as number 6 address family ipv4 ipv6 unicast 7 redistribute ospf osp route policy plcy_namemetric value 8 commit DETAILED STEPS Purpose Command or Action configure Step 1 E...

Page 110: ...ynamic Route Leaking Perform these steps to import routes from default VRF to non default VRF or to import routes from non default VRF to default VRF Before you begin A route policy is mandatory for configuring dynamic route leaking Use the route policy route policy name command in global configuration mode to configure a route policy SUMMARY STEPS 1 configure 2 vrf vrf_name 3 address family ipv4 ...

Page 111: ...ised to the PE However the paths are still advertised to the CEs RP 0 RP0 CPU0 router config vrf af export to default vrf route policy rpl_dynamic_route_export export to default vrf configures import from non default VRF to default VRF The paths imported from the default VRF are advertised to other PEs commit Step 5 What to do next These show bgp command output displays information from the dynami...

Page 112: ... 0 24 route policy set_next_hop_agg_v4 aggregate address 10 3 0 0 24 redistribute static route policy set_next_hop_static_v4 address family ipv6 unicast aggregate address 2012 64 route policy set_next_hop_agg_v6 aggregate address 2013 64 redistribute static route policy set_next_hop_static_v6 neighbor 10 0 101 60 remote as 65000 address family ipv4 unicast neighbor 10 0 101 61 remote as 65000 addr...

Page 113: ... remote routers and their autonomous systems are listed The router being configured shares information about networks 131 108 0 0 and 192 31 7 0 with the neighbor routers The first router listed is in a different autonomous system the second neighbor and remote as commands specify an internal neighbor with the same autonomous system number at address 131 108 234 2 and the third neighbor and remote...

Page 114: ...r are just like a normal eBGP update from a peer in autonomous system 666 router bgp 6001 bgp confederation identifier 666 bgp confederation peers 6002 6003 exit address family ipv4 unicast neighbor 171 69 232 55 remote as 6002 exit address family ipv4 unicast neighbor 171 69 232 56 remote as 6003 exit address family ipv4 unicast neighbor 160 69 69 1 remote as 777 In a BGP speaker in autonomous sy...

Page 115: ...200 200 remote as 701 exit address family ipv4 unicast route policy pass all in route policy pass all out The following is a part of the configuration from the BGP speaker 200 200 200 205 from autonomous system 701 in the same example Neighbor 171 232 56 is configured as a normal eBGP speaker from autonomous system 666 The internal division of the autonomous system into multiple autonomous systems...

Page 116: ...BGP NSR configure router bgp 120 no nsr end Primary Backup Path Installation Example The following example shows how to enable installation of primary backup path router bgp 120 address family ipv4 unicast additional paths receive additional paths send additional paths selection route policy bgp_add_path end Originating Prefixes With AiGP Example The following is a sample configuration for origina...

Page 117: ... numeric identifier that is distributed through RIB as one of the routing attribute of FIB entry in the FIB lookup table A flow tag is instantiated using the set operation from RPL and is referenced in the C3PL PBR policy where it is associated with actions policy rules against the flow tag value You can use flow tag propagation to Classify traffic based on destination IP addresses using the Commu...

Page 118: ...ig pfx 10 1 30 0 24 Router config pfx end set Router config prefix set FLOWTAG38 Router config pfx 10 1 40 0 24 Router config pfx end set Router config route policy SETFLOWTAG Router config rpl if destination in FLOWTAG36 then set flow tag 36 endif Router config rpl if destination in FLOWTAG38 then set flow tag 38 endif Router config rpl end policy Router config commit Tue Apr 3 15 10 07 223 IST C...

Page 119: ...r config interface GigabitEthernet 0 0 0 1 Router config if ipv4 address 10 10 10 1 255 255 255 0 Router config if service policy type pbr input FLOWMATCH Router config if no shut Commit the configuration Router config if commit Mon Mar 19 07 59 01 081 IST RP 0 0 CPU0 Mar 19 07 59 01 537 ifmgr 403 PKT_INFRA LINK 3 UPDOWN Interface GigabitEthernet0 0 0 1 changed state to Down RP 0 0 CPU0 Mar 19 07 ...

Page 120: ... then set flow tag 36 endif if destination in FLOWTAG40 then set flow tag 40 endif end policy router bgp 10 bgp router id 1 1 1 1 address family ipv4 unicast table policy SETFLOWTAG redistribute static bgp attribute download redistribute connected neighbor 20 20 20 1 24 remote as 20 address family ipv4 unicast route policy BGPIN in route policy BGPOUT out route policy BGPIN pass end policy route p...

Page 121: ...nd Reference for Cisco NCS 5000 Series Routers Bidirectional Forwarding Detection BFD Configuring AAA Services on module of System Security Configuration Guide for Cisco NCS 6000 Series Routers Task ID information Standards Title Standards Authentication for TCP based Routing and Management Protocols by R Bonica B Weis S Viswanathan A Lange O Wheeler draft bonica tcp auth 05 txt A Border Gateway P...

Page 122: ...n RFC 2385 BGP Route Flap Damping RFC 2439 Use of BGP 4 Multiprotocol Extensions for IPv6 Inter Domain Routing RFC 2545 BGP Route Reflection An Alternative to Full Mesh IBGP RFC 2796 Multiprotocol Extensions for BGP 4 RFC 2858 Route Refresh Capability for BGP 4 RFC 2918 Autonomous System Confederations for BGP RFC 3065 Capabilities Advertisement with BGP 4 RFC 3392 A Border Gateway Protocol 4 BGP ...

Page 123: ... of pages of searchable technical content including links to products technologies solutions technical tips and tools Registered Cisco com users can log in from this page to access even more content Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 101 Implementing BGP Additional References ...

Page 124: ...Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 102 Implementing BGP Additional References ...

Page 125: ...d propagate filtering and policing functionality among a large number of BGP peer routers to mitigate the effects of a distributed denial of service DDoS attack over your network In traditional methods for DDoS mitigation such as RTBH remotely triggered blackhole a BGP route is injected advertising the website address under attack with a special community This special community on the border route...

Page 126: ...er and satellite interfaces A maximum of five multi value range can be specified in a flowspec rule A mix of address families is not allowed in flowspec rules In multiple match scenario only the first matching flowspec rule will be applied A maximum of 3000 flowspec rules are supported per system BGP Flowspec Conceptual Architecture In this illustration a Flowspec router controller is configured o...

Page 127: ...d with a set of attributes depending on the particular application such attributes may or may not include reachability information that is NEXT_HOP Every flow spec route is effectively a rule consisting of a matching part encoded in the NLRI field and an action part encoded as a BGP extended community The BGP flowspec rules are converted internally to equivalent C3PL policy representing match and ...

Page 128: ...in the BGP UPDATE messages as a length in bits followed by enough octets to contain the prefix information Encoding type 1 octet prefix length 1 octet prefix Syntax match destination address ipv4 address mask length IPv4 Destination address Type 1 Prefix length Defines the source prefix to match Encoding type 1 octet prefix length 1 octet prefix Syntax match source address ipv4 address mask length...

Page 129: ...x value IPv4 source or destination port Type 4 Multi value range Defines a list of operation value pairs used to match the destination port of a TCP or UDP packet Values are encoded as 1 or 2 byte quantities Encoding type 1 octet op value Syntax match destination port destination port value min value max value IPv4 destination port Type 5 Multi value range Defines a list of operation value pairs u...

Page 130: ...P header which contains bits 8 through 15 of the 4th 32 bit word When a 2 byte encoding is used it matches bytes 12 and 13 of the TCP header with the data offset field having a don t care value As with port specifier this component evaluates to FALSE for packets that are not TCP packets This type uses the bitmask operand format which differs from the numeric operator format in the lower nibble Enc...

Page 131: ...action sequences Traffic Filtering Actions The default action for a traffic filtering flow specification is to accept IP traffic that matches that particular rule The following extended community values can be used to specify particular actions Description PBR Action Extended Community Type The traffic rate extended community is a non transitive extended community across the autonomous system boun...

Page 132: ...ery flow spec NLRI in the message that has this path as its best path The filter entry matches the IP packets described in the NLRI field and redirects them or copies them towards the IPv4 address specified in the Network Address of Next Hop field of the associated MP_REACH_NLRI The redirect to IP extended community is valid with any other set of flow spec extended communities except if that set i...

Page 133: ...ble for both the Client and the Controller Enable BGP Flowspec on page 112 explains the procedure Client side No specific configuration except availability of a flowspec enabled peer Controller side This includes the policy map definition and the association to the ePBR configuration consists of two procedures the class definition and using that class in ePBR to define the action The following top...

Page 134: ...pv4 vpnv4 flowspec 4 exit 5 neighbor ip address 6 remote as as number 7 address family ipv4 flowspec DETAILED STEPS Purpose Command or Action configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode allowing you to configure the BGP routing process router bgp as number Example RP 0 RP0 CPU0 router config router bgp 100 Step 2 Specifies either the IPv4 vpn4 addr...

Page 135: ...PS 1 configure 2 class map type traffic match all class map name 3 match match statement 4 end class map DETAILED STEPS Purpose Command or Action configure Step 1 Creates a class map to be used for matching packets to the class whose name you specify and enters the class map class map type traffic match all class map name Example Step 2 configuration mode If you specify match any one of the RP 0 R...

Page 136: ... Type 7 match ipv4 icmp code value min value max value Type 8 match ipv4 icmp type value min value max value Type 9 match tcp flag value bit mask mask_value Type 10 matchpacket length packet length value min value max value Type 11 match dscp dscp value min value max value Type 12 match fragment type is fragment Type 13 match ipv4 flow label value min value max value Ends the class map configurati...

Page 137: ...ecifies the name of the class whose policy you want to create or change class class name Example Step 3 RP 0 RP0 CPU0 router config pmap class class1 Associates a previously configured traffic class with the policy map and enters control policy map traffic class configuration mode class type traffic class name Example RP 0 RP0 CPU0 router config pmap class type Step 4 traffic classc1 Define extend...

Page 138: ...s and this policy is applied on all the interfaces that are part of the VRF If you have already configured a ePBR policy on an interface it will not be overwritten by the BGP flowspec policy If you remove the policy from an interface ePBR infrastructure will automatically apply BGP flowspec policy on it if one was active at the VRF level At a time only one ePBR policy can be active on an interface...

Page 139: ...nterface all Example Step 5 RP 0 RP0 CPU0 router config flowspec af local install interface all Attaches a policy map to an IPv4 interface to be used as the service policy for that interface service policy type pbr policy name Example Step 6 RP 0 RP0 CPU0 router config flowspec af service policy type pbr policys1 commit Step 7 Returns the router to flowspec configuration mode exit Example Step 8 R...

Page 140: ...c_mgr location all node node0_3_CPU0 Job Id 10 PID 43643169 Executable path disk0 iosxr fwding 5 2 CSC33695 015 i bin flowspec_mgr Instance 1 Version ID 00 00 0000 Respawn ON Respawn count 331 Max spawns per minute 12 Last started Wed Apr 9 10 42 13 2014 Started on config cfg gl flowspec Process group central services core MAINMEM startup_path pkg startup flowspec_mgr startup Ready 1 113s Process ...

Page 141: ...1 1 0 24 DPort 120 130 SPort 25 30 DSCP 30 detail AFI IPv4 Flow Dest 110 1 1 0 24 Source 10 1 1 0 24 DPort 120 130 SPort 25 30 DSCP 30 Actions Traffic rate 0 bps bgp 1 Statistics packets bytes Matched 0 0 Transmitted 0 0 Dropped 0 0 Use this command to verify if a flowspec rule configured on the controller router is available on the BGP side In this show bgp ipv4 flowspec Example Step 4 example re...

Page 142: ...e use of the unchanged knob SUMMARY STEPS 1 configure 2 router bgp as number 3 neighbor ip address 4 address family ipv4 5 flowspec next hop unchanged DETAILED STEPS Purpose Command or Action configure Step 1 Specifies the autonomous system number and enters the BGP configuration mode allowing you to configure the BGP routing process router bgp as number Example RP 0 RP0 CPU0 router config router ...

Page 143: ...t meet these conditions is appropriately marked by BGP and not installed in flowspec manager Additionally BGP enforces that the last AS added within the AS_PATH and AS4_PATH attribute of a EBGP learned flow specification NLRI must match the last AS added within the AS_PATH and AS4_PATH attribute of the best match unicast route for the destination prefix embedded in the flow specification Also when...

Page 144: ...lowspec on an interface and apply another PBR policy Interface GigabitEthernet 0 0 0 0 flowspec ipv4 disable int g0 0 0 1 service policy type pbr test_policy Disable Flowspec Redirect and Validation You can disable flowspec validation as a whole for eBGP sessions by means of configuring an explicit knob SUMMARY STEPS 1 configure 2 router bgp as number 3 neighbor ip address 4 address family ipv4 5 ...

Page 145: ...validation flowspec validation disable redirect disable Example Step 5 RP 0 RP0 CPU0 router config bgp router bgp 100 neighbor 1 1 1 1 address family ipv4 flowspec validation disable Configuration Examples for Implementing BGP Flowspec Flowspec Rule Configuration Flowspec rule configuration example In this example two flowspec rules are created for two different VRFs with the goal that all packets...

Page 146: ...c local install interface all address family ipv4 service policy type pbr fs_table_default vrf blue address family ipv4 service policy type pbr fs_table_blue local Interface GigabitEthernet 0 0 0 0 vrf blue ipv4 flowspec disable Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 124 Implementing BGP Flowspec Flowspec Rule Configuration ...

Page 147: ...action configuration class map type traffic match all match dscp af11 match dscp 10 end class map policy map type pbr test6 class type traffic match dscp af11 set dscp af23 class type traffic class default end policy map In this example the traffic marking extended community match dscp instructs the system to modify or set the DSCP bits of a transiting IP packet from dscp 10 to dscp af23 Additiona...

Page 148: ...semination of Flow Specification Rules RFC 5575 Technical Assistance Link Description http www cisco com techsupport The Cisco Technical Support website contains thousands of pages of searchable technical content including links to products technologies solutions technical tips and tools Registered Cisco com users can log in from this page to access even more content Routing Configuration Guide fo...

Page 149: ...affic Engineering LSPs Release 4 3 1 Modification Release This feature was introduced Release 5 0 0 Support for BFD over Logical Bundle was added Release 5 2 5 Prerequisites for Implementing BFD on page 127 Restrictions for Implementing BFD on page 128 Information About BFD on page 129 How to Configure BFD on page 142 Configuration Examples for Configuring BFD on page 167 Where to Go Next on page ...

Page 150: ...ing configurations or states are present on the bundle member Link Aggregation Control Protocol LACP Distributing state is reached Or EtherChannel or POS Channel is configured Or Hot Standby and LACP Collecting state is reached Restrictions for Implementing BFD These restrictions apply to BFD Demand mode is not supported in Cisco IOS XR software BFD echo mode is not supported for these features BF...

Page 151: ...re Instead of using a dynamic routing protocol to establish a BFD neighbor you can establish a specific BFD peer or neighbor for BFD responses in Cisco IOS XR software using a method of static routing to define that path In fact you must configure a static route for BFD if you do not configure BFD under a dynamic routing protocol in Cisco IOS XR software For more information see the Enabling BFD o...

Page 152: ...r A can be sent with both the source and destination address of Peer A BFD echo packets are sent in addition to BFD control packets Figure 9 BFD Asynchronous Mode With Echo Packets For more information about control and echo packet intervals in asynchronous mode see the BFD Packet Intervals and Failure Detection BFD Packet Information BFD Source and Destination Ports BFD payload control packets ar...

Page 153: ...ilable in BFD asynchronous mode The maximum echo packet interval for BFD on bundle member links is the minimum of either 30 seconds or the asynchronous control packet failure detection time When echo mode is disabled the behavior is the same as BFD over physical interfaces where sessions exchange BFD control packets at the configured rate Control Packet Failure Detection In Asynchronous Mode Contr...

Page 154: ... Examples This section provides examples of several scenarios of standard echo packet processing and failure detection without configuration of latency detection for non bundle interfaces In these examples consider an interval of 50 ms and a multiplier of 3 The same interval and multiplier counter scheme for echo failure detection is used for bundle interfaces but the values are determined by the ...

Page 155: ... 5 RX count 0 150 ms roundtrip latency T 451 ms Echo 6 RX count 0 200 ms roundtrip latency no failure detection T 501 ms Echo 7 RX count 0 200 ms roundtrip latency no failure detection T 551 ms Echo 8 RX count 0 200 ms roundtrip latency no failure detection Note Looking at the delay between receipt of echo packets for the BFD session observe that no latency is beyond the I x M window Echo 1 RX Ech...

Page 156: ...ther 30 seconds or the asynchronous control packet failure detection time Echo Packet Latency BFD only detects an absence of receipt of echo packets not a specific delay for TX RX of a particular echo packet In some cases receipt of BFD echo packets in general can be within their overall tolerances for failure detection and packet transmission but a longer delay might develop over a period of time...

Page 157: ...iated only after a session is established using BFD control packets Echo mode is always enabled for BFD bundle member interfaces For physical interfaces the BFD minimum interval must also be less than two seconds to support echo packets BFD echo packets are transmitted over UDP IPv4 using source and destination port 3785 The source address of the IP packet is the IP address of the output interface...

Page 158: ...s specifically stated For example BFD cannot be configured on BVI and interflex Note Cisco IOS XR software supports BFD Version 0 and Version 1 BFD sessions are established using either version depending upon the neighbor BFD Version 1 is the default version and is tried initially for session creation Enabling BFD on a Static Route The following procedure describes how to enable BFD on a static ro...

Page 159: ...terval in milliseconds Range is from 10 through 10000 Include the optional multiplier keyword argument to ensure that the next hop is assigned with the same detect multiplier Replace the multiplier argument with a number that specifies the detect multiplier Range is from 1 through 10 Specifies a VPN routing and forwarding VRF instance and enters static route configuration mode for that VRF vrf vrf...

Page 160: ...a bundle manager The bundle manager determines the state of member links and the overall availability of the bundle The state of the member links contributes to the overall state of the bundle based on the threshold of minimum active links or minimum active bandwidth that is configured for that bundle Overview of BFD State Change Behavior on Member Links and Bundle Status This section describes wh...

Page 161: ...cation is not sent but the internal infrastructure treats the event as if a DOWN has occurred The BFD configuration is removed on a neighboring router and the neighbor unconfiguration timer if configured expires The BFD system notifies the bundle manager that the BFD configuration has been removed on the neighboring router and if bfd timers nbr unconfig is configured on the link the timer is start...

Page 162: ...wo endpoints that have IP connectivity For BFD Multihop IPv4 addresses in both global routing table and in a VRF is supported BFD IPv6 Multihop Bidirectional Forwarding Detection BFD Multihop IPv6 MHv6 feature supports BFD sessions between interfaces that are multiple hops away The BFD MHv6 enables a BFD session between two addresses BFD session between provider edge PE and customer edge CE loopba...

Page 163: ...port and that use BFD as fast failure detection mechanism to enhance network reliability and up time by using BFD as fast failure detection traffic black holing BFD over MPLS TE LSPs support BFD async mode BFD echo mode is not supported IPv4 only since MPLS core is IPv4 BFD packets will carry IP DSCP 6 Internet Control Use of BFD for TE tunnel bring up re optimization and path protection Standby a...

Page 164: ...r OSPF states are both 2 way If you are using BFD with Unicast Reverse Path Forwarding uRPF on a particular interface then you need to use the echo disable command to disable echo mode on that interface otherwise echo packets will be rejected For more information see the Disabling Echo Mode To enable or disable IPv4 uRPF checking on an IPv4 interface use the no ipv4 verify unicast source reachable...

Page 165: ... BGP routing and configures the neighbor IP address as a BGP peer neighbor ip address Example RP 0 RP0 CPU0 router config bgp neighbor 172 168 40 24 Step 5 This example configures the IP address 172 168 40 24 as a BGP peer Creates a neighbor and assigns it a remote autonomous system remote as autonomous system number Example Step 6 This example configures the remote autonomous system to be 2002 RP...

Page 166: ...nal Enables BFD multipath for the specified bundle on the interface This step is required for bundle interfaces bfd multipath include locationnode id Example Step 2 This step must be repeated for every line card that has a member link in the bundle interface Note RP 0 RP0 CPU0 router config bfd multipath include location 0 0 CPU0 Enters OSPF configuration mode allowing you to configure the OSPF ro...

Page 167: ...bitEthernet 0 3 0 1 Enables BFD to detect failures in the path between adjacent forwarding engines bfd fast detect Example Step 8 RP 0 RP0 CPU0 router config ospf ar if bfd fast detect commit Step 9 Verify that BFD is enabled on the appropriate interface show run router ospf Example Step 10 RP 0 RP0 CPU0 router config ospf ar if show run router ospf Enabling BFD for OSPFv3 on an Interface The foll...

Page 168: ...bfd minimum interval milliseconds Example Step 3 This example sets the BFD minimum interval to 6500 milliseconds RP 0 RP0 CPU0 router config ospfv3 bfd minimum interval 6500 Sets the BFD multiplier bfd multiplier multiplier Step 4 Example This example sets the BFD multiplier to 7 RP 0 RP0 CPU0 router config ospfv3 bfd multiplier 7 Configures an OSPFv3 area area area id Step 5 Example Replace area ...

Page 169: ...t be directly connected between peer routers without any switches in between Specifying the BFD Destination Address on a Bundle To specify the BFD destination address on a bundle complete these steps DETAILED STEPS SUMMARY STEPS 1 configure 2 interface Bundle Ether Bundle POS bundle id 3 bfd address family ipv4 destination ip address 4 commit DETAILED STEPS Purpose Command or Action configure Step...

Page 170: ...er Bundle POS bundle id Example Step 2 RP 0 RP0 CPU0 router config interface Bundle Ether 1 Enables IPv4 BFD sessions on bundle member links bfd address family ipv4 fast detect Example Step 3 RP 0 RP0 CPU0 router config if bfd address family ipv4 fast detect commit Step 4 Configuring the Minimum Thresholds for Maintaining an Active Bundle The bundle manager uses two configurable minimum thresholds...

Page 171: ...is from 1 to 32 bundle minimum active links links Example Step 4 When BFD is started on a bundle that is already active the BFD state of the bundle is declared when the BFD state of all the existing active members is known Note RP 0 RP0 CPU0 router config if bundle minimum active links 2 commit Step 5 Configuring BFD Packet Transmission Intervals and Failure Detection Times on a Bundle BFD asynchr...

Page 172: ...imum interval in milliseconds for asynchronous mode control packets on IPv4 BFD sessions on bundle member links The range is from 15 to 30000 Although the command allows you to configure a minimum of 15 ms the supported minimum on the Cisco NCS 6000 Series Router is 33 ms Note Specifies a number that is used as a multiplier with the minimum interval to determine BFD control and echo packet bfd add...

Page 173: ...S bundle id Example Step 2 RP 0 RP0 CPU0 router config interface Bundle Ether 1 Specifies the number of seconds after startup of a BFD member link session to wait for the expected notification bfd address family ipv4 timers start seconds Example Step 3 from the BFD peer to be received so that the session can RP 0 RP0 CPU0 router config if be declared up If the SCN is not received after that period...

Page 174: ...ress of the output interface as the default source address for an echo packet You can use the echo ipv4 source command in BFD or interface BFD configuration mode to specify the IP address that you want to use as the echo packet source address You can override the default IP source address for echo packets for BFD on the entire router or for a particular interface Specifying the Echo Packet Source ...

Page 175: ...Action configure Step 1 Enters BFD configuration mode bfd Example Step 2 RP 0 RP0 CPU0 router config bfd Enters BFD interface configuration mode for a specific interface In BFD interface configuration mode you can specify an IPv4 address on an individual interface interface type interface path id Example RP 0 RP0 CPU0 router config bfd interface gigabitEthernet 0 1 5 0 Step 3 Specifies an IPv4 add...

Page 176: ...er the course of a BFD session where echo latency detect percentage percent value count packet count Step 3 Example percentage percent value Specifies the percentage of the echo failure detection time to be detected as bad latency The range is 100 to 250 The default is 100 RP 0 RP0 CPU0 router config bfd echo latency detect count packet count Specifies a number of consecutive packets received with...

Page 177: ...ng the BFD session to change state When the force keyword is not configured the local system performs echo startup validation if the following conditions are true The local router is capable of running echo echo is enabled for this session The remote router is capable of running echo received control packet from remote system has non zero Required Min Echo RX Interval value When the force keyword ...

Page 178: ...ode is also automatically disabled for BFD on bundled VLANs and IPv6 global and link local addressing Note You can disable echo mode for BFD on the entire router or for a particular interface Disabling Echo Mode on a Router To disable echo mode globally on the router complete the following steps DETAILED STEPS SUMMARY STEPS 1 configure 2 bfd 3 echo disable 4 commit DETAILED STEPS Purpose Command o...

Page 179: ... Step 3 you can disable echo mode on an individual interface or bundle RP 0 RP0 CPU0 router config bfd interface gigabitEthernet 0 1 5 0 Disables echo mode on the specified individual interface or bundle echo disable Example Step 4 RP 0 RP0 CPU0 router config bfd if echo disable commit Step 5 Minimizing BFD Session Flapping Using BFD Dampening To configure BFD dampening to control BFD session flap...

Page 180: ... enabled for BFD on the router You can disable IPv6 checksum support for BFD on the entire router or for a particular interface These sections describe about The command line interface CLI is slightly different in BFD configuration and BFD interface configuration For BFD configuration the disable keyword is not optional Therefore to enable BFD configuration in that mode you need to use the no form...

Page 181: ...3 interface type interface path id 4 ipv6 checksum disable 5 commit DETAILED STEPS Purpose Command or Action configure Step 1 Enters BFD configuration mode bfd Example Step 2 RP 0 RP0 CPU0 router config bfd Enters BFD interface configuration mode for a specific interface interface type interface path id Example Step 3 RP 0 RP0 CPU0 router config bfd interface gigabitEthernet 0 1 5 0 Enables IPv6 c...

Page 182: ...ounters for IPv4 packets IPv6 packets or all packets clear bfd counters ipv4 ipv6 all packet interface type interface path id location node id Example Step 2 RP 0 RP0 CPU0 router clear bfd counters all packet location 0 3 cpu0 Verifies that the BFD counters for IPv4 packets IPv6 packets or all packets have been cleared show bfd counters ipv4 ipv6 all packet interface type interface path id locatio...

Page 183: ...t Configures hello interval in milliseconds bfd minimum intervalmilliseconds Step 4 Example Hello interval range is 100 to 30000 milliseconds Default hello interval is 100 milliseconds RP 0 RP0 CPU0 router config if bfd minimum interval 2000 Configures BFD multiplier detection bfd multiplier number Step 5 Example BFD multiplier range is 3 to 10 Default BFD multiplier is 3 RP 0 RP0 CPU0 router conf...

Page 184: ...come up bfd bringup timeout seconds Example Step 3 Bring up timeout range is 6 to 3600 seconds Default bring up timeout interval is 60 seconds RP 0 RP0 CPU0 router config if bfd bringup timeout 2400 commit Step 4 What to do next Configure BFD dampening parameters to bring up the TE tunnel and to avoid signaling churn in the network Configuring BFD Dampening for TE Tunnels When BFD session fails to...

Page 185: ...his option brings up the TE tunnel with the previous signaled bandwidth Note Configures the maximum delay interval before bringing up the tunnel bfd dampening maximum wait milliseconds Example Step 4 The maximum wait bring up delay time interval range is 1 to 518400000 milliseconds Default initial wait interval is 600000 milliseconds RP 0 RP0 CPU0 router config if bfd dampening maximum wait 700000...

Page 186: ...or disables LSP ping requests Use one of these commands Step 3 bfd lsp ping interval 300 interval seconds Sets periodic LSP ping request interval in seconds The interval range is 60 to 3600 seconds Default interval is 120 seconds Example RP 0 RP0 CPU0 router config if bfd lsp ping interval 300 disable Disables periodic LSP ping requests Or RP 0 RP0 CPU0 router config if bfd lsp ping disable Period...

Page 187: ... range is 100 to 30000 milliseconds Default hello interval is 100 milliseconds Example RP 0 RP0 CPU0 router config mpls traffic eng bfd lsp tail minimum interval 20000 Configures BFD multiplier detection mpls traffic eng bfd lsp tailmultiplier number Step 3 Example BFD multiplier detect range is 3 to 10 Default BFD multiplier is 3 RP 0 RP0 CPU0 router config mpls traffic eng bfd lsp tail multiplie...

Page 188: ...UMMARY STEPS 1 configure 2 track track name 3 type bfdrtr rate tx rate 4 debouncedebounce 5 interface if name 6 destaddress dest_addr 7 commit DETAILED STEPS Purpose Command or Action configure Step 1 Enters track configuration mode track track name Step 2 Example track name Specifies a name for the object to be tracked RP 0 RP0 CPU0 router config track track1 tx_rate time in msec at which the BFD...

Page 189: ...bgp bfd minimum interval 20 RP 0 RP0 CPU0 router config bgp neighbor 192 168 70 24 RP 0 RP0 CPU0 router config bgp nbr remote as 2 RP 0 RP0 CPU0 router config bgp nbr bfd fast detect RP 0 RP0 CPU0 router config bgp nbr commit RP 0 RP0 CPU0 router config bgp nbr end RP 0 RP0 CPU0 router show run router bgp BFD Over OSPF Examples The following example shows how to enable BFD for OSPF on a Gigabit Et...

Page 190: ...oute In this example BFD sessions are established with the next hop 2001 0DB8 D987 398 AE3 B39 333 783 when it becomes reachable BFD on Bundled VLANs Example The following example shows how to configure BFD on bundled VLANs BFD Over Bridge Group Virtual Interface Example The following examples show the configurations of the peer and uut nodes You can see the BVI interface is under a VRF instead of...

Page 191: ...ess 7 37 19 20 255 255 0 0 no shutdown router static address family ipv4 unicast 0 0 0 0 0 7 37 0 1 Below is the uut node example l2vpn bridge group bg bridge domain bd interface Bundle Ether1 100 routed interface BVI100 router vrrp interface BVI100 bfd minimum interval 15 address family ipv4 vrrp 100 address 192 168 1 254 bfd fast detect peer ipv4 192 168 1 1 router ospf 100 vrf cctv1 router id 1...

Page 192: ...4 destination 192 168 77 2 bfd address family ipv4 fast detect bfd address family ipv4 minimum interval 120 ipv4 address 192 168 77 1 255 255 255 252 bundle minimum active links 2 bundle minimum active bandwidth 150000 interface Loopback1 ipv4 address 10 1 1 2 255 255 255 255 interface Pos0 2 0 0 bundle id 1 mode active interface Pos0 1 0 0 bundle id 1 mode active interface Pos0 1 0 1 bundle id 1 ...

Page 193: ...minimum active links 1 interface Bundle Ether1 1 ipv4 address 192 168 100 1 30 encapsulation dot1q 1001 interface Bundle Ether2 bfd address family ipv4 destination 192 168 2 2 bfd address family ipv4 fast detect bfd address family ipv4 min 83 bfd address family ipv4 mul 3 ipv4 address 192 168 2 1 30 bundle minimum active links 1 interface Bundle Ether3 bfd address family ipv4 destination 192 168 3...

Page 194: ...outer configure RP 0 RP0 CPU0 router config bfd RP 0 RP0 CPU0 router config bfd echo ipv4 source 10 10 10 1 The following example shows how to specify the IP address 10 10 10 1 as the source address for BFD echo packets on an individual Gigabit Ethernet interface RP 0 RP0 CPU0 router configure RP 0 RP0 CPU0 router config bfd RP 0 RP0 CPU0 router config bfd interface gigabitethernet 0 1 0 0 RP 0 RP...

Page 195: ... taken down RP 0 RP0 CPU0 router configure RP 0 RP0 CPU0 router config bfd RP 0 RP0 CPU0 router config bfd echo latency detect percentage 100 count 3 Echo Startup Validation Examples The following example shows how to enable echo startup validation for BFD sessions on non bundle interfaces if the last received control packet contains a non zero Required Min Echo RX Interval value RP 0 RP0 CPU0 rou...

Page 196: ...alculations for UDP packets for all BFD sessions on the router RP 0 RP0 CPU0 router configure RP 0 RP0 CPU0 router config bfd RP 0 RP0 CPU0 router config bfd ipv6 checksum disable The following example shows how to reenable IPv6 checksum calculations for UDP packets for all BFD sessions on the router RP 0 RP0 CPU0 router configure RP 0 RP0 CPU0 router config bfd RP 0 RP0 CPU0 router config bfd no ...

Page 197: ...0 router config router static RP 0 RP0 CPU0 router config static address family ipv4 unicast RP 0 RP0 CPU0 router config static afi 10 10 10 10 32 192 0 2 2 bfd fast detect RP 0 RP0 CPU0 router config static afi exit RP 0 RP0 CPU0 router config static exit RP 0 RP0 CPU0 router config interface GigabitEthernet0 0 0 0 RP 0 RP0 CPU0 router config if ipv4 address 192 0 2 1 255 255 255 0 BFD over MPLS ...

Page 198: ...isco IOS XR Software OSPF Commands on Cisco IOS XR Software Static Routing Commands on Cisco IOS XR Software MPLS Traffic Engineering Commands on Cisco IOS XR Software Additional References The following sections provide references related to implementing BFD for Cisco IOS XR software Related Documents Document Title Related Topic Routing Command Reference for Cisco NCS 6000 Series Routers BFD com...

Page 199: ...e a platform under the Cisco Access Products menu http cisco com public sw center netmgmt cmtk mibs shtml Technical Assistance Link Description http www cisco com techsupport The Cisco Technical Support website contains thousands of pages of searchable technical content including links to products technologies solutions technical tips and tools Registered Cisco com users can log in from this page ...

Page 200: ...Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 178 Implementing BFD Technical Assistance ...

Page 201: ...ce for Cisco NCS 6000 Series Routers To locate documentation for other commands that might appear while executing a configuration task search online in the Cisco IOS XR software master command index Note Feature History for Implementing EIGRP This feature was introduced Release 5 0 0 Prerequisites for Implementing EIGRP on page 179 Restrictions for Implementing EIGRP on page 180 Information About ...

Page 202: ...s are propagated and not the entire routing table Propagation reduces the amount of load the routing protocol itself places on the network EIGRP also provides rapid convergence times for changes in the network topology The distance information in EIGRP is represented as a composite of available bandwidth delay load utilization and link reliability with improved convergence properties and operating...

Page 203: ...ranteed ordered delivery of EIGRP packets to all neighbors Some EIGRP packets must be sent reliably and others need not be For efficiency reliability is provided only when necessary The DUAL finite state machine embodies the decision process for all route computations It tracks all routes advertised by all neighbors DUAL uses the distance information known as a metric to select efficient loop free...

Page 204: ... CPU0 router config router eigrp 100 RP 0 RP0 CPU0 router config eigrp address family ipv4 RP 0 RP0 CPU0 router config eigrp af Interface Configuration Mode The following example shows how to enter interface configuration mode in IPv4 address family configuration mode RP 0 RP0 CPU0 router configuration RP 0 RP0 CPU0 router config router eigrp 100 RP 0 RP0 CPU0 router config eigrp address family ip...

Page 205: ...ion Mismatched K Values Mismatched K values EIGRP metrics can prevent neighbor relationships from being established and can negatively impact network convergence The following example explains this behavior between two EIGRP peers ROUTER A and ROUTER B The following error message is displayed in the console of ROUTER B because the K values are mismatched RP 0 CPU0 Mar 13 08 19 55 eigrp 163 ROUTING...

Page 206: ...and display the following message RP 0 CPU0 Mar 13 09 13 17 eigrp 163 ROUTING EIGRP 5 NBRCHANGE IP EIGRP 0 1 Neighbor 10 0 0 20 GigabitEthernet0 6 0 0 is down K value mismatch The receipt of a goodbye message by a nonsupporting peer does not disrupt normal network operation The nonsupporting peer terminates the session when the hold timer expires The sending and receiving routers reconverge normal...

Page 207: ...r C The floating summary route is applied by relating an administrative distance to the default summary route on the interface of Router B with the following statement RP 0 RP0 CPU0 router config if summary address 100 0 0 0 0 0 0 0 0 250 The administrative distance of 250 applied in the above statement is now assigned to the discard route generated on Router B The 0 0 0 0 0 from Router A is learn...

Page 208: ...g of EIGRP update and query packets When split horizon is enabled on an interface update and query packets are not sent for destinations for which this interface is the next hop Controlling update and query packets in this manner reduces the possibility of routing loops By default split horizon is enabled on all interfaces Split horizon blocks route information from being advertised by a router on...

Page 209: ...ibution router is connected to 100 or more remote routers In a hub and spoke topology the remote router must forward all nonlocal traffic to a distribution router so it becomes unnecessary for the remote router to hold a complete routing table Generally the distribution router need not send anything more than a default route to the remote router When using the EIGRP Stub Routing feature you need t...

Page 210: ...e series of statements and expressions that are bracketed with the route policy and end policy keywords Rather than a collection of individual commands one for each line the statements within a route policy have context relative to each other Thus instead of each line being an individual command each policy or set is an independent configuration object that can be used entered and manipulated as a...

Page 211: ...ion contains instructions for the following tasks To save configuration changes you must commit changes when the system prompts you Note Enabling EIGRP Routing This task enables EIGRP routing and establishes an EIGRP routing process Before you begin Although you can configure EIGRP before you configure an IP address no EIGRP routing occurs until at least one IP address is configured SUMMARY STEPS ...

Page 212: ...bility loading mtu Step 5 Example RP 0 RP0 CPU0 router config eigrp af default metric 1000 100 250 100 1500 Optional Allows the use of two administrative distances internal and external that could be a better route to a node distance internal distance external distance Example RP 0 RP0 CPU0 router config eigrp af distance 80 130 Step 6 Defines the interfaces on which the EIGRP routing protocol run...

Page 213: ... from the neighbors is displaced by the summary default route or the summary route is the only default route present all traffic destined for the default route does not leave the router instead this traffic is sent to the null 0 interface where it is dropped The recommended way to send only the default route from a given interface is to use a route policy command Note SUMMARY STEPS 1 configure 2 r...

Page 214: ...fig eigrp af if summary address 192 168 0 0 16 95 commit Step 7 Redistributing Routes for EIGRP This task explains how to redistribute routes apply limits on the number of routes and set timers for nonstop forwarding SUMMARY STEPS 1 configure 2 router eigrp as number 3 address family ipv4 ipv6 4 redistribute bgp connected isis ospf ospfv3 rip static as number route policy name 5 redistribute maxim...

Page 215: ...distribute maximum prefix maximum threshold dampened reset time minutes restart minutes restart count number warning only Step 5 Example RP 0 RP0 CPU0 router config eigrp af redistribute maximum prefix 5000 95 warning only Sets the timer that determines how long an NSF aware EIGRP router holds routes for an inactive peer timers nsf route hold seconds Example Step 6 RP 0 RP0 CPU0 router config eigr...

Page 216: ...umber 8 address family ipv4 ipv6 9 route policy route policy name in out 10 commit DETAILED STEPS Purpose Command or Action configure Step 1 Defines a route policy and enters route policy configuration mode route policy name Example Step 2 RP 0 RP0 CPU0 router config route policy IN IPv4 Optional Sets the EIGRP metric attribute set eigrp metric bandwidth delay reliability load mtu Step 3 Example R...

Page 217: ...istribution and remote routers to use an EIGRP process for stub routing Before you begin EIGRP stub routing should be used only on remote routers A stub router is defined as a router connected to the network core or distribution layer through which core transit traffic should not flow A stub router should not have any EIGRP neighbors other than distribution routers Ignoring this restriction causes...

Page 218: ...emote or spoke router RP 0 RP0 CPU0 router show eigrp neighbors detail Monitoring EIGRP Routing The commands in this section are used to log neighbor adjacency changes monitor the stability of the routing system and help detect problems SUMMARY STEPS 1 configure 2 router eigrp as number 3 address family ipv4 ipv6 4 log neighbor changes 5 log neighbor warnings 6 commit 7 clear eigrp as number ipv4 ...

Page 219: ...sages log neighbor warnings Example Step 5 RP 0 RP0 CPU0 router config eigrp af log neighbor warnings commit Step 6 Deletes EIGRP neighbor entries from the appropriate table clear eigrp as number ipv4 ipv6 neighbors ip address type interface path id Step 7 Example RP 0 RP0 CPU0 routerr clear eigrp 20 neighbors 0 1 0 0 Deletes EIGRP topology entries from the appropriate tab clear eigrp as number ip...

Page 220: ...umber ipv4 ipv6 traffic Example Step 13 RP 0 RP0 CPU0 router show eigrp traffic Configuration Examples for Implementing EIGRP This section provides the following configuration examples Configuring a Basic EIGRP Configuration Example The following example shows how to configure EIGRP with a policy that filters incoming routes This is a typical configuration for a router that has just one neighbor b...

Page 221: ...erences The following sections provide references related to implementing EIGRP Related Documents Document Title Related Topic Routing Command Reference for Cisco NCS 6000 Series Routers EIGRP commands complete command syntax command modes command history defaults usage guidelines and examples Implementing MPLS Traffic Engineering on module in MPLS Configuration Guide for Cisco NCS 6000 Series Rou...

Page 222: ... support for existing standards has not been modified by this feature Technical Assistance Link Description http www cisco com techsupport The Cisco Technical Support website contains thousands of pages of searchable technical content including links to products technologies solutions technical tips and tools Registered Cisco com users can log in from this page to access even more content Routing ...

Page 223: ...n About Implementing IS IS on page 201 Configuration Examples for Implementing IS IS on page 252 Where to Go Next on page 254 Additional References on page 254 Prerequisites for Implementing IS IS You must be in a user group associated with a task group that includes the proper task IDs The command reference guides include the task IDs required for each command If you suspect user group assignment...

Page 224: ...tiple instances of IS IS are being run an interface can be associated with only one instance process Instances may not share an interface Key Features Supported in the Cisco IOS XR IS IS Implementation The Cisco IOS XR implementation of IS IS conforms to the IS IS Version 2 specifications detailed in RFC 1195 and the IPv6 IS IS functionality based on the Internet Engineering Task Force IETF IS IS ...

Page 225: ...outer config isis Router Address Family Configuration Mode The following example shows how to enter router address family configuration mode RP 0 RP0 CPU0 router config router isis isp RP 0 RP0 CPU0 router config isis address family ipv4 u nicast RP 0 RP0 CPU0 router config isis af Interface Configuration Mode The following example shows how to enter interface configuration mode RP 0 RP0 CPU0 rout...

Page 226: ...ble or ipv6 address command See the Network Stack IPv4 and IPv6 Commands on module of IP Addresses and Services Command Reference for Cisco NCS 6000 Series Routers Limit LSP Flooding Limiting link state packets LSP may be desirable in certain meshy network topologies An example of such a network might be a highly redundant one such as a fully meshed set of point to point links over a nonbroadcast ...

Page 227: ...sends a periodic LSP refresh every 15 minutes LSPs remain in a database for 20 minutes by default If they are not refreshed by that time they are deleted You can change the LSP refresh interval or maximum LSP lifetime The LSP interval should be less than the LSP lifetime or else LSPs time out before they are refreshed In the absence of a configured refresh interval the software adjusts the LSP ref...

Page 228: ...eychain feature allows IS IS to reference configured keychains IS IS key chains enable hello and LSP keychain authentication Keychains can be configured at the router level in the case of the lsp password command and at the interface level in the case of the hello password command within IS IS These commands reference the global keychain configuration and instruct the IS IS protocol to obtain secu...

Page 229: ...l the state necessary to recover from a restart without requiring any special cooperation from neighboring routers The state is recovered from the neighboring routers but only using the standard features of the IS IS routing protocol This capability makes Cisco NSF suitable for use in networks in which other routers have not used the IETF standard implementation of NSF If you configure IETF NSF on...

Page 230: ...but nonfatal error such as limited memory 2 During the startup and restart of the process The overload bit can be set until the routing protocol has converged However it is not employed during a normal NSF restart or failover because doing so causes a routing flap 3 During a trial deployment of a new router The overload bit can be set until deployment is verified then cleared 4 During the shutdown...

Page 231: ...g table of the router Attached Bit on an IS IS Instance The attached bit is set in a router that is configured with the is type command and level 1 2 keyword The attached bit indicates that the router is connected to other areas typically through the backbone This functionality means that the router can be used by Level 1 routers in the area as the default route to the backbone The attached bit is...

Page 232: ...t link MPLS LDP IGP Synchronization Compatibility with LDP Graceful Restart LDP graceful restart protects traffic when an LDP session is lost If a graceful restart enabled LDP session fails MPLS LDP IS IS synchronization is still achieved on the interface while it is protected by graceful restart MPLS LDP IGP synchronization is eventually lost under the following circumstances LDP fails to restart...

Page 233: ...ide MPLS TE Interarea Tunnels MPLS TE interarea tunnels allow you to establish MPLS TE tunnels that span multiple IGP areas Open Shorted Path First OSPF and levels IS IS removing the restriction that required that both the tunnel headend and tailend routers be in the same area The IGP can be either IS IS or OSPF See the Configuring MPLS Traffic Engineering for IS IS on page 225 for information on ...

Page 234: ...tion or by the max path capability of the platform Enabling the UCMP configuration indicates that IS IS should perform UCMP computation for the all the reachable ISIS prefixes or all the prefixes in the prefix list if the prefix list option is used The UCMP computation happens only after the primary SPF and route calculation is completed There would be a delay of ISIS_UCMP_INITIAL_DELAY default de...

Page 235: ...ing instance if you are configuring multi instance IS IS RP 0 RP0 CPU0 router config isis net 47 0004 004d 0001 0001 0c11 1110 00 This example configures a router with area ID 47 0004 004d 0001 and system ID 0001 0c11 1110 00 To specify more than one area address specify additional NETs Although the area address portion of the NET differs the systemID portion of the NET must match exactly for all ...

Page 236: ...in the IS IS router stanza You can use either the IPv6 address family or both IPv4 and IPv6 address families but your configuration must represent the set of all active address families on the router Additionally explicitly enable single topology operation by configuring it in the IPv6 router address family submode Two exceptions to these instructions exist 1 If the address family stanza in the IS...

Page 237: ...ode interface type interface path id Example Step 2 RP 0 RP0 CPU0 router config interface GigabitEthernet 0 1 0 3 Defines the IPv4 address for the interface An IP address is required on all interfaces in an area enabled for IS IS if any one interface is configured for IS IS routing Do one of the following Step 3 ipv4 address address mask ipv6 address ipv6 prefix prefix length eui 64 or ipv6 addres...

Page 238: ...ce that is used instead of the link local address that is automatically configured when IPv6 is enabled on the interface Exits interface configuration mode and returns the router to XR Config mode exit Example Step 4 RP 0 RP0 CPU0 router config if exit Enables IS IS routing for the specified routing instance and places the router in router configuration mode router isis instance id Example Step 5 ...

Page 239: ...nterface configuration mode interface type interface path id Example Step 10 RP 0 RP0 CPU0 router config isis interface GigabitEthernet 0 1 0 3 Optional Configures the type of adjacency circuit type level 1 level 1 2 level 2 only Step 11 Example The default circuit type is the configured system type configured through the is type command RP 0 RP0 CPU0 router config isis if circuit type level 1 2 T...

Page 240: ...mand twice For example RP 0 RP0 CPU0 router config isis lsp refresh interval 1200 level 2 RP 0 RP0 CPU0 router config isis lsp refresh interval 1100 level 1 SUMMARY STEPS 1 configure 2 router isis instance id 3 lsp refresh interval seconds level 1 2 4 lsp check interval seconds level 1 2 5 lsp gen interval initial wait initial secondary wait secondary maximum wait maximum level 1 2 6 lsp mtu bytes...

Page 241: ...al Reduces the rate of LSP generation during periods of instability in the network Helps reduce the CPU lsp gen interval initial wait initial secondary wait secondary maximum wait maximum level 1 2 Step 5 load on the router and number of LSP transmissions to its IS IS neighbors Example During prolonged periods of network instability repeated recalculation of LSPs can cause an increased RP 0 RP0 CP...

Page 242: ...its for an acknowledgment before it considers that the LSP was not received and subsequently resends retransmit interval seconds level 1 2 Example RP 0 RP0 CPU0 router config isis if retransmit interval 60 Step 12 RP 0 RP0 CPU0 router config isis if retransmit interval 60 Optional Configures the amount of time between retransmissions on each LSP on a point to point interface retransmit throttle in...

Page 243: ...CPU0 router show isis database log level 1 Configuring Nonstop Forwarding for IS IS This task explains how to configure your router with NSF that allows the Cisco IOS XR software to resynchronize the IS IS link state database with its IS IS neighbors after a process restart The process restart could be due to an RP failover for a warm restart Simple process restart due to an IS IS reload or other ...

Page 244: ...If the resend limit is reached during the NSF restart the restart falls back to a cold restart RP 0 RP0 CPU0 router config isis nsf interface expires 1 Configures the number of seconds to wait for each restart acknowledgment nsf interface timer seconds Example Step 5 RP 0 RP0 CPU0 router config isis nsf interface timer 15 Configures the maximum route lifetime following an NSF restart nsf lifetime ...

Page 245: ...isis instance id Example Step 2 You can change the level of routing to be performed by a particular routing instance by using the is type command RP 0 RP0 CPU0 router config router isis isp Configures the LSP authentication password lsp password hmac md5 text clear encrypted password level 1 2 send only snp send only Step 3 The hmac md5 keyword specifies that the password is used in HMAC MD5 authe...

Page 246: ...6 Configuring Keychains for IS IS This task explains how to configure keychains for IS IS This task is optional Keychains can be configured at the router level lsp password command and at the interface level hello password command within IS IS These commands reference the global keychain configuration and instruct the IS IS protocol to obtain security parameters from the global set of configured k...

Page 247: ...nfigures the authentication password for an IS IS interface h ello password keychain keychain name level 1 2 send only Example Step 5 RP 0 RP0 CPU0 router config isis if hello password keychain isis_b commit Step 6 Configuring MPLS Traffic Engineering for IS IS This task explains how to configure IS IS for MPLS TE This task is optional For a description of the MPLS TE tasks and commands that allow...

Page 248: ...PS Purpose Command or Action configure Step 1 Enables IS IS routing for the specified routing instance and places the router in router configuration mode router isis instance id Example Step 2 You can change the level of routing to be performed by a particular routing instance by using the is type router configuration command RP 0 RP0 CPU0 router config router isis isp Specifies the IPv4 or IPv6 a...

Page 249: ...ance isp mpls traffic eng adjacency log Optional Displays the latest flooded record from MPLS TE show isis instance instance id mpls traffic eng advertisements Example Step 10 RP 0 RP0 CPU0 router show isis instance isp mpls traffic eng advertisements Tuning Adjacencies for IS IS This task explains how to enable logging of adjacency state changes alter the timers for IS IS adjacency packets and di...

Page 250: ...d neighbors interface type interface instance summary detail systemid system id DETAILED STEPS Purpose Command or Action configure Step 1 Enables IS IS routing for the specified routing instance and places the router in router configuration mode router isis instance id Example Step 2 You can change the level of routing to be performed by a particular routing instance by using the is type command R...

Page 251: ...ystem include authentication in the hello packets and requires successful authentication of the hello packet from the neighbor to establish an adjacency h ello password hmac md5 text clear encrypted password level 1 2 send only Example Step 8 RP 0 RP0 CPU0 router config isis if hello password text clear mypassword commit Step 9 Optional Displays IS IS adjacencies show isis instance instance id adj...

Page 252: ... the incremental shortest path first ISPF is not employed immediately Instead the full SPF algorithm is used to seed the state information required for the ISPF to run The startup delay prevents the ISPF from running for a specified interval after an IS IS restart to permit the database to stabilize After the startup delay elapses the ISPF is principally responsible for performing all of the SPF c...

Page 253: ...es when the network is unstable Configuring the value too high delays changes in the network topology that result in lost packets The SPF interval does not apply to the running of the ISPF because that algorithm runs immediately on receiving a changed LSP Optional Configures incremental IS IS ISPF to calculate network topology ispf level 1 2 Example Step 5 RP 0 RP0 CPU0 router config isis af ispf ...

Page 254: ...0 router config router isis isp routing to be performed by a particular routing instance by using the is type command Optional Sets the overload bit set overload bit on startup delay wait for bgp level 1 2 Step 3 The configured overload bit behavior does not apply to NSF restarts because the NSF restart does not set the overload bit during restart Note Example RP 0 RP0 CPU0 router config isis set ...

Page 255: ...mmand must be in the form documented in RFC 2373 in which the address is specified in hexadecimal using 16 bit values between colons or RP 0 RP0 CPU0 router config isis af summary prefix 3003 xxxx 24 level 1 Note that IPv6 prefixes must be configured only in the IPv6 router address family configuration submode and IPv4 prefixes in the IPv4 router address family configuration submode Optional Confi...

Page 256: ...stances are automatically Level 1 and Level 2 You can change the level of RP 0 RP0 CPU0 router config router isis isp routing to be performed by a particular routing instance by using the is type command Enters interface configuration mode interface type interface path id Example Step 3 RP 0 RP0 CPU0 router config isis interface GigabitEthernet 0 1 0 3 Specifies the IPv4 address family and enters ...

Page 257: ...config router isis isp Step 2 Specifies the IPv4 or IPv6 address family and enters router address family configuration mode address family ipv4 ipv6 unicast Example Step 3 RP 0 RP0 CPU0 router config isis address family ipv4 unicast Configures a router to generate and accept only wide link metrics in the Level 1 area metric style wide transition level 1 2 Example Step 4 RP 0 RP0 CPU0 router config...

Page 258: ...ixes are added to the RIB The prefixes can be chosen using an access list ACL prefix list or by matching a tag value SUMMARY STEPS 1 configure 2 router isis instance id 3 address family ipv4 ipv6 unicast 4 metric style wide transition level 1 2 5 spf prefix priority level 1 2 critical high medium access list name tag tag 6 commit DETAILED STEPS Purpose Command or Action configure Step 1 Enables IS...

Page 259: ...nate LFA computation to converge traffic flows around link failures To enable node protection on broadcast links IPFRR and bidirectional forwarding detection BFD must be enabled on the interface under IS IS Note Before you begin IPFRR is supported on the Cisco IOS XR IPv4 address families and single level interfaces are supported Multiprotocol Label Switching MPLS FRR and IPFRR cannot be configure...

Page 260: ...ly ipv4 unicast Specifies the IP fast reroute loop free alternate computation on link or node failures ipfrr lfa level 1 2 Example Step 6 RP 0 RP0 CPU0 router config isis if af ipfrr lfa level 1 Optional Excludes an interface from the IP fast reroute loop free alternate computation ipfrr lfa exclude interface type interface path id Example Step 7 RP 0 RP0 CPU0 router config isis if af ipfrr lfa ex...

Page 261: ... a session with the remote router to exchange labels for prefixes 4 LDP sets up MPLS forwarding for the protected prefix and the corresponding backup path 5 On link failure and fast reroute trigger the remote LFA backup path is activated with less than 50 millisecond convergence time 6 The backup path is active until the IGP converges to the new primary path Remote LFA Topology Consider the topolo...

Page 262: ...loopback0 RP 0 RP0 CPU0 router config if ipv4 address 10 10 10 1 255 255 255 255 RP 0 RP0 CPU0 router config if no shutdown RP 0 RP0 CPU0 router config if exit 2 Configure IS IS RP 0 RP0 CPU0 router config router isis rlfa RP 0 RP0 CPU0 router config isis net 10 0001 0001 0001 00 cted 3 Configure RLFA for IS IS RP 0 RP0 CPU0 router config isis interface gigabitEthernet 0 0 0 1 RP 0 RP0 CPU0 router...

Page 263: ...is rlfa microloop avoidance protected net 10 0001 0001 0001 00 interface GigabitEthernet0 0 0 1 address family ipv4 unicast fast reroute per prefix remote lfa tunnel mpls ldp fast reroute per prefix remote lfa maximum metric 20 Sample Verification Outputs You can run the show commands mentioned in this section to verify whether RLFA is operational in your network This section lists the sample outp...

Page 264: ...gabitEthernet0 0 0 2 rt3 FRR backup via 20 1 1 2 GigabitEthernet0 0 0 1 rt2 Local LFA backup display L1 40 1 1 0 24 20 115 via 30 1 1 2 GigabitEthernet0 0 0 2 rt3 Remote FRR backup via rt5 12 12 12 12 via 20 1 1 2 GigabitEthernet0 0 0 1 rt2 Remote LFA backup display FIB Verification Verify the presence of remote backup paths in the FIB RP 0 RP0 CPU0 router show cef 10 1 1 1 detail 10 1 1 1 32 vers...

Page 265: ... Encaps 0 4 MTU 8000 Label Stack Top Bottom 16001 Packets Switched 0 16002 10 1 1 1 32 FI0 1 CPU0 1 1 1 2 0 16003 Updated Apr 29 14 25 09 770 Path Flags 0x300 IDX 1 BKUP REMOTE MAC Encaps 0 4 MTU 1500 Label Stack Top Bottom 16002 16003 Packets Switched 0 RP 0 RP0 CPU0 router show mpls forwarding prefix 10 1 1 1 32 Local Outgoing Prefix Outgoing Next Hop Bytes Label Label or ID Interface Switched 1...

Page 266: ...ti line output for a routing path G GR S Stale R Remote LFA FRR Backup Prefix Label Label Outgoing Next Hop Flags In Out Interface G S R 10 1 1 1 32 16001 16002 Gi0 0 0 1 12 1 0 2 16003 Gi0 0 0 2 13 1 0 3 G R 16004 4 4 4 4 G RP 0 RP0 CPU0 router show mpls ldp forwarding 10 1 1 1 32 detail Codes GR label recovering LFA FRR Pure Backup path Label stack with multi line output for a routing path G GR ...

Page 267: ... show mpls lsd forwarding labels 16001 detail In_Label ID Path_Info Type 16001 IPv4 default 4U 10 1 1 1 32 2 Paths 1 2 IPv4 rLFA default 4U Gi0 0 0 1 nh 12 1 0 2 lbl 16002 tun_id 0 flags 0x0 Protected path id 1 backup path id 33 2 2 IPv4 rLFA default 4U Gi0 0 0 2 nh 13 1 0 3 lbls 16003 16004 tun_id 0 flags 0x4008 Retain Remote Backup 0x8 Retain Backup path id 33 backup path id 0 BCDL priority 3 LS...

Page 268: ...es 1 tunnel_encap_ptr 0x00000000 next hop 180 4 0 2 TLU Channel 2 Addr 0x00712426 ENTRY 0 SW 00000008 00000000 03e82000 20460b00 HW 00000008 00000000 03e82000 20460b00 label1 16002 label2 16003 label 3 16009 num of labels 1 next ptr 0x0020460b frr Flags 0x28c New flag to indicate that LFA is over PQ Primary adjacency L2 Load info TLU Channel 3 Addr 0x20460b HW 0x00010000 0x00000000 0x00000000 0x30...

Page 269: ...Bit Avoidance This task describes how to activate IS IS overload bit avoidance Before you begin The IS IS overload bit avoidance feature is valid only on networks that support the following Cisco IOS XR features MPLS IS IS SUMMARY STEPS 1 configure 2 mpls traffic eng path selection ignore overload DETAILED STEPS Purpose Command or Action configure Step 1 Activates IS IS overload bit avoidance mpls...

Page 270: ...ted through B However with ISIS Link Group you can set an offset of 20 with minimum members of 2 Thus if a link between A and B fails the metric is raised to 40 configured 20 offset 20 and so the traffic is routed to C Further you can define another ISIS Link Group this time between A and C If a link between B and C fails you can raise the offset to 20 and thus traffic is routed back to B Configur...

Page 271: ... are configured in the profile The revert members is default to minimum members if it is not configured Note commit Step 4 Optional If link group is configured on the interface when showing the IS IS interface related topology this command displays the link group and current offset metric value show isis interface Example RP 0 RP0 CPU0 router show isis interface Step 5 Optional Displays the update...

Page 272: ...ast Groups Membership All ISs Yes IPv4 Unicast Topology Enabled Adjacency Formation Running Prefix Advertisement Running Metric L1 L2 110 110 Weight L1 L2 0 0 MPLS Max Label Stack 1 MPLS LDP Sync L1 L2 Disabled Disabled Link Group L1 L2 Configured Configured Metric Offset L1 L2 100 100 IPv4 Address Family Enabled Protocol State Up Forwarding Address es 100 5 6 6 Global Prefix es 100 5 6 0 24 LSP t...

Page 273: ...ig router isis purple Enters interface configuration mode interface type interface path id Example Step 3 RP 0 RP0 CPU0 router config isis interface GigabitEthernet 0 1 0 3 Specifies the IPv6 address family and enters router address family configuration mode address family ipv4 ipv6 unicast Example Step 4 This example specifies the unicast IPv4 address family RP 0 RP0 CPU0 router config isis addre...

Page 274: ...d for IPv6 This configuration allows POS interface 0 3 0 0 to form adjacencies for both IPv4 and IPv6 addresses router isis isp net 49 0000 0000 0001 00 address family ipv6 unicast single topology interface POS0 3 0 0 address family ipv4 unicast address family ipv6 unicast exit interface POS0 3 0 0 ipv4 address 10 0 1 3 255 255 255 0 ipv6 address 2001 1 64 Configuring Multitopology IS IS for IPv6 ...

Page 275: ... router isis 1 is type level 2 only net 49 0001 0001 0001 0001 00 address family ipv4 unicast distance 116 redistribute isis 2 level 2 interface GigabitEthernet 0 3 0 0 address family ipv4 unicast router isis 2 is type level 1 net 49 0002 0001 0001 0002 00 address family ipv4 unicast attached bit send always set interface GigabitEthernet 0 1 0 0 address family ipv4 unicast Tagging Routes Example T...

Page 276: ...see the following document modules in Routing Configuration Guide for Cisco NCS 6000 Series Routers Implementing OSPF Implementing BGP Implementing EIGRP Implementing RIP Additional References The following sections provide references related to implementing IS IS Related Documents Document Title Related Topic Routing Command Reference for Cisco NCS 6000 Series Routers IS IS commands complete comm...

Page 277: ...nk Smit and Toni Li Draft ietf isis traffic 05 txt Restart Signaling for IS IS by M Shand and Les Ginsberg Draft ietf isis restart 04 txt Point to point operation over LAN in link state routing protocols by Naiming Shen Draft ietf isis igp p2p over lan 05 txt IP Fast Reroute Framework by M Shand and S Bryant Draft ietf rtgwg ipfrr framework 06 txt A Framework for Loop free Convergence by M Shand a...

Page 278: ... RFC 3567 IS IS Management Information Base RFC 4444 Technical Assistance Link Description http www cisco com techsupport The Cisco Technical Support website contains thousands of pages of searchable technical content including links to products technologies solutions technical tips and tools Registered Cisco com users can log in from this page to access even more content Routing Configuration Gui...

Page 279: ...software and complete descriptions of the OSPF commands listed in this module see the Related Documents on page 341 section of this module To locate documentation for other commands that might appear during execution of a configuration task search online in the Note Feature History for Implementing OSPF This feature was introduced Release 5 0 0 Prerequisites for Implementing OSPF on page 257 Infor...

Page 280: ...rk and so on This information is propagated in various types of link state advertisements LSAs A router stores the collection of received LSA data in a link state database This database includes LSA data for the links of the router The contents of the database when subjected to the Dijkstra algorithm extract data to create an OSPF routing table The difference between the database and the routing t...

Page 281: ...individual IP subnet basis OSPF typically requires coordination among many internal routers Area Border Routers ABRs which are routers attached to multiple areas and Autonomous System Border Routers ASBRs that export reroutes from other sources for example IS IS BGP or static routes into the OSPF topology At a minimum OSPF based routers or access servers can be configured with all default paramete...

Page 282: ...nd CLI Inheritance Cisco IOS XR Software introduces new OSPF configuration fundamentals consisting of hierarchical CLI and CLI inheritance Hierarchical CLI is the grouping of related network component information at defined hierarchical levels such as at the router area and interface levels Hierarchical CLI allows for easier configuration maintenance and troubleshooting of OSPF configurations When...

Page 283: ...ting OSPF you must know what the routing components are and what purpose they serve They consist of the autonomous system area types interior routers ABRs and ASBRs Figure 15 OSPF Routing Components This figure illustrates the routing components in an OSPF network topology Autonomous Systems The autonomous system is a collection of networks under the same administrative control that share routing ...

Page 284: ...he rest of the autonomous system The stub ABR advertises a single default route to external destinations into the stub area Routers within a stub area use this route for destinations outside the area and the autonomous system This relationship conserves LSA database space that would otherwise be used to store external LSAs flooded into the area In Figure 15 OSPF Routing Components on page 261 Area...

Page 285: ... same destination are compared For a Type 1 ASE the combination of the external cost and cost to reach the ASBR is used Type 2 external cost is the default and is always more costly than an OSPF route and used only if no OSPF route exists Interior Routers An interior router such as R1 in Figure 15 OSPF Routing Components on page 261 is attached to one area for example all the interfaces reside in ...

Page 286: ... not have access permission and could use the password to infiltrate a network Therefore plain text authentication does not provide security It might protect against a faulty implementation of OSPF or a misconfigured OSPF interface trying to send erroneous OSPF packets MD5 Authentication MD5 authentication provides a means of security No password travels on the physical medium Instead the router u...

Page 287: ...lves listed in the hello packet of the neighbor After two routers are neighbors they may proceed to exchange and synchronize their databases which creates an adjacency On broadcast and NBMA networks all neighboring routers have an adjacency Designated Router DR for OSPF On point to point and point to multipoint networks the Cisco IOS XR software floods routing updates to immediate neighbors No DR ...

Page 288: ...nd advertised throughout an NSSA NSSAs do not receive or originate Type 5 LSAs Type 7 LSAs are advertised only within a single NSSA They are not flooded into the backbone area or into any other area by border routers Intra area prefix LSAs Type 9 A router can originate multiple intra area prefix LSAs for every router or transit network each with a unique link state ID The link state ID for each in...

Page 289: ...pe 5 LSAs Type 7 LSAs are advertised only within a single NSSA They are not flooded into the backbone area or into any other area by border routers Link LSA Type 8 Has link local flooding scope and is never flooded beyond the link with which it is associated Link LSAs provide the link local address of the router to all other routers attached to the link or network segment inform other routers atta...

Page 290: ...n nonbackbone area to which the two routers belong is called a transit area A virtual link specifies the transit area and the router ID of the other virtual endpoint the other ABR A virtual link cannot be configured through a stub area or NSSA Figure 16 Virtual Link to Area 0 This figure illustrates a virtual link from Area 3 to Area 0 Passive Interface Setting an interface as passive disables the...

Page 291: ...n the higher priority queues high priority or medium priority queues Priority is specified using route policy which can be matched based on IP addresses or route tags During SPF a prefix is checked against the specified route policy and is assigned to the appropriate RIB batch priority queue These are examples of this scenario If only high priority route policy is specified and no route policy is ...

Page 292: ...g in millisecond intervals and to potentially delay SPF calculations during network instability SPF is scheduled to calculate the Shortest Path Tree SPT when there is a change in topology One SPF run may include multiple topology change events The interval at which the SPF calculations occur is chosen dynamically and based on the frequency of topology changes in the network The chosen interval is ...

Page 293: ...ability of line cards to remain up through a failover and to be kept current with the Forwarding Information Base FIB on the active RP is key to Cisco IOS XR Software NSF operation Routing protocols such as OSPF run only on the active RP or DRP and receive routing updates from their neighbor routers When an OSPF NSF capable router performs an RP failover it must perform two tasks to resynchronize ...

Page 294: ...e RIB It tries to bring up full adjacencies with the fully adjacent neighbors that OSPFv3 had before the restart Eventually the OSPFv3 process indicates to the RIB that it has converged either for the purpose of terminating the graceful restart for any reason or because it has completed the graceful restart The following are general details about restart mode More detailed information on behavior ...

Page 295: ... the OSPFv3 operation is completely disabled This is accomplished by flushing self originated link state advertisements LSAs immediately bringing down local OSPFv3 supported interfaces and clearing the Link State Database LSDB The non local LSDB entries are removed by OSPFv3 These are not flooded MaxAged The protocol shutdown mode can be invoked either manually through the protocol shutdown comman...

Page 296: ...r OSPFv3 neighbor information and database information are not check pointed An OSPFv3 process rebuilds adjacencies after it restarts To ensure consistent databases after a restart the OSPFv3 configuration must be identical to the configuration before the restart This requirement applies to self originated information in the local database A graceful restart can fail if configurations change durin...

Page 297: ...impact Routing protocol interactions between routers are not impacted by NSR NSR is built on the warm standby extensions NSR alleviates the requirement for Cisco NSF and IETF graceful restart protocol extensions It is recommended to set the hello timer interval to the default of 10 seconds OSPF sessions may flap during switchover if hello interval timer configured is less then default value Note W...

Page 298: ...pe You can configure multi area adjacency on any interface where only two OSF speakers are attached In the case of native broadcast networks the interface must be configured as an OPSF point to point type using the network point to point command to enable the interface for a multi area adjacency Inherits the Bidirectional Forwarding Detection BFD characteristics from its primary interface BFD is n...

Page 299: ...iner of keys called a keychain with each key comprising the following attributes generate accept time key identification and authentication algorithm GTSM TTL Security Mechanism for OSPF OSPF is a link state protocol that requires networking devices to detect topological changes in the network flood Link State Advertisement LSA updates to neighbors and quickly converge on a new view of the topolog...

Page 300: ...ation Element feature see the Implementing MPLS Traffic Engineering on module of the MPLS Configuration Guide for Cisco NCS 6000 Series Routers and the following IETF drafts draft ietf ospf cap 09 draft ietf pce disco proto ospf 00 OSPF Queue Tuning Parameters The OSPF queue tuning parameters configuration allows you to Limit the number of continuous incoming events processed Set the maximum numbe...

Page 301: ...MPs These paths are guaranteed to be loop free Users can send some portion of the traffic down these paths to better utilize the available bandwidth However the UCMP paths are not discovered by the traditional Dijkstra calculation Additional computation is required to discover these paths Unequal Cost Multipath Load balancing for OSPF The unequal cost multipath UCMP load balancing adds the capabil...

Page 302: ...ation is started Use the UCMP delay interval command to configure the delay between primary SPF completion and start of UCMP computation UCMP computation will be done during the fast re route computation IPFRR does not need to be enabled for UCMP computation to be performed If IPFRR is enabled the fast re route backup paths will be calculated for both the primary equal cost multipath ECMP paths an...

Page 303: ...config ospf router id 192 168 4 3 Enters area configuration mode and configures an area for the OSPF process area area id Example Step 4 Backbone areas have an area ID of 0 RP 0 RP0 CPU0 router config ospf area 0 Nonbackbone areas have a nonzero area ID The area id argument can be entered in dotted decimal or IPv4 address notation such as area 1000 or area 0 0 3 232 However you must choose one for...

Page 304: ...d router id 4 area area id 5 Do one of the following stub no summary nssa no redistribution default information originate no summary 6 Do one of the following stub nssa 7 default cost cost 8 commit 9 Repeat this task on all other routers in the stub area or NSSA DETAILED STEPS Purpose Command or Action configure Step 1 Enables OSPF routing for the specified routing process and places the router in...

Page 305: ...nssa no redistribution default information originate no summary keyword prevents the ABR from sending summary link state advertisements Type 3 in the stub area Example RP 0 RP0 CPU0 router config ospf ar stub no summary or Defines an area as an NSSA or RP 0 RP0 CPU0 router config ospf ar nssa no redistribution Optional Turns off the options configured for stub and NSSA areas Do one of the followin...

Page 306: ...er or fully meshed network SUMMARY STEPS 1 configure 2 Do one of the following router ospf process name router ospfv3 process name 3 router id router id 4 area area id 5 network broadcast non broadcast point to multipoint non broadcast point to point 6 dead interval seconds 7 hello interval seconds 8 interface type interface path id 9 Do one of the following neighbor ip address priority number pol...

Page 307: ... router ID Note RP 0 RP0 CPU0 router config ospf router id 192 168 4 3 Enters area configuration mode and configures an area for the OSPF process area area id Example Step 4 The example configures a backbone area RP 0 RP0 CPU0 router config ospf area 0 The area id argument can be entered in dotted decimal or IPv4 address notation such as area 1000 or area 0 0 3 232 However you must choose one form...

Page 308: ...nk local IPv6 address of OSPFv3 neighbors The ipv6 link local address argument must be in the form documented in RFC 2373 in which the Example address is specified in hexadecimal using 16 bit values between colons RP 0 RP0 CPU0 router config ospf ar if neighbor 10 20 20 1 priority 3 poll interval 15 The priority keyword notifies the router that this neighbor is eligible to become a DR or BDR The o...

Page 309: ...s neighbor ipv6 link local address priority number poll interval seconds cost number database filter all The ipv6 link local address argument must be in the form documented in RFC 2373 in which the Example address is specified in hexadecimal using 16 bit values between colons RP 0 CPU0 router config ospf ar neighbor 10 34 16 6 The priority keyword notifies the router that this neighbor is eligible...

Page 310: ...Hierarchical CLI and CLI Inheritance on page 260 for more information about hierarchy and inheritance Note Before you begin If you choose to configure authentication you must first decide whether to configure plain text or MD5 authentication and whether the authentication applies to all interfaces in a process an entire area or specific interfaces See Route Authentication Methods for OSPF on page ...

Page 311: ...ation message digest Specifies the MD5 authentication key for the OSPF process message digest key key id md5 key clear key encrypted key LINE Step 5 Example The neighbor routers must have the same key identifier RP 0 RP0 CPU0 router config ospf message digest key 4 md5 yourkey Enters area configuration mode and configures a backbone area for the OSPF process area area id Example Step 6 RP 0 RP0 CP...

Page 312: ...onbackbone area 1 specified in Step 7 interface type interface path id Example RP 0 RP0 CPU0 router config ospf ar interface GigabitEthernet 0 1 0 0 Step 12 All interfaces configured inherit the authentication parameter values configured for area 1 Repeat Step 12 for each interface that must communicate using the same authentication Step 13 Enters interface configuration mode and associates one or...

Page 313: ... 2 router ospf process name or router ospfv3 process name Enables OSPFv3 routing for the specified routing process and places the router in router ospfv3 configuration mode Example RP 0 RP0 CPU0 router router config router ospf 1 The process name argument is any alphanumeric string no longer than 40 characters Note or RP 0 RP0 CPU0 router config router ospfv3 1 Configures a router ID for the OSPF ...

Page 314: ...d with MD5 Authentication for OSPF Version 2 Example on page 339 Note Before you begin The following prerequisites must be met before creating a virtual link with MD5 authentication to area 0 You must have the router ID of the neighbor router at the opposite end of the link to configure the local router You can execute the show ospf or show ospfv3 command on the remote router to get its router ID ...

Page 315: ...ied for the virtual link on this router 10 commit 11 Do one of the following show ospf process name area id virtual links show ospfv3 process name virtual links DETAILED STEPS Purpose Command or Action Optional Displays general information about OSPF routing processes Do one of the following Step 1 show ospf process name The output displays the router ID of the local router You need this router ID...

Page 316: ...e recommend using the IPv4 address notation Defines an OSPF virtual link virtual link router id Step 6 Example See RRP 0 CPU0 router config ospf ar virtual link 10 3 4 5 Selects MD5 authentication for this virtual link authentication message digest Example Step 7 RP 0 CPU0 router config ospf ar vl authentication message digest Defines an OSPF virtual link message digest key key id md5 key clear ke...

Page 317: ...000 1 Run as demand circuit DoNotAge LSA allowed Transit area 0 1 20 255 via interface GigabitEthernet 0 1 0 1 Cost of using 2 Transmit Delay is 5 sec State POINT_TO_POINT Timer intervals configured Hello 10 Dead 40 Wait 40 Retransmit 5 Hello due in 00 00 02 Adjacency State FULL Hello suppressed Index 0 2 3 retransmission queue length 0 number of retransmission 1 First 0 0 0 0 0 0 Next 0 0 0 0 0 0...

Page 318: ...in router configuration mode Do one of the following Step 2 router ospf process name or router ospfv3 process name Enables OSPFv3 routing for the specified routing process and places the router in router ospfv3 configuration mode Example RP 0 RP0 CPU0 router config router ospf 1 The process name argument is any alphanumeric string no longer than 40 characters Note or RP 0 RP0 CPU0 router config ro...

Page 319: ...In the second example two or more IPv4 interfaces are covered by a 192 x x network Enters interface configuration mode and associates one or more interfaces to the area interface type interface path id Example Step 6 RP 0 RP0 CPU0 router config ospf ar interface GigabitEthernet 0 2 0 3 commit Step 7 Redistribute Routes into OSPF This task redistributes routes from an IGP could be a different OSPF ...

Page 320: ...outing domain redistribute protocol process id level 1 level 1 2 level 2 metric metric value metric type Step 4 type value match external 1 2 tag tag value route policy policy name or Redistributes OSPFv3 routes from one routing domain to another routing domain Example RP 0 RP0 CPU0 router config ospf redistribute bgp 100 This command causes the router to become an ASBR by definition or OSPF tags ...

Page 321: ... in LSAs RP 0 RP0 CPU0 router config router summary prefix 2010 11 22 32 In the OSPFv2 example the summary address 10 1 0 0 includes address 10 1 1 0 10 1 2 0 10 1 3 0 and so on Only the address 10 1 0 0 is advertised in an external LSA In the OSPFv3 example the summary address 2010 11 22 32 has addresses such as 2010 11 22 0 1000 1 2010 11 22 0 2000 679 1 and so on Only the address 2010 11 22 32 ...

Page 322: ... a stable IPv4 address as the router ID Note RP 0 RP0 CPU0 router config ospf router id 192 168 4 3 Sets SPF throttling timers timers throttle spf spf start spf hold spf max wait Example Step 4 RP 0 RP0 CPU0 router config ospf timers throttle spf 10 4800 90000 Enters area configuration mode and configures a backbone area area area id Example Step 5 The area id argument can be entered in dotted dec...

Page 323: ... schedule delay 5 msecs Minimum hold time between two consecutive SPFs 100 msecs Maximum wait time between two consecutive SPFs 1000 msecs Minimum LSA interval 5 secs Minimum LSA arrival 1 secs Number of external LSA 0 Checksum Sum 00000000 Number of opaque AS LSA 0 Checksum Sum 00000000 Number of DCbitless external and opaque AS LSA 0 Number of DoNotAge external and opaque AS LSA 0 Number of area...

Page 324: ... nsf cisco enforce global 5 nsf interval seconds 6 nsfflush delay timeseconds 7 nsflifetimeseconds 8 nsfietf 9 commit DETAILED STEPS Purpose Command or Action configure Step 1 Enables OSPF routing for the specified routing process and places the router in router configuration mode router ospf process name Example Step 2 The process name argument is any alphanumeric string no longer than 40 charact...

Page 325: ... seconds nsfflush delay timeseconds Example Step 6 RP 0 RP0 CPU0 router config ospf nsf flush delay time 1000 Sets the maximum route lifetime of NSF following a restart in seconds nsflifetimeseconds Example Step 7 RP 0 RP0 CPU0 router config ospf nsf lifetime 90 Enables ietf graceful restart nsfietf Example Step 8 RP 0 RP0 CPU0 router config ospf nsf ietf commit Step 9 Configuring OSPF Version 2 f...

Page 326: ...outer ID for the OSPF process router id router id Step 3 Example We recommend using a stable IPv4 address as the router ID Note RP 0 RP0 CPU0 router config ospf router id 192 168 4 3 Optional Specifies that the traffic engineering router identifier for the node is the IP address associated with a given interface mpls traffic eng router id interface type interface instance Example Step 4 This IP ad...

Page 327: ...d Example Step 7 RP 0 RP0 CPU0 router config ospf ar interface interface loopback0 commit Step 8 Optional Displays information about the links and fragments available on the local router for MPLS TE show ospf process name area id mpls traffic eng link fragment Example Step 9 RP 0 RP0 CPU0 router show ospf 1 0 mpls traffic eng link Examples This section provides the following output examples Sample...

Page 328: ...ty 3 25000000 Priority 4 25000000 Priority 5 25000000 Priority 6 25000000 Priority 7 25000000 Sub pool unreserved BW Priority 0 3125000 Priority 1 3125000 Priority 2 3125000 Priority 3 3125000 Priority 4 3125000 Priority 5 3125000 Priority 6 3125000 Priority 7 3125000 Affinity Bit 0 In the following example the show ospf mpls traffic eng XR EXEC command verifies that the MPLS TE links on area inst...

Page 329: ...SPFv3 Graceful Restart This task explains how to configure a graceful restart for an OSPFv3 process This task is optional SUMMARY STEPS 1 configure 2 router ospfv3 process name 3 graceful restart 4 graceful restart lifetime 5 graceful restart interval seconds 6 graceful restart helper disable 7 commit 8 show ospfv3 process name area id database grace DETAILED STEPS Purpose Command or Action config...

Page 330: ...tasks you can use to display information about a graceful restart To see if the feature is enabled and when the last graceful restart ran use the show ospf command To see details for an OSPFv3 instance use the show ospfv3 process name area id database grace command Displaying the State of the Graceful Restart Feature The following screen output shows the state of the graceful restart capability on...

Page 331: ...000006 1 PO0 2 0 0 2 2 2 2 2007 0x80000006 1 PO0 2 0 0 Intra Area Prefix Link States Area 0 ADV Router Age Seq Link ID Ref lstype Ref LSID 1 1 1 1 180 0x80000006 0 0x2001 0 2 2 2 2 2007 0x80000006 0 0x2001 0 Grace Type 11 Link States Area 0 ADV Router Age Seq Link ID Interface 2 2 2 2 2007 0x80000005 1 PO0 2 0 0 Enabling Nonstop Routing for OSPFv2 This optional task describes how to enable nonstop...

Page 332: ...sary data and states to continue running and does not require any help from its neighbors Step 1 configure Enter the global configuration mode Step 2 router ospfv3 instance id Example RP 0 RP0 CPU0 router config router ospfv3 isp Enable OSPF routing for the specified routing process In this example the OSPF instance is called isp Step 3 nsr Example RP 0 RP0 CPU0 router config ospfv3 nsr Enable NSR...

Page 333: ... name if destination in prefix set name then set spf priority critical high medium endif Step 3 Example RP 0 RP0 CPU0 router route policy ospf spf priority RP 0 RP0 CPU0 router config rpl if destination in ospf critical prefixes then set spf priority critical endif RP 0 RP0 CPU0 router config rpl end policy Enters Router OSPF configuration mode Use one of these commands Step 4 router ospf ospf nam...

Page 334: ...ate multiple areas on an OSPF primary interface Before you begin You can configure multi area adjacency on any interface where only two OSF speakers are attached In the case of native broadcast networks the interface must be configured as an OPSF point to point type using the network point to point command to enable the interface for a multi area adjacency Note SUMMARY STEPS 1 configure 2 router o...

Page 335: ...mode and configures an area used for multiple area adjacency area area id Example Step 5 The area id argument can be entered in dotted decimal or IPv4 address notation such as area RP 0 RP0 CPU0 router config ospf area 1 1000 or area 0 0 3 232 However you must choose one form or the other for an area We recommend using the IPv4 address notation Enables multiple adjacencies for different OSPF areas...

Page 336: ...pf mpls ldp auto config commit Step 4 Configuring LDP IGP Synchronization OSPF Perform this task to configure LDP IGP Synchronization under OSPF By default there is no synchronization between LDP and IGPs Note SUMMARY STEPS 1 configure 2 router ospf process name 3 Use one of the following commands mpls ldp sync area area id mpls ldp sync area area id interface name mpls ldp sync 4 commit DETAILED ...

Page 337: ... Routers SUMMARY STEPS 1 configure 2 router ospf process name 3 router id router id 4 area area id 5 interface type interface path id 6 authentication message digest keychain keychain 7 commit DETAILED STEPS Purpose Command or Action configure Step 1 Enables OSPF routing for the specified routing process and places the router in router configuration mode router ospf process name Example Step 2 The...

Page 338: ...configure the keychain ospf_intf_1 that contains five key IDs Each key ID is configured with different send lifetime values however all key IDs specify the same text string for the key key chain ospf_intf_1 key 1 send lifetime 11 30 30 May 1 2007 duration 600 cryptographic algorithm MD5T key string clear ospf_intf_1 key 2 send lifetime 11 40 30 May 1 2007 duration 600 cryptographic algorithm MD5 k...

Page 339: ...0 Accept lifetime Not configured Key 2 text 10411A0903281B051802157A cryptographic algorithm MD5 Send lifetime 11 40 30 01 May 2007 Duration 600 Accept lifetime Not configured Key 3 text 06091C314A71001711112D5A cryptographic algorithm MD5 Send lifetime 11 50 30 01 May 2007 Duration 600 Valid now Accept lifetime Not configured Key 4 text 151D181C0215222A3C350A73 cryptographic algorithm MD5 Send li...

Page 340: ...g adjacency changes detail The messages generated by neighbor changes are considered notifications which are categorized as severity Level 5 in the logging console command The logging console command controls which severity level of messages are sent to the console By default all severity level messages are sent Optional Configures NSF OSPF protocol nsf cisco enforce global ietf helper disable Ste...

Page 341: ...Ethernet0 5 0 0 is up line protocol is up Internet Address 120 10 10 1 24 Area 0 Process ID 1 Router ID 100 100 100 100 Network Type BROADCAST Cost 1 Transmit Delay is 1 sec State BDR Priority 1 TTL security enabled hop count 2 Designated Router ID 102 102 102 102 Interface address 120 10 10 3 Backup Designated router ID 100 100 100 100 Interface address 120 10 10 1 Flush timer for old DR LSA due ...

Page 342: ...outing table entries to an ABR and ASBR show ospf ospfv3 process name border routers router id Example Step 2 RP 0 RP0 CPU0 router show ospf group1 border routers Optional Displays the lists of information related to the OSPF database for a specific router show ospf ospfv3 process name database Example Step 3 The various forms of this command deliver information about different OSPF LSAs RP 0 RP0 ...

Page 343: ...e transitions clear ospf ospfv3 process name statistics neighbor type interface path id ip address Example Step 10 RP 0 RP0 CPU0 router clear ospf 100 statistics Configuring OSPF Queue Tuning Parameters The following procedures explain how to limit the number of continuous incoming events processed how to set the maximum number of rate limited link state advertisements LSAs processed per run how t...

Page 344: ...link state advertisements LSAs processed per shortest path first SPF run queue dispatch spf lsa limit count Example RP 0 RP0 CPU0 router queue dispatch spf lsa limit 2000 Step 5 Sets the high watermark for incoming priority events use the queue limit in router configuration mode queue limit high medium low count Example Step 6 RP 0 RP0 CPU0 router config ospf queue limit high 1000 Configuring IP F...

Page 345: ...rea interface type interface path id Example Step 4 RP 0 RP0 CPU0 router config ospf ar interface GigabitEternet0 5 0 0 Enables or disables per link LFA computation for the interface fast reroute per link enable disable Example Step 5 RP 0 RP0 CPU0 router config ospf ar fast reroute per link enable commit Step 6 Excluding an Interface From IP Fast Reroute Per link Computation SUMMARY STEPS 1 confi...

Page 346: ...terface type interface path id Example Step 5 RP 0 RP0 CPU0 router config ospf ar fast reroute per link exclude interface GigabitEternet0 5 0 1 commit Step 6 Enabling OSPF Interaction with SRMS Server To enable OSPF interaction with SRMS server SUMMARY STEPS 1 configure 2 router ospf instance id 3 segment routing mpls 4 segment routing forwarding mpls 5 segment routing prefix sid mapadvertise loca...

Page 347: ...erprefix list acl name Example Step 6 ACL is used OSPF signals the preference of SR labels over RP 0 RP0 CPU0 router config ospf segment routing sr prefer prefix list foo LDP labels for prefixes that match ACL If ACL is not used OSPF signals the preference of SR labels for all prefixes Example The following example shows how OSPF advertises local mapping entries using area flooding scope ipv4 pref...

Page 348: ...ote LFA path information 3 LDP establishes a session with the remote router to exchange labels for prefixes 4 LDP sets up MPLS forwarding for the protected prefix and the corresponding backup path 5 On link failure and fast reroute trigger the remote LFA backup path is activated with less than 50 millisecond convergence time 6 The backup path is active until the IGP converges to the new primary pa...

Page 349: ... loopback0 RP 0 RP0 CPU0 router config if ipv4 address 10 10 10 1 255 255 255 255 RP 0 RP0 CPU0 router config if no shutdown RP 0 RP0 CPU0 router config if exit 2 Configure OSPF RP 0 RP0 CPU0 router config router ospf rlfa RP 0 RP0 CPU0 router config ospf router id 10 1 1 1 RP 0 RP0 CPU0 router config ospf area 1 3 Add the configured interface s to OSPF and configure RLFA RP 0 RP0 CPU0 router conf...

Page 350: ...255 shutdown router ospf rlfa router id 10 1 1 1 microloop avoidance protected area 1 interface GigabitEthernet0 0 0 1 fast reroute per prefix remote lfa tunnel mpls ldp fast reroute per prefix remote lfa maximum cost 20 Sample Verification Outputs You can run the show commands mentioned in this section to verify whether RLFA is operational in your network This section lists the sample outputs tha...

Page 351: ...rom 192 168 0 145 via GigabitEthernet0 0 0 1 path id 2 Backup path Remote LFA 11 0 0 1 10 3 11 145 from 192 168 0 145 via GigabitEthernet0 0 0 2 protected bitmap 0x2 Attributes Metric 0 10 3 11 145 from 192 168 0 145 via GigabitEthernet0 0 0 2 path id 1 Backup path Remote LFA 11 0 0 2 10 3 10 145 from 192 168 0 145 via GigabitEthernet0 0 0 1 protected bitmap 0x1 Attributes Metric 0 FIB Verificatio...

Page 352: ...nterface Switched 16011 16001 10 1 1 1 32 SI0 2 CPU0 2 2 2 3 0 Updated Apr 29 14 25 09 770 Path Flags 0x400 BKUP IDX 1 0x1dc460cc Version 5 Priority 3 MAC Encaps 0 4 MTU 8000 Label Stack Top Bottom 16001 Packets Switched 0 16002 10 1 1 1 32 FI0 1 CPU0 1 1 1 2 0 16003 Updated Apr 29 14 25 09 770 Path Flags 0x300 IDX 1 BKUP REMOTE MAC Encaps 0 4 MTU 1500 Label Stack Top Bottom 16002 16003 Packets Sw...

Page 353: ...0 router show mpls ldp forwarding 10 1 1 1 32 Codes GR label recovering LFA FRR Pure Backup path Label stack with multi line output for a routing path G GR S Stale R Remote LFA FRR Backup Prefix Label Label Outgoing Next Hop Flags In Out Interface G S R 10 1 1 1 32 16001 16002 Gi0 0 0 1 12 1 0 2 16003 Gi0 0 0 2 13 1 0 3 G R 16004 4 4 4 4 G RP 0 RP0 CPU0 router show mpls ldp forwarding 10 1 1 1 32 ...

Page 354: ...0 0 2 nh 13 1 0 3 lbls 16003 16004 tun_id 0 flags 0x4008 Retain Remote Backup 0x8 Retain Backup RP 0 RP0 CPU0 router show mpls lsd forwarding labels 16001 detail In_Label ID Path_Info Type 16001 IPv4 default 4U 10 1 1 1 32 2 Paths 1 2 IPv4 rLFA default 4U Gi0 0 0 1 nh 12 1 0 2 lbl 16002 tun_id 0 flags 0x0 Protected path id 1 backup path id 33 2 2 IPv4 rLFA default 4U Gi0 0 0 2 nh 13 1 0 3 lbls 160...

Page 355: ...0002 00000001 PBTS 0 extra l3li 0 entry type FWD next ptr 0x00712426 is label 0 is label ptr 0 num of entries 1 tunnel_encap_ptr 0x00000000 next hop 180 4 0 2 TLU Channel 2 Addr 0x00712426 ENTRY 0 SW 00000008 00000000 03e82000 20460b00 HW 00000008 00000000 03e82000 20460b00 label1 16002 label2 16003 label 3 16009 num of labels 1 next ptr 0x0020460b frr Flags 0x28c New flag to indicate that LFA is ...

Page 356: ...o IOS XR Software area 0 must be explicitly configured with the area command and all interfaces that are in the range from 10 1 2 0 to 10 1 2 255 are bound to area 0 Interfaces are configured with the interface command while the router is in area configuration mode and the area keyword is not included in the interface statement Cisco IOS XR Software Configuration interface GigabitEthernet 0 3 0 0 ...

Page 357: ...interface GigabitEthernet 0 3 0 1 CLI Inheritance and Precedence for OSPF Version 2 Example The following example configures the cost parameter at different hierarchical levels of the OSPF topology and illustrates how the parameter is inherited and how only one setting takes precedence According to the precedence rule the most explicit configuration is used The cost parameter is set to 5 in router...

Page 358: ...cost 30 interface GigabitEthernet 0 1 0 3 interface GigabitEthernet 0 2 0 3 interface GigabitEthernet 0 3 0 3 cost 1 MPLS TE for OSPF Version 2 Example The following example shows how to configure the OSPF portion of MPLS TE However you still need to build an MPLS TE topology and create an MPLS TE tunnel See the MPLS Configuration Guide for Cisco NCS 6000 Series Routersfor information In this exam...

Page 359: ...nterface GigabitEthernet 0 2 0 1 area 1 stub interface GigabitEthernet 0 2 0 0 ABR Totally Stub Area for OSPFv3 Example The following example shows that area 1 is configured as a totally stub area router ospfv3 1 router id 10 0 0 217 area 0 interface GigabitEthernet 0 2 0 1 area 1 stub no summary interface GigabitEthernet 0 2 0 0 Configuring OSPF SPF Prefix Prioritization Example This example show...

Page 360: ... medium endif endif endif end policy OSPFv2 router ospf 1 spf prefix priority route policy ospf priority area 0 interface GigabitEthernet0 3 0 0 area 3 interface GigabitEthernet0 2 0 0 area 8 interface GigabitEthernet0 2 0 0 590 OSPFv3 router ospfv3 1 spf prefix priority route policy ospf priority area 0 interface GigabitEthernet0 3 0 0 area 3 interface GigabitEthernet0 2 0 0 area 8 interface Giga...

Page 361: ...f areas 0 and 1 and virtual links 10 0 0 217 and 10 0 0 212 ABR 1 Configuration router ospfv3 1 router id 10 0 0 217 area 0 interface GigabitEthernet 0 2 0 1 area 1 virtual link 10 0 0 212 interface GigabitEthernet 0 2 0 0 ABR 2 Configuration router ospfv3 1 router id 10 0 0 212 area 0 interface GigabitEthernet 0 3 0 1 area 1 virtual link 10 0 0 217 interface GigabitEthernet 0 2 0 0 Virtual Link C...

Page 362: ...hernet 0 9 0 0 OSPF Queue Tuning Parameters Configuration Example The following example shows how to configure the OSPF queue tuning parameters router ospf 100 queue dispatch incoming 30 queue limit high 1500 queue dispatch rate limited lsa 1000 queue dispatch spf lsa limit 2000 Where to Go Next To configure route maps through the RPL for OSPF Version 2 see Implementing Routing Policy on module To...

Page 363: ...for Path Computation Element PCE draft ietf pce disco proto ospf 08 txt LDP IGP Synchronization draft ietf mpls igp sync 00 txt OSPFv3 Graceful Restart draft ietf ospf ospfv3 graceful restart 07 txt MIBs MIBs Link MIBs To locate and download MIBs for selected platforms Cisco IOS releases and feature sets use Cisco MIB Locator found at the following URL http www cisco com go mibs RFCs Title RFCs Th...

Page 364: ...es RFC 4136 Label Switched Paths LSP Hierarchy with Generalized Multi Protocol Label Switching GMPLS Traffic Engineering TE RFC 4206 Protocol Extensions for Support of Diffserv aware MPLS Traffic Engineering RFC 4124 OSPF Version 2 Management Information Base RFC 4750 OSPF Out of Band Link State Database LSDB Resynchronization RFC 4811 OSPF Restart Signaling RFC 4812 OSPF Link Local Signaling RFC ...

Page 365: ... of pages of searchable technical content including links to products technologies solutions technical tips and tools Registered Cisco com users can log in from this page to access even more content Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 343 Implementing OSPF Additional References ...

Page 366: ...Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 344 Implementing OSPF Additional References ...

Page 367: ...dditional References on page 350 Prerequisites for IPv4 IPv6 Loop Free Alternate Fast Reroute Loop Free Alternate LFA Fast Reroute FRR can protect paths that are reachable through an interface only if the interface is a point to point interface When a LAN interface is physically connected to a single neighbor you should configure the LAN interface as a point to point interface so that it can be pr...

Page 368: ... routing transition When a link or a router fails due to the loss of a physical layer signal initially only the neighboring routers are aware of the failure All other routers in the network are unaware of the nature and location of this failure until information about this failure is propagated through a routing protocol which may take several hundred milliseconds It is therefore necessary to arra...

Page 369: ... protocol computes repair paths for prefixes by implementing tiebreaking algorithms The end result of the computation is a set of prefixes with primary paths where some primary paths are associated with repair paths A tiebreaking algorithm considers LFAs that satisfy certain conditions or have certain attributes When there is more than one LFA configure the fast reroute per prefix command with the...

Page 370: ...re Example Step 1 RP 0 RP0 CPU0 router configure Enables IS IS routing for the specified routing instance and places the router in router configuration mode By router isis process id Example Step 2 default all IS IS instances are automatically at Level 1 RP 0 RP0 CPU0 router config if router isis core and Level 2 You can change this level by a particular routing instance using the is type router c...

Page 371: ...configuration mode address family ipv4 ipv6 unicast multicast Example Step 5 RP 0 RP0 CPU0 router config isis address family ipv4 unicast Configures a router to generate and accept wide link metrics only metric style wide Example Step 6 RP 0 RP0 CPU0 router config isis af metric style wide Exits router address family configuration mode and resets the router to router configuration mode exit Exampl...

Page 372: ...o implementing IPv4 IPv6 Loop Free Alternate Fast Reroute Related Documents Document Title Related Topic Routing Command Reference for Cisco NCS 6000 Series Routers IS IS commands Routing Command Reference for Cisco NCS 6000 Series Routers MPLS commands MIBs MIBs Link MIBs To locate and download MIBs using Cisco IOS XR software use the Cisco MIB Locator found at the following URL and choose a plat...

Page 373: ...rchable technical content including links to products technologies solutions technical tips and tools Registered Cisco com users can log in from this page to access even more content Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 351 Implementing IP Fast Reroute Loop Free Alternate Additional References ...

Page 374: ...Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 352 Implementing IP Fast Reroute Loop Free Alternate Additional References ...

Page 375: ...ng and Monitoring RIB This feature was introduced Release 5 0 0 Prerequisites for Implementing RIB on page 353 Information About RIB Configuration on page 354 How to Deploy and Monitor RIB on page 357 Configuring RCC and LCC on page 359 Configuration Examples for RIB Monitoring on page 360 Where to Go Next on page 362 Additional References on page 363 Prerequisites for Implementing RIB You must be...

Page 376: ...For example BGP routes are stored in the BGP RIB BRIB RIB processes are not responsible for the BRIB which are handled by BGP The table used by the line cards and RP to forward packets is called the Forwarding Information Base FIB RIB processes do not build the FIBs Instead RIB downloads the set of selected best routes to the FIB processes by the Bulk Content Downloader BCDL process onto each line...

Page 377: ...4_rib and ipv6_rib run on the RP card If process placement functionality is available and supported by multiple RPs in the router RIB processes can be placed on any available node RIB Statistics RIB supports statistics for messages requests flowing between the RIB and its clients Protocol clients send messages to the RIB for example route add route delete and next hop register and so on RIB also s...

Page 378: ...stalled in the RIB This problem typically happens as a result of a network misconfiguration However because the misconfiguration is across the network it is not possible to detect the problem at configuration time on any single router The quarantining mechanism detects mutually recursive routes and quarantines the last route that completes the mutual recursion The quarantined route is periodically...

Page 379: ... summarizes them checks for exact match and adds it to two queues soft or hard Each queue has a limit of 1000 error reports and there is no prioritization in the queue RCC LCC logs the same errors exact match from different nodes as one error RCC LCC compares the errors based on prefix label version number type of error etc On demand Scan In On demand Scan user requests scan through the command li...

Page 380: ...unicast routing table which can result in an extensive list depending on the configuration of the network Disabling RIB Next hop Dampening Perform this task to disable RIB next hop dampening SUMMARY STEPS 1 router rib 2 address family ipv4 ipv6 next hop dampening disable 3 commit DETAILED STEPS Purpose Command or Action Enters RIB configuration mode router rib Example Step 1 RP 0 RP0 CPU0 router r...

Page 381: ...scan Use the period option to control how often the verification be triggered Use one of these commands Step 2 rcc ipv4 ipv6 unicast enable period milliseconds Each time the scan is triggered verification is resumed from where it was left out and one buffer s worth of routes or labels are sent to the forwarding information base FIB lcc ipv4 ipv6 unicast enable period milliseconds Example RP 0 RP0 ...

Page 382: ...the show commands used to monitor that activity Output of show route Command Example The following is sample output from the show route command when entered without an address show route Codes C connected S static R RIP M mobile B BGP D EIGRP EX EIGRP external O OSPF IA OSPF inter area N1 OSPF NSSA external type 1 N2 OSPF NSSA external type 2 E1 OSPF external type 1 E2 OSPF external type 2 E EGP i...

Page 383: ...ric 0 connected Routing Descriptor Blocks 10 12 12 1 directly connected via GigabitEthernet3 0 Route metric is 0 Output of show route connected Command Example The following is sample output from the show route connected command show route connected C 10 2 210 0 24 is directly connected 1d21h Ethernet0 C 172 20 16 0 24 is directly connected 1d21h ATM4 0 1 C 10 6 100 0 24 is directly connected 1d21...

Page 384: ...ectly connected 00 00 24 Loopback0 S 172 16 9 0 32 is directly connected 00 00 24 Loopback0 Output of show route next hop Command Example The following is sample output from the show route resolving next hop command show route resolving next hop 10 0 0 1 Nexthop matches 0 0 0 0 0 Known via static distance 200 metric 0 candidate default path Installed Aug 18 00 59 04 448 Directly connected nexthops...

Page 385: ...isting RFCs has not been modified by this feature MIBs MIBs Link M I B To locate and download MIBs for selected platforms Cisco IOS releases and feature sets use Cisco MIB Locator found at the following URL http www cisco com go mibs Technical Assistance Link Description http www cisco com support The Cisco Support website provides extensive online resources including documentation and tools for t...

Page 386: ...Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 364 Implementing and Monitoring RIB Additional References ...

Page 387: ... module To locate documentation for other commands that might appear while performing a configuration task search online in the Note Feature History for Implementing RIP This feature was introduced Release 5 0 0 Prerequisites for Implementing RIP on page 365 Information About Implementing RIP on page 366 How to Implement RIP on page 371 Configuration Examples for Implementing RIP on page 377 Addit...

Page 388: ...o an unreachable network has a metric of 16 This small range of metrics makes RIP an unsuitable routing protocol for large networks Routing information updates are advertised every 30 seconds by default and new updates discovered from neighbor routers are stored in a routing table Only RIP Version 2 RIP v2 as specified in RFC 2453 is supported on Cisco IOS XR software and by default the software o...

Page 389: ...onds during which routing information regarding better paths is suppressed The amount of time in seconds that must pass before a route is removed from the RIP topology table The amount of time delay between RIP update packets The first four timer adjustments are configurable by the timers basic command The output delay command changes the amount of time delay between RIP update packets See Customi...

Page 390: ...through the RIP network For complex cases in which you must consider routing loops incompatible routing information and inconsistent convergence time you must determine why these problems occur by examining how Cisco routers select the best path when more than one routing protocol is running administrative cost Default Administrative Distances for RIP Administrative distance is used as a measure o...

Page 391: ...ow a comma separator in a named AS path set community set extended community set or prefix set A new line must appear at the end of a logical unit of policy expression and may not appear anywhere else Authentication Using Keychain in RIP Authentication using keychain in Cisco IOS XR Routing Information Protocol RIP provides mechanism to authenticate all RIP protocol traffic on RIP interface based ...

Page 392: ... Outgoing packets will be sent without any authentication data In bound RIP Traffic on an Interface These are the verification criteria for all in bound RIP packets on a RIP interface when the interface is configured with a keychain Then If The packet is dropped A RIP component level debug message is be logged to provide the specific details of the authentication failure The keychain configured on...

Page 393: ... RIP This section contains instructions for the following tasks To save configuration changes you must commit changes when the system prompts you Note Enabling RIP This task enables RIP routing and establishes a RIP routing process Before you begin Although you can configure RIP before you configure an IP address no RIP routing occurs until at least one IP address is configured SUMMARY STEPS 1 con...

Page 394: ...rface type interface path id Example Step 5 RP 0 RP0 CPU0 router config rip interface GigabitEthernet 0 1 0 0 Optional Configures an interface to accept packets that are receive version 1 2 1 2 Example Step 6 Only RIP v1 RP 0 RP0 CPU0 router config rip if receive version 1 2 Only RIP v2 Both RIP v1 and RIP v2 Optional Configures an interface to send packets that are send version 1 2 1 2 Step 7 Exa...

Page 395: ...bnet and host routing information across classful network boundaries Note Optional Adjusts RIP network timers timers basic update invalid holddown flush Step 4 Example To view the current and default timer values view output from the show rip command Note RP 0 RP0 CPU0 router config rip timers basic 5 15 15 30 Optional Changes the interpacket delay for the RIP updates sent output delay delay Examp...

Page 396: ...verse commit Step 11 Control Routing Information This task describes how to control or prevent routing update exchange and propagation Some reasons to control or prevent routing updates are To slow or stop the update traffic on a WAN link If you do not control update traffic on an on demand WAN link the link remains up constantly By default RIP routing updates occur every 30 seconds To prevent rou...

Page 397: ...P routing protocol runs interface type interface path id Example Step 4 RP 0 RP0 CPU0 router config rip interface GigabitEthernet 0 1 0 0 Optional Suppresses the sending of RIP updates on an interface but not to explicitly configured neighbors passive interface Example Step 5 RP 0 RP0 CPU0 router config rip if passive interface Optional Returns the router to the next higher configuration mode exit...

Page 398: ...nt followed by a sequence of optional policy statements and then closes with the end policy command A route policy is not useful until it is applied to routes of a routing protocol SUMMARY STEPS 1 configure 2 route policy name 3 set rip metric number 4 end policy 5 commit 6 configure 7 router rip 8 route policy route policy name in out 9 commit DETAILED STEPS Purpose Command or Action configure St...

Page 399: ...Example Step 8 RP 0 RP0 CPU0 router config rip route policy rp1 in commit Step 9 Configuration Examples for Implementing RIP This section provides the following configuration examples Configuring a Basic RIP Configuration Example The following example shows two Gigabit Ethernet interfaces configured with RIP interface GigabitEthernet0 6 0 0 ipv4 address 172 16 0 1 255 255 255 0 interface GigabitEt...

Page 400: ...igabitEthernet0 6 0 0 route policy policy_in in interface GigabitEthernet0 6 0 2 route policy infil in route policy pass all out Configuring Passive Interfaces and Explicit Neighbors for RIP Example The following example shows how to configure passive interfaces and explicit neighbors When an interface is passive it only accepts routing updates In other words no updates are sent out of an interfac...

Page 401: ...lete command syntax command modes command history defaults usage guidelines and examples Implementing MPLS Traffic Engineering on module in the MPLS Configuration Guide for Cisco NCS 6000 Series Routers Site of Origin SoO support for RIP feature information Cisco IOS XR getting started documentation Configuring AAA Services on module in the System Security Configuration Guide for Cisco NCS 6000 Se...

Page 402: ...Version 2 RFC 2453 Technical Assistance Link Description http www cisco com techsupport The Cisco Technical Support website contains thousands of pages of searchable technical content including links to products technologies solutions technical tips and tools Registered Cisco com users can log in from this page to access even more content Routing Configuration Guide for Cisco NCS 6000 Series Route...

Page 403: ...d process these configurations and simplifies troubleshooting For more information about routing policy on the Cisco IOS XR software and complete descriptions of the routing policy commands listed in this module see the Related Documents on page 464 section of this module To locate documentation for other commands that might appear while performing a configuration task search online in the Note Fe...

Page 404: ...rence to the same set or policy that is getting removed The commit must be performed in two steps 1 Modify the policy to remove the reference to the policy or set and then commit 2 Remove the policy or set and commit Per vrf label mode is not supported for Carrier Supporting Carrier CSC network with internal and external BGP multipath setup Information About Implementing Routing Policy To implemen...

Page 405: ... data with the traditional Boolean logic operators AND OR and NOT into complex conditional expressions All matching operations return a true or false result The execution of these conditional expressions and their associated actions can then be controlled by using simple if then elseif and else structures which allow the evaluation paths through the policy to be fully specified by the user Routing...

Page 406: ...element entry element entry where element entry is an entry of an item appropriate to the type of usage such as a prefix or a community value The following is an example using an inline community set route policy sample inline if community matches any 10 15 100 then set local preference 100 endif end policy The following is an equivalent example using the named set test communities community set t...

Page 407: ...by using equivalent native as path match operations such as as path neighbor is as path originates from or as path passes through Note Inline Set Form The inline set form is a parenthesized list of comma separated expressions as follows ios regex _42 ios regex _127 This set matches the same AS paths as the previously named set but does not require the extra effort of creating a named set separate ...

Page 408: ... operators will evaluate to FALSE extcommunity set An extended community set is analogous to a community set except that it contains extended community values instead of regular community values It also supports named forms and inline forms There are three types of extended community sets cost soo and rt As with community sets the inline form supports parameterization within parameterized policies...

Page 409: ...nity set rt a_rt_set 1 2 3 4 666 1234 666 1 2 3 4 777 4567 777 end set Inline Set Form for Extcommunity set RT 1 2 3 4 666 1234 666 1 2 3 4 777 4567 777 ipadrr 666 1234 tag 1 2 3 4 777 tag2 777 These options are supported under extended community set RT RP 0 RP0 CPU0 router config extcommunity set rt rt_set RP 0 RP0 CPU0 router config ext remark Remark beginning with Wildcard any community or part...

Page 410: ...ed community type communities extcommunity set soo a_soo_set 1 1 1 100 100 200 end set These options are supported under extended community set Soo RP 0 RP0 CPU0 router config extcommunity set soo soo_set RP 0 RP0 CPU0 router config ext remark Remark beginning with Wildcard any community or part thereof 1 4294967295 32 bit decimal number 1 65535 16 bit decimal number A B C D M N Extended community...

Page 411: ...nd optional mask length and is expressed as the keyword ge mnemonic for greater than or equal to followed by a nonnegative decimal integer in the range from 0 to 32 0 to 128 for IPv6 The optional maximum matching length follows the rest and is expressed by the keyword le mnemonic for less than or equal to followed by yet another nonnegative decimal integer in the range from 0 to 32 0 to 128 for IP...

Page 412: ... le 28 end set Neither the minimum length nor maximum length is valid without a mask length For IPv4 the minimum length must be less than 32 the maximum length of an IPv4 prefix For IPv6 the minimum length must be less than 128 the maximum length of an IPv6 prefix The maximum length must be equal to or greater than the minimum length Enhanced Prefix length Manipulation The enhanced prefix length m...

Page 413: ... defining modifying and using policies the configuration front end policy repository execution engine and policy clients themselves The configuration front end CLI is the mechanism to define and modify policies This configuration is then stored on the router using the normal storage means and can be displayed using the normal configuration show commands The second component of the policy infrastru...

Page 414: ...explicitly rejects all routes presented to it This type of policy is used to ignore everything coming from a specific peer route policy quickstart drop drop end policy Ignore Routes with Specific AS Numbers in the Path The following example shows the policy definition in three parts First the as path set command defines three regular expressions to match against an AS path Second the route policy ...

Page 415: ...f the community values are present in the route the route policy sets the local preference attribute of the route to 31 In any case the policy instructs the protocol to accept the route community set quickstart communities 987 654 987 543 987 321 987 210 end set route policy quickstart localpref if community matches any quickstart communities then set local preference 31 endif pass end policy Pers...

Page 416: ...nity set extended community set or prefix set One or more new lines can follow an action statement One or more new lines can follow a comma separator in a named AS path set community set extended community set or prefix set A new line must appear at the end of a logical unit of policy expression and may not appear anywhere else Policy Definitions Policy definitions create named sequences of policy...

Page 417: ... to define a parameterized policy named param example In this case the policy takes one parameter mytag Parameters always begin with a dollar sign and consist otherwise of any alphanumeric characters Parameters can be substituted into any attribute that takes a parameter In the following example a 16 bit community tag is used as a parameter route policy param example mytag set community 1234 mytag...

Page 418: ...y alphanumeric characters Parameters can be substituted into any attribute that takes a parameter In this example we are passing a MED value and prefix set name as parameters route policy param example mymed prefixset if destination in prefixset then set med mymed endif end policy This parameterized policy can then be reused with different parameterizations as shown in the example below In this ma...

Page 419: ...ing expression med eq 10 and not destination in 10 1 3 0 24 or community matches any 10 25 35 if fully parenthesized to display the order of evaluation would look like this med eq 10 and not destination in 10 1 3 0 24 or community matches any 10 25 35 The inner NOT applies only to the destination test the AND combines the result of the NOT expression with the Multi Exit Discriminator MED test and ...

Page 420: ...munity 10 23 set community 10 24 additive set community 10 25 additive end policy This policy sets the community string on the route to contain all three community values 10 23 10 24 and 10 25 The second of these cases is AS path prepending Consider a policy of the form route policy prepend example prepend as path 2 5 3 prepend as path 666 5 2 end policy This policy prepends 666 5 666 5 2 5 2 5 2 ...

Page 421: ... one apply two end policy It may appear that policy one drops all routes because it neither contains an explicit pass statement nor modifies a route attribute However the applied policy does set an attribute for some routes and this disposition is passed along to policy one The result is that policy one passes routes with destinations in network 10 and drops all others Control Flow Policy statemen...

Page 422: ...low You can build configurations that reference sets or policy blocks that are not yet defined and then can later fill in those undefined policies and sets thereby achieving much greater flexibility in policy definition Every piece of policy you want to reference while defining a policy need not exist in the configuration Thus a user can define a policy sample that references the policy bar using ...

Page 423: ...bute level and OSPF attribute cost The system allows you to define such a policy but it does not allow you to attach such a policy If you had defined the policy bad and then attempted to attach it as an inbound BGP policy using the BGP configuration statement neighbor 1 2 3 4 address family ipv4 unicast route policy bad in the system would reject this configuration attempt This rejection results f...

Page 424: ...end of execution Note The pass statement allows a policy to continue executing even though the route has not been modified When a policy has finished executing any route that has been modified in the policy or any route that has received a pass disposition in the policy successfully passes the policy and completes the execution If route policy B_rp is applied within route policy A_rp execution con...

Page 425: ...pplied policy were copied into the right place in the applying policy and then the same drop and pass semantics are put into effect For example policies ONE and TWO are equivalent to policy ONE PRIME route policy ONE apply two if as path neighbor is 123 then pass endif end policy route policy TWO if destination in 10 0 0 0 16 le 32 then drop endif end policy route policy ONE PRIME if destination i...

Page 426: ...uld be taken for the given route For example if as path in as path set 1 then drop endif The example indicates that any routes whose AS path is in the set as path set 1 are dropped The contents of the then clause may be an arbitrary sequence of policy statements The following example contains two action statements if origin is igp then set med 42 prepend as path 73 5 5 endif The CLI provides suppo...

Page 427: ... on a separate line Note Boolean Conditions In the previous section describing the if statement all of the examples use simple Boolean conditions that evaluate to either true or false RPL also provides a way to build compound conditions from simple conditions by means of Boolean operators Three Boolean operators exist negation not conjunction and and disjunction or In the policy language negation ...

Page 428: ... 24 and community matches any 12 34 56 78 The following is another example of a complex expression origin is igp or origin is incomplete or not med eq 42 and next hop in 10 0 2 2 The left conjunction is a compound condition enclosed in parentheses The first simple condition of the inner compound condition tests the value of the origin attribute if it is Interior Gateway Protocol IGP then the inner...

Page 429: ...e protocol uses unknown attributes then the protocol rejects the attachment For example OSPF rejects attachment of a policy that tests the values of BGP communities The situation is made more complex by the fact that each protocol has access to at least two distinct route types In addition to native protocol routes for example BGP or IS IS some protocol policy attach points operate on RIB routes w...

Page 430: ...others default endif end policy router bgp 2 address family ipv4 unicast bgp dampening route policy sample_damp Default Originate The default originate attach point allows the default route 0 0 0 0 0 to be conditionally generated and advertised to a peer based on the presence of other routes It accomplishes this configuration by evaluating the associated policy against routes in the Routing Inform...

Page 431: ... that pass the attached policy are passed to the BGP Routing Information Base BRIB as possible candidates for selection as best path routes When a BGP import policy is modified it is necessary to rerun all the routes that have been received from that peer against the new policy The modified policy may now discard routes that were previously allowed through allow through previously discarded routes...

Page 432: ...one by selecting the routes it wants to import from each protocol It then sets the OSPF parameters of cost and metric type The policy can control how the routes are injected into OSPF by using the set metric type or set ospf metric command The following example shows how to redistribute routes from IS IS instance instance_10 into OSPF instance 1 using the policy OSPF redist The policy sets the met...

Page 433: ...icy test2 route policy test2 if destination in 10 0 0 0 8 ge 8 le 32 then set med 333 endif end policy show bgp BGP router identifier 10 0 0 1 local AS number 2 BGP main routing table version 11 BGP scan interval 60 secs Status codes s suppressed d damped h history valid best i internal S stale Origin codes i IGP e EGP incomplete Network Next Hop Metric LocPrf Weight Path 10 0 0 0 10 0 1 2 10 0 3 ...

Page 434: ...le Import The import attach point provides control over the import of routes from the global VPN IPv4 table to a particular VPN routing and forwarding VRF instance For Layer 3 VPN networks provider edge PE routers learn of VPN IPv4 routes through the Multiprotocol Internal Border Gateway Protocol MP iBGP from other PE routers and automatically filters out route announcements that do not contain ro...

Page 435: ...previous conditions as well route policy bgpvrf_export if destination in 172 16 1 0 24 then set extcommunity rt 10 101 set weight 211 elseif origin is egp then set local preference 212 set extcommunity rt 10 101 endif set extcommunity rt 10 111222 additive end policy vrf vrf export address family ipv4 unicast export route policy bgpvrf export Allocate Label The allocate label attach point provides...

Page 436: ... BGP route updates using only prefix based matching In addition to using this as an inbound filter the prefixes and disposition drop or pass are sent to upstream neighbors as an Outbound Route Filter ORF to allow them to perform filtering The following example shows how to configure a route policy orf preset and apply it to the neighbor ORF attach point The prefix of the route is dropped if it mat...

Page 437: ... if destination in 10 0 0 0 8 and protocol in static connected then pass endif end policy router bgp 2 address family ipv4 unicast nexthop route policy nxthp_policy_A Clear Policy The clear policy attach point provides increased control based on various AS path match operations when using a clear bgp command This attach point is typically used to decide whether to clear BGP flap statistics based o...

Page 438: ...fore the debug output shows up only for that prefix route policy policy_b if destination in 10 0 0 0 8 then pass else drop endif end policy debug bgp update policy_b BGP Attributes and Operators This table summarizes the BGP attributes and operators per attach points Table 7 BGP Attributes and Operators Set Match Attribute Attach Point set path selection additional paths matches every is empty mat...

Page 439: ...in delete not in delete all is empty matches any matches every community n a in destination set set additive n a extcommunity cost set is eg ge le local preference set set set is eg ge le med n a in next hop set is origin n a in source suppress route n a suppress route set n a weight Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 417 Implementing Routing Policy ...

Page 440: ...mpty matches any matches every community n a in destination set n a label n a is ge le eq local preference n a is eg ge le med n a in next hop n a is origin n a in source n a in is local length neighbor is originates from passes through unique length as path clear policy Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 418 Implementing Routing Policy BGP Attribute...

Page 441: ...matches any matches every community set dampening To set values that control the dampening see Dampening on page 408 n a dampening n a in destination n a is eg ge le local preference n a is eg ge le med n a in next hop n a is origin n a in source n a in destination debug Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 419 Implementing Routing Policy BGP Attribute...

Page 442: ...tcommunity cost set n a extcommunity rt set n a extcommunity soo set n a local preference set set set assign igp n a med set set to peer address set to self n a next hop set n a origin n a in rib has route Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 420 Implementing Routing Policy BGP Attributes and Operators ...

Page 443: ...estination set set additive delete in delete not in delete all is empty matches any matches every matches within extcommunity rt set set additive delete in delete not in delete all is empty matches any matches every matches within extcommunity soo set is eg ge le local preference n a is eg ge le med n a in next hop n a is origin n a in source set n a weight Routing Configuration Guide for Cisco NC...

Page 444: ...mmunity n a in destination n a is empty matches any matches every matches within extcommunity rt n a is empty matches any matches every matches within extcommunity soo set is ge le eq local preference n a is eg ge le med set set peer address in next hop n a is origin n a in source set n a weight Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 422 Implementing Rou...

Page 445: ...every communitycommunity with peeras n a in destination set set additive n a extcommunity cost set additive delete in delete not in delete all is empty matches any matches every matches within extcommunity rt n a is empty matches any matches every matches within extcommunity soo set is ge le eq local preference set set set is eg ge le med set set peer address in next hop Routing Configuration Guid...

Page 446: ...elete not in delete all is empty matches any matches every communitycommunity with peeras n a in destination set set additive n a extcommunity cost set additive delete in delete not in delete all is empty matches any matches every matches within extcommunity rt n a is empty matches any matches every matches within extcommunity soo set is eg ge le local preference is eg ge le med Routing Configurat...

Page 447: ...s origin n a is path type n a in rd n a in source unsuppress route n a unsuppress route n a is weight n a in orf prefix neighbor orf Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 425 Implementing Routing Policy BGP Attributes and Operators ...

Page 448: ...set additive n a extcommunity cost set n a local preference set set set n a med set n a next hop set n a origin is route type n a is eg ge le tag set n a weight n a in destination next hop n a is in protocol Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 426 Implementing Routing Policy BGP Attributes and Operators ...

Page 449: ...l preference set set set n a med set n a next hop set n a origin n a is eq ge le rib metric n a route has label route has label n a is route type n a is eq ge le tag set n a weight n a is empty matches any matches every matches within extcommunity rt retain rt Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 427 Implementing Routing Policy BGP Attributes and Opera...

Page 450: ...ty matches any matches every community n a in destination n a is empty matches any matches every matches within extcommunity rt n a is empty matches any matches every matches within extcommunity soo n a is eg ge le med n a in next hop n a is origin n a in source Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 428 Implementing Routing Policy BGP Attributes and Ope...

Page 451: ...a configured igp cost to provide a source value Default Information Originate The default information originate attach point allows the user to conditionally inject the default route 0 0 0 0 0 into the OSPF link state database which is done by evaluating the attached policy If any routes in the local RIB pass the policy then the default route is inserted into the link state database The following ...

Page 452: ...Incoming packets for such are load balanced across the best path and the multi path s You can install the paths in the forwarding table that are not advertised to the peers The RR route reflector finds out the best path and multi path This way the route reflector uses different communities for best path and multi path This feature allows BGP to signal the local decision done by RR or Border Router...

Page 453: ...l how the routes are injected into OSPF by using the set metric type or set ospf metric command The following example shows how to redistribute routes from IS IS instance instance_10 into OSPF instance 1 using the policy OSPF redist The policy sets the metric type to type 2 for all redistributed routes IS IS routes with a tag of 10 have their cost set to 100 and IS IS routes with a tag of 20 have ...

Page 454: ...and hence increased control for filtering type 3 summary LSAs The following example shows how to configure the prefix for OSPF summary LSAs If the prefix matches any of 211 105 3 0 24 211 105 7 0 24 211 105 13 0 24 it is announced If the prefix matches any of 105 3 0 24 212 105 7 0 24 212 105 13 0 24 it is dropped and not announced route policy OSPF area out if destination in 211 105 3 0 24 211 10...

Page 455: ...rity n a is le ge eq tag OSPFv3 Policy Attach Points This section describes each of the OSPFv3 policy attach points and provides a summary of the OSPFv3 attributes and operators Default Information Originate The default information originate attach point allows the user to conditionally inject the default route 0 0 into the OSPFv3 link state database which is done by evaluating the attached policy...

Page 456: ... 2 for all redistributed routes BGP routes with a tag of 10 have their cost set to 100 and BGP routes with a tag of 20 have their OSPFv3 cost set to 200 Any BGP routes not carrying a tag of either 10 or 20 are not be redistributed into the OSPFv3 link state database route policy OSPFv3 redist set metric type type 2 if tag eq 10 then set extcommunity cost 100 elseif tag eq 20 then set extcommunity ...

Page 457: ... injected into and at what metric values The following describes an example Here routes from IS IS instance 1 are redistributed into IS IS instance instance_10 using the policy ISIS redist This policy sets the level to level 1 2 for all redistributed routes IS IS routes with a tag of 10 have their metric set to 100 and IS IS routes with a tag of 20 have their IS IS metric set to 200 Any IS IS rout...

Page 458: ...licy router isis instance_10 address family ipv4 unicast default information originate policy isis_originate Inter area propagate The inter area propagate attach point within IS IS allows the prefixes to be conditionally propagated from one level to another level within the same IS IS instance The following example shows how to allow prefixes to be leaked from the level 1 LSP into the level 2 LSP ...

Page 459: ...a isis metric set n a tag n a in destination inter area propagate EIGRP Policy Attach Points This section describes each of the EIGRP policy attach points and provides a summary of the EIGRP attributes and operators Default Accept In The default accept in attach point allows you to set and reset the conditional default flag for EIGRP routes by evaluating the attached policy The following example s...

Page 460: ...cy eigrp cd policy out Policy In The policy in attach point allows you to filter and modify inbound EIGRP routes This policy is applied to all interfaces for which there is no interface inbound route policy The following example shows the command under EIGRP router eigrp 100 address family ipv4 route policy global policy in in Policy Out The policy out attach point allows you to filter and modify ...

Page 461: ...family ipv4 interface GigabitEthernet0 2 0 3 route policy if filter policy out out Redistribute The redistribute attach point in EIGRP allows you to filter redistributed routes from other routing protocols and modify some routing parameters before installing the route in the EIGRP database The following example shows a policy filter redistribution of RIP routes into EIGRP router policy redistribut...

Page 462: ...add set n a eigrp metric set is eq ge le tag n a in destination if policy out n a in next hop n a is in protocol add set n a eigrp metric set is eq ge le tag n a in destination policy in n a in next hop add set n a eigrp metric set is eq ge le tag n a in destination policy out n a in next hop n a is in protocol add set n a eigrp metric set is eq ge le tag Routing Configuration Guide for Cisco NCS ...

Page 463: ... then the default route is inserted The following example shows how to generate a default route if any of the routes that match 10 0 0 0 8 ge 8 le 25 are present in the RIB route policy rip originate if rib has route in 10 0 0 0 8 ge 8 le 25 then pass endif end policy router rip default information originate route policy rip originate Redistribute The redistribution attach point within RIP allows ...

Page 464: ...ace Outbound The interface outbound attach point allows you to filter or update outbound RIP routes that match a route policy for a specific interface The following example shows how to filter outbound RIP routes that match the route policy for interface 0 2 0 1 router rip interface GigabitEthernet0 2 0 1 route policy rip out out Attached Policy Modification Policies that are in use do on occasion...

Page 465: ...cies and sets is enforced when a policy is attached Thus if a user attempts to attach the policy sample1 with the reference to an undefined policy sample2 at an inbound BGP policy using the statement neighbor 1 2 3 4 address family ipv4 unicast policy sample1 in the configuration attempt is rejected because the policy sample2 does not exist Editing Routing Policy Configuration Elements RPL is base...

Page 466: ...nd Ctrl S keystrokes To save and exit the editor use the Ctrl X and Ctrl C keystrokes When you quit the editor the buffer is committed If there are no parse errors the configuration is committed RP 0 RP0 CPU0 router edit route policy policy_A MicroEMACS 3 8b rpl_edit 139281 if destination in 2001 8 then drop endif end policy MicroEMACS 3 8b rpl_edit 139281 Parsing 83 bytes parsed in 1 sec 82 bytes...

Page 467: ...icable commands such as end policy or end set Alternatively the CLI interpreter allows you to use the exit command to complete a policy configuration block The abort command is used to discard the current policy configuration and return to XR Config mode Editing Routing Policy Language set elements Using XML RPL supports editing set elements using XML Entries can be appended prepended or deleted t...

Page 468: ...33 333 additive elseif destination in 10 10 0 0 16 then Only Policy Child A is pass set local pref 111 set community 333 444 additive From else block elseif as path originates from 222 then Only Policy Child B is pass set community 333 222 333 444 additive From else block else set community 333 444 additive From else block endif end policy Apply Conditions can be used with parameters and are suppo...

Page 469: ...minates execution at the drop statement itself without going through the statement list or the done statement the prefix will be rejected or dropped drop Statement list done drop followed by done Behavior of pass drop done RPL Statements for Hierarchical Policy Conditions This section describes the behavior of pass drop done RPL statements with a possible sequence for executing the done statement ...

Page 470: ...est multiple child policies for attachment to a common set of BGP neighbors The nested wildcard apply policy allows wildcard based apply nesting The wildcard operation permits declaration of a generic apply statement that calls all policies that contain a specific defined set of alphanumeric characters defined on the router A wildcard is specified by placing an asterisk at the end of the policy na...

Page 471: ...wildcards Use Wildcards for Prefix Sets Use the following example to configure a routing policy with wildcards for prefix sets 1 Configure the required prefix sets in the global configuration mode RP 0 RP0 CPU0 router config prefix set pfx_set1 RP 0 RP0 CPU0 router config pfx 1 2 3 4 32 RP 0 RP0 CPU0 router config pfx end set RP 0 RP0 CPU0 router config prefix set pfx_set2 RP 0 RP0 CPU0 router con...

Page 472: ...Wildcards for Community Sets Use the following example to configure a routing policy with wildcards for community sets 1 Configure the required community sets in the global configuration mode RP 0 RP0 CPU0 router config community set CSET1 RP 0 RP0 CPU0 router config comm 12 24 RP 0 RP0 CPU0 router config comm 12 36 RP 0 RP0 CPU0 router config comm 12 72 RP 0 RP0 CPU0 router config comm end set RP...

Page 473: ...sets and drops all other non matching routes 3 Commit your configuration RP 0 RP0 CPU0 router config commit This completes the configuration of routing policy with wildcards for extended community sets For detailed information on extended community path sets see extcommunity set on page 386 Use Wildcards for Route Distinguisher Sets Use the following example to configure a routing policy with wild...

Page 474: ...s for OSPF Area Sets Use the following example to configure a routing policy with wildcards for OSPF area sets 1 Configure the OSPF area set in the global configuration mode RP 0 RP0 CPU0 router config ospf area set ospf_area_set_demo1 RP 0 RP0 CPU0 router config ospf area 10 0 0 1 RP 0 RP0 CPU0 router config ospf area 3553 RP 0 RP0 CPU0 router config ospf area end set RP 0 RP0 CPU0 router config ...

Page 475: ...olicy with wildcards for OSPF area sets VRF Import Policy Enhancement The VRF RPL based import policy feature provides the ability to perform import operation based solely on import route policy by matching on route targets RTs and other criteria specified within the policy No need to explicitly configure import RTs under global VRF address family configuration mode If the import RTs and import ro...

Page 476: ...onfiguration mode route policy name parameter1 parameter2 parameterN Step 2 After the route policy has been entered a group of commands can be entered to define the route policy Example RP 0 RP0 CPU0 router config route policy sample1 Ends the definition of a route policy and exits route policy configuration mode end policy Example Step 3 RP 0 RP0 CPU0 router config rpl end policy commit Step 4 At...

Page 477: ...s neighbor ip address Example Step 3 RP 0 RP0 CPU0 router config bgp neighbor 10 0 0 20 Specifies the address family address family ipv4 ipv6 unicast Example Step 4 RP 0 RP0 CPU0 router config bgp nbr address family ipv4 unicast Attaches the route policy which must be well formed and predefined route policy policy name in out Example Step 5 RP 0 RP0 CPU0 router config bgp nbr af route policy examp...

Page 478: ...save and exit the editor use the Ctrl X and Ctrl C keystrokes After editing with Vim to write to a current file and exit use the wq or x or ZZ keystrokes To quit and confirm use the q keystrokes To quit and discard changes use the q keystrokes Optional Displays the configuration of a specific named route policy show rpl route policy name detail states brief Step 2 Example Use the detail keyword to...

Page 479: ... set community 2 100 additive endif end policy Simple Inbound Policy Example The following policy discards any route whose network layer reachability information NLRI specifies a prefix longer than 24 and any route whose NLRI specifies a destination in the address space reserved by RFC 1918 For all remaining routes it sets the MED and local preference and adds a community to the list in the route ...

Page 480: ...end The filter bogons building block is a simple policy that filters all undesirable routes such as those from the RFC 1918 address space The policy set lpref prepend is a utility policy that can set the local preference and prepend the AS path according to parameterized values that are passed in The common inbound policy uses these filter bogons building blocks to build a common block of inbound ...

Page 481: ... sets with wildcards Use Wildcards for Prefix Sets Use the following example to configure a routing policy with wildcards for prefix sets 1 Configure the required prefix sets in the global configuration mode RP 0 RP0 CPU0 router config prefix set pfx_set1 RP 0 RP0 CPU0 router config pfx 1 2 3 4 32 RP 0 RP0 CPU0 router config pfx end set RP 0 RP0 CPU0 router config prefix set pfx_set2 RP 0 RP0 CPU0...

Page 482: ...ath set then pass else drop endif RP 0 RP0 CPU0 router config rpl end policy This route policy configuration accepts routes with AS path attributes as mentioned in the two AS path sets and drops all other non matching routes 3 Commit your configuration RP 0 RP0 CPU0 router config commit This completes the configuration of routing policy with wildcards for AS path sets For detailed information on A...

Page 483: ...U0 router config ext end set 2 Configure a route policy with wildcards to refer to the extended community sets RP 0 RP0 CPU0 router config route policy WILDCARD_EXT_COMMUNITY_SET RP 0 RP0 CPU0 router config rpl if extcommunity rt matches any extcommunity set then pass else drop endif RP 0 RP0 CPU0 router config rpl end policy This route policy configuration accepts routes with extended community s...

Page 484: ... Configuration 0 0 0 rd set rd_set_demo 10 0 0 1 8 77 10 0 0 2 888 65000 777 end set rd set rd_set_demo2 20 0 0 1 7 99 4784 199 end set route policy use_rd_set if rd in rd set then set local preference 100 elseif rd in 10 0 0 2 888 10 0 0 2 999 then set local preference 300 endif end policy end This completes the configuration of routing policy with wildcards for route distinguisher sets For more ...

Page 485: ...g commit 4 Optional Verify your configuration RP 0 RP0 CPU0 router config show configuration Building configuration IOS XR Configuration 0 0 0 ospf area set ospf_area_set_demo1 10 0 0 1 3553 end set ospf area set ospf_area_set_demo2 20 0 0 2 3673 end set route policy use_ospf_area_set if ospf area in ospf area set then set ospf metric 200 elseif ospf area in 10 0 0 1 10 0 0 2 then set ospf metric ...

Page 486: ...g Regular Expressions Special Characters and Patterns appendix in the Regular expression syntax Standards Title Standards No new or modified standards are supported by this feature and support for existing standards has not been modified by this feature MIBs MIBs Link MI B s To locate and download MIBs using Cisco IOS XR software use the Cisco MIB Locator found at the following URL and choose a pl...

Page 487: ...ages of searchable technical content including links to products technologies solutions technical tips and tools Registered Cisco com users can log in from this page to access even more content Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 465 Implementing Routing Policy Additional References ...

Page 488: ...Routing Configuration Guide for Cisco NCS 6000 Series Routers IOS XR Release 6 4 x 466 Implementing Routing Policy Additional References ...

Page 489: ...figuration task search online in the Note Feature History for Implementing Static Routes This feature was introduced Release 5 0 0 Prerequisites for Implementing Static Routes on page 467 Restrictions for Implementing Static Routes on page 467 Information About Implementing Static Routes on page 468 Configuration Examples on page 470 Where to Go Next on page 471 Additional References on page 471 P...

Page 490: ...into the static routing table No algorithm exists to prevent the configuration of routing loops that use static routes Static routes are useful for smaller networks with only one path to an outside network and to provide security for a larger network for certain types of traffic or links to other networks that need more control In general most networks use dynamic routing protocols to communicate ...

Page 491: ...ext hop resolves through the static route and the static route resolves through the BGP route making it self recursive RP 0 RP0 CPU0 router config router static RP 0 RP0 CPU0 router config static address family ipv6 unicast RP 0 RP0 CPU0 router config static afi 001 0DB8 32 2001 0DB8 3000 1 This static route is not inserted into the IPv6 routing table because it is self recursive The next hop of t...

Page 492: ...tatic afi 2001 0DB8 32 2001 0DB8 3000 1 210 Any of the three types of static routes can be used as a floating static route A floating static route must be configured with an administrative distance that is greater than the administrative distance of the dynamic routing protocol because routes with smaller administrative distances are preferred By default static routes have smaller administrative d...

Page 493: ...00 Series Routers Implementing EIGRP on Cisco IOS XR Software in Routing Configuration Guide for Cisco NCS 6000 Series Routers Implementing IS IS on Cisco IOS XR Software in Routing Configuration Guide for Cisco NCS 6000 Series Routers Implementing OSPF on Cisco IOS XR Software in Routing Configuration Guide for Cisco NCS 6000 Series Routers Implementing OSPFv3 on Cisco IOS XR Software in Routing ...

Page 494: ...he following URL and choose a platform under the Cisco Access Products menu http cisco com public sw center netmgmt cmtk mibs shtml RFCs Title RFCs No new or modified RFCs are supported by this feature and support for existing RFCs has not been modified by this feature Technical Assistance Link Description http www cisco com techsupport The Cisco Technical Support website contains thousands of pag...

Page 495: ...ing convergence Highlights of the RCMD mechanism are Lightweight and always on using route flow markers across routing components all nodes MC Tracks most convergence events and all routes affected by them Provides within router view with statistics and time lines on per convergence event basis Measurements against time line SLA and triggers specified EEM actions on excess On the router reports vi...

Page 496: ...s directory path name 17 reports size DETAILED STEPS Purpose Command or Action configure Step 1 Enters configure Router Convergence Monitoring and Diagnostics rcmd configuration mode router convergence Example Step 2 RP 0 RP0 CPU0 router config router convergence Configures to collect diagnostics on specified node collect diagnostics location Example Step 3 RP 0 RP0 CPU0 router config rcmd collect...

Page 497: ...ute convergence for the specified protocol priority Example Step 9 Critical Set to monitor route convergence for critical priority routes RP 0 RP0 CPU0 router config rcmd proto priority critical RP 0 RP0 CPU0 router config rcmd proto prio High Set to monitor route convergence for high priority routes Medium Set to monitor route convergence for medium priority routes Low Set to monitor route conver...

Page 498: ... Example RP 0 RP0 CPU0 router config rcmd store diagnostics disk0 rcmd Step 14 Specify a maximum size for the diagnostics directory Set the size in Range is 5 80 diagnostics size Example Step 15 RP 0 RP0 CPU0 router config rcmd store diagnostics size 8 Specifies the absolute directory path for storing reports Set a directory path name Example disk0 rcmd or tftp location rcmd reports directory path...

Reviews:

No comments