Home
/
Riverstone Networks
/
WICT1-12
/
User Manual

Riverstone Networks WICT1-12, User Manual

Share

Page: 559 / 718

Riverstone Networks WICT1-12 User Manual Download Page 559

Riverstone Networks RS Switch Router User Guide Release 8.0 25-13

Security Configuration

Layer-4 Bridging and Filtering

To illustrate this, the following diagram shows an RS serving as a bridge for a consultant host, file server, and an
engineering host, all of which reside on a single subnet.

Figure 25-2 Sample VLAN for layer-4 bridging

You may want to allow the consultant access to the file server for e-mail (SMTP) traffic, but not for Web (HTTP) traffic
and allow e-mail, Web, and FTP traffic between the engineer and the file server. You can use Layer-4 bridging to set
this up.

Setting up Layer-4 bridging consists of the following steps:

•

Creating an IP or IPX VLAN

•

Placing the ports on the same VLAN

•

Enabling Layer-4 Bridging on the VLAN

•

Creating an ACL that specifies the selection criteria

•

Applying an ACL to a port

25.4.1

Creating an IP or IPX VLAN for Layer-4 Bridging

To enable Layer-4 bridging on a VLAN, the VLAN must be configured to pass only IP or only IPX traffic. (Therefore,
you cannot enable Layer-4 bridging on port-based VLANS.) To create an IP or IPX VLAN, enter the following
command in Configure mode:

For example, to create an IP VLAN called “blue” with an ID of 21, enter the following command in Configure mode:

Create an IP or IPX VLAN.

vlan create

<vlan-name> <type>

id

<num>

rs(config)#

vlan create blue ip id 21

et.1.1

et.1.2

Consultant

File Server

Router

1.1.1.1/24

1.1.1.2/24

Engineer

et.1.3

1.1.1.3/24

«
...
557
558
559
560
561
...
»

Summary of Contents for WICT1-12

Page 1: ...36 007 07 Rev 0A RS Switch Router User Guide Release 8 0...

Page 2: ...2 5 5 32 8 7 5 7 5 75 5 5 5 8 2 2 5 5 7 5 7 2 57 2 2 5 5 23 5 227 2 5 6 5 2 23 5 7 2 23 2 5 5 2 A 124565 57 7 2 8 152 8 23 8 415 15 2 8 2 2 7 5 5 5 2 2 15 4 5A 8 4 8 2 23 15 5 23 1 23 4 5 565 3 76 57...

Page 3: ...t has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC rules These limits are designed to provide reasonable protection against harmful inter...

Page 4: ...difications made to this device that are not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment INDUSTRY CANADA COMPLIANCE STATEMENT H...

Page 5: ...MATION CLASS 1 LASER TRANSCEIVERS B B 21 CFR 1040 10 and 1040 11 U S Department of Health and Human Services FDA IEC Publication 825 International Electrotechnical Commission CENELEC EN 60825 European...

Page 6: ...ephone Company may discontinue your service temporarily If possible they will notify you in advance But if advance notice isn t practical you will be notified as soon as possible You will be advised o...

Page 7: ...Riverstone Networks RS Switch Router User Guide Release 8 0 vii J J J J J 2 5 5J 5 A H B J 5J H...

Page 8: ...riate records of the location of the original media and all copies of the Licensed Software in whole or in part made by You b not to use copy or modify the Licensed Materials in whole or in part excep...

Page 9: ...Y IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE SATISFACTORY QUALITY NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING USAGE OR TRADE PRACTICE ARE HEREBY EXCLU...

Page 10: ...roducts are not designed or intended for use in i the design construction operation or maintenance of any nuclear facility ii navigating or operating aircraft or iii operating life support or life cri...

Page 11: ...ADE PRACTICE ARE HEREBY EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW Limitation of Liability IN NO EVENT WILL RIVERSTONE OR ITS AFFILIATES OR SUPPLIERS BE LIABLE FOR ANY LOSS OF USE INTERRUPTION O...

Page 12: ...xii Riverstone Networks RS Switch Router User Guide Release 8 0 DECLARATION OF CONFORMITY ADDENDUM E 00D 55 0 0 55 5 7 E 00D 55 5 7 0 0 55 5 5 E F 5 D J F...

Page 13: ...and Restoring Configuration Files 2 5 2 2 Backing Up and Restoring System Image Files 2 6 2 3 Configuring System Settings 2 7 2 3 1 Setting Daylight Saving Time 2 8 2 3 2 Configuring a Log in Banner 2...

Page 14: ...Hot Swapping a WIC 4 8 5 Bridging Configuration Guide 5 1 5 1 Spanning Tree IEEE 802 1d 5 1 5 2 Bridging Modes Flow Based and Address Based 5 1 5 3 VLAN Overview 5 2 5 3 1 RS VLAN Support 5 3 5 3 2 Co...

Page 15: ...ertification 7 3 7 3 2 IF RF Upconverter 7 3 7 3 3 Diplex Filters 7 3 7 3 4 DHCP Servers 7 5 7 3 5 DNS and TFTP Servers 7 5 7 4 Connecting and Configuring the Downstream 7 5 7 4 1 Installing and Confi...

Page 16: ...over SONET Configuration Guide 9 1 9 1 Configuring IP Interfaces for PoS Links 9 1 9 2 Configuring Packet over SONET Links 9 2 9 3 Configuring Automatic Protection Switching 9 3 9 3 1 Configuring Work...

Page 17: ...IP Interfaces for RARP 11 6 11 5 2 Defining MAC to IP Address Mappings 11 7 11 5 3 Monitoring RARP 11 7 11 6 Configuring DNS Parameters 11 7 11 7 Configuring IP Services ICMP 11 8 11 8 Configuring IP...

Page 18: ...14 1 OSPF Multipath 14 2 14 2 Configuring OSPF 14 2 14 3 Setting the Router ID 14 2 14 4 Enabling OSPF 14 3 14 5 Configuring OSPF Areas 14 3 14 5 1 Configuring Summary Ranges 14 4 14 5 2 Configuring...

Page 19: ...16 1 The RS BGP Implementation 16 1 16 2 Basic BGP Tasks 16 2 16 2 1 Setting the Autonomous System Number 16 2 16 2 2 Setting the Router ID 16 2 16 2 3 Configuring a BGP Peer Group 16 3 16 2 4 Adding...

Page 20: ...17 5 Configuring L3 Label Switched Paths 17 27 17 5 1 Configuring L3 Static LSPs 17 27 17 5 2 Configuring L3 Dynamic LSPs 17 31 17 5 3 Configuring an Explicit LSP 17 32 17 6 Configuring L2 Tunnels 17...

Page 21: ...19 3 1 Configuring IGMP on an IP Interface 19 2 19 3 2 Configuring IGMP Query Interval 19 3 19 3 3 Configuring IGMP Response Wait Time 19 3 19 3 4 Configuring Per Interface Control of IGMP Membership...

Page 22: ...ncing Group 22 3 22 1 3 Setting Timeouts for Load Balancing Mappings 22 4 22 1 4 Optional Group or Server Operating Parameters 22 5 22 1 5 Using Health Check Clusters 22 7 22 1 6 Setting Server Status...

Page 23: ...ng ACLs 24 6 24 2 1 Editing ACLs Offline 24 6 24 2 2 Maintaining ACLs Using the ACL Editor 24 7 24 3 Using ACLs 24 8 24 3 1 Applying ACLs to Interfaces 24 8 24 3 2 Applying ACLs to Services 24 9 24 3...

Page 24: ...6 1 Allocating Bandwidth for a Weighted Fair Queuing Policy 26 8 26 7 Weighted Random Early Detection WRED 26 8 26 7 1 WRED s Effect on the Network 26 8 26 7 2 Weighting Algorithms in WRED 26 8 26 8...

Page 25: ...0 4 Configuring Frame Relay Interfaces for the RS 30 8 30 4 1 Defining the Type and Location of a Frame Relay and VC Interface 30 8 30 4 2 Setting up a Frame Relay Service Profile 30 8 30 4 3 Applying...

Page 26: ...on RS 8x00 30 50 30 18 4 Scenario 4 Routed Metropolitan Backbone with Only T1 on RS 8x00 30 57 30 18 5 Scenario 5 Routed Metropolitan Backbone with T1 and T3 on RS 8x00 30 64 30 18 6 Scenario 6 Route...

Page 27: ...ports 5 26 Figure 5 8 Customer VLAN with multiple tunnel entry ports across multiple routers 5 28 Figure 5 9 STP enabled in customer VLANs 5 30 Figure 5 10 Multiple VLANs on single tunnel entry port 5...

Page 28: ...6 47 Figure 17 1 MPLS label switched path 17 2 Figure 17 2 Encoding of an MPLS label 17 3 Figure 17 3 MPLS label stack 17 3 Figure 17 4 Label binding distribution 17 5 Figure 17 5 LSP creation and pac...

Page 29: ...Virtual IP address ranges 22 14 Figure 22 5 Session and netmask persistence 22 15 Figure 22 6 Load balancing with NAT 22 16 Figure 22 7 Web cache configuration 22 19 Figure 25 1 Source filter example...

Page 30: ...Office Connections through an ISP 30 84 Figure 30 14 Routed Metropolitan Backbone 30 91 Figure 31 1 Hardware credit buckets 31 4 Figure 31 2 Configuration Example Applying a Service to Multiple Serve...

Page 31: ...le 16 1 Keywords for well known communities 16 8 Table 17 1 Reserved label values 17 4 Table 17 2 MPLS label operations supported on the RS 17 4 Table 17 3 RSVP parameters on the RS 17 15 Table 17 4 R...

Page 32: ...uide Release 8 0 Table 30 3 Channelized DS3 Framing and Line Coding Schemes 30 31 Table 30 4 Clear Channel T3 and E3 Interface Rates 30 39 Table 30 5 Clear Channel T3 and E3 Framing and Line Coding 30...

Page 33: ...ter Getting Started Guide to install the chassis and perform basic setup tasks then return to this manual for more detailed configuration information 1 1 RELATED DOCUMENTATION The Riverstone RS Switch...

Page 34: ...ce Indicates commands and keywords that you enter as shown italics Indicates arguments for which you supply values x or italics or x italics Keywords and arguments within a set of square brackets are...

Page 35: ...nfiguration commands that you have made active from the scratchpad The active configuration remains in effect until you power down or reboot the system Caution The active configuration remains in effe...

Page 36: ...sts the commands that are useful for displaying the RS s configuration information Table 2 1 Commands to change configuration information Task Command Enable Mode Copy between scratchpad active config...

Page 37: ...re in Configure mode by entering the configure command in the CLI 3 Enter the following command 4 Type y to activate the changes Table 2 2 Commands to display configuration information Task Command En...

Page 38: ...mmand in the CLI 2 Enter the following command to copy the configuration changes in the Active configuration to the Startup configuration 3 When the CLI displays the following message enter yes to sav...

Page 39: ...indicate a partial completion status complete with P Note Commands with no annotation or annotated with P are not in error 2 1 6 Backing Up and Restoring Configuration Files When you save the startup...

Page 40: ...uration file It is recommended that a backup of the system image be stored on a central server in the unlikely event that the system image becomes corrupted or deleted from the PC flash card Use the s...

Page 41: ...ge add command Additionally you can use the following commands to display add and delete system images 2 3 CONFIGURING SYSTEM SETTINGS In addition to the initial settings described in the Getting Star...

Page 42: ...ure mode to set DST according to specific days or dates When you set DST by setting the time forward by an hour saving it to the active configuration file automatically activates the command causing t...

Page 43: ...ts up the CLI appears in the Telnet or console window The following message displays Press the Return key The following message displays The first line in the above example means that a password for l...

Page 44: ...e user mode command prompt consists of the RS name followed by the angle bracket as shown in the following 3 2 2 Enable Mode The enable mode provides more commands than the user mode Commands within t...

Page 45: ...press the Return key or press Ctrl Z 3 2 4 BootPROM Mode The BootPROM mode is used to view and edit the current BootPROM configuration file While the RS is booting up press the Esc key Then at the com...

Page 46: ...ete or transpose characters or delete portions of a line The line editing commands in the CLI are detailed in the following table Table 3 1 CLI line editing commands Command Resulting Action Ctrl a Mo...

Page 47: ...he user mode If in the configure mode exit back to the enable mode ESC b Move backward one word ESC d Kill the word from the cursor s current location to the first white space ESC f Move forward one w...

Page 48: ...e of invoking help while entering a command rs aging Show Aging information cli Modify the command line interface behavior dvmrp Show DVMRP related parameters enable Enable privileged user mode exit E...

Page 49: ...ress for the management port For an example of these commands see Section 3 8 CLI and RS Configuration Example For more information about these commands see the Riverstone RS Switch Router Getting Sta...

Page 50: ...ands that will be stored in the command history buffer Commands stored in the buffer can be recalled without typing the complete command again When the key is pressed the CLI displays the commands tha...

Page 51: ...number is printed on the top of the front fan cover 3 7 3 Port Number Port number is the number assigned to the physical connector on the line card The range and assignment of port numbers varies by...

Page 52: ...and the RS 8600 1 2 Channelized T3 on the RS 32000 and the RS 38000 1 2 3 4 Multi rate WAN Module with a Channelized T1 or Channelized E1 WIC in each slot 1 2 3 4 Multi rate WAN Module with a Clear Ch...

Page 53: ...et 3 8 3 7 4 Channel Number Channel number is the number assigned to the timeslots or T1 lines in a connector available only for Channelized T1 E1 and T3 interfaces For Channelized T1 and E1 and fract...

Page 54: ...ot 7 of an RS 8000 The names of the two ports from left to right are gi 7 1 and gi 7 2 3 8 CLI AND RS CONFIGURATION EXAMPLE The configuration will demonstrate how to set The system time and date The d...

Page 55: ...buffer size rs cli set history size 100 4 Change modes rs configure 5 Enable the daylight savings function rs configure system set dst changing s wk 5 s dow 1 s mo 3 e wk 1 e dow 7 e mo 10 e hr 2 6 Na...

Page 56: ...3 14 Riverstone Networks RS Switch Router User Guide Release 8 0 CLI and RS Configuration Example CLI and RS Basics...

Page 57: ...ic module On the RS 32000 and RS 38000 you can hot swap the GBICs in addition to the line cards and secondary control modules Caution Take appropriate care when removing line cards from the RS They ma...

Page 58: ...able mode After you enter this command the Offline LED on the line card lights and messages appear on the console indicating the ports on the line card are inoperative Note If you have deactivated a l...

Page 59: ...G ONE TYPE OF LINE CARD WITH ANOTHER You can hot swap one type of line card with another type For example you can replace a 10 100Base TX line card with a 1000Base SX line card The RS can be configure...

Page 60: ...ary Control Module the Offline LED is lit Note The Offline LED on the Control Module has a different function from the Offline LED on a line card On a line card it means that the line card has been de...

Page 61: ...sing it in place to ensure that the pins on the back of the card are completely seated in the backplane Note Make sure the circuit card and not the metal plate is between the card guides Check both th...

Page 62: ...e The Online LED goes out and the Offline LED lights Figure 4 3 shows the location of the Offline LED and Hot Swap button on a Switching Fabric Module Figure 4 3 Location of offline LED and hot swap b...

Page 63: ...d the host gigabit Ethernet line cards are sensitive to static discharge Use an antistatic wrist strap and observe all static precautions when you remove or install a GBIC Failure to do so could resul...

Page 64: ...of the line card 3 Gently insert the GBIC module into the GBIC slot opening in the line card The GBIC door on the line card folds in and the hinges engage the alignment slots on the sides of the GBIC...

Page 65: ...ADDRESS BASED The RS provides the following types of wire speed bridging Address based bridging The RS performs this type of bridging by looking up the destination address in an L2 lookup table on the...

Page 66: ...pe of this manual Each type of VLAN is briefly explained in the following subsections Port based VLANs Ports of L2 devices switches bridges are assigned to VLANs Any traffic received by a port is clas...

Page 67: ...ridge switch use the port based and protocol based VLAN types When using the RS as a combined switch and router use the subnet based VLANs in addition to port based and protocol based VLANs It is not...

Page 68: ...en the RS is unconfigured each port belongs to a VLAN called the default VLAN By creating VLANs and adding ports to the created VLANs the ports are moved from the default VLAN to the newly created VLA...

Page 69: ...classified as belonging to VLAN IP_VLAN You can use the port enable 8021p command to tag frames transmitted from access ports with a one byte 802 1p class of service CoS value The CoS value indicates...

Page 70: ...xample the following illustration shows a router with traffic being sent from port A to port B port B to port A port B to port C and port A to port C Figure 5 1 Router traffic going to different ports...

Page 71: ...RS you perform the following tasks on the ports where you want spanning tree enabled 5 6 1 Using Rapid STP You can specify the use of rapid STP defined by IEEE 802 1w This protocol also known as Fast...

Page 72: ...ning Tree Protocol work should make adjustments to spanning tree parameters Poorly chosen adjustments to these parameters can have a negative impact on performance A good source on bridging is the IEE...

Page 73: ...port costs enter the following command in Configure mode Adjusting Bridge Protocol Data Unit BPDU Intervals You can adjust BPDU intervals as described in the following sections Adjust the Interval bet...

Page 74: ...nged and recomputes the spanning tree topology To change the default interval setting enter the following command in Configure mode Specify the interval between hello time for default spanning tree st...

Page 75: ...ied period of time If the port satisfies this condition then it is considered stable and traffic is switched back to it Otherwise it remains in an unstable state and is continuously monitored until it...

Page 76: ...Therefore be careful to not put loops within the VLAN 5 7 3 Configuring VLAN Trunk Ports The RS supports standards based VLAN trunking between multiple RS s as defined by IEEE 802 1Q 802 1Q adds a hea...

Page 77: ...the RS allow you to configure ports to filter specific MAC addresses When defining a Layer 2 security filter you specify to which ports you want the filter to apply For details on configuring Layer 2...

Page 78: ...When combined with static entries however these filters can be used to drop all received traffic but allow some frames to go through 5 10 MONITORING BRIDGING The RS displays bridging statistics and co...

Page 79: ...ing and removing VLANs When you turn on dynamic VLAN creation and the RS receives a request for a VLAN that does not exist on the RS GVRP dynamically creates that VLAN and adds the port that received...

Page 80: ...exist on the RS In addition you will still be able to configure VLANs manually through the CLI Set a port s registration mode to forbidden Registration modes refer to whether VLAN IDs can be dynamical...

Page 81: ...nstead dynamic VLAN creation was enabled So when any of the edge routers R1 R2 R3 R6 R7 or R8 send a request for a VLAN to the core routers R4 and R5 and the VLAN does not exist on the core routers th...

Page 82: ...GVRP on ports et 1 1 3 gvrp enable ports et 1 1 3 Ports et 1 2 and 1 3 do not need to send GARP PDUs because they are connected to devices that are not running GVRP Therefore we should set their stat...

Page 83: ...LUE while ports et 3 1 on R1 and et 7 1 on R2 belong to customer C2 s VLAN GREEN Traffic entering any of these four ports are tagged with the appropriate customer VLAN ID BLUE or GREEN in an IEEE 802...

Page 84: ...ther ports that belong to that VLAN If a unicast packet arrives on a tunnel entry port the packet is sent out a particular backbone VLAN port The 802 1p priority of a packet is preserved throughout th...

Page 85: ...EEN port based vlan create BLUE port based Add port to each VLAN vlan add ports et 2 1 to BLUE vlan add ports et 3 1 to GREEN vlan add ports et 4 1 to RED Make et 4 1 both a trunk port and a tunnel ba...

Page 86: ...backbone VLAN GREEN Note that the trunk port on each router is part of both backbone VLAN RED and backbone VLAN GREEN Figure 5 5 Multiple customers with common VLANs Create 1 backbone VLAN and 2 cust...

Page 87: ...port based Add ports to BLUE VLAN vlan add ports et 2 1 et 3 1 to BLUE Make et 4 1 both a trunk port and a tunnel backbone port vlan make trunk port et 4 1 stackable vlan Add et 4 1 to both RED and G...

Page 88: ...te BLUE port based Add port to each VLAN vlan add ports et 2 1 to BLUE vlan add ports et 3 1 to GREEN vlan add ports et 4 1 to RED Make et 4 1 both a trunk port and a tunnel backbone port vlan make tr...

Page 89: ...e port vlan make trunk port et 5 1 stackable vlan Map tunnel exit ports to backbone VLAN vlan enable stackable vlan on et 6 1 backbone vlan RED vlan enable stackable vlan on et 7 1 backbone vlan RED C...

Page 90: ...entry exit ports Create 1 backbone VLAN and 2 customer VLANs vlan create PURPLE port based vlan create GREEN port based vlan create BLUE port based Add port to each VLAN vlan add ports et 11 1 to PURP...

Page 91: ...o the backbone VLAN PURPLE Create backbone VLAN and customer VLAN vlan create RED port based vlan create BLUE port based Add ports to VLANs vlan add ports et 2 1 et 3 1 to BLUE vlan add ports et 4 1 t...

Page 92: ...tomer VLAN vlan create PURPLE port based vlan create BLUE port based Add port to each VLAN vlan add ports et 2 1 to BLUE vlan add ports et 3 1 to PURPLE Make et 3 1 both a trunk port and a tunnel back...

Page 93: ...le vlan on et 5 1 backbone vlan RED Create 1 backbone VLAN and 1 customer VLAN vlan create RED port based vlan create BLUE port based Add port to each VLAN vlan add ports et 6 1 to BLUE vlan add ports...

Page 94: ...s VLAN BLUE and for customer C2 s VLAN GREEN is tunneled through the backbone VLAN RED STP is enabled in the customer VLAN BLUE on the customer routers C1R1 and C1R2 for customer C1 Figure 5 9 STP en...

Page 95: ...N vlan create BLUE port based Add port to VLAN vlan add ports et 8 1 to BLUE Make port et 8 1 a trunk port vlan make trunk port et 8 1 Enable STP on et 8 1 stp enable port et 8 1 Create 1 backbone VLA...

Page 96: ...vlan make access port command to allow the tunnel entry port to be added to any number of VLANs In Figure 5 10 customers C1 C2 C3 C4 and C5 each have a VLAN that will use port et 2 1 on R1 as the tun...

Page 97: ...ase 8 0 5 33 Bridging Configuration Guide Tunneling VLAN packets across MANs Figure 5 10 Multiple VLANs on single tunnel entry port et 2 1 et 4 1 et 5 1 et 6 1 MAN RED VLAN backbone C1 C5 R2 R1 C1 C5...

Page 98: ...r VLANs Create backbone VLAN vlan create RED port based Create customer VLANs vlan create BLUE port based vlan create GREEN port based vlan create PINK port based vlan create PURPLE port based vlan cr...

Page 99: ...lan create AQUA port based Make et 6 1 an access port that can belong to 1 VLAN vlan make access port et 6 1 stackable vlan Add ports to VLANs vlan add ports et 6 1 to BLUE vlan add ports et 6 1 to GR...

Page 100: ...the vlan enable stackable vlan command 3 The ports on which multicast broadcast or unknown unicast packets are flooded 4 The tunnel backbone ports configured with the stackable vlan option of the vlan...

Page 101: ...ngestion points in the network eliminating potential traffic bottlenecks SmartTRUNKs also provide improved data link resiliency if one link in a SmartTRUNK fails its flows are distributed among the re...

Page 102: ...K must have the same bandwidth i e either all 10 100 Mbps Ethernet ports or all Gigabit Ethernet ports No Control Protocol Can be used to connect the SmartTRUNK to another RS Also if you are connectin...

Page 103: ...emapped to a different port in the same SmartTRUNK If the flows assigned to a particular port in the SmartTRUNK exceed the bandwidth of the port packets are dropped even if there is bandwidth availabl...

Page 104: ...ddress 10 1 1 1 255 255 255 0 ip route cache distributed interface fasteth 0 0 no ip address channel group 1 set port channel 3 1 2 on smarttrunk create st 1 protocol no protocol smarttrunk create st...

Page 105: ...rt to attach to an aggregator the following parameters must match between the port and the aggregator Port s port key must equal the aggregator s actor key aggregator s partner key must equal the port...

Page 106: ...der the following full mesh topology Each RS is connected to the other RSs by aggregators For the sake of simplicity each Link Aggregation Group LAG consists of just two links Each link consists of ei...

Page 107: ...ITCHES PORTS st 12 R1 gi 1 1 gi 1 2 R2 gi 1 1 gi 1 2 st 13 R1 gi 3 1 gi 4 1 R3 gi 3 1 gi 4 1 st 14 R1 et 5 1 et 5 2 R4 et 5 1 et 5 2 st 23 R2 et 5 1 et 5 2 R3 et 5 1 et 5 2 st 24 R2 gi 3 1 gi 4 1 R4 g...

Page 108: ...23 24 smarttrunk create st 13 protocol lacp smarttrunk create st 23 protocol lacp smarttrunk create st 34 protocol lacp lacp set aggregator st 13 port type gigabit Ethernet actor key 30 partner key 10...

Page 109: ...ed to other ports within the SmartTRUNK SLR uses the three following user defined water marks Low water mark lwm Used by SLR to detect whether a port is under utilized the default is 20 of bandwidth M...

Page 110: ...ol protocol is irrelevant to this example 2 Assign ports et 4 1 through et 4 4 to the SmartTRUNK 3 Accept SLR s defaults and enable SLR on the SmartTRUNK To show the SmartTRUNK SLR configuration on st...

Page 111: ...ers of layer 2 flows are deployed to carry traffic transparently In this environment SLR provides automatic load balancing of flows on SmartTRUNKs consisting of any number of ports However the smarttr...

Page 112: ...attempt to even out traffic across the SmartTRUNK by redistributing flows to the under utilized port The smarttrunk set load redistribution params command is used to specify the use of low water mark...

Page 113: ...ted signal are then processed for distribution with the television signals Receivers scamblers and descramblers process the television signals to encode or decode them as needed for broadcast Modulato...

Page 114: ...ristics of the CMTS module and for installation instructions in the RS 8000 8600 chassis refer to Riverstone RS Switch Router Getting Started Guide 7 3 PROVISIONING THE HEADEND Prior to installing the...

Page 115: ...r These units typically do not have the phase noise performance levels required for 64 and 256 QAM digital signals and they might cause lower performance and possible system failure The upconverter is...

Page 116: ...A2 08 G80 P G80 PAC 100 125 5A 200 240 3A 50 60 Hz PWR PWR US 1 US 1 US 2 US 2 US 3 US 3 US 4 US 4 IF DS IF DS Upconverter 0 to 20 dB attenuator as required 8 way tap 3 way splitter 17 dBmV video carr...

Page 117: ...ction is made to the network The RS 8000 8600 periodically polls the cable modems on the network to see if the network connection is still active When the connection to the network ends the IP address...

Page 118: ...and this upconverter requires 6 to 19 dB of attenuation on the input cable The IF input to the Wavecom MA4040 is 33 dBmV and requires no attenuation on the input cable 7 4 3 Setting the Upconverter O...

Page 119: ...wnstream configuration you can connect a cable modem to the downstream forward test point of the laser transmitter Use a diplex filter and an attenuator as needed to connect the cable modem to an upst...

Page 120: ...icipate in the same broadcast domain To associate ports to a VLAN you must first create a VLAN and then assign ports to the VLAN Configure the CMTS module by entering the following commands 1 Create a...

Page 121: ...o the VLAN named dhcp by entering vlan add ports et 1 1 to dhcp 4 Assign the CMTS port to the VLAN named cmts by entering vlan add ports cm 7 1 to cmts 5 Create an IP interface called dhcp with the ad...

Page 122: ...es assume that there are two ISPs AMERILINK and MOONLINK each with two subscribers AMERILINK Ethernet Network 50 1 0 0 RF Network 50 2 0 0 Server 50 1 1 100 MOONLINK Ethernet Network 80 1 0 0 RF Netwo...

Page 123: ...e that it is simple there is only a single database and the ISP selection is transparent to the user The disadvantage is that the ISPs must share access to the DHCP server They can however still manag...

Page 124: ...based vlan add ports et 1 1 to AMERILINK vlan add ports et 1 2 to MOONLINK vlan add ports cm 5 1 to CMTS vlan add ports et 1 3 to DHCP interface create ip AMERILINK address netmask 50 1 1 1 16 vlan A...

Page 125: ...eclaration for subnet directly attached subnet 30 1 0 0 netmask 255 255 0 0 shared network amerilink_moonlink AMERILINK s network subnet 50 2 0 0 netmask 255 255 0 0 modem config file filename amerili...

Page 126: ...et 80 2 0 0 netmask 255 255 0 0 modem config file filename moonlink mdem cfg time of day option time servers 80 1 1 100 option ntp servers 80 1 1 100 tftp server next server 80 1 1 100 option routers...

Page 127: ...ort based vlan create CMTS port based vlan add ports et 1 1 to AMERILINK vlan add ports et 1 2 to MOONLINK vlan add ports cm 5 1 to CMTS interface create ip AMERILINK address netmask 50 1 1 1 16 vlan...

Page 128: ...filename amerilink modem cfg time of day option time servers 50 1 1 100 options ntp servers 50 1 1 100 tftp server next server 50 1 1 100 shared network amerilink_moonlink AMERILINK s network OK TO C...

Page 129: ...filename moonlink modem cfg time of day option time servers 80 1 1 100 options ntp servers 80 1 1 100 tftp server next server 80 1 1 100 shared network amerilink_moonlink AMERILINK s network DON T CON...

Page 130: ...ems may not be capable of recognizing vendor extensions A vendor extension is the line in the file that identifies a vendor See the first line in the file below Configure the RS cmts set headend cm 5...

Page 131: ...xtension is a Riverstone CMTS 43 VSIF n1 number of value bytes inside this VSIF 8 Vendor ID Type 3 len 02 E0 63 Riverstone OUI TLVs 1 Default Vlan n2 number of value bytes 1 Default Vlan ID 2 len 1 40...

Page 132: ...le DHCP anti spoofing prevents DHCP SERVER 2 from serving as a provisioning server instead of DHCP SERVER 1 Following is the configuration Configure the RS cmts set headend cm 5 1 hashed auth str hbCg...

Page 133: ...the RS cmts set headend cm 5 1 hashed auth str hbCgHB cmts set uschannel cm 5 1 upstream 1 state on Configure the VLANs vlan create dhcp port based vlan create cmts port based vlan add ports et 1 1 to...

Page 134: ...spoofing To prevent spoofing the IP address MAC address pairs are stored in a data base and are used to check for spoofed IP addresses Note Dynamic configuration is enabled using the anti ip spoofing...

Page 135: ...can configure each of these connections with its own traffic parameters providing more control over specific connections within a network The ATM line card provides an ATM interface allowing integrat...

Page 136: ...t SONET SDH Framing Set Loopback Mode Enable Path Tracing Enable Payload Scrambling Enable Stream Scrambling Note For a complete description of the SONET features refer to Section 9 Packet over SONET...

Page 137: ...ll scrambling on SONET PHY interfaces In the following example cell scrambling is enabled on port at 5 1 Cell Mapping The ATM cells are mapped into a PDH E3 T3 frame using two different mapping format...

Page 138: ...lay the parameters set for an ATM port The following is an example of the information that is displayed with the atm show port settings command for a PDH PHY interface The following is an example of t...

Page 139: ...e VCI numbers 0 through 31 These VCIs are used for signaling purposes In the following example a virtual channel on slot 5 port 1 is created with a VPI of 1 and a VCI of 100 After you configure a virt...

Page 140: ...gives you more control of your network resources and more options to accommodate different user needs You can define the following service categories Unspecified Bit Rate UBR This service category is...

Page 141: ...intended for best effort applications This service category is currently unsupported After you define a service category you apply it to a VC An important concept when applying service profiles is th...

Page 142: ...ets is less then the VC s rate But if the rate of control packets exceeds the VC s rate then some control packets must be dropped This policy ensures that critical traffic reaches its destination even...

Page 143: ...ncy to 1 as long as the achieved rates are accurate Additionally when increasing relative latency values you should also consider increasing the size of the buffers This is because packets may be held...

Page 144: ...cannot add a virtual channel with forced bridged enabled to a VC group Applying Service Profiles to VC Groups Either the virtual channel or the VC group may have a service profile applied but not bot...

Page 145: ...he network requirements if the RS s are connected through ATM multi rate line cards and if the RS s are connected through ATM OC 12 line cards Configuring QoS Policies Multi Rate Line Card If the rout...

Page 146: ...e 203 0 0 1 24 gateway 100 0 0 2 24 Set the priority levels for the different flows on RS1 This step is necessary in differentiating the priority levels of traffic data intended for the different clie...

Page 147: ...vcl at 1 1 0 100 to vg 1 priority low atm add vcl at 1 1 0 101 to vg 1 priority medium atm add vcl at 1 1 0 102 to vg 1 priority high atm add vcl at 1 1 0 103 to vg 1 priority control Configure an IP...

Page 148: ...t 1 1 0 103 Create the virtual channel group vg 1 on slot number 1 of RS2 atm create vcgroup vg 1 slot 1 Add the virtual channels to the VC group created on RS2 atm add vcl at 1 1 0 100 to vg 1 priori...

Page 149: ...bridging functions refer to Section 5 Bridging Configuration Guide Note The ATM modules do not support the Spanning Tree Protocol The following example illustrates how you can use bridging and VLANs t...

Page 150: ...16 Riverstone Networks RS Switch Router User Guide Release 8 0 Bridging ATM Traffic ATM Configuration Guide Figure 8 2 Bridging ATM traffic configuration example RS et 5 1 at 4 3 VLANA VLANB et 6 2 WA...

Page 151: ...connected ports Then all traffic that is received on one VC is tunneled to the other VC Apply an interface on both ethernet ports rs config interface create ip subnetA address netmask 11 1 1 1 24 port...

Page 152: ...mit you set then the maximum number of MAC addresses learned will not exceed the limit The following example limits the number of MAC addresses learned on at 1 1 0 100 8 6 ROUTING ATM TRAFFIC Configur...

Page 153: ...email and server backup type traffic Configuration is done in two steps The first step is to configure the network for traffic from Subnet A and Subnet B to Subnet C The second step is to configure t...

Page 154: ...ess 30 1 1 128 24 port at 4 2 0 100 up Define the ATM service profiles rs1 config atm define service ubrservice srv cat ubr pcr kbits 20000 rs1 config atm define service cbrservice srv cat cbr pcr kbi...

Page 155: ...onfig atm create vcl port at 3 1 0 101 Configure an interface for each VC rs2 config interface create ip ubrservice address netmask 40 1 1 128 24 peer address 40 1 1 127 24 port at 3 1 0 101 up rs2 co...

Page 156: ...passes to the video clients through three separate virtual channels Each virtual channel has a unique service profile In addition the RS is transmitting VC mux encapsulation traffic Peer address mappi...

Page 157: ...ates how to configure a PPP connection between a DSL modem and the RS It uses CHAP authentication on an AAA server for the PPP connection Create the virtual channels that will connect to each video cl...

Page 158: ...ne the PPP service profile rs config atm define service cm1 srv cat rt vbr encaps vc mux traffic ppp ppp auth chap Apply the service profile to the VC atm apply service cm1 port at 2 1 0 200 For this...

Page 159: ...in the following example rs atm show ppp port all at 5 1 Total LCP Enabled Up 0 0 Total IP Enabled Up 0 0 Total IPX Enabled Up 0 0 Total Bridging Enabled Up 0 0 Total Authentication Enabled Up 0 0 Vi...

Page 160: ...8 26 Riverstone Networks RS Switch Router User Guide Release 8 0 Configuring PPP OC 12 ATM Configuration Guide...

Page 161: ...er a PoS link is a result of PPP negotiation For transmission of jumbo frames MTUs up to 65535 octets you can increase the MTU size of the PoS port The MTU must be set at the port level 9 1 CONFIGURIN...

Page 162: ...PPP interface with the interface create command specifying the IP address and netmask for the interface on the RS When you create the point to point interface as shown above the RS creates an implici...

Page 163: ...itch the line independent of the other LTE Bidirectional switching where both sets of LTEs perform a coordinated switch is not supported Revertive switching You can enable automatic switchover from th...

Page 164: ...the protecting port it cannot be explicitly configured except for the APS properties The protecting port automatically inherits the configuration of the working port To configure a working and a prot...

Page 165: ...failure BER threshold of 10 3 1 out of 1 000 bits transmitted is in error Signal failure is associated with a hard failure Signal fail is determined when any of the following conditions are detected l...

Page 166: ...d circuit ID of the optical link sonet show medium port list Show working or protecting line direction and switch status sonet show aps port list Show received path trace sonet show pathtrace port lis...

Page 167: ...a PoS link between an RS router A and a Cisco 12000 series Gigabit Switch Router router B Figure 9 3 PoS link between the RS and a CISCO router The following is the configuration for router A interfa...

Page 168: ...ink with a Juniper router you must specify the peer address parameter Otherwise IP Control Protocol IPCP negotiations will fail The following is the configuration for router B interface POS1 0 ip addr...

Page 169: ...Layer 2 Cloud The following example shows a PoS link between Router A and Router B Both routers are connected by a PPP connection that goes through a L2 cloud a Layer 2 switch port set so 7 1 mtu 655...

Page 170: ...an Ethernet MAC header in the PPP frames the port so 6 1 PoS port and its peer at the edge of the cloud must be set in the Ethernet bridged encapsulation mode To enable Ethernet bridged encapsulation...

Page 171: ...intervals at which updates to the lease database and backup are done Upon system reboot the lease database will be loaded either from flash memory or from the TFTP or RCP server Note The RS DHCP serv...

Page 172: ...ol of IP addresses to be used by clients dhcp define pool Table 10 1 Client parameters Parameter Value address mask Address netmask of the scope s subnet This parameter is required and must be defined...

Page 173: ...5 Configuring DHCP Server Parameters You can configure several global parameters that affect the behavior of the DHCP server itself To configure global DHCP server parameters enter the following comm...

Page 174: ...configuration for a simple network with just one interface on which DHCP service is enabled to provide both dynamic and static IP addresses 1 Create an IP VLAN called client_vlan 2 Add all Fast Ether...

Page 175: ...d to give out addresses on different subnets The DNS server DNS domain and WINS server may be the same for clients on different secondary subnets however the default gateway will most likely be differ...

Page 176: ...rectly connected client is a system that resides on the same physical network as the DHCP server and does not have to go through a router or relay agent to communicate with the server If you configure...

Page 177: ...tains an IP address and can connect to the network the renewal of the lease is performed between the client and server without the help of the relay agent The default gateway for the client must be ca...

Page 178: ...lls the DHCP server how to send packets to the client on the 10 5 x x subnet 3 Define the network parameters for scope1 with the default gateway 10 5 1 1 the relay agent for the client 4 Define the ad...

Page 179: ...ates from other routers on these networks and broadcasts its own routing information on those same networks The RS supports the following Interior Gateway Protocols Routing Information Protocol RIP Ve...

Page 180: ...u can associate an interface with a single port or with multiple ports To associate an interface with a single port use the port option with the interface create command To associate an interface with...

Page 181: ...witch Router allows you to create unnumbered IP interfaces In the case where an interface is one end of a point to point connection it is not necessary to associate a particular IP address to that int...

Page 182: ...forwarded in software In the following example the ports gi 3 1 through gi 3 8 are configured with an MTU size of 65535 octets Ports gi 3 1 through gi 3 4 are configured to be part of the interface in...

Page 183: ...figuration file contains arp add commands the Control Module re adds the ARP entries even if you have cleared them using the arp clear command To permanently remove an ARP entry use the negate command...

Page 184: ...ADDRESS RESOLUTION PROTOCOL RARP Reverse Address Resolution Protocol RARP works exactly the opposite of ARP Taking a MAC address as input RARP determines the associated IP address RARP is useful for X...

Page 185: ...load the text file to the RS The format of the text file must be as follows Then place the text file on a TFTP server that the RS can access and enter the following command in Enable mode 11 5 3 Monit...

Page 186: ...packets forwarded to a specific host for a specific service or forwarded to all other interfaces You can configure the RS to forward UDP broadcast packets received on a given interface to all other in...

Page 187: ...OS By default the RS installs flows in the hardware so that packets sent as directed broadcasts are dropped in hardware if directed broadcast is not enabled on the interface where the packet is receiv...

Page 188: ...Q Local Address Foreign Address state tcp 0 0 gated gii LISTEN tcp 0 0 http LISTEN tcp 0 0 telnet LISTEN udp 0 0 127 0 0 1 1025 127 0 0 1 162 udp 0 0 snmp udp 0 0 snmp trap udp 0 0 bootp relay udp 0 0...

Page 189: ...cket The advantage of this type of routing is that packets almost never get sent to the CPU using up CPU process time except in a few cases such as multicasting You can enable the use of the HRT on th...

Page 190: ...es determine which fields are extracted from a packet s L3 header and used to determine the port list and QoS requirements When the RS uses destination based forwarding it extracts the destination IP...

Page 191: ...g profile to a slot you can enable it on a per port basis Ports on which the forwarding profile is enabled will use it to forward packets Ports on which the forwarding profile is not enabled will use...

Page 192: ...om profile and the existing ACLs Network Address Translation NAT NAT requires the source IP address and sometimes the source socket for address translation Thus the RS checks if the source IP and sour...

Page 193: ...d The rdisc add address command lets you define addresses to be included in router advertisements If you configure this command only the specified hostname s or IP address es are included in the route...

Page 194: ...nce of this address as a default route is 0 the default value 7 Shows configured values for the specified interface 11 17 SETTING MEMORY THRESHOLDS The routing information base RIB is stored in memory...

Page 195: ...n each threshold is reached Table 11 1 Default Memory Thresholds Threshold Level Percentage of Memory 0 12 03 14 05 62 07 64 Table 11 2 RIB Updates When Memory Threshold is Reached Route Protocol Thre...

Page 196: ...e following command You can also assign an IP or IPX interface directly to a physical port BGP level 1 level 2 A new BGP route is added only if it is the only BGP route to the given destination Maximu...

Page 197: ...way to ensure the availability of an end host s default router This is done by assigning IP addresses that end hosts use as their default route to a virtual router A Master router is assigned to forwa...

Page 198: ...the configuration file for Router R1 in Figure 12 1 Line 1 adds IP address 10 0 0 1 16 to interface test making Router R1 the owner of this IP address Line 2 creates virtual router VRID 1 on interfac...

Page 199: ...shows a VRRP configuration with two routers and two virtual routers Routers R1 and R2 are both configured with two virtual routers VRID 1 and VRID 2 Router R1 serves as Master for VRID 1 Backup for V...

Page 200: ...dress with virtual router VRID 1 so Router R1 is the Master for virtual router VRID 1 On line 5 Router R1 associates IP address 10 0 0 2 16 with virtual router VRID 2 However since Router R1 does not...

Page 201: ...f its virtual router In a VRRP configuration where more than one router is backing up a Master you can specify which Backup router takes over when the Master goes down by setting the priority for the...

Page 202: ...l routers The priority determines whether the router will become the Master or the Backup for a particular virtual router Priorities can have values between 1 and 255 When a Master router goes down th...

Page 203: ...er Default Priority Configured Priority VRID 1 IP address 10 0 0 1 16 255 address owner 255 address owner VRID 2 IP address 10 0 0 2 16 100 200 see line 8 VRID 3 IP address 10 0 0 3 16 100 200 see lin...

Page 204: ...riority lines 8 and 9 which set the priority to 100 are actually unnecessary They are included for illustration purposes only 1 interface create ip test address netmask 10 0 0 3 16 port et 1 1 2 ip re...

Page 205: ...r goes down the Backup router takes over When an interface comes up the Master router may become available and take over from the Backup router Before the Master router takes over it may have to updat...

Page 206: ...y Note If the IP address owner is available then it will always take over as the Master regardless of whether pre empt mode is on or off 12 2 5 Setting an Authentication Key By default no authenticati...

Page 207: ...2 ip redundancy show The ip redundancy show command reports information about a VRRP configuration Display a message when any VRRP event occurs Disabled by default ip redundancy trace vrrp events ena...

Page 208: ...lue Virtual MAC address 00005E 000164 Advertise Interval 1 sec s default value Preempt Mode Enabled default value Authentication None default value Primary Address 10 8 0 2 Associated Addresses 10 8 0...

Page 209: ...on the Backup router s configured priority rs ip redundancy show vrrp 1 interface int1 verbose VRRP Virtual Router 100 Interface int1 Uptime 0 days 0 hours 0 minutes 17 seconds State Backup Priority...

Page 210: ...th a virtual MAC address This virtual MAC depends on the virtual router ID virtual MAC address 00005E 0001XX where XX is the virtual router ID This virtual MAC address is also used as the source MAC a...

Page 211: ...es support for RIP Version 1 and 2 The RS implements plain text and MD5 authentication methods for RIP Version 2 The protocol independent features that apply to RIP are described in Chapter 11 IP Rout...

Page 212: ...will accept RIP updates rip add trusted gateway interfacename or IPaddr Define the list of routers to which RIP sends packets directly not through multicast or broadcast rip add source gateway interfa...

Page 213: ...entication method to MD5 rip set interface interfacename or IPaddr all authentication method md5 Specify the metric to be used when advertising routes that were learned from other protocols rip set de...

Page 214: ...e following commands in Enable mode Define the metric used when advertising routes via RIP that were learned from other protocols rip set default metric num Show all RIP information rip show all Show...

Page 215: ...ion Create interface R1 if1 with ip address 1 1 1 1 16 on port et 1 1 on R 1 interface create ip R1 if1 address netmask 1 1 1 1 16 port et 1 1 Configure rip on R 1 rip add interface R1 if1 rip set int...

Page 216: ...13 6 Riverstone Networks RS Switch Router User Guide Release 8 0 Configuration Example RIP Configuration Guide...

Page 217: ...ows networks to be grouped into areas Routing information passed between areas is abstracted potentially allowing a significant reduction in routing traffic OSPF uses four different types of routes li...

Page 218: ...l area and or interface level 14 3 SETTING THE ROUTER ID The router ID uniquely identifies the RS To set the router ID to be used by OSPF enter the following command in Configure mode If you do not ex...

Page 219: ...via the backbone area The OSPF area backbone contains all area border routers ABRs stub A stub area is not used as a transit area Routers within a stub area route internal traffic only not so stubby...

Page 220: ...s parameter is not specified no default route is injected into the OSPF stub area To define an OSPF stub area enter the following command in Configure mode The RS provides two ways to reduce the numbe...

Page 221: ...rder routers Type 7 LSAs have the same syntax as Type 5 LSAs except for the link state type In addition NSSA border routers translate Type 7 LSAs into Type 5 LSAs and flood them to all Type 5 capable...

Page 222: ...o Section 14 6 3 Configuring Interfaces for Point to Point Networks Non Broadcast Multiple Access NBMA An example of an NBMA network is a fully meshed Frame Relay or ATM network with virtual circuits...

Page 223: ...icasting and you would like to unicast OSPF packets enter the following command in Configure mode 14 7 CONFIGURING OSPF INTERFACE PARAMETERS The RS provides a number of parameters that are set at the...

Page 224: ...speeds The bandwidth of an interface is represented by the highest bandwidth port that is part of the associated VLAN The cost of an OSPF interface is inversely proportional to this bandwidth The cost...

Page 225: ...a virtual link ospf add virtual link number or string neighbor IPaddr transit area area id Set virtual link parameters ospf set virtual link number or string state disable enable cost num retransmit...

Page 226: ...External ASE Link Advertisements Because of the nature of OSPF the rate at which ASEs are flooded may need to be limited The following parameters can be used to adjust those rate limits These paramet...

Page 227: ...e value for OSPF routes is 10 You can change the default preference by entering the following command in Configure mode For additional information on how the RS uses preference values refer to Chapter...

Page 228: ...ported includes the area ID interface IP address interface type interface state cost priority and IP addresses of the designated router and backup designated router for the network Following is an exa...

Page 229: ...ur 0 Options mismatch 0 Master flag mismatch 0 Initialize flag mismatch 0 DD sequence number mismatch 0 Invalid LS type 0 Bad LS Request 0 No such virtual interface 0 Invalid area ID 0 Confusing Maste...

Page 230: ...terface create ip to r2 address netmask 120 190 1 1 16 port et 1 2 interface create ip to r3 address netmask 130 1 1 1 16 port et 1 3 interface create ip to r41 address netmask 140 1 1 1 24 port et 1...

Page 231: ...re 14 1 RIP Version 2 is configured on the interfaces of routers R1 and R2 which are attached to the sub network 120 190 0 0 16 We will redistribute these RIP routes as OSPF type 2 routes and associat...

Page 232: ...f export destination ospfExpDstType2 type 2 metric 4 ip router policy create ospf export destination ospfExpDstType2t100 type 2 tag 100 metric 4 ip router policy create rip export source ripExpSrc ip...

Page 233: ...ASE routes into RIP ip router policy export destination ripExpDst source statExpSrc network all ip router policy export destination ripExpDst source ripExpSrc network all ip router policy export desti...

Page 234: ...14 18 Riverstone Networks RS Switch Router User Guide Release 8 0 OSPF Configuration Examples OSPF Configuration Guide Figure 14 1 Exporting to OSPF...

Page 235: ...h IS maintains its own LSP database To configure the RS to run IS IS you should perform the following tasks Define the area to which the router will belong Configure IS IS interfaces Start IS IS Optio...

Page 236: ...reas On the RS you can set the operating level for the router and on a per interface basis The default level for both the router and its interfaces is Level 1 and 2 You may change the default for eith...

Page 237: ...allows time for more changes to occur before the recalculation To set a router s spf interval enter the following command in Configure mode 15 4 5 Setting the Overload Bit The IS IS protocol provides...

Page 238: ...form adjacencies To specify the authentication method between neighbors enter the following command in Configure mode Authentication Within an Area This level of authentication controls the exchange...

Page 239: ...mands chapter in the Riverstone RS Switch Router Command Line Interface Reference Manual 15 5 1 Setting the Interface Operating Level The default operating level for the router and its interfaces is L...

Page 240: ...zed LSP databases The default csn interval is 10 15 5 3 Setting IS IS Interface Timers The IS IS protocol uses a variety of timers some of which can be modified at the interface level The timers have...

Page 241: ...Note For additional information about the isis show commands their parameters or the fields in the output refer to the Riverstone RS Switch Router Command Line Interface Reference Manual 15 6 1 IS IS...

Page 242: ...ormation IS IS Configuration Guide Figure 15 1 Network overview Area 49 da03 R8 R9 L1 40 16 R2 R1 R3 R4 105 8 L2 L1 L1 L1 L2 21 16 21 16 20 16 100 8 Area 49 da01 R5 C10 R11 R6 R7 Area 49 da02 Area 49...

Page 243: ...formation Figure 15 2 Area 1 detailed view R2 R1 R3 R4 L1 L1 L1 21 16 21 16 20 16 Area 49 da01 20 1 1 2 16 20 1 1 1 16 100 1 1 1 8 21 1 1 1 16 21 1 1 2 16 24 1 1 1 16 21 1 1 3 16 25 1 1 1 16 L2 100 8...

Page 244: ...IS Configuration Guide Figure 15 3 Area 2 detailed view 105 8 L2 R5 R6 R7 Area 49 da02 L2 L2 115 8 110 8 L1 30 16 L1 31 16 L2 100 8 IS IS Area 2 100 1 1 2 8 hs 5 1 115 1 1 1 8 et 1 8 110 1 1 1 8 et 1...

Page 245: ...elease 8 0 15 11 IS IS Configuration Guide Displaying IS IS Information Figure 15 4 Area 3 detailed view Area 49 da03 R8 R9 L1 40 16 105 8 L2 105 1 1 1 8 et 1 3 et 1 2 40 1 1 2 16 et 1 2 40 1 1 1 16 4...

Page 246: ...Area 4 detailed view The following sections show the configuration for each router within this network Note that explanations in italics precede each command or set of commands C10 R11 Area 49 da04 L2...

Page 247: ...ip 20net address netmask 20 1 1 1 16 port et 1 2 3 interface create ip 22net address netmask 22 1 1 1 16 port et 1 1 4 interface create ip 100net address netmask 100 1 1 1 8 port hs 5 1 To configure r...

Page 248: ...rt et 1 1 4 interface create ip 21net address netmask 21 1 1 1 16 vlan 21netvlan 5 interface create ip 20net address netmask 20 1 1 2 16 port et 1 2 To configure router R2 s area 6 isis add area 49 da...

Page 249: ...e ip 21net address netmask 21 1 1 2 16 port et 1 3 2 interface create ip 24net address netmask 24 1 1 1 16 port et 1 1 To configure router R3 s area 3 isis add area 49 da01 To enable IS IS on each int...

Page 250: ...21net address netmask 21 1 1 3 16 port et 1 4 2 interface create ip 25net address netmask 25 1 1 1 16 port et 1 1 To configure router R4 s area 3 isis add area 49 da01 To enables IS IS on each interf...

Page 251: ...r global set router id 30 1 1 1 8 ip router global set autonomous system 64977 9 ip add route 100 100 100 100 interface 35net 10 bgp create peer group bgpfeed type external autonomous system 64901 11...

Page 252: ...6 port et 1 2 To configure an OSPF interface for the backbone area 4 ospf create area backbone 5 ospf add interface 31net to area backbone To starts OSPF 6 ospf start To configure the IS IS area of ro...

Page 253: ...Last modified from Console on 2000 07 06 09 33 34 To configure IP interfaces 1 interface create ip 40net address netmask 40 1 1 1 16 port et 1 2 2 interface create ip 41net address netmask 41 1 1 1 16...

Page 254: ...0net address netmask 40 1 1 2 16 port et 1 2 2 interface create ip 42net address netmask 42 1 1 1 16 port et 1 1 To configure the IS IS area of router R9 3 isis add area 49 da03 To enable IS IS on eac...

Page 255: ...ce udp small servers no service tcp small servers hostname Router clns routing interface Serial0 0 ip address 52 1 1 1 255 255 0 0 ip router isis 49 0004 encapsulation ppp no keepalive no peer default...

Page 256: ...level 1 interface Ethernet1 2 ip address 111 1 1 2 255 0 0 0 ip router isis 49 0004 isis circuit type level 2 only isis priority 10 level 1 interface Ethernet1 3 no ip address shutdown interface Ether...

Page 257: ...ce create ip 52net address netmask 52 1 1 2 16 port se 4 3 3 interface create ip 51net address netmask 51 1 1 2 16 port et 1 2 4 interface add ip en0 address netmask 10 50 3 11 16 To configure the IS...

Page 258: ...15 24 Riverstone Networks RS Switch Router User Guide Release 8 0 Displaying IS IS Information IS IS Configuration Guide...

Page 259: ...rtrays to other ASs what routing destinations are reachable by way of it In an environment where using static routes is not feasible BGP is often the best choice for an AS AS routing protocol BGP prev...

Page 260: ...up Adding a BGP peer host Starting BGP Using AS path regular expressions Using AS path prepend Creating BGP confederations Creating community lists Using route maps Using BGP accounting 16 2 1 Setting...

Page 261: ...ng Is a group ID which can be a number or a character string type Specifies the type of BGP group you are adding You can specify one of the following external In the classic external BGP group full po...

Page 262: ...S path regular expression is a regular expression where the alphabet is the set of AS numbers from 1 through 65535 The following wildcards and operators can be used to build a regular expression quota...

Page 263: ...irst command creates an AS path regular expression with the identifer mciAspath to match AS paths that include AS 3561 The next two commands specify the AS path regular expression identifier to match...

Page 264: ...ut in the route advertisement is controlled by the as count option of the bgp set peer host command The following is an example Notes on Using the AS Path Prepend Feature Use the as count option for e...

Page 265: ...federation the externally visible AS number as well as the number of its sub AS In Figure 16 1 a BGP confederation with the AS number 64801 consists of sub AS s 100 101 102 and 103 BGP routers outside...

Page 266: ...and can be used as a way of filtering BGP routes To create and define community lists on an RS enter the following commands in Configure mode The community string is in the form AS identifier communi...

Page 267: ...p where the keyword deny is explicitly specified in this case the route will not be imported exported or redistributed Note For route maps to take effect the RS must be selecting BGP for the route Mak...

Page 268: ...ate a route map you specify a route map identifier You can create multiple conditions with the same identifier The sequence number in the route map definition specifies the order of a particular condi...

Page 269: ...ified and accounted for on a per customer basis You can also choose to count route specific traffic according to Differentiated Services Code Point DSCP values previously known as Type of Service valu...

Page 270: ...g statistics for the service levels DSCP values of specific traffic routes To start collecting BGP traffic statistics for specific traffic routes Refer to Section 16 3 11 BGP Accounting Examples to se...

Page 271: ...agnostic mode command 16 3 BGP CONFIGURATION EXAMPLES This section presents sample configurations illustrating BGP features The following features are demonstrated BGP peering Internal BGP IBGP Extern...

Page 272: ...ate messages containing the BGP routing table can be sent between peers BGP does not require a periodic refresh of the entire BGP routing table between peers Only incremental routing changes are excha...

Page 273: ...mask 10 0 0 1 16 port et 1 1 Set the AS of the router ip router global set autonomous system 1 Set the router ID ip router global set router id 10 0 0 1 Create EBGP peer group pg1w2 for peering with A...

Page 274: ...rred to as a multihomed AS A multihomed AS can transit traffic between two ASs by advertising to one AS routes that it learned from the other AS To successfully provide transit services all EBGP speak...

Page 275: ...ing group will determine the immediate next hops for routes by using the next hop received with a route from a peer as a forwarding address and using this to look up an immediate next hop in an IGP s...

Page 276: ...essary because we want CISCO to peer with our loopback address This will make sure that the loopback address gets announced into OSPF domain ospf add stub host 172 23 1 26 to area backbone cost 1 ospf...

Page 277: ...rs Some additional configuration is required to indicate that the external peers are not physically attached This sample configuration shows External BGP peers R1 and R4 which are not connected to the...

Page 278: ...128 2 group ebgp_multihop Specify the multihop option which indicates EBGP multihop bgp set peer host 18 122 128 2 group ebgp_multihop multihop autonomoussystem 64800 routerid 0 0 0 1 bgp yes traceopt...

Page 279: ...122 0 0 masklen 16 gateway 17 122 128 4 interface create ip to R2 address netmask 17 122 128 4 16 port et 4 2 interface create ip to R4 address netmask 18 122 128 4 16 port et 4 4 ip add route 16 122...

Page 280: ...unity attribute Community is specified as one of the parameters in the optional attributes list option of the ip router policy create command Figure 16 5 shows a BGP configuration where the specific c...

Page 281: ...unity AS 64902 R11 172 26 1 2 16 172 25 1 2 16 192 168 20 2 16 172 25 1 1 16 1 1 R13 1 6 R10 192 169 20 1 16 192 169 20 2 16 100 200 13 1 24 10 200 15 1 24 1 6 R14 AS 64901 AS 64900 AS 64899 1 6 1 1 1...

Page 282: ...ibute found in the BGP update If multiple communities are specified in the optional attributes list option only updates carrying all of the specified communities will be matched If well known communit...

Page 283: ...901color1 and sequence number 1 ip router policy create bgp import source 901color1 optional attributes list color1 autonomous system 64900 sequence number 1 ip router policy create bgp import source...

Page 284: ...s list color2 community id 155 autonomous system 64902 ip router policy create bgp import source 902color1 optional attributes list color1 autonomous system 64899 sequence number 1 ip router policy cr...

Page 285: ...licy create bgp export destination 900to899dest autonomous system 64899 optional attributes list color1 ip router policy create bgp export destination 900to901dest autonomous system 64901 optional att...

Page 286: ...ity indicating the routes associated with this attribute must not be advertised to external BGP peers This includes peers in other members autonomous systems inside a BGP confederation A packet can be...

Page 287: ...al preference to reflect ROSRD s own internal preference for the route as given by the global protocol preference value Note that in this case local preference is a function of the ROSRD preference an...

Page 288: ...ing the local pref and the set pref options AS 64900 Physical Link Legend Peering Relationship AS 64901 R10 Information Flow 10 200 12 1 24 10 200 13 1 24 10 200 14 1 24 10 200 15 1 24 192 169 20 1 16...

Page 289: ...n 254 When operating a mixed network of this type you should make sure that all routers are restricted to sending Local_Pref values in the range metric to 254 In router R12 s CLI configuration file th...

Page 290: ...gh enough to avoid conflicts between BGP routes and IGP or static routes 16 3 6 Multi Exit Discriminator Attribute Example Multi Exit Discriminator MED is a BGP attribute that affects the route select...

Page 291: ...a simple EBGP configuration in which one peer is exporting an aggregated route to its upstream peer and restricting the advertisement of contributing routes to the same peer The aggregated route is 21...

Page 292: ...of the route reflector that are not part of the cluster are non clients The RS supports client peers as well as non client peers of a route reflector interface add ip xleapnl address netmask 212 19 19...

Page 293: ...eflector for the first cluster and router R11 is the route reflector for the second cluster Router R10 has router R9 as a client peer and router R11 as a non client peer The following line in router R...

Page 294: ...in AS64902 as shown below bgp set peer group rtr11 reflector client Route Table FIB of Router 8 rtr 8 ip show routes Destination Gateway Owner Netif 10 50 0 0 16 directly connected en 127 0 0 0 8 127...

Page 295: ...to identify all reflectors serving the cluster using the clusterid option Gratuitous use of multiple redundant reflectors is not advised since it can lead to an increase in the memory required to stor...

Page 296: ...set peer host 172 16 220 2 route map in 1 group ebgp bgp set peer group rtr10 confederation bgp set peer group ebgp bgp start route map 1 permit 1 set metric 50 set local preference 1000 set community...

Page 297: ...72 16 223 1 group rtr10 bgp add peer host 172 16 224 2 group rtr12 bgp set peer group rtr12 confederation bgp set peer group rtr10 confederation bgp set peer host 172 16 223 1 group rtr10 multihop bgp...

Page 298: ...1 group rtr12 bgp start ip router global set autonomous system 64901 ip router global set router id 134 141 178 48 ip router policy create bgp export destination rtr9 autonomous system 64705 ip router...

Page 299: ...ed through routers in the confederation The peer group configuration must include the multihop parameter so that the next hop value is passed through the routers In the above BGP confederation example...

Page 300: ...unting see Section 16 3 11 BGP Accounting Examples for more information Figure 16 12Sample BGP configuration route map Router R2 has the following CLI configuration ip router global set autonomous sys...

Page 301: ...route map to the BGP group or peer Enable BGP accounting on the interface with the ip enable bgp actg on command then start accounting with the ip bgp accounting start command EBGP Accounting Example...

Page 302: ...g To see the BGP accounting information Note For BGP accounting to take effect the RS must be selecting BGP for the route Make sure that the preference for BGP is set lower than the preference of othe...

Page 303: ...16 The customer is connected to router R1 through the interface customerA The route to 14 1 0 0 16 is a direct route on router R2 and is learned by R1 which sets the traffic index to 1 Figure 16 13Sam...

Page 304: ...gp set peer group ibgp route map in 1 bgp set preference 99 bgp start ip router policy create community list list1 11 11 route map 1 permit 1 match community list list1 set traffic index 1 arp add 12...

Page 305: ...gp accounting start dscp accounting command to start the collection of statistics Figure 16 14 shows a simple BGP configuration in which routes received on R2 for the networks 15 4 0 0 16 15 5 0 0 16...

Page 306: ...r host 15 2 1 3 group tored bgp set preference 99 bgp start ip router global set autonomous system 65100 route map 1 permit 1 match prefix network 15 4 0 0 16 set traffic index 10 route map 1 permit 2...

Page 307: ...nterface int1 Bucket DSCP Packets Bytes 10 1 239376 15320064 10 2 239201 15308864 10 3 239001 15296064 10 4 238801 15283264 10 5 238601 15270464 10 6 238401 15257664 10 7 238597 15270208 10 8 238401 1...

Page 308: ...16 50 Riverstone Networks RS Switch Router User Guide Release 8 0 BGP Configuration Examples BGP Configuration Guide...

Page 309: ...rds See your Riverstone representative for specific part numbers and applicable RS platforms This chapter contains the following sections For an overview of MPLS concepts and terminology and the MPLS...

Page 310: ...e at the first router in the path the ingress label switching router LSR Only the ingress LSR1 in the path needs to analyze the layer 3 header information If the destination address in the incoming pa...

Page 311: ...set Figure 17 3 MPLS label stack Forwarding decisions are always based on the top label in the stack By examining the top label of an incoming packet each LSR in the LSP determines the following The...

Page 312: ...el When it is the only label entry i e there is no label stacking it indicates that the label is popped upon receipt For example if the LSP is for IPv4 traffic only the egress router can signal the pe...

Page 313: ...not have the same value The label distribution protocol used determines whether the label bindings are assigned on a per interface or per router basis See Label Distribution Protocols for more informa...

Page 314: ...S networks as described in Section 17 6 Configuring L2 Tunnels For more information about configuring LDP on the RS see Section 17 4 LDP Configuration Resource reservation protocol RSVP is a protocol...

Page 315: ...r look at the next label in the stack or if there is no other label in the stack look up the packet s destination address to forward it By having the penultimate LSR pop the label stack there is only...

Page 316: ...unidirectional In most cases it is desirable to have two MPLS LSPs one going in each direction to form a logical pipe for the flow of data 17 1 6 MPLS Table Information This section describes the vari...

Page 317: ...he CAM by port and index number Table Lookups at Ingress LSRs On ingress LSRs incoming packets must be classified into FECs in order to put MPLS labels on the packets The RS performs OTT lookups to tr...

Page 318: ...8 0 MPLS Architecture Overview MPLS Configuration the END_OF_TUNNEL label is the only label on the label stack the ILM entry indicates that this node is at the end of the outermost MPLS domain the exp...

Page 319: ...itiate backup paths or retry the initial path Note For both RSVP and LDP you must configure the router identifier on the LSR with the ip router global set router id command The following CLI commands...

Page 320: ...nd started You can optionally configure LDP using other ldp commands before starting LDP For more information about configuring LDP see Section 17 4 LDP Configuration You cannot enable both RSVP and L...

Page 321: ...ast routing protocols the routing protocols determine where packets are forwarded while the RSVP process consults local routing tables to obtain routes Note RSVP on the RS supports dynamic signaling f...

Page 322: ...ResvTear messages are sent by the data flow receiver Figure 17 7 illustrates the flow of RSVP Path and Resv messages Figure 17 7 RSVP Path and Resv messages With RSVP the potential receiver of a data...

Page 323: ...h refresh path refresh interval path multiplier 30 seconds 3 rsvp set global path refresh interval rsvp set global path multiplier Reservation refresh reservation refresh interval reservation multipli...

Page 324: ...sh interval parameter specifies the interval at which RSVP sends out Resv messages to the upstream neighbor The default value is 30 seconds You can specify a path multiplier parameter value between 1...

Page 325: ...for node or link failure detection is not adversely impacted 17 3 4 Authentication RSVP messages can be authenticated to prevent unauthorized nodes from setting up reservations On the RS RSVP authenti...

Page 326: ...ted transmitted received and processed for each refresh period Supporting a large number of RSVP sessions presents a scaling problem as the resources required for processing these messages increase pr...

Page 327: ...sions on the interface int2 Summary refresh is used to refresh Path and Resv states without transmitting standard Path or Resv messages Summary refresh is the periodic transmittal of a list of the mes...

Page 328: ...an display on the RS and the CLI commands that you use to display the information rsvp set global msgack interval 3 Table 17 4 RSVP session information To see this information Use this command RSVP gl...

Page 329: ...uter and all ingress routers LDP can be enabled on all router interfaces or on specific router interfaces as described in Section 17 2 Enabling and Starting MPLS on the RS The following configuration...

Page 330: ...e its neighbor R2 can set a hold time of 20 seconds Once an LDP session is established LDP keepalive packets are used to monitor the status of the session On the RS keepalive packets are sent at 10 se...

Page 331: ...remote LDP peer with the ldp set remote peer command takes precedence The ldp set interface all keepalive timeout command sets the keepalive timeout for all LDP peers including remote peers Setting t...

Page 332: ...sts that an upstream LSR can send to a downstream LSR If an upstream LSR does not have label binding information for a specific FEC it will route packets based on information in the IP routing table H...

Page 333: ...2 appears in router rs1 s LDP database but it is marked as Filtered shown in boldface in the example and is therefore not considered on rs1 for LSP establishment rs1 config ldp add import filter mappi...

Page 334: ...e information rs config ldp add prefix filter 101serv network 10 10 10 101 32 host net rs config ldp add export filter request restrict prefix filter 101serv neighbor 1 1 1 1 sequence 1 rs config ldp...

Page 335: ...detailed example of how to configure a static path on an RS router see Section L3 Static Path Configuration Example Ingress LSR Configuration Use the mpls create static path and mpls set static path c...

Page 336: ...the label stack normally this would be the only label in the stack For example the following command on a PHP LSR looks at packets arriving on the interface MPLS R3IN Packets that have a label value o...

Page 337: ...OUT address netmask 10 1 1 1 16 port gi 1 1 Enable MPLS on the router interfaces mpls add interface MPLS R1OUT Create a policy to filter traffic to 50 1 0 0 16 mpls create policy POL1 dst ipaddr mask...

Page 338: ...path including IGP shortcuts See Section 17 7 3 IGP Shortcuts You can use the mpls show static paths command to display the MPLS static path information On router R1 the following is displayed for th...

Page 339: ...e ingress router only The ingress router sends RSVP signaling information to other LSRs in the path in order to establish and maintain the LSP Labels are dynamically assigned on the LSRs There are two...

Page 340: ...some or all transit LSRs in the path For each transit LSR you specified you designate whether the route from the previous router to this router is direct and cannot include other routers strict route...

Page 341: ...it path level apply only to that path If you configure the same parameter at both the LSP and the explicit path level the explicit path configuration takes precedence Table 17 7 shows the parameters t...

Page 342: ...P does not use constrained shortest path first CSPF algorithm This parameter must be specified for explicit path LSPs See Disabling CSPF X X no decrement ttl TTL field of IP packet is decremented only...

Page 343: ...fy a bandwidth transit routers will reserve outbound link capacity for the LSP LSP setup may fail if there is a failure in bandwidth reservation CoS Value A class of service CoS value places traffic i...

Page 344: ...he whole LSP appear as one hop The no decrement ttl parameter can be applied to RSVP signaled LSPs only Note that the MPLS label has its own TTL that is decremented by 1 for each hop in the LSP When t...

Page 345: ...nation IP addresses and netmask values source destination MAC addresses VLAN ID 802 1p priority and protocol type You can then apply the policy to an LSP Only the labeled packets that meet the require...

Page 346: ...ignaling protocol used LDP can also be used as traffic engineering is not being utilized Additionally a dynamic LSP will be configured from RS router R5 to the router JN1 and another from R6 to R7 The...

Page 347: ...bone ospf start Enable MPLS on all interfaces mpls add interface all Create explicit path 57 primary path to 100 1 1 1 mpls create path 57 Create explicit path 567 with 3 hops secondary path to 100 1...

Page 348: ...nterface all to area backbone ospf start Enable MPLS on all interfaces mpls add interface all Create dynamic LSP L3 to egress router 100 1 1 1 mpls create label switched path L3 to 100 1 1 1 adaptive...

Page 349: ...LSP while only traffic to the 160 10 0 0 16 network is forwarded on the static LSP traffic filtering is performed by defining and applying different policies to the LSPs Timesaver Click on the router...

Page 350: ...dr mask 160 10 0 0 16 Create dynamic LSP Create primary path dp1 mpls create path dp1 num hops 4 mpls set path dp1 hop 1 ip addr 200 135 89 73 type strict mpls set path dp1 hop 2 ip addr 201 135 89 76...

Page 351: ...ea backbone cost 10 ospf add interface R2R3 to area backbone ospf start Configure static LSP mpls set interface R2R1 label map 70 pop pop count 3 next hop 16 128 11 7 Start MPLS and RSVP mpls start rs...

Page 352: ...ackbone ospf add interface R4R1 to area backbone ospf add stub host 4 4 4 4 to area backbone cost 10 ospf add interface R4R5 to area backbone ospf start Start MPLS and RSVP mpls start rsvp start Confi...

Page 353: ...rom State LabelIn LabelOut d1 3 3 3 3 1 1 1 1 Up 17 R1 mpls show label switched paths d1 verbose Label Switched Path d1 to 3 3 3 32 from 1 1 1 1 state Up lsp id 0x9 proto rsvp protection primary setup...

Page 354: ...1 explicit path dp2l num hops 2 200 135 89 4 loose 16 128 11 7 loose 2001 04 06 16 13 24 MPLS I LSPPATHSWITCH LSP d1 switching to Secondary Path dp2l R1 mpls show label switched paths d1 verbose Labe...

Page 355: ...ths attributes Path Signalling Parameters attributes STANDBY ADAPTIVE NO CSPF inherited attributes retry limit 5000 retry int 3 sec retry count 5000 next_retry_int 600 sec bps 20000000 preference 7 ho...

Page 356: ...ess route flaps In Figure 17 11 R7 in AS 63498 and R9 in AS 65498 are running BGP BGP traffic between R7 and R9 is routed through AS 64498 where OSPF is running as the IGP Routers R3 and R6 are LSRs r...

Page 357: ...s in AS 64498 The following is the configuration for R7 Configure interfaces interface create ip rt7 rt3 address netmask 137 1 1 7 24 port et 1 1 interface create ip rt7 rt3 mp address netmask 137 2 2...

Page 358: ...te from proto bgp source as 63498 to proto bgp target as 64498 ip router policy redistribute from proto direct to proto bgp target as 64498 bgp create peer group to rt6 type routing autonomous system...

Page 359: ...ip rt1 rt6 mp2 address netmask 116 3 3 1 24 port gi 3 1 interface add ip lo0 address netmask 1 1 1 1 32 Configure OSPF ip router global set router id 1 1 1 1 ospf create area backbone ospf add stub ho...

Page 360: ...ress as next hop in BGP route advertisements bgp start Configure OSPF ospf create area backbone ospf add stub host 6 6 6 6 to area backbone cost 10 ospf add interface rt6 rt1 mp2 to area backbone ospf...

Page 361: ...e the LSP dynamic3ATT will carry traffic belonging to AT T subscribers The third LSP dynamic1MSO will be used by the MSO to assign IP addresses to subscriber s end devices and to provision cable modem...

Page 362: ...ess netmask 1 1 1 1 16 interface add ip cmts address netmask 160 10 1 1 16 interface add ip cmts address netmask 160 12 1 1 16 Configure OSPF ip router global set router id 1 1 1 1 ip router global se...

Page 363: ...0 11 0 0 16 mpls set label switched path dynamic2AOL primary dp1 mpls set label switched path dynamic2AOL policy AOL11 Start MPLS mpls start Configure RSVP rsvp add interface R1toR2 rsvp start ip help...

Page 364: ...e ospf start Configure MPLS mpls add interface R3toR2 Create explicit path dp 1 2 mpls create path dp1 2 num hops 3 mpls set path dp1 2 hop 1 ip addr 220 1 1 1 type strict mpls set path dp1 2 hop 2 ip...

Page 365: ...support the shared network environment for the Internet Software Consortium ISC mpls set label switched path dynamic2 2AOL primary dp1 2 mpls set label switched path dynamic2 2AOL policy AOL11 2 Crea...

Page 366: ...hysical network will then obtain a lease from either scope on a round robin basis as long as the client does not have a reservation or previous lease information 1 Create a second scope that you want...

Page 367: ...l Switched Paths 2 Open the properties for the scope 3 Click the Advanced tab 4 Select the Make this scope a secondary check box 5 In the Primary scope field select the scope that you want to designat...

Page 368: ...or VLAN specific virtual circuits can be bundled into a small number of L2 tunnels that run through the backbone Traffic on each virtual circuit is isolated from each other with the same level of secu...

Page 369: ...configure the next hop MAC address and one or more label values to be added pushed onto the top of the label stack 3 Use the mpls set l2 static path command to apply the L2 policy to the L2 static pat...

Page 370: ...a static L2 LSP the egress LSR removes pops the label value at the top of the label stack and then forwards the packet to its final destination Use the mpls set portlist command to configure the stati...

Page 371: ...R3 next hop mac 000285 057900 push 100 mpls set l2 static path TO R3 policy P1 Configure egress LER for L2 static path TO R1 mpls set portlist in port list gi 3 1 end of l2 tunnel label 201 Start MPLS...

Page 372: ...TO R1 mpls create l2 policy P2 src mac any dst mac 000000 01e000 vlan 1 in port list gi 7 1 out port list gi 6 1 mpls create l2 static path TO R1 next hop mac 000285 057900 push 101 mpls set l2 stati...

Page 373: ...he reverse direction to provide bidirectional operation You must configure the same VC identifiers for example VLAN IDs for each direction of a virtual circuit Figure 17 15 Transport of layer 2 frames...

Page 374: ...service provider incoming port incoming port and the customer specific VLAN ID assigned by the customer This section includes example configurations for each type of FEC to label binding Ingress and...

Page 375: ...th the vlan make trunk port command 4 Configure the tunnel LSP If you are using RSVP for signaling in the tunnel LSP use mpls commands as described in Section 17 5 Configuring L3 Label Switched Paths...

Page 376: ...gnaling protocol configuration commands for both LDP and RSVP signaling are shown Timesaver Click on the router name in blue to see the corresponding configuration Figure 17 16 Tunneling of multiple v...

Page 377: ...s add interface to_r2_1 mpls start rsvp add interface to_r2_1 rsvp start If tunnel LSP uses LDP mpls add interface to_r2_1 mpls start ldp add interface to_r2_1 ldp start Configure IGP in this example...

Page 378: ...d interface all to area backbone ospf add stub host 111 1 1 2 to area backbone cost 5 ospf start Configure router loopback interface add ip lo0 address netmask 111 1 1 3 32 Make gi 3 2 a trunk port vl...

Page 379: ...ddress netmask 220 1 1 2 16 vlan ldp_in1 If tunnel LSP uses RSVP mpls add interface to_r2 mpls start rsvp add interface to_r2 rsvp start If tunnel LSP uses LDP mpls add interface to_r2 mpls start ldp...

Page 380: ...e to see the corresponding configuration Figure 17 17 Tunneling of virtual circuits based on VLAN ID RSVP tunnel Two LSPs are configured on R1 The LSP from R1 to R5 is configured with a strict explici...

Page 381: ...ports gi 4 1 to ldp_in vlan add ports gi 6 1 gi 2 2 gi 4 1 to cust1 vlan add ports gi 3 1 gi 4 1 to cust2 interface create ip to_rs2 address netmask 200 1 1 1 16 vlan ldp_in LDP signaling VLAN to R2 i...

Page 382: ...rval 5 preference 30 Start MPLS mpls start Configure RSVP rsvp add interface to_rs2 rsvp add interface to_rs6 rsvp start Configure LDP ldp add interface lo0 ldp add remote peer 111 1 1 3 adds R3 as LD...

Page 383: ...te ldp_if1 id 120 vlan create ip_ldp port based id 175 vlan create cust1 port based id 100 vlan create cust2 ip id 200 vlan create to_rs1_only ip id 50 vlan add ports gi 12 2 to ip_ldp vlan add ports...

Page 384: ...apping to R1 ldp add l2 fec vlan 200 to peer 111 1 1 1 send VLAN 200 mapping to R1 ldp add remote peer 111 1 1 1 adds R1 as LDP peer ldp add remote peer 111 1 1 5 adds R5 as LDP peer ldp add l2 fec vl...

Page 385: ...40 vlan create cust2 ip id 200 vlan add ports gi 12 1 gi 13 2 to cust1 vlan add ports gi 13 2 to ldp_in1 vlan add ports gi 13 1 to to_rs4_vlan vlan add ports gi 13 1 to cust1 vlan add ports gi 6 1 to...

Page 386: ...o R1 mpls create path to_rs1_primary num hops 2 mpls set path to_rs1_primary ip addr 220 1 1 2 type loose hop 1 mpls set path to_rs1_primary ip addr 201 1 1 1 type loose hop 2 Create tunnel LSP to R1...

Page 387: ...apping to R1 ldp add l2 fec vlan 200 to peer 111 1 1 1 send VLAN 200 mapping to R1 ldp start Configure interfaces to R1 and R5 vlan create ip_signal ip id 12 vlan add ports gi 4 1 gi 5 1 to ip_signal...

Page 388: ...n Timesaver Click on the router name in blue to see the corresponding configuration Figure 17 18 Tunneling of multiple virtual circuits based on ports untagged frames The following is the configuratio...

Page 389: ...f add stub host 111 1 1 1 to area backbone cost 5 ospf add interface to_r2_1 to area backbone ospf start Configure router loopback interface add ip lo0 address netmask 111 1 1 2 32 Configure VLANs and...

Page 390: ...rt that does not send out 802 1q tagged frames vlan make trunk port gi 3 2 untagged Configure LDP peers and label bindings ldp add interface lo0 ldp add remote peer 111 1 1 1 adds R1 as LDP peer ldp m...

Page 391: ...tunnel LSP uses LDP mpls add interface to_r2 mpls start ldp add interface to_r2 ldp start Configure IGP in this example OSPF is the IGP ip router global set router id 111 1 1 3 ospf create area backbo...

Page 392: ...l signaling are shown for this example Note The ports that are mapped to a single customer ID number must be either all trunk ports or all access ports The example shows configurations for transportin...

Page 393: ...o0 address netmask 111 1 1 1 32 Configure OSPF ip router global set router id 111 1 1 1 ospf create area backbone ospf add stub host 111 1 1 1 to area backbone cost 5 ospf add interface to_rs2_1 to ar...

Page 394: ...ustomer id 10 to peer 111 1 1 3 send customer id 10 to R3 ldp add l2 fec customer id 10 to peer 111 1 1 5 send customer id 10 to R5 ldp add remote peer 111 1 1 5 adds R5 as LDP peer ldp start Configur...

Page 395: ...l set router id 111 1 1 3 ospf create area backbone ospf add stub host 111 1 1 3 to area backbone cost 5 ospf add interface to_rs2 to area backbone ospf add interface to_rs4 to area backbone ospf add...

Page 396: ...interface create ip to_rs3 address netmask 110 1 1 2 16 port gi 3 1 interface create ip to_rs5 address netmask 100 1 1 2 16 vlan rsvp_vlan1 interface add ip lo0 address netmask 111 1 1 4 32 Configure...

Page 397: ...1 mpls set path to_rs3_secondary ip addr 220 1 1 1 type strict hop 2 mpls set path to_rs3_secondary ip addr 201 1 1 1 type strict hop 3 mpls set path to_rs3_secondary ip addr 200 1 1 2 type strict hop...

Page 398: ...s LDP peer ldp add l2 fec customer id 10 to peer 111 1 1 3 send customer id mapping to R3 ldp start Configure interfaces to R1 and R5 vlan create ip_signal ip id 12 vlan add ports gi 4 1 gi 5 1 to ip_...

Page 399: ...tion commands for both LDP and RSVP tunnel signaling are shown Timesaver Click on the router name in blue to see the corresponding configuration Figure 17 20 Tunneling of multiple virtual circuits bas...

Page 400: ..._r2_1 address netmask 200 1 1 1 16 vlan ldp_in If tunnel LSP uses RSVP mpls add interface to_r2_1 mpls start rsvp add interface to_r2_1 rsvp start If tunnel LSP uses LDP mpls add interface to_r2_1 mpl...

Page 401: ...ldp start Configure IGP in this example OSPF is the IGP ip router global set router id 111 1 1 2 ospf create area backbone ospf add interface all to area backbone ospf add stub host 111 1 1 2 to area...

Page 402: ...1 sends label mapping for customer id 10 VLAN 200 to R1 ldp start Create the LDP signaling VLAN and interface vlan create ldp_in1 port based id 120 vlan add ports gi 3 2 to ldp_in1 interface create i...

Page 403: ...ling of virtual circuits based on VLAN ID and port RSVP tunnel Two LSPs are configured on R1 The LSP from R1 to R5 is configured with a strict explicit path of 3 hops R1 R6 R5 and is restricted to tra...

Page 404: ...p1 to R3 mpls create path p1 num hops 2 mpls set path p1 ip addr 200 1 1 1 type loose hop 1 mpls set path p1 ip addr 210 1 1 2 type loose hop 2 Configure explicit path to R5 mpls create path to_rs5_p...

Page 405: ...r 111 1 1 5 sends label mapping for customer id 20 VLAN 60 to R5 ldp start Configure VLANs and interfaces vlan create ldp_in1 port based id 110 vlan create ip_ldp ip id 175 vlan add ports gi 14 1 to l...

Page 406: ...Configure OSPF ip router global set router id 111 1 1 3 ospf create area backbone ospf add stub host 111 1 1 3 to area backbone cost 5 ospf add interface to_rs2 to area backbone ospf add interface to_...

Page 407: ...2 16 vlan rsvp_vlan1 interface add ip lo0 address netmask 111 1 1 4 32 Configure OSPF ip router global set router id 111 1 1 4 ospf create area backbone ospf add interface all to area backbone ospf ad...

Page 408: ...hop 3 mpls set path to_rs3_secondary ip addr 200 1 1 2 type strict hop 4 mpls set path to_rs3_secondary ip addr 210 1 1 2 type strict hop 5 Create explicit path to_rs1_primary to R1 mpls create path t...

Page 409: ...Configure VLANs and interfaces vlan create ip_signal ip id 12 vlan add ports gi 4 1 gi 5 1 to ip_signal interface create ip to_rs1 address netmask 201 1 1 2 16 port gi 4 2 interface create ip to_rs5...

Page 410: ...ath LSPs You can use administrative groups to Apply the same policies to a set of resources that are not necessarily in the same topological area Specify the relative preference of a set of resources...

Page 411: ...3 Specify administrative groups to be included or excluded from an LSP computation To include or exclude groups for an LSP use the mpls create label switched path command For example To include or exc...

Page 412: ...eliver the path information to each LSR in the LSP The CSPF algorithm takes into account link state and network state information from the TED as well as the following LSP attributes bandwidth hops ad...

Page 413: ...es where the administrative group SKY is applied Timesaver Click on the router name in blue to see the corresponding configuration Figure 17 22 Constrained path selection by administrative group The f...

Page 414: ...dress netmask 201 135 89 197 26 port gi 4 1 interface add ip lo0 address netmask 2 2 2 2 16 Configure OSPF ip router global set router id 2 2 2 2 ospf create area backbone ospf add stub host 2 2 2 2 t...

Page 415: ...3 16 Configure OSPF ip router global set router id 3 3 3 3 ospf create area backbone ospf add stub host 3 3 3 3 to area backbone cost 10 ospf add interface R3R2 to area backbone ospf set traffic engin...

Page 416: ...ed on the routers R1 mpls show label switched paths LSP1 verbose Label Switched Path LSP1 to 3 3 3 3 from 1 1 1 1 state Up lsp id 0x8 proto rsvp protection none setup pri 7 hold pri 0 attributes Path...

Page 417: ...figuration Figure 17 23 Traffic engineering with IS IS Note For simplicity the configurations shown in this section are for unidirectional LSPs from R1 to R4 In most cases you would also need to confi...

Page 418: ...l switched path LSP2 from 113 113 113 113 to 124 124 124 124 mpls set label switched path LSP1 include red mpls set label switched path LSP2 include green bps 8000000 mpls create policy to 53 net dst...

Page 419: ...o R5 level 1 isis set interface to R5 key chain test1 authentication method md5 isis set traffic engineering enable isis set interface to R1 level 1 isis start Configure MPLS mpls add interface all mp...

Page 420: ...id 15 1515 1515 15 isis set interface to R4 level 1 isis set level 1 and 2 isis set interface to R5 level 1 isis set interface to R2 level 1 isis set area key chain test1 authentication method md5 isi...

Page 421: ...tication create key chain test1 key ed301c4c0a9b1171 type primary id 255 keyisencrypted isis add area 53 da05 isis add interface lo0 isis add interface to R3 isis set system id 24 2424 2424 24 isis se...

Page 422: ...terface to R2 isis add interface to R3 isis set level 1 isis set system id 26 2626 2626 26 isis set interface to R2 level 1 isis set interface to R3 level 1 isis set area key chain test1 authenticatio...

Page 423: ...int 0 000000 sec bps 0 preference 7 hop limit 255 opt int 600 sec ott index 3 ref count 1 mtu 0 cspf path num hops 4 153 1 1 13 strict 153 1 1 12 strict 192 1 1 15 strict 185 1 1 24 strict include red...

Page 424: ...ystem State Level Hold s SNPA Priority to R2 R2 up L1 9 802 2 0 0 0 a3 62 61 100 R1 isis show ted TED database NodeID R2 12 12 12 12 Age 1099 secs Protocol IS IS 1 To 1212 1212 1212 0e Local 186 1 1 1...

Page 425: ...2 1212 1212 00 NodeID 1212 1212 1212 0e00 Age 1076 secs Protocol IS IS 1 To 2626 2626 2626 00 To 1212 1212 1212 00 NodeID R1 113 113 113 113 Age 1092 secs Protocol IS IS 1 To 0000 1717 1717 0a To 1212...

Page 426: ...Mbps 5 100 Mbps 6 100 Mbps 7 100 Mbps NodeID 1515 1515 1515 0600 Age 1074 secs Protocol IS IS 1 To 2626 2626 2626 00 To 1515 1515 1515 00 NodeID 1515 1515 1515 0800 Age 1070 secs Protocol IS IS 1 To 2...

Page 427: ...s can be enabled on a per router basis it is disabled by default When IGP shortcuts are enabled each router maintains a list of IGP shortcuts that originate at the local router and the ID of the route...

Page 428: ...153 1 1 12 ISIS_L1 to R2 53 1 0 0 16 153 1 1 12 ISIS_L1 to R2 55 1 0 0 16 153 1 1 12 ISIS_L1 to R2 92 1 0 0 16 153 1 1 12 ISIS_L1 to R2 95 1 0 0 16 153 1 1 12 ISIS_L1 to R2 96 1 0 0 16 153 1 1 12 ISIS...

Page 429: ...d 78net 92 1 0 0 16 Unnumbered ISIS_L1 LSP1 Unnumbered ISIS_L1 LSP2 95 1 0 0 16 Unnumbered ISIS_L1 LSP1 Unnumbered ISIS_L1 LSP2 96 1 0 0 16 Unnumbered ISIS_L1 LSP1 Unnumbered ISIS_L1 LSP2 97 1 0 0 16...

Page 430: ...there is a bidirectional connection between nodes before using an advertised link Therefore you need to configure two LSPs one in each direction for paths between two LSRs that will be advertised in...

Page 431: ...one remote gateway over another Preference may not be used to control the selection of routes within an Interior Gateway Protocol IGP This is accomplished automatically by the protocol based on metri...

Page 432: ...ved Source autonomous system from which the route was learned AS path associated with a route Besides autonomous system BGP also supports importation of routes using AS path regular expressions and AS...

Page 433: ...ssible to restrict the importation of OSPF ASE routes when functioning as an AS border router Like the other interior protocols preference cannot be used to choose between OSPF ASE routes That is done...

Page 434: ...tocols have a tag of zero In some cases a combination of the associated attributes can be specified to identify the routes to be exported Route Filter This component specifies the individual routes wh...

Page 435: ...cifies that the mask of the destination must match the supplied mask exactly This is used to match a network but no subnets or hosts of that network Refines Specifies that the mask of the destination...

Page 436: ...ome cases a combination of the associated attributes can be specified to identify the routes contributing to an aggregate Route Filter This component specifies the individual routes that are to be agg...

Page 437: ...n was introduced Each key chain has an identifier and can contain up to two keys One key is the primary key and other is the secondary key Outgoing packets use the primary authentication key but incom...

Page 438: ...2 1 Redistributing Static Routes Static routes may be redistributed to another routing protocol such as RIP or OSPF by the following command The network parameter specifies the set of static routes t...

Page 439: ...external routes redistributed into OSPF are referred to as ospf ase routes Examples of ospf ase routes include static routes rip routes direct routes bgp routes or aggregate routes which are redistri...

Page 440: ...routes configured on the router Determine its RIP configuration To redistribute aggregate routes into RIP ip router policy redistribute from proto aggregate to proto rip To redistribute aggregate rout...

Page 441: ...figure default routes to the other subnets reachable through R2 ip add route 202 1 0 0 16 gateway 120 190 1 2 ip add route 160 1 5 0 24 gateway 120 190 1 2 RIP Box Level Configuration rip start rip se...

Page 442: ...etmask 120 190 1 1 16 port et 1 2 interface create ip to r3 address netmask 130 1 1 1 16 port et 1 3 interface create ip to r41 address netmask 140 1 1 1 24 port et 1 4 interface create ip to r42 addr...

Page 443: ...o RIP 18 3 CONFIGURING ADVANCED ROUTING POLICIES Advanced Routing Policies are used for creating complex import export policies that cannot be done using the redistribute command Advanced export polic...

Page 444: ...routes to be distributed Routes that match a filter are considered as eligible for redistribution This can be done using one of two methods Creating a route filter and associating an identifier with...

Page 445: ...is component provides the means to define a filter for the routes to be imported Routes that match a filter are considered as eligible for importation This can be done using one of two methods Creatin...

Page 446: ...re imported The source may be RIP or OSPF To create an import source enter one of the following commands in Configure mode 18 3 6 Creating a Route Filter Route policies are defined by specifying a set...

Page 447: ...pecifying the networks as needed in the ip router policy aggr gen command If you want to create a complex route filter and you intend to use that route filter in several aggregates then the first meth...

Page 448: ...importation of RIP routes may be controlled by any of protocol source interface or source gateway If more than one is specified they are processed from most general protocol to most specific gateway R...

Page 449: ...ng Policy Configuration Configuring Advanced Routing Policies Figure 18 1 Exporting to RIP The configuration commands shown below for router R1 Determine the IP address for each interface Specify the...

Page 450: ...rface create ip to r6 address netmask 160 1 1 1 16 port et 1 6 interface create ip to r7 address netmask 170 1 1 1 16 port et 1 7 Configure a default route through 170 1 1 7 ip add route default gatew...

Page 451: ...port Policy importing all routes except the 10 51 0 0 16 route from interface 140 1 1 1 18 3 11 Import Policies Example Importing from OSPF Due to the nature of OSPF only the importation of ASE routes...

Page 452: ...Policies Routing Policy Configuration For all examples in this section refer to the configuration shown in Figure 18 2 Figure 18 2 Exporting to OSPF The following configuration commands for router R1...

Page 453: ...1 24 port et 1 4 interface create ip to r42 address netmask 140 1 2 1 24 port et 1 5 interface create ip to r6 address netmask 140 1 3 1 24 port et 1 6 Configure default routes to the other subnets r...

Page 454: ...policy Just setting a default metric for RIP is not sufficient This is a safeguard to verify that the announcement is intended For all examples in this section refer to the configuration shown in Fig...

Page 455: ...erything that should be exported Since we would also like to export redistribute RIP and direct routes into RIP we would also create export sources for those protocols 3 Create a RIP export source sin...

Page 456: ...r interface 140 1 1 1 2 Create a static export source since we would like to export static routes 3 Create a RIP export source since we would like to export RIP routes 4 Create a Direct export source...

Page 457: ...e we intend to change the rip export policy for interface 140 1 1 1 2 Create a Static export source since we would like to export static routes 3 Create a RIP export source since we would like to expo...

Page 458: ...e source of the routes contributing to the aggregate Since in this case we do not care about the source of the contributing routes we would specify the protocol as all 3 Create the aggregate summarize...

Page 459: ...f OSPF ASE routes type 1 and type 2 The default type is specified by the ospf set ase defaults type 1 2 command This may be overridden by a specification in the ip router policy create ospf export des...

Page 460: ...te the various IP interfaces interface create ip to r2 address netmask 120 190 1 1 16 port et 1 2 interface create ip to r3 address netmask 130 1 1 1 16 port et 1 3 interface create ip to r41 address...

Page 461: ...P In the configuration shown in Figure 18 2 suppose we decide to run RIP Version 2 on network 120 190 0 0 16 connecting routers R1 and R2 We would like to redistribute these RIP routes as OSPF type 2...

Page 462: ...tag of 100 5 Create a RIP export source 6 Create a Static export source rip add interface 120 190 1 1 rip set interface 120 190 1 1 version 2 type multicast ip router policy create ospf export destina...

Page 463: ...rce directExpSrc network all ip router policy export destination ospfExpDstType2 source statExpSrc network all ip router policy export destination ospfExpDstType2t100 source ripExpSrc network all ip r...

Page 464: ...18 34 Riverstone Networks RS Switch Router User Guide Release 8 0 Configuring Advanced Routing Policies Routing Policy Configuration...

Page 465: ...ith the same IP interface on the RS IGMP keeps track of multicast host members on a per port basis Ports belonging to an IP VLAN without any IGMP membership will not be forwarded any multicast traffic...

Page 466: ...s internal network and cannot include addresses that require the RS to send DVMRP data on the Internet The RS also allows control of routing information exchange with peers through route filter rules...

Page 467: ...19 3 4 Configuring Per Interface Control of IGMP Membership You can configure the RS to control IGMP membership on a per interface basis An interface can be configured to be allowed or not allowed me...

Page 468: ...19 4 1 Starting and Stopping DVMRP DVMRP is disabled by default on the RS To start or stop DVMRP enter one of the following commands in Configure mode 19 4 2 Configuring DVMRP on an Interface DVMRP ca...

Page 469: ...Threshold 64 Application restricted to a region TTL 128 Threshold 128 Application restricted to a continent TTL 255 Application not restricted To configure the TTL Threshold enter the following comma...

Page 470: ...ight tunnels To configure a DVMRP tunnel enter the following command in Configure mode You can also control the rate of DVMRP traffic in a DVMRP tunnel The default rate is 500 Kbps To control the rate...

Page 471: ...all interfaces running multicast protocols IGMP DVMRP multicast show interfaces Show all multicast routes multicast show mroutes Create VLANS vlan create upstream ip vlan add ports et 5 3 et 5 4 to u...

Page 472: ...uery Interval igmp set queryinterval 30 Enable DVMRP dvmrp enable interface 10 135 89 10 dvmrp enable interface 172 1 1 10 dvmrp enable interface 207 135 122 11 dvmrp enable interface 207 135 89 64 dv...

Page 473: ...ork through a firewall while letting other packets bypass the firewall Sites that have multiple Internet service providers can use IP policies to assign user groups to particular ISPs You can also cre...

Page 474: ...a profile with the acl command you associate the profile with an IP policy by entering one or more ip policy statements An ip policy statement specifies the next hop gateway or gateways where packets...

Page 475: ...red routes The options of the action parameter can cause packets to use the IP policy route first then the dynamic route if the next hop gateway specified in the IP policy is unavailable use the dynam...

Page 476: ...ort of the gateway at 15 second intervals If the RS does not receive a reply from the gateway after four tries the application is considered to be down You can change the intervals at which pings or h...

Page 477: ...ith the ip policy apply command Once the IP policy is applied to the interface packets start being forwarded according to the IP policy See the Riverstone RS Switch Router Command Line Interface Refer...

Page 478: ...raffic originating from network 10 50 0 0 for destination 207 31 0 0 16 is forwarded to 200 1 1 1 All other traffic is forwarded to 100 1 1 1 The following is the IP policy configuration for the Polic...

Page 479: ...s Traffic from the standard customer always uses one gateway 200 1 1 1 If for some reason that gateway is not available packets from the standard customer are dropped The following is the IP policy co...

Page 480: ...up are sent through a firewall If the firewall cannot be reached packets from the contractors group are dropped Packets from users defined in the full timers group do not have to go through the firewa...

Page 481: ...wall load balancing This example shows how to provide protection from a complete firewall failure but it does not show how to protect against asymmetrical paths if a single link failure occurs Figure...

Page 482: ...to vClient vlan add ports et 1 4 to vClient Create Firewall VLAN vlan create vFirewall ip id 20 vlan add ports et 2 1 to vFirewall vlan add ports et 2 2 to vFirewall Create interfaces interface create...

Page 483: ...add ports et 1 2 to vServices vlan add ports et 1 3 to vServices vlan add ports et 1 4 to vServices Create Firewall VLAN vlan create vFirewall ip id 20 vlan add ports et 2 1 to vFirewall vlan add por...

Page 484: ...destination TCP or UDP port 9 The TOS value in the packet 10 The protocol of this profile IP ICMP TCP UDP 11 The sequence in which the statement is evaluated IP policy statements are listed in the or...

Page 485: ...Policy First Policy Only or Policy Last 16 The list of next hop gateways in effect for the policy statement 17 The number of packets that have been forwarded to this next hop gateway 18 The state of t...

Page 486: ...20 14 Riverstone Networks RS Switch Router User Guide Release 8 0 Monitoring IP Policies IP Policy Based Forwarding Configuration...

Page 487: ...ss binding does not expire until the command that defines the binding is negated IP addresses defined for static bindings cannot be reassigned For static address bindings PAT allows TCP or UDP port nu...

Page 488: ...e enable port overload parameter to allow PAT 21 2 FORCING FLOWS THROUGH NAT If a host on the outside global network knows an inside local address it can send a message directly to the inside local ad...

Page 489: ...s in a Domain Name System DNS response to a name or inverse lookup For example if an outside host sends a name lookup to an inside DNS server the inside DNS server can respond with a local IP address...

Page 490: ...type 11 Parameter problem type 12 21 6 NAT AND FTP File Transfer Protocol FTP packets require special handling with NAT because the FTP PORT command packets contain IP address information within the d...

Page 491: ...21 7 MONITORING NAT To display NAT information enter the following command in Enable mode 21 8 CONFIGURATION EXAMPLES This section shows examples of NAT configurations 21 8 1 Static Configuration The...

Page 492: ...when the out to in traffic is the first to initialize a connection i e the first packet is coming from outside to inside This could be the case when you have a server in the local network and clients...

Page 493: ...on 1 The first step is to create the interfaces 2 Next define the interfaces to be NAT inside or outside 3 Then define the NAT dynamic rules by first creating the source ACL pool and then configuring...

Page 494: ...ut has been reached The free globals are used again for the next packet A typical problem is that if there are more local IP addresses as compared to global IP addresses in the pools then packets will...

Page 495: ...rts from 1024 4999 which is fixed and cannot be configured by the user The network administrator does not have to worry about the way in which the bindings are created he she just sets the pools and t...

Page 496: ...e local IP address of the DNS server The DNS server will resolve the query and respond with a reply The reply can include the local IP address of a host inside the local network for example 10 1 1 2 t...

Page 497: ...addresses 201 50 20 0 24 on interface 201 net Figure 21 5 Dynamic address binding with outside interface redundancy 1 The first step is to create the interfaces 2 Next define the interfaces to be NAT...

Page 498: ...d for the two connections This case is possible when you have two ISPs connected on two different interfaces to the Internet Through a routing protocol some routes will result in traffic going out of...

Page 499: ...e faster since requests can be handled locally but overall WAN bandwidth usage is reduced Note Load balancing and web caching can be performed using application software However the can perform these...

Page 500: ...through a TCP load balanced group is load balanced using the IP hash algorithm Specify udp to perform UDP load balancing such as DNS For UDP sessions it is difficult to signal the end of a session be...

Page 501: ...matching the source and destination IP addresses in the secure key transfer request to subsequent client requests This allows both the secure key transfer and subsequent data traffic from a particular...

Page 502: ...uts for Load Balancing Mappings The mapping between a host source and a load balancing server destination times out after a certain period of non activity After the mapping times out any server in the...

Page 503: ...d to it is selected to service a new session weighted round robin a variation of the round robin policy where each server takes on new sessions according to its assigned weight If you choose the weigh...

Page 504: ...gs from the RS to the mktgroup server group The following example sets the time between handshakes at port 80 In addition the RS can also check the status of any attached Domain Name Servers DNS serve...

Page 505: ...connection on a server If you have a proprietary protocol you can verify whether the protocol is up by specifying the files for the application content verification request reply and quit strings 22...

Page 506: ...22 1 9 Allowing Access to Load Balancing Servers Load balancing causes both source and destination addresses to be translated on the RS It may be undesirable in some cases for a source address to be...

Page 507: ...s of RS A is 100 1 1 1 and the IP address of RS B is 100 1 1 2 The two RS s are configured to mirror each other s session information for the group www fast net Figure 22 1 VSRP configuration example...

Page 508: ...ings load balance show source mappings client ip ipaddr range virtual ip ipaddr virtual port port number ip destination host ip ipaddr Show load balancing statistics load balance show statistics group...

Page 509: ...wards web requests among four separate servers as shown below Figure 22 2 Load balancing with one virtual group The network shown above can be created with the following load balance commands Domain N...

Page 510: ...known to the user In the above example the RS will search from the beginning of the file up to the 25th character for the start of the string OK Web Hosting with Multiple Virtual Groups and Multiple D...

Page 511: ...with the load balance create vip range name command Once the vip range is in place the ISP can then create the corresponding secondary addresses on their destination servers Once these addresses have...

Page 512: ...computers com 207 135 89 16 80 S1 10 1 1 16 S2 10 1 2 16 80 www dvd com 207 135 89 17 80 S1 10 1 1 17 S2 10 1 2 17 80 www vcr com 207 135 89 18 80 S1 10 1 1 18 S2 10 1 2 18 80 www toys com 207 135 89...

Page 513: ...me source IP subnet address Figure 22 5 Session and netmask persistence The network shown above can be created with the following load balance commands Client IP Address Domain Name Virtual IP Real Se...

Page 514: ...and translates the global address back to the local address for the incoming reply This process is illustrated in Figure 22 6 Figure 22 6 Load balancing with NAT The following explains the data flows...

Page 515: ...he cache group a list of cache servers to cache Web objects 2 Specify the hosts whose HTTP requests will be redirected to the cache servers This step is optional if you do not explicitly define these...

Page 516: ...5 142 179 14 to 135 142 179 21 should be redirected to the cache servers Redirecting HTTP Traffic on an Interface or Port To start the redirection of HTTP requests to the cache servers you need to app...

Page 517: ...b cache deny commands 22 2 3 Other Web Cache Options This section discusses other commands that may be useful in configuring Web caching in your network Bypassing Cache Servers Some Web sites require...

Page 518: ...fying Protocol for Redirected Traffic By default only TCP traffic is redirected to the local cache servers You can specify a different IP protocol for the traffic that is to be redirected For example...

Page 519: ...5 second intervals If the RS does not receive a reply from a server after four ping requests the server is considered to be down If you specify that the RS use TCP connection requests to check the gat...

Page 520: ...information enter the following commands in Enable mode Show information for all caching policies and all server lists web cache show all Show caching policy information web cache show cache name cach...

Page 521: ...cket addresses for both the destination and source are held within the IPX header 23 1 RIP ROUTING INFORMATION PROTOCOL IPX routers use RIP to create and dynamically maintain a database of internetwor...

Page 522: ...rvers respond to the workstation s or router s request Routers make periodic broadcasts to make sure all other routers are aware of the internetwork configuration Routers perform broadcasting whenever...

Page 523: ...fferent VLANs 23 3 4 IPX Addresses The IPX address is a 12 byte number divided into three parts The first part is the 4 byte 8 character IPX external network number The second part is the 6 byte 12 ch...

Page 524: ...otocol type code the default encapsulation method 802 3 SNAP SNAP IEEE 802 3 encapsulation in which the type code becomes the frame length for the IEEE 802 2 LLC encapsulation destination and source S...

Page 525: ...to determine the best paths for routing IPX However you can add static RIP routes to RIP routing table to explicitly specify a route To add a static RIP route enter the following command in Configure...

Page 526: ...replies RIP access control list Restricts advertisements or learning of networks Creating an IPX Access Control List IPX access control lists control which IPX traffic is received from or sent to an...

Page 527: ...de Creating an IPX GNS Access Control List IPX GNS access control lists control which SAP services the RS can reply with to a get nearest server GNS request To create an IPX GNS access control list en...

Page 528: ...on To display IPX information enter the following command in Enable mode 23 7 CONFIGURATION EXAMPLES This example performs the following configuration Creates IPX interfaces Adds static RIP routes Add...

Page 529: ...ress CCCCCCCC interface add ipx ipx2 address CCCCCCCC output mac encapsulation ethernet_II Add static route to network 9 ipx add route 9 BBBBBBBB 01 02 03 04 05 06 1 1 Add static sap ipx add sap 0004...

Page 530: ...23 10 Riverstone Networks RS Switch Router User Guide Release 8 0 Configuration Examples IPX Routing Configuration...

Page 531: ...Section 24 4 Enabling ACL Logging explains how to log information about packets that are permitted or denied because of an ACL Section 24 5 Monitoring ACLs lists the commands you can use to display i...

Page 532: ...rly For IPX ACLs the following selection criteria can be specified Source network address Destination network address Source IPX socket Destination IPX socket These selection criteria are specified as...

Page 533: ...ther field that is further down in the rule If there are no other fields to specify the any keyword is not necessary For example the following ACL permits all IP traffic to go through 24 1 2 How ACL R...

Page 534: ...ugh is blocked because of the implicit deny rule the worst that could happen is inconvenience On the other hand if a packet that should not be allowed to go through is instead sent through there is no...

Page 535: ...e firewall to permit specific types of traffic for example traffic from a specific subnet or traffic from a specific application 24 1 4 Allowing External Responses to Established TCP Connections Typic...

Page 536: ...RCP With this method you use a text editor on a remote host to edit delete replace or reorder ACL rules in a file Once the changes are made you can then upload the ACLs to the RS using TFTP or RCP an...

Page 537: ...or RCP the RS provides a simpler and more user friendly mechanism to maintain ACLs the ACL editor The ACL editor is a facility that is used online that is via CLI on a Console or Telnet session The A...

Page 538: ...t all of these rules into one ACL and apply it to an interface When a packet comes into the RS at an interface where an inbound ACL is applied the RS compares the packet to the rules specified by that...

Page 539: ...To apply an ACL to a service enter the following command in Configure mode 24 3 3 Applying ACLs to Layer 4 Bridging Ports ACLs can also be created to permit or deny access to one or more ports operati...

Page 540: ...he permit or deny keyword Only certain ACL rule parameters are relevant for each configuration command For example the configuration command to create NAT address pools for dynamic bindings the nat cr...

Page 541: ...24 to 15 1 1 0 24 to be forwarded to 10 10 10 10 See Chapter 20 IP Policy Based Forwarding Configuration for more information on using the ip policy command Using Profile ACLs with the Traffic Rate Li...

Page 542: ...an IP address within a range of local IP addresses is mapped to an IP address within a range of global IP addresses For example you can configure IP addresses on network 10 1 1 0 24 to use an IP addr...

Page 543: ...Using Profile ACLs with the Web Caching Facility Web caching is the RS s ability to direct HTTP requests for frequently accessed Web objects to local cache servers rather than to the Internet Since th...

Page 544: ...this example This command creates a Profile ACL called prof5 that uses as its selection criteria all packets with a source address of 1 2 3 4 and a destination address of 10 10 10 10 To have packets m...

Page 545: ...act on performance With ACL logging enabled the router prints out a message at the console before the packet is actually forwarded or dropped Even if the console is connected to the router at a high b...

Page 546: ...24 16 Riverstone Networks RS Switch Router User Guide Release 8 0 Monitoring ACLs Access Control List Configuration...

Page 547: ...destination TCP UDP port TOS or protocol type for IP traffic Perform filtering on source or destination IPX address or source or destination IPX socket Perform access control to services provided on t...

Page 548: ...s command is not specified the RS tries the next configured authentication method including TACACS configura tion commands Otherwise if the server does not reply within the configured timeout period f...

Page 549: ...ACS servers To configure TACACS security enter the following commands in the Configure mode Monitoring TACACS You can monitor TACACS configuration and statistics within the RS To monitor TACACS enter...

Page 550: ...od for the configured number of retries user authen tication will fail tacacs plus set last resort password succeed deny Set the maximum number of times the TACACS server is contacted for authenticati...

Page 551: ...enabled on the router passwords are authenticated by the TACACS or RADIUS server Private and public keys on a per user basis are not supported Establishing SSH Sessions The SSH server on the RS must...

Page 552: ...u can use any SSH version 1 client to access the SSH server on the RS For example there are several SSH clients available that run under Windows 95 98 Monitoring SSH Sessions The RS allows up to four...

Page 553: ...flow which filters out any frame coming from a specific source MAC address that is also destined to a specific destination MAC address To configure Layer 2 address filters enter the following command...

Page 554: ...stination port filters A secure port filter applied to a source port forces all incoming packets to be dropped on a port A secure port filter applied to a destination port prevents packets from going...

Page 555: ...port filter filters add secure port name name direction source vlan VLAN num in port list port list Configure a destination secure port filter filters add secure port name name direction destination...

Page 556: ...in flow bridging mode for this filter to work Static Entries Example Source static entry The consultant is only allowed to access the engineering file servers on port et 1 2 Destination static entry R...

Page 557: ...MAC is detected on a different port all of its traffic will be blocked Example 2 Secure Ports Source secure port To block all engineers on port 1 from accessing all other ports enter the following co...

Page 558: ...the packet that matches the rule s packet description For information about defining and using ACLs on the RS see Chapter 24 Access Control List Configuration 25 4 LAYER 4 BRIDGING AND FILTERING Layer...

Page 559: ...onsists of the following steps Creating an IP or IPX VLAN Placing the ports on the same VLAN Enabling Layer 4 Bridging on the VLAN Creating an ACL that specifies the selection criteria Applying an ACL...

Page 560: ...ple to enable Layer 4 Bridging on the blue VLAN 25 4 4 Creating ACLs to Specify Selection Criteria for Layer 4 Bridging Access control lists ACLs specify the kind of filtering to be done for Layer 4 B...

Page 561: ...he ACLs to the ports in the VLAN To do this enter the following command in Configure mode For the example in Figure 25 2 to apply ACL 100 which denies all traffic except SMTP to the consultant port To...

Page 562: ...rather than per MAC pair This means that for traffic between a MAC pair consisting of more than one flow the packets may be disordered if they go through a SmartTRUNK For traffic that doesn t go thro...

Page 563: ...ates traffic congestion by randomly dropping packets before the queues pass their upper thresholds WRED is intended to work with connection oriented protocols especially TCP However WRED when applied...

Page 564: ...he RS For Layer 2 traffic you can define a flow based on MAC packet header fields including source MAC address destination MAC address and VLAN IDs A list of incoming ports can also be specified For L...

Page 565: ...MAC address to a specific destination MAC address use only when the port is in flow bridging mode Any source MAC address to a specific destination MAC address Before applying a QoS policy to a Layer...

Page 566: ...ernal priorities for frames You can create one or more priority maps that are different from the default priority map and then apply these maps to some or all ports on the RS The new priority mapping...

Page 567: ...p you must negate all commands that use the priority map Negating a qos apply priority map command causes the configured ports to use the default priority mapping The ability to specify per port prior...

Page 568: ...ation flows Layer 4 application flows 26 5 1 Configuring IP QoS Policies To configure an IP QoS policy perform the following tasks 1 Identify the Layer 3 or 4 flow and set the IP QoS policy 2 Specify...

Page 569: ...olicy strict priority is set on a system wide basis To change the queuing policy for a specific port or ports to weighted fair queuing enter the following command in the Configure mode If you want to...

Page 570: ...robability of packet drop roughly depends on bandwidth i e the more packets sent by a particular connection the greater the probability that packets will be dropped from that connection 26 7 1 WRED s...

Page 571: ...nput queues and from zero 0 to seven 7 when WRED is applied to output queues Note that the lower the value specified the higher the probability that packets will be dropped Both the exponential weight...

Page 572: ...is not currently used In the RS configuration there is no restriction on this bit and it is included as part of the ToS field For example setting the ToS field to 0010 specifies that a packet will be...

Page 573: ...up The entire ToS byte can be rewritten or only the precedence part of the ToS byte can be rewritten If you specify a value for tos precedence rewrite then only the upper three bits of the ToS byte ar...

Page 574: ...isplay QoS information enter the following commands in Enable mode qos set ip tos30to7 low 10 10 10 0 24 any any any 71 any any 255 5 30 Show all IP QoS flows qos show ip Show all IPX QoS flows qos sh...

Page 575: ...e rate limiting is designed for use with line cards that do not support aggregate rate limiting Port level Rate Limiting Configure policies that limit traffic coming into a particular port This type o...

Page 576: ...ow or flow aggregate rate limiting policies on that line card To enable aggregate or port level rate limiting on a line card enter the following command in Configure mode Note To change the rate limit...

Page 577: ...y an ACL when defining this type of policy Port rate limiting policies do not need to be applied to an interface and take effect when they are created To configure port rate limiting policies for inpu...

Page 578: ...to rate limit traffic to or from a particular subnet Note You cannot apply an aggregate rate limiting policy to an interface that spans ports on more than one line card For example you cannot apply an...

Page 579: ...ands in the Configure mode Define an aggregate rate limit policy rate limit name aggregate acl acl list rate rate limit drop packets no action lower priority lower priority except control tos preceden...

Page 580: ...to client1 vlan add ports et 1 2 to client2 vlan add ports et 1 8 to backbone interface create ip ipclient1 vlan client1 address netmask 1 1 1 1 8 interface create ip ipclient2 vlan client2 address ne...

Page 581: ...formation To show information about rate limit policies use the following command in the Enable mode system enable aggregate rate limiting slot 1 interface create ip engintf address netmask 122 132 10...

Page 582: ...26 20 Riverstone Networks RS Switch Router User Guide Release 8 0 Limiting Traffic Rate QoS Configuration...

Page 583: ...e Show DVMRP routes dvmrp show routes Show all TCP UDP connections and services ip show connections Show all IP routes ip show routes Show all IPX routes ipx show tables routing Show all MAC addresses...

Page 584: ...igure port mirroring for the entire WAN card Only IP ACLs can be specified for port mirroring Show multicast statistics statistics show multicast Show port error statistics statistics show port errors...

Page 585: ...cular period of time Additionally you can configure the RS to shut down for a specified period if the packets sent to the control module reach a certain limit during a specified time interval Packets...

Page 586: ...27 4 Riverstone Networks RS Switch Router User Guide Release 8 0 Monitoring Broadcast Traffic Performance Monitoring...

Page 587: ...onnections and the applications and protocols being used For example the RMON 2 network layer matrix MIB group can show protocol specific traffic between pairs of systems which can help to diagnose pr...

Page 588: ...command line in Configure mode To specify the ports on which RMON is to be enabled use the following CLI command line in Configure mode 1 port flow bridging et 5 3 8 2 interface add ip en0 address ne...

Page 589: ...ndard RMON groups are shown in the table below Table 28 1 Lite RMON groups Group Function EtherStats Records Ethernet statistics for example packets dropped packets sent etc for specified ports Event...

Page 590: ...ol tables and then configure the appropriate control tables for the data you wish to collect Even if you use the default control tables you can always use the rmon commands to modify control table ent...

Page 591: ...r possible candidacy for moves to dedicated or higher speed ports and analyze traffic patterns to facilitate more long term network planning RMON 1 provides layer 2 information Traffic flowing through...

Page 592: ...88 15 15 15 3 1771 272562 ether2 ip v4 10 50 89 88 15 15 15 3 1125 211192 ether2 ip v4 tcp 10 50 89 88 15 15 15 3 1122 210967 ether2 ip v4 tcp telnet 10 50 89 88 15 15 15 3 3 225 ether2 ip v4 tcp www...

Page 593: ...ble To configure the History group rmon history index index number port port interval seconds owner string samples num status enable disable To configure the Application Layer and Network Layer Host g...

Page 594: ...Event table and an SNMP trap generated with the community string public Event owner is help desk The command line below is an example of an RMON Alarm group configuration with the following attributes...

Page 595: ...ow hosts and logs rmon show hosts port list all ports summary To show all Host Top N and logs rmon show host top n To show matrices and logs rmon show matrix port list all ports To show all channels r...

Page 596: ...ow commands An RMON CLI filter can only be applied to a current Telnet or Console session The following shows Host table output without a CLI filter To show all user history logs rmon show user histor...

Page 597: ...sing RMON CLI Filters To see and use RMON CLI filters use the following CLI command in User or Enable mode rs rmon apply cli filter 4 rs rmon show hosts et 5 4 RMON I Host Table Filter inpkts 500 Addr...

Page 598: ...to specify the port on which RMON will be enabled 4 Make sure that the control table is configured for the report that you want Depending upon the RMON group default control tables may be created for...

Page 599: ...following CLI command in Enable mode Any memory allocation failures are reported The following is an example of the information shown with the rmon show status command To set the amount of memory all...

Page 600: ...ON RMON Configuration The maximum amount of memory that you can allocate to RMON depends upon the RS model as shown in the table below Table 28 4 Maximum memory allocations to RMON RS platform Maximum...

Page 601: ...t intended for troubleshooting immediate network problems enforcing company policies or replacing the accounts payable system Note For a complete list of LFAP related commands see the Riverstone RS Sw...

Page 602: ...save backbone or WAN bandwidth it makes sense to have the accounting server as close as possible to the RS that it manages Up to three accounting servers can be configured on a RS although the RS can...

Page 603: ...accounting server system to which the RS will send LFAP messages up to three accounting servers can be configured 3 Start the LFAP protocol on the RS 29 5 MONITORING THE LFAP AGENT ON THE RS The lfap...

Page 604: ...29 4 Riverstone Networks RS Switch Router User Guide Release 8 0 Monitoring the LFAP Agent on the RS LFAP Configuration Guide...

Page 605: ...figuration Examples Example Channelized T1 E1 and T3 configurations in Section 30 18 Scenarios for Deploying Channelized T1 E1 and T3 Example Clear Channel T3 and E3 configurations in Section 30 19 Sc...

Page 606: ...ddresses For Frame Relay you can configure primary and secondary addresses which are static or dynamic For PPP however the primary addresses may be dynamic or static but the secondary addresses must b...

Page 607: ...address is unknown you do not need to specify it when creating the interface When in the Frame Relay environment the peer address will be automatically discovered via InArp Similarly the peer address...

Page 608: ...tail in the following sections and should be taken into consideration before enabling compression Since the factors are dependent on the environment you should first try running with compression histo...

Page 609: ...Latency Requirements The use of compression may affect a packet s latency Since the compressed packet is smaller less time is needed to transmit it On the other hand each packet must undergo a compres...

Page 610: ...g bandwidth more effectively Source Filtering and ACLs Source filtering and ACLs can be applied to a WAN interface However they affect the entire module not an individual port For example if you want...

Page 611: ...rmation transfer rate upon congestion abatement The CLI command related to adaptive shaping allows you to set threshold values for triggering the adaptive shaping function 30 3 FRAME RELAY OVERVIEW Fr...

Page 612: ...of the WAN interface Having established the type and location of your WAN interfaces you need to optionally define one or more service profiles for your WAN interfaces then apply a service profile to...

Page 613: ...an use the CLI to monitor status and statistics for your WAN ports The following table describes the monitoring commands for WAN interfaces designed to be used in Enable mode Define a frame relay serv...

Page 614: ...faults Random Early Discard RED disabled RMON enabled The command line necessary to set up a service profile with the above attributes would be as follows To assign the above service profile to the VC...

Page 615: ...loopback interference you can use the ppp restart command in the CLI to remedy the situation 30 8 CONFIGURING PPP INTERFACES This section provides an overview of configuring a host of WAN parameters...

Page 616: ...4 Configuring Multilink PPP Bundles The Multilink PPP MLP standard defines a method for grouping multiple physical PPP links into a logical pipe called an MLP bundle PPP ports are bundled together on...

Page 617: ...WAN interfaces designed to be used in the Enable mode Add PPP port s to an MLP bundle ppp add to mlp mlp port port list Create MLP bundle s ppp create mlp mlp list slot number Set MLP encapsulation f...

Page 618: ...on the HSSI port hs 5 1 Suppose you wish to set up a service profile called profile2 that includes the following characteristics Bridging enabled Leave high low and medium priority queue depths set to...

Page 619: ...rofile Once you have defined the type and location of your Cisco HDLC WAN interface s you can configure your RS to more efficiently utilize available bandwidth for Cisco HDLC communications Note The R...

Page 620: ...are configured for Cisco HDLC encapsulation and a speed of 45Mbps A service profile s1 is then created with the Keepalive set to 15 seconds and RED disable Finally the service profile is applied to th...

Page 621: ...int protocol MLPPP 30 13 1 Configuring WAN Rate Shaping Configure WAN rate shaping using the two commands wan define and wan apply Use wan define to create a rate shaping template then use wan apply t...

Page 622: ...the subnet 134 141 153 0 To apply rate shaping to a single source IP address enter the IP address only but do not specify a subnet mask The wan apply command also allows you to set the following param...

Page 623: ...iods when WAN bandwidth is not 100 percent utilized the rate shaping algorithm can allow each rate shaped Ethernet flow to exceed its Bc by a specified amount called the Excess Burst Size Be As with B...

Page 624: ...al to CIR Notice that if Be is defined and excess bandwidth is available the amount of WAN port bandwidth utilized by an Ethernet flow can exceed its specified CIR In the best possible case where ther...

Page 625: ...tomatically to Bc CIR 1 24 of a second Template dest2 is applied to R2 s Clear Channel T3 port for traffic originating from subnet 124 141 77 0 24 rs config wan define rate shape parameters dest1 cir...

Page 626: ...that Ethernet flows are rate shaped by the desired template For example two templates are created temp1 and temp2 each with a different value for CIR and Bc Both templates are applied to a single Clea...

Page 627: ...re mixed with flows that are controlled The non rate shaped flows will disregard the rate shaped flows and take as much bandwidth as they can For this reason it s generally not a good idea to mix rate...

Page 628: ...st all be on the same Multi Rate WAN Module that is t1 2 1 4 Also the MP bundle being configured for IMUX mode must first be configured to use bridged format encapsulation using the ppp set ppp encaps...

Page 629: ...ts From the diagram you can see that R1 is part of both Subnets 1 and 2 R2 is part of both Subnets 2 and 3 and R3 is part of subnets 1 and 3 You can click on the router label in blue to jump to the ac...

Page 630: ...2 hs 4 1 hs 7 2 hs 3 1 et 1 1 et 1 2 hs 7 1 hs 3 2 et 1 1 hs 7 1 hs 3 1 et 15 2 et 15 1 30 30 30 3 30 30 30 13 100 100 100 3 130 130 130 3 100 100 100 1 130 130 130 2 200 200 200 200 20 20 20 12 20 20...

Page 631: ...0 1 16 vlan s1 interface create ip s2 address netmask 120 120 120 1 16 vlan s2 rip add interface all rip set interface all version 2 rip set interface all xmt actual enable rip set auto summary enable...

Page 632: ...face create ip PPPforR2toR3 address netmask 130 130 130 3 16 peer address 130 130 130 2 port hs 4 2 interface create ip s1 address netmask 100 100 100 3 16 vlan s1 rip add interface all rip set interf...

Page 633: ...r 000505 050500 exit port et 1 1 Configuration for ROUTER R6 port set et 15 duplex full port set hs 3 1 wan encapsulation frame relay speed 45000000 frame relay create vc port hs 3 1 106 frame relay d...

Page 634: ...CSU DSU The T1 WIC has two RJ 48c connectors and the E1 WIC has two 120 Ohm RJ 45 connectors Two T1 or E1 WICs or a T1 and E1 WIC can be installed in a Multi Rate WAN module giving a total of four po...

Page 635: ...ach DS1 channel can be configured for n x 56 kbps or n x 64 kbps where n is 1 to 24 The unused portion of the T1 bandwidth when not running at full T1 speed is filled with idle channel data The CT3 se...

Page 636: ...intended for support of external BERT equipment see Section 30 16 4 Bit Error Rate Testing Figure 30 4 T3 port with T1 test port Also a separate DS1 test port connection is provided per T3 interface...

Page 637: ...the following parameters for ports 1 through 4 framing crc4 Sets the framing type to Cyclic Redundancy Check 4 impedance 75ohm Sets the impedance of the line to 75 ohm timeslots 1 31 Sets the range o...

Page 638: ...eated and used for bridging to MSP s Create a VLAN using the following command For the VLAN example vlan create vlan1 port based Creates a port based VLAN id 100 Names the VLAN T1 Lines T1 lines chann...

Page 639: ...Bit Error Rate The patterns available for BERT are selectable from a standard set of both pseudo random and repetitive patterns see the parameters for the port bert command BERT can only be performed...

Page 640: ...ation of one hour enable config Configure loopback port set t1 2 1 framing esf lbo 7 5db port set t1 2 1 1 timeslots 1 24 speed 56 wan encapsulation ppp save active exit port loopback t1 2 1 remote li...

Page 641: ...e of BERT to do an internal test of the 15th DS1 line of a DS3 interface for a duration of one hour enable config Configure loopback port set t3 2 1 15 framing esf save active exit port loopback t3 2...

Page 642: ...mple the command sequence would be enable config Configure loopback port set e1 3 1 framing nocrc4 international bits 0 port set e1 3 1 1 timeslots 1 31 ts16 wan encapsulation ppp save active exit por...

Page 643: ...SU DSU The WICs have a BNC connector Transmit Receive pair Two T3 or E3 WICs or a T3 and an E3 WIC can be installed in a Multi Rate WAN module giving a total of two ports Framing and line coding schem...

Page 644: ...scenario a company has several sites that need to be connected An MSP provides a Channelized T3 connection on their RS 32000 Each site has several LANs interconnected through an RS 3000 which also pr...

Page 645: ...ng Channelized T1 E1 and T3 Figure 30 5 Bridged MSP MTU MDU Aggregation rsite2 MTU MDU Metropolitan Sevice Provider T1 x 4 T3 28 T1s T1 x 4 T1 x 4 T1 x 4 T1 x 4 T1 x 4 T1 x 4 TELCO PSTN RS 32000 rsite...

Page 646: ...p 6 port t3 4 1 21 24 ppp create mlp mp 7 slot 4 ppp add to mlp mp 7 port t3 4 1 25 28 Configure VLAN and bridging link to each site vlan create vlan1 port based id 100 vlan add ports mp 1 to vlan1 in...

Page 647: ...ts 1 24 wan encapsulation ppp ppp create mlp mp 1 slot 2 ppp add to mlp mp 1 port t1 2 1 4 1 Configure VLAN and bridging for link to MSP vlan create vlan1port based id 100 vlan add ports mp 1 to vlan1...

Page 648: ...s the routing protocol The ISP provides a Channelized T3 connection on their RS 32000 a LAN that connects to the servers containing the shared data required by the company and a connection to the Inte...

Page 649: ...ctions with Only T1 on RS 8x00 T3 Internet Internet Service Provider POS RS 32000 12 20 10 5 24 Shared Data T1 x 4 T1 x 4 RS 8600 120 210 1 1 24 120 210 2 1 24 120 210 3 1 24 120 210 4 1 24 120 210 5...

Page 650: ...13 16 ppp create mlp mp 5 slot 4 ppp add to mlp mp 5 port t3 4 1 17 20 ppp create mlp mp 6 slot 4 ppp add to mlp mp 6 port t3 4 1 21 24 ppp create mlp mp 7 slot 4 ppp add to mlp mp 7 port t3 4 1 25 2...

Page 651: ...ate ip to_isp address netmask 120 210 1 2 24 port mp 1 up T1 interface to the remote sites port set t1 3 1 4 framing esf lbo 7 5db port set t1 3 1 4 1 timeslots 1 24 wan encapsulation ppp interface cr...

Page 652: ...eslots 1 24 wan encapsulation ppp port set t1 2 4 framing esf lbo 7 5db port set t1 2 4 1 timeslots 1 24 wan encapsulation ppp ppp create mlp mp 1 slot 2 ppp add to mlp mp 1 port t1 2 1 4 1 interface...

Page 653: ...1 24 wan encapsulation ppp ppp create mlp mp 1 slot 2 ppp add to mlp mp 1 port t1 2 1 4 1 interface create ip to_isp address netmask 120 210 3 2 24 port mp 1 up T1 interface to the hqsite port set t1...

Page 654: ...ta required by the company and a connection to the Internet Figure 30 7 shows the network layout for this scenario The tables following the figure show the commands used to configure the interfaces fo...

Page 655: ...ctions with T1 and T3 on RS 8x00 Internet Internet Service Provider POS RS 32000 12 20 10 5 24 Shared Data T1 x 4 T3 T1 T1 T1 120 210 7 1 24 rsite7 RS 3000 120 210 5 1 24 rsite5 RS 3000 120 210 4 1 24...

Page 656: ...4 1 13 16 ppp create mlp mp 5 slot 4 ppp add to mlp mp 5 port t3 4 1 17 20 ppp create mlp mp 6 slot 4 ppp add to mlp mp 6 port t3 4 1 21 24 ppp create mlp mp 7 slot 4 ppp add to mlp mp 7 port t3 4 1 2...

Page 657: ...ppp add to mlp mp 4 port t3 4 1 13 16 ppp create mlp mp 5 slot 4 ppp add to mlp mp 5 port t3 4 1 17 20 ppp create mlp mp 6 slot 4 ppp add to mlp mp 6 port t3 4 1 21 24 ppp create mlp mp 7 slot 4 ppp a...

Page 658: ...ts 1 24 wan encapsulation ppp ppp create mlp mp 9 slot 5 ppp add to mlp mp 9 port t1 5 1 4 1 interface create ip to_rsite2 address netmask 120 210 2 1 24 port mp 9 up ppp create mlp mp 10 slot 6 ppp a...

Page 659: ...ort set t1 2 2 1 timeslots 1 24 wan encapsulation ppp port set t1 2 3 framing esf lbo 7 5db port set t1 2 3 1 timeslots 1 24 wan encapsulation ppp port set t1 2 4 framing esf lbo 7 5db port set t1 2 4...

Page 660: ...timeslots 1 24 wan encapsulation ppp port set t1 2 4 framing esf lbo 7 5db port set t1 2 4 1 timeslots 1 24 wan encapsulation ppp ppp create mlp mp 1 slot 2 ppp add to mlp mp 1 port t1 2 1 4 1 interfa...

Page 661: ...ll unstructured T1 link is connected directly to the head office Internet Service Provider A uses a POS link to the Internet Internet Service Provider B provides a Channelized T3 service to an Applica...

Page 662: ...30 58 Riverstone Networks RS Switch Router User Guide Release 8 0 Scenarios for Deploying Channelized T1 E1 and T3 WAN Configuration Figure 30 8 Routed Metropolitan Backbone with Only T1 on RS 8x00...

Page 663: ...psulation ppp port set t3 4 1 9 12 timeslots 1 24 wan encapsulation ppp port set t3 4 1 13 timeslots 1 24 wan encapsulation ppp Configure 4 consecutive T1 lines into multilink PPP bundles ppp create m...

Page 664: ...lbo 7 5db port set t1 2 2 1 timeslots 1 24 wan encapsulation ppp port set t1 2 3 framing esf lbo 7 5db port set t1 2 3 1 timeslots 1 24 wan encapsulation ppp port set t1 2 4 framing esf lbo 7 5db por...

Page 665: ...1 interface create ip to_msp_mppp address netmask 120 210 23 50 28 port mp 1 up Fractional T1 interface to the MSP port set t1 3 1 framing esf lbo 7 5db port set t1 3 1 1 timeslots 1 12 wan encapsulat...

Page 666: ...t t3 4 1 13 20 timeslots 1 24 wan encapsulation ppp Configure 4 consecutive T1 lines into multilink PPP bundles ppp create mlp mp 1 slot 4 ppp add to mlp mp 1 port t3 4 1 1 8 ppp create mlp mp 2 slot...

Page 667: ...pplies to the RS 8000 router at the Application Service Provider Configuration for the RS 8000 T1 interfaces T1 interfaces to the ISP port set t1 2 1 4 framing esf lbo 7 5db port set t1 2 1 4 1 timesl...

Page 668: ...six 64 Kbps services Also a full unstructured T1 link is connected directly to the RS 8600 Internet Service Provider A uses a POS link to the Internet Internet Service Provider B provides a Channelize...

Page 669: ...S 8x00 Metropolitan Service Provider POS T3 Fractional T1 Unstructured T1 POS POS RS 32000 T3 T3 Internet Service Provider B RS 32000 T1 x 4 Content Provider RS 8000 110 25 30 5 24 Application Service...

Page 670: ...ion ppp port set t3 4 1 9 12 timeslots 1 24 wan encapsulation ppp port set t3 4 1 13 timeslots 1 24 wan encapsulation ppp Configure 2 multilink PPP bundles each containing 4 consecutive T1 lines ppp c...

Page 671: ...nfiguration for the RS 8600 Channelized T3 interface port set t3 4 1 cablelength 200 Configure the T1 lines on the Channelized T3 interface port set t3 4 1 1 4 timeslots 1 24 wan encapsulation ppp Con...

Page 672: ...ce create ip to_rsite_mppp address netmask 120 210 4 1 24 port mp 1 up Full unstructured T1 interface to the rsite port set t1 3 1 framing none wan encapsulation ppp interface create ip to_rsite_fullt...

Page 673: ...reate ip to_hqsite_mppp address netmask 120 210 4 2 24 port mp 1 up Fractional T1 interface to the hqsite port set t1 3 1 framing esf lbo 7 5db port set t1 3 1 1 timeslots 1 12 wan encapsulation ppp p...

Page 674: ...set t3 4 1 17 20 timeslots 1 24 wan encapsulation ppp Configure 2 multilink PPP bundles each containing 4 consecutive T1 lines ppp create mlp mp 1 slot 4 ppp add to mlp mp 1 port t3 4 1 1 4 ppp create...

Page 675: ...4 1 1 4 ppp create mlp mp 2 slot 4 ppp add to mlp mp 2 port t3 4 1 5 8 interface create ip to_ispb1 address netmask 110 25 30 4 24 port mp 1 up interface create ip to_ispb2 address netmask 110 25 31...

Page 676: ...he servers containing the shared data required by the company and a connection to the Internet Figure 30 10 shows the network layout for this scenario The tables following the figure show the commands...

Page 677: ...Connections with E1 on RS 8x00 E3 Internet Internet Service Provider 12 20 10 5 24 Shared Data E1 x 4 E1 x 4 RS 8600 120 210 1 1 24 120 210 2 1 24 120 210 3 1 24 120 210 4 1 24 120 210 5 1 24 120 210...

Page 678: ..._isp address netmask 120 210 1 2 24 port mp 1 up E1 interface to the remote sites port set e1 3 1 4 framing crc4 port set e1 3 1 4 1 timeslots 1 31 wan encapsulation ppp interface create ip to_rsite2...

Page 679: ...eslots 1 31 wan encapsulation ppp port set e1 2 4 framing crc4 port set e1 2 4 1 timeslots 1 31 wan encapsulation ppp ppp create mlp mp 1 slot 2 ppp add to mlp mp 1 port e1 2 1 4 1 interface create ip...

Page 680: ...rt set e1 2 2 framing crc4 port set e1 2 2 1 timeslots 1 31 wan encapsulation ppp port set e1 2 3 framing crc4 port set e1 2 3 1 timeslots 1 31 wan encapsulation ppp port set e1 2 4 framing crc4 port...

Page 681: ...ntic Connection Using a T1 and E1 Link RS 8600 Configuration USA The following configuration applies to the RS 8600 router Router Hardware Requirements RS 8600 USA 1 Multi Rate WAN module with 1 T1 WI...

Page 682: ...n applies to the RS 8000 router Configuration for the RS 8000 E1 interface E1 interface to the USA assumes T1 is delivered on timeslots 1 24 including timeslot 16 port set e1 2 3 framing crc4 port set...

Page 683: ...shown Remote sites rsite1 and rsite2 have two VCs on the Channelized T1 interface Note The timeslot assignments for each site need not be different they are different in this example for clarity Figur...

Page 684: ...ply service CIR1forR1toHQ ports t1 2 1 1 106 frame relay create vc port t1 2 1 1 107 frame relay define service CIR2forR1toHQ cir 64000 bc 128000 frame relay apply service CIR2forR1toHQ ports t1 2 1 1...

Page 685: ...1 107 port set t1 2 1 framing esf lbo 7 5db port set t1 2 1 1 timeslots 9 12 wan encapsulation frame relay interface create ip rs3_hq address netmask 110 110 130 2 24 port t1 2 1 1 106 up frame relay...

Page 686: ...port t1 4 1 3 106 up interface create ip rsite4 address netmask 110 110 140 1 24 port t1 4 1 4 106 up interface create ip rsite5 address netmask 110 110 150 1 24 port t1 4 1 5 106 up interface create...

Page 687: ...and RIP is used as the routing protocol The ISP provides a Channelized T3 connection on their RS 8000 a LAN that connects to the servers containing the shared data required by the company and a Clear...

Page 688: ...3 refers to Channelized T3 CCT3 refers to Clear Channel T3 Internet Internet Service Provider CCT3 12 20 10 5 24 Shared Data T1 x 4 T3 T1 T1 T1 120 210 7 1 24 rsite7 RS 3000 120 210 5 1 24 rsite5 RS 3...

Page 689: ...to mlp mp 3 port t3 4 1 9 12 ppp create mlp mp 4 slot 4 ppp add to mlp mp 4 port t3 4 1 13 16 ppp create mlp mp 5 slot 4 ppp add to mlp mp 5 port t3 4 1 17 20 ppp create mlp mp 6 slot 4 ppp add to ml...

Page 690: ...ppp add to mlp mp 4 port t3 4 1 13 16 ppp create mlp mp 5 slot 4 ppp add to mlp mp 5 port t3 4 1 17 20 ppp create mlp mp 6 slot 4 ppp add to mlp mp 6 port t3 4 1 21 24 ppp create mlp mp 7 slot 4 ppp a...

Page 691: ...ts 1 24 wan encapsulation ppp ppp create mlp mp 9 slot 5 ppp add to mlp mp 9 port t1 5 1 4 1 interface create ip to_rsite2 address netmask 120 210 2 1 24 port mp 9 up ppp create mlp mp 10 slot 6 ppp a...

Page 692: ...ort set t1 2 2 1 timeslots 1 24 wan encapsulation ppp port set t1 2 3 framing esf lbo 7 5db port set t1 2 3 1 timeslots 1 24 wan encapsulation ppp port set t1 2 4 framing esf lbo 7 5db port set t1 2 4...

Page 693: ...imeslots 1 24 wan encapsulation ppp port set t1 2 4 framing esf lbo 7 5db port set t1 2 4 1 timeslots 1 24 wan encapsulation ppp ppp create mlp mp 1 slot 2 ppp add to mlp mp 1 port t1 2 1 4 1 interfac...

Page 694: ...Internet Service Provider A uses a Clear Channel T3 link to the Internet Internet Service Provider B provides a Channelized T3 service to an Application Service Provider and a Content Provider both o...

Page 695: ...opolitan Service Provider CCT3 T3 Fractional T1 Unstructured T1 CCT3 CCT3 RS 8600 T3 T3 Internet Service Provider B RS 8600 T1 x 4 Content Provider RS 8000 110 25 30 5 24 Application Service Provider...

Page 696: ...t t3 4 1 cablelength 200 Configure the T1 lines on the Channelized T3 interface port set t3 4 1 1 4 timeslots 1 24 wan encapsulation ppp port set t3 4 1 9 12 timeslots 1 24 wan encapsulation ppp port...

Page 697: ...nfiguration for the RS 8000 Channelized T3 interface port set t3 4 1 cablelength 200 Configure the T1 lines on the Channelized T3 interface port set t3 4 1 1 4 timeslots 1 24 wan encapsulation ppp Con...

Page 698: ...ce create ip to_rsite_mppp address netmask 120 210 4 1 24 port mp 1 up Full unstructured T1 interface to the rsite port set t1 3 1 framing none wan encapsulation ppp interface create ip to_rsite_fullt...

Page 699: ...eate ip to_hqsite_mppp address netmask 120 210 4 2 24 port mp 1 up Fractional T1 interface to the hqsite port set t1 3 1 framing esf lbo 7 5db port set t1 3 1 1 timeslots 1 12 wan encapsulation ppp po...

Page 700: ...set t3 4 1 1 4 timeslots 1 24 wan encapsulation ppp port set t3 4 1 5 8 timeslots 1 24 wan encapsulation ppp port set t3 4 1 13 16 timeslots 1 24 wan encapsulation ppp port set t3 4 1 17 20 timeslots...

Page 701: ...port set t3 4 1 5 8 timeslots 1 24 wan encapsulation ppp port set t3 4 1 13 16 timeslots 1 24 wan encapsulation ppp port set t3 4 1 17 20 timeslots 1 24 wan encapsulation ppp Configure 2 multilink PP...

Page 702: ...4 1 1 4 ppp create mlp mp 2 slot 4 ppp add to mlp mp 2 port t3 4 1 5 8 interface create ip to_ispb1 address netmask 110 25 30 4 24 port mp 1 up interface create ip to_ispb2 address netmask 110 25 31 5...

Page 703: ...Riverstone Networks RS Switch Router User Guide Release 8 0 30 99 WAN Configuration Scenarios for Deploying Clear Channel T3 and E3...

Page 704: ...30 100 Riverstone Networks RS Switch Router User Guide Release 8 0 Scenarios for Deploying Clear Channel T3 and E3 WAN Configuration...

Page 705: ...e applied to one many or an unlimited number of interfaces and or ports using the MF Classifier ACLs do not need be defined when using service rate limiting To illustrate the advantages two examples f...

Page 706: ...n a combination of hardware and software Per flow rate limiting Use the per flow rate limiting service to limit individual flows Burst safe rate limiting Use the burst safe rate limiting service if Co...

Page 707: ...h a physical port or matches a predefined profile while passing through an interface credit is deducted from the bucket When all the credits have been used and traffic has exhausted all allocated band...

Page 708: ...card then subsequent packets are handled locally 31 2 2 Flow Aggregate Rate Limiting Service Flow aggregate rate limiting can be used on line cards that are not enabled for aggregate rate limiting It...

Page 709: ...a flow aggregate service limiting an aggregate flow to 10 million bps drops packets if the rate is exceeded and distributed across 10 flows rs config service testaggregate create rate limit flow aggr...

Page 710: ...ther than MF Classifiers See 31 3 2 Applying Services Using the MF Classifier Command for more information about MF Classifiers To apply services using ACLs use the following commands Create a burst s...

Page 711: ...erface userinterface1 Apply a service to a port rs config service mktaggregate apply rate limit acl mktacl port et 3 3 Apply a service using an MF Classifier to an interface or port service name apply...

Page 712: ...Displays the type of service Exceed Action Displays the action taken when the rate is exceeded Display an aggregate flow aggregate per flow or burst safe service service show rate limit aggregate name...

Page 713: ...Mask Type of service mask Prot Type of protocol declared with the service IP is the default Display all services service show rate limit all show applied Display all services using the show applied p...

Page 714: ...level rate limiting policies on output ports in either the per flow or aggregate rate limiting modes Note For output port policies the only action to specify if traffic exceeds the specified rate is...

Page 715: ...exceed to packets are dropped The configuration requirements of corporationone com and corporationtwo com are Set the traffic prioritization to medium Set the CAR to nine million bps Set the burst saf...

Page 716: ...ing is the configuration Figure 31 3 Burst Safe Configuration corporationtwo com corporationone com lawoffices com CAR 9000000 Burst Safe 1000000 MAN Customers customerflow1 181 171 161 15 171 161 151...

Page 717: ...iority rs config qos set ip customerflow1 high 181 171 161 15 24 100 99 98 97 Apply the burst safe service rs config service customergroup1 apply rate limit mf classifier interface customergroup1 sour...

Page 718: ...address netmask 1 1 1 1 8 interface create ip ipclient2 vlan client2 address netmask 3 3 3 3 8 interface create ip backbone vlan backbone address netmask 2 2 2 2 8 acl 100 permit ip 1 2 2 2 acl 200 pe...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands