Alcatel-Lucent 7750 SR-OS Скачать руководство пользователя страница 414 | Manualshive

Страница: 414 / 674

background image

ACL Filter Policy Overview

Page 414

7750 SR OS Router Configuration Guide

Figure 16: IOM/CPM Filter Policy Using an Address Prefix Match List

Note:

The hardware resource usage does not change whether filter match lists are used or whether

operator creates multiple entries (each per one element of the list): however, a careful
consideration must be given to how the lists are used to ensure only desired match permutations
are created in a filter policy entry (especially when other matching criteria that are also lists or
ranges are specified in the same entry). The system verifies that a new list element, for example, an
IP address prefix, cannot be added to a given list or a list cannot be used by a new filter policy
unless resources exist in hardware to implement the required filter policy (ies) that reference that
list. If that is not the case, addition of a new element to the list or use of the list by another policy
will fail.

Some use cases like those driven by dynamic policy changes, may result in acceptance of filter
policy configuration changes that cannot be programmed in hardware because of the resource
exhaustion. If that is the case, when attempting to program a filter entry that uses a match list(s),
the operation will fail, the entry will be not programmed, and a notification of that failure will be
provided to an operator.

Please refer to SROS Release Notes for what objects can be grouped into a filter match list for
IOM and CPM filter policies.

Auto-generation of Filter-policy Address Prefix Match Lists

It is often desired to automatically update a filter policy when the configuration on a router
changes. To allow such a touch-less filter policy management, SROS allows auto-generation of
address prefixes for IPv4 or IPv6 address prefix match lists based on operator-configured criteria.
When the configuration on a router changes, the match lists address prefixes are automatically
updated and, in-turn, all filter policies (CPM or IOM) that use these match lists are automatically
updated.

Entry K
match: IPv4 Prefix List A

CPM Filter

IOM Filters

OSSG730

Entry M
match: IPv4 Prefix List A

IPv4 Prefix 1

IPv4 Prefix 2

IPv4 Prefix N

IPv4 Prefix List A

«
...
412
413
414
415
416
...
»

Содержание 7750 SR-OS

Страница 1: ...01 Alcatel Lucent Alcatel Lucent and the Alcatel Lucent logo are trademarks of Alcatel Lucent All other trademarks are the property of their respective owners The information presented is subject to c...

Страница 2: ...ritten permission from Alcatel Lucent Alcatel Lucent Alcatel Lucent and the Alcatel Lucent logo are trademarks of Alcatel Lucent All other trademarks are the property of their respective owners The in...

Страница 3: ...ng an Inactive BGP Route from a VPRN 41 DHCP Relay 42 Internet Protocol Versions 43 IPv6 Applications 45 DNS 47 IPv6 Provider Edge Router over MPLS 6PE 48 Bi directional Forwarding Detection 50 BFD Co...

Страница 4: ...ence 93 Configuration Commands 109 Generic Commands 109 Router Global Commands 110 Router L2TP Commands 129 Router Interface Commands 149 Router Advertisement Commands 194 Show Commands 201 L2TP Show...

Страница 5: ...eral 324 Configuring VRRP with CLI 325 VRRP Configuration Overview 326 Preconfiguration Requirements 326 Basic VRRP Configurations 327 VRRP Policy 327 VRRP IES Service Parameters 328 Configure VRRP fo...

Страница 6: ...irection Captive Portal 419 ISID Filters 422 VID Filters 423 Arbitrary Bit Matching of VID Filters 425 Port Group Configuration Example 426 Creating and Applying ACL Policies 427 Applying Filters 429...

Страница 7: ...er Commands 485 Filter Log Commands 486 ACL Filter Policy Commands 489 General Filter Entry Commands 494 IP v4 v6 Filter Entry Commands 496 Match List Configuration Commands 512 MAC Filter Entry Comma...

Страница 8: ...owd Collectors 618 Version 9 and Version 10 Templates 619 Enabling Cflowd on Interfaces and Filters 629 Specifying Cflowd Options on an IP Interface 630 Interface Configurations 630 Service Interfaces...

Страница 9: ...CP Value Table 432 Table 10 IP Option Values 435 Table 11 MAC Match Criteria Exclusivity Rules 439 Cflowd Table 12 Template Set 619 Table 13 Basic IPv4 Template 619 Table 14 MPLS IPv4 Template 620 Tab...

Страница 10: ...Page 10 7750 SR OS Router Configuration Guide List of Tables...

Страница 11: ...cy Management Example 411 Figure 15 IOM CPM Filter Policy using Individual Address Prefixes 413 Figure 16 IOM CPM Filter Policy Using an Address Prefix Match List 414 Figure 17 Embedded Filter Policy...

Страница 12: ...Page 12 7750 SR OS Router Configuration Guide List of Figures...

Страница 13: ...nd provides concepts and descriptions of the implementation flow as well as Command Line Interface CLI syntax and command usage Audience This manual is intended for network administrators who are resp...

Страница 14: ...es 7750 SR OS MPLS Guide This guide describes how to configure Multiprotocol Label Switching MPLS and Label Distribution Protocol LDP 7750 SR OS Services Guide This guide describes how to configure se...

Страница 15: ...Preface 7750 SR OS Router Configuration Guide Page 15 This guide describes all supported RADIUS Authentication Authorization and Accounting attributes...

Страница 16: ...eller contact the technical support staff for that distributor or reseller for assistance If you purchased an Alcatel Lucent service agreement contact your welcome center at Web http www alcatel lucen...

Страница 17: ...d in an overall logical configuration flow Each section describes a software area and provides CLI syntax and command usage to configure parameters for a functional area Table 1 Configuration Process...

Страница 18: ...Getting Started Page 18 7750 SR OS Router Configuration Guide...

Страница 19: ...o configure basic router parameters Topics in this chapter include Configuring IP Router Parameters on page 20 Interfaces on page 20 Autonomous Systems AS on page 37 Confederations on page 38 Proxy AR...

Страница 20: ...ollowing router features can be configured Interfaces on page 20 Creating an IP Address Range on page 24 Autonomous Systems AS on page 37 Confederations on page 38 Proxy ARP on page 40 Refer to 7750 S...

Страница 21: ...nterfaces in this context Network domains are not applicable to loopback and system interfaces The network domain information will only be used for ingress VPLS sap queue allocation It will not be tak...

Страница 22: ...ssociated during the configuration of the following entities The termination point of service tunnels The hops when configuring MPLS paths and LSPs The addresses on a target router for BGP and LDP pee...

Страница 23: ...address prefix In loose mode uRPF checks whether the packet has a source address with a corresponding prefix in the routing table loose mode does not check whether the interface expects to receive a p...

Страница 24: ...ices When defining a range that is a superset of a previously defined service prefix the subset will be replaced with the superset definition For example if a service prefix exists for 10 10 10 0 24 a...

Страница 25: ...l application of QPPB a BGP route is advertised with a BGP community attribute that conveys a particular QoS Routers that receive the advertisement accept the route into their routing table and set th...

Страница 26: ...network and these traffic flows can be identified with known routes For example the operator of an ISP network may want to give priority to traffic originating in a particular ASN the ASN of a conten...

Страница 27: ...tent Provider AS 300 Route Policy Accept all routes with AS_PATH ending with ASN 300 and set fcto high 1 QoSPolicy Lookup the destination IP address of all packets arriving on this interface to determ...

Страница 28: ...y low high The use of this command is illustrated by the following example config router policy options begin community gold members 300 100 policy statement qppb_policy entry 10 from protocol bgp com...

Страница 29: ...instance QPPB is supported for BGP routes belonging to any of the address families listed below IPv4 AFI 1 SAFI 1 IPv6 AFI 2 SAFI 1 VPN IPv4 AFI 1 SAFI 128 VPN IPv6 AFI 2 SAFI 128 Note that a VPN IP...

Страница 30: ...show router static route This feature uses a qos keyword to the show router route table command When this option is specified the output includes an additional line per route entry that displays the...

Страница 31: ...oup interfaces config service ies sub if grp if When the qos route lookup command with the destination parameter is applied to an IP interface and the destination address of an incoming IP packet matc...

Страница 32: ...nd priority of a packet matching an ECMP route is based on the particular next hop used to forward the packet When Edge PIC 1 is enabled some BGP routes may have a backup next hop in the forwarding ta...

Страница 33: ...fc2 is explicitly configured in or out and fc2 is not mapped to a priority mode queue then the packet is assigned this profile state In both cases there is no consideration of whether or not fc1 was m...

Страница 34: ...from original dot1p exp DSCP mapping or policy default From new base FC From original FC and sub class Policer Policer From new base FC unless overridden by DE 1 If DE 1 override then low otherwise fr...

Страница 35: ...base FC From original FC and sub class Profile mode queue Policer From new base FC unless overridden by DE 1 If DE 1 override then low otherwise from QPPB If no DEI or QPPB overrides then follows ori...

Страница 36: ...g table manager instance There are several ways to obtain the router ID On each router the router ID can be derived in the following ways Define the value in the config router router id context The va...

Страница 37: ...area no routing information obtained from outside the area can be used This protects intra area routing from the injection of bad routing information Routers that belong to more than one area are call...

Страница 38: ...uch as next hop metric and local preference settings are preserved The confederation appears and behaves like a single AS Confederations have the following characteristics A large AS can be sub divide...

Страница 39: ...confederations must be explicitly created Figure 2 depicts a confederation configuration example Figure 2 Confederation Configuration SRSG005 Confederation Member 1 Confederation Member 2 ALA D ALA B...

Страница 40: ...to support DSLAM and other edge like environments proxy ARP supports policies that allow the provider to configure prefix lists that determine for which target networks proxy ARP will be attempted and...

Страница 41: ...guration option that allows the best BGP route learned by a VPRN to be exported as a VPN IP route even when that BGP route is inactive due to the presence of a more preferred BGP VPN route from anothe...

Страница 42: ...IP Router Parameters Page 42 7750 SR OS Router Configuration Guide DHCP Relay Refer to 7750 SROS Triple Play Guide for information about DHCP and support provided by the 7750 SR as well as configurati...

Страница 43: ...defined that is used to send a packet to any one of a group of nodes Header format simplification Some IPv4 header fields have been dropped or made optional to reduce the common case processing cost o...

Страница 44: ...s zero the payload length is carried in a jumbo payload hop by hop option Next Header 8 bit selector Identifies the type of header immediately following the IPv6 header This field uses the same values...

Страница 45: ...ternet exchange peering Figure 4 shows an IPv6 Internet exchange where multiple ISPs peer over native IPv6 Figure 4 IPv6 Internet Exchange IPv6 transit services Figure 5 shows IPv6 transit provided by...

Страница 46: ...nt router supports dynamic IPv6 over IPv4 tunneling The ipv4 source and destination address are taken from configuration the source address is the ipv4 system address and the ipv4 destination is the n...

Страница 47: ...The DNS client is extended to use IPv6 as transport and to handle the IPv6 address in the DNS AAAA resource record from an IPv4 or IPv6 DNS server An assigned name can be used instead of an IPv6 addre...

Страница 48: ...quires no backbone infrastructure upgrades and no re configuration of core routers because forwarding is purely based on MPLS labels 6PE is a cost effective solution for IPv6 deployment Figure 8 Examp...

Страница 49: ...prefixes that it advertises and can accept an arbitrary label from its peers LDP is used to create the MPLS full mesh between the 6PE routers and the IPv4 addresses that are embedded in the next hop...

Страница 50: ...rding Detection that allows either of the two systems to send a sequence of BFD echo packets to the other system which loops them back within that system s forwarding plane If a number of these echo p...

Страница 51: ...e protocol The initial protocol version is 0 Diag A diagnostic code specifying the local system s reason for the last transition of the session from Up to some other state Possible values are 0 No dia...

Страница 52: ...if that value is unknown Desired Min TX Interval This is the minimum interval in microseconds that the local system would like to use when transmitting BFD control packets Required Min RX Inter val Th...

Страница 53: ...ence process This greatly accelerates the overall RSVP TE response to network failures All encapsulation types supporting IPv4 and IPv6 is supported as all BFD packets are carried in IPv4 and IPv6 pac...

Страница 54: ...ss in the packet The echo function is useful when the local router does not have sufficient CPU power to handle a periodic polling rate at a high frequency As a result it relies on the echo sender to...

Страница 55: ...erfaces IES Over Spoke SDP One application for a central BFD implementation is so BFD can be supported over spoke SDPs used to inter connection IES or VPRN interfaces When there are spoke SDPs for int...

Страница 56: ...or IES VPRN over Spoke SDP Fig_31 Metro POP 1 Metro POP 2 Metro POP 4 Metro POP 3 Primary Path BFD Secondary Path Note In this case BFD is run between the IES VPRN interfaces independent of the SPD LS...

Страница 57: ...failure detection In this application the BFD session can run between the IP interfaces associated with the LAG or VSM interface but there is only one session between the two nodes There is no requir...

Страница 58: ...ion Guide Aggregate Next Hop This feature adds the ability to configure an indirect next hop for aggregate routes The indirect next hop specifies where packets will be forwarded if they match the aggr...

Страница 59: ...st be assigned to each IP interface System interface This creates an association between the logical IP interface and the system loopback address The system interface address is the circuitless addres...

Страница 60: ...nfederations can be configured before protocol connections such as BGP and peering parameters are configured IPv6 interfaces and associated routing protocols may only be configured on the following sy...

Страница 61: ...n page 64 Configuring Interfaces on page 65 Configuring a System Interface on page 65 Configuring a Network Interface on page 65 Configuring IPv6 Parameters on page 67 Configuring Proxy ARP on page 80...

Страница 62: ...em interface Configure appropriate routing protocols A system interface and network interface should be configured System Interface The system interface is associated with the network entity such as a...

Страница 63: ...PF and BGP The most basic router configuration must have the following System name System address The following example displays a router configuration A ALA A config info Router Configuration router...

Страница 64: ...onfigure a name for the device The name is used in the prompt string Only one system name can be configured If multiple system names are configured the last one configured will overwrite the previous...

Страница 65: ...eleted Configuring a System Interface To configure a system interface CLI Syntax config router interface interface name address ip address mask ip address netmask broadcast all ones host ones secondar...

Страница 66: ...onfiguration interface system address 10 10 0 4 32 exit interface to ALA 2 address 10 10 24 4 24 port 1 1 1 egress filter ip 10 exit exit A ALA A config router To enable CPU protection CLI Syntax conf...

Страница 67: ...ipv6 info detail port 1 2 37 ipv6 packet too big 100 10 param problem 100 10 redirects 100 10 time exceeded 100 10 unreachables 100 10 exit A ALA 49 config router if ipv6 exit all Use the following CL...

Страница 68: ...l Endpoint IPv4 System Address on page 74 Configuring an IPv4 BGP Peer on page 75 An Example of a IPv6 Over IPv4 Tunnel Configuration on page 76 Tunnel Ingress Node This configuration shows how the in...

Страница 69: ...nterface ip int name address ip address mask ip address netmask broad cast all ones host ones ipv6 address ipv6 address prefix length eui 64 The following displays configuration output showing interfa...

Страница 70: ...splays the OSPF configuration to learn the IPv4 system address of the tunnel endpoint CLI Syntax config router ospf area area id interface ip int name The following displays a configuration showing OS...

Страница 71: ...icy name policy name upto 5 max router id ip address group name family ipv4 vpn ipv4 ipv6 mcast ipv4 type internal external neighbor ip address local as as number private peer as as number The followi...

Страница 72: ...IPv6 routes into BGP CLI Syntax config router bgp export policy name policy name upto 5 max router id ip address group name family ipv4 vpn ipv4 ipv6 mcast ipv4 type internal external neighbor ip add...

Страница 73: ...e configured CLI Syntax config router configure router static route C8C8 C801 128 indirect 200 200 200 1 interface ip int name address ip address mask ip address netmask broad cast all ones host ones...

Страница 74: ...displays the OSPF configuration to learn the IPv4 system address of the tunnel endpoint CLI Syntax config router ospf area area id interface ip int name The following displays OSPF configuration info...

Страница 75: ...name policy name upto 5 max router id ip address group name family ipv4 vpn ipv4 ipv6 mcast ipv4 type internal external neighbor ip address local as as number private peer as as number The following...

Страница 76: ...outes into BGP CLI Syntax config router bgp export policy name policy name upto 5 max router id ip address group name family ipv4 vpn ipv4 ipv6 mcast ipv4 type internal external neighbor ip address lo...

Страница 77: ...ent interval seconds min advertisement interval seconds mtu mtu bytes other stateful configuration prefix ipv6 prefix prefix length autonomous on link preferred lifetime seconds infinite valid lifetim...

Страница 78: ...if info address 10 11 10 1 24 port 1 3 37 ipv6 address 10 1 24 exit A ALA 49 config router if An Example of a IPv6 Over IPv4 Tunnel Configuration The IPv6 address is the next hop as it is received th...

Страница 79: ...ALA 49 configure router info policy options policy statement ospf3 description Plcy Stmnt For From ospf3 To bgp entry 10 description Entry From Protocol ospf3 To bgp from protocol ospf3 exit to protoc...

Страница 80: ...mation about route policies refer to the OS Routing Protocols Guide Apply the policy statement to the proxy arp configuration in the config router interface context CLI Syntax config router policy opt...

Страница 81: ...it default action accept exit exit A ALA 49 config router policy options Use the following CLI to configure proxy ARP CLI Syntax config router interface interface name local proxy arp proxy arp policy...

Страница 82: ...esponding to all prefixes for which it activated an LDP FEC For a given prefix two route entries are populated in RTM One corresponds to the LDP shortcut next hop and has an owner of LDP The other one...

Страница 83: ...Shortcut Forwarding Plane Once LDP activated a FEC for a given prefix and programmed RTM it also programs the ingress Tunnel Table in IOM with the LDP tunnel information When an IPv4 packet is receiv...

Страница 84: ...e The transit message appears as a user packet to the ingress LER node A locally generated response to a received ICMP ping or trace route message All other control plane packets that require an RTM l...

Страница 85: ...ust assume it is an egress LER for the FEC until the route disappears from the routing table or the next hop advertised a binding for the FEC prefix In the latter case the SR OS router becomes a trans...

Страница 86: ...onfigured protocols are not automatically restarted with the new router ID The next time a protocol is initialized the new router ID is used An interim period of time can occur when different protocol...

Страница 87: ...the following CLI syntax to configure a confederation CLI Syntax config router confederation confed as num members member as num The following example displays the commands to configure the confedera...

Страница 88: ...ntax to configure an autonomous system CLI Syntax config router autonomous system as number The following displays an autonomous system configuration example A ALA A config router info IP Configuratio...

Страница 89: ...SFMs are being actively used when there is an SFM failure multicast traffic needs to be rerouted around the node Some scenarios include There is only one SFM installed in the system One SFM active or...

Страница 90: ...mes are configured the last one configured will overwrite the previous entry Use the following CLI syntax to change the system name CLI Syntax config system name system name The following example disp...

Страница 91: ...LA A config router if address 10 0 0 25 24 A ALA A config router if no shutdown To modify a port perform the following steps Example A ALA A config router interface to sr1 A ALA A config router if shu...

Страница 92: ...e an interface can be deleted 1 Before an IP interface can be deleted it must first be administratively disabled with the shutdown command 2 After the interface has been shut down it can then be delet...

Страница 93: ...mand Hierarchies Configuration Commands Router Commands on page 94 Router L2TP Commands on page 96 Router Interface Commands on page 99 Router Interface IPv6 Commands on page 102 Router Advertisement...

Страница 94: ...r id service prefix ip prefix mask ip prefix netmask exclusive no service prefix ip prefix mask ip prefix netmask sgt qos application dscp app name dscp dscp value dscp name application dot1p app name...

Страница 95: ...ig router bfd bfd template name create bfd template name transmit interval transmit interval no transmit interval receive interval receive interval no receive interval cv tx transmit interval no cv tx...

Страница 96: ...val hello interval no hello interval idle timeout idle timeout no idle timeout lns group lns group id no lns group load balance method per session per tunnel no load balance method local address ip ad...

Страница 97: ...imeout infinite no idle timeout load balance method per session per tunnel no load balance method local address ip address no local address local name host name no local name max retries estab max ret...

Страница 98: ...figuration Guide configure router l2tp tunnel selection blacklist add tunnel never add tunnel on reason reason upto 8 max no add tunnel add tunnel max list length count no max list length max time min...

Страница 99: ...on no cflowd cpu protection policy id no cpu protection delayed enable seconds no delayed enable description description string no description dist cpu protection policy name no dist cpu protection eg...

Страница 100: ...stance instance id ingress fp redirect group queue group name ingress instance instance id no qos no remote proxy arp secondary ip addr mask ip addr netmask broadcast all ones host ones igp inhibit no...

Страница 101: ...ute next hop policy no template template name include group group name pref pref no include group group name no exclude group group name no srlg enable protection type link node no protection type nh...

Страница 102: ...np no bfd icmp6 packet too big number seconds no packet too big param problem number seconds no param problem redirects number seconds no redirects time exceeded number seconds no time exceeded unreac...

Страница 103: ...advertisement interval min advertisement interval seconds no min advertisement interval mtu mtu bytes no mtu no other stateful configuration prefix ipv6 prefix prefix length no autonomous no on link p...

Страница 104: ...ip int name mac ieee address interface ip address ip int name statistics interface dist cpu protection detail interface policy accounting class index l2tp group tunnel group name statistics group conn...

Страница 105: ...ame all next hop type type qos alternative route table family summary route table tunnel endpoints ip prefix prefix length longer exact detail rtr advertisement interface interface name prefix ipv6 pr...

Страница 106: ...ess dhcp6 statistics ip int name ip address forwarding table slot number grt lookup icmp redirect route all ip address icmp6 all icmp6 global icmp6 interface interface name interface ip int name ip ad...

Страница 107: ...ame router router instance ip no arp icmp no icmp icmp6 ip int name no icmp6 no interface ip int name ip address no neighbor packet ip int name ip address headers protocol id no packet ip int name ip...

Страница 108: ...IP Router Command Reference Page 108 7750 SR OS Router Configuration Guide...

Страница 109: ...onfiguration file shutdown and no shutdown are always indicated in system generated configuration files The no form of the command puts an entity into the administratively enabled state Default no shu...

Страница 110: ...te The use of aggregate routes can reduce the number of routes that need to be advertised to neighbor routers leading to smaller routing table sizes Overlapping aggregate routes may be configured in t...

Страница 111: ...r as number ip address This optional parameter specifies the BGP aggregator path attribute to the aggregate route When configuring the aggregator a two octet AS number used to form the aggregate route...

Страница 112: ...num members as number as number up to 15 max no confederation confed as num members as number up to 15 max Context config router Description This command creates confederation autonomous systems withi...

Страница 113: ...rameters max ecmp routes The maximum number of equal cost routes allowed on this routing table instance expressed as a decimal integer Setting ECMP max ecmp routes to 1 yields the same result as enter...

Страница 114: ...on The no form of this command disables the IP FRR feature on the system Default no ip fast reroute mc maximum routes Syntax mc maximum routes number log only threshold threshold no mc maximum routes...

Страница 115: ...igured LSPs THe range is configured as follows The minimum value of label is always 32 The maximum value in the range is then 32 number The allowed values of number are as follows for max lsp labels V...

Страница 116: ...rm of the command removes the description string from the context Default no description Parameters string The description character string Allowed values are any string up to 80 characters long compo...

Страница 117: ...addresses using service prefix is to provide a mechanism to reserve one or more address ranges for services When services are defined the address must be in the range specified as a service prefix If...

Страница 118: ...tion dscp app name dscp dscp value dscp name application dot1p app name dot1p dot1p priority no application dscp app name dot1p app name Context config router sgt qos Description This command configur...

Страница 119: ...cp53 cp54 cp55 cp57 cp58 cp59 cp60 cp61 cp62 cp63 fc name Specifies the forward class name Values be l2 af l1 h2 ef h1 nc bfd template Syntax bfd template name create no bfd template name Context con...

Страница 120: ...emplate Description This command specifies the receive timer used for BFD packets If the template is used for a BFD session on an MPLS TP LSP then this timer is used for CC packets Default no receive...

Страница 121: ...plier Syntax multiplier multiplier no multiplier Context config router bfd bfd template Description This command specifies the detect multiplier used for a BFD session If a BFD control packet is not r...

Страница 122: ...m overload Context config router Description This command if enabled will cause the OSPF for the service to enter an overload state when the node has fewer than the full set of SFMs functioning Once a...

Страница 123: ...e check test will be removed from the associated static route Default No static routes are defined Parameters ip prefix prefix length The destination address of the static route Values ipv4 prefix a b...

Страница 124: ...ined by the configuration of the ecmp command prefix list prefix list name all none Specifies the prefix list to be considered metric metric The cost metric for the static route expressed as a decimal...

Страница 125: ...ess specified the respective defaults for preference and metric will be applied The ip addr configured can be either on the network or the access side and is normally at least one hop away from this n...

Страница 126: ...ndirect or blackhole keywords are specified The remote end of the BFD session must also be configured to originate or accept the BFD session controlling the static route state mcast family Enables sub...

Страница 127: ...e ability to log transitions between active and in active based on the CPE connectivity check Events should be sent to the system log syslog and SNMP traps Sample Output B Dut C configure router manag...

Страница 128: ...hop is allowed with any extra parameters B Dut C config router show router management static static arp static route B Dut C config router show router management static route Static Route Table Route...

Страница 129: ...This command what string to put in the Calling Number AVP for L2TP control messages related to a session in this L2TP protocol instance Parameters ascii spec Specifies the L2TP calling number AVP Valu...

Страница 130: ...eference level In case that the tunnel spec selection algorithm evaluates into a tunnel that is currently unavailable for example tunnel in a blacklist then the selection algorithm will try to select...

Страница 131: ...t in case that CDN message with the Result Codes 6 Invalid destination is received cdn tmp no facilities A tunnel will be forced to the blacklist in case that CDN message with the Result Code 4 is rec...

Страница 132: ...er address than the one initially configured never When specified no tunnels will be placed on blacklist under any circumstance This parameter will available to preserve backward compatibility max lis...

Страница 133: ...max period of time Values remove from blacklist The peer or tunnel in the blacklist will be removed completely from the blacklist and made eligible for the selection process once the max time expires...

Страница 134: ...w peer IP address and does not change the destination address insubsequent L2TP messages reject Specifies that this system rejects any source IP address change of received L2TP control messages and dr...

Страница 135: ...e tunnel between the LAC and LNS There is a one to one relationship between established L2TP sessions and their associated calls Parameters session limit Specifies the number of sessions allowed Defau...

Страница 136: ...removes the value from the configuration Default no destruct timeout Parameters destruct timeout Specifies the automatic removal of dynamic L2TP sessions in seconds that are no longer active Default...

Страница 137: ...ns group lns group id no lns group Context config router l2tp group Description This command configures the ISA LNS group Parameters lns group id Specifies the LNS group ID Values 1 4 load balance met...

Страница 138: ...uring the authentication phase of tunnel establishment It can be used to distinguish tunnels The no form of the command removes thename from the configuration Default local name Parameters host name S...

Страница 139: ...7 password Syntax password password hash hash2 no password Context config router l2tp group config router l2tp group tunnel Description This command configures the password between L2TP LAC and LNS Th...

Страница 140: ...hentication policy Context config router l2tp group ppp Description This command configures the authentication policy Parameters auth policy name Specifies the authentication policy name Values 32 cha...

Страница 141: ...ntax mtu mtu bytes no mtu Context config router l2tp group ppp Description This command configures the maximum PPP MTU size Parameters mtu bytes Specifies in bytes the maximum PPP MTU size Values 512...

Страница 142: ...ed between the available tunnels If necessary new tunnels are set up until the maximum number is reached The distribution aims at an equal ratio of the actual number of sessions to the maximum number...

Страница 143: ...tunnel Description This command specifies if this tunnel is to be automatically set up by the system no auto establish avp hiding Syntax avp hiding never sensitive always no avp hiding Context config...

Страница 144: ...Syntax hello interval hello interval hello interval infinite no hello interval Context config router l2tp group tunnel Description This command configures the number of seconds between sending Hellos...

Страница 145: ...2tp group tunnel Description This command configures a preference number that indicates the relative preference assigned to a tunnel when using a weighted session assignment The no form of the command...

Страница 146: ...to the blacklist in case that CDN message with the Result Codes 6 Invalid destination is received cdn tmp no facilities A tunnel will be forced to the blacklist in case that CDN message with the Resul...

Страница 147: ...configured never When specified no tunnels will be placed on blacklist under any circumstance This parameter will available to preserve backward compatibility max list length Syntax max list length u...

Страница 148: ...he max period of time Values remove from blacklist The peer or tunnel in the blacklist will be removed completely from the blacklist and made eligible for the selection process once the max time expir...

Страница 149: ...S TP LSPs IP routing protocols are blocked on interfaces of this type If an interface is configured as unnumbered mpls tp then it can only be associated with an Ethernet port or VLAN using the port co...

Страница 150: ...nfiguration Guide unnumbered mpls tp then it can only be associated with an Ethernet port or VLAN using the port command Either a unicast multicast or broadcast remote MAC address may be configured us...

Страница 151: ...MPLS LSPs that explicitly reference that IP address When a new IP address is defined interface specific configurations for MPLS RSVP will need to be re added If the no form of the command is executed...

Страница 152: ...roadcast address This is an IP address that corresponds to the local subnet described by the ip addr and the mask length or mask with all the host bits set to binary 1 This is the default broadcast ad...

Страница 153: ...rm of the command reverts to the default value Default 14400 seconds 4 hours Parameters seconds The minimum number of seconds a learned ARP entry is stored in the ARP table expressed as a decimal inte...

Страница 154: ...s the minimum echo receive interval in milliseconds for the session Values 100 100000 Default 0 type cpm np Selects the CPM network processor as the local termination point for the BFD session See Imp...

Страница 155: ...g CPU protection policy for the interface The CPU protection policies are configured in the config sys security cpu protection policy cpu protection policy id context Parameters policy id Specifies an...

Страница 156: ...e destination address port dst ip Specifies using destination address and if l4 load balancing is enabled destination port in the hash ignore source address port enable ingress stats Syntax no enable...

Страница 157: ...name group name upto 5 max Context config router interface Description This command configures interface SRLG Group memberships for this interface local proxy arp Syntax no local proxy arp Context co...

Страница 158: ...All user and specified control packets for which the longest prefix match in RTM yields the FEC prefix will be forwarded over the LDP LSP When an IPv4 packet is received on an ingress network interfa...

Страница 159: ...sed at the next flooding of link attributes by IGP However if the LDP synchronization timer is still running the new cost value will only be advertised after the timer expired Also the new cost value...

Страница 160: ...ocation algorithm checks whether the value present is IPv4 v6 0x0800 0r 0x0866D If the check passes the hash algorithm checks the first nibble at the expected IP header location for IPv4 IPv6 0x0100 0...

Страница 161: ...e This is to allow the reset of the network to reconverge after a router failure before the anycase based label assignments are flushed from the forwarding plane Values 0 65535 Default 90 network doma...

Страница 162: ...umber port_number format for example 1 1 3 specifies port 3 of the MDA installed in MDA slot 1 on the card installed in chassis slot 1 SONET SDH interfaces When the port id represents a POS interface...

Страница 163: ...uests Thus the 7750 SR OS configuration can state that if it has a packet that has a certain IP address to send it to the corresponding ARP address Default no proxy arp policy Parameters policy name T...

Страница 164: ...c and priority profile determined from the sap ingress or network qos policy associated with the IP interface If the source address of the incoming packet matches a route with no QoS information the f...

Страница 165: ...r forwarding class basis The no form of the command removes the network QoS policy association from the network IP interface and the QoS policy reverts to the default Default no qos Parameters network...

Страница 166: ...ow the prefix mask length The subnet mask length when the IP prefix is specified in CIDR notation When the IP prefix is specified in CIDR notation a forward slash separates the ip address from the mas...

Страница 167: ...ing IGP static arp Syntax static arp ip addr ieee mac addr unnumbered no static arp unnumbered Context config router interface Description This command configures a static Address Resolution Protocol...

Страница 168: ...te an interface that is configured with the strip label parameter with a port the port must be configured as single fiber for the command to be valid Default no strip label teid load balancing Syntax...

Страница 169: ...ce This is equivalent to executing the tos marking state trusted command Default trusted Parameters trusted The default prevents the ToS field to not be remarked by egress network IP interfaces unless...

Страница 170: ...riority associated with that route overriding the fc and priority profile determined from the sap ingress or network qos policy associated with the IP interface If the source address of the incoming p...

Страница 171: ...ck Syntax no urpf check Context config router if config router if ipv6 Description This command enables unicast RPF uRPF Check on this interface The no form of the command disables unicast RPF uRPF Ch...

Страница 172: ...mbine to create a local IP prefix The defined IP prefix must be unique within the context of the routing instance It cannot overlap with other existing IP prefixes defined as local subnets on other IP...

Страница 173: ...ion of the IP address the remainder of the IP address is used to determine the host portion of the IP address Allowed values are integers in the range 1 32 Note that a mask length of 32 is reserved fo...

Страница 174: ...interface Description This command creates the context to configure or apply IP interface attributes such as administrative group admin group or Shared Risk Loss Group SRLG admin group Syntax admin gr...

Страница 175: ...cifies the integer value associated with the group The association of group name and value should be unique within an IP MPLS domain Values 0 31 admin group Syntax admin group group name group name up...

Страница 176: ...ll also exclude the SRLGs of the outgoing interface of the primary LSP path in the computation of the path of the FRR backup LSP This provides path disjointness between the primary path and the second...

Страница 177: ...ub TLVs when the traffic engineering option is enabled in IS IS or OSPF IES and VPRN interfaces do not have their attributes advertised in TE TLVs The no form of this command deletes one or more of th...

Страница 178: ...schedule a new LFA SPF to re compute the LFA next hop for the prefixes associated with these templates Parameters template name Specifies the name of the template up to 32 characters include group Sy...

Страница 179: ...gs to one of the groups in an include group statement but also belongs to other groups that are not part of any include group statement in the route next hop policy The pref option is used to provide...

Страница 180: ...rotection is preferred in the selection of an LFA next hop for all IP prefixes and LDP FEC prefixes to which a route next hop policy template is applied The default in SR OS implementation is node pro...

Страница 181: ...areas However the command in an OSPF interface context can only be executed under the area in which the specified interface is primary and then applied in that area and in all other areas where the i...

Страница 182: ...d creates a loopback interface for use in multihoming resiliency This address is considered the secondary multihoming address and is only used to resolve routes advertised by the primary router in the...

Страница 183: ...ter Configuration 7750 SR OS Router Configuration Guide Page 183 reconverge after a router failure before the anycast based label assignments are flushed from the forwarding plane Values 0 65535 Defau...

Страница 184: ...tering is performed flowspec Syntax no flowspec Context config router interface ingress Description This command enables IPv4 flowspec filtering on a network IP interface Filtering is based on all of...

Страница 185: ...ip ip filter ip ipv6 ipv6 filter id Context config router if ingress config router if egress Description This command associates an IP filter policy with an IP interface Filter policies control packe...

Страница 186: ...e router interface Default mask reply Replies to ICMP mask requests redirects Syntax redirects number seconds no redirects Context config router if icmp Description This command enables and configures...

Страница 187: ...the command disables the generation of TTL expired messages Default ttl expired 100 10 Maximum of 100 TTL expired message in 10 seconds Parameters number The maximum number of ICMP TTL expired message...

Страница 188: ...ration of ICMP destination unreachables on the router interface Default unreachables 100 10 Maximum of 100 unreachable messages in 10 seconds Parameters number The maximum number of ICMP unreachable m...

Страница 189: ...one Parameters ipv6 address prefix length Specify the IPv6 address on the interface Values ipv6 address prefix ipv6 address x x x x x x x x eight 16 bit pieces x x x x x x d d d d x 0 FFFF H d 0 255 D...

Страница 190: ...icmp6 Description This command configures the rate for ICMPv6 param problem messages Parameters number Limits the number of param problem messages issued per the time frame specifed in the seconds par...

Страница 191: ...the time frame in seconds that is used to limit the number of time exceeded messages issued per time frame Values 1 60 unreachables Syntax unreachables number seconds no unreachables Context config r...

Страница 192: ...discovery policy for the interface Parameters policy name The neighbor discovery policy name Allowed values are any string up to 32 characters long composed of printable 7 bit ASCII characters If the...

Страница 193: ...ameters ipv6 address The IPv6 address assigned to a router interface Values ipv6 address x x x x x x x x eight 16 bit pieces x x x x x x d d d d x 0 FFFF H d 0 255 D mac address Specifies the MAC addr...

Страница 194: ...d configures router advertisement properties on a specific interface The interface must already exist in the config router interface context Default No interfaces are configured by default Parameters...

Страница 195: ...Description This command configures the maximum interval between sending router advertisement messages Default 600 Parameters seconds Specifies the maximum interval in seconds between sending router...

Страница 196: ...for IPv6 Default no other stateful configuration prefix Syntax no prefix ipv6 prefix prefix length Context config router router advert if Description This command configures an IPv6 prefix in the rout...

Страница 197: ...ions but packets received on such an interface are processed as expected Default 604800 Parameters seconds Specifies the remaining length of time in seconds that this prefix will continue to be prefer...

Страница 198: ...ax retransmit timer milli seconds no retransmit timer Context config router router advert if Description This command configures the retransmission frequency of neighbor solicitation messages Default...

Страница 199: ...if Description This command enables sending router advertisement messages using the VRRP virtual MAC address provided that the virtual router is currently the master If the virtual router is not the m...

Страница 200: ...Router Advertisement Commands Page 200 7750 SR OS Router Configuration Guide...

Страница 201: ...ity NextHopType 10 0 0 0 8 0 0 0 0 0 False False Inactive 100 33 Blackhole No of Aggregates 1 A CPM133 config router arp Syntax arp ip int name ip address mask mac ieee mac address summary local dynam...

Страница 202: ...outer ARP 10 10 0 3 ARP Table IP Address MAC Address Expiry Type Interface 10 10 0 3 04 5d ff 00 00 00 00 00 00 Oth system A ALA A A ALA A show router ARP to ser1 Label Description IP Address The IP a...

Страница 203: ...command displays interface or policy authentication statistics Parameters interface ip int name ip address Specifies an existing interface name or IP address Values ip int name 32 chars max ip addres...

Страница 204: ...00 100 3 122 1 4 2 pim 455 464 iom No of BFD sessions 2 A Dut D A Dut C show router bfd session src 11 120 1 4 dest 11 120 1 3 BFD Session Remote Address 11 120 1 3 Admin State Up Oper State Up 3 Prot...

Страница 205: ...nterface Lsp Name State Tx Intvl Rx Intvl Multipl Remote Address Info Protocols Tx Pkts Rx Pkts Type wp lsp 32 Down 1 1000 1000 3 0 0 0 0 0 mplsTp N A N A cpm np wp lsp 33 Down 1 1000 1000 3 0 0 0 0 0...

Страница 206: ...p Protecting path interface Syntax interface interface name Context show router bfd Description This command displays interface information Output BFD interface Output The following table describes th...

Страница 207: ...he session type Values iom central cpm np Output BFD Session Output The following table describes the show BFD session output fields Sample Output A Dut B show router bfd session BFD Session Label Des...

Страница 208: ...ols static bgp Rx Interval 10 Tx Interval 10 Multiplier 3 Echo Interval 0 Up Time 0d 07 24 54 Up Transitions 1 Down Time None Down Transitions 0 Version Mismatch 0 Forwarding Information Local Discr 2...

Страница 209: ...0 3 10 2 1 3 pim isis 51529 51279 iom port 1 3 Up 3 500 500 3 10 3 1 3 pim isis 51529 51279 iom port 1 4 Up 3 500 500 3 10 4 1 3 pim isis 51529 51279 iom port 1 5 Up 3 500 500 3 10 5 1 3 pim isis 5152...

Страница 210: ...dhcp Context show router Description This command enables the context to display DHCP related information dhcp6 Syntax dhcp6 Context show router Description This command enables the context to displa...

Страница 211: ...CP clients Transmitted Pack ets The number of packets transmitted to the DHCP clients Received Mal formed Packets The number of malformed packets received from the DHCP clients Received Untrusted Pack...

Страница 212: ...ge 0 15 No Server Id option in msg from server 0 16 Missing or illegal Client Id option in client msg 0 17 Server Id option in client msg 0 18 Server DUID in client msg does not match our own 0 19 Cli...

Страница 213: ...Up Up A ALA 1 ecmp Syntax ecmp Context show router Description This command displays the ECMP settings for the router Output ECMP Settings Output The following table describes the output fields for th...

Страница 214: ...Displays the router IP interface table to display Values ipv4 Displays only those peers that have the IPv4 family enabled ipv6 Displays the peers that are IPv6 capable ip prefix prefix length Display...

Страница 215: ...sport RSVP LSP 1 Total Entries 1 A Dut C show router fib 1 FIB Display Prefix Protocol NextHop 1 1 2 0 24 ISIS 1 1 3 1 to_Dut A 1 2 3 2 to_Dut B 1 1 3 0 24 LOCAL 1 1 3 0 to_Dut A 1 1 9 0 24 ISIS 1 1 3...

Страница 216: ...Commands Page 216 7750 SR OS Router Configuration Guide 20 12 0 46 32 STATIC vprn1 mda 3 1 100 0 0 1 32 TMS vprn1 mda 1 1 vprn1 mda 3 1 138 203 71 202 32 STATIC 10 12 0 2 itfToArborCP_02 Total Entrie...

Страница 217: ...s routes only matching the specified ip address and length Values ipv4 prefix a b c d host bits must be set to 0 ipv4 prefix length 0 32 ipv6 ipv6 prefix pref x x x x x x x x eight 16 bit pieces x x x...

Страница 218: ...ments 0 Neighbor Solicits 5 Neighbor Advertisements 5 A SR 3 show router auth Time Exceeded The number of messages that exceeded the time threshold Echo Request The number of echo requests Router Soli...

Страница 219: ...ded 0 Pkt Too Big 0 Echo Request 0 Echo Reply 0 Label Description Total The total number of all messages Destination Unreachable The number of message that did not reach the destination Time Exceeded...

Страница 220: ...ndex Parameters ip address Only displays the interface information associated with the specified IP address Values ipv4 address a b c d host bits must be 0 ipv6 address x x x x x x x x eight 16 bit pi...

Страница 221: ...3 04 Global If Index 30 Lag Link Map Prof none Label Description Interface Name The IP interface name Type n a No IP address has been assigned to the IP interface so the IP address type is not applica...

Страница 222: ...EID Load Balance Disabled uRPF Chk disabled uRPF Ipv6 Chk disabled PTP HW Assist Disabled Rx Pkts N A Rx Bytes N A Rx V4 Pkts N A Rx V4 Bytes N A Rx V6 Pkts N A Rx V6 Bytes N A Tx Pkts 410 Tx Bytes 40...

Страница 223: ...1 Unnumbered If system n a Interfaces 1 A ALA A show router interface Interface Table Router Base Interface Name Adm v4 v6 Opr v4 v6 Mode Port SapId IP Address PfxState ip 100 0 0 2 Up Up Up Up Networ...

Страница 224: ...F FE00 4 64 PREFERRED ip 22 2 4 4 Up Up Up Up Network 6 2 12 22 2 4 4 24 n a 3FFE 1602 404 120 PREFERRED FE80 200 FF FE00 4 64 PREFERRED ip 23 2 4 4 Up Up Up Up Network 6 2 13 23 2 4 4 24 n a 3FFE 170...

Страница 225: ...4 Pri 10 10 34 3 24 Up Up Network to ser5 Pri 10 10 35 3 24 Up Up Network to ser6 n a n a Up Down Network management Pri 192 168 2 93 20 Up Up Network A ALA A Detailed IP Interface Output The followin...

Страница 226: ...e interface in seconds which is the time an ARP entry is maintained in the ARP cache without being refreshed ICMP Mask Reply False The IP interface will not reply to a received ICMP mask request True...

Страница 227: ...out 14400 IP Oper MTU 1564 ICMP Mask Reply True Arp Populate Disabled Cflowd None LdpSyncTimer None Strip Label Disabled LSR Load Balance system uRPF Chk disabled uRPF Ipv6 Chk disabled PTP HW Assist...

Страница 228: ...ne IP Addr mask 20 12 0 46 32 Address Type Primary IGP Inhibit Disabled Broadcast Address Host ones HoldUp Time 0 Track Srrp Inst 0 Details Description tms 3 1 If Index 5 Virt If Index 5 Last Oper Chg...

Страница 229: ...is getting distributed to various It doesn t account for the pkts dropped in HW level Status TMS status could be Up Down Version TMS software version Mitigations Number of active mitigations on this T...

Страница 230: ...FE80 200 FF FE00 3 64 PREFERRED Details Description Not Specified If Index 3 Virt If Index 3 Last Oper Chg 01 27 2014 16 42 40 Global If Index 19 Lag Link Map Prof none Port Id 1 1 4 TOS Marking Trust...

Страница 231: ...xy ND Disabled Policies none Secure ND Details Secure ND Disabled ICMP Details Redirects Number 100 Time seconds 10 Unreachables Number 100 Time seconds 10 TTL Expired Number 100 Time seconds 10 IPCP...

Страница 232: ...Rx V6 Pkts N A Rx V6 Bytes N A Tx Pkts 0 Tx Bytes 0 Tx V4 Pkts 0 Tx V4 Bytes 0 Tx V4 Discard Pk 0 Tx V4 Discard Byt 0 Tx V6 Pkts 0 Tx V6 Bytes 0 Tx V6 Discard Pk 0 Tx V6 Discard Byt 0 uRPF Chk Fail P...

Страница 233: ...Tx Bytes 953088 Tx Discard Pkts 0 TMS Health Information Status Up Version Peakflow TMS 5 6 build BF42 Mitigations 1 Status message Unavailable Summary IP Interface Output The following table describ...

Страница 234: ...1 1 0 0 No of Routes 1 Flags L LFA nexthop available A SRR A SRR show router isis routes 1 1 1 0 24 alternative Route Table Prefix Flags Metric Lvl Typ Ver SysID Hostname NextHop MT AdminTag Alt Nexth...

Страница 235: ...LFA nexthop available A Dut B A Dut B show router isis routes alternative Route Table Prefix Flags Metric Lvl Typ Ver SysID Hostname NextHop MT AdminTag Alt Nexthop Alt Metric 10 20 1 2 32 0 1 Int 3 D...

Страница 236: ...32 Push 131069BU 1 1 1 10 10 1 2 10 20 1 3 32 Swap 131069 131069BU 1 1 1 10 10 1 2 10 20 1 3 32 Push 262143 1 1 2 10 10 2 3 10 20 1 3 32 Swap 131069 262143 1 1 2 10 10 2 3 10 20 1 4 32 Push 131068 1...

Страница 237: ...20 1 2 32 10 20 1 3 131070U 262141 1 1 2 10 10 2 3 10 20 1 3 32 10 20 1 2 131069U 131069 1 1 1 10 10 1 2 10 20 1 3 32 10 20 1 3 262143 1 1 2 10 10 2 3 10 20 1 4 32 10 20 1 2 131068N 131068 1 1 1 10 1...

Страница 238: ...min status Up three way hello N A hello interval N A hello multiplier 35 0 1 tracking support Disabled Improved Assert N A spmsi pim ssm 225 0 0 0 32 join tlv packing N A data delay interval 3 seconds...

Страница 239: ...domain name Context show router Description This command displays network domains information Parameters detail Displays detailed network domains information network domain name Displays information f...

Страница 240: ...Description Network domain 1 No Of Ifs Associated 2 No Of SDPs Associated 0 Network Domain default Description Default Network Domain No Of Ifs Associated 3 No Of SDPs Associated 0 A Dut T config rou...

Страница 241: ...st name to display the route policy entries as path name Specify the route policy AS path name to display route policy entries community name Specify a route policy community name to display informati...

Страница 242: ...IPv4 family enabled and not those capable of exchanging IP VPN routes ipv6 Displays the BGP peers that are IPv6 capable mcast ipv4 Displays the BGP peers that are IPv4 multicast capable mcast ipv6 Dis...

Страница 243: ...0 0 16 E Remote BGP VPN 00h06m38s 170 2 1 1 9 tunneled 0 No of Routes 4 Flags L LFA nexthop available B BGP backup route available E best external BGP route available n Number of times nexthop is rep...

Страница 244: ...le Router Base Dest Prefix Flags Type Proto Age Pref Next Hop Interface Name Metric 10 10 1 0 24 Local Local 00h01m25s 0 ip 10 10 1 2 0 10 10 2 0 24 L Remote ISIS 00h00m58s 15 10 10 12 3 13 10 10 3 0...

Страница 245: ...2 0 10 10 5 0 24 Remote ISIS 00h02m01s 15 10 10 12 3 13 10 10 1 1 LFA 20 10 10 6 0 24 Remote ISIS 00h02m01s 15 10 10 4 4 20 10 10 12 3 LFA 13 10 10 9 0 24 Remote ISIS 00h02m01s 15 10 10 4 4 20 10 10 1...

Страница 246: ...ute table Route Table Router Base Dest Prefix Type Proto Age Pref Next Hop Interface Name Metric 11 2 103 0 24 Remote OSPF 00h59m02s 10 21 2 4 2 2 11 2 103 0 24 Remote OSPF 00h59m02s 10 22 2 4 2 2 11...

Страница 247: ...of Routes 1 indicates that the route matches on a longer prefix A ALA A A Dut C show router route table Route Table Router Base Dest Prefix Flags Type Proto Age Pref Next Hop Interface Name Metric 1...

Страница 248: ...SPF 65844 1001 10 10 10 0 2 32 10 10 13 1 Remote OSPF 65844 2001 10 10 10 0 4 32 10 10 34 4 Remote OSPF 3523 1001 10 10 10 0 5 32 10 10 35 5 Remote OSPF 1084022 1001 10 10 10 12 0 24 10 10 13 1 Remote...

Страница 249: ...ge Pref Next Hop Interface Name Metric 10 20 1 5 32 Remote OSPF 00h03m55s 10 10 20 1 5 tunneled RSVP 1 100 No of Routes 1 A Dut C show router route table protocol tms Route Table Router Base Dest Pref...

Страница 250: ...by the router by protocol Total active and available routes are also displayed Sample Output A ALA A show router route table summary Route Table Summary Active Available Static 1 1 Direct 6 6 BGP 0 0...

Страница 251: ...eight 16 bit pieces x x x x x x d d d d x 0 FFFF H d 0 255 D prefix length 1 128 Output Router Advertisement Table Output The following table describes the output fields for router advertisement Labe...

Страница 252: ...Indicates that DHCPv6 is not available for address config uration Reachable Time The time in milliseconds that a node assumes a neighbor is reachable after receiving a reachability confirmation Retra...

Страница 253: ...166 Nbr Solicitation Rx 143 Max Advert Interval 601 Min Advert Interval 201 Managed Config TRUE Other Config TRUE Reachable Time 00h00m00s400ms Router Lifetime 00h30m01s Retransmit Time 00h00m00s400m...

Страница 254: ...r Config FALSE TRUE Reachable Time 00h00m00s0ms 00h00m00s400ms Router Lifetime 00h30m00s 00h30m01s Retransmit Time 00h00m00s0ms 00h00m00s400ms Hop Limit 64 63 Link MTU 0 1500 Prefix not present in nei...

Страница 255: ...h30m01s Retransmit Time 00h00m00s0ms 00h00m00s400ms Hop Limit 64 63 Link MTU 0 1500 Prefix not present in own router advertisement Prefix 2 120 Autonomous Flag TRUE On link flag TRUE Preferred Lifetim...

Страница 256: ...g table describes the output fields for the ARP table Sample Output A ALA A show router static arp ARP Table IP Address MAC Address Age Type Interface 10 200 0 253 00 00 5a 40 00 01 00 00 00 Sta to se...

Страница 257: ...router Description This command displays the static entries in the routing table If no options are present all static routes are displayed sorted by prefix Parameters family Specify the type of routin...

Страница 258: ...ddress and mask Pref The route preference value for the static route Metric The route metric value for the static route Type BH The static route is a black hole route The Nexthop for this type of rout...

Страница 259: ...ALA A show router static route preference 4 Route Table IP Addr mask Pref Metric Type Nexthop Interface Active 192 168 254 0 24 4 1 BH black hole n a Y A ALA A A ALA A show router static route next h...

Страница 260: ...ity 100 33 CPE check disabled No of Static Routes 1 service prefix Syntax service prefix Description This command displays the address ranges reserved by this node for services sorted by prefix Output...

Страница 261: ...specific application Values arp bgp cflowd dhcp dns ftp icmp igmp isis ldp mld msdp ndis ntp ospf pimradius rip rsvpsnmp snmp notification srrp ssh syslog tacplus telnet tftp traceroute vrrp pppoe dsc...

Страница 262: ...d operational states for the RIP protocol ISIS The administrative and operational states for the IS IS protocol MPLS The administrative and operational states for the MPLS protocol RSVP The administra...

Страница 263: ...1 Triggered Policies No A Performance A Performance configure router ospf 1 31 shutdown A Performance show router status Router Status Router Base Admin State Oper State Router Up Up OSPFv2 0 Up Up OS...

Страница 264: ...PIM not configured ECMP Max Routes 1 Single SFM Overload Enabled hold off 30 sec Single SFM State normal Single SFM Start 004 19 03 39 680 Single SFM Interval 0d 00 16 06 Triggered Policies No A Perf...

Страница 265: ...it means the MP BGP NH resolution is refering to the core routing instance for IP reachability For a VPRN service this object specifies the lookup to be used by the routing instance if no SDP to the d...

Страница 266: ...el Disabled Admin State Up Oper State Up Acct Pol None Collect Stats Disabled Ingress Label 0 Egress Label 3 Ingr Mac Fltr Id n a Egr Mac Fltr Id n a Ingr IP Fltr Id n a Egr IP Fltr Id n a Ingr IPv6 F...

Страница 267: ...ive Information Admin State Disabled Oper State Disabled Hello Time 10 Hello Msg Len 0 Max Drop Count 3 Hold Down Time 10 Statistics I Fwd Pkts 0 I Dro Pkts 0 I Fwd Octs 0 I Dro Octs 0 E Fwd Pkts 2979...

Страница 268: ...cvd 0 Cfg BPDUs tx 0 TCN BPDUs rcvd 0 TCN BPDUs tx 0 TC bit BPDUs rcvd 0 TC bit BPDUs tx 0 RST BPDUs rcvd 0 RST BPDUs tx 0 Number of SDPs 1 A Dut C show router tunnel table sdp 17407 Tunnel Table Rout...

Страница 269: ...IP Router Configuration 7750 SR OS Router Configuration Guide Page 269 LDP 1 1 SDP 1 1 A ALA A config service...

Страница 270: ...Parameters tunnel group name Displays information for the specified tunnel group statistics Displays statistics for the specified tunnel group Sample Output A Dut C show router l2tp group L2TP Groups...

Страница 271: ...d Aut Active Total Tunnels 3 0 0 2 3 Sessions 8 0 N A 5 8 Pkt Ctl Pkt Err Octets Rx 51 0 1224 Tx 51 0 2796 A Dut C peer Syntax peer ip address peer ip address statistics peer draining unreachable Cont...

Страница 272: ...Tun Total Ses Total 10 10 20 101 0 0 unreach LAC 1 1 No of peers 1 A Dut C A Dut C show router l2tp peer 10 10 20 101 Peer IP 10 10 20 101 Role LAC Draining false Tunnels 1 Tunnels Active 0 Sessions 1...

Страница 273: ...ngCallRequest 1 IncomingCallConnected 1 ZeroLengthBody 1 originalTransmittedMsgType StartControlConnectionReply 1 IncomingCallReply 1 ZeroLengthBody 3 last cleared time N A session Syntax session conn...

Страница 274: ...up group name Specifies a string to identify a Layer Two Tunneling Protocol Tunnel group assignment id assignment id Specifies a string that distinguishes this Layer Two Tunneling Protocol tunnel loca...

Страница 275: ...10043 20227 established 658210606 658178048 10043 32558 established No of sessions 6 A Dut C A Dut C show router l2tp session state closed detail L2TP Session Status Connection ID 143531662 State clo...

Страница 276: ...20 CDN Result generalError General Error noError No of sessions 3 A Dut C A Dut C show router l2tp session session id 946 L2TP Session Summary ID Control Conn ID Tunnel ID Session ID State 143524786 1...

Страница 277: ...ment ID isp1 tunnel 3 Error Message Terminated by PPPoE RX PADT Control Conn ID 143523840 Remote Conn ID 1148557524 Tunnel ID 2190 Remote Tunnel ID 17525 Session ID 7822 Remote Session ID 39124 Time S...

Страница 278: ...100 L2TP Session Summary ID Control Conn ID Tunnel ID Session ID State 236926987 236912640 3615 14347 closed 236927915 236912640 3615 15275 closed 658187773 658178048 10043 9725 established 658198275...

Страница 279: ...lesaler com L2TP Session Summary ID Control Conn ID Tunnel ID Session ID State 143524786 143523840 2190 946 established 143526923 143523840 2190 3083 established 143531662 143523840 2190 7822 closed 2...

Страница 280: ...1026712216 Tunnel ID 9161 Remote Tunnel ID 15666 Session ID 31720 Remote Session ID 25240 Time Started 02 02 2010 09 08 54 Time Established 02 02 2010 09 08 54 Time Closed N A CDN Result noError Gene...

Страница 281: ...Output A Dut C show router l2tp statistics L2TP Statistics Tunnels Sessions Active 3 Active 6 Setup history since 04 17 2009 18 38 41 Total 4 Total 9 Failed 0 Failed 0 Failed Auth 0 A Dut C tunnel Sy...

Страница 282: ...nection id Specifies the identification number for a Layer Two Tunneling Protocol connection Values 1 429496729 detail Displays detailed L2TP session information session id session id v2 Displays info...

Страница 283: ...Connection ID 236912640 State closedByPeer IP 10 20 1 3 Peer IP 10 10 20 100 Name lac1 wholesaler com Remote Name lns2 retailer1 net Assignment ID isp1 tunnel 2 Group Name isp1 group 2 Error Message...

Страница 284: ...ter l2tp tunnel tunnel id 2190 statistics L2TP Tunnel Statistics Connection ID 143523840 Attempts Failed Active Total Sessions 3 0 2 3 Rx Tx Ctrl Packets 47 47 Ctrl Octets 954 1438 Error Packets 0 0 A...

Страница 285: ...Max Retr Not Estab 5 Session Limit 1000 AVP Hiding never Transport Type udpIp Challenge never Time Started 04 17 2009 18 41 14 Time Idle N A Time Established 04 17 2009 18 41 14 Time Closed N A Stop...

Страница 286: ...2009 18 41 03 Time Idle 04 17 2009 18 43 20 Time Established 04 17 2009 18 41 03 Time Closed 04 17 2009 18 43 20 Stop CCN Result generalReq General Error noError No of tunnels 1 A Dut C A Dut C show...

Страница 287: ...ID Rem Tu ID State Ses Active Group Ses Total Assignment 658178048 10043 33762 draining 3 isp1 group 2 3 isp1 tunnel 2 No of tunnels 1 A Dut C A Fden Dut2 BSA2 show router l2tp tunnel connection id 6...

Страница 288: ...ur 4 acceptedMsgType StartControlConnectionRequest 1 StartControlConnectionConnected 1 IncomingCallRequest 1 IncomingCallConnected 1 ZeroLengthBody 3 originalTransmittedMsgType StartControlConnectionR...

Страница 289: ...router Description This command clears all or specific ARP entries The scope of ARP cache entries cleared depends on the command line option s specified Parameters all Clears all ARP cache entries ip...

Страница 290: ...atistics src ip ip address dst ip ip address statistics all Context clear router bfd Description This command clears BFD statistics Parameters src ip ip address Specifies the address of the local endp...

Страница 291: ...okup Syntax grt lookup Context clear router Description This command re evaluates route policies for GRT icmp redirect route Syntax icmp redirect route all ip address Context clear router Description...

Страница 292: ...ace name or IP interface address Default All IP interfaces icmp Specifies to reset the ICMP statistics for the IP interface s used for ICMP rate limiting urpf stats Resets the statistics associated wi...

Страница 293: ...or interface name is specified then statistics are cleared for all configured interfaces If an IP address or interface name is specified then only data regarding the specified interface is cleared Par...

Страница 294: ...ment all router advertisement interface interface name Context clear router Description This command clears all router advertisement counters Parameters all Clears all router advertisement counters fo...

Страница 295: ...ce Description This command enables the trace The no form of the command disables the trace trace point Syntax no trace point module module name type event type class event class task task name functi...

Страница 296: ...nfigures route table debugging icmp Syntax no icmp Context debug router ip Description This command enables ICMP debugging icmp6 Syntax icmp6 ip int name no icmp6 Context debug router ip Description T...

Страница 297: ...fied IP interface name Values 32 characters maximum ip address Only displays the interface information associated with the specified IP address headers Only displays information associated with the pa...

Страница 298: ...ption This command enables debugging for tunnel tables mtrace Syntax no mtrace Context debug router Description This command configures debugging for mtrace tms Syntax no tms interface tms interface a...

Страница 299: ...IP Router Configuration 7750 SR OS Router Configuration Guide Page 299...

Страница 300: ...Debug Commands Page 300 7750 SR OS Router Configuration Guide...

Страница 301: ...P on page 305 Configurable Parameters on page 306 VRRP Priority Control Policies on page 314 VRRP Virtual Router Policy Constraints on page 314 VRRP Virtual Router Instance Base Priority on page 314 V...

Страница 302: ...n hosts directly attached to this LAN the routers sharing the IP interface prevent a single point of failure by limiting access to this gateway address VRRP can be implemented on IES service interface...

Страница 303: ...single Alcatel Lucent IP interface The virtual routers must be in the same subnet Each virtual router has its own VRID state machine and messaging instance IP Address Owner VRRP can be configured in e...

Страница 304: ...the forwarding responsibility if the master becomes unavailable This allows any of the virtual router IP addresses on the LAN to be used as the default first hop router by end hosts This enables a hi...

Страница 305: ...his message domain must have the same VRID configured The most important parameter to be defined on a non owner virtual router instance is the priority The priority defines a virtual router s selectio...

Страница 306: ...eritance on page 308 Master Down Interval on page 309 Preempt Mode on page 309 VRRP Message Authentication on page 310 Authentication Data on page 312 Virtual MAC Address on page 312 Inherit Master VR...

Страница 307: ...ters may be configured with a priority of 254 through 1 The default value is 100 Multiple non owners can share the same priority value When multiple non owner backup virtual routers are tied transmit...

Страница 308: ...ced If a VRRP advertisement message is received with an advertisement interval set to a value different than the local value and the inherit parameter is disabled the message is discarded without proc...

Страница 309: ...ower priority master The IP address owner will always become master when available Preempt mode cannot be set to false on the owner virtual router The default value for preempt mode is true When preem...

Страница 310: ...n methods which provide varying degrees of security The supported authentication types are 0 No Authentication 1 Simple Text Password 2 IP Authentication Header Authentication Type 0 No Authentication...

Страница 311: ...the criteria are silently dropped Authentication Type 1 Simple Text Password The use of type 1 indicates that VRRP advertisement messages are authenticated with a clear simple text password All virtua...

Страница 312: ...AC address configuration must be the same for all virtual routers participating as a virtual router or indeterminate connectivity by the attached IP hosts will result All VRRP advertisement messages a...

Страница 313: ...Pv6 Virtual Router Instance Operationally Up Once the IPv6 virtual router is properly configured with a minimum of one link local backup address the parent interface s router advertisement must be con...

Страница 314: ...RRP virtual router instances may be associated with the same IP interface allowing multiple priority control policies to be associated with the IP interface An applied VRRP priority control policy onl...

Страница 315: ...apply simultaneously creating a dynamic priority value The base priority for the instance less the sum of the delta values derives the actual priority value in use An explicit priority event is a con...

Страница 316: ...a in use priority limit is used as the in use priority for the virtual router instance Otherwise the in use priority is set to the base priority less the sum of the delta events Each event generates a...

Страница 317: ...be defined each with its own priority value If the LAG transitions from one threshold to the next the previous threshold priority value is subtracted from the total delta sum while the new threshold p...

Страница 318: ...hold 4 ports down Hold Set Timer Expired Set to hold set parameter 102 Three ports down Event State Set 5 ports down Event Threshold 4 ports down Hold Set Timer 3 seconds 103 All ports up Event State...

Страница 319: ...ute Unknown Priority Event The route unknown priority event defines a task that monitors the existence of a given route prefix in the system s routing table The route monitoring task can be constraine...

Страница 320: ...the active route table that matches the defined match criteria the route unknown priority event is considered false or cleared When a route prefix does not exist within the active route table matching...

Страница 321: ...MP echo request messages destined to the non owner virtual router instance IP addresses are silently discarded in both the master and backup modes Non Owner Access Telnet When non owner access Telnet...

Страница 322: ...IP interface when destined to a virtual router IP address operating in backup mode Enabling non owner access SSH does not guarantee SSH access proper management and security features must be enabled t...

Страница 323: ...mentation Flow ENABLE START CONFIGURE VRRP PRIORITY CONTROL POLICIES optional CONFIGURE IES VPRN SERVICE CONFIGURE ROUTER INTERFACE CONFIGURE INTERFACE CONFIGURE INTERFACE SPECIFY ADDRESS SECONDARY AD...

Страница 324: ...subnet The backup addresses explicitly define which IP addresses are in the VRRP advertisement message IP address list In the owner mode the backup IP address must be identical to one of the interfac...

Страница 325: ...sic VRRP Configurations on page 327 Common Configuration Tasks on page 331 Configuring VRRP Policy Components on page 333 VRRP Configuration Management Tasks on page 338 Modifying a VRRP Policy on pag...

Страница 326: ...rovides dynamic fail over of the forwarding responsibility if the master becomes unavailable The VRRP implementation allows one master per IP subnet All other VRRP instances in the same domain must be...

Страница 327: ...A VRRP configuration must include the following Policy ID Define at least one of the following priority events Port down LAG port down Host unreachable Route unknown The following example displays a s...

Страница 328: ...er instance can manage up to 16 backup IP addresses For IPv6 only one virtual router instance can be configured on an IES service interface VRRP parameters configured within an IES service must includ...

Страница 329: ...config router router advert A nlt7750 3 config service ies info description VLAN 921 for DSC 101 Application interface DSC 101 Application create address 10 152 2 220 28 vrrp 217 backup 10 152 2 222 p...

Страница 330: ...face Each virtual router instance can manage up to 16 backup IP addresses For IPv6 only one virtual router instance can be configured on a router interface VRRP parameters configured on a router inter...

Страница 331: ...participating routers in a VRRP instance must be configured with the same vrid All participating non owner routers can specify up to 16 backup IP addresses IP addresses the master is representing The...

Страница 332: ...each subnet The following displays an IP interface configuration example A SR1 config router info echo IP Configuration interface system address 10 10 0 1 32 exit interface testA address 123 123 123...

Страница 333: ...olicy Components The following displays a VRRP policy configuration example A SR1 config vrrp info policy 1 delta in use limit 50 priority event port down 1 1 2 hold set 43200 priority 100 delta exit...

Страница 334: ...in case of failure VRRP can be configured the following ways Non Owner VRRP Example on page 334 Owner Service VRRP on page 335 Non Owner VRRP Example The following displays a basic non owner VRRP con...

Страница 335: ...RRP The following displays the owner VRRP configuration example A SR4 config router info echo IP Configuration interface test2 address 10 10 10 23 24 vrrp 1 owner backup 10 10 10 23 authentication typ...

Страница 336: ...be configured the following ways Router Interface VRRP Non Owner on page 336 Router Interface VRRP Non Owner The following displays a non owner interface VRRP configuration example A SR2 config info...

Страница 337: ...VRRP Owner The following displays router interface owner VRRP configuration example A SR2 config router info interface vrrpowner address 10 10 10 23 24 vrrp 1 owner backup 10 10 10 23 authentication t...

Страница 338: ...Parameters on page 340 Deleting VRRP on an Interface or Service on page 340 Modifying a VRRP Policy To access a specific VRRP policy you must specify the policy ID To display a list of VRRP policies...

Страница 339: ...rface or to an IES service Each instance in which the policy is applied must be deleted The Applied column in the following example displays whether or not the VRRP policies are applied to an entity A...

Страница 340: ...ntering the owner keyword is optional when entering the vrid for modification purposes Deleting VRRP on an Interface or Service The vrid does not need to be shutdown to remove the virtual router insta...

Страница 341: ...d Hierarchies Configuration Commands VRRP Network Interface Commands on page 342 Router Interface IPv6 Commands on page 343 Router Interface IPv6 VRRP Commands on page 344 VRRP Priority Control Event...

Страница 342: ...unnumbered vrrp virtual router id owner no vrrp virtual router id authentication key authentication key hash key hash hash2 no authentication key no backup ip address no bfd enable service id interfa...

Страница 343: ...ket too big number seconds no packet too big param problem number seconds no param problem redirects number seconds no redirects time exceeded number seconds no time exceeded unreachables number secon...

Страница 344: ...ssage interval no ping reply policy vrrp policy id no policy no preempt priority priority no priority no shutdown no standby forwarding no telnet reply no traceroute reply VRRP Priority Control Event...

Страница 345: ...t down port id hold clear seconds no hold clear hold set seconds no hold set priority priority level delta explicit no priority no route unknown ip prefix mask hold clear seconds no hold clear hold se...

Страница 346: ...istics router vrrp interface ip int name vrid virtual router id interface ip int name vrid virtual router id ipv6 statistics interface interface name vrid virtual router id statistics statistics inter...

Страница 347: ...VRRP 7750 SR OS Router Configuration Guide Page 347 no packets interface ip int name vrid virtual router id no packets interface ip int name vrid virtual router id ipv6...

Страница 348: ...Page 348 7750 SR OS Router Configuration Guide...

Страница 349: ...sage authentication data fields The first field contains the first four characters with the first octet starting with IETF RFC bit position 0 containing the first character The second field similarly...

Страница 350: ...P addresses that are advertised within VRRP advertisement messages This communicates the IP addresses that the master is representing to backup virtual routers receiving the messages Advertising a cor...

Страница 351: ...of the parent IP interface defined IP addresses primary and secondary For non owner virtual router instances the virtual router IP addresses each must be within one of the parental IP interface IP ad...

Страница 352: ...P interface is not configured the virtual router IP address assignment fails Parent Primary IP Address Changed When a virtual router IP address is set and the associated parent IP interface IP address...

Страница 353: ...pecified ipv6 addr must be equal to one of the existing parental IP interface IP addresses link local or global or the backup command will fail For non owner virtual router instances the backup comman...

Страница 354: ...the operationally down state Special Cases Assigning the Virtual Router ID Address Once the vrid is created on the parent IP interface IP addresses need to be assigned to the virtual router instance I...

Страница 355: ...Router IP Address Parental Association and Non Owner Virtual Router IP Address Parental Association on the parental IP interface must already exist If an associated IP address on the parental IP inte...

Страница 356: ...used for the BFD are set by the BFD command under the IP interface The specified interface may not be configured with BFD when it is the virtual router will then initiate the BFD session The no form o...

Страница 357: ...effect ediately When the virtual router MAC on a master virtual router instance changes a gratuitous ARP is ediately sent with a VRRP advertisement message If the virtual router instance is disabled o...

Страница 358: ...virtual router master or backup and the state of the master int inherit parameter When a non owner is operating as master for the virtual router the configured message interval is used as the operati...

Страница 359: ...within the chassis The policy can be associated with more than one virtual router instance The priority events within the policy either override or diminish the base priority set with the priority co...

Страница 360: ...in the non owner vrrp nodal context The owner may not be preempted because the priority of non owners can never be higher than the owner The owner always preempts all other virtual routers when it is...

Страница 361: ...y Context config router if vrrp config router if ipv6 vrrp Description This command enables the non owner master to reply to ICMP echo requests directed at the vritual router instances IP addresses No...

Страница 362: ...al router instance provides a mechanism to maintain the virtual routers without causing false backup master state changes If the shutdown command is executed no VRRP advertisement messages are generat...

Страница 363: ...ses Default no ssh reply SSH requests to the virtual router instance IP addresses are discarded standby forwarding Syntax no standby forwarding Context config router if vrrp config router if ipv6 vrrp...

Страница 364: ...virtual router instance IP addresses Default no telnet reply Telnet requests to the virtual router instance IP addresses are discarded traceroute reply Syntax no traceroute reply Context config route...

Страница 365: ...annot be changed vrrp master int inherit Owner virtual router instances do not accept VRRP advertisement messages the advertisement interval field is not evaluated and cannot be inherited ping reply t...

Страница 366: ...Page 366 7750 SR OS Router Configuration Guide have the owner parameter removed The vrid must be deleted and than recreated without the owner keyword to remove ownership...

Страница 367: ...ority control event overrides the delta priority control events the delta in use limit has no effect Setting the limit to a higher value than the default of 1 limits the effect of the delta priority c...

Страница 368: ...s It is a parental node for the various VRRP priority control policy commands that define the policy parameters and priority event conditions The virtual router instance priority command defines the i...

Страница 369: ...oes not apply to a service but applies to the base router instance Values 1 2147483647 priority event Syntax no priority event Context config vrrp policy vrrp priority id Description This command crea...

Страница 370: ...onds no hold set Context config vrrp policy priority event host unreachable config vrrp policy priority event lag port down config vrrp policy priority event port down config vrrp policy priority even...

Страница 371: ...id channel id config vrrp policy priority event route unknown prefix mask length Description This command controls the effect the set event has on the virtual router instance in use priority When the...

Страница 372: ...s no longer used in the in use priority calculation When explicit is specified the priority level value is used to override the base priority of the virtual router instance if the priority event is se...

Страница 373: ...set When an event transitions from clear to set the set is processed ediately and must be reflected in the associated virtual router instances in use priority value As the event transitions from clea...

Страница 374: ...c type sap net net sap The POS channel on the port monitored by the VRRP priority control event The port id channel id can only be monitored by a single event in this policy The channel can be monitor...

Страница 375: ...an arbitrary LAG The lag id does have to already exist within the system The operational state of the lag port down event will indicate Set non existent Set one port down Set two ports down Set three...

Страница 376: ...e priority of all associated virtual router instances must be reevaluated The events hold set timer has no effect on the removal procedure Default no lag port down No LAG priority control events are c...

Страница 377: ...re evaluated after removal Default no number down No threshold for the LAG priority event is created Parameters number of lag ports down The number of LAG ports down to create a set event threshold T...

Страница 378: ...a successful message attempt clears the consecutive drop counter The event is not cleared until the consecutive drop counter is less than the drop count value and the hold set timer has a value of zer...

Страница 379: ...the state to be set while the previous attempt was successful When an event transitions from clear to set the set is processed ediately and must be reflected in the associated virtual router instance...

Страница 380: ...d by multiple VRRP priority control policies The IP address can be used in one or multiple ping requests Each VRRP priority control host unreachable and ping destined to the same ip addr is uniquely i...

Страница 381: ...rding to the message identifier and sequence number With each consecutive attempt to send an ICMP echo request message the timeout timer is loaded with the timeout value The timer decrements until An...

Страница 382: ...out is received that reply is silently discarded while incrementing the priority event reply discard counter The no form of the command reverts to the default value Default 1 Parameters seconds The n...

Страница 383: ...allow default optional parameter extends the less specific match to include the default route 0 0 0 0 The no form of the command prevents RTM lookup results that are less specific than the route pref...

Страница 384: ...rotocol Context config vrrp policy priority event route unknown prefix mask length Description This command adds one or more route sources to match the route unknown IP route prefix for a route unknow...

Страница 385: ...ute unknown route prefix The rip parameter is not exclusive from the other available protocol parameters If protocol is executed without the rip parameter a returned route prefix with a source of RIP...

Страница 386: ...an event transitions from clear to set the set is processed ediately and must be reflected in the associated virtual router instances in use priority value As the event transitions from clear to set...

Страница 387: ...lues 0 32 ip address The IP address of the host for which the specific event will monitor connectivity The ip addr can only be monitored by a single event in this policy The IP address can be monitore...

Страница 388: ...Page 388 7750 SR OS Router Configuration Guide...

Страница 389: ...information for the specified VRRP instance on the IP interface Default All VRIDs for the IP interface Values 1 255 ipv6 Specifies the IPv6 instance Output VRRP Instance Output The following table de...

Страница 390: ...wn timer is indirectly derived from the value in the advertisement interval field of the VRRP message received from the current master No When the VRRP instance is operating as a backup and the master...

Страница 391: ...IP address of the VRRP master Primary IP The IP address of the VRRP owner Up Time The date and time when the operational state of the event last changed Virt MAC Addr The virtual MAC address used in A...

Страница 392: ...p Oper State Up Up Time 09 23 2004 06 53 45 Virt MAC Addr 00 00 5e 00 01 01 Auth Type None Config Mesg Intvl 1 In Use Mesg Intvl 1 Master Inherit Intvl No Base Priority 100 In Use Priority 100 Policy...

Страница 393: ...Up Up Time 09 23 2004 06 55 12 Virt MAC Addr 00 00 5e 00 02 0a Config Mesg Intvl 1 0 In Use Mesg Intvl 1 0 Master Inherit Intvl Yes Base Priority 100 In Use Priority 100 Policy ID n a Preempt Mode Yes...

Страница 394: ...he policy ID Default All event types and qualifiers Values port down port id lag port down lag id host unreachable host ip addr route unknown route prefix mask mc ipsec non forwarding specific qualifi...

Страница 395: ...nless this value is 0 Description A text string which describes the VRRP policy Event Type ID A delta priority event is a conditional event defined in a priority con trol policy that subtracts a given...

Страница 396: ...e ID Event Oper State Hold Set Priority In Remaining Effect Use Host Unreach 10 10 200 252 n a Expired 20 Del No Host Unreach 10 10 200 253 n a Expired 10 Del No Route Unknown 10 10 100 0 24 n a Expir...

Страница 397: ...th the priority control policy happen simultane ously This sum is subtracted from the base priority of the virtual router to give the in use priority Delta Limit The delta in use limit for a VRRP poli...

Страница 398: ...P pri ority control event can transition to the cleared state to dampen flap ping events Priority The base priority used by the virtual router instance Priority Effect Delta The priority level value i...

Страница 399: ...7 04 54 35 A ALA A A ALA A show vrrp policy 1 event host unreachable VRRP Policy 1 Event Host Unreachable 10 10 200 252 Description 10 10 200 253 reachability Current Priority None Applied No Current...

Страница 400: ...0 100 0 24 Priority 1 Priority Effect Explicit Less Specific No Default Allowed No Next Hop s None Protocol s None Hold Set Config 0 sec Hold Set Remaining Expired Value In Use No Current State n a tr...

Страница 401: ...VRRP 7750 SR OS Router Configuration Guide Page 401 Sample Output A ALA 48 show router vrrp statistics VRRP Global Statistics VR Id Errors 0 Version Errors 0 Checksum Errors 0 A ALA 48...

Страница 402: ...Values 1 999 absolute When the absolute keyword is specified the raw statistics are displayed without pro cessing No calculations are performed on the delta or rate statistics rate When the rate keywo...

Страница 403: ...interface n2 At time t 0 sec Base Statistics Master Transitions 1 Discontinuity Time 09 09 2004 01 57 Adv Sent 1365 Adv Received 0 Pri Zero Pkts Sent 0 Pri Zero Pkts Rcvd 0 Preempt Events 0 Preempted...

Страница 404: ...Clears IPv6 information for the specified interface statistics Syntax statistics policy policy id Context clear router vrrp Description This command enables the context to clear and reset VRRP entitie...

Страница 405: ...the specified VRRP instance on the IP inter face Default All VRRP instances on the IP interface Values 1 255 policy vrrp policy id Clears VRRP statistics for all or the specified VRRP priority contro...

Страница 406: ...vents The no form of the command disables debugging Parameters ip int name Displays the specified interface name vrid virtual router id Displays the specified VRID ipv6 Debugs the specified IPv6 VRRP...

Страница 407: ...y Guide and CPM security and Management Interface described in SROS Router Configuration Guide Topics in this chapter include ACL Filter Policy Overview on page 408 on page 411 ACL Filter Policy Scale...

Страница 408: ...of filter policies as defined by the scope argument of the filter policy An exclusive filter is intended to be used by a single SAP interface a template filter is intended to be shared by multiple SA...

Страница 409: ...e packet does not match any of the entries the system executes the default action specified in the filter policy Each filter policy is assigned a unique filter ID Each filter policy is defined with Sc...

Страница 410: ...ce N A Router interface Egress multicast group Egress multicast group Egress multicast group IES interface SAP spoke SDP N A IES interface SAP spoke SPD subscriber interface VPRN interface SAP spoke S...

Страница 411: ...ically maps and downloads policies to each FlexPath only as needed by services and interfaces configured on that FlexPath Statistics for filters aggregate all statistics across all FlexPaths that have...

Страница 412: ...trap will be raised for the impacted filter policies It is recommended that the operator remove extra filter entries as operational conditions such as an IOM reset for example may cause different filt...

Страница 413: ...tch list for CPM and IOM filter policies are introduced to eliminate above operational complexity by simplifying the IOM and CPM filter policy management on a list of a match criterion Instead of defi...

Страница 414: ...hanges may result in acceptance of filter policy configuration changes that cannot be programmed in hardware because of the resource exhaustion If that is the case when attempting to program a filter...

Страница 415: ...prefixes Duplicates are not removed when populated by different auto generation matches and static configuration A configuration will fail if auto generation of address prefix would result in filer po...

Страница 416: ...filter an operator may wish to change or deactivate an embedded filter policy entry in one of the embedding filter thus allowing for customizing of the common embedded filter policy rules by the embed...

Страница 417: ...resources available Figure 17 shows implementation of embedded filter policy using IPv4 ACL filter policy example with an embedded filter 10 being used to define common filter rules that are then emb...

Страница 418: ...The destination with the highest priority value is selected There are no default redirect policies Each redirect policy must be explicitly configured and specified in an IPv4 filter entry To facilita...

Страница 419: ...eb redirection 1 The customer gets an IP address using DHCP if the customer is trying to set a static IP he will be blocked by the anti spoofing filter 2 The customer tries to connect to a website 3 T...

Страница 420: ...requested URL SAP The customer s SAP SUB The customer s subscriber identification string CID A string that represents the circuit id or interface id of the subscriber host hexadecimal format RID A str...

Страница 421: ...is available only when used with subscriber management Refer to the subscriber management section of the SROS Triple Play Guide and the SR OS Router Configuration Guide Since most web sites are access...

Страница 422: ...tination may be flooded in the BVPLS context as unknown unicast in the BVPLS context for both IVPLS and PBB Epipe To restrict distribution of this traffic for local PBB services ISID filters can be de...

Страница 423: ...1 x 0 The matching is based on the port configuration and the SAP configuration In the industry the QinQ tags are often referred to as the C VID Customer VID and S VID service VID The terms outer tag...

Страница 424: ...nsparently by the Service Tags Too Deep to be Service Delimiting or to be Used for VID Filtering Tag Available for Matching and Indication of Which Match Criteria to Use 20 10 Payload MAC 10 20 30 Pay...

Страница 425: ...onal check for the 0 VID tag may be required when using certain wild card operations For example frames with no tags on null encapsulated ports will match a value of 0 in outer tag and inner tag becau...

Страница 426: ...1 1 would have a filter as shown below while port A sap 1 1 1 2 would not mac filter 4 create default action forward type vid entry 1 create match frame type ethernet_II outer tag 30 4095 exit action...

Страница 427: ...tion and Implementation Flow Figure 22 displays the process to create a filter policy and apply that policy to a service or network port CREATE A REDIRECT POLICY CREATE IP FILTER SPECIFY DESTINATION P...

Страница 428: ...and Applying Filter Policies CREATE AN IP OR MAC FILTER FILTER ID CREATE FILTER ENTRIES ENTRY ID SPECIFY SCOPE DEFAULT ACTION DESCRIPTION SPECIFY ACTION PACKET MATCHING CRITERIA SAVE CONFIGURATION CRE...

Страница 429: ...ilters are applied to a SAP packets received at the egress SAP are checked against the matching criteria in the filter entries If the packet completely matches all criteria in an entry the checking st...

Страница 430: ...col for example TCP UDP IGMPv6 against the Next Header field of the outer IPv6 header of the packet Note next header matching allows also to match on presence of some of the IPv6 extension headers See...

Страница 431: ...allows the filter to search for matching 802 1p frame etype Entering an Ethernet type II Ethertype value to be used as a filter match criterion The Ethernet type field is a two byte field used to ide...

Страница 432: ...the use of inner tag outer tag match criteria and must be set to vid to allow the use of inner tag outer0 tag match criteria DSCP Values Table 9 DSCP Name to DSCP Value Table DSCP Name Decimal DSCP Va...

Страница 433: ...cp33 33 af41 34 cp35 35 af42 36 cp37 37 af43 38 cp39 39 cs5 40 cp41 41 cp42 42 cp43 43 cp44 44 cp45 45 ef 46 cp47 47 nc1 48 cs6 cp49 49 cp50 50 cp51 51 cp52 52 cp53 53 cp54 54 cp55 55 cp56 56 cp57 57...

Страница 434: ...ying ACL Policies Page 434 7750 SR OS Router Configuration Guide nc2 58 cs7 cp60 60 cp61 61 cp62 62 Table 9 DSCP Name to DSCP Value Table Continued DSCP Name Decimal DSCP Value Hexadecimal DSCP Value...

Страница 435: ...1 0 2 130 SEC Security 1 0 3 131 LSR Loose source router 1 0 5 133 E SEC Extended security 1 0 6 134 CIPSO Commercial security 1 0 8 136 SID Stream id 1 0 9 137 SSR Strict source route 1 0 14 142 VIS...

Страница 436: ...ID 2 using the renum filter policy command When a filter consists of a single entry the filter executes actions as follows If a packet matches all the entry criteria the entry s specified action is pe...

Страница 437: ...Source Address 10 10 10 103 Destination Address 10 10 10 105 FILTER ENTRY ID 20 Action Forward REMAINING PACKETS ARE DROPPED PER THE DEFAULT ACTION DROP FORWARD PACKETS WITH MATCHING SA AND DA FORWAR...

Страница 438: ...APs A specific filter must be explicitly associated with a specific service in order for packets to be matched Each filter policy must consist of at least one filter entry Each entry represents a coll...

Страница 439: ...matching criteria MAC filters cannot be applied to routable VPLS MAC filters cannot be applied to network interfaces Some of the MAC filter of type normal match criteria fields are exclusive to each o...

Страница 440: ...ilter entry without an action parameter specified will be considered incomplete and be inactive Log Filter Summarization logging is the collection and summarization of log messages for 1 specific log...

Страница 441: ...S Router Configuration Guide Page 441 In case the mini table has no more free entries only total counter is incremented At expiry of the summarization interval the mini table for each type is flushed...

Страница 442: ...Configuration Notes Page 442 7750 SR OS Router Configuration Guide...

Страница 443: ...Creating an IP Filter Policy on page 445 Creating an IPv6 Filter Policy on page 450 Applying IPv4 v6 Filter Policies to a Network Port on page 457 Creating a Redirect Policy on page 458 Configuring Po...

Страница 444: ...a sample configuration of an IP filter policy The configuration blocks all incoming TCP session except Telnet and allows all outgoing TCP sessions from IP net 10 67 132 0 24 Figure 24 depicts the int...

Страница 445: ...a Match List for Filter Policies on page 455 Applying IPv4 v6 Filter Policies to a Network Port on page 457 Creating an IP Filter Policy Configuring and applying filter policies is optional Each filt...

Страница 446: ...750 SR OS Router Configuration Guide IP Filter Policy The following displays an exclusive filter policy configuration example A ALA 7 config filter info ip filter 12 create description IP filter scope...

Страница 447: ...packets are handled either dropped or forwarded Enter a filter entry ID The system does not dynamically assign a value Assign an action either drop or forward Specify matching criteria The following d...

Страница 448: ...ays an http redirect configuration example A ALA 48 config filter ip filter info description filter main scope exclusive entry 10 create description no 91 match dst ip 10 10 10 91 24 src ip 10 10 0 10...

Страница 449: ...eate description no 91 filter sample interface disable sample match exit action forward redirect policy redirect1 exit A ALA 7 config filter ip filter Within a filter entry you can also specify that t...

Страница 450: ...Creating an IPv6 Filter Policy Configuring and applying IPv6 filter policies is optional IPv6 Filter Policy must be configured separately from IP IPv4 filter policy The configuration mimics IP Filter...

Страница 451: ...specified MAC normal MAC isid MAC vid A filter policy ID A default action either drop or forward Filter policy scope either exclusive or template At least one filter entry Matching criteria specified...

Страница 452: ...plays an ISID filter configuration example A ALA 7 config filter info mac filter 90 create description filter wan man scope template type isid entry 1 create description drop local isids match isid 10...

Страница 453: ...D filter configuration example A TOP_NODE config filter mac filter info default action forward type vic entry 1 create match frame type ethernet_II ouiter tag 85 4095 exit action drop exit entry 2 cre...

Страница 454: ...n specified in the entry determine how the packets are handled either dropped or forwarded Enter a filter entry ID The system does not dynamically assign a value Assign an action either drop or forwar...

Страница 455: ...pecify at least one list argument a valid IPv4 address prefix for example Optionally a description can also be defined The following displays an IPv4 address prefix list configuration example and usag...

Страница 456: ...t displays IP and MAC filters assigned to an ingress and egress SAP and spoke SDP A ALA 48 config service epipe info sap 1 1 1 1 1 create ingress filter ip 10 exit egress filter mac 92 exit exit spoke...

Страница 457: ...is used to associate an existing filter policy or if defined a Filter Name for that Filter ID policy can be used in the CLI The following displays an IP filter applied to an interface at ingress A ALA...

Страница 458: ...ng displays a redirection policy configuration A ALA 7 config filter info redirect policy redirect1 create destination 10 10 10 104 create description SNMP_to_104 priority 105 snmp test SNMP 1 interva...

Страница 459: ...I performs packet inspection modification and either drops the traffic or forwards the traffic back into the box through SAP 1 1 21 1 Traffic will then be sent to spoke sdp 3 5 SAP 1 1 23 5 is configu...

Страница 460: ...1 split horizon group split create disable learning static mac 00 00 00 31 11 01 create exit sap 1 1 22 1 split horizon group dpi create disable learning static mac 00 00 00 31 12 01 create exit sap...

Страница 461: ...p split create exit stp shutdown exit sap 1 1 5 5 split horizon group split create ingress filter mac 100 exit static mac 00 00 00 31 15 05 create exit sap 1 1 21 1 split horizon group split create di...

Страница 462: ...olicy Entries The system exits the matching process when the first match is found and then executes the actions in accordance with the specified action Because the ordering of entries is important the...

Страница 463: ...on forward exit entry 40 create match dst ip 10 10 10 91 24 src ip 10 10 10 106 24 exit action drop exit exit A ALA 7 config filter A ALA 7 config filter info ip filter 11 create description filter ma...

Страница 464: ...the no form of the command to remove the command parameters or return the parameter to the default setting Example config filter ip filter description New IP filter info config filter ip filter entry...

Страница 465: ...on Guide Page 465 entry 15 create description no 91 match dst ip 10 10 10 91 24 src ip 10 10 10 103 24 exit action forward exit entry 30 create match dst ip 10 10 10 91 24 src ip 10 10 0 200 24 exit a...

Страница 466: ...ter command in all context where the filter is used The following illustrates an example of removing a filter filter ID 11 from an ingress ePipe SAP Example config service epipe 5 config service epipe...

Страница 467: ...l test url http www alcatel com config filter redirect policy dest url test interval 10 config filter redirect policy dest url test timeout 10 config filter redirect policy dest url test return code 1...

Страница 468: ...direct1 policy from the filter configuration Example config filter ip filter 11 config filter ip filter entry 1 config filter ip filter entry action forward redirect policy redirect2 config filter ip...

Страница 469: ...ilter policies can also be created by copying an existing policy and renaming the new filter The following displays the command usage to copy an existing IP filter 11 to create a new filter policy 12...

Страница 470: ...Filter Management Tasks Page 470 7750 SR OS Router Configuration Guide...

Страница 471: ...n page 478 Copy Filter Commands on page 479 Show Commands on page 479 Clear Commands on page 479 Monitor Commands on page 480 Configuration Commands DHCP Filter Policy Commands config filter dhcp filt...

Страница 472: ...rride action forward lsp lsp name action forward router router instance action forward router service name service name action gtp local breakout action nat nat policy name action reassemble no action...

Страница 473: ...tcp syn true false no tcp syn filter name filter name no filter name group inserted entries application application location location renum old entry id new entry id scope exclusive template embedded...

Страница 474: ...forward router router instance action forward router service name service name action http redirect rdr url string action nat nat policy name flavor flavor no action description description string no...

Страница 475: ...try id scope exclusive template embedded no scope shared radius filter wmark low low watermark high high watermark no shared radius filter wmark sub insert credit control start entry entry id count co...

Страница 476: ...description log log id no log match frame type 802dot3 802dot2 llc 802dot2 snap ethernet_II no match dot1p dot1p value dot1p mask no dot1p dsap dsap value dsap mask no dsap dst mac ieee address ieee...

Страница 477: ...cription description string no description no prefix ip prefix prefix length ipv6 prefix list ipv6 prefix list name create no ipv6 prefix list ipv6 prefix list name no apply path bgp peers index group...

Страница 478: ...no shutdown snmp test test name create no snmp test test name drop count consecutive failures hold down seconds no drop count interval seconds no interval oid oid string community community string no...

Страница 479: ...s ip ip filter id entry entry id detail ipv6 ipv6 embedded inactive ipv6 ipv6 filter id embedded inactive ipv6 ipv6 filter id detail ipv6 ipv6 filter id associations ipv6 ipv6 filter id type entry typ...

Страница 480: ...tor Commands monitor filter ip ip filter id entry entry id interval seconds repeat repeat absolute rate filter ipv6 ipv6 filter id entry entry id interval seconds repeat repeat absolute rate filter ma...

Страница 481: ...match list ip prefix list config filter match list ip filter config filter match list port list Description This command creates a text description stored in the configuration file for a configuratio...

Страница 482: ...CL is a template that can be applied to multiple services or multiple network ports as long as the scope of the policy is template Any changes made to the existing policy using any of the sub commands...

Страница 483: ...d Parameters filter id specifies the IPv6 filter policy ID number Values 1 65535 create Keyword required when first creating the configuration context Once the context is created one can navigate into...

Страница 484: ...any string up to 32 characters long composed of printable 7 bit ASCII characters If the string contains special characters spaces etc the entire string must be enclosed within double quotes There is...

Страница 485: ...string exact invert match option dhcp option number match string ascii string exact invert match no option Context config filter dhcp filter entry Description This command configures the action to tak...

Страница 486: ...ecifies the destination of the filter log ID is a Syslog server The syslog id parameter is the number of the Syslog server definition Values 1 10 shutdown Syntax no shutdown Context config filter log...

Страница 487: ...r summary minitable is flushed and recreated with different key information Log packets received during the reconfiguration time will be handled as if summary was not active The no form of the command...

Страница 488: ...SR OS Router Configuration Guide The no form of the command configures the memory filter log to accept filter log entries until full When the memory filter log is full filter logging for the log filt...

Страница 489: ...fset active inactive no embed filter filter id Context config filter ip filter config filter ipv6 filter Description This command embeds a previously defined IPv4 or IPv6 embedded filter policy into t...

Страница 490: ...is command configures the filter policy scope as exclusive template or embedded If the scope of the policy is template and is applied to one or more services or network interfaces the scope cannot be...

Страница 491: ...lter ranges for filter entry insertion at which a table full alarm will be cleared by the agent Values 1 8000 sub insert credit control Syntax sub insert credit control start entry entry id count coun...

Страница 492: ...ption This command configures the insert point for shared host rules from RADIUS entry entry id Identifies a filter on this system Values 1 65535 count count Specifies the count Values 1 65535 sub ins...

Страница 493: ...type filter type Context config filter mac filter Description This command configures the type of mac filter as normal ISID or VID types Default normal Parameters filter type Specifies which type of e...

Страница 494: ...ntries removed from the filter are immidately removed from all services or network ports where that filter is applied Default none Parameters entry id An entry id uniquely identifies a match criteria...

Страница 495: ...lter log ID The filter log ID must exist before a filter entry can be enabled to use the filter log ID The no form of the command disables logging for the filter entry Default no log Parameters log id...

Страница 496: ...sdp id vc id action http redirect rdr url string allow radius override action nat nat policy name flavor flavor no action Context config filter ip filter entry config filter ipv6 filter entry Descript...

Страница 497: ...Ps are supported including q in q BCP and bridged Ethernet in Frame Relay Refer to Common CLI Command Descriptions on page 661 for SAP CLI command syntax and parameter descriptions sdp sdp id vc id sp...

Страница 498: ...of packets if the ingress interface is in cflowd acl mode Default no filter sample interface disable sample Syntax no interface disable sample Context config filter ip filter entry config filter ipv6...

Страница 499: ...7 The no form the command removes the protocol from the match criteria Values 0 255 values can be expressed in decimal hexidecimal or binary DHB keywords none crtp crudp egp eigrp encap ether ip gre i...

Страница 500: ...the entry id Parameters next header Specifies the IPv6 next header to match Note that this parameter is analogous to the protocol parameter used in IP Filter match criteria Values 0 42 45 49 52 59 61...

Страница 501: ...er ip filter entry match config filter ipv6 filter entry match Description This command configures a destination IP address range to be used as an IP filter match criterion To match on the destination...

Страница 502: ...iterion in dotted decimal notation Values ipv6 address x x x x x x x x eight 16 bit pieces x x x x x x d d d d x 0 FFFF H d 0 255 D prefix length The IPv6 prefix length for the ipv6 address expressed...

Страница 503: ...ort number The destination port number to be used as a match criteria expressed as a decimal integer Values 0 65535 port list name A string of up to 32 characters of printable ASCII characters If spec...

Страница 504: ...f the command removes the match criterion Default no fragment Parameters true Specifies to match on all fragmented IP packets A match will occur for all packets that have either the MF more fragment b...

Страница 505: ...ket without an ESP Extension Header hop by hop opt Syntax hop by hop opt true false no hop by hop opt Context config filter ipv6 filter entry match Description This command enables match on existence...

Страница 506: ...6 type field in the ICMP ICMPv6 header of an IP or IPv6 packet as a filter match criterion Note that an entry containing Layer 4 match criteria will not match non initial 2nd 3rd etc fragments of a fr...

Страница 507: ...to use as the match criteria This 8 bit mask can be configured using the following formats Default 255 decimal exact match Values 1 255 decimal multiple option Syntax multiple option true false no mul...

Страница 508: ...ld present in the IP header an option field of zero An option field of zero is considered as no option present port Syntax port lt gt eq port number port port list port list name port range port numbe...

Страница 509: ...f 10 1 0 0 255 255 0 0 may also be used The no form of the command removes the source IP address match criterion Default no src ip Parameters ip address The valid IP prefix for the IP match criterion...

Страница 510: ...r match gt specifies all port numbers greater than src port number match eq specifies that src port number must be an exact match src port number The source port number to be used as a match criteria...

Страница 511: ...o not have the ACK bit set in the control bits of the TCP header of the IP packet tcp syn Syntax tcp syn true false no tcp syn Context config filter ip filter entry match config filter ipv6 filter ent...

Страница 512: ...Pv4 address prefixes An IPv4 prefix match list cannot be deleted if it is referenced by a filter policy Please see general description related to match list usage in filter policies Default none Param...

Страница 513: ...y path bgp peers Syntax bgp peers index group reg exp neighbor reg exp no bgp peers index Context config filter match list ip pfx list apply path config filter match list ipv6 pfx list apply path Desc...

Страница 514: ...ilter policies Parameters port list name A string of up to 32 characters of printable ASCII characters If special characters are used the string must be enclosed within double quotes Default no ports...

Страница 515: ...p IPv6 address space An IPv6 prefix addition will be blocked if resource exhaustion is detected anywhere in the system because of Filter Policies that use this IPv6 address prefix list Default No pref...

Страница 516: ...rlap IPv4 address space An IPv4 prefix addition will be blocked if resource exhaustion is detected anywhere in the system because of Filter Policies that use this IPv4 address prefix list Default none...

Страница 517: ...ers drop Specifies packets matching the entry criteria will be dropped forward Specifies packets matching the entry criteria will be forwarded Only Ethernet SAPs are supported including q in q BCP bri...

Страница 518: ...eyword configures an Ethernet frame type to be used for the MAC filter match criteria Default 802dot3ethernet_II Values 802dot3 802dot2 llc 802dot2 snap ethernet_II 802dot3 Specifies the frame type is...

Страница 519: ...ample if a packet ingresses on a null encapsulated SAP and the customer packet is IEEE 802 1Q or 802 1p tagged the 802 1p bits will be present for a match evaluation On the other hand if a customer ta...

Страница 520: ...the no form of the command to remove the dsap value as the match criterion Default no dsap Parameters dsap value The 8 bit dsap match criteria value in hexadecimal Values 0x00 0xFF hex mask This is op...

Страница 521: ...field is a two byte field used to identify the protocol carried by the Ethernet frame For example 0800 is used to identify the IPv4 packets The Ethernet type field is used by the Ethernet version II f...

Страница 522: ...ext config filter mac filter entry match Description This command configures the matching of the second tag that is carried transparently through the service The inner tag on ingress is the second tag...

Страница 523: ...will contain the next tag which is still the first tag carried transparently through the service On SAPs with two service delimiting tags two tags stripped outer tag will contain 0 even if there are...

Страница 524: ...e OUI fields but the same PID field will both match the same filter entry based on a snap pid match criteria The no form of the command removes the snap pid value as the match criteria Default no snap...

Страница 525: ...3 Ethernet Frame The snap pid field etype field ssap and dsap fields are mutually exclusive and may not be part of the same match criteria MAC Match Criteria Exclusivity Rules on page 439 describes f...

Страница 526: ...r id and the dest filter id are MAC filter IDs source filter id The source filter id identifies the source filter policy from which the copy command will attempt to copy The filter policy must exist w...

Страница 527: ...trol location location Specifies at what location the inserted entries must be grouped Values top bottom renum Syntax renum old entry id new entry id Context config filter ip filter config filter ipv6...

Страница 528: ...tination ping test config filter destination snmp test Description This command configures parameters to perform connectivity ping tests to validate the ability for the destination to receive redirect...

Страница 529: ...t Default 1 Parameters seconds Specifies the amount of time in seconds between consecutive requests sent to the far end host Values 1 60 timeout Syntax timeout seconds no timeout Context config filter...

Страница 530: ...ng up to 32 characters long composed of printable 7 bit ASCII characters If the string contains special characters spaces etc the entire string must be enclosed within double quotes oid Syntax oid oid...

Страница 531: ...licy destination Description The context to enable URL test parameters IP filters can be used to selectively cache some web sites Default none Parameters test name The name of the URL test Allowed val...

Страница 532: ...thin the specified range lower priority priority Specifies the amount to lower the priority of the destination when the return code falls within the specified range raise priority priority Specifies t...

Страница 533: ...Filters Filter Id Applied Description 10 No test dhcp filter Num filter entries 1 B TechPubs config B TechPubs config show filter dhcp 10 DHCP Filter Filter Id 10 Applied No Entries 0 Description tes...

Страница 534: ...text show filter Description This command shows IP filter information Parameters ip filter id Displays detailed information for the specified filter ID and its filter entries Values 1 65535 entry entr...

Страница 535: ...1 Template Yes 3 Template Yes 6 Template Yes 10 Template No 11 Template No Num IP filters 5 A ALA 49 A Dut C config filter show filter ip Label Description Filter Id The IP filter ID Scope Template Th...

Страница 536: ...te The filter policy is of type template Exclusive The filter policy is of type exclusive Entries The number of entries configured in this filter ID Description The IP filter policy description Applie...

Страница 537: ...eria TCP syn False Configures a match on packets with the SYN flag set to false True Configured a match on packets with the SYN flag set to true Off The state of the TCP SYN flag is not considered as...

Страница 538: ...rd Radius Ins Pt n a CrCtl Ins Pt n a Entries 2 insert By Bgp On Matches packets that contain the option field or have an option field of zero be used as IP filter match criteria Int Sampling Off Inte...

Страница 539: ...6 Dscp Undefined ICMP Type Undefined ICMP Code Undefined Fragment Off Option present Off Sampling Off Int Sampling On IP Option 0 0 Multiple Option Off TCP syn Off TCP ack Off Match action Forward Ne...

Страница 540: ...mbedded N A System IP Filters Total 1 Filter Id Description _tmnx_ofs_test of switch test embedded filter Num IP filters 5 A bksim4001 show filter ip _tmnx_ofs_test IP Filter Filter Id _tmnx_ofs_test...

Страница 541: ...0 1 24 Dest Port None Protocol Undefined Dscp Undefined ICMP Type Undefined ICMP Code Undefined Fragment Off Option present Off Sampling Off Int Sampling On IP Option 0 0 Multiple Option Off TCP syn O...

Страница 542: ...e Service Access Point on which the filter policy ID is applied Ingress The filter policy ID is applied as an ingress filter policy on the inter face Egress The filter policy ID is applied as an egres...

Страница 543: ...ng the filter entry Forward The explicit action to perform is forwarding of the packet If the action is Forward then if configured the nexthop infor mation should be displayed including Nexthop IP add...

Страница 544: ...pling On IP Option 0 0 Multiple Option Off TCP syn Off TCP ack Off Match action Drop Ing Matches 0 Egr Matches 0 A ALA 49 Output Show Filter Associations with TOD suite specified If a filter is referr...

Страница 545: ...ID has not been applied Yes The filter policy ID is applied Def Action Forward The default action for the filter ID for packets that do not match the filter entries is to forward Drop The default acti...

Страница 546: ...etailed information for the specified IPv6 filter ID and filter entries Values 1 65535 entry entry id Displays information on the specified IPv6 filter entry ID for the specified filter ID Values 1 99...

Страница 547: ...5 Failed out of resources A ALA 48 Label Description Filter Id The IP filter ID Scope Template The filter policy is of type template Exclusive The filter policy is of type exclusive Applied No The fil...

Страница 548: ...ive Entries The number of entries configured in this filter ID Description The IP filter policy description Applied No The filter policy ID has not been applied Yes The filter policy ID is applied Def...

Страница 549: ...syn False Configures a match on packets with the SYN flag set to false True Configured a match on packets with the SYN flag set to true Off The state of the TCP SYN flag is not considered as part of t...

Страница 550: ...Off Specifies not to search for packets that contain the option field or have an option field of zero On Matches packets that contain the option field or have an option field of zero be used as IP fil...

Страница 551: ...the inter face Egress The filter policy ID is applied as an egress filter policy on the interface Type The type of service of the service ID Entry The filter ID filter entry ID If the filter entry ID...

Страница 552: ...for mation should be displayed including Nexthop IP address Indi rect IP address or Interface IP interface name Ing Matches The number of ingress filter matches hits for the filter entry Src Port The...

Страница 553: ...ned TCP syn Off TCP ack Off Match action Drop Ing Matches 0 Egr Matches 0 A ALA 48 Output Show Filter Counters The following table describes the output fields when the counters keyword is specified Of...

Страница 554: ...default action for the filter ID for packets that do not match the filter entries is to forward Drop The default action for the filter ID for packets that do not match the filter entries is to drop Fi...

Страница 555: ...mm is the month dd is the day hh is the hour mm is the minute and ss is the second Filter The filter ID and the entry ID which generated the filter log entry in the form Filter_ID Entry_ID Desc The d...

Страница 556: ...s of the frame after the Ethernet header Total Log Instances Allowed Specifies the maximum allowed instances of filter logs allowed on the system Total Log Instances In Use Specifies the instances of...

Страница 557: ...0 5 Flags TOS c0 Protocol 89 Hex 02 01 00 30 0a 0a 00 01 00 00 00 00 ba 90 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 00 03 02 01 A ALA A config show filter log bindings Filter Log Bindings Total Log...

Страница 558: ...ow filter Description This command displays MAC filter information Parameters mac filter id Displays detailed information for the specified filter ID and its filter entries Values 1 65535 associations...

Страница 559: ...t been applied Yes The filter policy ID is applied Def Action Forward The default action for the filter ID for packets that do not match the filter entries is to forward Drop The default action for th...

Страница 560: ...ified Ethertype The Ethertype value match criterion DSAP The DSAP value match criterion Undefined indicates no value specified SSAP SSAP value match criterion Undefined indicates no value specified Sn...

Страница 561: ...n Drop Entries 1 Filter Association Mac Service Id 1001 Type VPLS SAP 1 1 1 1001 Egress A ALA 49 Filter Entry Counters Output When the counters keyword is specified the filter entry output displays th...

Страница 562: ...e default action for the filter ID for packets that do not match the filter entries is to forward Drop The default action for the filter ID for packets that do not match the filter entries is to drop...

Страница 563: ...ecified Lawful Intercept filter ID entry entry id Displays information on the specified Lawful Intercept filter entry ID for the specified filter ID only Values 1 65535 Output No Parameters Specified...

Страница 564: ...ID match frame type is Ethernet IEEE 802 3 Ethernet II The entry ID match frame type is Ethernet Type II Src MAC The source MAC address and mask match criterion When both the MAC address and mask are...

Страница 565: ...ameType Ethernet Description test 30 Src Mac Dest Mac LI Source Yes Ing Matches 0 pkts Egr Matches 0 pkts Entry 50 FrameType Ethernet Description entry 50 Src Mac 00 00 01 66 00 00 00 00 0f ff 00 00 D...

Страница 566: ...ervice Id 60 Type VPLS SAP 1 1 6 7 Ingress SAP 1 1 6 9 Egress Filter Entry Counters Output When the counters keyword is specified the filter entry output displays the filter matches hit information Th...

Страница 567: ...the filter ID for packets that do not match the filter entries is to forward Drop The default action for the filter ID for packets that do not match the filter entries is to drop Filter Match Criteria...

Страница 568: ...tion association Appends association information Output Redirect Policy Output The following table describes the fields in the redirect policy command output Label Description Redirect Policy Specifie...

Страница 569: ...ecifies the amount of time in seconds that is allowed for receiving a response from the far end host If a reply is not received within this time the far end host is considered unresponsive Interval Sp...

Страница 570: ...tion 10 10 10 106 Description Not Specified Admin Priority 90 Oper Priority 90 Admin State Up Oper State Down URL Test URL_to_Proxy Interval 10 Timeout 10 Drop Count 3 Hold Down 0 Hold Remain 0 Last A...

Страница 571: ...ch criteria in IPv4 ACL and CPM filter policies Parameters ip prefix list name A string of up to 32 characters of printable ASCII characters If special characters are used the string must be enclosed...

Страница 572: ...ences Context show filter match list Description This command displays TCP UDP port values or ranges for match criteria in IPv4 and IPv6 ACL and CPM filter policies Parameters port list name A string...

Страница 573: ...ified filter policy entry will be cleared Values 1 65535 ingress Specifies to only clear the ingress counters egress Specifies to only clear the egress counters ipv6 Syntax ipv6 ip filter id entry ent...

Страница 574: ...egress Context clear filter Clears the counters associated with the MAC filter policy By default all counters associated with the filter policy entries are reset The scope of which counters are clear...

Страница 575: ...repeat repeat Configures how many times the command is repeated Default 10 Values 1 999 absolute When the absolute keyword is specified the raw statistics are displayed without pro cessing No calculat...

Страница 576: ...seconds repeat repeat absolute rate Context monitor Description This command monitors the counters associated with the MAC filter policy Parameters mac filter id The MAC filter policy ID Values 1 6553...

Страница 577: ...s Hybrid OpenFlow Switch H OFS functionality The hybrid model allows operators to deploy Software Defined Network SDN traffic steering using OpenFlow OF atop of the existing routing switching infrastr...

Страница 578: ...tch instance is configured on the router and controlled by a single OpenFlow controller The OF controller s and router exchange OpenFlow messages using the OpenFlow protocol version 1 3 1 over the TCP...

Страница 579: ...rvice router interface an operator must 1 Create an ingress line card policy 2 Assign that line card ingress filter policy to the 7x50 service router interface 3 Embed H OFS instance into those line c...

Страница 580: ...ules for that instance For instance the rules can be created prior to the H OFS instance embedding into a filter policy or prior to a filter policy with H OFS instance embedded being assign to an inte...

Страница 581: ...management entities the controller should not program an entry in its Flow Table that would match all traffic as this would stop evaluation of the filter policy al_0368 Optional Filter Rules Any Type...

Страница 582: ...g channel re establishment OpenFlow rules continue to be applied to the arriving traffic OF controller is expected to re synchronize the OF table when the channel is re established HA support for OF c...

Страница 583: ...LOGICAL port encodes an LSP follows 0100 0000 0000 0000 xxxx xxxx xxxx xxxx where the first octet indicates the router s logical port the second octet indicates the platform s tunnel set to all 0 s an...

Страница 584: ...LSP In some deployments an SDN controller may need to learn from the router H OFS logical ports status To support that function the OF switch supports optional status reporting using asynchronous OF p...

Страница 585: ...card is recommended Some platforms may not support all OF functionality based on underlying H W For example if underlying H W does not support IPv6 then OF IPv6 functionality will not be supported if...

Страница 586: ...Configuration Notes Page 586 7750 SR OS Router Configuration Guide...

Страница 587: ...ho multiple value no echo multiple no logical port status rsvp te mpls tp no flowtable of table id max size size no max size no match action drop fall through no no match action no logical port status...

Страница 588: ...OpenFlow Command Reference Page 588 7750 SR OS Router Configuration Guide...

Страница 589: ...The no form of the command deletes the OpenFlow switch instance from the context Default no of switch Parameters string Specifies the name of the OpenFlow switch instance a string up to 32 characters...

Страница 590: ...o echo interval Context config open flow of switch Description This command configures the Echo Request interval for monitoring the OpenFlow control channels to the controller s for this OpenFlow swit...

Страница 591: ...te Enables reporting on RSVP TE LSP logical ports mpls te Enables reporting on MPLS TE logical ports shutdown Syntax no shutdown Context config open flow of switch Description This command administra...

Страница 592: ...Description This command configures the action for the Flow Table when a packet does not match any entry for the controller The OpenFlow switch instance must be shutdown to modify this parameter The...

Страница 593: ...on and operations as per parameters specified Parameters none Displays a summary for H OFS instances configured ofs name Specifies the name of the configured H OFS instance up to 32 characters control...

Страница 594: ...1 2 Port 6633 Role equal Generation ID 0 Open Flow Channel Information Channel ID 1 Version 4 Connection Type primary Operational Status Up Operational Flags socketStateEstablished helloReceived hello...

Страница 595: ...0 0 Barrier Request 0 0 0 Barrier Reply 0 0 0 Get Q Cfg Req 0 0 0 Get Q Cfg Reply 0 0 0 Role Request 0 0 0 Role Reply 0 0 0 Get Async Req 0 0 0 Get Async Reply 0 0 0 Set Async 0 0 0 Meter Modify 0 0 0...

Страница 596: ...vided no focus on part of a flow table Parameters ofs name Specifies the name of the OFS instance up to 32 characters of table id Specifies the identifier for the OpenFlow table cookie id Specifies th...

Страница 597: ...Controller 20 11 2 1 6631 Filter Hnd 0x4300000100000001 Filter Pri 1 EthType 0x86dd Src IP 3FFE 101 2 0 0 0 0 128 Dst IP 3FFE 303 2 0 0 0 0 128 IP Proto DSCP be Src Port Dst Port ICMP Type ICMP Code L...

Страница 598: ...Show Commands Page 598 7750 SR OS Router Configuration Guide...

Страница 599: ...Chapter This chapter provides information to configure Cflowd Topics in this chapter include Cflowd Overview on page 600 Operation on page 601 Cflowd Filter Matching on page 605 Cflowd Configuration...

Страница 600: ...matrices and pure flow structures The amount of data stored depends on the cflowd configurations Cflowd maintains a list of data flows through a router A flow is a uni directional traffic stream defi...

Страница 601: ...maximum number of entries are already in the flow cache the earliest expiry entry is removed The earliest expiry entry flow is the next flow that will expire due to the active or inactive timer expir...

Страница 602: ...n and sampled traffic type IPv4 IPv6 or MPLS for each individual flow captured Figure 29 depicts Version 5 Version 8 Version 9 and Version 10 flow processing Figure 29 V5 V8 V9 V10 and Flow Processing...

Страница 603: ...hen other measures are met that apply to aggressively age flows as the cache becomes too full such as overflow percent Version 8 There are several different aggregate flow types including AS matrix De...

Страница 604: ...specifications from the IETF as the IP Flow Information Export IPFIX standard Like Version 9 the version 10 format uses templates to allow for different data elements regarding a flow that is to be ex...

Страница 605: ...t criteria to determine acceptability With cflowd only the first packet of a flow is checked If the first packet is forwarded an entry is added to the cflowd cache Subsequent packets in the same flow...

Страница 606: ...s which specify an action of interface disable sample in which traffic that matches these filter entries will not be subject to cflowd sampling Cflowd ACL where IP filters must be created with entries...

Страница 607: ...be configured for cflowd to be operational Cflowd is enabled globally At least one collector must be configured and enabled A cflowd option must be specified and enabled on a router interface Sampling...

Страница 608: ...Page 608 7750 SR OS Router Configuration Guide...

Страница 609: ...wd Configuration on page 613 Common Configuration Tasks on page 614 Enabling Cflowd on page 616 Configuring Global Cflowd Parameters on page 617 Configuring Cflowd Collectors on page 618 Dependencies...

Страница 610: ...is every 1000th packet Excessive sampling over an extended period of time for example more than every 1000th packet can burden router processing resources The following data is maintained for each ind...

Страница 611: ...lows that are captured Collectors A collector defines how data flows should be exported from the flow cache A maximum of 5 collectors can be configured Each collector is identified by a unique IP addr...

Страница 612: ...refix and mask source AS and ingress interface Destination prefix Flows are aggregated based on destination prefix and mask destination AS and egress interface Source destination prefix Flows are aggr...

Страница 613: ...e collector must be configured and enabled Sampling must be enabled on either An IP filter entry and applied to a service or an port An interface applied to a port The following example displays a cfl...

Страница 614: ...before it will be automatically exported to defined collectors Inactive timeout Controls the minimum amount of time before a flow is declared inactive If no traffic is sampled for an existing flow fo...

Страница 615: ...ng Cflowd on Interfaces and Filters on page 629 CLI Syntax config cflowd active timeout minutes cache size num entries inactive timeout seconds template retransmit seconds overflow percent rate sample...

Страница 616: ...collector to be active Use the following CLI syntax to enable cflowd CLI Syntax config cflowd no shutdown The following example displays the default values when cflowd is initially enabled No collecto...

Страница 617: ...owing CLI commands to configure cflowd parameters CLI Syntax config cflowd active timeout minutes cache size num entries inactive timeout seconds overflow percent rate sample rate template retransmit...

Страница 618: ...tdown template set basic mpls ip The following example displays a basic cflowd configuration A ALA 1 config cflowd info active timeout 20 inactive timeout 10 overflow 10 rate 100 collector 10 10 10 1...

Страница 619: ...used to export the flow data Each flow exported to a collector configured for either v9 or v10 formats will be sent using one of the above flow template sets As described above which template is used...

Страница 620: ...IPv4 TOS 5 IP version 60 ICMP Type Code 32 Direction 61 BGP Source ASN 16 BGP Dest ASN 17 Source IPv4 Prefix Length 9 Dest IPv4 Prefix Length 13 1 Only sent to collectors configured for v10 format Tab...

Страница 621: ...est Port 11 Forwarding Status 89 TCP control Bits Flags 6 IPv4 Protocol 4 IPv4 TOS 5 IP version 60 ICMP Type Code 32 Direction 61 BGP Source ASN 16 BGP Dest ASN 17 Source IPv4 Prefix Length 9 Dest IPv...

Страница 622: ...d ID IPv6 Src Addr 27 IPv6 Dest Addr 28 IPv6 Nexthop 62 IPv6 BGP Nexthop 63 IPv4 Nexthop 15 IPv4 BGP Nexthop 18 Ingress Interface 10 Egress Interface 14 Packet Count 2 Byte Count 1 Start Time 22 End T...

Страница 623: ...1 BGP Source ASN 16 BGP Dest ASN 17 IPv6 Src Mask 29 IPv6 Dest Mask 30 1 Only sent to collectors configured for v10 format Table 16 MPLS IPv6 Template Field Name Field ID IPv6 Src Addr 27 IPv6 Dest Ad...

Страница 624: ...Dest Port 11 Forwarding Status 89 TCP control Bits Flags 6 Protocol 4 IPv6 Extension Hdr 64 IPv6 Next Header 193 IPv6 Flow Label 31 TOS 5 IP version 60 IPv6 ICMP Type Code 139 Direction 61 BGP Source...

Страница 625: ...e Field Name Field ID Start Time 22 End Time 21 Flow Start Milliseconds1 1 Only sent to collectors configured for v10 format 152 Flow End Milliseconds1 153 Ingress Interface 10 Egress Interface 14 Pac...

Страница 626: ...7 IPv6 Dest Addr 28 IPv6 Nexthop 62 Ingress Interface 10 Egress Interface 14 Packet Count 2 Byte Count 1 Start Time 22 End Time 21 Flow Start Milliseconds1 152 Flow End Milliseconds1 153 Src Port 7 De...

Страница 627: ...at Table 19 Ethernet L2 IP Flow Template1 Field Name Field ID MAC Src Addr 56 MAC Dest Addr 80 Ingress Physical Interface 252 Egress Physical Interface 253 Dot1q VLAN ID 243 Dot1q Customer VLAN ID 245...

Страница 628: ...Port 7 Dest Port 11 TCP control Bits Flags 6 Protocol 4 IPv6 Option Header 64 IPv6 Next Header 196 IPv6 Flow Label 31 TOS 5 IP Version 60 ICMP Type Code 32 1 Ohe Ethernet L2 IP flow template is only s...

Страница 629: ...discusses the following cflowd configuration management tasks Specifying Cflowd Options on an IP Interface on page 630 Interface Configurations on page 630 Service Interfaces on page 631 Specifying S...

Страница 630: ...Router Configuration Guide 4 To omit certain types of traffic from being sampled when the interface sampling is enabled the config filter ip filter entry interface disable sample option may be enabled...

Страница 631: ...bled on a service interface cflowd collects routed traffic flow samples through a router for analysis Cflowd is supported on IES and VPRN services interfaces only Layer 2 traffic is excluded All packe...

Страница 632: ...cted See Interfcace Configuration For configuration information refer to the IP Router Confguration Overview section of the 7750 SR OS Router Configuration Guide 4 On the IP filter being used the entr...

Страница 633: ...for traffic sampling to occur on an enabled entity If a specific collector UDP port is not identified then by default flows are sent to port 2055 Cflowd can also be dependent on the following entity c...

Страница 634: ...ilter sampled No traffic is sampled on this interface IP filter mode or cflowd not enabled on interface ACL interface disable sample Command is ignored No sampling occurs Interface mode interface inte...

Страница 635: ...odify global cflowd parameters CLI Syntax config cflowd active timeout minutes no active timeout cache size num entries no cache size inactive timeout seconds no inactive timeout overflow percent no o...

Страница 636: ...ation prefix no source prefix no autonomous system type origin peer no description description string no shutdown template set basic mpls ip l2 ip If a specific collector UDP port is not identified th...

Страница 637: ...o collector ip address port no aggregation no as matrix no destination prefix no protocol port no raw no source destination prefix no source prefix autonomous system type origin peer no autonomous sys...

Страница 638: ...ide Show Commands show cflowd collector ip address port detail interface ip int name ip address status Tools Commands tools dump cflowd top protocols clear top flows ipv4 ipv6 mpls clear packet size i...

Страница 639: ...ption This command configures the maximum amount of time before an active flow is aged out of the active cache If an individual flow is active for this amount of time the flow is aged out and a new fl...

Страница 640: ...e flow collector must be specified The UDP port number is an optional parameter If it is not set the default of 2055 is used for all collector versions To connect to a IPFIX version 10 collector using...

Страница 641: ...this command removes all aggregation types from the collector configuration Default no aggregation as matrix Syntax no as matrix Context config cflowd collector aggregation Description This command sp...

Страница 642: ...Version 5 The no form of this command removes this type of aggregation from the collector configuration Default none source destination prefix Syntax no source destination prefix Context config cflow...

Страница 643: ...cflowd collector Description This command creates a text description stored in the configuration file for a configuration context The no form of this command removes the description string from the c...

Страница 644: ...flow information This template is only applicable for v10 IPFIX collectors inactive timeout Syntax inactive timeout seconds no inactive timeout Context config cflowd Description This command specifie...

Страница 645: ...Syntax rate sample rate no rate Context config cflowd Description This command specifies the rate N at which traffic is sampled and sent for flow analysis A packet is sampled every N packets for examp...

Страница 646: ...Page 646 7750 SR OS Router Configuration Guide...

Страница 647: ...le 21 Show Cflowd Collector Output Fields Label Description Host Address The IP address of a remote Cflowd collector host to receive the exported Cflowd data Port The UDP port number on the remote Cfl...

Страница 648: ...ollector Cflowd Collectors Host Address Port Version AS Type Admin Oper Sent 138 120 135 103 2055 v5 peer up up 1380 records 138 120 135 103 9555 v8 origin up up 90 records 138 120 135 103 9996 v9 up...

Страница 649: ...t to this remote collector host Aggregation Type The bit mask which specifies the aggregation scheme s used to aggre gate multiple individual flows into an aggregated flow for export to this remote ho...

Страница 650: ...source destination prefix Disabled 0 0 0 raw Disabled 0 0 0 Address 138 120 135 103 Port 9996 Description Test v9 Collector Version 9 Admin State up Oper State up Packets Sent 51 Last Changed 09 03 2...

Страница 651: ...A Down ipv6NamedIf Base 380 i f both Up N A Down 1234 5678 9 128 Up Interfaces 3 Label Description Interface Displays the physical port identifier IPv4 Address Displays the primary IPv4 address for th...

Страница 652: ..._7600 1 13 1 2 24 Interface Up Up To_E 1 11 1 2 24 Interface Up Up To_G2 150 153 1 1 24 Interface Up Up To_Sr1_Sonet 150 140 1 2 24 Interface Up Down Main 120 1 1 1 24 Filter Down Down New 120 2 1 1 2...

Страница 653: ...ows The current number of active flows being collected Total Pkts Rcvd The rate at which traffic is sampled and forwarded for Cflowd analysis Total Pkts Dropped The total number of packets dropped Agg...

Страница 654: ...ow matched 224428382 Total flows flushed 150000 Version Info Version Status Sent Open Errors 5 Enabled 92 0 0 8 Enabled 46 0 0 9 Enabled 56 1 0 10 Enabled 39 1 0 Cflowd Status Cflowd Admin Status Enab...

Страница 655: ...decimal pro tocol number Total Flows Displays the total number of flows recorded since the last clearing of cflowd statistics with this protocol type Flows Sec Displays the average number of flows det...

Страница 656: ...ed since the cflowd top flow table was last cleared or initialized Output Tools Dump Cflowd Top Flows Output The following table describes the tools dump cflowd top flows output fields Table 25 Tools...

Страница 657: ...17 0x23 2001 0db8 85a3 0000 0000 8a2e 1234 5678 1234567890 1500 13600 S Port Src Port Displays the source protocol port number Msk Displays the route prefix length for route to source IP address AS D...

Страница 658: ...v6 clear Context tools dump cflowd Description This command displays packet size distribution for sampled IP traffic Values are displays in decimal format 1 0 100 500 50 Separate statistics are mainta...

Страница 659: ...iption Clears the raw and aggregation flow caches which are sending flow data to the configured collectors This action will trigger all the flows to be discarded The cache restarts flow data collectio...

Страница 660: ...Page 660 7750 SR OS Router Configuration Guide...

Страница 661: ...uration Guide Page 661 Common CLI Command Descriptions In This Chapter This section provides information about common Command Line Interface CLI syntax and command usage Topics in this chapter include...

Страница 662: ...d bundle ppp 1 1 1 bpgrp id bpgrp ima 1 lag id lag 63 aps id aps 1 dot1q port id bundle id bpgrp id lag id aps id qtag1 port id qtag1 1 1 3 100 bundle id bundle ppp 1 1 1 bpgrp id bpgrp ima 1 lag id q...

Страница 663: ...um 1 336 bpgrp id bpgrp type bpgrp num bpgrp keyword type ima fr ppp bpgrp num 1 2000 aps id aps group id channel aps keyword group id 1 64 ccag id ccag id path id cc type cc id ccag keyword id 1 8 pa...

Страница 664: ...es for the port and encapsulation types Port Type Encap Type Allowed Values Comments Ethernet Null 0 The SAP is identified by the port Ethernet Dot1q 0 4094 The SAP is identified by the 802 1Q tag on...

Страница 665: ...et of the interface subnet and the routing context specified matches with the one of the interface This context will provide a SAP to the tunnel The operator may associate an ingress and egress QoS po...

Страница 666: ...Common CLI Command Descriptions Page 666 7750 SR OS Router Configuration Guide...

Страница 667: ...ions via MD5 RFC 2439 BGP Route Flap Dampening RFC 2558 Multiprotocol Extensions for BGP 4 RFC 2918 Route Refresh Capability for BGP 4 RFC 3107 Carrying Label Information in BGP 4 RFC 3392 Capabilitie...

Страница 668: ...or IPv6 RFC 2462 IPv6 Stateless Address Auto configuration RFC 2463 Internet Control Message Protocol ICMPv6 for the Internet Protocol Version 6 Specification RFC 2464 Transmission of IPv6 Packets ove...

Страница 669: ...Serv aware TE RFC 3906 Calculating Interior Gateway Protocol IGP Routes Over Traffic Engineering Tunnels RFC 4090 Fast reroute Extensions to RSVP TE for LSP Tunnels RFC 4124 Protocol Extensions for S...

Страница 670: ...ult IP MTU for use over ATM AAL5 RFC 2514 Definitions of Textual Conventions and OBJECT_IDENTITIES for ATM Management RFC 2515 Definition of Managed Objects for ATM Management RFC 2684 Multiprotocol E...

Страница 671: ...er MPLS ANCP L2CP RFC5851 ANCP framework draft ietf ancp protocol 02 txt ANCP Protocol Voice Video Performance ITU T G 107 The E Model A computational model for use in planning ETSI TS 101 329 5 Annex...

Страница 672: ...KMIB RFC 2572 SNMP MPD MIB RFC 2573 SNMP TARGET NOTIFICATION MIB RFC 2574 SNMP USER BASED SMMIB RFC 2575 SNMP VIEW BASEDACM MIB RFC 2576 SNMP COMMUNITY MIB RFC 2578 Structure of Management Information...

Страница 673: ...ion values 435 MAC 431 packets 430 policies 409 policy entries 409 redirect policies 418 scope 438 configuring basic 444 IP filter policy 445 450 MAC filter policy 451 redirect policy 458 management t...

Страница 674: ...Router Configuration Guide configuring basic 327 command reference 342 IES parameters 334 non owner 334 owner 335 management tasks 338 overview 326 router interface 332 336 non owner 336 owner 337 VR...

Отзывы:

Нет отзывов

Похожие инструкции для 7750 SR-OS

i-bus KNX IPR/S 3.5.1

Бренд: ABB Страницы: 44

Бренд: Observint Страницы: 117

Бренд: FOR-A Страницы: 2

DHI-NVR2104-P-4KS2

Бренд: Dahua Страницы: 23

Бренд: LogLogic Страницы: 30

Бренд: Mercusys Страницы: 35

Бренд: HARTING Страницы: 13

DSL5068EN(1T1R)

Бренд: Aztech Страницы: 40

Бренд: SyChip Страницы: 24

FrameSaver DSL 9788 Router

Бренд: Paradyne Страницы: 28

Бренд: Altimium Страницы: 12

Security Router X-PeditionTM

Бренд: Enterasys Страницы: 466

Бренд: Planet Страницы: 66

Routers and Switches

Бренд: Allied Telesis Страницы: 15

Бренд: Axis Страницы: 64

Бренд: SHOWTEC Страницы: 15

Бренд: e+p Страницы: 2

Бренд: Baileigh Страницы: 20

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды