Riverstone Networks WICT1-12 Скачать руководство пользователя страница 556

Страница: 556 / 718

25-10 Riverstone Networks RS Switch Router User Guide Release 8.0

Layer-2 Security Filters

Security Configuration

Example 1: Address Filters

Source filter:

The consultant is not allowed to access any file servers. The consultant is only allowed to interact with

the engineers on the same Ethernet segment – port et.1.1. All traffic coming from the consultant’s MAC address will
be dropped.

Destination filter:

No one from the engineering group (port et.1.1) should be allowed to access the finance server. All

traffic destined to the finance server's MAC will be dropped.

Flow filter:

Only the consultant is restricted access to one of the finance file servers. Note that port et.1.1 should be

operating in flow-bridging mode for this filter to work.

Static Entries Example

Source static entry:

The consultant is only allowed to access the engineering file servers on port et.1.2.

Destination static entry:

Restrict "login multicasts" originating from the engineering segment (port et.1.1) from

reaching the finance servers.

filters add address-filter name consultant source-mac 001122:334455 vlan 1

in-port-list et.1.1

filters add address-filter name finance dest-mac AABBCC:DDEEFF vlan 1 in-port-list

et.1.1

filters add address-filter name consult-to-finance source-mac 001122:334455 dest-mac

AABBCC:DDEEFF vlan 1 in-port-list et.1.1

filters add static-entry name consultant source-mac 001122:334455 vlan 1 in-port-list

et.1.1 out-port-list et.1.2 restriction allow

filters add static-entry name login-mcasts dest-mac 010000:334455 vlan 1 in-port-list

et.1.1 out-port-list et.1.3 restriction disallow

Содержание WICT1-12

Страница 1: ...36 007 07 Rev 0A RS Switch Router User Guide Release 8 0...

Страница 2: ...2 5 5 32 8 7 5 7 5 75 5 5 5 8 2 2 5 5 7 5 7 2 57 2 2 5 5 23 5 227 2 5 6 5 2 23 5 7 2 23 2 5 5 2 A 124565 57 7 2 8 152 8 23 8 415 15 2 8 2 2 7 5 5 5 2 2 15 4 5A 8 4 8 2 23 15 5 23 1 23 4 5 565 3 76 57...

Страница 3: ...t has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC rules These limits are designed to provide reasonable protection against harmful inter...

Страница 4: ...difications made to this device that are not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment INDUSTRY CANADA COMPLIANCE STATEMENT H...

Страница 5: ...MATION CLASS 1 LASER TRANSCEIVERS B B 21 CFR 1040 10 and 1040 11 U S Department of Health and Human Services FDA IEC Publication 825 International Electrotechnical Commission CENELEC EN 60825 European...

Страница 6: ...ephone Company may discontinue your service temporarily If possible they will notify you in advance But if advance notice isn t practical you will be notified as soon as possible You will be advised o...

Страница 7: ...Riverstone Networks RS Switch Router User Guide Release 8 0 vii J J J J J 2 5 5J 5 A H B J 5J H...

Страница 8: ...riate records of the location of the original media and all copies of the Licensed Software in whole or in part made by You b not to use copy or modify the Licensed Materials in whole or in part excep...

Страница 9: ...Y IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY FITNESS FOR A PARTICULAR PURPOSE SATISFACTORY QUALITY NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING USAGE OR TRADE PRACTICE ARE HEREBY EXCLU...

Страница 10: ...roducts are not designed or intended for use in i the design construction operation or maintenance of any nuclear facility ii navigating or operating aircraft or iii operating life support or life cri...

Страница 11: ...ADE PRACTICE ARE HEREBY EXCLUDED TO THE EXTENT ALLOWED BY APPLICABLE LAW Limitation of Liability IN NO EVENT WILL RIVERSTONE OR ITS AFFILIATES OR SUPPLIERS BE LIABLE FOR ANY LOSS OF USE INTERRUPTION O...

Страница 12: ...xii Riverstone Networks RS Switch Router User Guide Release 8 0 DECLARATION OF CONFORMITY ADDENDUM E 00D 55 0 0 55 5 7 E 00D 55 5 7 0 0 55 5 5 E F 5 D J F...

Страница 13: ...and Restoring Configuration Files 2 5 2 2 Backing Up and Restoring System Image Files 2 6 2 3 Configuring System Settings 2 7 2 3 1 Setting Daylight Saving Time 2 8 2 3 2 Configuring a Log in Banner 2...

Страница 14: ...Hot Swapping a WIC 4 8 5 Bridging Configuration Guide 5 1 5 1 Spanning Tree IEEE 802 1d 5 1 5 2 Bridging Modes Flow Based and Address Based 5 1 5 3 VLAN Overview 5 2 5 3 1 RS VLAN Support 5 3 5 3 2 Co...

Страница 15: ...ertification 7 3 7 3 2 IF RF Upconverter 7 3 7 3 3 Diplex Filters 7 3 7 3 4 DHCP Servers 7 5 7 3 5 DNS and TFTP Servers 7 5 7 4 Connecting and Configuring the Downstream 7 5 7 4 1 Installing and Confi...

Страница 16: ...over SONET Configuration Guide 9 1 9 1 Configuring IP Interfaces for PoS Links 9 1 9 2 Configuring Packet over SONET Links 9 2 9 3 Configuring Automatic Protection Switching 9 3 9 3 1 Configuring Work...

Страница 17: ...IP Interfaces for RARP 11 6 11 5 2 Defining MAC to IP Address Mappings 11 7 11 5 3 Monitoring RARP 11 7 11 6 Configuring DNS Parameters 11 7 11 7 Configuring IP Services ICMP 11 8 11 8 Configuring IP...

Страница 18: ...14 1 OSPF Multipath 14 2 14 2 Configuring OSPF 14 2 14 3 Setting the Router ID 14 2 14 4 Enabling OSPF 14 3 14 5 Configuring OSPF Areas 14 3 14 5 1 Configuring Summary Ranges 14 4 14 5 2 Configuring...

Страница 19: ...16 1 The RS BGP Implementation 16 1 16 2 Basic BGP Tasks 16 2 16 2 1 Setting the Autonomous System Number 16 2 16 2 2 Setting the Router ID 16 2 16 2 3 Configuring a BGP Peer Group 16 3 16 2 4 Adding...

Страница 20: ...17 5 Configuring L3 Label Switched Paths 17 27 17 5 1 Configuring L3 Static LSPs 17 27 17 5 2 Configuring L3 Dynamic LSPs 17 31 17 5 3 Configuring an Explicit LSP 17 32 17 6 Configuring L2 Tunnels 17...

Страница 21: ...19 3 1 Configuring IGMP on an IP Interface 19 2 19 3 2 Configuring IGMP Query Interval 19 3 19 3 3 Configuring IGMP Response Wait Time 19 3 19 3 4 Configuring Per Interface Control of IGMP Membership...

Страница 22: ...ncing Group 22 3 22 1 3 Setting Timeouts for Load Balancing Mappings 22 4 22 1 4 Optional Group or Server Operating Parameters 22 5 22 1 5 Using Health Check Clusters 22 7 22 1 6 Setting Server Status...

Страница 23: ...ng ACLs 24 6 24 2 1 Editing ACLs Offline 24 6 24 2 2 Maintaining ACLs Using the ACL Editor 24 7 24 3 Using ACLs 24 8 24 3 1 Applying ACLs to Interfaces 24 8 24 3 2 Applying ACLs to Services 24 9 24 3...

Страница 24: ...6 1 Allocating Bandwidth for a Weighted Fair Queuing Policy 26 8 26 7 Weighted Random Early Detection WRED 26 8 26 7 1 WRED s Effect on the Network 26 8 26 7 2 Weighting Algorithms in WRED 26 8 26 8...

Страница 25: ...0 4 Configuring Frame Relay Interfaces for the RS 30 8 30 4 1 Defining the Type and Location of a Frame Relay and VC Interface 30 8 30 4 2 Setting up a Frame Relay Service Profile 30 8 30 4 3 Applying...

Страница 26: ...on RS 8x00 30 50 30 18 4 Scenario 4 Routed Metropolitan Backbone with Only T1 on RS 8x00 30 57 30 18 5 Scenario 5 Routed Metropolitan Backbone with T1 and T3 on RS 8x00 30 64 30 18 6 Scenario 6 Route...

Страница 27: ...ports 5 26 Figure 5 8 Customer VLAN with multiple tunnel entry ports across multiple routers 5 28 Figure 5 9 STP enabled in customer VLANs 5 30 Figure 5 10 Multiple VLANs on single tunnel entry port 5...

Страница 28: ...6 47 Figure 17 1 MPLS label switched path 17 2 Figure 17 2 Encoding of an MPLS label 17 3 Figure 17 3 MPLS label stack 17 3 Figure 17 4 Label binding distribution 17 5 Figure 17 5 LSP creation and pac...

Страница 29: ...Virtual IP address ranges 22 14 Figure 22 5 Session and netmask persistence 22 15 Figure 22 6 Load balancing with NAT 22 16 Figure 22 7 Web cache configuration 22 19 Figure 25 1 Source filter example...

Страница 30: ...Office Connections through an ISP 30 84 Figure 30 14 Routed Metropolitan Backbone 30 91 Figure 31 1 Hardware credit buckets 31 4 Figure 31 2 Configuration Example Applying a Service to Multiple Serve...

Страница 31: ...le 16 1 Keywords for well known communities 16 8 Table 17 1 Reserved label values 17 4 Table 17 2 MPLS label operations supported on the RS 17 4 Table 17 3 RSVP parameters on the RS 17 15 Table 17 4 R...

Страница 32: ...uide Release 8 0 Table 30 3 Channelized DS3 Framing and Line Coding Schemes 30 31 Table 30 4 Clear Channel T3 and E3 Interface Rates 30 39 Table 30 5 Clear Channel T3 and E3 Framing and Line Coding 30...

Страница 33: ...ter Getting Started Guide to install the chassis and perform basic setup tasks then return to this manual for more detailed configuration information 1 1 RELATED DOCUMENTATION The Riverstone RS Switch...

Страница 34: ...ce Indicates commands and keywords that you enter as shown italics Indicates arguments for which you supply values x or italics or x italics Keywords and arguments within a set of square brackets are...

Страница 35: ...nfiguration commands that you have made active from the scratchpad The active configuration remains in effect until you power down or reboot the system Caution The active configuration remains in effe...

Страница 36: ...sts the commands that are useful for displaying the RS s configuration information Table 2 1 Commands to change configuration information Task Command Enable Mode Copy between scratchpad active config...

Страница 37: ...re in Configure mode by entering the configure command in the CLI 3 Enter the following command 4 Type y to activate the changes Table 2 2 Commands to display configuration information Task Command En...

Страница 38: ...mmand in the CLI 2 Enter the following command to copy the configuration changes in the Active configuration to the Startup configuration 3 When the CLI displays the following message enter yes to sav...

Страница 39: ...indicate a partial completion status complete with P Note Commands with no annotation or annotated with P are not in error 2 1 6 Backing Up and Restoring Configuration Files When you save the startup...

Страница 40: ...uration file It is recommended that a backup of the system image be stored on a central server in the unlikely event that the system image becomes corrupted or deleted from the PC flash card Use the s...

Страница 41: ...ge add command Additionally you can use the following commands to display add and delete system images 2 3 CONFIGURING SYSTEM SETTINGS In addition to the initial settings described in the Getting Star...

Страница 42: ...ure mode to set DST according to specific days or dates When you set DST by setting the time forward by an hour saving it to the active configuration file automatically activates the command causing t...

Страница 43: ...ts up the CLI appears in the Telnet or console window The following message displays Press the Return key The following message displays The first line in the above example means that a password for l...

Страница 44: ...e user mode command prompt consists of the RS name followed by the angle bracket as shown in the following 3 2 2 Enable Mode The enable mode provides more commands than the user mode Commands within t...

Страница 45: ...press the Return key or press Ctrl Z 3 2 4 BootPROM Mode The BootPROM mode is used to view and edit the current BootPROM configuration file While the RS is booting up press the Esc key Then at the com...

Страница 46: ...ete or transpose characters or delete portions of a line The line editing commands in the CLI are detailed in the following table Table 3 1 CLI line editing commands Command Resulting Action Ctrl a Mo...

Страница 47: ...he user mode If in the configure mode exit back to the enable mode ESC b Move backward one word ESC d Kill the word from the cursor s current location to the first white space ESC f Move forward one w...

Страница 48: ...e of invoking help while entering a command rs aging Show Aging information cli Modify the command line interface behavior dvmrp Show DVMRP related parameters enable Enable privileged user mode exit E...

Страница 49: ...ress for the management port For an example of these commands see Section 3 8 CLI and RS Configuration Example For more information about these commands see the Riverstone RS Switch Router Getting Sta...

Страница 50: ...ands that will be stored in the command history buffer Commands stored in the buffer can be recalled without typing the complete command again When the key is pressed the CLI displays the commands tha...

Страница 51: ...number is printed on the top of the front fan cover 3 7 3 Port Number Port number is the number assigned to the physical connector on the line card The range and assignment of port numbers varies by...

Страница 52: ...and the RS 8600 1 2 Channelized T3 on the RS 32000 and the RS 38000 1 2 3 4 Multi rate WAN Module with a Channelized T1 or Channelized E1 WIC in each slot 1 2 3 4 Multi rate WAN Module with a Clear Ch...

Страница 53: ...et 3 8 3 7 4 Channel Number Channel number is the number assigned to the timeslots or T1 lines in a connector available only for Channelized T1 E1 and T3 interfaces For Channelized T1 and E1 and fract...

Страница 54: ...ot 7 of an RS 8000 The names of the two ports from left to right are gi 7 1 and gi 7 2 3 8 CLI AND RS CONFIGURATION EXAMPLE The configuration will demonstrate how to set The system time and date The d...

Страница 55: ...buffer size rs cli set history size 100 4 Change modes rs configure 5 Enable the daylight savings function rs configure system set dst changing s wk 5 s dow 1 s mo 3 e wk 1 e dow 7 e mo 10 e hr 2 6 Na...

Страница 56: ...3 14 Riverstone Networks RS Switch Router User Guide Release 8 0 CLI and RS Configuration Example CLI and RS Basics...

Страница 57: ...ic module On the RS 32000 and RS 38000 you can hot swap the GBICs in addition to the line cards and secondary control modules Caution Take appropriate care when removing line cards from the RS They ma...

Страница 58: ...able mode After you enter this command the Offline LED on the line card lights and messages appear on the console indicating the ports on the line card are inoperative Note If you have deactivated a l...

Страница 59: ...G ONE TYPE OF LINE CARD WITH ANOTHER You can hot swap one type of line card with another type For example you can replace a 10 100Base TX line card with a 1000Base SX line card The RS can be configure...

Страница 60: ...ary Control Module the Offline LED is lit Note The Offline LED on the Control Module has a different function from the Offline LED on a line card On a line card it means that the line card has been de...

Страница 61: ...sing it in place to ensure that the pins on the back of the card are completely seated in the backplane Note Make sure the circuit card and not the metal plate is between the card guides Check both th...

Страница 62: ...e The Online LED goes out and the Offline LED lights Figure 4 3 shows the location of the Offline LED and Hot Swap button on a Switching Fabric Module Figure 4 3 Location of offline LED and hot swap b...

Страница 63: ...d the host gigabit Ethernet line cards are sensitive to static discharge Use an antistatic wrist strap and observe all static precautions when you remove or install a GBIC Failure to do so could resul...

Страница 64: ...of the line card 3 Gently insert the GBIC module into the GBIC slot opening in the line card The GBIC door on the line card folds in and the hinges engage the alignment slots on the sides of the GBIC...

Страница 65: ...ADDRESS BASED The RS provides the following types of wire speed bridging Address based bridging The RS performs this type of bridging by looking up the destination address in an L2 lookup table on the...

Страница 66: ...pe of this manual Each type of VLAN is briefly explained in the following subsections Port based VLANs Ports of L2 devices switches bridges are assigned to VLANs Any traffic received by a port is clas...

Страница 67: ...ridge switch use the port based and protocol based VLAN types When using the RS as a combined switch and router use the subnet based VLANs in addition to port based and protocol based VLANs It is not...

Страница 68: ...en the RS is unconfigured each port belongs to a VLAN called the default VLAN By creating VLANs and adding ports to the created VLANs the ports are moved from the default VLAN to the newly created VLA...

Страница 69: ...classified as belonging to VLAN IP_VLAN You can use the port enable 8021p command to tag frames transmitted from access ports with a one byte 802 1p class of service CoS value The CoS value indicates...

Страница 70: ...xample the following illustration shows a router with traffic being sent from port A to port B port B to port A port B to port C and port A to port C Figure 5 1 Router traffic going to different ports...

Страница 71: ...RS you perform the following tasks on the ports where you want spanning tree enabled 5 6 1 Using Rapid STP You can specify the use of rapid STP defined by IEEE 802 1w This protocol also known as Fast...

Страница 72: ...ning Tree Protocol work should make adjustments to spanning tree parameters Poorly chosen adjustments to these parameters can have a negative impact on performance A good source on bridging is the IEE...

Страница 73: ...port costs enter the following command in Configure mode Adjusting Bridge Protocol Data Unit BPDU Intervals You can adjust BPDU intervals as described in the following sections Adjust the Interval bet...

Страница 74: ...nged and recomputes the spanning tree topology To change the default interval setting enter the following command in Configure mode Specify the interval between hello time for default spanning tree st...

Страница 75: ...ied period of time If the port satisfies this condition then it is considered stable and traffic is switched back to it Otherwise it remains in an unstable state and is continuously monitored until it...

Страница 76: ...Therefore be careful to not put loops within the VLAN 5 7 3 Configuring VLAN Trunk Ports The RS supports standards based VLAN trunking between multiple RS s as defined by IEEE 802 1Q 802 1Q adds a hea...

Страница 77: ...the RS allow you to configure ports to filter specific MAC addresses When defining a Layer 2 security filter you specify to which ports you want the filter to apply For details on configuring Layer 2...

Страница 78: ...When combined with static entries however these filters can be used to drop all received traffic but allow some frames to go through 5 10 MONITORING BRIDGING The RS displays bridging statistics and co...

Страница 79: ...ing and removing VLANs When you turn on dynamic VLAN creation and the RS receives a request for a VLAN that does not exist on the RS GVRP dynamically creates that VLAN and adds the port that received...

Страница 80: ...exist on the RS In addition you will still be able to configure VLANs manually through the CLI Set a port s registration mode to forbidden Registration modes refer to whether VLAN IDs can be dynamical...

Страница 81: ...nstead dynamic VLAN creation was enabled So when any of the edge routers R1 R2 R3 R6 R7 or R8 send a request for a VLAN to the core routers R4 and R5 and the VLAN does not exist on the core routers th...

Страница 82: ...GVRP on ports et 1 1 3 gvrp enable ports et 1 1 3 Ports et 1 2 and 1 3 do not need to send GARP PDUs because they are connected to devices that are not running GVRP Therefore we should set their stat...

Страница 83: ...LUE while ports et 3 1 on R1 and et 7 1 on R2 belong to customer C2 s VLAN GREEN Traffic entering any of these four ports are tagged with the appropriate customer VLAN ID BLUE or GREEN in an IEEE 802...

Страница 84: ...ther ports that belong to that VLAN If a unicast packet arrives on a tunnel entry port the packet is sent out a particular backbone VLAN port The 802 1p priority of a packet is preserved throughout th...

Страница 85: ...EEN port based vlan create BLUE port based Add port to each VLAN vlan add ports et 2 1 to BLUE vlan add ports et 3 1 to GREEN vlan add ports et 4 1 to RED Make et 4 1 both a trunk port and a tunnel ba...

Страница 86: ...backbone VLAN GREEN Note that the trunk port on each router is part of both backbone VLAN RED and backbone VLAN GREEN Figure 5 5 Multiple customers with common VLANs Create 1 backbone VLAN and 2 cust...

Страница 87: ...port based Add ports to BLUE VLAN vlan add ports et 2 1 et 3 1 to BLUE Make et 4 1 both a trunk port and a tunnel backbone port vlan make trunk port et 4 1 stackable vlan Add et 4 1 to both RED and G...

Страница 88: ...te BLUE port based Add port to each VLAN vlan add ports et 2 1 to BLUE vlan add ports et 3 1 to GREEN vlan add ports et 4 1 to RED Make et 4 1 both a trunk port and a tunnel backbone port vlan make tr...

Страница 89: ...e port vlan make trunk port et 5 1 stackable vlan Map tunnel exit ports to backbone VLAN vlan enable stackable vlan on et 6 1 backbone vlan RED vlan enable stackable vlan on et 7 1 backbone vlan RED C...

Страница 90: ...entry exit ports Create 1 backbone VLAN and 2 customer VLANs vlan create PURPLE port based vlan create GREEN port based vlan create BLUE port based Add port to each VLAN vlan add ports et 11 1 to PURP...

Страница 91: ...o the backbone VLAN PURPLE Create backbone VLAN and customer VLAN vlan create RED port based vlan create BLUE port based Add ports to VLANs vlan add ports et 2 1 et 3 1 to BLUE vlan add ports et 4 1 t...

Страница 92: ...tomer VLAN vlan create PURPLE port based vlan create BLUE port based Add port to each VLAN vlan add ports et 2 1 to BLUE vlan add ports et 3 1 to PURPLE Make et 3 1 both a trunk port and a tunnel back...

Страница 93: ...le vlan on et 5 1 backbone vlan RED Create 1 backbone VLAN and 1 customer VLAN vlan create RED port based vlan create BLUE port based Add port to each VLAN vlan add ports et 6 1 to BLUE vlan add ports...

Страница 94: ...s VLAN BLUE and for customer C2 s VLAN GREEN is tunneled through the backbone VLAN RED STP is enabled in the customer VLAN BLUE on the customer routers C1R1 and C1R2 for customer C1 Figure 5 9 STP en...

Страница 95: ...N vlan create BLUE port based Add port to VLAN vlan add ports et 8 1 to BLUE Make port et 8 1 a trunk port vlan make trunk port et 8 1 Enable STP on et 8 1 stp enable port et 8 1 Create 1 backbone VLA...

Страница 96: ...vlan make access port command to allow the tunnel entry port to be added to any number of VLANs In Figure 5 10 customers C1 C2 C3 C4 and C5 each have a VLAN that will use port et 2 1 on R1 as the tun...

Страница 97: ...ase 8 0 5 33 Bridging Configuration Guide Tunneling VLAN packets across MANs Figure 5 10 Multiple VLANs on single tunnel entry port et 2 1 et 4 1 et 5 1 et 6 1 MAN RED VLAN backbone C1 C5 R2 R1 C1 C5...

Страница 98: ...r VLANs Create backbone VLAN vlan create RED port based Create customer VLANs vlan create BLUE port based vlan create GREEN port based vlan create PINK port based vlan create PURPLE port based vlan cr...

Страница 99: ...lan create AQUA port based Make et 6 1 an access port that can belong to 1 VLAN vlan make access port et 6 1 stackable vlan Add ports to VLANs vlan add ports et 6 1 to BLUE vlan add ports et 6 1 to GR...

Страница 100: ...the vlan enable stackable vlan command 3 The ports on which multicast broadcast or unknown unicast packets are flooded 4 The tunnel backbone ports configured with the stackable vlan option of the vlan...

Страница 101: ...ngestion points in the network eliminating potential traffic bottlenecks SmartTRUNKs also provide improved data link resiliency if one link in a SmartTRUNK fails its flows are distributed among the re...

Страница 102: ...K must have the same bandwidth i e either all 10 100 Mbps Ethernet ports or all Gigabit Ethernet ports No Control Protocol Can be used to connect the SmartTRUNK to another RS Also if you are connectin...

Страница 103: ...emapped to a different port in the same SmartTRUNK If the flows assigned to a particular port in the SmartTRUNK exceed the bandwidth of the port packets are dropped even if there is bandwidth availabl...

Страница 104: ...ddress 10 1 1 1 255 255 255 0 ip route cache distributed interface fasteth 0 0 no ip address channel group 1 set port channel 3 1 2 on smarttrunk create st 1 protocol no protocol smarttrunk create st...

Страница 105: ...rt to attach to an aggregator the following parameters must match between the port and the aggregator Port s port key must equal the aggregator s actor key aggregator s partner key must equal the port...

Страница 106: ...der the following full mesh topology Each RS is connected to the other RSs by aggregators For the sake of simplicity each Link Aggregation Group LAG consists of just two links Each link consists of ei...

Страница 107: ...ITCHES PORTS st 12 R1 gi 1 1 gi 1 2 R2 gi 1 1 gi 1 2 st 13 R1 gi 3 1 gi 4 1 R3 gi 3 1 gi 4 1 st 14 R1 et 5 1 et 5 2 R4 et 5 1 et 5 2 st 23 R2 et 5 1 et 5 2 R3 et 5 1 et 5 2 st 24 R2 gi 3 1 gi 4 1 R4 g...

Страница 108: ...23 24 smarttrunk create st 13 protocol lacp smarttrunk create st 23 protocol lacp smarttrunk create st 34 protocol lacp lacp set aggregator st 13 port type gigabit Ethernet actor key 30 partner key 10...

Страница 109: ...ed to other ports within the SmartTRUNK SLR uses the three following user defined water marks Low water mark lwm Used by SLR to detect whether a port is under utilized the default is 20 of bandwidth M...

Страница 110: ...ol protocol is irrelevant to this example 2 Assign ports et 4 1 through et 4 4 to the SmartTRUNK 3 Accept SLR s defaults and enable SLR on the SmartTRUNK To show the SmartTRUNK SLR configuration on st...

Страница 111: ...ers of layer 2 flows are deployed to carry traffic transparently In this environment SLR provides automatic load balancing of flows on SmartTRUNKs consisting of any number of ports However the smarttr...

Страница 112: ...attempt to even out traffic across the SmartTRUNK by redistributing flows to the under utilized port The smarttrunk set load redistribution params command is used to specify the use of low water mark...

Страница 113: ...ted signal are then processed for distribution with the television signals Receivers scamblers and descramblers process the television signals to encode or decode them as needed for broadcast Modulato...

Страница 114: ...ristics of the CMTS module and for installation instructions in the RS 8000 8600 chassis refer to Riverstone RS Switch Router Getting Started Guide 7 3 PROVISIONING THE HEADEND Prior to installing the...

Страница 115: ...r These units typically do not have the phase noise performance levels required for 64 and 256 QAM digital signals and they might cause lower performance and possible system failure The upconverter is...

Страница 116: ...A2 08 G80 P G80 PAC 100 125 5A 200 240 3A 50 60 Hz PWR PWR US 1 US 1 US 2 US 2 US 3 US 3 US 4 US 4 IF DS IF DS Upconverter 0 to 20 dB attenuator as required 8 way tap 3 way splitter 17 dBmV video carr...

Страница 117: ...ction is made to the network The RS 8000 8600 periodically polls the cable modems on the network to see if the network connection is still active When the connection to the network ends the IP address...

Страница 118: ...and this upconverter requires 6 to 19 dB of attenuation on the input cable The IF input to the Wavecom MA4040 is 33 dBmV and requires no attenuation on the input cable 7 4 3 Setting the Upconverter O...

Страница 119: ...wnstream configuration you can connect a cable modem to the downstream forward test point of the laser transmitter Use a diplex filter and an attenuator as needed to connect the cable modem to an upst...

Страница 120: ...icipate in the same broadcast domain To associate ports to a VLAN you must first create a VLAN and then assign ports to the VLAN Configure the CMTS module by entering the following commands 1 Create a...

Страница 121: ...o the VLAN named dhcp by entering vlan add ports et 1 1 to dhcp 4 Assign the CMTS port to the VLAN named cmts by entering vlan add ports cm 7 1 to cmts 5 Create an IP interface called dhcp with the ad...

Страница 122: ...es assume that there are two ISPs AMERILINK and MOONLINK each with two subscribers AMERILINK Ethernet Network 50 1 0 0 RF Network 50 2 0 0 Server 50 1 1 100 MOONLINK Ethernet Network 80 1 0 0 RF Netwo...

Страница 123: ...e that it is simple there is only a single database and the ISP selection is transparent to the user The disadvantage is that the ISPs must share access to the DHCP server They can however still manag...

Страница 124: ...based vlan add ports et 1 1 to AMERILINK vlan add ports et 1 2 to MOONLINK vlan add ports cm 5 1 to CMTS vlan add ports et 1 3 to DHCP interface create ip AMERILINK address netmask 50 1 1 1 16 vlan A...

Страница 125: ...eclaration for subnet directly attached subnet 30 1 0 0 netmask 255 255 0 0 shared network amerilink_moonlink AMERILINK s network subnet 50 2 0 0 netmask 255 255 0 0 modem config file filename amerili...

Страница 126: ...et 80 2 0 0 netmask 255 255 0 0 modem config file filename moonlink mdem cfg time of day option time servers 80 1 1 100 option ntp servers 80 1 1 100 tftp server next server 80 1 1 100 option routers...

Страница 127: ...ort based vlan create CMTS port based vlan add ports et 1 1 to AMERILINK vlan add ports et 1 2 to MOONLINK vlan add ports cm 5 1 to CMTS interface create ip AMERILINK address netmask 50 1 1 1 16 vlan...

Страница 128: ...filename amerilink modem cfg time of day option time servers 50 1 1 100 options ntp servers 50 1 1 100 tftp server next server 50 1 1 100 shared network amerilink_moonlink AMERILINK s network OK TO C...

Страница 129: ...filename moonlink modem cfg time of day option time servers 80 1 1 100 options ntp servers 80 1 1 100 tftp server next server 80 1 1 100 shared network amerilink_moonlink AMERILINK s network DON T CON...

Страница 130: ...ems may not be capable of recognizing vendor extensions A vendor extension is the line in the file that identifies a vendor See the first line in the file below Configure the RS cmts set headend cm 5...

Страница 131: ...xtension is a Riverstone CMTS 43 VSIF n1 number of value bytes inside this VSIF 8 Vendor ID Type 3 len 02 E0 63 Riverstone OUI TLVs 1 Default Vlan n2 number of value bytes 1 Default Vlan ID 2 len 1 40...

Страница 132: ...le DHCP anti spoofing prevents DHCP SERVER 2 from serving as a provisioning server instead of DHCP SERVER 1 Following is the configuration Configure the RS cmts set headend cm 5 1 hashed auth str hbCg...

Страница 133: ...the RS cmts set headend cm 5 1 hashed auth str hbCgHB cmts set uschannel cm 5 1 upstream 1 state on Configure the VLANs vlan create dhcp port based vlan create cmts port based vlan add ports et 1 1 to...

Страница 134: ...spoofing To prevent spoofing the IP address MAC address pairs are stored in a data base and are used to check for spoofed IP addresses Note Dynamic configuration is enabled using the anti ip spoofing...

Страница 135: ...can configure each of these connections with its own traffic parameters providing more control over specific connections within a network The ATM line card provides an ATM interface allowing integrat...

Страница 136: ...t SONET SDH Framing Set Loopback Mode Enable Path Tracing Enable Payload Scrambling Enable Stream Scrambling Note For a complete description of the SONET features refer to Section 9 Packet over SONET...

Страница 137: ...ll scrambling on SONET PHY interfaces In the following example cell scrambling is enabled on port at 5 1 Cell Mapping The ATM cells are mapped into a PDH E3 T3 frame using two different mapping format...

Страница 138: ...lay the parameters set for an ATM port The following is an example of the information that is displayed with the atm show port settings command for a PDH PHY interface The following is an example of t...

Страница 139: ...e VCI numbers 0 through 31 These VCIs are used for signaling purposes In the following example a virtual channel on slot 5 port 1 is created with a VPI of 1 and a VCI of 100 After you configure a virt...

Страница 140: ...gives you more control of your network resources and more options to accommodate different user needs You can define the following service categories Unspecified Bit Rate UBR This service category is...

Страница 141: ...intended for best effort applications This service category is currently unsupported After you define a service category you apply it to a VC An important concept when applying service profiles is th...

Страница 142: ...ets is less then the VC s rate But if the rate of control packets exceeds the VC s rate then some control packets must be dropped This policy ensures that critical traffic reaches its destination even...

Страница 143: ...ncy to 1 as long as the achieved rates are accurate Additionally when increasing relative latency values you should also consider increasing the size of the buffers This is because packets may be held...

Страница 144: ...cannot add a virtual channel with forced bridged enabled to a VC group Applying Service Profiles to VC Groups Either the virtual channel or the VC group may have a service profile applied but not bot...

Страница 145: ...he network requirements if the RS s are connected through ATM multi rate line cards and if the RS s are connected through ATM OC 12 line cards Configuring QoS Policies Multi Rate Line Card If the rout...

Страница 146: ...e 203 0 0 1 24 gateway 100 0 0 2 24 Set the priority levels for the different flows on RS1 This step is necessary in differentiating the priority levels of traffic data intended for the different clie...

Страница 147: ...vcl at 1 1 0 100 to vg 1 priority low atm add vcl at 1 1 0 101 to vg 1 priority medium atm add vcl at 1 1 0 102 to vg 1 priority high atm add vcl at 1 1 0 103 to vg 1 priority control Configure an IP...

Страница 148: ...t 1 1 0 103 Create the virtual channel group vg 1 on slot number 1 of RS2 atm create vcgroup vg 1 slot 1 Add the virtual channels to the VC group created on RS2 atm add vcl at 1 1 0 100 to vg 1 priori...

Страница 149: ...bridging functions refer to Section 5 Bridging Configuration Guide Note The ATM modules do not support the Spanning Tree Protocol The following example illustrates how you can use bridging and VLANs t...

Страница 150: ...16 Riverstone Networks RS Switch Router User Guide Release 8 0 Bridging ATM Traffic ATM Configuration Guide Figure 8 2 Bridging ATM traffic configuration example RS et 5 1 at 4 3 VLANA VLANB et 6 2 WA...

Страница 151: ...connected ports Then all traffic that is received on one VC is tunneled to the other VC Apply an interface on both ethernet ports rs config interface create ip subnetA address netmask 11 1 1 1 24 port...

Страница 152: ...mit you set then the maximum number of MAC addresses learned will not exceed the limit The following example limits the number of MAC addresses learned on at 1 1 0 100 8 6 ROUTING ATM TRAFFIC Configur...

Страница 153: ...email and server backup type traffic Configuration is done in two steps The first step is to configure the network for traffic from Subnet A and Subnet B to Subnet C The second step is to configure t...

Страница 154: ...ess 30 1 1 128 24 port at 4 2 0 100 up Define the ATM service profiles rs1 config atm define service ubrservice srv cat ubr pcr kbits 20000 rs1 config atm define service cbrservice srv cat cbr pcr kbi...

Страница 155: ...onfig atm create vcl port at 3 1 0 101 Configure an interface for each VC rs2 config interface create ip ubrservice address netmask 40 1 1 128 24 peer address 40 1 1 127 24 port at 3 1 0 101 up rs2 co...

Страница 156: ...passes to the video clients through three separate virtual channels Each virtual channel has a unique service profile In addition the RS is transmitting VC mux encapsulation traffic Peer address mappi...

Страница 157: ...ates how to configure a PPP connection between a DSL modem and the RS It uses CHAP authentication on an AAA server for the PPP connection Create the virtual channels that will connect to each video cl...

Страница 158: ...ne the PPP service profile rs config atm define service cm1 srv cat rt vbr encaps vc mux traffic ppp ppp auth chap Apply the service profile to the VC atm apply service cm1 port at 2 1 0 200 For this...

Страница 159: ...in the following example rs atm show ppp port all at 5 1 Total LCP Enabled Up 0 0 Total IP Enabled Up 0 0 Total IPX Enabled Up 0 0 Total Bridging Enabled Up 0 0 Total Authentication Enabled Up 0 0 Vi...

Страница 160: ...8 26 Riverstone Networks RS Switch Router User Guide Release 8 0 Configuring PPP OC 12 ATM Configuration Guide...

Страница 161: ...er a PoS link is a result of PPP negotiation For transmission of jumbo frames MTUs up to 65535 octets you can increase the MTU size of the PoS port The MTU must be set at the port level 9 1 CONFIGURIN...

Страница 162: ...PPP interface with the interface create command specifying the IP address and netmask for the interface on the RS When you create the point to point interface as shown above the RS creates an implici...

Страница 163: ...itch the line independent of the other LTE Bidirectional switching where both sets of LTEs perform a coordinated switch is not supported Revertive switching You can enable automatic switchover from th...

Страница 164: ...the protecting port it cannot be explicitly configured except for the APS properties The protecting port automatically inherits the configuration of the working port To configure a working and a prot...

Страница 165: ...failure BER threshold of 10 3 1 out of 1 000 bits transmitted is in error Signal failure is associated with a hard failure Signal fail is determined when any of the following conditions are detected l...

Страница 166: ...d circuit ID of the optical link sonet show medium port list Show working or protecting line direction and switch status sonet show aps port list Show received path trace sonet show pathtrace port lis...

Страница 167: ...a PoS link between an RS router A and a Cisco 12000 series Gigabit Switch Router router B Figure 9 3 PoS link between the RS and a CISCO router The following is the configuration for router A interfa...

Страница 168: ...ink with a Juniper router you must specify the peer address parameter Otherwise IP Control Protocol IPCP negotiations will fail The following is the configuration for router B interface POS1 0 ip addr...

Страница 169: ...Layer 2 Cloud The following example shows a PoS link between Router A and Router B Both routers are connected by a PPP connection that goes through a L2 cloud a Layer 2 switch port set so 7 1 mtu 655...

Страница 170: ...an Ethernet MAC header in the PPP frames the port so 6 1 PoS port and its peer at the edge of the cloud must be set in the Ethernet bridged encapsulation mode To enable Ethernet bridged encapsulation...

Страница 171: ...intervals at which updates to the lease database and backup are done Upon system reboot the lease database will be loaded either from flash memory or from the TFTP or RCP server Note The RS DHCP serv...

Страница 172: ...ol of IP addresses to be used by clients dhcp define pool Table 10 1 Client parameters Parameter Value address mask Address netmask of the scope s subnet This parameter is required and must be defined...

Страница 173: ...5 Configuring DHCP Server Parameters You can configure several global parameters that affect the behavior of the DHCP server itself To configure global DHCP server parameters enter the following comm...

Страница 174: ...configuration for a simple network with just one interface on which DHCP service is enabled to provide both dynamic and static IP addresses 1 Create an IP VLAN called client_vlan 2 Add all Fast Ether...

Страница 175: ...d to give out addresses on different subnets The DNS server DNS domain and WINS server may be the same for clients on different secondary subnets however the default gateway will most likely be differ...

Страница 176: ...rectly connected client is a system that resides on the same physical network as the DHCP server and does not have to go through a router or relay agent to communicate with the server If you configure...

Страница 177: ...tains an IP address and can connect to the network the renewal of the lease is performed between the client and server without the help of the relay agent The default gateway for the client must be ca...

Страница 178: ...lls the DHCP server how to send packets to the client on the 10 5 x x subnet 3 Define the network parameters for scope1 with the default gateway 10 5 1 1 the relay agent for the client 4 Define the ad...

Страница 179: ...ates from other routers on these networks and broadcasts its own routing information on those same networks The RS supports the following Interior Gateway Protocols Routing Information Protocol RIP Ve...

Страница 180: ...u can associate an interface with a single port or with multiple ports To associate an interface with a single port use the port option with the interface create command To associate an interface with...

Страница 181: ...witch Router allows you to create unnumbered IP interfaces In the case where an interface is one end of a point to point connection it is not necessary to associate a particular IP address to that int...

Страница 182: ...forwarded in software In the following example the ports gi 3 1 through gi 3 8 are configured with an MTU size of 65535 octets Ports gi 3 1 through gi 3 4 are configured to be part of the interface in...

Страница 183: ...figuration file contains arp add commands the Control Module re adds the ARP entries even if you have cleared them using the arp clear command To permanently remove an ARP entry use the negate command...

Страница 184: ...ADDRESS RESOLUTION PROTOCOL RARP Reverse Address Resolution Protocol RARP works exactly the opposite of ARP Taking a MAC address as input RARP determines the associated IP address RARP is useful for X...

Страница 185: ...load the text file to the RS The format of the text file must be as follows Then place the text file on a TFTP server that the RS can access and enter the following command in Enable mode 11 5 3 Monit...

Страница 186: ...packets forwarded to a specific host for a specific service or forwarded to all other interfaces You can configure the RS to forward UDP broadcast packets received on a given interface to all other in...

Страница 187: ...OS By default the RS installs flows in the hardware so that packets sent as directed broadcasts are dropped in hardware if directed broadcast is not enabled on the interface where the packet is receiv...

Страница 188: ...Q Local Address Foreign Address state tcp 0 0 gated gii LISTEN tcp 0 0 http LISTEN tcp 0 0 telnet LISTEN udp 0 0 127 0 0 1 1025 127 0 0 1 162 udp 0 0 snmp udp 0 0 snmp trap udp 0 0 bootp relay udp 0 0...

Страница 189: ...cket The advantage of this type of routing is that packets almost never get sent to the CPU using up CPU process time except in a few cases such as multicasting You can enable the use of the HRT on th...

Страница 190: ...es determine which fields are extracted from a packet s L3 header and used to determine the port list and QoS requirements When the RS uses destination based forwarding it extracts the destination IP...

Страница 191: ...g profile to a slot you can enable it on a per port basis Ports on which the forwarding profile is enabled will use it to forward packets Ports on which the forwarding profile is not enabled will use...

Страница 192: ...om profile and the existing ACLs Network Address Translation NAT NAT requires the source IP address and sometimes the source socket for address translation Thus the RS checks if the source IP and sour...

Страница 193: ...d The rdisc add address command lets you define addresses to be included in router advertisements If you configure this command only the specified hostname s or IP address es are included in the route...

Страница 194: ...nce of this address as a default route is 0 the default value 7 Shows configured values for the specified interface 11 17 SETTING MEMORY THRESHOLDS The routing information base RIB is stored in memory...

Страница 195: ...n each threshold is reached Table 11 1 Default Memory Thresholds Threshold Level Percentage of Memory 0 12 03 14 05 62 07 64 Table 11 2 RIB Updates When Memory Threshold is Reached Route Protocol Thre...

Страница 196: ...e following command You can also assign an IP or IPX interface directly to a physical port BGP level 1 level 2 A new BGP route is added only if it is the only BGP route to the given destination Maximu...

Страница 197: ...way to ensure the availability of an end host s default router This is done by assigning IP addresses that end hosts use as their default route to a virtual router A Master router is assigned to forwa...

Страница 198: ...the configuration file for Router R1 in Figure 12 1 Line 1 adds IP address 10 0 0 1 16 to interface test making Router R1 the owner of this IP address Line 2 creates virtual router VRID 1 on interfac...

Страница 199: ...shows a VRRP configuration with two routers and two virtual routers Routers R1 and R2 are both configured with two virtual routers VRID 1 and VRID 2 Router R1 serves as Master for VRID 1 Backup for V...

Страница 200: ...dress with virtual router VRID 1 so Router R1 is the Master for virtual router VRID 1 On line 5 Router R1 associates IP address 10 0 0 2 16 with virtual router VRID 2 However since Router R1 does not...

Страница 201: ...f its virtual router In a VRRP configuration where more than one router is backing up a Master you can specify which Backup router takes over when the Master goes down by setting the priority for the...

Страница 202: ...l routers The priority determines whether the router will become the Master or the Backup for a particular virtual router Priorities can have values between 1 and 255 When a Master router goes down th...

Страница 203: ...er Default Priority Configured Priority VRID 1 IP address 10 0 0 1 16 255 address owner 255 address owner VRID 2 IP address 10 0 0 2 16 100 200 see line 8 VRID 3 IP address 10 0 0 3 16 100 200 see lin...

Страница 204: ...riority lines 8 and 9 which set the priority to 100 are actually unnecessary They are included for illustration purposes only 1 interface create ip test address netmask 10 0 0 3 16 port et 1 1 2 ip re...

Страница 205: ...r goes down the Backup router takes over When an interface comes up the Master router may become available and take over from the Backup router Before the Master router takes over it may have to updat...

Страница 206: ...y Note If the IP address owner is available then it will always take over as the Master regardless of whether pre empt mode is on or off 12 2 5 Setting an Authentication Key By default no authenticati...

Страница 207: ...2 ip redundancy show The ip redundancy show command reports information about a VRRP configuration Display a message when any VRRP event occurs Disabled by default ip redundancy trace vrrp events ena...

Страница 208: ...lue Virtual MAC address 00005E 000164 Advertise Interval 1 sec s default value Preempt Mode Enabled default value Authentication None default value Primary Address 10 8 0 2 Associated Addresses 10 8 0...

Страница 209: ...on the Backup router s configured priority rs ip redundancy show vrrp 1 interface int1 verbose VRRP Virtual Router 100 Interface int1 Uptime 0 days 0 hours 0 minutes 17 seconds State Backup Priority...

Страница 210: ...th a virtual MAC address This virtual MAC depends on the virtual router ID virtual MAC address 00005E 0001XX where XX is the virtual router ID This virtual MAC address is also used as the source MAC a...

Страница 211: ...es support for RIP Version 1 and 2 The RS implements plain text and MD5 authentication methods for RIP Version 2 The protocol independent features that apply to RIP are described in Chapter 11 IP Rout...

Страница 212: ...will accept RIP updates rip add trusted gateway interfacename or IPaddr Define the list of routers to which RIP sends packets directly not through multicast or broadcast rip add source gateway interfa...

Страница 213: ...entication method to MD5 rip set interface interfacename or IPaddr all authentication method md5 Specify the metric to be used when advertising routes that were learned from other protocols rip set de...

Страница 214: ...e following commands in Enable mode Define the metric used when advertising routes via RIP that were learned from other protocols rip set default metric num Show all RIP information rip show all Show...

Страница 215: ...ion Create interface R1 if1 with ip address 1 1 1 1 16 on port et 1 1 on R 1 interface create ip R1 if1 address netmask 1 1 1 1 16 port et 1 1 Configure rip on R 1 rip add interface R1 if1 rip set int...

Страница 216: ...13 6 Riverstone Networks RS Switch Router User Guide Release 8 0 Configuration Example RIP Configuration Guide...

Страница 217: ...ows networks to be grouped into areas Routing information passed between areas is abstracted potentially allowing a significant reduction in routing traffic OSPF uses four different types of routes li...

Страница 218: ...l area and or interface level 14 3 SETTING THE ROUTER ID The router ID uniquely identifies the RS To set the router ID to be used by OSPF enter the following command in Configure mode If you do not ex...

Страница 219: ...via the backbone area The OSPF area backbone contains all area border routers ABRs stub A stub area is not used as a transit area Routers within a stub area route internal traffic only not so stubby...

Страница 220: ...s parameter is not specified no default route is injected into the OSPF stub area To define an OSPF stub area enter the following command in Configure mode The RS provides two ways to reduce the numbe...

Страница 221: ...rder routers Type 7 LSAs have the same syntax as Type 5 LSAs except for the link state type In addition NSSA border routers translate Type 7 LSAs into Type 5 LSAs and flood them to all Type 5 capable...

Страница 222: ...o Section 14 6 3 Configuring Interfaces for Point to Point Networks Non Broadcast Multiple Access NBMA An example of an NBMA network is a fully meshed Frame Relay or ATM network with virtual circuits...

Страница 223: ...icasting and you would like to unicast OSPF packets enter the following command in Configure mode 14 7 CONFIGURING OSPF INTERFACE PARAMETERS The RS provides a number of parameters that are set at the...

Страница 224: ...speeds The bandwidth of an interface is represented by the highest bandwidth port that is part of the associated VLAN The cost of an OSPF interface is inversely proportional to this bandwidth The cost...

Страница 225: ...a virtual link ospf add virtual link number or string neighbor IPaddr transit area area id Set virtual link parameters ospf set virtual link number or string state disable enable cost num retransmit...

Страница 226: ...External ASE Link Advertisements Because of the nature of OSPF the rate at which ASEs are flooded may need to be limited The following parameters can be used to adjust those rate limits These paramet...

Страница 227: ...e value for OSPF routes is 10 You can change the default preference by entering the following command in Configure mode For additional information on how the RS uses preference values refer to Chapter...

Страница 228: ...ported includes the area ID interface IP address interface type interface state cost priority and IP addresses of the designated router and backup designated router for the network Following is an exa...

Страница 229: ...ur 0 Options mismatch 0 Master flag mismatch 0 Initialize flag mismatch 0 DD sequence number mismatch 0 Invalid LS type 0 Bad LS Request 0 No such virtual interface 0 Invalid area ID 0 Confusing Maste...

Страница 230: ...terface create ip to r2 address netmask 120 190 1 1 16 port et 1 2 interface create ip to r3 address netmask 130 1 1 1 16 port et 1 3 interface create ip to r41 address netmask 140 1 1 1 24 port et 1...

Страница 231: ...re 14 1 RIP Version 2 is configured on the interfaces of routers R1 and R2 which are attached to the sub network 120 190 0 0 16 We will redistribute these RIP routes as OSPF type 2 routes and associat...

Страница 232: ...f export destination ospfExpDstType2 type 2 metric 4 ip router policy create ospf export destination ospfExpDstType2t100 type 2 tag 100 metric 4 ip router policy create rip export source ripExpSrc ip...

Страница 233: ...ASE routes into RIP ip router policy export destination ripExpDst source statExpSrc network all ip router policy export destination ripExpDst source ripExpSrc network all ip router policy export desti...

Страница 234: ...14 18 Riverstone Networks RS Switch Router User Guide Release 8 0 OSPF Configuration Examples OSPF Configuration Guide Figure 14 1 Exporting to OSPF...

Страница 235: ...h IS maintains its own LSP database To configure the RS to run IS IS you should perform the following tasks Define the area to which the router will belong Configure IS IS interfaces Start IS IS Optio...

Страница 236: ...reas On the RS you can set the operating level for the router and on a per interface basis The default level for both the router and its interfaces is Level 1 and 2 You may change the default for eith...

Страница 237: ...allows time for more changes to occur before the recalculation To set a router s spf interval enter the following command in Configure mode 15 4 5 Setting the Overload Bit The IS IS protocol provides...

Страница 238: ...form adjacencies To specify the authentication method between neighbors enter the following command in Configure mode Authentication Within an Area This level of authentication controls the exchange...

Страница 239: ...mands chapter in the Riverstone RS Switch Router Command Line Interface Reference Manual 15 5 1 Setting the Interface Operating Level The default operating level for the router and its interfaces is L...

Страница 240: ...zed LSP databases The default csn interval is 10 15 5 3 Setting IS IS Interface Timers The IS IS protocol uses a variety of timers some of which can be modified at the interface level The timers have...

Страница 241: ...Note For additional information about the isis show commands their parameters or the fields in the output refer to the Riverstone RS Switch Router Command Line Interface Reference Manual 15 6 1 IS IS...

Страница 242: ...ormation IS IS Configuration Guide Figure 15 1 Network overview Area 49 da03 R8 R9 L1 40 16 R2 R1 R3 R4 105 8 L2 L1 L1 L1 L2 21 16 21 16 20 16 100 8 Area 49 da01 R5 C10 R11 R6 R7 Area 49 da02 Area 49...

Страница 243: ...formation Figure 15 2 Area 1 detailed view R2 R1 R3 R4 L1 L1 L1 21 16 21 16 20 16 Area 49 da01 20 1 1 2 16 20 1 1 1 16 100 1 1 1 8 21 1 1 1 16 21 1 1 2 16 24 1 1 1 16 21 1 1 3 16 25 1 1 1 16 L2 100 8...

Страница 244: ...IS Configuration Guide Figure 15 3 Area 2 detailed view 105 8 L2 R5 R6 R7 Area 49 da02 L2 L2 115 8 110 8 L1 30 16 L1 31 16 L2 100 8 IS IS Area 2 100 1 1 2 8 hs 5 1 115 1 1 1 8 et 1 8 110 1 1 1 8 et 1...

Страница 245: ...elease 8 0 15 11 IS IS Configuration Guide Displaying IS IS Information Figure 15 4 Area 3 detailed view Area 49 da03 R8 R9 L1 40 16 105 8 L2 105 1 1 1 8 et 1 3 et 1 2 40 1 1 2 16 et 1 2 40 1 1 1 16 4...

Страница 246: ...Area 4 detailed view The following sections show the configuration for each router within this network Note that explanations in italics precede each command or set of commands C10 R11 Area 49 da04 L2...

Страница 247: ...ip 20net address netmask 20 1 1 1 16 port et 1 2 3 interface create ip 22net address netmask 22 1 1 1 16 port et 1 1 4 interface create ip 100net address netmask 100 1 1 1 8 port hs 5 1 To configure r...

Страница 248: ...rt et 1 1 4 interface create ip 21net address netmask 21 1 1 1 16 vlan 21netvlan 5 interface create ip 20net address netmask 20 1 1 2 16 port et 1 2 To configure router R2 s area 6 isis add area 49 da...

Страница 249: ...e ip 21net address netmask 21 1 1 2 16 port et 1 3 2 interface create ip 24net address netmask 24 1 1 1 16 port et 1 1 To configure router R3 s area 3 isis add area 49 da01 To enable IS IS on each int...

Страница 250: ...21net address netmask 21 1 1 3 16 port et 1 4 2 interface create ip 25net address netmask 25 1 1 1 16 port et 1 1 To configure router R4 s area 3 isis add area 49 da01 To enables IS IS on each interf...

Страница 251: ...r global set router id 30 1 1 1 8 ip router global set autonomous system 64977 9 ip add route 100 100 100 100 interface 35net 10 bgp create peer group bgpfeed type external autonomous system 64901 11...

Страница 252: ...6 port et 1 2 To configure an OSPF interface for the backbone area 4 ospf create area backbone 5 ospf add interface 31net to area backbone To starts OSPF 6 ospf start To configure the IS IS area of ro...

Страница 253: ...Last modified from Console on 2000 07 06 09 33 34 To configure IP interfaces 1 interface create ip 40net address netmask 40 1 1 1 16 port et 1 2 2 interface create ip 41net address netmask 41 1 1 1 16...

Страница 254: ...0net address netmask 40 1 1 2 16 port et 1 2 2 interface create ip 42net address netmask 42 1 1 1 16 port et 1 1 To configure the IS IS area of router R9 3 isis add area 49 da03 To enable IS IS on eac...

Страница 255: ...ce udp small servers no service tcp small servers hostname Router clns routing interface Serial0 0 ip address 52 1 1 1 255 255 0 0 ip router isis 49 0004 encapsulation ppp no keepalive no peer default...

Страница 256: ...level 1 interface Ethernet1 2 ip address 111 1 1 2 255 0 0 0 ip router isis 49 0004 isis circuit type level 2 only isis priority 10 level 1 interface Ethernet1 3 no ip address shutdown interface Ether...

Страница 257: ...ce create ip 52net address netmask 52 1 1 2 16 port se 4 3 3 interface create ip 51net address netmask 51 1 1 2 16 port et 1 2 4 interface add ip en0 address netmask 10 50 3 11 16 To configure the IS...

Страница 258: ...15 24 Riverstone Networks RS Switch Router User Guide Release 8 0 Displaying IS IS Information IS IS Configuration Guide...

Страница 259: ...rtrays to other ASs what routing destinations are reachable by way of it In an environment where using static routes is not feasible BGP is often the best choice for an AS AS routing protocol BGP prev...

Страница 260: ...up Adding a BGP peer host Starting BGP Using AS path regular expressions Using AS path prepend Creating BGP confederations Creating community lists Using route maps Using BGP accounting 16 2 1 Setting...

Страница 261: ...ng Is a group ID which can be a number or a character string type Specifies the type of BGP group you are adding You can specify one of the following external In the classic external BGP group full po...

Страница 262: ...S path regular expression is a regular expression where the alphabet is the set of AS numbers from 1 through 65535 The following wildcards and operators can be used to build a regular expression quota...

Страница 263: ...irst command creates an AS path regular expression with the identifer mciAspath to match AS paths that include AS 3561 The next two commands specify the AS path regular expression identifier to match...

Страница 264: ...ut in the route advertisement is controlled by the as count option of the bgp set peer host command The following is an example Notes on Using the AS Path Prepend Feature Use the as count option for e...

Страница 265: ...federation the externally visible AS number as well as the number of its sub AS In Figure 16 1 a BGP confederation with the AS number 64801 consists of sub AS s 100 101 102 and 103 BGP routers outside...

Страница 266: ...and can be used as a way of filtering BGP routes To create and define community lists on an RS enter the following commands in Configure mode The community string is in the form AS identifier communi...

Страница 267: ...p where the keyword deny is explicitly specified in this case the route will not be imported exported or redistributed Note For route maps to take effect the RS must be selecting BGP for the route Mak...

Страница 268: ...ate a route map you specify a route map identifier You can create multiple conditions with the same identifier The sequence number in the route map definition specifies the order of a particular condi...

Страница 269: ...ified and accounted for on a per customer basis You can also choose to count route specific traffic according to Differentiated Services Code Point DSCP values previously known as Type of Service valu...

Страница 270: ...g statistics for the service levels DSCP values of specific traffic routes To start collecting BGP traffic statistics for specific traffic routes Refer to Section 16 3 11 BGP Accounting Examples to se...

Страница 271: ...agnostic mode command 16 3 BGP CONFIGURATION EXAMPLES This section presents sample configurations illustrating BGP features The following features are demonstrated BGP peering Internal BGP IBGP Extern...

Страница 272: ...ate messages containing the BGP routing table can be sent between peers BGP does not require a periodic refresh of the entire BGP routing table between peers Only incremental routing changes are excha...

Страница 273: ...mask 10 0 0 1 16 port et 1 1 Set the AS of the router ip router global set autonomous system 1 Set the router ID ip router global set router id 10 0 0 1 Create EBGP peer group pg1w2 for peering with A...

Страница 274: ...rred to as a multihomed AS A multihomed AS can transit traffic between two ASs by advertising to one AS routes that it learned from the other AS To successfully provide transit services all EBGP speak...

Страница 275: ...ing group will determine the immediate next hops for routes by using the next hop received with a route from a peer as a forwarding address and using this to look up an immediate next hop in an IGP s...

Страница 276: ...essary because we want CISCO to peer with our loopback address This will make sure that the loopback address gets announced into OSPF domain ospf add stub host 172 23 1 26 to area backbone cost 1 ospf...

Страница 277: ...rs Some additional configuration is required to indicate that the external peers are not physically attached This sample configuration shows External BGP peers R1 and R4 which are not connected to the...

Страница 278: ...128 2 group ebgp_multihop Specify the multihop option which indicates EBGP multihop bgp set peer host 18 122 128 2 group ebgp_multihop multihop autonomoussystem 64800 routerid 0 0 0 1 bgp yes traceopt...

Страница 279: ...122 0 0 masklen 16 gateway 17 122 128 4 interface create ip to R2 address netmask 17 122 128 4 16 port et 4 2 interface create ip to R4 address netmask 18 122 128 4 16 port et 4 4 ip add route 16 122...

Страница 280: ...unity attribute Community is specified as one of the parameters in the optional attributes list option of the ip router policy create command Figure 16 5 shows a BGP configuration where the specific c...

Страница 281: ...unity AS 64902 R11 172 26 1 2 16 172 25 1 2 16 192 168 20 2 16 172 25 1 1 16 1 1 R13 1 6 R10 192 169 20 1 16 192 169 20 2 16 100 200 13 1 24 10 200 15 1 24 1 6 R14 AS 64901 AS 64900 AS 64899 1 6 1 1 1...

Страница 282: ...ibute found in the BGP update If multiple communities are specified in the optional attributes list option only updates carrying all of the specified communities will be matched If well known communit...

Страница 283: ...901color1 and sequence number 1 ip router policy create bgp import source 901color1 optional attributes list color1 autonomous system 64900 sequence number 1 ip router policy create bgp import source...

Страница 284: ...s list color2 community id 155 autonomous system 64902 ip router policy create bgp import source 902color1 optional attributes list color1 autonomous system 64899 sequence number 1 ip router policy cr...

Страница 285: ...licy create bgp export destination 900to899dest autonomous system 64899 optional attributes list color1 ip router policy create bgp export destination 900to901dest autonomous system 64901 optional att...

Страница 286: ...ity indicating the routes associated with this attribute must not be advertised to external BGP peers This includes peers in other members autonomous systems inside a BGP confederation A packet can be...

Страница 287: ...al preference to reflect ROSRD s own internal preference for the route as given by the global protocol preference value Note that in this case local preference is a function of the ROSRD preference an...

Страница 288: ...ing the local pref and the set pref options AS 64900 Physical Link Legend Peering Relationship AS 64901 R10 Information Flow 10 200 12 1 24 10 200 13 1 24 10 200 14 1 24 10 200 15 1 24 192 169 20 1 16...

Страница 289: ...n 254 When operating a mixed network of this type you should make sure that all routers are restricted to sending Local_Pref values in the range metric to 254 In router R12 s CLI configuration file th...

Страница 290: ...gh enough to avoid conflicts between BGP routes and IGP or static routes 16 3 6 Multi Exit Discriminator Attribute Example Multi Exit Discriminator MED is a BGP attribute that affects the route select...

Страница 291: ...a simple EBGP configuration in which one peer is exporting an aggregated route to its upstream peer and restricting the advertisement of contributing routes to the same peer The aggregated route is 21...

Страница 292: ...of the route reflector that are not part of the cluster are non clients The RS supports client peers as well as non client peers of a route reflector interface add ip xleapnl address netmask 212 19 19...

Страница 293: ...eflector for the first cluster and router R11 is the route reflector for the second cluster Router R10 has router R9 as a client peer and router R11 as a non client peer The following line in router R...

Страница 294: ...in AS64902 as shown below bgp set peer group rtr11 reflector client Route Table FIB of Router 8 rtr 8 ip show routes Destination Gateway Owner Netif 10 50 0 0 16 directly connected en 127 0 0 0 8 127...

Страница 295: ...to identify all reflectors serving the cluster using the clusterid option Gratuitous use of multiple redundant reflectors is not advised since it can lead to an increase in the memory required to stor...

Страница 296: ...set peer host 172 16 220 2 route map in 1 group ebgp bgp set peer group rtr10 confederation bgp set peer group ebgp bgp start route map 1 permit 1 set metric 50 set local preference 1000 set community...

Страница 297: ...72 16 223 1 group rtr10 bgp add peer host 172 16 224 2 group rtr12 bgp set peer group rtr12 confederation bgp set peer group rtr10 confederation bgp set peer host 172 16 223 1 group rtr10 multihop bgp...

Страница 298: ...1 group rtr12 bgp start ip router global set autonomous system 64901 ip router global set router id 134 141 178 48 ip router policy create bgp export destination rtr9 autonomous system 64705 ip router...

Страница 299: ...ed through routers in the confederation The peer group configuration must include the multihop parameter so that the next hop value is passed through the routers In the above BGP confederation example...

Страница 300: ...unting see Section 16 3 11 BGP Accounting Examples for more information Figure 16 12Sample BGP configuration route map Router R2 has the following CLI configuration ip router global set autonomous sys...

Страница 301: ...route map to the BGP group or peer Enable BGP accounting on the interface with the ip enable bgp actg on command then start accounting with the ip bgp accounting start command EBGP Accounting Example...

Страница 302: ...g To see the BGP accounting information Note For BGP accounting to take effect the RS must be selecting BGP for the route Make sure that the preference for BGP is set lower than the preference of othe...

Страница 303: ...16 The customer is connected to router R1 through the interface customerA The route to 14 1 0 0 16 is a direct route on router R2 and is learned by R1 which sets the traffic index to 1 Figure 16 13Sam...

Страница 304: ...gp set peer group ibgp route map in 1 bgp set preference 99 bgp start ip router policy create community list list1 11 11 route map 1 permit 1 match community list list1 set traffic index 1 arp add 12...

Страница 305: ...gp accounting start dscp accounting command to start the collection of statistics Figure 16 14 shows a simple BGP configuration in which routes received on R2 for the networks 15 4 0 0 16 15 5 0 0 16...

Страница 306: ...r host 15 2 1 3 group tored bgp set preference 99 bgp start ip router global set autonomous system 65100 route map 1 permit 1 match prefix network 15 4 0 0 16 set traffic index 10 route map 1 permit 2...

Страница 307: ...nterface int1 Bucket DSCP Packets Bytes 10 1 239376 15320064 10 2 239201 15308864 10 3 239001 15296064 10 4 238801 15283264 10 5 238601 15270464 10 6 238401 15257664 10 7 238597 15270208 10 8 238401 1...

Страница 308: ...16 50 Riverstone Networks RS Switch Router User Guide Release 8 0 BGP Configuration Examples BGP Configuration Guide...

Страница 309: ...rds See your Riverstone representative for specific part numbers and applicable RS platforms This chapter contains the following sections For an overview of MPLS concepts and terminology and the MPLS...

Страница 310: ...e at the first router in the path the ingress label switching router LSR Only the ingress LSR1 in the path needs to analyze the layer 3 header information If the destination address in the incoming pa...

Страница 311: ...set Figure 17 3 MPLS label stack Forwarding decisions are always based on the top label in the stack By examining the top label of an incoming packet each LSR in the LSP determines the following The...

Страница 312: ...el When it is the only label entry i e there is no label stacking it indicates that the label is popped upon receipt For example if the LSP is for IPv4 traffic only the egress router can signal the pe...

Страница 313: ...not have the same value The label distribution protocol used determines whether the label bindings are assigned on a per interface or per router basis See Label Distribution Protocols for more informa...

Страница 314: ...S networks as described in Section 17 6 Configuring L2 Tunnels For more information about configuring LDP on the RS see Section 17 4 LDP Configuration Resource reservation protocol RSVP is a protocol...

Страница 315: ...r look at the next label in the stack or if there is no other label in the stack look up the packet s destination address to forward it By having the penultimate LSR pop the label stack there is only...

Страница 316: ...unidirectional In most cases it is desirable to have two MPLS LSPs one going in each direction to form a logical pipe for the flow of data 17 1 6 MPLS Table Information This section describes the vari...

Страница 317: ...he CAM by port and index number Table Lookups at Ingress LSRs On ingress LSRs incoming packets must be classified into FECs in order to put MPLS labels on the packets The RS performs OTT lookups to tr...

Страница 318: ...8 0 MPLS Architecture Overview MPLS Configuration the END_OF_TUNNEL label is the only label on the label stack the ILM entry indicates that this node is at the end of the outermost MPLS domain the exp...

Страница 319: ...itiate backup paths or retry the initial path Note For both RSVP and LDP you must configure the router identifier on the LSR with the ip router global set router id command The following CLI commands...

Страница 320: ...nd started You can optionally configure LDP using other ldp commands before starting LDP For more information about configuring LDP see Section 17 4 LDP Configuration You cannot enable both RSVP and L...

Страница 321: ...ast routing protocols the routing protocols determine where packets are forwarded while the RSVP process consults local routing tables to obtain routes Note RSVP on the RS supports dynamic signaling f...

Страница 322: ...ResvTear messages are sent by the data flow receiver Figure 17 7 illustrates the flow of RSVP Path and Resv messages Figure 17 7 RSVP Path and Resv messages With RSVP the potential receiver of a data...

Страница 323: ...h refresh path refresh interval path multiplier 30 seconds 3 rsvp set global path refresh interval rsvp set global path multiplier Reservation refresh reservation refresh interval reservation multipli...

Страница 324: ...sh interval parameter specifies the interval at which RSVP sends out Resv messages to the upstream neighbor The default value is 30 seconds You can specify a path multiplier parameter value between 1...

Страница 325: ...for node or link failure detection is not adversely impacted 17 3 4 Authentication RSVP messages can be authenticated to prevent unauthorized nodes from setting up reservations On the RS RSVP authenti...

Страница 326: ...ted transmitted received and processed for each refresh period Supporting a large number of RSVP sessions presents a scaling problem as the resources required for processing these messages increase pr...

Страница 327: ...sions on the interface int2 Summary refresh is used to refresh Path and Resv states without transmitting standard Path or Resv messages Summary refresh is the periodic transmittal of a list of the mes...

Страница 328: ...an display on the RS and the CLI commands that you use to display the information rsvp set global msgack interval 3 Table 17 4 RSVP session information To see this information Use this command RSVP gl...

Страница 329: ...uter and all ingress routers LDP can be enabled on all router interfaces or on specific router interfaces as described in Section 17 2 Enabling and Starting MPLS on the RS The following configuration...

Страница 330: ...e its neighbor R2 can set a hold time of 20 seconds Once an LDP session is established LDP keepalive packets are used to monitor the status of the session On the RS keepalive packets are sent at 10 se...

Страница 331: ...remote LDP peer with the ldp set remote peer command takes precedence The ldp set interface all keepalive timeout command sets the keepalive timeout for all LDP peers including remote peers Setting t...

Страница 332: ...sts that an upstream LSR can send to a downstream LSR If an upstream LSR does not have label binding information for a specific FEC it will route packets based on information in the IP routing table H...

Страница 333: ...2 appears in router rs1 s LDP database but it is marked as Filtered shown in boldface in the example and is therefore not considered on rs1 for LSP establishment rs1 config ldp add import filter mappi...

Страница 334: ...e information rs config ldp add prefix filter 101serv network 10 10 10 101 32 host net rs config ldp add export filter request restrict prefix filter 101serv neighbor 1 1 1 1 sequence 1 rs config ldp...

Страница 335: ...detailed example of how to configure a static path on an RS router see Section L3 Static Path Configuration Example Ingress LSR Configuration Use the mpls create static path and mpls set static path c...

Страница 336: ...the label stack normally this would be the only label in the stack For example the following command on a PHP LSR looks at packets arriving on the interface MPLS R3IN Packets that have a label value o...

Страница 337: ...OUT address netmask 10 1 1 1 16 port gi 1 1 Enable MPLS on the router interfaces mpls add interface MPLS R1OUT Create a policy to filter traffic to 50 1 0 0 16 mpls create policy POL1 dst ipaddr mask...

Страница 338: ...path including IGP shortcuts See Section 17 7 3 IGP Shortcuts You can use the mpls show static paths command to display the MPLS static path information On router R1 the following is displayed for th...

Страница 339: ...e ingress router only The ingress router sends RSVP signaling information to other LSRs in the path in order to establish and maintain the LSP Labels are dynamically assigned on the LSRs There are two...

Страница 340: ...some or all transit LSRs in the path For each transit LSR you specified you designate whether the route from the previous router to this router is direct and cannot include other routers strict route...

Страница 341: ...it path level apply only to that path If you configure the same parameter at both the LSP and the explicit path level the explicit path configuration takes precedence Table 17 7 shows the parameters t...

Страница 342: ...P does not use constrained shortest path first CSPF algorithm This parameter must be specified for explicit path LSPs See Disabling CSPF X X no decrement ttl TTL field of IP packet is decremented only...

Страница 343: ...fy a bandwidth transit routers will reserve outbound link capacity for the LSP LSP setup may fail if there is a failure in bandwidth reservation CoS Value A class of service CoS value places traffic i...

Страница 344: ...he whole LSP appear as one hop The no decrement ttl parameter can be applied to RSVP signaled LSPs only Note that the MPLS label has its own TTL that is decremented by 1 for each hop in the LSP When t...

Страница 345: ...nation IP addresses and netmask values source destination MAC addresses VLAN ID 802 1p priority and protocol type You can then apply the policy to an LSP Only the labeled packets that meet the require...

Страница 346: ...ignaling protocol used LDP can also be used as traffic engineering is not being utilized Additionally a dynamic LSP will be configured from RS router R5 to the router JN1 and another from R6 to R7 The...

Страница 347: ...bone ospf start Enable MPLS on all interfaces mpls add interface all Create explicit path 57 primary path to 100 1 1 1 mpls create path 57 Create explicit path 567 with 3 hops secondary path to 100 1...

Страница 348: ...nterface all to area backbone ospf start Enable MPLS on all interfaces mpls add interface all Create dynamic LSP L3 to egress router 100 1 1 1 mpls create label switched path L3 to 100 1 1 1 adaptive...

Страница 349: ...LSP while only traffic to the 160 10 0 0 16 network is forwarded on the static LSP traffic filtering is performed by defining and applying different policies to the LSPs Timesaver Click on the router...

Страница 350: ...dr mask 160 10 0 0 16 Create dynamic LSP Create primary path dp1 mpls create path dp1 num hops 4 mpls set path dp1 hop 1 ip addr 200 135 89 73 type strict mpls set path dp1 hop 2 ip addr 201 135 89 76...

Страница 351: ...ea backbone cost 10 ospf add interface R2R3 to area backbone ospf start Configure static LSP mpls set interface R2R1 label map 70 pop pop count 3 next hop 16 128 11 7 Start MPLS and RSVP mpls start rs...

Страница 352: ...ackbone ospf add interface R4R1 to area backbone ospf add stub host 4 4 4 4 to area backbone cost 10 ospf add interface R4R5 to area backbone ospf start Start MPLS and RSVP mpls start rsvp start Confi...

Страница 353: ...rom State LabelIn LabelOut d1 3 3 3 3 1 1 1 1 Up 17 R1 mpls show label switched paths d1 verbose Label Switched Path d1 to 3 3 3 32 from 1 1 1 1 state Up lsp id 0x9 proto rsvp protection primary setup...

Страница 354: ...1 explicit path dp2l num hops 2 200 135 89 4 loose 16 128 11 7 loose 2001 04 06 16 13 24 MPLS I LSPPATHSWITCH LSP d1 switching to Secondary Path dp2l R1 mpls show label switched paths d1 verbose Labe...

Страница 355: ...ths attributes Path Signalling Parameters attributes STANDBY ADAPTIVE NO CSPF inherited attributes retry limit 5000 retry int 3 sec retry count 5000 next_retry_int 600 sec bps 20000000 preference 7 ho...

Страница 356: ...ess route flaps In Figure 17 11 R7 in AS 63498 and R9 in AS 65498 are running BGP BGP traffic between R7 and R9 is routed through AS 64498 where OSPF is running as the IGP Routers R3 and R6 are LSRs r...

Страница 357: ...s in AS 64498 The following is the configuration for R7 Configure interfaces interface create ip rt7 rt3 address netmask 137 1 1 7 24 port et 1 1 interface create ip rt7 rt3 mp address netmask 137 2 2...

Страница 358: ...te from proto bgp source as 63498 to proto bgp target as 64498 ip router policy redistribute from proto direct to proto bgp target as 64498 bgp create peer group to rt6 type routing autonomous system...

Страница 359: ...ip rt1 rt6 mp2 address netmask 116 3 3 1 24 port gi 3 1 interface add ip lo0 address netmask 1 1 1 1 32 Configure OSPF ip router global set router id 1 1 1 1 ospf create area backbone ospf add stub ho...

Страница 360: ...ress as next hop in BGP route advertisements bgp start Configure OSPF ospf create area backbone ospf add stub host 6 6 6 6 to area backbone cost 10 ospf add interface rt6 rt1 mp2 to area backbone ospf...

Страница 361: ...e the LSP dynamic3ATT will carry traffic belonging to AT T subscribers The third LSP dynamic1MSO will be used by the MSO to assign IP addresses to subscriber s end devices and to provision cable modem...

Страница 362: ...ess netmask 1 1 1 1 16 interface add ip cmts address netmask 160 10 1 1 16 interface add ip cmts address netmask 160 12 1 1 16 Configure OSPF ip router global set router id 1 1 1 1 ip router global se...

Страница 363: ...0 11 0 0 16 mpls set label switched path dynamic2AOL primary dp1 mpls set label switched path dynamic2AOL policy AOL11 Start MPLS mpls start Configure RSVP rsvp add interface R1toR2 rsvp start ip help...

Страница 364: ...e ospf start Configure MPLS mpls add interface R3toR2 Create explicit path dp 1 2 mpls create path dp1 2 num hops 3 mpls set path dp1 2 hop 1 ip addr 220 1 1 1 type strict mpls set path dp1 2 hop 2 ip...

Страница 365: ...support the shared network environment for the Internet Software Consortium ISC mpls set label switched path dynamic2 2AOL primary dp1 2 mpls set label switched path dynamic2 2AOL policy AOL11 2 Crea...

Страница 366: ...hysical network will then obtain a lease from either scope on a round robin basis as long as the client does not have a reservation or previous lease information 1 Create a second scope that you want...

Страница 367: ...l Switched Paths 2 Open the properties for the scope 3 Click the Advanced tab 4 Select the Make this scope a secondary check box 5 In the Primary scope field select the scope that you want to designat...

Страница 368: ...or VLAN specific virtual circuits can be bundled into a small number of L2 tunnels that run through the backbone Traffic on each virtual circuit is isolated from each other with the same level of secu...

Страница 369: ...configure the next hop MAC address and one or more label values to be added pushed onto the top of the label stack 3 Use the mpls set l2 static path command to apply the L2 policy to the L2 static pat...

Страница 370: ...a static L2 LSP the egress LSR removes pops the label value at the top of the label stack and then forwards the packet to its final destination Use the mpls set portlist command to configure the stati...

Страница 371: ...R3 next hop mac 000285 057900 push 100 mpls set l2 static path TO R3 policy P1 Configure egress LER for L2 static path TO R1 mpls set portlist in port list gi 3 1 end of l2 tunnel label 201 Start MPLS...

Страница 372: ...TO R1 mpls create l2 policy P2 src mac any dst mac 000000 01e000 vlan 1 in port list gi 7 1 out port list gi 6 1 mpls create l2 static path TO R1 next hop mac 000285 057900 push 101 mpls set l2 stati...

Страница 373: ...he reverse direction to provide bidirectional operation You must configure the same VC identifiers for example VLAN IDs for each direction of a virtual circuit Figure 17 15 Transport of layer 2 frames...

Страница 374: ...service provider incoming port incoming port and the customer specific VLAN ID assigned by the customer This section includes example configurations for each type of FEC to label binding Ingress and...

Страница 375: ...th the vlan make trunk port command 4 Configure the tunnel LSP If you are using RSVP for signaling in the tunnel LSP use mpls commands as described in Section 17 5 Configuring L3 Label Switched Paths...

Страница 376: ...gnaling protocol configuration commands for both LDP and RSVP signaling are shown Timesaver Click on the router name in blue to see the corresponding configuration Figure 17 16 Tunneling of multiple v...

Страница 377: ...s add interface to_r2_1 mpls start rsvp add interface to_r2_1 rsvp start If tunnel LSP uses LDP mpls add interface to_r2_1 mpls start ldp add interface to_r2_1 ldp start Configure IGP in this example...

Страница 378: ...d interface all to area backbone ospf add stub host 111 1 1 2 to area backbone cost 5 ospf start Configure router loopback interface add ip lo0 address netmask 111 1 1 3 32 Make gi 3 2 a trunk port vl...

Страница 379: ...ddress netmask 220 1 1 2 16 vlan ldp_in1 If tunnel LSP uses RSVP mpls add interface to_r2 mpls start rsvp add interface to_r2 rsvp start If tunnel LSP uses LDP mpls add interface to_r2 mpls start ldp...

Страница 380: ...e to see the corresponding configuration Figure 17 17 Tunneling of virtual circuits based on VLAN ID RSVP tunnel Two LSPs are configured on R1 The LSP from R1 to R5 is configured with a strict explici...

Страница 381: ...ports gi 4 1 to ldp_in vlan add ports gi 6 1 gi 2 2 gi 4 1 to cust1 vlan add ports gi 3 1 gi 4 1 to cust2 interface create ip to_rs2 address netmask 200 1 1 1 16 vlan ldp_in LDP signaling VLAN to R2 i...

Страница 382: ...rval 5 preference 30 Start MPLS mpls start Configure RSVP rsvp add interface to_rs2 rsvp add interface to_rs6 rsvp start Configure LDP ldp add interface lo0 ldp add remote peer 111 1 1 3 adds R3 as LD...

Страница 383: ...te ldp_if1 id 120 vlan create ip_ldp port based id 175 vlan create cust1 port based id 100 vlan create cust2 ip id 200 vlan create to_rs1_only ip id 50 vlan add ports gi 12 2 to ip_ldp vlan add ports...

Страница 384: ...apping to R1 ldp add l2 fec vlan 200 to peer 111 1 1 1 send VLAN 200 mapping to R1 ldp add remote peer 111 1 1 1 adds R1 as LDP peer ldp add remote peer 111 1 1 5 adds R5 as LDP peer ldp add l2 fec vl...

Страница 385: ...40 vlan create cust2 ip id 200 vlan add ports gi 12 1 gi 13 2 to cust1 vlan add ports gi 13 2 to ldp_in1 vlan add ports gi 13 1 to to_rs4_vlan vlan add ports gi 13 1 to cust1 vlan add ports gi 6 1 to...

Страница 386: ...o R1 mpls create path to_rs1_primary num hops 2 mpls set path to_rs1_primary ip addr 220 1 1 2 type loose hop 1 mpls set path to_rs1_primary ip addr 201 1 1 1 type loose hop 2 Create tunnel LSP to R1...

Страница 387: ...apping to R1 ldp add l2 fec vlan 200 to peer 111 1 1 1 send VLAN 200 mapping to R1 ldp start Configure interfaces to R1 and R5 vlan create ip_signal ip id 12 vlan add ports gi 4 1 gi 5 1 to ip_signal...

Страница 388: ...n Timesaver Click on the router name in blue to see the corresponding configuration Figure 17 18 Tunneling of multiple virtual circuits based on ports untagged frames The following is the configuratio...

Страница 389: ...f add stub host 111 1 1 1 to area backbone cost 5 ospf add interface to_r2_1 to area backbone ospf start Configure router loopback interface add ip lo0 address netmask 111 1 1 2 32 Configure VLANs and...

Страница 390: ...rt that does not send out 802 1q tagged frames vlan make trunk port gi 3 2 untagged Configure LDP peers and label bindings ldp add interface lo0 ldp add remote peer 111 1 1 1 adds R1 as LDP peer ldp m...

Страница 391: ...tunnel LSP uses LDP mpls add interface to_r2 mpls start ldp add interface to_r2 ldp start Configure IGP in this example OSPF is the IGP ip router global set router id 111 1 1 3 ospf create area backbo...

Страница 392: ...l signaling are shown for this example Note The ports that are mapped to a single customer ID number must be either all trunk ports or all access ports The example shows configurations for transportin...

Страница 393: ...o0 address netmask 111 1 1 1 32 Configure OSPF ip router global set router id 111 1 1 1 ospf create area backbone ospf add stub host 111 1 1 1 to area backbone cost 5 ospf add interface to_rs2_1 to ar...

Страница 394: ...ustomer id 10 to peer 111 1 1 3 send customer id 10 to R3 ldp add l2 fec customer id 10 to peer 111 1 1 5 send customer id 10 to R5 ldp add remote peer 111 1 1 5 adds R5 as LDP peer ldp start Configur...

Страница 395: ...l set router id 111 1 1 3 ospf create area backbone ospf add stub host 111 1 1 3 to area backbone cost 5 ospf add interface to_rs2 to area backbone ospf add interface to_rs4 to area backbone ospf add...

Страница 396: ...interface create ip to_rs3 address netmask 110 1 1 2 16 port gi 3 1 interface create ip to_rs5 address netmask 100 1 1 2 16 vlan rsvp_vlan1 interface add ip lo0 address netmask 111 1 1 4 32 Configure...

Страница 397: ...1 mpls set path to_rs3_secondary ip addr 220 1 1 1 type strict hop 2 mpls set path to_rs3_secondary ip addr 201 1 1 1 type strict hop 3 mpls set path to_rs3_secondary ip addr 200 1 1 2 type strict hop...

Страница 398: ...s LDP peer ldp add l2 fec customer id 10 to peer 111 1 1 3 send customer id mapping to R3 ldp start Configure interfaces to R1 and R5 vlan create ip_signal ip id 12 vlan add ports gi 4 1 gi 5 1 to ip_...

Страница 399: ...tion commands for both LDP and RSVP tunnel signaling are shown Timesaver Click on the router name in blue to see the corresponding configuration Figure 17 20 Tunneling of multiple virtual circuits bas...

Страница 400: ..._r2_1 address netmask 200 1 1 1 16 vlan ldp_in If tunnel LSP uses RSVP mpls add interface to_r2_1 mpls start rsvp add interface to_r2_1 rsvp start If tunnel LSP uses LDP mpls add interface to_r2_1 mpl...

Страница 401: ...ldp start Configure IGP in this example OSPF is the IGP ip router global set router id 111 1 1 2 ospf create area backbone ospf add interface all to area backbone ospf add stub host 111 1 1 2 to area...

Страница 402: ...1 sends label mapping for customer id 10 VLAN 200 to R1 ldp start Create the LDP signaling VLAN and interface vlan create ldp_in1 port based id 120 vlan add ports gi 3 2 to ldp_in1 interface create i...

Страница 403: ...ling of virtual circuits based on VLAN ID and port RSVP tunnel Two LSPs are configured on R1 The LSP from R1 to R5 is configured with a strict explicit path of 3 hops R1 R6 R5 and is restricted to tra...

Страница 404: ...p1 to R3 mpls create path p1 num hops 2 mpls set path p1 ip addr 200 1 1 1 type loose hop 1 mpls set path p1 ip addr 210 1 1 2 type loose hop 2 Configure explicit path to R5 mpls create path to_rs5_p...

Страница 405: ...r 111 1 1 5 sends label mapping for customer id 20 VLAN 60 to R5 ldp start Configure VLANs and interfaces vlan create ldp_in1 port based id 110 vlan create ip_ldp ip id 175 vlan add ports gi 14 1 to l...

Страница 406: ...Configure OSPF ip router global set router id 111 1 1 3 ospf create area backbone ospf add stub host 111 1 1 3 to area backbone cost 5 ospf add interface to_rs2 to area backbone ospf add interface to_...

Страница 407: ...2 16 vlan rsvp_vlan1 interface add ip lo0 address netmask 111 1 1 4 32 Configure OSPF ip router global set router id 111 1 1 4 ospf create area backbone ospf add interface all to area backbone ospf ad...

Страница 408: ...hop 3 mpls set path to_rs3_secondary ip addr 200 1 1 2 type strict hop 4 mpls set path to_rs3_secondary ip addr 210 1 1 2 type strict hop 5 Create explicit path to_rs1_primary to R1 mpls create path t...

Страница 409: ...Configure VLANs and interfaces vlan create ip_signal ip id 12 vlan add ports gi 4 1 gi 5 1 to ip_signal interface create ip to_rs1 address netmask 201 1 1 2 16 port gi 4 2 interface create ip to_rs5...

Страница 410: ...ath LSPs You can use administrative groups to Apply the same policies to a set of resources that are not necessarily in the same topological area Specify the relative preference of a set of resources...

Страница 411: ...3 Specify administrative groups to be included or excluded from an LSP computation To include or exclude groups for an LSP use the mpls create label switched path command For example To include or exc...

Страница 412: ...eliver the path information to each LSR in the LSP The CSPF algorithm takes into account link state and network state information from the TED as well as the following LSP attributes bandwidth hops ad...

Страница 413: ...es where the administrative group SKY is applied Timesaver Click on the router name in blue to see the corresponding configuration Figure 17 22 Constrained path selection by administrative group The f...

Страница 414: ...dress netmask 201 135 89 197 26 port gi 4 1 interface add ip lo0 address netmask 2 2 2 2 16 Configure OSPF ip router global set router id 2 2 2 2 ospf create area backbone ospf add stub host 2 2 2 2 t...

Страница 415: ...3 16 Configure OSPF ip router global set router id 3 3 3 3 ospf create area backbone ospf add stub host 3 3 3 3 to area backbone cost 10 ospf add interface R3R2 to area backbone ospf set traffic engin...

Страница 416: ...ed on the routers R1 mpls show label switched paths LSP1 verbose Label Switched Path LSP1 to 3 3 3 3 from 1 1 1 1 state Up lsp id 0x8 proto rsvp protection none setup pri 7 hold pri 0 attributes Path...

Страница 417: ...figuration Figure 17 23 Traffic engineering with IS IS Note For simplicity the configurations shown in this section are for unidirectional LSPs from R1 to R4 In most cases you would also need to confi...

Страница 418: ...l switched path LSP2 from 113 113 113 113 to 124 124 124 124 mpls set label switched path LSP1 include red mpls set label switched path LSP2 include green bps 8000000 mpls create policy to 53 net dst...

Страница 419: ...o R5 level 1 isis set interface to R5 key chain test1 authentication method md5 isis set traffic engineering enable isis set interface to R1 level 1 isis start Configure MPLS mpls add interface all mp...

Страница 420: ...id 15 1515 1515 15 isis set interface to R4 level 1 isis set level 1 and 2 isis set interface to R5 level 1 isis set interface to R2 level 1 isis set area key chain test1 authentication method md5 isi...

Страница 421: ...tication create key chain test1 key ed301c4c0a9b1171 type primary id 255 keyisencrypted isis add area 53 da05 isis add interface lo0 isis add interface to R3 isis set system id 24 2424 2424 24 isis se...

Страница 422: ...terface to R2 isis add interface to R3 isis set level 1 isis set system id 26 2626 2626 26 isis set interface to R2 level 1 isis set interface to R3 level 1 isis set area key chain test1 authenticatio...

Страница 423: ...int 0 000000 sec bps 0 preference 7 hop limit 255 opt int 600 sec ott index 3 ref count 1 mtu 0 cspf path num hops 4 153 1 1 13 strict 153 1 1 12 strict 192 1 1 15 strict 185 1 1 24 strict include red...

Страница 424: ...ystem State Level Hold s SNPA Priority to R2 R2 up L1 9 802 2 0 0 0 a3 62 61 100 R1 isis show ted TED database NodeID R2 12 12 12 12 Age 1099 secs Protocol IS IS 1 To 1212 1212 1212 0e Local 186 1 1 1...

Страница 425: ...2 1212 1212 00 NodeID 1212 1212 1212 0e00 Age 1076 secs Protocol IS IS 1 To 2626 2626 2626 00 To 1212 1212 1212 00 NodeID R1 113 113 113 113 Age 1092 secs Protocol IS IS 1 To 0000 1717 1717 0a To 1212...

Страница 426: ...Mbps 5 100 Mbps 6 100 Mbps 7 100 Mbps NodeID 1515 1515 1515 0600 Age 1074 secs Protocol IS IS 1 To 2626 2626 2626 00 To 1515 1515 1515 00 NodeID 1515 1515 1515 0800 Age 1070 secs Protocol IS IS 1 To 2...

Страница 427: ...s can be enabled on a per router basis it is disabled by default When IGP shortcuts are enabled each router maintains a list of IGP shortcuts that originate at the local router and the ID of the route...

Страница 428: ...153 1 1 12 ISIS_L1 to R2 53 1 0 0 16 153 1 1 12 ISIS_L1 to R2 55 1 0 0 16 153 1 1 12 ISIS_L1 to R2 92 1 0 0 16 153 1 1 12 ISIS_L1 to R2 95 1 0 0 16 153 1 1 12 ISIS_L1 to R2 96 1 0 0 16 153 1 1 12 ISIS...

Страница 429: ...d 78net 92 1 0 0 16 Unnumbered ISIS_L1 LSP1 Unnumbered ISIS_L1 LSP2 95 1 0 0 16 Unnumbered ISIS_L1 LSP1 Unnumbered ISIS_L1 LSP2 96 1 0 0 16 Unnumbered ISIS_L1 LSP1 Unnumbered ISIS_L1 LSP2 97 1 0 0 16...

Страница 430: ...there is a bidirectional connection between nodes before using an advertised link Therefore you need to configure two LSPs one in each direction for paths between two LSRs that will be advertised in...

Страница 431: ...one remote gateway over another Preference may not be used to control the selection of routes within an Interior Gateway Protocol IGP This is accomplished automatically by the protocol based on metri...

Страница 432: ...ved Source autonomous system from which the route was learned AS path associated with a route Besides autonomous system BGP also supports importation of routes using AS path regular expressions and AS...

Страница 433: ...ssible to restrict the importation of OSPF ASE routes when functioning as an AS border router Like the other interior protocols preference cannot be used to choose between OSPF ASE routes That is done...

Страница 434: ...tocols have a tag of zero In some cases a combination of the associated attributes can be specified to identify the routes to be exported Route Filter This component specifies the individual routes wh...

Страница 435: ...cifies that the mask of the destination must match the supplied mask exactly This is used to match a network but no subnets or hosts of that network Refines Specifies that the mask of the destination...

Страница 436: ...ome cases a combination of the associated attributes can be specified to identify the routes contributing to an aggregate Route Filter This component specifies the individual routes that are to be agg...

Страница 437: ...n was introduced Each key chain has an identifier and can contain up to two keys One key is the primary key and other is the secondary key Outgoing packets use the primary authentication key but incom...

Страница 438: ...2 1 Redistributing Static Routes Static routes may be redistributed to another routing protocol such as RIP or OSPF by the following command The network parameter specifies the set of static routes t...

Страница 439: ...external routes redistributed into OSPF are referred to as ospf ase routes Examples of ospf ase routes include static routes rip routes direct routes bgp routes or aggregate routes which are redistri...

Страница 440: ...routes configured on the router Determine its RIP configuration To redistribute aggregate routes into RIP ip router policy redistribute from proto aggregate to proto rip To redistribute aggregate rout...

Страница 441: ...figure default routes to the other subnets reachable through R2 ip add route 202 1 0 0 16 gateway 120 190 1 2 ip add route 160 1 5 0 24 gateway 120 190 1 2 RIP Box Level Configuration rip start rip se...

Страница 442: ...etmask 120 190 1 1 16 port et 1 2 interface create ip to r3 address netmask 130 1 1 1 16 port et 1 3 interface create ip to r41 address netmask 140 1 1 1 24 port et 1 4 interface create ip to r42 addr...

Страница 443: ...o RIP 18 3 CONFIGURING ADVANCED ROUTING POLICIES Advanced Routing Policies are used for creating complex import export policies that cannot be done using the redistribute command Advanced export polic...

Страница 444: ...routes to be distributed Routes that match a filter are considered as eligible for redistribution This can be done using one of two methods Creating a route filter and associating an identifier with...

Страница 445: ...is component provides the means to define a filter for the routes to be imported Routes that match a filter are considered as eligible for importation This can be done using one of two methods Creatin...

Страница 446: ...re imported The source may be RIP or OSPF To create an import source enter one of the following commands in Configure mode 18 3 6 Creating a Route Filter Route policies are defined by specifying a set...

Страница 447: ...pecifying the networks as needed in the ip router policy aggr gen command If you want to create a complex route filter and you intend to use that route filter in several aggregates then the first meth...

Страница 448: ...importation of RIP routes may be controlled by any of protocol source interface or source gateway If more than one is specified they are processed from most general protocol to most specific gateway R...

Страница 449: ...ng Policy Configuration Configuring Advanced Routing Policies Figure 18 1 Exporting to RIP The configuration commands shown below for router R1 Determine the IP address for each interface Specify the...

Страница 450: ...rface create ip to r6 address netmask 160 1 1 1 16 port et 1 6 interface create ip to r7 address netmask 170 1 1 1 16 port et 1 7 Configure a default route through 170 1 1 7 ip add route default gatew...

Страница 451: ...port Policy importing all routes except the 10 51 0 0 16 route from interface 140 1 1 1 18 3 11 Import Policies Example Importing from OSPF Due to the nature of OSPF only the importation of ASE routes...

Страница 452: ...Policies Routing Policy Configuration For all examples in this section refer to the configuration shown in Figure 18 2 Figure 18 2 Exporting to OSPF The following configuration commands for router R1...

Страница 453: ...1 24 port et 1 4 interface create ip to r42 address netmask 140 1 2 1 24 port et 1 5 interface create ip to r6 address netmask 140 1 3 1 24 port et 1 6 Configure default routes to the other subnets r...

Страница 454: ...policy Just setting a default metric for RIP is not sufficient This is a safeguard to verify that the announcement is intended For all examples in this section refer to the configuration shown in Fig...

Страница 455: ...erything that should be exported Since we would also like to export redistribute RIP and direct routes into RIP we would also create export sources for those protocols 3 Create a RIP export source sin...

Страница 456: ...r interface 140 1 1 1 2 Create a static export source since we would like to export static routes 3 Create a RIP export source since we would like to export RIP routes 4 Create a Direct export source...

Страница 457: ...e we intend to change the rip export policy for interface 140 1 1 1 2 Create a Static export source since we would like to export static routes 3 Create a RIP export source since we would like to expo...

Страница 458: ...e source of the routes contributing to the aggregate Since in this case we do not care about the source of the contributing routes we would specify the protocol as all 3 Create the aggregate summarize...

Страница 459: ...f OSPF ASE routes type 1 and type 2 The default type is specified by the ospf set ase defaults type 1 2 command This may be overridden by a specification in the ip router policy create ospf export des...

Страница 460: ...te the various IP interfaces interface create ip to r2 address netmask 120 190 1 1 16 port et 1 2 interface create ip to r3 address netmask 130 1 1 1 16 port et 1 3 interface create ip to r41 address...

Страница 461: ...P In the configuration shown in Figure 18 2 suppose we decide to run RIP Version 2 on network 120 190 0 0 16 connecting routers R1 and R2 We would like to redistribute these RIP routes as OSPF type 2...

Страница 462: ...tag of 100 5 Create a RIP export source 6 Create a Static export source rip add interface 120 190 1 1 rip set interface 120 190 1 1 version 2 type multicast ip router policy create ospf export destina...

Страница 463: ...rce directExpSrc network all ip router policy export destination ospfExpDstType2 source statExpSrc network all ip router policy export destination ospfExpDstType2t100 source ripExpSrc network all ip r...

Страница 464: ...18 34 Riverstone Networks RS Switch Router User Guide Release 8 0 Configuring Advanced Routing Policies Routing Policy Configuration...

Страница 465: ...ith the same IP interface on the RS IGMP keeps track of multicast host members on a per port basis Ports belonging to an IP VLAN without any IGMP membership will not be forwarded any multicast traffic...

Страница 466: ...s internal network and cannot include addresses that require the RS to send DVMRP data on the Internet The RS also allows control of routing information exchange with peers through route filter rules...

Страница 467: ...19 3 4 Configuring Per Interface Control of IGMP Membership You can configure the RS to control IGMP membership on a per interface basis An interface can be configured to be allowed or not allowed me...

Страница 468: ...19 4 1 Starting and Stopping DVMRP DVMRP is disabled by default on the RS To start or stop DVMRP enter one of the following commands in Configure mode 19 4 2 Configuring DVMRP on an Interface DVMRP ca...

Страница 469: ...Threshold 64 Application restricted to a region TTL 128 Threshold 128 Application restricted to a continent TTL 255 Application not restricted To configure the TTL Threshold enter the following comma...

Страница 470: ...ight tunnels To configure a DVMRP tunnel enter the following command in Configure mode You can also control the rate of DVMRP traffic in a DVMRP tunnel The default rate is 500 Kbps To control the rate...

Страница 471: ...all interfaces running multicast protocols IGMP DVMRP multicast show interfaces Show all multicast routes multicast show mroutes Create VLANS vlan create upstream ip vlan add ports et 5 3 et 5 4 to u...

Страница 472: ...uery Interval igmp set queryinterval 30 Enable DVMRP dvmrp enable interface 10 135 89 10 dvmrp enable interface 172 1 1 10 dvmrp enable interface 207 135 122 11 dvmrp enable interface 207 135 89 64 dv...

Страница 473: ...ork through a firewall while letting other packets bypass the firewall Sites that have multiple Internet service providers can use IP policies to assign user groups to particular ISPs You can also cre...

Страница 474: ...a profile with the acl command you associate the profile with an IP policy by entering one or more ip policy statements An ip policy statement specifies the next hop gateway or gateways where packets...

Страница 475: ...red routes The options of the action parameter can cause packets to use the IP policy route first then the dynamic route if the next hop gateway specified in the IP policy is unavailable use the dynam...

Страница 476: ...ort of the gateway at 15 second intervals If the RS does not receive a reply from the gateway after four tries the application is considered to be down You can change the intervals at which pings or h...

Страница 477: ...ith the ip policy apply command Once the IP policy is applied to the interface packets start being forwarded according to the IP policy See the Riverstone RS Switch Router Command Line Interface Refer...

Страница 478: ...raffic originating from network 10 50 0 0 for destination 207 31 0 0 16 is forwarded to 200 1 1 1 All other traffic is forwarded to 100 1 1 1 The following is the IP policy configuration for the Polic...

Страница 479: ...s Traffic from the standard customer always uses one gateway 200 1 1 1 If for some reason that gateway is not available packets from the standard customer are dropped The following is the IP policy co...

Страница 480: ...up are sent through a firewall If the firewall cannot be reached packets from the contractors group are dropped Packets from users defined in the full timers group do not have to go through the firewa...

Страница 481: ...wall load balancing This example shows how to provide protection from a complete firewall failure but it does not show how to protect against asymmetrical paths if a single link failure occurs Figure...

Страница 482: ...to vClient vlan add ports et 1 4 to vClient Create Firewall VLAN vlan create vFirewall ip id 20 vlan add ports et 2 1 to vFirewall vlan add ports et 2 2 to vFirewall Create interfaces interface create...

Страница 483: ...add ports et 1 2 to vServices vlan add ports et 1 3 to vServices vlan add ports et 1 4 to vServices Create Firewall VLAN vlan create vFirewall ip id 20 vlan add ports et 2 1 to vFirewall vlan add por...

Страница 484: ...destination TCP or UDP port 9 The TOS value in the packet 10 The protocol of this profile IP ICMP TCP UDP 11 The sequence in which the statement is evaluated IP policy statements are listed in the or...

Страница 485: ...Policy First Policy Only or Policy Last 16 The list of next hop gateways in effect for the policy statement 17 The number of packets that have been forwarded to this next hop gateway 18 The state of t...

Страница 486: ...20 14 Riverstone Networks RS Switch Router User Guide Release 8 0 Monitoring IP Policies IP Policy Based Forwarding Configuration...

Страница 487: ...ss binding does not expire until the command that defines the binding is negated IP addresses defined for static bindings cannot be reassigned For static address bindings PAT allows TCP or UDP port nu...

Страница 488: ...e enable port overload parameter to allow PAT 21 2 FORCING FLOWS THROUGH NAT If a host on the outside global network knows an inside local address it can send a message directly to the inside local ad...

Страница 489: ...s in a Domain Name System DNS response to a name or inverse lookup For example if an outside host sends a name lookup to an inside DNS server the inside DNS server can respond with a local IP address...

Страница 490: ...type 11 Parameter problem type 12 21 6 NAT AND FTP File Transfer Protocol FTP packets require special handling with NAT because the FTP PORT command packets contain IP address information within the d...

Страница 491: ...21 7 MONITORING NAT To display NAT information enter the following command in Enable mode 21 8 CONFIGURATION EXAMPLES This section shows examples of NAT configurations 21 8 1 Static Configuration The...

Страница 492: ...when the out to in traffic is the first to initialize a connection i e the first packet is coming from outside to inside This could be the case when you have a server in the local network and clients...

Страница 493: ...on 1 The first step is to create the interfaces 2 Next define the interfaces to be NAT inside or outside 3 Then define the NAT dynamic rules by first creating the source ACL pool and then configuring...

Страница 494: ...ut has been reached The free globals are used again for the next packet A typical problem is that if there are more local IP addresses as compared to global IP addresses in the pools then packets will...

Страница 495: ...rts from 1024 4999 which is fixed and cannot be configured by the user The network administrator does not have to worry about the way in which the bindings are created he she just sets the pools and t...

Страница 496: ...e local IP address of the DNS server The DNS server will resolve the query and respond with a reply The reply can include the local IP address of a host inside the local network for example 10 1 1 2 t...

Страница 497: ...addresses 201 50 20 0 24 on interface 201 net Figure 21 5 Dynamic address binding with outside interface redundancy 1 The first step is to create the interfaces 2 Next define the interfaces to be NAT...

Страница 498: ...d for the two connections This case is possible when you have two ISPs connected on two different interfaces to the Internet Through a routing protocol some routes will result in traffic going out of...

Страница 499: ...e faster since requests can be handled locally but overall WAN bandwidth usage is reduced Note Load balancing and web caching can be performed using application software However the can perform these...

Страница 500: ...through a TCP load balanced group is load balanced using the IP hash algorithm Specify udp to perform UDP load balancing such as DNS For UDP sessions it is difficult to signal the end of a session be...

Страница 501: ...matching the source and destination IP addresses in the secure key transfer request to subsequent client requests This allows both the secure key transfer and subsequent data traffic from a particular...

Страница 502: ...uts for Load Balancing Mappings The mapping between a host source and a load balancing server destination times out after a certain period of non activity After the mapping times out any server in the...

Страница 503: ...d to it is selected to service a new session weighted round robin a variation of the round robin policy where each server takes on new sessions according to its assigned weight If you choose the weigh...

Страница 504: ...gs from the RS to the mktgroup server group The following example sets the time between handshakes at port 80 In addition the RS can also check the status of any attached Domain Name Servers DNS serve...

Страница 505: ...connection on a server If you have a proprietary protocol you can verify whether the protocol is up by specifying the files for the application content verification request reply and quit strings 22...

Страница 506: ...22 1 9 Allowing Access to Load Balancing Servers Load balancing causes both source and destination addresses to be translated on the RS It may be undesirable in some cases for a source address to be...

Страница 507: ...s of RS A is 100 1 1 1 and the IP address of RS B is 100 1 1 2 The two RS s are configured to mirror each other s session information for the group www fast net Figure 22 1 VSRP configuration example...

Страница 508: ...ings load balance show source mappings client ip ipaddr range virtual ip ipaddr virtual port port number ip destination host ip ipaddr Show load balancing statistics load balance show statistics group...

Страница 509: ...wards web requests among four separate servers as shown below Figure 22 2 Load balancing with one virtual group The network shown above can be created with the following load balance commands Domain N...

Страница 510: ...known to the user In the above example the RS will search from the beginning of the file up to the 25th character for the start of the string OK Web Hosting with Multiple Virtual Groups and Multiple D...

Страница 511: ...with the load balance create vip range name command Once the vip range is in place the ISP can then create the corresponding secondary addresses on their destination servers Once these addresses have...

Страница 512: ...computers com 207 135 89 16 80 S1 10 1 1 16 S2 10 1 2 16 80 www dvd com 207 135 89 17 80 S1 10 1 1 17 S2 10 1 2 17 80 www vcr com 207 135 89 18 80 S1 10 1 1 18 S2 10 1 2 18 80 www toys com 207 135 89...

Страница 513: ...me source IP subnet address Figure 22 5 Session and netmask persistence The network shown above can be created with the following load balance commands Client IP Address Domain Name Virtual IP Real Se...

Страница 514: ...and translates the global address back to the local address for the incoming reply This process is illustrated in Figure 22 6 Figure 22 6 Load balancing with NAT The following explains the data flows...

Страница 515: ...he cache group a list of cache servers to cache Web objects 2 Specify the hosts whose HTTP requests will be redirected to the cache servers This step is optional if you do not explicitly define these...

Страница 516: ...5 142 179 14 to 135 142 179 21 should be redirected to the cache servers Redirecting HTTP Traffic on an Interface or Port To start the redirection of HTTP requests to the cache servers you need to app...

Страница 517: ...b cache deny commands 22 2 3 Other Web Cache Options This section discusses other commands that may be useful in configuring Web caching in your network Bypassing Cache Servers Some Web sites require...

Страница 518: ...fying Protocol for Redirected Traffic By default only TCP traffic is redirected to the local cache servers You can specify a different IP protocol for the traffic that is to be redirected For example...

Страница 519: ...5 second intervals If the RS does not receive a reply from a server after four ping requests the server is considered to be down If you specify that the RS use TCP connection requests to check the gat...

Страница 520: ...information enter the following commands in Enable mode Show information for all caching policies and all server lists web cache show all Show caching policy information web cache show cache name cach...

Страница 521: ...cket addresses for both the destination and source are held within the IPX header 23 1 RIP ROUTING INFORMATION PROTOCOL IPX routers use RIP to create and dynamically maintain a database of internetwor...

Страница 522: ...rvers respond to the workstation s or router s request Routers make periodic broadcasts to make sure all other routers are aware of the internetwork configuration Routers perform broadcasting whenever...

Страница 523: ...fferent VLANs 23 3 4 IPX Addresses The IPX address is a 12 byte number divided into three parts The first part is the 4 byte 8 character IPX external network number The second part is the 6 byte 12 ch...

Страница 524: ...otocol type code the default encapsulation method 802 3 SNAP SNAP IEEE 802 3 encapsulation in which the type code becomes the frame length for the IEEE 802 2 LLC encapsulation destination and source S...

Страница 525: ...to determine the best paths for routing IPX However you can add static RIP routes to RIP routing table to explicitly specify a route To add a static RIP route enter the following command in Configure...

Страница 526: ...replies RIP access control list Restricts advertisements or learning of networks Creating an IPX Access Control List IPX access control lists control which IPX traffic is received from or sent to an...

Страница 527: ...de Creating an IPX GNS Access Control List IPX GNS access control lists control which SAP services the RS can reply with to a get nearest server GNS request To create an IPX GNS access control list en...

Страница 528: ...on To display IPX information enter the following command in Enable mode 23 7 CONFIGURATION EXAMPLES This example performs the following configuration Creates IPX interfaces Adds static RIP routes Add...

Страница 529: ...ress CCCCCCCC interface add ipx ipx2 address CCCCCCCC output mac encapsulation ethernet_II Add static route to network 9 ipx add route 9 BBBBBBBB 01 02 03 04 05 06 1 1 Add static sap ipx add sap 0004...

Страница 530: ...23 10 Riverstone Networks RS Switch Router User Guide Release 8 0 Configuration Examples IPX Routing Configuration...

Страница 531: ...Section 24 4 Enabling ACL Logging explains how to log information about packets that are permitted or denied because of an ACL Section 24 5 Monitoring ACLs lists the commands you can use to display i...

Страница 532: ...rly For IPX ACLs the following selection criteria can be specified Source network address Destination network address Source IPX socket Destination IPX socket These selection criteria are specified as...

Страница 533: ...ther field that is further down in the rule If there are no other fields to specify the any keyword is not necessary For example the following ACL permits all IP traffic to go through 24 1 2 How ACL R...

Страница 534: ...ugh is blocked because of the implicit deny rule the worst that could happen is inconvenience On the other hand if a packet that should not be allowed to go through is instead sent through there is no...

Страница 535: ...e firewall to permit specific types of traffic for example traffic from a specific subnet or traffic from a specific application 24 1 4 Allowing External Responses to Established TCP Connections Typic...

Страница 536: ...RCP With this method you use a text editor on a remote host to edit delete replace or reorder ACL rules in a file Once the changes are made you can then upload the ACLs to the RS using TFTP or RCP an...

Страница 537: ...or RCP the RS provides a simpler and more user friendly mechanism to maintain ACLs the ACL editor The ACL editor is a facility that is used online that is via CLI on a Console or Telnet session The A...

Страница 538: ...t all of these rules into one ACL and apply it to an interface When a packet comes into the RS at an interface where an inbound ACL is applied the RS compares the packet to the rules specified by that...

Страница 539: ...To apply an ACL to a service enter the following command in Configure mode 24 3 3 Applying ACLs to Layer 4 Bridging Ports ACLs can also be created to permit or deny access to one or more ports operati...

Страница 540: ...he permit or deny keyword Only certain ACL rule parameters are relevant for each configuration command For example the configuration command to create NAT address pools for dynamic bindings the nat cr...

Страница 541: ...24 to 15 1 1 0 24 to be forwarded to 10 10 10 10 See Chapter 20 IP Policy Based Forwarding Configuration for more information on using the ip policy command Using Profile ACLs with the Traffic Rate Li...

Страница 542: ...an IP address within a range of local IP addresses is mapped to an IP address within a range of global IP addresses For example you can configure IP addresses on network 10 1 1 0 24 to use an IP addr...

Страница 543: ...Using Profile ACLs with the Web Caching Facility Web caching is the RS s ability to direct HTTP requests for frequently accessed Web objects to local cache servers rather than to the Internet Since th...

Страница 544: ...this example This command creates a Profile ACL called prof5 that uses as its selection criteria all packets with a source address of 1 2 3 4 and a destination address of 10 10 10 10 To have packets m...

Страница 545: ...act on performance With ACL logging enabled the router prints out a message at the console before the packet is actually forwarded or dropped Even if the console is connected to the router at a high b...

Страница 546: ...24 16 Riverstone Networks RS Switch Router User Guide Release 8 0 Monitoring ACLs Access Control List Configuration...

Страница 547: ...destination TCP UDP port TOS or protocol type for IP traffic Perform filtering on source or destination IPX address or source or destination IPX socket Perform access control to services provided on t...

Страница 548: ...s command is not specified the RS tries the next configured authentication method including TACACS configura tion commands Otherwise if the server does not reply within the configured timeout period f...

Страница 549: ...ACS servers To configure TACACS security enter the following commands in the Configure mode Monitoring TACACS You can monitor TACACS configuration and statistics within the RS To monitor TACACS enter...

Страница 550: ...od for the configured number of retries user authen tication will fail tacacs plus set last resort password succeed deny Set the maximum number of times the TACACS server is contacted for authenticati...

Страница 551: ...enabled on the router passwords are authenticated by the TACACS or RADIUS server Private and public keys on a per user basis are not supported Establishing SSH Sessions The SSH server on the RS must...

Страница 552: ...u can use any SSH version 1 client to access the SSH server on the RS For example there are several SSH clients available that run under Windows 95 98 Monitoring SSH Sessions The RS allows up to four...

Страница 553: ...flow which filters out any frame coming from a specific source MAC address that is also destined to a specific destination MAC address To configure Layer 2 address filters enter the following command...

Страница 554: ...stination port filters A secure port filter applied to a source port forces all incoming packets to be dropped on a port A secure port filter applied to a destination port prevents packets from going...

Страница 555: ...port filter filters add secure port name name direction source vlan VLAN num in port list port list Configure a destination secure port filter filters add secure port name name direction destination...

Страница 556: ...in flow bridging mode for this filter to work Static Entries Example Source static entry The consultant is only allowed to access the engineering file servers on port et 1 2 Destination static entry R...

Страница 557: ...MAC is detected on a different port all of its traffic will be blocked Example 2 Secure Ports Source secure port To block all engineers on port 1 from accessing all other ports enter the following co...

Страница 558: ...the packet that matches the rule s packet description For information about defining and using ACLs on the RS see Chapter 24 Access Control List Configuration 25 4 LAYER 4 BRIDGING AND FILTERING Layer...

Страница 559: ...onsists of the following steps Creating an IP or IPX VLAN Placing the ports on the same VLAN Enabling Layer 4 Bridging on the VLAN Creating an ACL that specifies the selection criteria Applying an ACL...

Страница 560: ...ple to enable Layer 4 Bridging on the blue VLAN 25 4 4 Creating ACLs to Specify Selection Criteria for Layer 4 Bridging Access control lists ACLs specify the kind of filtering to be done for Layer 4 B...

Страница 561: ...he ACLs to the ports in the VLAN To do this enter the following command in Configure mode For the example in Figure 25 2 to apply ACL 100 which denies all traffic except SMTP to the consultant port To...

Страница 562: ...rather than per MAC pair This means that for traffic between a MAC pair consisting of more than one flow the packets may be disordered if they go through a SmartTRUNK For traffic that doesn t go thro...

Страница 563: ...ates traffic congestion by randomly dropping packets before the queues pass their upper thresholds WRED is intended to work with connection oriented protocols especially TCP However WRED when applied...

Страница 564: ...he RS For Layer 2 traffic you can define a flow based on MAC packet header fields including source MAC address destination MAC address and VLAN IDs A list of incoming ports can also be specified For L...

Страница 565: ...MAC address to a specific destination MAC address use only when the port is in flow bridging mode Any source MAC address to a specific destination MAC address Before applying a QoS policy to a Layer...

Страница 566: ...ernal priorities for frames You can create one or more priority maps that are different from the default priority map and then apply these maps to some or all ports on the RS The new priority mapping...

Страница 567: ...p you must negate all commands that use the priority map Negating a qos apply priority map command causes the configured ports to use the default priority mapping The ability to specify per port prior...

Страница 568: ...ation flows Layer 4 application flows 26 5 1 Configuring IP QoS Policies To configure an IP QoS policy perform the following tasks 1 Identify the Layer 3 or 4 flow and set the IP QoS policy 2 Specify...

Страница 569: ...olicy strict priority is set on a system wide basis To change the queuing policy for a specific port or ports to weighted fair queuing enter the following command in the Configure mode If you want to...

Страница 570: ...robability of packet drop roughly depends on bandwidth i e the more packets sent by a particular connection the greater the probability that packets will be dropped from that connection 26 7 1 WRED s...

Страница 571: ...nput queues and from zero 0 to seven 7 when WRED is applied to output queues Note that the lower the value specified the higher the probability that packets will be dropped Both the exponential weight...

Страница 572: ...is not currently used In the RS configuration there is no restriction on this bit and it is included as part of the ToS field For example setting the ToS field to 0010 specifies that a packet will be...

Страница 573: ...up The entire ToS byte can be rewritten or only the precedence part of the ToS byte can be rewritten If you specify a value for tos precedence rewrite then only the upper three bits of the ToS byte ar...

Страница 574: ...isplay QoS information enter the following commands in Enable mode qos set ip tos30to7 low 10 10 10 0 24 any any any 71 any any 255 5 30 Show all IP QoS flows qos show ip Show all IPX QoS flows qos sh...

Страница 575: ...e rate limiting is designed for use with line cards that do not support aggregate rate limiting Port level Rate Limiting Configure policies that limit traffic coming into a particular port This type o...

Страница 576: ...ow or flow aggregate rate limiting policies on that line card To enable aggregate or port level rate limiting on a line card enter the following command in Configure mode Note To change the rate limit...

Страница 577: ...y an ACL when defining this type of policy Port rate limiting policies do not need to be applied to an interface and take effect when they are created To configure port rate limiting policies for inpu...

Страница 578: ...to rate limit traffic to or from a particular subnet Note You cannot apply an aggregate rate limiting policy to an interface that spans ports on more than one line card For example you cannot apply an...

Страница 579: ...ands in the Configure mode Define an aggregate rate limit policy rate limit name aggregate acl acl list rate rate limit drop packets no action lower priority lower priority except control tos preceden...

Страница 580: ...to client1 vlan add ports et 1 2 to client2 vlan add ports et 1 8 to backbone interface create ip ipclient1 vlan client1 address netmask 1 1 1 1 8 interface create ip ipclient2 vlan client2 address ne...

Страница 581: ...formation To show information about rate limit policies use the following command in the Enable mode system enable aggregate rate limiting slot 1 interface create ip engintf address netmask 122 132 10...

Страница 582: ...26 20 Riverstone Networks RS Switch Router User Guide Release 8 0 Limiting Traffic Rate QoS Configuration...

Страница 583: ...e Show DVMRP routes dvmrp show routes Show all TCP UDP connections and services ip show connections Show all IP routes ip show routes Show all IPX routes ipx show tables routing Show all MAC addresses...

Страница 584: ...igure port mirroring for the entire WAN card Only IP ACLs can be specified for port mirroring Show multicast statistics statistics show multicast Show port error statistics statistics show port errors...

Страница 585: ...cular period of time Additionally you can configure the RS to shut down for a specified period if the packets sent to the control module reach a certain limit during a specified time interval Packets...

Страница 586: ...27 4 Riverstone Networks RS Switch Router User Guide Release 8 0 Monitoring Broadcast Traffic Performance Monitoring...

Страница 587: ...onnections and the applications and protocols being used For example the RMON 2 network layer matrix MIB group can show protocol specific traffic between pairs of systems which can help to diagnose pr...

Страница 588: ...command line in Configure mode To specify the ports on which RMON is to be enabled use the following CLI command line in Configure mode 1 port flow bridging et 5 3 8 2 interface add ip en0 address ne...

Страница 589: ...ndard RMON groups are shown in the table below Table 28 1 Lite RMON groups Group Function EtherStats Records Ethernet statistics for example packets dropped packets sent etc for specified ports Event...

Страница 590: ...ol tables and then configure the appropriate control tables for the data you wish to collect Even if you use the default control tables you can always use the rmon commands to modify control table ent...

Страница 591: ...r possible candidacy for moves to dedicated or higher speed ports and analyze traffic patterns to facilitate more long term network planning RMON 1 provides layer 2 information Traffic flowing through...

Страница 592: ...88 15 15 15 3 1771 272562 ether2 ip v4 10 50 89 88 15 15 15 3 1125 211192 ether2 ip v4 tcp 10 50 89 88 15 15 15 3 1122 210967 ether2 ip v4 tcp telnet 10 50 89 88 15 15 15 3 3 225 ether2 ip v4 tcp www...

Страница 593: ...ble To configure the History group rmon history index index number port port interval seconds owner string samples num status enable disable To configure the Application Layer and Network Layer Host g...

Страница 594: ...Event table and an SNMP trap generated with the community string public Event owner is help desk The command line below is an example of an RMON Alarm group configuration with the following attributes...

Страница 595: ...ow hosts and logs rmon show hosts port list all ports summary To show all Host Top N and logs rmon show host top n To show matrices and logs rmon show matrix port list all ports To show all channels r...

Страница 596: ...ow commands An RMON CLI filter can only be applied to a current Telnet or Console session The following shows Host table output without a CLI filter To show all user history logs rmon show user histor...

Страница 597: ...sing RMON CLI Filters To see and use RMON CLI filters use the following CLI command in User or Enable mode rs rmon apply cli filter 4 rs rmon show hosts et 5 4 RMON I Host Table Filter inpkts 500 Addr...

Страница 598: ...to specify the port on which RMON will be enabled 4 Make sure that the control table is configured for the report that you want Depending upon the RMON group default control tables may be created for...

Страница 599: ...following CLI command in Enable mode Any memory allocation failures are reported The following is an example of the information shown with the rmon show status command To set the amount of memory all...

Страница 600: ...ON RMON Configuration The maximum amount of memory that you can allocate to RMON depends upon the RS model as shown in the table below Table 28 4 Maximum memory allocations to RMON RS platform Maximum...

Страница 601: ...t intended for troubleshooting immediate network problems enforcing company policies or replacing the accounts payable system Note For a complete list of LFAP related commands see the Riverstone RS Sw...

Страница 602: ...save backbone or WAN bandwidth it makes sense to have the accounting server as close as possible to the RS that it manages Up to three accounting servers can be configured on a RS although the RS can...

Страница 603: ...accounting server system to which the RS will send LFAP messages up to three accounting servers can be configured 3 Start the LFAP protocol on the RS 29 5 MONITORING THE LFAP AGENT ON THE RS The lfap...

Страница 604: ...29 4 Riverstone Networks RS Switch Router User Guide Release 8 0 Monitoring the LFAP Agent on the RS LFAP Configuration Guide...

Страница 605: ...figuration Examples Example Channelized T1 E1 and T3 configurations in Section 30 18 Scenarios for Deploying Channelized T1 E1 and T3 Example Clear Channel T3 and E3 configurations in Section 30 19 Sc...

Страница 606: ...ddresses For Frame Relay you can configure primary and secondary addresses which are static or dynamic For PPP however the primary addresses may be dynamic or static but the secondary addresses must b...

Страница 607: ...address is unknown you do not need to specify it when creating the interface When in the Frame Relay environment the peer address will be automatically discovered via InArp Similarly the peer address...

Страница 608: ...tail in the following sections and should be taken into consideration before enabling compression Since the factors are dependent on the environment you should first try running with compression histo...

Страница 609: ...Latency Requirements The use of compression may affect a packet s latency Since the compressed packet is smaller less time is needed to transmit it On the other hand each packet must undergo a compres...

Страница 610: ...g bandwidth more effectively Source Filtering and ACLs Source filtering and ACLs can be applied to a WAN interface However they affect the entire module not an individual port For example if you want...

Страница 611: ...rmation transfer rate upon congestion abatement The CLI command related to adaptive shaping allows you to set threshold values for triggering the adaptive shaping function 30 3 FRAME RELAY OVERVIEW Fr...

Страница 612: ...of the WAN interface Having established the type and location of your WAN interfaces you need to optionally define one or more service profiles for your WAN interfaces then apply a service profile to...

Страница 613: ...an use the CLI to monitor status and statistics for your WAN ports The following table describes the monitoring commands for WAN interfaces designed to be used in Enable mode Define a frame relay serv...

Страница 614: ...faults Random Early Discard RED disabled RMON enabled The command line necessary to set up a service profile with the above attributes would be as follows To assign the above service profile to the VC...

Страница 615: ...loopback interference you can use the ppp restart command in the CLI to remedy the situation 30 8 CONFIGURING PPP INTERFACES This section provides an overview of configuring a host of WAN parameters...

Страница 616: ...4 Configuring Multilink PPP Bundles The Multilink PPP MLP standard defines a method for grouping multiple physical PPP links into a logical pipe called an MLP bundle PPP ports are bundled together on...

Страница 617: ...WAN interfaces designed to be used in the Enable mode Add PPP port s to an MLP bundle ppp add to mlp mlp port port list Create MLP bundle s ppp create mlp mlp list slot number Set MLP encapsulation f...

Страница 618: ...on the HSSI port hs 5 1 Suppose you wish to set up a service profile called profile2 that includes the following characteristics Bridging enabled Leave high low and medium priority queue depths set to...

Страница 619: ...rofile Once you have defined the type and location of your Cisco HDLC WAN interface s you can configure your RS to more efficiently utilize available bandwidth for Cisco HDLC communications Note The R...

Страница 620: ...are configured for Cisco HDLC encapsulation and a speed of 45Mbps A service profile s1 is then created with the Keepalive set to 15 seconds and RED disable Finally the service profile is applied to th...

Страница 621: ...int protocol MLPPP 30 13 1 Configuring WAN Rate Shaping Configure WAN rate shaping using the two commands wan define and wan apply Use wan define to create a rate shaping template then use wan apply t...

Страница 622: ...the subnet 134 141 153 0 To apply rate shaping to a single source IP address enter the IP address only but do not specify a subnet mask The wan apply command also allows you to set the following param...

Страница 623: ...iods when WAN bandwidth is not 100 percent utilized the rate shaping algorithm can allow each rate shaped Ethernet flow to exceed its Bc by a specified amount called the Excess Burst Size Be As with B...

Страница 624: ...al to CIR Notice that if Be is defined and excess bandwidth is available the amount of WAN port bandwidth utilized by an Ethernet flow can exceed its specified CIR In the best possible case where ther...

Страница 625: ...tomatically to Bc CIR 1 24 of a second Template dest2 is applied to R2 s Clear Channel T3 port for traffic originating from subnet 124 141 77 0 24 rs config wan define rate shape parameters dest1 cir...

Страница 626: ...that Ethernet flows are rate shaped by the desired template For example two templates are created temp1 and temp2 each with a different value for CIR and Bc Both templates are applied to a single Clea...

Страница 627: ...re mixed with flows that are controlled The non rate shaped flows will disregard the rate shaped flows and take as much bandwidth as they can For this reason it s generally not a good idea to mix rate...

Страница 628: ...st all be on the same Multi Rate WAN Module that is t1 2 1 4 Also the MP bundle being configured for IMUX mode must first be configured to use bridged format encapsulation using the ppp set ppp encaps...

Страница 629: ...ts From the diagram you can see that R1 is part of both Subnets 1 and 2 R2 is part of both Subnets 2 and 3 and R3 is part of subnets 1 and 3 You can click on the router label in blue to jump to the ac...

Страница 630: ...2 hs 4 1 hs 7 2 hs 3 1 et 1 1 et 1 2 hs 7 1 hs 3 2 et 1 1 hs 7 1 hs 3 1 et 15 2 et 15 1 30 30 30 3 30 30 30 13 100 100 100 3 130 130 130 3 100 100 100 1 130 130 130 2 200 200 200 200 20 20 20 12 20 20...

Страница 631: ...0 1 16 vlan s1 interface create ip s2 address netmask 120 120 120 1 16 vlan s2 rip add interface all rip set interface all version 2 rip set interface all xmt actual enable rip set auto summary enable...

Страница 632: ...face create ip PPPforR2toR3 address netmask 130 130 130 3 16 peer address 130 130 130 2 port hs 4 2 interface create ip s1 address netmask 100 100 100 3 16 vlan s1 rip add interface all rip set interf...

Страница 633: ...r 000505 050500 exit port et 1 1 Configuration for ROUTER R6 port set et 15 duplex full port set hs 3 1 wan encapsulation frame relay speed 45000000 frame relay create vc port hs 3 1 106 frame relay d...

Страница 634: ...CSU DSU The T1 WIC has two RJ 48c connectors and the E1 WIC has two 120 Ohm RJ 45 connectors Two T1 or E1 WICs or a T1 and E1 WIC can be installed in a Multi Rate WAN module giving a total of four po...

Страница 635: ...ach DS1 channel can be configured for n x 56 kbps or n x 64 kbps where n is 1 to 24 The unused portion of the T1 bandwidth when not running at full T1 speed is filled with idle channel data The CT3 se...

Страница 636: ...intended for support of external BERT equipment see Section 30 16 4 Bit Error Rate Testing Figure 30 4 T3 port with T1 test port Also a separate DS1 test port connection is provided per T3 interface...

Страница 637: ...the following parameters for ports 1 through 4 framing crc4 Sets the framing type to Cyclic Redundancy Check 4 impedance 75ohm Sets the impedance of the line to 75 ohm timeslots 1 31 Sets the range o...

Страница 638: ...eated and used for bridging to MSP s Create a VLAN using the following command For the VLAN example vlan create vlan1 port based Creates a port based VLAN id 100 Names the VLAN T1 Lines T1 lines chann...

Страница 639: ...Bit Error Rate The patterns available for BERT are selectable from a standard set of both pseudo random and repetitive patterns see the parameters for the port bert command BERT can only be performed...

Страница 640: ...ation of one hour enable config Configure loopback port set t1 2 1 framing esf lbo 7 5db port set t1 2 1 1 timeslots 1 24 speed 56 wan encapsulation ppp save active exit port loopback t1 2 1 remote li...

Страница 641: ...e of BERT to do an internal test of the 15th DS1 line of a DS3 interface for a duration of one hour enable config Configure loopback port set t3 2 1 15 framing esf save active exit port loopback t3 2...

Страница 642: ...mple the command sequence would be enable config Configure loopback port set e1 3 1 framing nocrc4 international bits 0 port set e1 3 1 1 timeslots 1 31 ts16 wan encapsulation ppp save active exit por...

Страница 643: ...SU DSU The WICs have a BNC connector Transmit Receive pair Two T3 or E3 WICs or a T3 and an E3 WIC can be installed in a Multi Rate WAN module giving a total of two ports Framing and line coding schem...

Страница 644: ...scenario a company has several sites that need to be connected An MSP provides a Channelized T3 connection on their RS 32000 Each site has several LANs interconnected through an RS 3000 which also pr...

Страница 645: ...ng Channelized T1 E1 and T3 Figure 30 5 Bridged MSP MTU MDU Aggregation rsite2 MTU MDU Metropolitan Sevice Provider T1 x 4 T3 28 T1s T1 x 4 T1 x 4 T1 x 4 T1 x 4 T1 x 4 T1 x 4 TELCO PSTN RS 32000 rsite...

Страница 646: ...p 6 port t3 4 1 21 24 ppp create mlp mp 7 slot 4 ppp add to mlp mp 7 port t3 4 1 25 28 Configure VLAN and bridging link to each site vlan create vlan1 port based id 100 vlan add ports mp 1 to vlan1 in...

Страница 647: ...ts 1 24 wan encapsulation ppp ppp create mlp mp 1 slot 2 ppp add to mlp mp 1 port t1 2 1 4 1 Configure VLAN and bridging for link to MSP vlan create vlan1port based id 100 vlan add ports mp 1 to vlan1...

Страница 648: ...s the routing protocol The ISP provides a Channelized T3 connection on their RS 32000 a LAN that connects to the servers containing the shared data required by the company and a connection to the Inte...

Страница 649: ...ctions with Only T1 on RS 8x00 T3 Internet Internet Service Provider POS RS 32000 12 20 10 5 24 Shared Data T1 x 4 T1 x 4 RS 8600 120 210 1 1 24 120 210 2 1 24 120 210 3 1 24 120 210 4 1 24 120 210 5...

Страница 650: ...13 16 ppp create mlp mp 5 slot 4 ppp add to mlp mp 5 port t3 4 1 17 20 ppp create mlp mp 6 slot 4 ppp add to mlp mp 6 port t3 4 1 21 24 ppp create mlp mp 7 slot 4 ppp add to mlp mp 7 port t3 4 1 25 2...

Страница 651: ...ate ip to_isp address netmask 120 210 1 2 24 port mp 1 up T1 interface to the remote sites port set t1 3 1 4 framing esf lbo 7 5db port set t1 3 1 4 1 timeslots 1 24 wan encapsulation ppp interface cr...

Страница 652: ...eslots 1 24 wan encapsulation ppp port set t1 2 4 framing esf lbo 7 5db port set t1 2 4 1 timeslots 1 24 wan encapsulation ppp ppp create mlp mp 1 slot 2 ppp add to mlp mp 1 port t1 2 1 4 1 interface...

Страница 653: ...1 24 wan encapsulation ppp ppp create mlp mp 1 slot 2 ppp add to mlp mp 1 port t1 2 1 4 1 interface create ip to_isp address netmask 120 210 3 2 24 port mp 1 up T1 interface to the hqsite port set t1...

Страница 654: ...ta required by the company and a connection to the Internet Figure 30 7 shows the network layout for this scenario The tables following the figure show the commands used to configure the interfaces fo...

Страница 655: ...ctions with T1 and T3 on RS 8x00 Internet Internet Service Provider POS RS 32000 12 20 10 5 24 Shared Data T1 x 4 T3 T1 T1 T1 120 210 7 1 24 rsite7 RS 3000 120 210 5 1 24 rsite5 RS 3000 120 210 4 1 24...

Страница 656: ...4 1 13 16 ppp create mlp mp 5 slot 4 ppp add to mlp mp 5 port t3 4 1 17 20 ppp create mlp mp 6 slot 4 ppp add to mlp mp 6 port t3 4 1 21 24 ppp create mlp mp 7 slot 4 ppp add to mlp mp 7 port t3 4 1 2...

Страница 657: ...ppp add to mlp mp 4 port t3 4 1 13 16 ppp create mlp mp 5 slot 4 ppp add to mlp mp 5 port t3 4 1 17 20 ppp create mlp mp 6 slot 4 ppp add to mlp mp 6 port t3 4 1 21 24 ppp create mlp mp 7 slot 4 ppp a...

Страница 658: ...ts 1 24 wan encapsulation ppp ppp create mlp mp 9 slot 5 ppp add to mlp mp 9 port t1 5 1 4 1 interface create ip to_rsite2 address netmask 120 210 2 1 24 port mp 9 up ppp create mlp mp 10 slot 6 ppp a...

Страница 659: ...ort set t1 2 2 1 timeslots 1 24 wan encapsulation ppp port set t1 2 3 framing esf lbo 7 5db port set t1 2 3 1 timeslots 1 24 wan encapsulation ppp port set t1 2 4 framing esf lbo 7 5db port set t1 2 4...

Страница 660: ...timeslots 1 24 wan encapsulation ppp port set t1 2 4 framing esf lbo 7 5db port set t1 2 4 1 timeslots 1 24 wan encapsulation ppp ppp create mlp mp 1 slot 2 ppp add to mlp mp 1 port t1 2 1 4 1 interfa...

Страница 661: ...ll unstructured T1 link is connected directly to the head office Internet Service Provider A uses a POS link to the Internet Internet Service Provider B provides a Channelized T3 service to an Applica...

Страница 662: ...30 58 Riverstone Networks RS Switch Router User Guide Release 8 0 Scenarios for Deploying Channelized T1 E1 and T3 WAN Configuration Figure 30 8 Routed Metropolitan Backbone with Only T1 on RS 8x00...

Страница 663: ...psulation ppp port set t3 4 1 9 12 timeslots 1 24 wan encapsulation ppp port set t3 4 1 13 timeslots 1 24 wan encapsulation ppp Configure 4 consecutive T1 lines into multilink PPP bundles ppp create m...

Страница 664: ...lbo 7 5db port set t1 2 2 1 timeslots 1 24 wan encapsulation ppp port set t1 2 3 framing esf lbo 7 5db port set t1 2 3 1 timeslots 1 24 wan encapsulation ppp port set t1 2 4 framing esf lbo 7 5db por...

Страница 665: ...1 interface create ip to_msp_mppp address netmask 120 210 23 50 28 port mp 1 up Fractional T1 interface to the MSP port set t1 3 1 framing esf lbo 7 5db port set t1 3 1 1 timeslots 1 12 wan encapsulat...

Страница 666: ...t t3 4 1 13 20 timeslots 1 24 wan encapsulation ppp Configure 4 consecutive T1 lines into multilink PPP bundles ppp create mlp mp 1 slot 4 ppp add to mlp mp 1 port t3 4 1 1 8 ppp create mlp mp 2 slot...

Страница 667: ...pplies to the RS 8000 router at the Application Service Provider Configuration for the RS 8000 T1 interfaces T1 interfaces to the ISP port set t1 2 1 4 framing esf lbo 7 5db port set t1 2 1 4 1 timesl...

Страница 668: ...six 64 Kbps services Also a full unstructured T1 link is connected directly to the RS 8600 Internet Service Provider A uses a POS link to the Internet Internet Service Provider B provides a Channelize...

Страница 669: ...S 8x00 Metropolitan Service Provider POS T3 Fractional T1 Unstructured T1 POS POS RS 32000 T3 T3 Internet Service Provider B RS 32000 T1 x 4 Content Provider RS 8000 110 25 30 5 24 Application Service...

Страница 670: ...ion ppp port set t3 4 1 9 12 timeslots 1 24 wan encapsulation ppp port set t3 4 1 13 timeslots 1 24 wan encapsulation ppp Configure 2 multilink PPP bundles each containing 4 consecutive T1 lines ppp c...

Страница 671: ...nfiguration for the RS 8600 Channelized T3 interface port set t3 4 1 cablelength 200 Configure the T1 lines on the Channelized T3 interface port set t3 4 1 1 4 timeslots 1 24 wan encapsulation ppp Con...

Страница 672: ...ce create ip to_rsite_mppp address netmask 120 210 4 1 24 port mp 1 up Full unstructured T1 interface to the rsite port set t1 3 1 framing none wan encapsulation ppp interface create ip to_rsite_fullt...

Страница 673: ...reate ip to_hqsite_mppp address netmask 120 210 4 2 24 port mp 1 up Fractional T1 interface to the hqsite port set t1 3 1 framing esf lbo 7 5db port set t1 3 1 1 timeslots 1 12 wan encapsulation ppp p...

Страница 674: ...set t3 4 1 17 20 timeslots 1 24 wan encapsulation ppp Configure 2 multilink PPP bundles each containing 4 consecutive T1 lines ppp create mlp mp 1 slot 4 ppp add to mlp mp 1 port t3 4 1 1 4 ppp create...

Страница 675: ...4 1 1 4 ppp create mlp mp 2 slot 4 ppp add to mlp mp 2 port t3 4 1 5 8 interface create ip to_ispb1 address netmask 110 25 30 4 24 port mp 1 up interface create ip to_ispb2 address netmask 110 25 31...

Страница 676: ...he servers containing the shared data required by the company and a connection to the Internet Figure 30 10 shows the network layout for this scenario The tables following the figure show the commands...

Страница 677: ...Connections with E1 on RS 8x00 E3 Internet Internet Service Provider 12 20 10 5 24 Shared Data E1 x 4 E1 x 4 RS 8600 120 210 1 1 24 120 210 2 1 24 120 210 3 1 24 120 210 4 1 24 120 210 5 1 24 120 210...

Страница 678: ..._isp address netmask 120 210 1 2 24 port mp 1 up E1 interface to the remote sites port set e1 3 1 4 framing crc4 port set e1 3 1 4 1 timeslots 1 31 wan encapsulation ppp interface create ip to_rsite2...

Страница 679: ...eslots 1 31 wan encapsulation ppp port set e1 2 4 framing crc4 port set e1 2 4 1 timeslots 1 31 wan encapsulation ppp ppp create mlp mp 1 slot 2 ppp add to mlp mp 1 port e1 2 1 4 1 interface create ip...

Страница 680: ...rt set e1 2 2 framing crc4 port set e1 2 2 1 timeslots 1 31 wan encapsulation ppp port set e1 2 3 framing crc4 port set e1 2 3 1 timeslots 1 31 wan encapsulation ppp port set e1 2 4 framing crc4 port...

Страница 681: ...ntic Connection Using a T1 and E1 Link RS 8600 Configuration USA The following configuration applies to the RS 8600 router Router Hardware Requirements RS 8600 USA 1 Multi Rate WAN module with 1 T1 WI...

Страница 682: ...n applies to the RS 8000 router Configuration for the RS 8000 E1 interface E1 interface to the USA assumes T1 is delivered on timeslots 1 24 including timeslot 16 port set e1 2 3 framing crc4 port set...

Страница 683: ...shown Remote sites rsite1 and rsite2 have two VCs on the Channelized T1 interface Note The timeslot assignments for each site need not be different they are different in this example for clarity Figur...

Страница 684: ...ply service CIR1forR1toHQ ports t1 2 1 1 106 frame relay create vc port t1 2 1 1 107 frame relay define service CIR2forR1toHQ cir 64000 bc 128000 frame relay apply service CIR2forR1toHQ ports t1 2 1 1...

Страница 685: ...1 107 port set t1 2 1 framing esf lbo 7 5db port set t1 2 1 1 timeslots 9 12 wan encapsulation frame relay interface create ip rs3_hq address netmask 110 110 130 2 24 port t1 2 1 1 106 up frame relay...

Страница 686: ...port t1 4 1 3 106 up interface create ip rsite4 address netmask 110 110 140 1 24 port t1 4 1 4 106 up interface create ip rsite5 address netmask 110 110 150 1 24 port t1 4 1 5 106 up interface create...

Страница 687: ...and RIP is used as the routing protocol The ISP provides a Channelized T3 connection on their RS 8000 a LAN that connects to the servers containing the shared data required by the company and a Clear...

Страница 688: ...3 refers to Channelized T3 CCT3 refers to Clear Channel T3 Internet Internet Service Provider CCT3 12 20 10 5 24 Shared Data T1 x 4 T3 T1 T1 T1 120 210 7 1 24 rsite7 RS 3000 120 210 5 1 24 rsite5 RS 3...

Страница 689: ...to mlp mp 3 port t3 4 1 9 12 ppp create mlp mp 4 slot 4 ppp add to mlp mp 4 port t3 4 1 13 16 ppp create mlp mp 5 slot 4 ppp add to mlp mp 5 port t3 4 1 17 20 ppp create mlp mp 6 slot 4 ppp add to ml...

Страница 690: ...ppp add to mlp mp 4 port t3 4 1 13 16 ppp create mlp mp 5 slot 4 ppp add to mlp mp 5 port t3 4 1 17 20 ppp create mlp mp 6 slot 4 ppp add to mlp mp 6 port t3 4 1 21 24 ppp create mlp mp 7 slot 4 ppp a...

Страница 691: ...ts 1 24 wan encapsulation ppp ppp create mlp mp 9 slot 5 ppp add to mlp mp 9 port t1 5 1 4 1 interface create ip to_rsite2 address netmask 120 210 2 1 24 port mp 9 up ppp create mlp mp 10 slot 6 ppp a...

Страница 692: ...ort set t1 2 2 1 timeslots 1 24 wan encapsulation ppp port set t1 2 3 framing esf lbo 7 5db port set t1 2 3 1 timeslots 1 24 wan encapsulation ppp port set t1 2 4 framing esf lbo 7 5db port set t1 2 4...

Страница 693: ...imeslots 1 24 wan encapsulation ppp port set t1 2 4 framing esf lbo 7 5db port set t1 2 4 1 timeslots 1 24 wan encapsulation ppp ppp create mlp mp 1 slot 2 ppp add to mlp mp 1 port t1 2 1 4 1 interfac...

Страница 694: ...Internet Service Provider A uses a Clear Channel T3 link to the Internet Internet Service Provider B provides a Channelized T3 service to an Application Service Provider and a Content Provider both o...

Страница 695: ...opolitan Service Provider CCT3 T3 Fractional T1 Unstructured T1 CCT3 CCT3 RS 8600 T3 T3 Internet Service Provider B RS 8600 T1 x 4 Content Provider RS 8000 110 25 30 5 24 Application Service Provider...

Страница 696: ...t t3 4 1 cablelength 200 Configure the T1 lines on the Channelized T3 interface port set t3 4 1 1 4 timeslots 1 24 wan encapsulation ppp port set t3 4 1 9 12 timeslots 1 24 wan encapsulation ppp port...

Страница 697: ...nfiguration for the RS 8000 Channelized T3 interface port set t3 4 1 cablelength 200 Configure the T1 lines on the Channelized T3 interface port set t3 4 1 1 4 timeslots 1 24 wan encapsulation ppp Con...

Страница 698: ...ce create ip to_rsite_mppp address netmask 120 210 4 1 24 port mp 1 up Full unstructured T1 interface to the rsite port set t1 3 1 framing none wan encapsulation ppp interface create ip to_rsite_fullt...

Страница 699: ...eate ip to_hqsite_mppp address netmask 120 210 4 2 24 port mp 1 up Fractional T1 interface to the hqsite port set t1 3 1 framing esf lbo 7 5db port set t1 3 1 1 timeslots 1 12 wan encapsulation ppp po...

Страница 700: ...set t3 4 1 1 4 timeslots 1 24 wan encapsulation ppp port set t3 4 1 5 8 timeslots 1 24 wan encapsulation ppp port set t3 4 1 13 16 timeslots 1 24 wan encapsulation ppp port set t3 4 1 17 20 timeslots...

Страница 701: ...port set t3 4 1 5 8 timeslots 1 24 wan encapsulation ppp port set t3 4 1 13 16 timeslots 1 24 wan encapsulation ppp port set t3 4 1 17 20 timeslots 1 24 wan encapsulation ppp Configure 2 multilink PP...

Страница 702: ...4 1 1 4 ppp create mlp mp 2 slot 4 ppp add to mlp mp 2 port t3 4 1 5 8 interface create ip to_ispb1 address netmask 110 25 30 4 24 port mp 1 up interface create ip to_ispb2 address netmask 110 25 31 5...

Страница 703: ...Riverstone Networks RS Switch Router User Guide Release 8 0 30 99 WAN Configuration Scenarios for Deploying Clear Channel T3 and E3...

Страница 704: ...30 100 Riverstone Networks RS Switch Router User Guide Release 8 0 Scenarios for Deploying Clear Channel T3 and E3 WAN Configuration...

Страница 705: ...e applied to one many or an unlimited number of interfaces and or ports using the MF Classifier ACLs do not need be defined when using service rate limiting To illustrate the advantages two examples f...

Страница 706: ...n a combination of hardware and software Per flow rate limiting Use the per flow rate limiting service to limit individual flows Burst safe rate limiting Use the burst safe rate limiting service if Co...

Страница 707: ...h a physical port or matches a predefined profile while passing through an interface credit is deducted from the bucket When all the credits have been used and traffic has exhausted all allocated band...

Страница 708: ...card then subsequent packets are handled locally 31 2 2 Flow Aggregate Rate Limiting Service Flow aggregate rate limiting can be used on line cards that are not enabled for aggregate rate limiting It...

Страница 709: ...a flow aggregate service limiting an aggregate flow to 10 million bps drops packets if the rate is exceeded and distributed across 10 flows rs config service testaggregate create rate limit flow aggr...

Страница 710: ...ther than MF Classifiers See 31 3 2 Applying Services Using the MF Classifier Command for more information about MF Classifiers To apply services using ACLs use the following commands Create a burst s...

Страница 711: ...erface userinterface1 Apply a service to a port rs config service mktaggregate apply rate limit acl mktacl port et 3 3 Apply a service using an MF Classifier to an interface or port service name apply...

Страница 712: ...Displays the type of service Exceed Action Displays the action taken when the rate is exceeded Display an aggregate flow aggregate per flow or burst safe service service show rate limit aggregate name...

Страница 713: ...Mask Type of service mask Prot Type of protocol declared with the service IP is the default Display all services service show rate limit all show applied Display all services using the show applied p...

Страница 714: ...level rate limiting policies on output ports in either the per flow or aggregate rate limiting modes Note For output port policies the only action to specify if traffic exceeds the specified rate is...

Страница 715: ...exceed to packets are dropped The configuration requirements of corporationone com and corporationtwo com are Set the traffic prioritization to medium Set the CAR to nine million bps Set the burst saf...

Страница 716: ...ing is the configuration Figure 31 3 Burst Safe Configuration corporationtwo com corporationone com lawoffices com CAR 9000000 Burst Safe 1000000 MAN Customers customerflow1 181 171 161 15 171 161 151...

Страница 717: ...iority rs config qos set ip customerflow1 high 181 171 161 15 24 100 99 98 97 Apply the burst safe service rs config service customergroup1 apply rate limit mf classifier interface customergroup1 sour...

Страница 718: ...address netmask 1 1 1 1 8 interface create ip ipclient2 vlan client2 address netmask 3 3 3 3 8 interface create ip backbone vlan backbone address netmask 2 2 2 2 8 acl 100 permit ip 1 2 2 2 acl 200 pe...

Результаты поиска

Содержание WICT1-12

Отзывы:

Бренды по названию

Популярные бренды

Riverstone Networks WICT1-12, Руководство пользователя

Результаты поиска

Содержание WICT1-12

Отзывы:

Бренды по названию

Популярные бренды