Documente Academic
Documente Profesional
Documente Cultură
INSTALLATION AND
ETX-2i
IP & Carrier Ethernet Demarcation with
D-NFV
Version 6.4
ETX-2i
Carrier Ethernet Demarcation
Version 6.4
Installation and Operation Manual
Notice
This manual contains information that is proprietary to RAD Data Communications Ltd. ("RAD").
No part of this publication may be reproduced in any form whatsoever without prior written
approval by RAD Data Communications.
Right, title and interest, all information, copyrights, patents, know-how, trade secrets and other
intellectual property or other proprietary rights relating to this manual and to the ETX-2i and any
software components contained therein are proprietary products of RAD protected under
international copyright law and shall be and remain solely with RAD.
The ETX-2i product name is owned by RAD. The ETX-2i product name is owned by RAD. No right,
license, or interest to such trademark is granted hereunder, and you agree that no such right,
license, or interest shall be asserted by you with respect to such trademark. RAD
products/technologies are protected by registered patents. To review specifically which product is
covered by which patent, please see ipr.rad.com. The RAD name, logo, logotype, and the product
names MiNID, Optimux, Airmux, IPmux, and MiCLK are registered trademarks of RAD Data
Communications Ltd. All other trademarks are the property of their respective holders.
You shall not copy, reverse compile or reverse assemble all or any portion of the Manual or the
ETX-2i. You are prohibited from, and shall not, directly or indirectly, develop, market, distribute,
license, or sell any product that supports substantially similar functionality as the ETX-2i, based on
or derived in any way from the ETX-2i. Your undertaking in this paragraph shall survive the
termination of this Agreement.
This Agreement is effective upon your opening of the ETX-2i package and shall continue until
terminated. RAD may terminate this Agreement upon the breach by you of any term hereof. Upon
such termination by RAD, you agree to return to RAD the ETX-2i and all copies and portions
thereof.
For further information contact RAD at the address below or contact your local distributor.
Limited Warranty
RAD warrants to DISTRIBUTOR that the hardware in the ETX-2i to be delivered hereunder shall be
free of defects in material and workmanship under normal use and service for a period of twelve
(12) months following the date of shipment to DISTRIBUTOR.
If, during the warranty period, any component part of the equipment becomes defective by reason
of material or workmanship, and DISTRIBUTOR immediately notifies RAD of such defect, RAD shall
have the option to choose the appropriate corrective action: a) supply a replacement part, or b)
request return of equipment to its plant for repair, or c) perform necessary repair at the
equipment's location. In the event that RAD requests the return of equipment, each party shall
pay one-way shipping costs.
RAD shall be released from all obligations under its warranty in the event that the equipment has
been subjected to misuse, neglect, accident or improper installation, or if repairs or modifications
were made by persons other than RAD's own authorized service personnel, unless such repairs by
others were made with the written consent of RAD.
The above warranty is in lieu of all other warranties, expressed or implied. There are no warranties
which extend beyond the face hereof, including, but not limited to, warranties of merchantability
and fitness for a particular purpose, and in no event shall RAD be liable for consequential damages.
RAD shall not be liable to any person for any special or indirect damages, including, but not limited
to, lost profits from any cause whatsoever arising from or in any way connected with the
manufacture, sale, handling, repair, maintenance or use of the ETX-2i, and in no event shall RAD's
liability exceed the purchase price of the ETX-2i.
DISTRIBUTOR shall be responsible to its customers for any and all warranties which it makes
relating to ETX-2i and for ensuring that replacements and other adjustments required in
connection with the said warranties are satisfactory.
Software components in the ETX-2i are provided "as is" and without warranty of any kind. RAD
disclaims all warranties including the implied warranties of merchantability and fitness for a
particular purpose. RAD shall not be liable for any loss of use, interruption of business or indirect,
special, incidental or consequential damages of any kind. In spite of the above RAD shall do its
best to provide error-free software products and shall offer free Software updates during the
warranty period under this Agreement.
RAD's cumulative liability to you or any other party for any loss or damages resulting from any
claims, demands, or actions arising out of or relating to this Agreement and the ETX-2i shall not
exceed the sum paid to RAD for the purchase of the ETX-2i. In no event shall RAD be liable for any
indirect, incidental, consequential, special, or exemplary damages or lost profits, even if RAD has
been advised of the possibility of such damages.
This Agreement shall be construed and governed in accordance with the laws of the State of Israel.
Product Disposal
To facilitate the reuse, recycling and other forms of recovery of waste equipment
in protecting the environment, the owner of this RAD product is required to refrain
from disposing of this product as unsorted municipal waste at the end of its life
cycle. Upon termination of the units use, customers should provide for its
collection for reuse, recycling or other form of environmentally conscientious
disposal.
ii ETX-2i
Installation and Operation Manual Front Matter
This symbol may appear on the equipment or in the text. It indicates potential
safety hazards regarding product operation or maintenance to operator or
service personnel.
Warning
Danger of electric shock! Avoid any contact with the marked surface while
the product is energized or connected to outdoor telecommunication lines.
Some products may be equipped with a laser diode. In such cases, a label
with the laser class and other warnings as applicable will be attached near
the optical transmitter. The laser warning symbol may be also attached.
Warning Please observe the following precautions:
Before turning on the equipment, make sure that the fiber optic cable is
intact and is connected to the transmitter.
Do not attempt to adjust the laser drive current.
Do not use broken or unterminated fiber-optic cables/connectors or look
straight at the laser beam.
The use of optical devices with the equipment will increase eye hazard.
Use of controls, adjustments or performing procedures other than those
specified herein, may result in hazardous radiation exposure.
ATTENTION: The laser beam may be invisible!
In some cases, the users may insert their own SFP laser transceivers into the product. Users are
alerted that RAD cannot be held responsible for any damage that may result if non-compliant
transceivers are used. In particular, users are warned to use only agency approved products that
comply with the local laser safety regulations for Class 1 laser products.
Always observe standard safety precautions during installation, operation and maintenance of this
product. Only qualified and authorized service personnel should carry out adjustment, maintenance
or repairs to this product. No installation, adjustment, maintenance or repairs should be performed
by either the operator or the user.
ETX2i units are intended for use in horizontal orientation only. In case of vertical mounting
orientation, install the unit on top of concrete or other non-combustible surface, such as an
external baffle or tray, due to safety considerations.
ETX-2i iii
Front Matter Installation and Operation Manual
Connecting AC Mains
Make sure that the electrical installation complies with local codes.
Always connect the AC plug to a wall socket with a protective ground.
The maximum permissible current capability of the branch distribution circuit that supplies power
to the product is 16A (20A for USA and Canada). The circuit breaker in the building installation
should have high breaking capacity and must operate at short-circuit current exceeding 35A (40A
for USA and Canada).
Always connect the power cord first to the equipment and then to the wall socket. If a power
switch is provided in the equipment, set it to the OFF position. If the power cord cannot be readily
disconnected in case of emergency, make sure that a readily accessible circuit breaker or
emergency switch is installed in the building installation.
In cases when the power distribution system is IT type, the switch must disconnect both poles
simultaneously.
Connecting DC Power
Unless otherwise specified in the manual, the DC input to the equipment is floating in reference
to the ground. Any single pole can be externally grounded.
Due to the high current capability of DC power systems, care should be taken when connecting
the DC supply to avoid short-circuits and fire hazards.
Make sure that the DC power supply is electrically isolated from any AC source and that the
installation complies with the local codes.
The maximum permissible current capability of the branch distribution circuit that supplies power
to the product is 16A (20A for USA and Canada). The circuit breaker in the building installation
iv ETX-2i
Installation and Operation Manual Front Matter
should have high breaking capacity and must operate at short-circuit current exceeding 35A (40A
for USA and Canada).
Before connecting the DC supply wires, ensure that power is removed from the DC circuit. Locate
the circuit breaker of the panel board that services the equipment and switch it to the OFF position.
When connecting the DC supply wires, first connect the ground wire to the corresponding terminal,
then the positive pole and last the negative pole. Switch the circuit breaker back to the ON
position.
A readily accessible disconnect device that is suitably rated and approved should be incorporated
in the building installation.
If the DC power supply is floating, the switch must disconnect both poles simultaneously.
V.11, V.28, V.35, V.36, RS-530, X.21, SELV Safety Extra Low Voltage:
10BaseT, 100BaseT, 1000BaseT, Ports which do not present a safety hazard. Usually
Unbalanced E1, E2, E3, STM, DS-2, up to 30 VAC or 60 VDC.
DS-3, S-Interface ISDN, Analog voice
E&M
xDSL (without feeding voltage), TNV-1 Telecommunication Network Voltage-1:
Balanced E1, T1, Sub E1/T1, POE Ports whose normal operating voltage is within the
limits of SELV, on which overvoltages from
telecommunications networks are possible.
FXS (Foreign Exchange Subscriber) TNV-2 Telecommunication Network Voltage-2:
Ports whose normal operating voltage exceeds the
limits of SELV (usually up to 120 VDC or telephone
ringing voltages), on which overvoltages from
telecommunication networks are not possible. These
ports are not permitted to be directly connected to
external telephone and data lines.
FXO (Foreign Exchange Office), xDSL TNV-3 Telecommunication Network Voltage-3:
(with feeding voltage), U-Interface Ports whose normal operating voltage exceeds the
ISDN limits of SELV (usually up to 120 VDC or telephone
ringing voltages), on which overvoltages from
telecommunication networks are possible.
Always connect a given port to a port of the same safety status. If in doubt, seek the assistance
of a qualified safety engineer.
Always make sure that the equipment is grounded before connecting telecommunication cables.
Do not disconnect the ground connection before disconnecting all telecommunications cables.
Some SELV and non-SELV circuits use the same connectors. Use caution when connecting cables.
Extra caution should be exercised during thunderstorms.
ETX-2i v
Front Matter Installation and Operation Manual
When using shielded or coaxial cables, verify that there is a good ground connection at both ends.
The grounding and bonding of the ground connections should comply with the local codes.
The telecommunication wiring in the building may be damaged or present a fire hazard in case of
contact between exposed external wires and the AC power lines. In order to reduce the risk, there
are restrictions on the diameter of wires in the telecom cables, between the equipment and the
mating connectors.
Caution To reduce the risk of fire, use only No. 26 AWG or larger telecommunication
line cords.
Attention Pour rduire les risques sincendie, utiliser seulement des conducteurs de
tlcommunications 26 AWG ou de section suprieure.
Some ports are suitable for connection to intra-building or non-exposed wiring or cabling only. In
such cases, a notice will be given in the installation instructions.
Do not attempt to tamper with any carrier-provided equipment or connection hardware.
vi ETX-2i
Installation and Operation Manual Front Matter
ETX-2i vii
Front Matter Installation and Operation Manual
Symboles de scurit
Ce symbole peut apparaitre sur l'quipement ou dans le texte. Il indique des
risques potentiels de scurit pour l'oprateur ou le personnel de service,
quant l'opration du produit ou sa maintenance.
Avertissement
Danger de choc lectrique ! Evitez tout contact avec la surface marque tant
que le produit est sous tension ou connect des lignes externes de
tlcommunications.
viii ETX-2i
Installation and Operation Manual Front Matter
Certains produits peuvent tre quips d'une diode laser. Dans de tels cas,
Franais
une tiquette indiquant la classe laser ainsi que d'autres avertissements, le
cas chant, sera jointe prs du transmetteur optique. Le symbole
d'avertissement laser peut aussi tre joint.
Avertissement
Veuillez observer les prcautions suivantes :
Avant la mise en marche de l'quipement, assurez-vous que le cble de
fibre optique est intact et qu'il est connect au transmetteur.
Ne tentez pas d'ajuster le courant de la commande laser.
N'utilisez pas des cbles ou connecteurs de fibre optique casss ou sans
terminaison et n'observez pas directement un rayon laser.
L'usage de priphriques optiques avec l'quipement augmentera le
risque pour les yeux.
L'usage de contrles, ajustages ou procdures autres que celles spcifies
ici pourrait rsulter en une dangereuse exposition aux radiations.
ATTENTION : Le rayon laser peut tre invisible !
Les utilisateurs pourront, dans certains cas, insrer leurs propres metteurs-rcepteurs Laser SFP
dans le produit. Les utilisateurs sont avertis que RAD ne pourra pas tre tenue responsable de
tout dommage pouvant rsulter de l'utilisation d'metteurs-rcepteurs non conformes. Plus
particulirement, les utilisateurs sont avertis de n'utiliser que des produits approuvs par l'agence
et conformes la rglementation locale de scurit laser pour les produits laser de classe 1.
Respectez toujours les prcautions standards de scurit durant l'installation, l'opration et la
maintenance de ce produit. Seul le personnel de service qualifi et autoris devrait effectuer
l'ajustage, la maintenance ou les rparations de ce produit. Aucune opration d'installation,
d'ajustage, de maintenance ou de rparation ne devrait tre effectue par l'oprateur ou
l'utilisateur.
ETX-2i ix
Front Matter Installation and Operation Manual
Connexion d'alimentation CC
Sauf s'il en est autrement spcifi dans le manuel, l'entre CC de l'quipement est flottante par
rapport la mise la terre. Tout ple doit tre mis la terre en externe.
A cause de la capacit de courant des systmes alimentation CC, des prcautions devraient tre
prises lors de la connexion de l'alimentation CC pour viter des courts-circuits et des risques
d'incendie.
Assurez-vous que l'alimentation CC est isole de toute source de courant CA (secteur) et que
l'installation est conforme la rglementation locale.
La capacit maximale permissible en courant du circuit de distribution de la connexion alimentant
le produit est de 16A (20A aux Etats-Unis et Canada). Le coupe-circuit dans l'installation du
btiment devrait avoir une capacit leve de rupture et devrait fonctionner sur courant de court-
circuit dpassant 35A (40A aux Etats-Unis et Canada).
Avant la connexion des cbles d'alimentation en courant CC, assurez-vous que le circuit CC n'est
pas sous tension. Localisez le coupe-circuit dans le tableau desservant l'quipement et fixez-le en
position OFF. Lors de la connexion de cbles d'alimentation CC, connectez d'abord le conducteur
de mise la terre la borne correspondante, puis le ple positif et en dernier, le ple ngatif.
Remettez le coupe-circuit en position ON.
Un disjoncteur facilement accessible, adapt et approuv devrait tre intgr l'installation du
btiment.
Le disjoncteur devrait dconnecter simultanment les deux ples si l'alimentation en courant CC
est flottante.
x ETX-2i
Installation and Operation Manual Front Matter
Glossary
Address A coded representation of the origin or destination of data.
Azimuth The horizontal direction from the GPS satellite, measured clockwise
with reference to north as the base direction. For example, a
coordinate due north has an azimuth of 0, one due east has an
azimuth of 90, one due south has an azimuth of 180, etc.
Best Effort A QoS class in which no specific traffic parameters and no absolute
guarantees are provided.
Bridge A device interconnecting local area networks at the OSI data link
layer, filtering and forwarding frames according to media access
control (MAC) addresses.
Cell The 53-byte basic information unit within an ATM network. The user
traffic is segmented into cells at the source and reassembled at the
destination. An ATM cell consists of a 5-byte ATM header and a 48-
byte ATM payload, which contains the user data.
ETX-2i xi
Front Matter Installation and Operation Manual
Channel A path for electrical transmission between two or more points. Also
called a link, line, circuit or facility.
Ethernet A local area network (LAN) technology which has extended into the
wide area networks. Ethernet operates at many speeds, including
data rates of 10 Mbps (Ethernet), 100 Mbps (Fast Ethernet), 1,000
Mbps (Gigabit Ethernet), 10 Gbps, 40 Gbps, and 100 Gbps.
Framing At the physical and data link layers of the OSI model, bits are fit
into units called frames. Frames contain source and destination
information, flags to designate the start and end of the frame, plus
information about the integrity of the frame. All other information,
xii ETX-2i
Installation and Operation Manual Front Matter
GFP (Generic Framing Defined by ITU-T G.7041, generic framing procedure allows efficient
Procedure) mapping of variable length, higher-layer client signals, such as
Ethernet, over a transport network like SDH/SONET. Recently, GFP
has been extended to lower speed PDH networks.
Latency The time between initiating a request for data and the beginning of
the actual data transfer. Network latency is the delay introduced
when a packet is momentarily stored, analyzed and then forwarded.
Link The definition of a physical connection on the RV-SC/TDM map
Logical MAC A concept used to describe and map the Ethernet traffic passing over
different media (E1/T1, SDH/SONET, etc). Logical MAC represents the
MAC layer of the entity. It should be bound to a GFP, HDLC or MLPPP
port, which, in its turn, should be bound to the physical layer.
ETX-2i xiii
Front Matter Installation and Operation Manual
Association)
MEG (Maintenance MEs are grouped into ME groups. For a point-to-point Ethernet
Entity Group) connection/S-VLAN, a MEG contains a single ME. For a multipoint
Ethernet connection, a MEG contains n*(n-1)/2 MEs, where n is the
number of Ethernet connection end points. Each MEG is assigned a
unique ID that is used in OAM messages. (MEGs are also referred to
as Maintenance Associations or MAs in IEEE language.)
MEP (Maintenance MEPs are located at the ends of managed entities. MEPs generate
Entity Group End Point) and process OAM frames to monitor and maintain the ME.
Master Clock The source of timing signals (or the signals themselves) that all
network stations use for synchronization.
Parameters Parameters are often called arguments, and the two words are used
interchangeably. However, some computer languages such as C
define argument to mean actual parameter (i.e., the value), and
parameter to mean formal parameter. In RAD CLI, parameter means
formal parameter, not value.
xiv ETX-2i
Installation and Operation Manual Front Matter
Payload The 48-byte segment of the ATM cell containing user data. Any
adaptation of user data via the AAL will take place within the
payload.
Physical Layer Layer 1 of the OSI model. The layer concerned with electrical,
mechanical, and handshaking procedures over the interface
connecting a device to the transmission medium.
Policing A method for verifying that the incoming VC complies with the
users service contract.
Prioritization Also called CoS (class of service), classifies traffic into categories
such as high, medium, and low. The lower the priority, the more
drop eligible is a packet. When the network gets busy,
prioritization ensures critical or high-rated traffic is passed first, and
packets from the lowest categories may be dropped.
Routing The process of selecting the most efficient circuit path for a
message.
SNR Signal to Noise Ratio is the ratio of signal strength to the level of
background noise, usually expressed in decibels (dB)
SONET (Synchronous A North American standard for using optical media as the physical
Optical Network) transport for high speed long-haul networks. SONET basic speeds
start at 51.84 Mbps and go up to 2.5 Gbps.
ETX-2i xv
Front Matter Installation and Operation Manual
SSH (Secure Shell) A network protocol that allows data to be exchanged over a secure
channel between two computers. Encryption provides confidentiality
and integrity of data.
Traffic Shaping A method for smoothing the bursty traffic rate that might arrive on
an access virtual circuit so as to present a more uniform traffic rate
on the network.
Trunk A single circuit between two points, both of which are switching
centers or individual distribution points. A trunk usually handles
many channels simultaneously.
xvi ETX-2i
Installation and Operation Manual Front Matter
EU Declaration of Conformity
Manufacturer's Name: RAD Data Communications Ltd.
Product Options: All options (may be followed by several suffixes separated by slashes)
Supplementary Information: The product herewith complies with the requirements of the EMC
Directive 2014/30/EU, the Low Voltage Directive 2014/35/EU and the
ROHS Directive 2011/65/EU.
The product was tested in typical configurations.
Signed for and on behalf of
RAD Data Communications Ltd.
Tel Aviv, 27 February 2017
Zohar Zosmanovich
ETX-2i xvii
Front Matter Installation and Operation Manual
EU Declaration of Conformity
Manufacturer's Name: RAD Data Communications Ltd.
Product Options: All options (may be followed by several suffixes separated by slashes)
Supplementary Information: The product herewith complies with the requirements of the EMC Directive
2014/30/EU, the Low Voltage Directive 2014/35/EU and the ROHS Directive
2011/65/EU.
The product was tested in typical configurations.
Signed for and on behalf of
RAD Data Communications Ltd.
Tel Aviv, 23 February 2017
Zohar Zosmanovich
Compliance Team Leader
xviii ETX-2i
Installation and Operation Manual Front Matter
EU Declaration of Conformity
Manufacturer's Name: RAD Data Communications Ltd.
EN 61000-3-2:2014 Electromagnetic compatibility (EMC); Section 3-2: Limits for harmonic current
emissions (equipment input current 16A per phase)
Supplementary Information: The product herewith complies with the requirements of the EMC Directive
2014/30/EU, the Low Voltage Directive 2014/35/EU and the ROHS Directive
2011/65/EU.
The product was tested in typical configurations.
Signed for and on behalf of
RAD Data Communications Ltd.
Tel Aviv, 23 February 2017
Zohar Zosmanovich
Compliance Team Leader
ETX-2i xix
Front Matter Installation and Operation Manual
xx ETX-2i
Quick Start Guide
This section describes the minimum configuration needed to prepare ETX-2i for
operation.
Connecting to Terminal
To connect the unit to a terminal:
1. Connect the male mini USB connector of the mini USB terminal cable to the
units 5-pin female connector, designated CONTROL.
2. Connect the other end of the mini USB terminal cable to the ASCII terminal
equipment.
Connecting to Power
Regular units are available with single or dual AC or DC power supply, depending
on the ordering option. There is also a dual DC inlet option for the
8.5 enclosure; the dual DC inlet is a single DC power supply, with two DC inlets
for redundancy at the DC source level. The ETX-2i-B branch-office device is
offered with a wide-range power supply.
AC/DC plugs or terminal block connectors are available for DC power supplies.
Connecting to AC Power
For indoor installations, a standard K.21 power cable is supplied to provide AC
power to the unit.
To connect to AC power:
1. Connect the relevant AC power cable to the power connector on ETX-2i.
2. Connect the power cable to the mains outlet.
The unit turns on automatically once connected to the mains.
Connecting to DC Power
For indoor installations, a standard K.21 power cable is supplied to provide AC
power to the unit.
All DC options support NEBS level 3 on port type 8b (DC inlet).
To connect to DC power:
1. Connect the standard power cable to the power connector on ETX-2i.
2. Connect the power cable to the mains outlet.
The unit turns on automatically once connected to the mains.
Refer to the relevant DC Power Supply Connection section at the end of Chapter
2 in this manual for instructions on wiring the DC connection.
#***************************Adding Classifier_Profiles***********************
config flows
classifier-profile all match-any match all
classifier-profile untagged match-any match untagged
#***************************Configuring_Flows********************************
flow mng_in
classifier untagged
no policer
ingress-port ethernet 101
egress-port svi 1
no shutdown
exit
flow mng_out
classifier all
ingress-port svi 1
egress-port ethernet 101 queue 0 block 0/1
no shutdown
exit all
#*********************Configuring_Router_Interface***************************
configure router 1
interface 1
bind svi 1
address 172.18.141.39/24
no shutdown
exit
static-route 172.17.0.0/16 address 172.18.141.1
exit all
save
Saving Configuration
Type save in any level to save your configuration in startup-config.
4. Verifying Connectivity
At the ASCII terminal, ping the IP address assigned to the management router
interface and verify that replies are received. If there is no reply to the ping,
check your configuration and make the necessary corrections.
5. Configuring Services
Proceed with service configuration (refer to the Services chapter for details of
different scenarios for provisioning supported services).
ETX-2i i
Table of Contents Installation and Operation Manual
ii ETX-2i
Installation and Operation Manual Table of Contents
ETX-2i iii
Table of Contents Installation and Operation Manual
iv ETX-2i
Installation and Operation Manual Table of Contents
ETX-2i v
Table of Contents Installation and Operation Manual
vi ETX-2i
Installation and Operation Manual Table of Contents
ETX-2i vii
Table of Contents Installation and Operation Manual
viii ETX-2i
Installation and Operation Manual Table of Contents
ETX-2i ix
Table of Contents Installation and Operation Manual
x ETX-2i
Installation and Operation Manual Table of Contents
ETX-2i xi
Table of Contents Installation and Operation Manual
xii ETX-2i
Installation and Operation Manual Table of Contents
ETX-2i xiii
Table of Contents Installation and Operation Manual
xiv ETX-2i
Installation and Operation Manual Table of Contents
ETX-2i xv
Table of Contents Installation and Operation Manual
xvi ETX-2i
Installation and Operation Manual Table of Contents
ETX-2i xvii
Table of Contents Installation and Operation Manual
xviii ETX-2i
Installation and Operation Manual Table of Contents
ETX-2i xix
Table of Contents Installation and Operation Manual
xx ETX-2i
Installation and Operation Manual Table of Contents
ETX-2i xxi
Table of Contents Installation and Operation Manual
xxii ETX-2i
Chapter 1
Introduction
1.1 Overview
ETX2i is RADs family of next-generation NTU, delivering RADs Service Assured
Access solution, offering Ethernet services to the customer premises in native
Ethernet access networks over various infrastructure types. ETX2i includes the
demarcation device ETX2i, as well as the branch office device ETX-2i-B for
business applications, and the ETX-2i-10G device that supports 10GbE ports. It
provides carrier-grade packet and TDM services for carriers, mobile operators,
and wholesalers, seeking to offer their customers unified SLA-based Ethernet
business services over any access technology.
ETX2i provides E-LAN, E-Line, E-Tree, and E-Access Ethernet services over FE/GbE
interfaces. It offers the same services over SHDSL, VDSL, PDH, and SDH access
lines. ETX2i supports an integrated Bridge functionality to allow full support of
E-LAN and E-Tree services, as well as ring topologies. In addition to its extensive
L2 features, ETX2i supports an optional embedded router with high-rate L3
forwarding capabilities. Multiple VRFs (up to 10) are supported when the Dynamic
Router license or TWAMP license is enabled.
ETX2i supports a rich offering of QoS functionality, including MEF 10.3 rank
policers that deliver high-scale multi-CoS services with hierarchical Quality of
Service (HQoS). It supports advanced scheduling, WRED per CoS, shaping per EVC
and port, and flexible classification rules with flexible access lists. Additionally, it
supports multicast with MLD snooping.
Featuring ultra-fast, hardware-powered processing, ETX2i performs OAM and PM
measurements with microsecond precision, offering powerful benefits such as
measuring and reporting bandwidth utilization per flow (EVC.CoS), collection of
PM parameters, and Y.1731-based measurement of frame loss, delay, and delay
variation. It also offers immediate detection of loss of continuity (LOC), triggering
sub 50 ms protection switching in ring topologies (G.8032v2) and end-to-end
service protection (G.8031).
ETX2i provides these types of Ethernet OAM:
Single-segment (link) OAM according to IEEE 802.3-2005, active and passive
mode
End-to-end connectivity OAM based on IEEE 802.1ag
End-to-end service and performance monitoring based on ITU-T Y.1731
ETX2i supports L3 PM measurements based on TWAMP Light. It also offers
diagnostic tools that include MAC and IP-based intrusive and non-intrusive
loopbacks with MAC and IP swap, as well as advanced RFC-2544, Y.1564, and
L3 SAT generators and analyzers for service-oriented SLA validation and service
birth certificate reports.
Furthermore, incorporating RADs SyncToP platform of synchronization and timing
over packet feature set, ETX2i utilizes standard technologies such as
IEEE 1588v2 transparent clock (TC), slave clock, and boundary clock, as well as
synchronous Ethernet to ensure highly accurate timing delivery in packet-based
mobile backhaul networks.
With the D-NFV optional module, ETX2i can host virtual machines providing
virtual network functions (VFs), or value added service capabilities. This enables
service providers to quickly and easily provide new services and implement new
network capabilities, with the benefit of function localization at the customer
premises.
Product Options
Several product options of the unit are available, offering different combinations
of ports, enclosures, and functionalities. Available product options in the ETX2i
family are ETX2i, ETX-2i-B, and ETX-2i-10G. The following SW licenses are
available:
ETX2i
ETX2i is available with the following options:
Four or eight fixed Ethernet SFP/copper combo ports, available in 19 or
8.5 enclosure
Modular option, in 19 or 8.5 enclosure, available with the following port
types:
GbE two SFP/copper combo ports.
SHDSL two or four ports
VDSL bonding four ports (eight-wire)
EoPDH:
Four or eight E1/T1 ports
One or two T3 ports
USB port (for future use)
D-NFV slot for x86 module, available in 19 enclosure
D-NFV option:
Network ports up to two SFP/copper combo ports. Port 2 can be
configured as a network or user port.
ETX-2i-B
The ETX-2i-B device has up to ten 1GbE interfaces in an 8.5 metal enclosure,
and is available in the following options:
Network ports two 1GbE SFP
User ports two 1GbE SFP/copper combo ports, four 1Gbe copper UTP ports,
four SFP ports, or eight SFP ports (2U hardened option)
Single AC, Dual DC inlet, or wide-range AC/DC with auto detection
No E1/T1 ports, AIO modules (SHDSL, VDSL), or timing options
USB port (for future use)
D-NFV slot that serves virtualization.
ETX-2i-B can be ordered with SyncE/PTP options, in which case the device
provides the ports specified in Timing Options.
ETX-2i-10G
The ETX-2i-10G device supports up to four 10GbE interfaces and eight 1GbE
interfaces in a half 8.5 or full 19 metal enclosure, and is available in the
following options:
10GbE interface two or four (provided license is activated) SFP+ (1/10 GbE)
ports with the following characteristics:
Autonegotiation and max capability relevant for 1GbE SFP+ only
DDM support
Flow control supported for Rx only
1GbE interface four to 24 SFP and UTP ports:
Eight 1GbE SFP ports
Four 1GbE SFP and four 1GbE UTP ports
12 1GbE SFP and 12 1GbE UTP ports (full 19 only)
USB port
Supports timing
No AIO modules (SHDSL, VDSL) or x86 module
Single AC, dual AC, or dual DC power supply
Dual AC or DC inlet
No GNNS receiver or router
Router Options
ETX2i and ETX-2i-B are offered with two software licenses per ordering option:
Dynamic Router:
L-3 HW forwarding
Supports OSPF and BGP routing protocols
Static Router:
Same as Dynamic Router, but routing protocols are not supported.
A change to Dynamic Router from Static Router software license is supported;
however, a change to Static Router from Dynamic Router software license is
supported only when the device is set to default.
Timing Options
If ETX2i, ETX-2i-B, or ETX-2i-10G are ordered with the timing option (PTP), the
following features are supported:
Clock selection mechanism to select and distribute the device system clock,
including the holdover mechanism
SyncE
1588 slave
1588 BC
In this option, the device also provides these additional timing ports:
Station clock port (RJ-45)
ToD/1PPS RS-422 port (RJ-45)
SMA port supplying external clock
SMA port supplying 1 pps
Applications
Internet
FE/GbE
Access
Management MiNID
1/10 GbE
ETX-2/2i
Cell-Site
ETX-5 PDH/
Cloud/Data Center SDH
SDH/
SONET ETX-2/2i
10 GbE
IP/MPLS
Ring
Customer
Premises
1/10 GbE
ETX-5 Ring
RAN Controller Site ETX-2/2i
ETX-2/2i
FE/GbE/10GbE
ETX-2
Service Assured Access
Macro or Small
Cells
BTS
RNC/aGW Router
ETX-5 MiNID
Packet
Switched G.8032 v2 eNB
Network 1/10 GbE
n x STM-1/ Ring
OC-3 ETX-5
ETX-2/2i TDM
BTS
ETX-2/2i
Timing (1588PTP/SyncE)
Features
Traffic Processing
ETX2i incorporates a complete set of CE 2.0-certified Ethernet service tools that
allow the service provider to distinguish between high- and low-priority traffic,
and to optimize TCP sessions.
Forwarding
Traffic forwarding is performed via point-to-point, bridge, or L3 forwarding
(router) mechanisms.
The ETX2i bridge operates in VLAN-aware or VLAN-unaware mode.
The ingress user traffic is mapped to Ethernet flows using flexible per-port
classification criteria. VLAN editing can be performed on the flows such as
overwriting the VLAN, adding a new VLAN (push), or removing a VLAN (pop).
TDM Pseudowire
Note This feature is applicable to devices that support smart SFP MiTOP functionality.
Devices that have integrated MiTOPs allow TDM over packet pseudowire services.
Each TDM pseudowire (PW) carries a single bundle (group of timeslots) to a
predefined far-end bundle.
The following standard payload encapsulation methods are supported:
CESoPSN (with or CES (Circuit Emulation Services) over PSN, for framed
without CAS) traffic, according to IETF RFC 5086
The pseudowire connections can be encapsulated by the device for the following
types of PSN transport networks:
MEF 8 (Ethernet)
UDP over IP
MLDv2 Snooping
ETX2i IPv6 routers support Multicast Listener Discovery Version 2 (MLDv2)
protocol to discover multicast listeners on attached links and addresses that are
of interest to them. Bridges use MLDv2 Snooping to reduce multicast traffic by
analyzing MLDv2 messages and limiting multicast traffic to ports interested in it.
Routing
ETX2i and ETX-2i-B support a high-performance, dual-stack, IPv4/IPv6 embedded
router. The embedded router is supported with routing protocols (OSPFv2 and
BGPv4 license ordering options), as well as BFD for fast forwarding path failure
detection, IPv4/IPv6 ACLs, and VRRPv2/v3.
Device management, as well as other L3 modules, such as 1588 (8265.1), TDM
PW (UDP/IP), and TWAMP, use the ETX2i routing scheme.
When the dynamic router or TWAMP license is enabled, ETX2i supports multiple
VRFs (up to 10); management is supported over VRF1 only.
Fault Propagation
The ETX2i fault propagation mechanism enables propagating user port failures to
the network and the remote end, as well as propagating network failures back to
the user port. The mechanism has a set of triggers and actions that are based on
the physical layer (e.g. port failure), ETH OAM (AIS, RDI, LOC, etc.), or VRRP
group.
A Traffic Management Fault Propagation (TMFP) license can be enabled to provide
the Fault Propagation mechanism with a set of triggers and actions for queue
block shaper and flow policer (Event Manager).
The additional fault propagation actions are:
Change policer rate
Change shaper rate
Configuration of these actions enables you to implement network/application
level redundancy schemes while controlling the bandwidth of the different
redundant paths.
Note This section is relevant only when ETX2i, ETX-2i-B, or ETX-2i-10G are ordered
with the appropriate timing options.
The units SyncToP suite includes clock recovery using IEEE 1588v2 Precision
Timing Protocol, Synchronous Ethernet (SyncE), and a built-in input/output clock
interface.
The Intel x86 core can work in the following operation mode:
D-NFV general infrastructure x86 processor with a cloud computing
software platform that enables hosting virtual machines providing virtual
Smart SFPs
ETX2i provides integrated management for RADs smart SFP devices, allowing
TDM over packet pseudowire services (using MiTOP devices), and Ethernet over
TDM (using MiRICi devices). The following devices are supported:
MiRICi-E1/T1/E3/T3
MiRICi-155
MiTOP-E1/T1/E3/T3
Note In order to ensure discovery of the Ethernet services by RADview, you need to
assign a service name to the relevant flows, as well as ensure that collecting
performance monitoring data is enabled for the relevant flows, services, and
destination NEs.
Figure 1-4. ETX-2i-10G Full 19 with four SFP+, 12 SFP, 12 UTP, PTP, and two DC PS
Refer to the Installation and Setup chapter for a detailed description of the
ETX2i interface connections.
Figure 1-5. Data Flow Including Scheduling and Shaping at Level 0 and 1
Policer per Flow or Policing the traffic of the flow or group of flows.
Group of Flows If color aware policer, uses the packet ingress color as set by
color mapping.
Scheduling and Scheduling the various queues to transmit per queue priority
Shaping at Level 0 and weight
(EVC Level) Shaping the aggregate EVC traffic
Scheduling and Scheduling the various queues to transmit per queue priority
Shaping at Level 1 and weight
(Port Level)
Ethernet Interfaces Number of Ports Eight on-board combo ports (fixed port ordering
(ETX2i) option)
Four on-board combo ports (modular and D-NFV
options)
Framing ESF
Impedance 135
Connector SMA
Connector SMA
Operating Regular:
Temperature 0 to 50C (32 to 122F)
Temperature-hardened (fixed and modular options):
-40 to 65C (-40 to 149F)
Connector SMA
RAM 8 GByte
D-NFV:
Modular base: 23W
D-NFV: 30W
10GbE Interfaces Number of Ports Four SFP+ (1GbE or 10GbE). Two or four 1GbE
(ETX-2i-10G) capable ports require a license (two or four-port
speed, respectively) to make them 10GbE capable.
The following Ethernet configurations can be ordered
for half 19 model:
4 SFP+ and 8 1GbE SFP
4 SFP+, 4 1GbE SFP, and 4 1GbE UTP
The following Ethernet configurations can be ordered
for full 19 model:
4 SFP+, 12 1GbE SFP, and 12 1GbE UTP
4 SFP+ and 24 1GbE SFP
Note: Depending on the ordering option, all, some, or
none of the four SFP+ ports are 10G capable; the
remaining SFP+ ports are 1G capable, provided they
are available to users. In the case that all SFP+ ports
are 10G capable, the speed license is not relevant.
You can use the two or four-port speed license to
upgrade available 1G SFP+ ports to 10G.
Connector SFP+ LC
Max. Number 7
Unidirectional Hubs
per Device
Quality of Service Policer Dual Token Bucket mechanism (two rates, three
(Traffic colors)
Management)
CIR, CBS, EIR, EBS
Color Mode Color blind, color aware with coupling flag support
Max Number Queue Network ports ETX2i, ETX-2i-10G (half 19): 64;
Blocks per Port User ports Eight
Total Frame Buffers ETX2i, ETX-2i-10G (full 19): 128k, 256 Mbytes
ETX-2i-B, ETX-2i-10G (half 19): 64k, 128 Mbytes
Max. Number 12
Marking Profiles
2.1 Safety
ETX2i devices are provided with the following types of grounding lugs:
ETX2i NEBS-compliant enclosures for central office or cell-sites have a
UL-recognized dual grounding lug.
Note Do not use any wires other than copper wires for grounding.
Note Refer also to the Connecting AC Mains and Connecting DC Power sections in the
Front Matter of this manual.
Allow at least 90 cm (36 in) of frontal clearance for operating and maintenance
accessibility. Allow at least 10 cm (4 in) clearance at the rear of the unit for signal
lines and interface cables.
The following table displays the ambient operating temperature of ETX2i
products:
Device Connectors
Connect the ground lug on the front or rear panel of the equipment to a
ground bus bar by means of a short grounding wire (see Safety).
Install the equipment in an adequately grounded rack by means of the
mounting brackets provided with the equipment, to improve the ground
connection of the ETX2i equipment. To mount ETX2i, connect the provided
mounting adapters to ETX2i using star and spring washers. Remove any
paint that may interfere with the connection.
Plan carefully the grounding system for the central office or cell-site.
For rack mounting instructions, refer to the associated installation kit manual.
For wall mounting instructions for 8.5 enclosures, refer to the associated
installation kit. There is no wall mounting option for 19 enclosures.
If you are using ETX2i as a desktop unit, place and secure the unit on a stable,
non-movable surface.
Refer to the clearance and temperature requirements in Site Requirements and
Prerequisites.
If you insert an unrecognized SFP into an SFP or SFP+ port, even if it is the same
speed as the port, the SFP does not work, but does not raise an alarm or
generate a message.
Caution When calculating optical link budget, always take into account adverse effects of
temperature changes, optical power degradation, and so on. To compensate for
signal loss, leave a 3 dB margin. For example, instead of maximum receiver
sensitivity of -28 dBm, consider the sensitivity measured at the Rx side to be
-25 dBm. Information about Rx sensitivity of fiber optic interfaces is available in
the SFP/XFP Transceivers data sheet.
Note Some SFP models have a plastic door instead of a wire latch.
Caution Insert the SFP gently. Using force can damage the connecting pins.
Caution Do not remove the SFP while the fiber optic cables are still connected. This may
result in physical damage (such as a chipped SFP module clip or socket), or cause
malfunction (e.g., the network port redundancy switching may be interrupted).
You can insert into the rear of the ETX2i unit, a D-NFV module with an
integrated Intel x86 core, to enable hosting virtual machines providing virtual
network functions (VFs).
ETX2i supports hot swapping of the D-NFV module (card), meaning you can
insert and extract the D-NFV module into the ETX2i device without interrupting
the devices operation (i.e. powering it down).
Note The following procedures are relevant for ETX2i with a hot-swappable D-NFV
module, indicated by a screw and latch at the top right edge on the rear of the
ETX2i unit.
If you are using an ETX2i unit that does not support hot swapping, you must
power down the ETX2i unit, insert or remove the D-NFV module, and then power
up the ETX2i unit again.
Figure 2-4. Unit with Dummy Module Latch Closed (left) and Open (right)
3. Insert the D-NFV module into the now empty device slot.
Note Only after the lock is secured in place, the device recognizes that the D-NFV card
has been inserted.
Before connecting or disconnecting any cable, you must connect the protective
ground terminals of this unit to the protective ground conductor of the mains (AC
or DC) power cord. If you are using an extension cord (power cable) make sure it
Warning is grounded as well.
Any interruption of the protective (grounding) conductor (inside or outside the
instrument) or disconnecting of the protective ground terminal can make this
unit dangerous. Intentional interruption is prohibited.
Note Refer also to the Connecting AC Mains and Connecting DC Power sections in the
Front Matter of this manual.
Connecting to AC Power
ETX2i units installed indoors require a 1.5m (5 ft) standard CBL-K21 AC external
power cable (per ITU-K.21) terminated by a standard 3-prong socket, to provide
AC power to the unit.
Hardened options of ETX2i units used in an unprotected power network, such as
AC cell site, AC street cabinet, AC pole, or rural area, require an AC Surge
Protection Unit to prevent hardware damage caused by current surges and
voltage spikes. In this unit, a single-phase AC power supply line protector
protects against lightning overvoltage for both common and differential modes.
ETX2i, ETX-2i-B D-NFV, and ETX-2i-10G half 19 hardened devices have a built-in
AC Surge Protection Unit, and therefore, in unprotected power networks, can use
the standard CBL-K21 AC external power cable (per ITU-K.21) to provide AC
power to the unit.
ETX-2i-B (Type 4) and ETX-2i-10G 19 hardened devices do not have a built-in AC
Surge Protection unit, and therefore require an Enhanced CBL-K21E AC external
power cable (per ITU-K.21E).
Under standard conditions, ETX-2i-B (2U) can use a standard CBL-K21 AC external
power cable for AC power. However, in unprotected power networks, it cannot
use the Enhanced CBL-K21E AC external power cable. In this case, the device
requires a special ordering option that supports K21E.
To connect to AC power:
1. Connect the relevant power cable to the power connector on ETX2i.
For indoor installation standard CBL-K21 AC power cable
For connection of hardened units to an unprotected power network:
For ETX-2i-B (Type 4) and ETX-2i-10G 19 Enhanced CBL-K21E AC
external power cable
For ETX2i, ETX-2i-B D-NFV, and ETX-2i-10G half 19 (with built-in AC
Surge Protection Unit) Standard CBL-K21 AC external power cable
For ETX-2i-B (2U) Regular unit cannot be used. Use special ordering
option that supports K21E.
2. Connect the power cable to the mains outlet.
The unit turns on automatically.
Connecting to DC Power
AC/DC plugs or terminal block connectors are available for wiring the DC
connection to the power cable (see AC/DC Adapter (AD) Plug for DC Power Supply
Connection and Terminal Block Connector for DC Power Supply Connection).
All DC options support NEBS level 3 on port type 8b (DC inlet).
To connect to DC power:
1. Wire the DC connection to the power cable, and connect it to the unit.
See the relevant DC Power Supply Connection section below for instructions
on wiring the DC connection AC/DC Adapter (AD) Plug for DC Power Supply
Connection or Terminal Block Connector for DC Power Supply Connection.
2. Connect the power cable to the mains outlet.
The unit turns on automatically.
Caution Prepare all connections to the AD plug before inserting it into the units power
connector.
Reversing the wire voltage polarity will not cause damage to the unit, but the
internal protection fuse will not function.
Warning Always connect a ground wire to the AD plugs chassis (frame) ground
terminal. Connecting the unit without a protective ground, or interrupting the
grounding (for example, by using an extension power cord without a
grounding conductor) can damage the unit or the equipment connected to it!
The AD adapter is not intended for field wiring.
Caution Prepare all connections to the TB plug before inserting it into the units VDC-IN
connector.
To prepare and connect the power supply cable with the TB Plug:
1. Strip the insulation of your power supply wires according to the dimensions
shown.
2. Place each wire lead into the appropriate TB plug terminal according to the
voltage polarity mapping shown in Figure 2-13. (If a terminal is not already
open, loosen its screw.) Afterwards, tighten the three terminal screws to
close them.
3. Pull a nylon cable tie (supplied) around the power supply cable to secure it
firmly to the TB plug grip, passing the tie through the holes on the grip.
4. Isolate the exposed terminal screws/wire leads using a plastic sleeve or
insulating tape to avoid a short-circuit.
5. Connect the assembled power supply cable to the unit by inserting the
TB plug into the units VDC-IN connector until it snaps into place.
Figure 2-13. Mapping of the Power Supply Wire Leads to the TB Plug Terminals
Reversing the wire voltage polarity can cause damage to the unit!
Always connect a ground wire to the TB plugs chassis (frame) ground
Warning terminal. Connecting the unit without a protective ground, or interruption of
the grounding (for example, by using an extension power cord without a
grounding conductor) can cause harm to the unit or to the equipment
connected to it, and can be a safety hazard to personnel operating it!
Note Certain TB plugs are equipped with captive screws for securing the assembled
cables TB plug to the units VDC-IN connector (C and E types only). To secure the
plug, tighten the two screws on the plug into the corresponding holes on the
sides of the input connector as shown in Figure 2-14.
Caution Always lift the locking latch of type B connectors before disconnecting the
TB plug, to avoid damaging the TB plug.
Caution Protection devices must be used to ensure that the contact ratings are not
exceeded. For example, use current limiting resistors in series with the contacts, and
place voltage surge absorbers across the contacts.
The relays are controlled by software, and therefore the default state (that
is, the state during normal operation) can be selected by the user in
accordance with the specific system requirements.
+12V auxiliary voltage output (through a 1600 W series resistor)
External alarm sense input. The input accepts an RS-232 input signal; it can
also be connected by means of a dry-contact relay to the auxiliary voltage
output.
Figure 2-17. Alarm Connector ETX-2i-10G Full 19 (4 SFP+, 12 SFP, and 12 UTP)
Device Connectors
Device Connectors
Figure 2-21. GbE Fiber Optic Connectors ETX-2i-B 2U with ten SFP
Figure 2-22. GbE Fiber Optic Connectors Half 19 (4 SFP+, four SFP, and four UTP)
Figure 2-23. GbE Fiber Optic Connectors ETX-2i-10G Full 19 (4 SFP+, 12 SFP, and 12 UTP)
The following applies to all intra-building Ethernet ports with a copper interface
(RJ-45):
Warning The ports are suitable for connection to intra-building or unexposed wiring or
cabling only. The intra-building port(s) of the equipment or subassembly MUST
NOT be metallically connected to interfaces that connect to the OSP or its
wiring. These interfaces are designed for use as intra-building interfaces only
(Type 2 or Type 4 ports as described in GR-1089-CORE) and require isolation
from the exposed OSP cabling. The addition of primary protectors is not
sufficient protection in order to connect these interfaces metallically to OSP
wiring.
The ports must use shielded intra-building cabling/wiring that is grounded at
both ends. The ground connection must be stable and with low impedance, in
order to ensure that surge currents, which can develop due to ground
potential rise, do not cause very high voltages to develop on the ETH isolation
transformer.
Figure 2-26. Ethernet Electrical Connectors ETX-2i-10G Half 19 (4 SFP+, 4 SFP, and 4 UTP)
Figure 2-27. Ethernet Electrical Connectors ETX-2i-10G Full 19 (4 SFP+, 12 SFP, and 12 UTP)
Note This section is relevant for the ETX2i modular option with SHDSL network
module.
You can connect ETX2i to SHDSL equipment via one or two RJ-45 connectors
designated SHDSL; one RJ-45 connector for the 4-wire option and two RJ-45
connectors for the 8-wire option.
You can connect ETX2i to VDSL equipment via the two RJ-45 (UTP) connectors
designated VDSL.
Note
This section is relevant only for the ETX2i modular option with E1/T1 network
module.
To connect to E1 or T1 equipment:
Connect an E1 or T1 line to the RJ-45 connector designated E1/T1 (14/8).
Refer to the Connection Data appendix for the RJ-45 connector pinout.
Note This section is relevant only for the modular option with T3 network module.
You can connect ETX2i to T3 equipment via the BNC coaxial connectors on the
network module.
Note You must configure the module with the correct module type. Refer to the Cards
and Ports chapter for details.
To connect to T3 equipment:
1. Connect the Rx cable to the BNC connector labeled Rx.
2. Connect the Tx cable to the BNC connector labeled Tx.
Note This section is relevant only for ETX2i or ETX-2i-10G ordered with a timing option
that includes a station clock port.
You can connect ETX2i to an external clock source via a dedicated station clock
port, an RJ-45 connector designated EXT-CLK. Refer to the Connection Data
appendix for the connector pinout.
Note The cable length between the station clock port and the external clock source
must not exceed six meters (19.7 feet).
Note This section is relevant only for ETX2i, ETX-2i-B, or ETX-2i-10G ordered with a
timing option that includes the EXT-CLK/1PPS ports and/or the ToD/1PPS port.
Note The cable length between the ToD/PPS and EXT CLK/1PPS ports, and the external
synchronization equipment, must not exceed six meters (19.7 feet).
To connect to ToD/1PPS:
Connect ETX2i to the synchronization equipment using a proprietary RAD
cable terminated with a male RS-422 RJ-45 connector.
Caution Terminal cables must have a frame ground connection. Use ungrounded cables
when connecting a supervisory terminal to a DC-powered unit with floating
ground. Using improper terminal cable may result in damage to the supervisory
terminal port.
Caution Before leaving the installation site, it is highly recommended that you test
network connectivity between the device and the remote network management
station (for example, by sending a ping).
3.2 Indicators
The following sections describe the functions of the ETX2i LED indicators.
ETX2i
ETX-2i-B
ETX-2i-10G
Figure 3-7. ETX-2i-10G Half 19 Front Panel (4 SFP+, 4 SFP, and 4 UTP)
Figure 3-8. ETX-2i-10G Full 19 Front Panel (4 SFP+, 12 SFP, and 12 UTP)
3.3 Startup
Applicable Products
All configuration and software files, as well as the loading sequence, are
applicable to all ETX2i products.
Note Although the CLI allows sw-pack-1 through sw-pack-4, you can define only two
SW packs simultaneously.
Note Configuration files should contain only printable ASCII characters (0x200x7E),
<Enter> (0x0D), <Line Feed> (0x0A), and <Tab> (0x09).
Refer to the File Operations section in the Administration chapter for details on
file operations.
Loading Sequence
At startup, the device attempts to load configuration files in the following
sequence until a valid one is found:
startup-config
rollback-config
user-default-config
factory-default-config
If an error is encountered while loading a file, the default is to ignore the error
and continue loading. You can use the on-configuration-error command to
change this behavior, to either stop loading the file when the first error is
encountered, or reject the file and reboot; after rebooting, the next file in the
loading sequence is loaded).
To display the parameter values after startup, use the info [detail]
command.
Applicable Products
These file operations are applicable to all ETX2i products.
Zero Touch
The Zero Touch feature allows ETX2i to receive software and configuration files
automatically, eliminating the need to manually log into ETX2i in order to
transfer the required files to it.
The following zero touch mechanisms enable automatic provisioning of ETX2i:
Zero Touch via DHCP ETX2i retrieves configuration information from the
DHCP server (see Zero Touch via DHCP/DHCPv6).
Zero Touch via DHCPv6 ETX2i retrieves configuration information from the
DHCPv6 server (see Zero Touch via DHCP/DHCPv6).
Zero Touch via trap ETX2i sends a notification trap to the management
system (see Zero Touch via Trap), so that the management system can
perform the appropriate provisioning.
Show Me Demo
Note If the video cannot be viewed, ensure that you have the latest version of Adobe
Reader.
Prerequisites
A Zero Touch configuration (ZTC) XML file, containing directives for the
software and configuration files. See ZTC File Structure for details on how to
prepare this file.
A DHCP or DHCPv6 server for providing the TFTP server address, in addition to
the usual IP address, default gateway, etc.
A TFTP server from which to download the following:
ZTC file
Software image file, if required by the directives
Configuration file, if required by the directives
Sequence
1. At reboot, ETX2i obtains a DHCP lease from the DHCP server and/or a
DHCPv6 lease from the DHCPv6 server. If ETX2i receives more than one lease
that contains ZTC directives (from multiple interfaces), it processes them one
by one. After the first one is finished, either successfully or not (e.g. reaching
a timeout during file download), the device proceeds with the directives
received in the second lease.
2. For DHCP: The lease provides the TFTP server address, either via option 150,
or as a string via option 66 (the string is interpreted as an IP address rather
than a device name). Option 66 is valid only if the string is formatted as
(xxx.xxx.xxx.xxx). Optionally, the DHCP lease provides the path and/or the file
name of the ZTC file via DHCP option 67.
3. For DHCPv6: The lease provides the TFTP server address via CableLabs
vendor-specific (17) sub-option 32, provided that ETX2i supports it. If
multiple TFTP server addresses are received, only the first one is used.
Optionally, the DHCPv6 lease provides the path and/or the file name of the
ZTC file via DHCPv6 sub-option 33.
4. If neither a valid TFTP address nor the path and/or file name of the ZTC file is
obtained, the ZTC process finishes unsuccessfully.
5. ETX2i loads the ZTC file from the TFTP server, according to the information
received in the lease. If not specified in the lease, the default path is rad/,
and the default file name is rad.xml.
6. If the ZTC file is loaded successfully, ETX2i sends the event download_end
(with success indication) to any configured network managers, and saves the
ZTC file as zero-touch-config-xml.
7. If zero-touch-config-xml contains directives for a software file, ETX2i does
one of the following, according to the action specified in the directives:
upgrade-only Load software file if it is newer than the active software
image.
downgrade-only Load software file if it is older than the active software
image.
replace Load software file if different from the active software image.
8. If zero-touch-config-xml contains directives for a configuration file, then if
the action specified in the directives is replace-cfg, ETX2i loads the specified
configuration file if it is different than the last configuration file loaded via
the ZTC mechanism, and saves it as specified by cfg-dst-file.
9. If a software file was downloaded, ETX2i installs it as the active software
pack.
10. If a software file and/or configuration file was downloaded, ETX2i reboots.
After startup, the normal startup loading sequence is performed, so that if
startup-config is loaded in the sequence, ETX2i executes the CLI commands
in the file.
11. If no reboot was needed, ETX2i performs the normal startup loading
sequence.
If the ZTC process ends successfully, ETX2i sends the event download_end (with
success indication) to any configured network managers.
If an error occurs in the ZTC process, ETX2i does the following:
Sends the event download_end (with failed indication) to any configured
network managers
Starts a 10-minute timer
Performs the normal startup loading sequence
When the timer expires, ETX2i again attempts the ZTC process.
Software Directives
The following directives supply information about the software file to download:
sw-version version of the software to download; must be formatted in the
same way as the chassis software revision displayed in the inventory display
(refer to the Inventory section).
sw-action software installation to perform:
upgrade-only Load software file if sw-version specifies a newer version
than the chassis software revision.
downgrade-only Load software file if sw-version specifies an older
version than the chassis software revision.
replace Load software file if sw-version specifies a version that is
different from the chassis software revision.
sw-src-file path and name of the software to download
sw-dst-file file name for saving the downloaded software:
sw-pack-<n> File is saved as the specified name, if it is not the active
software.
auto File is saved as follows:
If there is an unused software pack number, and there is enough
space in the file system, then the file is saved as sw-pack-<n>, where
<n>is the smallest unused software pack number.
If all software packs numbers are in use, or if there is not enough
space to save the software, then the file is saved as sw-pack-<n>,
where <n>is the software pack number of the oldest version.
Configuration Directives
The following directives supply information about the configuration file to
download:
cfg-version version of configuration to download
cfg-action action to take regarding configuration:
<sw-version>4.3.50</sw-version>
<sw-action>upgrade-only</sw-action>
<sw-src-file>/rad/etx/etx200.sw</sw-src-file>
<sw-dst-file>auto</sw-dst-file>
<cfg-version>etx200 4.3.50</cfg-version>
<cfg-action>replace-cfg</cfg-action>
<cfg-src-file>/rad/etx/etx200.cfg</cfg-src-file>
<cfg-dst-file>startup-config</cfg-dst-file>
</ETX-200>
<ETX-300>
<sw-version>4.3.10</sw-version>
<sw-action>downgrade-only</sw-action>
<sw-src-file>/rad/etx/etx300.sw</sw-src-file>
<sw-dst-file>auto</sw-dst-file>
<cfg-version>etx300 4.3.10</cfg-version>
<cfg-action>replace-cfg</cfg-action>
<cfg-src-file>/rad/etx/etx300.cfg</cfg-src-file>
<cfg-dst-file>startup-config</cfg-dst-file>
</ETX-300>
</zero-touch-configuration>
</config>
</edit-config>
</rpc>
Ethernet Local, remote Inband Telnet (IPv4 RADview (see Working with
FE/GbE/ only), SSH RADview below)
10GbE Terminal emulation application
(see Working with Telnet and SSH
below)
Note
By default, the terminal, Telnet (SSH), NETCONF, and SNMP management access
methods are enabled. See Management Access Methods for details on
enabling/disabling a particular method.
Note You can also run a Telnet (IPv4 only) or SSH session directly to the x86 processor.
Network
Telnet RS-232
Remote RAD
Device RAD Device
PC
Source IP Address
The source IP address depends on the location in the CLI tree from which the
Telnet client command is activated:
If the Telnet client command is activated from the router context, the routing
table of the current router defines the IP address that the packets are sent
from.
If the Telnet client command is activated outside the router context, the
routing table of Router 1 defines the IP address that the packets are sent
from.
If the destination IP address is not a valid unicast IP address, ETX2i rejects the
command.
Special Characters
When the client session is open, its parent session passes all special characters
(such as <Ctrl> + <any key>) without parsing or acting upon them. The only
exception is the <Ctrl> + <_> key combination, which closes the client Telnet
session. This allows you to terminate the connection and return to the parent
session if the client session becomes unresponsive, rather than waiting for the
inactivity timeout to end the connection.
Inactivity Timeout
When a Telnet client is used, the inactivity timer of the parent session rearms.
This ensures that as long as the client session is active, its parent session is not
terminated due to an inactivity timeout. Likewise, when the inactivity timer of the
parent session expires, it is terminated together with its client session.
Termination
The client session is terminated if one of the following occurs:
You quit the client session by using the <Ctrl> + <_> key combination. When
this key combination is entered, ETX2i terminates the client session and
returns to the parent session prompt. This is useful when the remote device
stops responding or the connection to it is lost.
You quit the parent session.
The parent session is terminated due to inactivity timeout.
ETX2i terminates the client Telnet session and returns to the parent
session prompt.
Login
To prevent unauthorized modification of the operating parameters, ETX2i
supports various access levels. Refer to User Access for more information on the
access levels, as well as a list of the default users defined in the device and
information on configuring additional users.
Note The superuser (su) can perform all the activities supported by the ETX2i
management facility.
To log in to ETX2i:
1. At the user prompt (user>), enter the user name and press <Enter>.
The password prompt (password>) appears.
2. Enter the password (default is 1234) and press <Enter>.
The base prompt ETX2i# appears.
Note You can display a banner at login. Refer to the Administration chapter for details.
Changing Password
It is recommended that you change the users default passwords to prevent
unauthorized access to the unit using the special option chngpass. This option is
also useful in case the user has forgotten their password.
To change/restore a password:
1. At the User prompt (config>mngmnt# user>), enter chngpass and press
<Enter>.
2. Enter user as user name and press <Enter> to receive a temporary password.
With this password you can enter as user and change the password to your
own.
A key code is displayed.
3. Send the key code to RAD Technical Support department.
RAD technical support department will generate a temporary password
which is valid for a single login.
4. Use this temporary password to log in and set a new permanent user name
and password.
Note Most commands are available only in their specific context. Global commands are
available in any context. You can type ? at any level to display the available
commands.
CLI Prompt
The base level prompt contains the device name, which is ETX2i by default (the
device name can be configured in the system level; refer to the Device
Information section in this manual). The prompt ends with $, #, or >, depending
on the type of entity being configured and the user level.
If a new dynamic entity is being configured, the last character of the prompt is $.
Examples of dynamic entities include flows, QoS profiles, and OAM CFM entities.
If a new dynamic entity is not being configured, the last character of the prompt
is > (for tech or user access levels) or # (for other access levels).
Note The examples in this manual use # as the last character of the prompt, unless the
creation of a new dynamic entity is being illustrated.
After you type a command at the CLI prompt and press <Enter>, ETX2i responds
according to the command entered.
Navigating
To navigate down the tree, type the name of the next level. The prompt then
reflects the new location. To navigate up, use the global command exit. To
navigate all the way up to the root, type exit all.
At the prompt, one or more level names separated by a space can be typed,
followed (or not) by a command. If only level names are typed, navigation is
performed and the prompt changes to reflect the current location in the tree. If
the level names are followed by a command, the command is executed, but no
navigation is performed and the prompt remains unchanged.
Note To use show commands without navigating, type show followed by the level
name(s) followed by the rest of the show command.
In the following example, the levels and command were typed together and
therefore no navigation was performed, so the prompt did not change.
ETX2i# configure system date-and-time date-format yyyy-mm-dd
ETX2i# show configure system system-date
2013-06-10 15:08:20 UTC +00:00
ETX2i#
In the following example, the levels were typed separately and the navigation is
reflected by the changing prompt.
ETX2i# configure
ETX2i>config# system
ETX2i>config>system# date-and-time
ETX2i>config>system>date-time# date-format yyyy-mm-dd
ETX2i>config>system>date-time# exit
ETX2i>config>system# show system-date
2013-06-10 15:13:23 UTC +00:00
ETX2i>config>system#
Full-Path Command
Full-path command allows you to enter a CLI command anywhere in the tree as if
the current level was the CLI root, by preceding the command or level change
with a backslash character. The device executes the command as if it were
invoked from the CLI root.
If you enter a level change (preceded by \) without a command, the CLI does not
return to the prompt of the level that the command was invoked from, but
remains at the changed level. For example, the \configure system command,
when invoked from any level in the CLI tree, returns the
ETX2i>config>system# prompt. However, if you enter a level change followed
by a command, the system performs the command and then returns the prompt
of the level that the command was invoked from. For example, if following the
command ETX2i>admin>scheduler#, you type \configure system name
my-device, the latter command sets the device name to my-device and then
returns the prompt my-device>admin>scheduler#.
Note Before executing a full path command, the CLI engine exits to the CLI root. Some
commands (e.g. ping) behave differently, depending on the location they were
executed from. The following command, for example, would use a router 1 source
address, although executed from router 2:
ETX2i>config>router(2)# \configure router 1 ping 192.168.1.1.
Command Tree
The tree command displays a hierarchical list of all the commands in the CLI tree,
starting from the current context.
Command Structure
CLI commands have the following basic format:
command [parameter]{ value1 | value2 | | valuen } [ optional-parameter
<value> ]
where:
You can type only as many letters of the level, command, or parameter as
required by the system to identify it. For example, you can enter config manag to
navigate to the management level.
Special Keys
The following keys are available at any time:
Getting Help
You can get help in the following ways:
Type help to display general help (see General Help).
Type help <command> to display information on a command and its
parameters (see Command Help).
Type ? to display the commands available in the level (see Level Help).
Use <Tab> while typing commands and parameters, for string completion
(see Command-Line Completion).
General Help
Enter help at any level to display general CLI help, including:
Short description of CLI interactive help
Commands and levels available at the current level
Globally available commands
CLI special keys (hotkeys)
Output modifiers for filtering output
URLs for device manual and shelf view manual
Example of help command output from the root level:
Command Help
Enter help <command> to display command and parameter information.
ETX2i>config>system# help name
- name <name-of-device>
- no name
<name-of-device> : Adds free text to specify the device name [0..255 chars]
Level Help
Enter ? at the command prompt to display the commands available in the current
level.
ETX2i>file# ?
delete - Delete file
dir - Display file directory
Command-Line Completion
Command-line completion saves you command-line entry time and reminds you
the syntax of command-line entities (levels, commands, parameters, flows, and
profiles).
In a command-line, ETX2i completes command-line entities, when you press
<Tab> immediately following a string (one or more characters).
Some user-defined entity names, such as flow names or profile names, can be
completed as well. If you enter an entity name (flow, profile, or similar) that does
not exist in the database, ETX2i creates this entity with the selected name.
If the command-line entity name can be completed in only one way, when
you press <Tab>, ETX2i autocompletes the entire name and appends a
space.
If the command-line entity name can be completed in more than one way,
ETX2i appends the characters that are common to all possibilities, and
displays a list of the completion possibilities beginning with those characters.
If the string is already a complete entity name
(level/command/parameter/flow/profile) or cannot be completed to a
complete name, no completion is done.
Pressing <Tab> following a complete command name (followed by a space),
displays a list of available command arguments, if they exist (same behavior
as ?).
Pressing <Tab> following a string and a space returns a CLI error: Ambiguous
Command. This is because the string entered could be completed to more
than one command and is therefore ambiguous.
Pressing <Tab> at the beginning of a command line behaves like a regular
tab, and unlike ?, does not display a list of available commands.
The following tables show examples of string completion.
Interactive Help
To get interactive help, type ?.
In general, typing a ? directly after a string displays possibilities for string
completion, while typing <space> and then a ? displays possibilities of the next
argument.
When a <CR> appears in a ? list, the string you entered is itself a valid command
needing no further additions. Pressing <Enter> executes the command or
navigates to the indicated level.
When a string cannot be completed, ETX2i displays cli error: Invalid Command.
ETX2i>admin# stac?
# cli error: Invalid Command
ETX2i>admin# stac
ETX2i>file# da ?
# cli error: Invalid Command
ETX2i>file# da
Typing <?> after a space between a command or level name and the ? tells
ETX2i to display possibilities of the next argument. If the string preceding the ?
is ambiguous or invalid, an explanatory message is displayed. The string does not
have to be a complete command.
If there is only one possible command starting with that string, pressing <Enter>
will execute the command. If there is more than one command that starts with
the string, the CLI displays a message that it cant clarify which command you
want.
ETX2i>admin# factory?
ETX2i>config>flows# show ?
summary - Displays list of flows
ETX2i>config>flows# show
ETX2i>config>flows# classifier-profile ?
<classification-n*> : [1..32 chars]
ETX2i>config>flows# classifier-profile
The next example shows a complete command to which a parameter could be
appended. It also shows how a string that is a complete command is executed by
pressing <CR>, or <Enter>.
ETX2i>config>access-control# resequence access-list acl_1 ?
<CR>
<number> : [0..100000]
The next example shows a complete command that has no parameters.
ETX2i>config>flows# classifier-profile myclass match-any ?
<CR>
ETX2i>config>flows# classifier-profile myclass match-any
Note
Schedules for date and time are saved in system local time. If the local time
changes, ETX2i does not modify the schedules to compensate for the change;
therefore, changing the time can cause schedules to be executed twice or not
executed at all.
To schedule a command:
In any level, enter the schedule command according to the type of schedule:
In <minutes> Enter:
schedule <name> in <minutes> <command>
The schedule is saved with its name set to <name>, and the specified
<command> is executed after the specified amount of <minutes> has
elapsed, regardless of changes to the local system time.
Range for <minutes>: 114400 [10 days]
At <date-and-time> Enter:
schedule <name> at {january | february | march | april | may | june | july |
august | september | october | november | december} <dd> <yyyy>
<hh>:<mm> <command> [volatile | nonvolatile]
The schedule is saved with its name set to <name> (in permanent
memory if nonvolatile was specified), and the specified <command> is
executed at the specified date and time. If the local system time is
changed after the schedule is configured, the scheduled command might
not be executed, or might be executed twice.
Note An invalid date and time is not allowed; however, a date and time in the past is
allowed; a schedule with its date and time in the past will never be executed
unless the device date/time is changed such that the schedule date and time is
no longer in the past.
Note Schedules can be added or deleted, but not changed. If you wish to change the
details of a schedule, you have to delete it and then recreate it with the changes.
To delete schedules:
To delete a specific schedule, in any level enter:
no schedule <name>
To delete all finished schedules, navigate to the admin scheduler level and
enter:
clear-finished-schedules
Note You can also enter the info command from the root of the device to view all
commands of the device, including scheduled commands (see Viewing the Device
Configuration section below).
Summer Time
Start (Recurring): Last Sunday of May, 02:00
End (Recurring): Last Thursday of October, 02:00
Offset : 60 minutes
Start : 31 May 2015 12:21
End : 25 October 2015 12:21
Summer Time
Start (Recurring): Last Sunday of May, 02:00
End (Recurring): Last Thursday of October, 02:00
Offset : 60 minutes
Start : 31 May 2015 12:21
End : 29 October 2015 12:21
Parameter Description
Current date Current date and time, and current offset from UTC
Parameter Description
Activation In output of show scheduler, indicates the amount of time before the scheduled
command will be executed, according to the type of schedule:
Once (In) Amount of time before the scheduled command will be executed, in the
form <hh:mm:ss>, <1 day hh:mm:ss> or <ddd days, hh:mm:ss>
Once (At) Date and time at which the scheduled command will be executed
For either type, -- is displayed if the schedule is marked as finished.
Activation (Local In output of show scheduler-details for schedule type Once (At), displays the date and
Time) time at which the scheduled command will be executed.
Activation In In output of show scheduler-details for schedule types Once (In) and Once (At), displays
(Seconds) the amount of time before the scheduled command will be executed.
Start (Date) For one-shot daylight saving time scheduling, displays daylight saving time start date
and time.
End (Date) For one-shot daylight saving time scheduling, displays daylight saving time end date and
time.
Start (Recurring) For recurring daylight saving time scheduling, displays the configured week of the
month, weekday, month, and time for daylight saving time start.
End (Recurring) For recurring daylight saving time scheduling, displays the configured week of the
month, weekday, month, and time for daylight saving time end.
End For recurring daylight saving time scheduling, displays the next scheduled date and time
for daylight saving time end.
Configuration Errors
The following table lists the messages generated by the device when a command
scheduling configuration error is detected.
Schedule with this name You tried to create a new schedule with Specify a name that is not being used
already configured a name that is used by an existing by an existing schedule.
schedule.
Warning: Scheduled The command that you specified to Check the command; if changes are
command failed sanity schedule may fail when executed. needed, delete the schedule and
re-enter it with the changed
command.
The logout command You specified the logout command as None. You are not allowed to
may not be scheduled the command to schedule. schedule the logout command.
Refreshing Output
You can specify that ETX2i should periodically refresh the output of a show
command.
Note The example uses a slot number to reference the port, which may not be
applicable to every device.
Administrative Status : Up
Operational Status : Down
Connector Type : SFP Out
Name ETH-1/1
Administrative Status : Up
Operational Status : Down
Connector Type : SFP Out
Auto Negotiation : Other
MAC Address : 00-20-D2-50-E3-84
To exit the refresh-mode press ESC or Ctrl+C
ETX2i>config>port>eth(1/1)#
Filtering Output
Some commands, such as info and show display large amounts of information as
their output. It is possible to control the type and amount of information
displayed, by filtering the output.
To filter a commands output, append to the command:
| [include | exclude | begin] <filter-expression>
Keyword Description
include The output includes only lines that match the filter
expression.
exclude The output includes only lines that do not match the filter
expression.
begin The output starts with the first line that matches the filter
expression and continues with all further lines.
Metacharacters
Metacharacters are characters with special meaning. They allow you to define
filter criteria, while not being part of the filter criteria themselves. Some are
placeholders or wildcards. Some allow you to define ranges of characters to
either include or exclude. You can construct complex filter expressions to see the
exact output you want. Table 3-8 describes filter metacharacters.
. Matches any single character. r.t matches the strings rat, rut, and r t, but not
root.
$ Matches the end of a line. device$ matches the end of the string header
device but not the string header device-name.
^ Matches the beginning of a line. ^device matches the beginning of the string
device loaded from but not the string header
device-name.
* Matches zero or more occurrences of .* means match any number of any characters.
the preceding character.
\ This character is used to treat the \$ is used to match the $ character rather than
following metacharacter as an ordinary match the end of a line.
character. \. is used to match a period rather than match
any single character.
[] Matches any one of the characters r[aou]t matches rat, rot, and rut, but not ret.
[c1-c2] between the brackets. [0-9] matches any digit.
[^c1-c2] Ranges of characters are specified by a [A-Za-z] matches any upper or lower case letter.
beginning character (c1), a hyphen,
[^269A-Z] matches any character except 2, 6, 9,
and an ending character (c2); multiple
and uppercase letters.
ranges can be specified as well.
To match any character except those in
the range, use ^ as the first character
after the opening bracket.
| Logical OR two conditions together (band|comp) matches the lines bandwidth cir
999936 cbs 65535 and compensation 0.
{i} Matches a specific number (i) or range A[0-9]{3} matches A followed by exactly three
{i,j} (i through j) of instances of the digits, i.e. it matches A123 but not A1234.
preceding character. [0-9]{4,6} matches any sequence of 4, 5, or 6
digits.
The following table provides some example of regular expressions and the
resulting string that will be used to filter the CLI output.
str str
s t r str
str str
str\str strstr
str\str str\str
strstr str
\str \str
Enabling Entities
Some dynamic entities are created as inactive by default. After the configuration
is completed, the no shutdown command activates the entity, as shown below.
Note The example uses a slot number to reference the port, which may not be
applicable to every device.
Using Scripts
CLI commands can be gathered into text files. They may be created using a text
editor, by recording the user commands or by saving the current configuration.
These files can be configuration files or scripts. Configuration files have specific
names and contain CLI commands that ETX2i can use to replace the current
configuration, while scripts contain CLI commands that add to the current
configuration. Configuration files can be imported from and exported to RAD
devices via file transfer protocols.
For more information on configuration files, refer to the description in the
Operation chapter.
In order to execute a CLI script, you have to copy/paste it to the CLI terminal, or
send it to ETX2i via the RADview Jobs mechanism, CLI script option.
Examples
To schedule copying a log file in two hours:
schedule sched-copy-2hrs in 120 copy log tftp://1.1.1.1
To schedule copying a log file on April 2 at 6:00, with the schedule saved in
permanent memory:
schedule sched-copy-Apr2 at april 2 2015 06:00 copy log tftp://1.1.1.1 permanent
save
Applicable Products
This feature is applicable to all ETX2i products.
Functional Description
Two types of ETX management access are supported:
Inband ETX host (management RI) resides directly over one or two VLANs in
a specific port or over a Bridge port (for example, to allow management
access in a Ring topology).
MNG RI
(ETX Host)
Router NNI
NNI
MNG RI
(ETX Host)
Router Bridge Bridge Port
NNI
Factory Defaults
By default, access is enabled for all the applications.
In the default factory configuration, ETX2i allows management from the OOB
management port.
The default factory configuration includes the following:
Allows untagged management access from the OOB port
Default IP address of the Router Interface is 169.254.1.1/16
No default Gateway configuration
Allows local management access using a PC to an out of the box ETX2i
device:
Note There is no explicit configuration for inband and outband management access.
Allowing SSH (Secure Shell) access ssh Typing no ssh blocks access by SSH.
Allowing Telnet access (for IPv4 only) telnet Typing no telnet blocks access by Telnet.
Applicable Products
This feature is applicable to all ETX2i products.
Standards
The supported SNMP versions are based on the following standards:
Benefits
SNMP allows you to remotely manage multiple units from a central workstation
using a network management system.
SNMPv3 allows data to be collected securely from SNMP devices. Confidential
information such as SNMP commands can thus be encrypted to prevent
unauthorized parties from being able to access them.
Functional Description
In an SNMP configuration, one or more administrative computers manage a group
of hosts or devices. Each managed system continuously executes a software
component called agent, which reports information via SNMP back to the
managing workstations.
Factory Defaults
The following is the default configuration of the SNMP parameters (see
Configuring SNMPv3 Parameters for explanations of the parameters):
SNMP engine ID set to device MAC address
View named internet providing access to IETF MIBs and IEEE MIBs
User named "initial", with security level no authentication and no privacy
Group for SNMPv3 named "initial":
Security levels no authentication and no privacy, authentication and no
privacy, authentication and privacy
User initial
Views for read/write/notify "internet"
Notifications with tag unmasked for the device traps
Note When you enter password parameters, they should contain at least eight
characters.
Setting SNMP snmp-engine-id mac [ <mac-address> ] snmp If you use the mac
engine ID, as snmp-engine-id ipv4 [ <ip-address> ] option and dont
MAC address or specify the MAC
snmp-engine-id text <string>
IP address or address, the SNMP
string engine ID is set to the
device MAC address.
If you use the ipv4
option and dont
specify the IP address,
the SNMP engine ID is
set to the device IP
address.
Setting user privacy [ password <password> ] [ key <key-change> ] snmp>user Using no privacy
privacy disables privacy
password and protocol
optional key for Note: Password
changes minimum length is 10
for AES128 and 8 for
DES.
Examples
To create an SNMPv3 user and connect it to group:
User named MD5_priv:
Security level MD5 authentication, DES privacy
Group named "MD5Group":
All security levels
Contains set of views named "internet" (from default configuration)
exit all
configure management snmp
#********* Configure user MD5_priv with authentication method MD5 with DES privacy protocol
user MD5_priv md5-auth des
privacy password MD654321
authentication password MD654321
no shutdown
exit
#******** Configure access group MD5Group with various authentication and privacy options
access-group MD5Group usm no-auth-no-priv
context-match exact
read-view internet
write-view internet
notify-view internet
no shutdown
exit
access-group MD5Group usm auth-no-priv
context-match exact
read-view internet
write-view internet
notify-view internet
no shutdown
exit
access-group MD5Group usm auth-priv
context-match exact
read-view internet
write-view internet
notify-view internet
no shutdown
exit
To create notifications:
Notification named TrapPort:
Tag=Port
Bound to ethLos, sfpRemoved
Notification named TrapPower:
Tag=Power
Bound to powerDeliveryFailure, systemDeviceStartup
exit all
configure management snmp
#******** Configure notification TrapPort
notify TrapPort
tag Port
bind ethLos
bind sfpRemoved
no shutdown
exit
To create communities, target parameters, and target for network devices that
are working with SNMPv1:
Community read:
Name: public
Security name: v1_read (defined in default configuration)
Community write:
Name: private
Security name: v1_write (defined in default configuration)
Community trap:
Name: public
Security name: v1_trap (defined in default configuration)
Target parameters named snv1:
Message processing model SNMPv1
Version SNMPv1
Security name: v1_trap
Security level: no authentication and no privacy
Target named NMSsnmpv1:
Target parameters snv1
Tag list=unmasked
IP address 192.5.6.7
exit all
#******** Configure communities
configure management snmp
snmpv3
community read
name public
sec-name v1_read
no shutdown
exit
community write
name private
sec-name v1_write
no shutdown
exit
community trap
name public
sec-name v1_trap
no shutdown
exit
#***************************Adding Classifier_Profiles*********
config flows
classifier-profile all match-any match all
classifier-profile untagged match-any match untagged
#***************************Configuring_Flows******************
flow mng_in
classifier untagged
no policer
ingress-port ethernet 0/101
egress-port svi 99
no shutdown
exit
flow mng_out
classifier all
ingress-port svi 99
egress-port ethernet 0/101 queue 0 block 0/1
no shutdown
exit all
#*********************Configuring_Router_Interface*************
configure router 1
interface 1
bind svi 99
address 172.18.141.39/24
no shutdown
exit
static-route 172.17.0.0/16 address 172.18.141.1
exit all
save
Overview
RADview is a Windows-based modular, client-server, scalable management
system that can be used in a distributed network topology or a single-station
configuration. RADview consists of the system and the following optional
modules:
D-NFV Orchestrator D-NFV Orchestrator creates, configures and manages
virtual machines on the X.86 D-NFV module within RADs customer edge
devices. D-NFV Orchestrator accommodates the Network Planning
functionality, which is part of RADview-Service Manager and enables offline
planning of networks with RAD products.
Service Manager (SM) end-to-end Carrier Ethernet service provisioning for
Ethernet Access products. This module includes the Service Center (SC)
module, which is an end-to-end Carrier Ethernet and TDM service provisioning
for AXCESS+ products.
Performance Monitor (PM) portal for service SLA monitoring for both
carriers and their customers
The ETX2i element and network management systems include a CORBA
northbound interface, enabling easy integration into the customers umbrella
NMS. CORBA enables interconnectivity and communication across heterogeneous
operating systems and telecommunications networks. CORBA effectively supplies
a software interface that defines data models used between various
management layers. It supports multi-vendor distributed network management
applications, providing the data interface between clients and servers.
For more details about the RADview network management software, and for
detailed instructions on how to install, set up, and use RADview, contact your
local RAD partner.
Note The service name configuration is necessary only in the endpoint devices.
Enable PM collection for the Rx and Tx flows, as well as for the corresponding
destination NE.
All flows belonging to the same service End Point must use the same port.
Only one S-tag should be used for the service.
Run the RADview Discovery Service function (refer to the RADview online
help).
Discovery can be performed only on the user port (UNI). For more information,
refer to the Performance Management section.
Note Multi-port E-Line services can't be discovered and statistics can't be collected on
the flows.
Profiles
Most packet processing features are defined by creating and applying various
profiles. Profiles comprise sets of attributes related to a specific service entity.
Profiles must be defined before other managed objects.
L2CP Ethernet/logical MAC port, Defines actions for L2CP processing (drop, peer,
PCS flow tunnel, and tunnel with MAC swap)
CoS mapping ETP/bridge flow/MultiCoS Defines method and values for mapping packet
flow (10.3 policer) attributes (P-bit, DSCP, IP precedence) to internal
CoS values
Color mapping Flow Defines method and values for mapping packet
attributes (P-bit, DSCP, IP precedence) to internal
color values
Policer, policer Ethernet port, flow Defines CIR, CBS, EIR, and EBS parameters
aggregate
Envelope policer Flow Defines policer attributes per rank, per MEF 10.3
Queue block Queue block within queue Defines queue and queue parameters. This
group includes defining all the queues forming the queue
block and defining per queue its parameters, such
as scheduling mode (strict, WFQ, BE), queue depth,
and queue WRED profile.
Queue group Ethernet/logical MAC Defines the group of queue blocks in a two-stage
port/PCS port hierarchy
Also sets the queue block profiles used and the
queue block shaper profile
Queue mapping Flow Defines method and values for mapping packet
attributes (P-bit, DSCP, IP precedence, CoS) to
internal priority queues
Physical Ports
Ethernet ports serve as ingress (UNI) and egress (NNI) ports for Ethernet flows.
The following packet processing attributes are assigned to them:
Tag Ethertype for identifying VLAN-tagged frames at ingress and setting
Ethertype value for VLAN editing (stack, swap) at egress
L2CP profile for defining L2CP frame handling (discard, peer, tunnel, or tunnel
with MAC swap)
Queue group profile for associating a port with a queue group
Policer profile for broadcast/multicast traffic (BUM filter)
Logical Ports
Logical ports maintained by ETX-2i serve as internal aggregation or forwarding
points for Ethernet flows. The following logical ports exist:
Logical MAC Provides a logical port to access smart SFP ports (via GFP
ports)
Link Aggregation Provides link protection. LAGs have the same attributes as
Group (LAG) the physical ports that serve as their members.
Forwarding Entities
Several internal entities carry traffic and make forwarding and switching
decisions. These are:
Flows Traffic-forwarding interconnection elements
Bridge
Router
Flows
Flows are entities that interconnect two physical or logical ports. Flow processing
is performed as follows:
Ingress traffic is mapped in flows using classification match criteria defined
via a classification profile.
L2CP frames are handled per flow according to L2CP profile settings.
User priority (P-bit, IP Precedence, DSCP) is mapped into internal queue
according to a queue mapping profile or assignment per flow.
Packet attributes may map packets to the ingress color, which together with
the color-aware policer (if applied), sets the egress packet color. Packet color
may be used in the marking and congestion avoidance process.
Alternately, packet attributes (L2-L4) can be mapped to an internal CoS,
which maps to queues (1:1). This scheme is supported by certain
configuration scenarios.
VLANs can be edited per flow by stacking (pushing), removing (popping), or
swapping (marking) tags on single or double-tagged packets. P-bit and DEI
values are either copied or set according to a marking profile (per packet
attributes or internal CoS).
A single policer can be applied to a flow or a policer aggregate can be
assigned to a group of flows. Envelope policer is also supported and can be
assigned to a flow.
A flow is mapped to a queue block or queue group associated with the egress
port.
Bridge
The bridge is a forwarding entity used by ETX-2i for delivering E-LAN and E-Tree
services in multipoint-to-multipoint topology and G.8032 ring protection. The
bridge uses SVIs to connect logical and physical ports.
The bridge is defined by bridge ports and a VLAN membership table that specifies
which bridge ports are members in a certain broadcast domain (VLAN). The bridge
supports up to two VLAN editing actions, on ingress and/or egress. The editing is
performed at the flow level.
Router
The embedded router (ETX-2i and ETX-2i-B) provides IPv4 and IPv6 routing. Each
router interface is assigned IP address(es) and should be bound to an SVI.
The router uses service virtual interfaces (SVIs) to connect to logical and physical
ports. The connection is always made by directing flows from a port to an SVI,
and then binding the SVI to a router interface.
Device management, as well as other L3 modules, such as 1588 (8265.1), TDM
PW (UDP/IP), and TWAMP, use the ETX-2i routing scheme.
Ethernet to Bridge
In Figure 4-1, the rectangles illustrate the data flow for user traffic from an
Ethernet port to a bridge port. The rounded rectangles indicate the features that
need to be configured, numbered according to the order of configuration.
Table 4-2 shows the configuration steps corresponding to the numbers.
4) CoS mapping
6) Flows
6 Configuring Flows classifier You must define the flow for the user
ingress-port traffic from the Ethernet port to the
bridge port.
egress-port
mark
reverse-direction
vlan-tag
shutdown
Bridge to Ethernet
In Figure 4-2, the rectangles illustrate the data flow for user traffic from a bridge
port to an Ethernet port. The rounded rectangles indicate the features that need
to be configured, numbered according to the order of configuration. Table 4-3
shows the configuration steps corresponding to the numbers.
1) Bridge ports 2) Classification 3) Marking 6) Queue blocks 5) Shaping 6) Queue blocks 8) Ethernet ports
9) Flows
9 Configuring Flows classifier You must define the flow for the user
ingress-port traffic from the bridge port to the
Ethernet port.
egress-port
policer
mark
vlan-tag
shutdown
User to Network
In Figure 4-3, the rectangles illustrate the data flow for Ethernet user traffic from
a user port to a network port. The rounded rectangles indicate the features that
need to be configured, numbered according to the order of configuration.
Table 4-4 shows the configuration steps corresponding to the numbers.
Queueing Queueing
Ingress UNI Classification Flow Policing Shaping Egress NNI
level 0 level 1
9) Ethernet ports 1) Classification 2) Marking 4) Policing 6) Queue blocks 5) Shaping 6) Queue blocks 8) Queue groups
10) Flows
10 Configuring Flows classifier You must define the flow for the user
ingress-port traffic from the user port to the
network port.
egress-port
policer
mark
vlan-tag
shutdown
Network to User
In Figure 4-4, the rectangles illustrate the data flow for Ethernet user traffic from
a network port to a user port. The rounded rectangles indicate the features that
need to be configured, numbered according to the order of configuration.
Table 4-5 shows the configuration steps corresponding to the numbers.
Queueing
Ingress NNI Classification Flow Policing Shaping Egress UNI
level 0
9) Ethernet ports 1) Classification 2) Marking 4) Policing 6) Queue blocks 5) Shaping 8) Queue groups
10) Flows
10 Configuring Flows classifier You must define the flow for the user
ingress-port traffic from the network port to the
user port.
egress-port
policer
mark
vlan-tag
shutdown
Network to User
The following figure illustrates the data flow from a network port provisioned as
a TDM port via a smart SFP, to an Ethernet user port. Table 4-6 shows the
configuration steps corresponding to the figure callouts.
Figure 4-5. TDM User Traffic Data Flow TDM Network to Ethernet User
Table 4-6. TDM User Traffic Configuration TDM Network to Ethernet User
1 Smart SFPs smart-sfp You must provision the smart SFP for
type the network port.
shutdown
T1 Ports t1
name
line-code
line-length
line-type
rx-sensitivity
tx-clock-source
shutdown
E3 Ports e3
name
tx-clock-source
shutdown
T3 Ports t3
name
line-length
line-type
shutdown
fcs-payload
name
4 Logical MAC Ports logical-mac You must configure a logical MAC port,
name and bind the GFP port to it. The logical
MAC port is used as the ingress port
bind
of the flow.
egress-mtu
queue-group
tag-ethernet-type
shutdown
11 Configuring Flows classifier You must define the flow for the user
ingress-port traffic from the network port (logical
MAC port) to the user port.
egress-port
policer
mark
vlan-tag
shutdown
User to Network
The following figure illustrates the data flow from a user port provisioned as a
TDM port via a smart SFP, to an Ethernet network port. Table 4-7 shows the
configuration steps corresponding to the figure callouts.
Figure 4-6. TDM User Traffic Data Flow TDM User to Ethernet Network
Table 4-7. TDM User Traffic Configuration TDM User to Ethernet Network User to Network
1 Smart SFPs smart-sfp You must provision the smart SFP for
type the user port.
shutdown
T1 Ports t1
name
line-code
line-length
line-type
rx-sensitivity
tx-clock-source
shutdown
E3 Ports e3
name
tx-clock-source
shutdown
T3 Ports t3
name
line-length
line-type
shutdown
fcs-payload
name
4 Logical MAC Ports logical-mac You must configure a logical MAC port,
name and bind the GFP port to it. The logical
MAC port is used as the ingress port
bind
of the flow.
egress-mtu
queue-group
tag-ethernet-type
shutdown
11 Configuring Flows classifier You must define the flow for the user
ingress-port traffic from the user port to the
network port.
egress-port
policer
mark
vlan-tag
shutdown
Benefits
Viewing the entities associated with service names is useful for service
administration, and to ensure correct discovery of service-related entities by
network management systems.
Functional Description
If you have defined service names for flows, you can display the flows and
corresponding MEPs associated with the service names.
show status name For specific service name, display summary information of
<name-string> associated flows/MEPs.
summary
show status name For specific service name, display details of associated
<name-string> flows/MEPs.
details
Examples
To view list of defined service names:
ETX-2i# configure service
ETX-2i>config>service# show status list
Name : s1
Name : s2
Flows
-----------------------------------------------------------------------------
Name Admin Oper Egress Port MEP
-----------------------------------------------------------------------------
S.29.1_1_1_s1 Up Down ETH 6 101
S.29.1_1_s1 Up Down ETH 1 101
MD : 1 MA : 1
MD Level : 6
MD Name : ---
MA Name : 1
MEPs
-----------------------------------------------------------------------------
ID Status Defects Service Pbit RMEPs OK/Total
-----------------------------------------------------------------------
101 up No 7 0/1
Flows
---------------------------------------------------------------
Name : S.29.1_1_1_s1
Admin : Up
Operational Status : Down
Name : S.29.1_1_s1
Admin : Up
Operational Status : Down
Test Status : Off
Classifier Profile : S.29_s1_1
Ingress Port : Ethernet 6
Egress Port : Ethernet 1
MD : 1 MA : 1
MD Level : 6
MD Name : ---
MA Name : 1
MEPs
---------------------------------------------------------------
ID : 101
Status : up
Defects : No
Note
Ports are referenced generally as [<slot>/]<port>[/<tributary>]:
<slot> = 1 for modular ports
<slot> = 0 for non-modular ports
<tributary> is required only for smart SFP E1/T1/E3/T3/SDH/SONET ports,
and is always set to 1.
5.1 Cards
This section describes how to configure the module type (card type) for the
modular option.
Benefits
The ability to preprovision the module type before actually inserting the module
provides more flexibility.
Functional Description
The ETX-2i module can contain ports of type GbE, E1, T1, T3, VDSL2, or SHDSL; or
it can contain an optional embedded router. You can preprovision the module
type before physically inserting the module. The configured module type must
match the actual module installed, for correct operation.
When ETX-2i starts up, it verifies that the configured module type matches the
module that is installed. If they do not match, the card_mismatch alarm is sent.
The ETX-2i module is defined as slot 1, therefore the ports on the module are
referenced with slot 1. The device ports that are not on the module are
referenced with slot 0.
Note The ETX-2i module is not hot swappable; it can be removed/replaced only when
ETX-2i is powered off.
Factory Defaults
By default, the module type is set according to the module type that is actually
installed.
Configuring Module
Note You can display the module type from the device level by typing
show cards-summary.
Configuring the module type as one of card-type eth 1g-2-full Type no card-type to set the module type
the following: card-type tdm {e1-t1-4-ch | e1-t1-8-ch} to null.
Ethernet GbE card-type tdm {t3-1-ch | t3-2-ch} Notes:
E1/T1 with four channels card-type shdsl {shdsl-4w | shdsl-8w} If the configured module type does not
E1/T1 with eight channels match the actual installed module, the
card-type vdsl2 {vdsl2-4p-pots | vdsl2-4p-
card_mismatch alarm is sent. This
T3 with one channel isdn}
includes the case of changing the
T3 with two channels module type to null while a module is
SHDSL with 4-wire option installed.
SHDSL with 8-wire option When the module type is changed to
VDSL2 with 8-wire option null, ETX-2i automatically deletes all the
interfaces that exist in the module.
You are not allowed to change the
module type in the following cases:
An active service is defined over one
or more of the module interfaces.
One or more of the module
interfaces is bound to a router
interface.
One or more of the module
interfaces is being used as a timing
reference (e.g. domain clock source).
5.2 Ethertype
Ethertype tag configuration of a packet allows identification of incoming and
outgoing VLAN-tagged packets.
Ethertype (tag protocol ID, or TPID) configured per port is used for:
Standards
IEEE 802.1Q
Benefits
Per-port tag Ethertype configuration allows identification of incoming and
outgoing VLAN-tagged frames.
Factory Defaults
By default, Ethertype is set to 8100.
Functional Description
Global tag Ethertype values, other than 8100 (the default) and 88a8, must be
configured at the device (chassis) level before they can be used to configure the
port level Ethertype, and the Ethertype used in Egress VLAN editing actions (Mark
and Push).
ETX-2i supports up to four Ethertype tag values:
8100 preconfigured default; cannot be deleted or changed
88a8 preconfigured; cannot be deleted or changed
Two user-configurable global Ethertype tag values can be deleted and
changed
Configuration of a packets inner and outer tag Ethertypes allows ingress
identification of a packets inner and outer VLAN tags, as follows:
The packets outer VLAN tag is identified if the packets outer tag Ethertype
equals the ports configured tag Ethertype.
The packets inner VLAN tag is identified if its inner tag Ethertype is equal to
one of the four device-level Ethertypes (two default and two user
configured).
Ethertype configured per port is used for the identification of VLAN-tagged
frames at ingress and VLAN editing at egress. This refers to outer VLAN only. The
outer VLAN of the incoming frame must match the configured Ethertype of the
port in order to be considered a VLAN-tagged frame (otherwise the frame is
considered untagged or dropped).
Note Ethertype tag cannot be changed if a port (Ethernet or LAG) has flows attached
to it.
The following table describes the admission rule for different port and TPID
types.
Table 5-1. Ports with Configured Port TPID Y (Tag Ethertype port configuration)
Y None Admit 1
Y Any one of the four Admit 2
device-level global
TPIDs
Configuring Ethertype
ETX-2i comes preconfigured with two global Ethertype tag values 8100 and
88a8. These Ethernet tag values cannot be modified or deleted.
You can configure an additional two global Ethertype tags so that they can be
used in Ethertype tag configuration of a packet or port.
If additional tag values are not defined, the port and packet can only use the
default global values 88a8 and 8100.
You can use no before tag-ethernet-type to remove the two additional user-
configurable Ethertype tag values. You cannot remove the fixed 8100 and 88a8
Note
values.
Example
To configure a port with global Ethertype tag 0x88a8:
ETX-2i>config>port>tag-ethertype 0x88a8
Configuration Errors
The following table lists the messages generated by ETX-2i when a configuration
error is detected.
Message Description
Modify failed: Ethertype tag value is in The Ethertype tag value cannot be changed because it is
use currently used by a port of a flow.
Invalid port Ethertype tag value The Ethertype tag value for a port cannot be configured to the
default value (0x8100), and cannot be different from the one
configured at system level.
Cannot delete default Ethertype tag The default Ethertype tag value (0x8100) cannot be deleted.
value
Delete failed: Ethertype tag value is in The Ethertype tag value cannot be deleted because it is
use currently being used by a port of a flow.
Setting failed: Ethertype tag value is The Ethertype tag value for a port or a flow is different from the
unknown one configured at system level.
Ethertype tag cannot be modified for a The Ethertype tag value is in use by the LAG.
port attached to LAG
Standards
G.7041
Benefits
GFP logical ports provide a logical link to smart SFP E1/T1/T3/SDH/SONET ports or
modular E1/T1/T3 ports.
Functional Description
ETX-2i uses GFP (Generic Framing Procedure) ports to provide a logical link to the
TDM ports that become available when smart SFPs are inserted (see Smart SFPs),
or an E1/T1/T3 module is installed.
ETX-2i supports up to four GFP ports when inserting up to four Smart SFPs
(MiRICs) into the device ports.
When using the GFP module (ETX2i), up to eight E1/T1 or two T3 can be
supported in a single GFP VCAToPDH group.
Notes If a module with multiple E1/T1/T3 ports is installed, the GFP port is bound to
the VCG port that is bound to the E1/T1/T3 ports.
If a module with a single T3 port is installed, the GFP port is bound directly to
the T3 port.
Factory Defaults
By default, no GFP ports exist. When a GFP port is created, it is configured as
shown below.
Enabling/disabling VLI byte vcat-header Note: Not relevant to GFP port bound
insertion on VCAT trunk or PDH to SDH/SONET port, modular T3 port,
or VCG port.
Examples
To configure GFP logical port 5:
Bind to VCG port 5, which must be bound to multiple E1/T1/T3 ports on the
module.
exit all
config port gfp 5
bind vcg 5
exit all
To display information on GFP logical port 1:
ETX-2i# config port gfp 5
ETX-2i>config>port>gfp(5)# info detail
name "GFP 5 "
bind vcg 5
no fcs-payload
scrambler-payload rx-tx
ETX-2i>config>port>gfp(5)# show status
Name : GFP 5
Operation Status : Up
ETX-2i>config>port>gfp(5)# show bind
Higher Layer
---------------------------------------------------------------
Lower Layer
---------------------------------------------------------------
VCG 1
To configure GFP logical port 3:
Bind to smart SFP E1 port 3.
exit all
config port gfp 3
bind e1 0/3/1
exit all
Note
For ETX2i with D-NFV option, regular user ports 7 and 8 are not available.
Applicable Products
This feature is applicable to ETX2i with the D-NFV option.
Benefits
The internal ports enable interconnection with the x86 processor.
Factory Defaults
By default, the internal Ethernet ports have the following configuration.
Functional Description
The internal ports are always administratively enabled. They can be ingress or
egress ports in flows, to enable transmitting data between the ETX-2i NID and
the x86 processor.
The internal ports cannot be members of a LAG or be assigned Ethernet
protection group.
You can configure flows between the internal ports and the following types of
ports:
Bridge port
Ethernet port
ETP Subscriber port
LAG
You cannot configure flows between the internal Ethernet ports and the
following types of ports:
ETP subscriber port
SVI assigned to router interface
Configuring port to trust DHCP packets dhcp-trust Client ports must always be untrusted
sent from server (no dhcp-trust); otherwise, the DHCP relay
discards the discovery messages sent from
the client port to the server.
Relevant only if DHCP snooping is enabled.
Assigning description to port name <string> Entering no name removes the name.
Benefits
The logical MAC ports connect between flows and GFP ports.
Functional Description
ETX-2i uses logical MAC ports to connect flows to GFP (Generic Framing
Procedure) ports that provide a logical link to modular E1/T1/T3 ports, or to the
TDM ports that become available when smart SFPs are inserted (see Smart SFPs).
In the case of modular E1/T1/T3 ports, the logical MAC port can operate as a
network or user port (user configurable).
Factory Defaults
By default, no logical MAC ports exist. When a logical MAC port is created, it is
configured as shown below.
Binding logical MAC port to GFP port bind gfp <port> The GFP port must exist.
Use the no bind form to
remove the binding.
Specifying classification key per port classification-key [legacy] legacy No classification key is
[vlan] [inner-vlan] used.
vlan Classification key
according to VLAN
inner-vlan Classification key
according to VLAN + Inner
VLAN
Valid for flow classifier only.
You can change the port
classification key only if all
flows using this port are
administratively disabled.
See the relevant table In the
Classification Keys section
below to see the queue/priority
mapping methods for the
selected classification key, as
well as the flows / flow
parameters that can be
configured for the key.
Configuring port to trust DHCP packets dhcp-trust Client ports must always be
sent from server untrusted (no dhcp-trust);
otherwise, the DHCP relay
discards the discovery
messages sent from the client
port to the server.
Relevant only if DHCP snooping
is enabled.
Configuring OAM EFM descriptor efm descriptor See Configuring OAM EFM.
<efm-descriptor-index>
Setting maximum frame size to transmit egress-mtu <size> Maximum size is 12,288.
(frames above the specified size are
discarded)
Examples
To configure logical MAC port 3:
Bind to GFP port 3.
exit all
logical-mac 3
bind gfp 3
no shutdown
exit all
To display information on logical MAC port 3:
ETX-2i>config>port# logical-mac 3
ETX-2i>config>port>log-mac(3)# info detail
name "LOGICAL MAC 3"
no shutdown
bind gfp 3
tag-ethernet-type 0x8100
egress-mtu 1790
queue-group profile "DefaultQueueGroup"
l2cp profile "L2cpDefaultProfile
Applicable Products
This feature is applicable to ETX2i with an SHDSL or VDSL2 module.
Standards
ITU-T G.991.2
ETSI TS 101524
Benefits
You can create flows over the PCS port.
Functional Description
The PCS (physical coding sublayer) port represents the bundling of the modular
SHDSL/VDSL2 interfaces. By default, all SHDSL/VDSL2 lines are bound to a single
PCS port. The PCS port can operate as a network or user port (user configurable).
Factory Defaults
The PCS port default configuration is shown below.
Specifying classification key per port classification-key [legacy] [vlan] [inner- legacy No classification key is used.
vlan] vlan Classification key according to VLAN
inner-vlan Classification key according to
VLAN + Inner VLAN
Valid for flow classifier only.
You can change the port classification key
only if all flows using this port are
administratively disabled.
See the relevant table In the Classification
Keys section below to see the
queue/priority mapping methods for the
selected classification key, as well as the
flows / flow parameters that can be
configured for the key.
Configuring port to trust DHCP packets dhcp-trust Client ports must always be untrusted
sent from server (no dhcp-trust); otherwise, the DHCP relay
discards the discovery messages sent from
the client port to the server.
Relevant only if DHCP snooping is enabled.
Configuring OAM EFM descriptor efm descriptor <efm-descriptor-index> See Configuring OAM EFM.
Running loopback test on port loopback {local|remote} [duration Use the no loopback command to stop the
<seconds>] test.
Configuring collection of performance pm-collection interval <seconds> Note: In addition to enabling PM statistics
management statistics for the port, collection for the ports, it must be enabled
that are presented via the RADview for the device. Refer to the Performance
Performance Management portal Management section in the Monitoring and
Diagnostics chapter for details.
Associating a policer profile with the policer profile <policer-profile-name> Typing no policer removes any policer
port profile from the port.
Associating a queue group profile with queue-group profile Typing no queue-group removes any queue
the port <queue-group-profile-name> group profile from the port.
Displaying port statistics show statistics running See Viewing PCS Port Statistics.
Example
Running
---------------------------------------------------------------
Counter Rx Tx
Total Frames 0 0
Total Octets 0 0
Total Frames/Sec 0 0
Total Bits/Sec 0 0
Minimum Bits/Sec 0 0
Maximum Bits/Sec 0 0
Unicast Frames 0 0
Multicast Frames 0 0
Broadcast Frames 0 0
CRC Errors 0
Error Frames 0 --
L2CP Discarded 0 --
CFM Discarded 0 --
MTU Discarded 0 56
Unknown Protocol Discarded 0 --
CRC Errors/Sec 0
Jabber Errors 0 --
Oversize Frames 0 0
64 Octets 0 0
65-127 Octets 0 0
128-255 Octets 0 0
256-511 Octets 0 0
512-1023 Octets 0 0
1024-1518 Octets 0 0
1519-2047 Octets 0 0
2048-Max Octets 0 0
MTU Discarded Flow : --/EVC1-TLV
Parameter Description
Window Size [Min.] Interval for sampling statistics, user-configurable (see Setting Sampling
Interval for Port Statistics)
Window Remain Time [Min.] Amount of time remaining in statistics sampling window
Total Frames Total number of frames received/transmitted
Total Octets Total number of bytes received/transmitted
Total Frames/Sec Number of frames received/transmitted per second
Total Bits/Sec Number of bits received/transmitted per second
Minimum Bits/Sec Minimum number of bits received/transmitted per second
Maximum Bits/Sec Maximum number of bits received/transmitted per second
Unicast Frames Total number of unicast frames received/transmitted
Multicast Frames Total number of multicast frames received/transmitted
Broadcast Frames Total number of broadcast frames received/transmitted
CRC Errors Total number of frames received that are an integral number of octets in
length, but do not pass the Frame Check Sequence (FCS) check. This count
excludes frames received with Frame-Too-Long or Frame-Too-Short error.
Error Frames Total number of frames with errors received
L2CP Discarded Total number of L2CP frames discarded
CFM Discarded Total number of CFM frames discarded. See OAM Packet Handling for all
cases when OAM packet is discarded.
MTU Discarded Total number of packets dropped due to exceeding the egress-mtu limit
configured over the port
Unknown Protocol Discarded Total number of frames with unknown protocol discarded
CRC Errors/Sec Number of frames per second received that are an integral number of octets
in length, but do not pass the Frame Check Sequence (FCS) check. This count
excludes frames received with Frame-Too-Long or Frame-Too-Short error.
Jabber Errors Total number of frames received with jabber errors
Oversize Frames Total number of oversized frames received/transmitted
64 Octets Total number of received/transmitted 64-byte packets
65127 Octets Total number of received/transmitted 65 to 127-byte packets
128255 Octets Total number of received/transmitted 128 to 255-byte packets
256511 Octets Total number of received/transmitted 256 to 511-byte packets
5121023 Octets Total number of received/transmitted 512 to 1023-byte packets
10241518 Octets Total number of received/transmitted 1024 to 1518-byte packets
15192047 Octets Total number of received/transmitted 1519 to 2047-byte packets
2048Max Octets Total number of received/transmitted packets with 2048 bytes and up to
maximum
MTU Discarded Flow The last flow from which MTU packets were discarded
5.7 Peers
Configuring peers provides access to remote devices.
Peers are remote devices operating opposite router interfaces that can be linked
in order to access the 1588v2 master clock.
Factory Defaults
By default, no peers are defined in ETX-2i.
Configuring Peers
You can define up to 64 peers as explained below.
To define a peer:
At the config# prompt, do one of the following:
To define the peer according to IP address, type:
peer <number> ip <ip-address> [name <name>]
To define the peer according to MAC address, type:
peer <number> mac <mac-address> [name <name>]
Benefits
SVIs are used as ingress and egress ports for flows, serving as intermediaries for
routers.
Functional Description
Service virtual interfaces (SVIs) are logical ports used to link router interfaces with
Ethernet ports (via Layer-2 flows) or TWAMP controllers/responders.
Factory Defaults
By default, no SVIs exist in ETX-2i.
Note If the SVI port is intended for use with TWAMP, type port svi <port-num> twamp
when creating it.
5.9 VCGs
VCG ports provide a logical link to modular E1/T1/T3 ports, if applicable.
Standards
ITU-T G.7042
ITU-T G.7043
Benefits
The VCG port provides a logical link to modular E1/T1/T3 ports.
Functional Description
A VCG (Virtual Concatenation Group) logical port is used to group the E1/T1/T3
ports that are available if the appropriate type of module has been provisioned
and inserted.
By default, the Tx clock of the E1/T1/T3 ports in the module is the internal clock
provided by the internal oscillator of the module. You have the option of
selecting instead the loopback clock retrieved from the port's incoming (Rx) data,
as the Tx clock of the E1/T1/T3 ports. For the ETX2i EoPDH AIO module, you
have yet another option of selecting the domain clock provided by the ETX2i
CSM system clock as the Tx clock of the E1s.
Note The Rx clock of an E1 in an ETX2i EoPDH AIO module can also be provided as a
source clock to ETX2i CSM, provided the E1 port is bound to VCG 5. For further
information, refer to the Clock Selection section in Chapter 9.
Note The VCG logical port is used only if the module contains multiple E1/T1/T3 ports,
and a GFP port is then bound to the VCG port. If a module with a single T3 port is
installed, the GFP port is bound directly to the T3 port.
Factory Defaults
By default, no VCG ports exist. When a VCG port is created, it is configured as
shown below.
Binding VCG port to E1 port bind e1 <slot>/<port> Note: Successful only if the
no bind e1 <slot>/<port> E1/T1 module is installed.
Binding VCG port to T1 port bind t1 <slot>/<port> Note: Successful only if the
no bind t1 <slot>/<port> E1/T1 module is installed.
Binding VCG port to T3 port bind t3 <slot>/<port> Note: Successful only if the T3
no bind t3 <slot>/<port> module is installed.
Selecting the transmit clock source tx-clock-source {loopback | loopback clock retrieved
internal | domain <number>} from the port's incoming
(Rx) data
internal clock provided by
internal oscillator of the
E1/T1/T3 module
domain clock provided by
ETX2i CSM system clock.
This option is available only
for modular E1 ports of
ETX2i EoPDH AIO module.
Examples
To configure VCG port 5 with module containing two E1 ports, and with system
clock from ETX2i CSM:
#*****ports E1 configuration***************************
configure port
e1 1/1
no shutdown
exit
e1 1/2
no shutdown
exit all
#*****ports GFP bind MAC configuration******************
configure port
vcg 5
bind e1 1/1
bind e1
tx-clock-source domain 1
exit
gfp 5
bind vcg 5
exit
logical-mac 5
bind gfp 5
no shutdown
exit all
To configure VCG port 5 with module containing two T3 ports:
ETX-2i>config>port# vcg 5
Lower Layer
---------------------------------------------------------------
T3 1
T3 2
Benefits
There is no need to choose E1 or T1 when ordering the unit.
Functional Description
All ports must work in the same mode, therefore configuring any port sets all
ports to the same mode.
Before changing the E1/T1 port mode, any corresponding GFP ports/VCGs/logical
MAC ports/pseudowires/PW cross connects must be deleted. After changing the
mode, ETX-2i must be restarted.
Factory Defaults
By default, the E1/T1 ports are set to E1 mode.
5.11 E1 Ports
The European Conference of Postal and Telecommunications Administrations
(CEPT) standardized the E-Carrier system, which was then adopted by the
International Union Telecommunication Standardization sector (ITU-T), and is
used in almost all countries outside the USA, Canada, and Japan.
The most commonly used versions are E1 and E3. E1 circuits are very common in
most telephone exchanges and used to connect medium and large companies to
remote exchanges. In many cases, E1 connects exchanges with each other.
E1 ports are applicable to ETX-2i as follows:
Smart SFP E1 ports:
Smart SFP E1 ports are available for ETX2i and ETX-2i-B when smart SFPs
such as MiRICi-E1 or MiTOP-E1 are provisioned; for ETX-2i-10G in
standalone mode only (see Smart SFPs).
Smart SFP E1 ports do not support encapsulation via VCG.
Smart SFP E1 ports are referenced as [<slot>/]<port>/<tributary>:
<slot> is relevant to modular ports.
<tributary> is always set to 1.
E1/T1 module:
Modular E1/T1 ports can be configured to E1 mode (see DS1 (E1/T1)
Ports). The default mode is E1.
Modular E1 ports support encapsulation via VCG (see VCGs).
Modular E1 ports are referenced as <slot>/<port>.
Standards
CCITT G.732
ITU-T G.703
ITU-T G.704
ITU-T G.823
Benefits
E1 lines are high-speed dedicated lines that enable large volume usage.
Functional Description
An E1 link operates over a twisted pair of cables. A nominal 3-volt peak signal is
encoded with pulses using a method that avoids long periods without polarity
changes. The line data rate is 2.048 Mbps at full duplex, which means 2.048 Mbps
downstream and 2.048 Mbps upstream. The E1 signal splits into 32 timeslots
each of which is allocated 8 bits. Each timeslot sends and receives an 8-bit
sample 8000 times per second (8 x 8000 x 32 = 2,048,000), which is ideal for
voice telephone calls where the voice is sampled into an 8-bit number at that
data rate and restored at the other end. The timeslots are numbered from 0 to
31.
Factory Defaults
By default, no smart SFP E1 ports exist.
By default, modular E1/T1 ports are set to E1 mode and have the following
configuration.
Configuring E1 Ports
To configure E1 ports:
1. Navigate to configure port e1 <port>.
2. At the config>port# prompt, type:
e1 <port>/<tributary>
The prompt config>port>e1(<port>/<tributary>)# is displayed.
3. Enter all necessary commands according to the tasks listed below.
Specifying the framing mode of line-type { unframed | g732n | g732n-crc | unframed no framing;
the port g732s | g732s-crc } relevant only for built-in
E1 ports
g732n G.732N framing
with CRC disabled
g732n-crc G.732N
framing with CRC enabled
g732s G.732S framing
(CAS) with CRC disabled
g732s-crc G.732S
framing (CAS) with CRC
enabled.
Running loopback test on E1 port loopback {local | remote} local returns the
[duration <seconds>] transmitted data at the
physical layer to the
receiving path
remote returns the
received data at the
physical layer to the
transmitting path
Click here to enter text.
duration specifies the
duration of the loopback
(in seconds).
Possible values: 1 to 3600
If duration is not
specified, the loopback
test runs forever, until
stopped.
Use no loopback to disable
the loopback test.
Displaying the port statistics show statistics current E1 current and interval
show statistics interval <interval-num> statistics for E1 unframed and
E1 framed with CRC.
show statistics all-intervals
show statistics all
To configure E1 ports:
1. If the module type is not E1/T1, power off ETX-2i, insert the E1/T1 module,
and then power on ETX-2i.
2. Provision the module type as E1/T1 (see Configuring Module).
3. Configure the port to E1 mode (see Configuring E1/T1 Ports).
4. At the config>port# prompt, type:
e1 [<slot>/]<port>/<tributary>
The prompt config>port>e1([<slot>/]<port>/<tributary>)# is displayed.
5. Enter all necessary commands according to the tasks listed below.
Specifying the framing mode of line-type { unframed | g732n | g732n-crc | unframed no framing
the port g732s | g732s-crc } g732n G.732N framing
with CRC disabled
g732n-crc G.732N
framing with CRC enabled
g732s G.732S framing
(CAS) with CRC disabled
g732s-crc G.732S
framing (CAS) with CRC
enabled
Note: Only g732n-crc can be
configured for modular E1
ports.
Running loopback test on E1 port loopback {local | remote} local returns the
[duration <seconds>] transmitted data at the
physical layer to the
receiving path
remote returns the
received data at the
physical layer to the
transmitting path.
Currently not supported.
duration specifies the
duration of the loopback
(in seconds).
Possible values: 1 to 3600
If duration is not
specified, the loopback
test runs forever, until
stopped.
Use no loopback to disable
the loopback test.
Note Initialize the database of the MiTOP before inserting it into the device. Refer to
the Setting the Switches section in the Installation and Setup chapter of the
MiTOP E1T1 Installation and Operation manual.
Running loopback test loopback {local | remote} local returns the transmitted data at
on E1 port [duration <seconds>] the physical layer to the receiving path
remote returns the received data at
the physical layer to the transmitting
path
duration specifies the duration of the
loopback (in seconds).
Possible values: 1 to 3600
If duration is not specified, the
loopback test runs forever, until
stopped.
Use no loopback to disable the loopback.
test.
Specifying if pm-enable
performance reporting
is enabled for the port
Specifying the port source-clock-quality {stratum1 | Clock quality used in adaptive clock
clock quality stratum2 | stratum3 | stratum3e | recovery set according to parameter
stratum4} specified:
stratum1 PRC G.811
stratum2 Type II G.812
stratum3 Type IV G.812
stratum3e Type III G.812
stratum4 Free running
5.12 E3 Ports
Groups of E1 circuits are bundled into higher-capacity E3 links, which are mainly
used between exchanges, operators, and/or countries, and have a transmission
speed of 34.368 Mbps.
E3 ports are available when smart SFPs such as MiRICi-E3 or MiTOP-E3 are
provisioned (see Smart SFPs).
Smart SFP E3 ports are referenced as [<slot>/]<port>/<tributary>:
<slot> is relevant to modular ports.
<tributary> is always set to 1.
Standards
ITU-T G.703
ITU-T G.704
ITU-T G.823
Benefits
E3 lines provide high-capacity circuits.
Functional Description
Each E3 signal has 16 E1 channels, and each channel transmits at 2.048 Mbps. E3
links use all eight bits of a channel.
Factory Defaults
By default, no E3 ports exist.
Configuring E3 Ports
To configure E3 ports:
1. Provision a smart SFP such as MiRICi-E3 or MiTOP-E3 and insert it into an
Ethernet port (see Smart SFPs).
Note Initialize the database of the MiTOP before inserting it into the device. Refer to
the Setting the Switches section in the Installation and Setup chapter of the
MiTOP E1T1 Installation and Operation manual.
Running loopback test loopback {local | remote } local returns the transmitted
on E3 port [start <seconds> ] data at the physical layer to the
[duration <seconds>] receiving path
remote returns the received data
at the physical layer to the
transmitting path
start specifies the time (in
seconds) until the loopback starts.
Possible values: 1 to 3600
duration specifies the duration
of the loopback (in seconds).
Possilbe values: 1 to 3600
If duration is not specified, the
loopback test runs forever, until
stopped.
Use no loopback to disable the
loopback test.
Specifying if pm-enable
performance reporting
is enabled for the port
Specifying the port source-clock-quality {stratum1 | Clock quality used in adaptive clock
clock quality stratum2 | stratum3 | stratum3e | recovery set according to parameter
stratum4} specified:
stratum1 PRC G.811
stratum2 Type II G.812
stratum3 Type IV G.812
stratum3e Type III G.812
stratum4 Free running
Selecting the transmit tx-clock-source {loopback | internal | loopback clock retrieved from
clock source pw <number>} the port's incoming (Rx) data
internal clock provided by
internal oscillator
pw clock provided by PW bundle
Note: The pw option is available only
for MiTOP.
Functional Description
Options
ETX-2i has four or eight fixed SFP/copper combo ports. If ordered with the
modular GbE option, it has four fixed SFP/copper combo ports, and two fiber
optic/copper (combo) Gigabit Ethernet ports on the module.
ETX-2i-B has four or six fixed SFP/copper combo ports (two Network ports and
two or four User ports, depending on the ordering option).
ETX-2i-10G half 19 has four ETH SFP+ ports, four UTP ports, and four combo or
SFP ports.
ETX-2i-10G full 19 has four ETH SFP+ ports, 12 UTP ports, and 12 SFP ports.
Numbering
The following table shows how to refer to the ports when configuring them with
CLI commands.
ETX2i
MNG-ETH 0/101
ETX-2i-B
MNG-ETH 0/101
ETX-2i-10G Half 19
MNG-ETH 0/101
ETX-2i-10G Full 19
MNG-ETH 0/101
Note For ETX2i with D-NFVoption, user ports 7 and 8 are not available.
MAC Addresses
ETX-2i has multiple MAC addresses. Each Ethernet port is assigned a different
MAC address.
You can view the MAC address assigned to an Ethernet port via show status (see
Viewing Ethernet Port Status). For information on which MAC address is used by a
particular feature, refer to the relevant section in this manual.
Ethertype
Ethertype configured per-port is used for identification of VLAN-tagged frames at
ingress and Ethertype stacking at egress. This refers to the outer VLAN only. The
outer VLAN of an incoming packet must match the configured Ethertype of the
port in order to be considered a VLAN-tagged frame (otherwise frame is
considered untagged or dropped). See the Ethertype section in Chapter 6 for
details.
Silent Start
Network operators use both point-to-point and point-to-multipoint Optical
Access Networks (OANs), depending on the application. For example, a Passive
Optical Network (PON) is a point-to-multipoint OAN. One of the major challenges
to operating and maintaining such OANs securely is that misconnecting a point-
to-point Optical Network Terminal (ONT) or Ethernet equipment to a branch of a
PON can cause a service outage in the PON system. In order to address this issue,
a Silent Start function is introduced in all types of ONTs, which inhibits an ONT
transmitter's power at startup until the receiver recognizes consistent incoming
data. On recovery of "understandable" data by the receiver, the transmitter is
enabled to enter a handshaking process with the Optical Line Terminal (OLT).
Optical Network Units (ONUs) transmit in assigned time slots to avoid disturbing
each other over the shard fiber, as a non-GPON device transmitting continuously
is likely to bring down a GPON segment.
Factory Defaults
By default, the non-management Ethernet ports have the following configuration.
Note If a smart SFP has been provisioned, the Ethernet port parameters are not
accessible for configuration.
Note The only parameter that can be configured for the management Ethernet port is
PM collection. To configure the management Ethernet port, navigate to configure
port mng-ethernet.
Enabling autonegotiation for FE/GbE auto-negotiation Autonegotiation is not applicable for SFP+
port ports with speed-duplex configured to 10g-r
(ETX-2i-10G).
Entering no auto-negotiation disables
autonegotiation.
auto-negotiation can be enabled only if
silent-start is disabled (sanity check).
Specifying classification key per port classification-key [legacy] [vlan] [inner- legacy No classification key is used.
vlan] vlan classification key according to VLAN
inner-vlan classification key according to
VLAN + Inner VLAN
Valid for flow classifier only.
You can change the port classification key
only if all flows using this port are
administratively disabled.
See the relevant table In the Classification
Keys section below to see the queue/priority
mapping methods for the selected
classification key, as well as the flows / flow
parameters that can be configured for the
key.
Configuring port to trust DHCP packets dhcp-trust Client ports must always be untrusted
sent from server (no dhcp-trust); otherwise, the DHCP relay
discards the discovery messages sent from
the client port to the server.
Relevant only if DHCP snooping is enabled.
Configuring OAM EFM descriptor efm descriptor <efm-descriptor-index> See OAM EFM.
Binding a Fat pipe detection profile to fat-pipe-detection profile <profile-name> Profile-name name of the fat pipe
a port detection profile bound to the port
Type no fat-pipe-detection to unbind fat
pipe detection profile from the port.
Relevant for ETX-2i-10G half 19 only.
You can define a single Fat-pipe detection
profile.
Setting port to function as network or functional-mode {network | user} Note: Relevant to port 0/2
user See Table 5-5 for further information.
Associating a Layer-2 control l2cp profile <l2cp-profile-name> Be sure to assign the same L2CP profile to
processing profile with the port both network ports.
The associated L2CP profile must specify
peer action for MAC 0x02 in the following
cases:
The port needs to receive clock
signals (i.e. is defined as clock source).
LACP (LAG) is enabled for the port.
Link OAM (EFM) is enabled for port.
Configuring LLDP parameters lldp See Link Layer Discovery Protocol (LLDP) for
details.
Executing loopback test loopback {local | remote} See Testing Ethernet Ports.
[duration <seconds>]
Setting maximum advertised capability max-capability {10-full-duplex | 10-full-duplex 10baseT full duplex
(highest traffic handling capability to 100-full-duplex | 1000-full-duplex | 100-full-duplex 100baseT full duplex
be advertised during the 1000-x-full-duplex } [{sfp | rj45}]
1000-full-duplex 1000base T full duplex
autonegotiation process) for FE/GbE
port if autonegotiation is enabled 1000-x-full-duplex 1000 BaseX,
1000 BaseLX, 1000 BaseSX, or 1000 BaseCX
full duplex
Note: Use sfp or rj45 for combo ports to
configure different values for the SFP and
RJ-45 modes. If neither sfp nor rj45 is
specified, the command applies to both
modes. The device works with the values
that apply according to whether an SFP is
inserted.
Defining maximum quality level of max-ql {prc | ssu-a | ssu-b | sec | dnu | The quality level of the SyncE transmitted
clock source, if SyncE is transmitted ssm-based | prs | stu | st2 | tnc | st3e | st3 over this port is the minimum of the quality
over the port | smc | st4 | dus | ssm-based | prov | unk | level set by this command, and the system
sec | dnu | ssm-based} quality level set by clock selection.
Note: Refer to the Clock Selection section in
the Timing and Synchronization chapter for
an explanation of the quality levels.
Assigning description to port name <string> Entering no name removes the name.
Configuring collection of performance pm-collection interval <seconds> Note: You can enable PM statistics collection
management statistics for the port, for all Ethernet ports rather than enabling it
that are presented via the RADview for individual ports. In addition to enabling
Performance Management portal PM statistics collection for the ports, it must
be enabled for the device. Refer to the
Performance Management section in the
Monitoring and Diagnostics chapter for
details.
Associating a policer profile for policer profile <policer-profile-name> Typing no policer removes any policer profile
broadcast/multicast traffic with the from the port.
port
Measuring port data rate and line rate rate-measure interval <seconds> Possible values: 10300
See Viewing Ethernet Port Data Rate and
Line Rate for details.
Enabling/disabling Silent Start [no] silent-start This parameter is visible for optical ports
only.
silent-start can be configured only if auto-
negotiation is disabled (no uto-negotiation).
Setting data rate and duplex mode of speed-duplex {10-full-duplex | 10-full-duplex 10baseT full duplex
FE/GbE port and SFP+ (1GbE) port 100-full-duplex | 1000-full-duplex | 100-full-duplex 100baseT full duplex
1000-x-full-duplex [{sfp | rj45}]
1000-full-duplex 1000base T full duplex
1000-x-full-duplex 1000 BaseX,
1000 BaseLX, 1000 BaseSX, or 1000 BaseCX
full duplex
Notes:
The values 10-full-duplex,
100-full-duplex, 1000-full-duplex, and
1000-x-full-duplex are relevant only when
auto-negotation is disabled.
Use sfp or rj45 for combo ports to
configure different values for the SFP and
RJ-45 modes. If neither sfp nor rj45 is
specified, the command applies to both
modes. The device works with the values
that apply according to whether an SFP is
inserted.
It is not possible to downgrade SFP+
ports that are set to 10G by the ordering
option.
Downgrading an SFP+ port from 10GbE to
1GbE returns the port configuration to its
default values.
Setting data rate and duplex mode of speed-duplex 10g-r Relevant for ETX-2i-10G SFP+ ports, only if
SFP+ port (10GbE) license exists.
10g-r Sets SFP+ port speed to 10GbE
(relevant for ETX-2i-10G SFP+ ports that are
1GbE capable).
Notes:
Autonegotiation is not applicable for
SFP+ ports with speed-duplex configured
to 10g-r.
Upgrading an SFP+ port from 1GbE to
10GbE returns the port configuration to
its default values.
Setting the VLAN tagged frame ETH II tag-ethernet-type <0x0000-0xFFFF> Port Ethertype can be set to one of the
frame Ethertype (tag protocol following values, provided it has been
identifier) defined at the device (chassis) level:
0x8100 (default)
0x88a8
A user configurable Ethertype (two can
be configured)
Note: If you do not configure an Ethertype
for the port, the port uses the default
setting (8100).
Enabling transmitting of clock tx-ssm You should enable this for Ethernet ports
availability and quality via SSM that transmit clock signals. The MAC address
of the transmitting port is used in the SSM
message.
Entering no tx-ssm disables sending SSM
messages.
Displaying information on active and show fat-pipe-list { active | history | all } all option shows both Active and History
history (closed) Fat pipes entries.
See Displaying Fat Pipe Information.
Relevant for ETX-2i-10G half 19 only.
Displaying L2CP statistics show l2cp-statistics See Displaying Layer-2 Control Processing
Statistics.
Displaying measured port data rate show rate See Viewing Ethernet Port Data Rate and
and line rate Line Rate for details.
Displaying the port statistics show statistics See Viewing Ethernet Port Statistics.
Displaying the port status show status See Viewing Ethernet Port Status.
Notes When you change the functional mode, all flows related to the port are
deleted.
The port must be administratively disabled before you can change the
functional mode.
Examples
Note The port operational status indicates if the port is down to fault propagation.
Display of an optical Ethernet port status includes the Silent Start status,
provided Silent Start has been enabled. Silent Start status can be one of the
following:
To display the status of all Ethernet ports with full port names:
At the prompt config>port#, enter:
show summary-full-name
Notes The SFP/XFP wavelength values display the exact values from the SFP/XFP
registers.
In case of DDM SFP/XFP, 1/100 nano meter resolution is supported
(e.g 1536.61).
SFP
---------------------------------------------------------------
Connector Type : LC
Manufacturer Name : RAD data comm.
Manufacturer Part Number : MiRICi-155
Typical Maximum Range (Meter) : 15000
Wave Length (nm) : 1310.00
Fiber Type : Not Applicable
Administrative Status : Up
Operational Status : Up
Connector Type : SFP
Auto Negotiation .. : Disabled
Speed And Duplex .. : 1000 Full Duplex
MAC Address : 00-20-D2-51-0C-50
Silent Start : In progress
Example
Ethernet port statistics are displayed. The counters are described in the
following table.
Example
Running
--------------------------------------------------------------
Rx Tx
Total Frames : 0 5257039970304
Total Octets : 0 0
Total Frames/Sec : 0 0
Total Bits/Sec (L1) : 0 0
Minimum Bits/Sec (L1) : 0 0
Maximum Bits/Sec (L1) : 0 0
Total Bits/Sec (L2) : 0 0
Minimum Bits/Sec (L2) : 0 0
Maximum Bits/Sec (L2) : 0 0
Unicast Frames : 0 0
Multicast Frames : 0 1224
Broadcast Frames : 0 0
CRC Errors : 0 --
Error Frames : 0 --
L2CP Discarded : 0 --
OAM Discarded : 0 --
MTU Discarded : 0 56
Unknown Protocol Discarded : 0 --
CRC Errors/Sec : 0 --
Jabber Errors : 0 --
Oversize Frames : 0 0
64 Octets : 0 0
65-127 Octets : 0 0
128-255 Octets : 0 0
256-511 Octets : 0 0
512-1023 Octets : 0 0
1024-1528 Octets : 0 0
1519-2047 Octets : 0 0
2048-Max Octets : 0 0
MTU Discarded Flow : --/EVC1-TLV
Parameter Description
Window Size [Min.] Interval for sampling statistics, user-configurable (see Setting Sampling
Interval for Port Statistics)
Window Remain Time [Min.] Amount of time remaining in statistics sampling window
Parameter Description
Total Frames Total number of frames received/transmitted
Total Octets Total number of bytes received/transmitted
Total Frames/Sec Number of frames received/transmitted per second
Total Bits/Sec (L1) Number of bits received/transmitted per second in Layer 1, using the line
rate: [Total number of bytes + (number of packets x 20 bytes of line
overhead)] divided by the time interval
Minimum Bits/Sec (L1) Minimum number of bits received/transmitted per second in Layer 1, using
the line rate: [Total number of bytes + (number of packets x 20 bytes of line
overhead)] divided by the time interval
Maximum Bits/Sec (L1) Maximum number of bits received/transmitted per second in Layer 1, using
the line rate: [Total number of bytes + (number of packets x 20 bytes of line
overhead)] divided by the time interval
Total Bits/Sec (L2) Number of bits received/transmitted per second in Layer 2, using the data
rate: [Total number of bytes (not including line overhead) divided by the
time interval
Minimum Bits/Sec (L2) Minimum number of bits received/transmitted per second in Layer 2, using
the data rate: [Total number of bytes (not including line overhead) divided
by the time interval
Maximum Bits/Sec (L2) Maximum number of bits received/transmitted per second in Layer 2, using
the data rate: [Total number of bytes (not including line overhead) divided
by the time interval
Unicast Frames Total number of unicast frames received/transmitted
Multicast Frames Total number of multicast frames received/transmitted
Broadcast Frames Total number of broadcast frames received/transmitted
Error Frames Total number of frames with errors received
L2CP Discarded Total number of L2CP frames discarded
OAM Discarded Total number of OAM frames discarded. See OAM Packet Handling for all
cases when OAM packet is discarded.
MTU Discarded Total number of packets dropped due to exceeding the egress-mtu limit
configured over the port. Relevant to Ethernet, PCS, and Logical MAC ports.
Unknown Protocol Discarded Total number of frames with unknown protocol, which are discarded. This
includes:
Packets dropped as they were not matched by a classifier profile
Packets dropped by the L2PT mechanism as a result of a non-existant
forwarding path
CRC Errors Total number of frames received that are an integral number of octets in
length, but do not pass the Frame Check Sequence (FCS) check. This count
excludes frames received with Frame-Too-Long or Frame-Too-Short error.
CRC Errors/Sec Number of frames per second received that are an integral number of octets
in length, but do not pass the Frame Check Sequence (FCS) check. This count
excludes frames received with Frame-Too-Long or Frame-Too-Short error.
Jabber Errors Total number of frames received with jabber errors
Parameter Description
Oversize Frames Total number of oversized frames received/transmitted
64 Octets Total number of received/transmitted 64-byte packets
65127 Octets Total number of received/transmitted 65 to 127-byte packets
128255 Octets Total number of received/transmitted 128 to 255-byte packets
256511 Octets Total number of received/transmitted 256 to 511-byte packets
5121023 Octets Total number of received/transmitted 512 to 1023-byte packets
10241518 Octets Total number of received/transmitted 1024 to 1518-byte packets
15192047 Octets Total number of received/transmitted 1519 to 2047-byte packets
2048Max Octets Total number of received/transmitted packets with 2048 bytes and up to
maximum
MTU Discarded Flow The last flow from which MTU packets were discarded. Relevant to Ethernet,
PCS, and Logical MAC ports.
Example
Entity : e2000
To display the information of history (closed) Ethernet port 0/1 Fat pipes:
Entity : e2000
Entity : e2000
Parameter Description
Example
Total 0 0
Clearing Statistics
To start data rate and line rate measurements for an Ethernet port:
At the prompt config>port>eth([<slot>/]<port-num>)#, enter:
rate-measure interval <seconds>
The rate measurement starts. You can use show rate to monitor how
much of the time interval has elapsed. The result is automatically
displayed, without the need to enter show rate, after the specified time
interval ends.
Example
To display the data rate and line rate for Ethernet port 1/2:
ETX-2i# configure port ethernet 1/2
ETX-2i>config>port>eth(1/2)# rate-measure interval 30
ETX-2i>config>port>eth(1/2)#
Name : ETH-1/2
Status : Passed
Start Time : 2014-11-13 12:14:16 UTC +00:00
Duration (Sec) : 30
L1 L2
Rx Rate (bps) : 1000 950
Tx Rate (bps) : 1500 1400
Standards
SDH is defined by ITU-T G.707, G.781, G.782, G.783, and G.803. SONET is an ANSI
standard defined in T1.105 and T1.119.
Benefits
SDH and SONET allow many different circuits from different sources to be
transported simultaneously within one single framing protocol.
Functional Description
SDH is based on STM-1 which has a data rate of 155.52 Mbps, equivalent to
STS-3. SONET is based on transmission at speeds of multiples of 51.840 Mbps, or
STS-1.
Factory Defaults
By default, no SDH/SONET ports exist.
Running loopback test loopback {local | remote } local returns the transmitted
on port [start <seconds> ] [duration <seconds>] data at the physical layer to the
receiving path
remote returns the received data
at the physical layer to the
transmitting path
start specifies the time (in
seconds) until the loopback starts
duration specifies the duration of
the loopback (in seconds). If
duration is not specified, the
loopback test runs forever, until
stopped.
Use no loopback to disable the
loopback test.
Specifying if pm-enable
performance reporting
is enabled for the port
Applicable Products
This feature is applicable to ETX2i with an SHDSL module.
Standards
ITU-T G.991.2 (SHDSL.bis)
ITU-T G.994.1 (DSL Handshake)
Benefits
ETX-2i can aggregate traffic over the SHDSL.bis links.
Functional Description
SHDSL stands for Single Pair High-speed Digital Subscriber Line. It is a data
communications technology that enables faster data transmission over copper
telephone lines than a conventional voice band modem can provide. Compared to
ADSL, SHDSL employs frequencies that include those used by traditional POTS
telephone services to provide equal data rates to transmit and receive. As such, a
telephone line cannot be used by both an SHDSL service and a POTS service at
the same time. Support of symmetric data rates has made SHDSL a popular
choice by businesses for PBX, VPN, web hosting and other data services.
Example
To display the status of SHDSL port 1:
ETX-2i# config port shdsl 1/1
ETX-2i>config>port>shdsl(1/1)# show status
Name : SHDSL-1/1
Administrative Status : Up
Operation Status : Down
Wires : 2
Transmission Mode : B-G
Payload Rate (Kbps) : 0
Wires
-----------------------------------------------------------------------------
State SNR Loop Tx PSD Power
Margin Attenuation Power Mask Backoff
(db) (db) (dBm)
-----------------------------------------------------------------------------
Pre Activation 0 0 0.0 Symmetric 6
Applicable Products
This feature is applicable to ETX2i with a VDSL2 module; operates in CPE mode
only.
Standards
ITU-T G.993.2, G.997.1, G.998.2
IEEE 802.3
Benefits
ETX-2i can aggregate traffic over the VDSL.bis links.
Functional Description
VDSL2 (Very High Speed Digital Subscriber Line Transceivers 2) is an access
technology that enables delivery of very high-speed internet access over copper
telephone lines much higher than a conventional voice band modem can
provide.
VDSL2 main features include:
Displaying port status show status See Viewing VDSL2 Port Status.
Displaying port statistics show statistics See Viewing VDSL2 Port Statistics.
Assigning port name name <string> Typing no name removes the port name.
Example
Parameter Description
Example
ES : 0 SES : 0
UAS : 0 FEC : 2
LOSS : 0
Parameter Description
5.17 T1 Ports
The T-carrier signaling scheme was devised by Bell Labs and is a widely used
standard in telecommunications in the USA, Canada, and Japan to transmit voice
and data between devices. T1, also referred to as DS-1, is a dedicated data line
that transmits information at the speed of 1.544 Mbps.
T1 ports are applicable to ETX-2i as follows:
Smart SFP T1 ports:
Smart SFP T1 ports are available when smart SFPs such as MiRICi-T1 or
MiTOP-T1 are provisioned (see Smart SFPs)
Smart SFP T1 ports do not support encapsulation via VCG
Smart SFP T1 ports are referenced as [<slot>/]<port>/<tributary>:
<slot> is relevant to modular ports.
<tributary> is always set to 1.
E1/T1 module:
Modular E1/T1 ports can be configured to T1 mode (see DS1 (E1/T1)
Ports). The default mode is E1.
Modular T1 ports support encapsulation via VCG (see VCGs)
Modular T1 ports are referenced as <slot>/<port>.
Standards
ITU-T G.703
ITU-T G.704
ITU-T G.823
Benefits
T1 lines are high-speed dedicated lines that enable large volume usage.
Functional Description
A T1 link operates over a twisted pair of cables. A nominal 3-volt peak signal is
encoded with pulses using a method that avoids long periods without polarity
changes. The line data rate is 1.544 Mbps at full duplex, which means 1.544 Mbps
for downstream and 1.544 Mbps for upstream. The T1 signal splits into 24
timeslots each which is allocated 8 bits. Each timeslot sends and receives an 8-bit
sample 8000 times per second (8 x 8000 x 24 = 1,544,000), which is ideal for
voice telephone calls where the voice is sampled into an 8-bit number at that
data rate and restored at the other end. The timeslots are numbered from 0 to
24.
Factory Defaults
By default, no smart SFP T1 ports exist.
By default, modular E1/T1 ports are set to E1 mode. When they are configured to
T1 mode, they have the following configuration.
line-length 0-133
line-type ESF
name T1 <slot>/<port>
Configuring T1 Ports
To configure T1 ports:
1. Configure the port to T1 mode (see Configuring E1/T1 Ports)
2. At the config>port# prompt, type:
t1 <port>/<tributary>
The prompt config>port>t1(<port>/<tributary>)# is displayed.
3. Enter all necessary commands according to the tasks listed below.
Specifying transmission cas-oos-pattern {space | mark | Note: This command is relevant only
sequence for out-of-service space-mark} with line type esf or sf(D4).
indication for T1 port with CAS
signaling
Specifying the variety of zero line-code { ami | b8zs } AMI Referred to as Alternate
code suppression used for this Mark Inversion because a 1 is
port referred to as a mark and a 0 as a
space.
B8ZS Bipolar 8-zero
substitution, in which two
successive ones (bipolar
violations) are inserted whenever
the stream of user data contains
a string of eight or more
consecutive zeros. This insertion
is done in a way that allows each
of the 24 channels to carry 64
kbsp of data.
Specifying the T1 line type line-type { unframed | esf | sf } unframed No framing (this type
is relevant only for built-in T1
ports)
sf (D4) Super Frame (12 T1
frames)
esf Extended Super Frame (24
T1 frames, with on-line
performance monitoring and
4 Kbps control data link)
Running loopback test on T1 loopback {local | remote } local returns the transmitted
port [duration <seconds>] data at the physical layer to the
receiving path
remote returns the received
data at the physical layer to the
transmitting path
start specifies the time (in
seconds) until the loopback
starts. Possible values: 1 to 3600
duration specifies the duration
of the loopback (in seconds).
Possible values: 1 to 3600
If duration is not specified, the
loopback test runs forever, until
stopped.
Use no loopback to disable the
loopback test.
Specifying the port clock source-clock-quality {stratum1 | Clock quality used in adaptive clock
quality stratum2 | stratum3 | stratum3e | recovery set according to parameter
stratum4} specified:
stratum1 PRC G.811
stratum2 Type II G.812
stratum3 Type IV G.812
stratum3e Type III G.812
stratum4 Free running
To configure T1 ports:
1. If the module type is not E1/T1, power off ETX-2i, insert the E1/T1 module,
and then power on ETX-2i.
2. Provision the module type as E1/T1 (see Configuring Module).
3. Configure the port to T1 mode (see Configuring E1/T1 Ports).
4. At the config>port# prompt, type:
t1 [<slot>/]<port>/<tributary>
The prompt config>port>t1([<slot>/]<port>/<tributary>)# is displayed.
5. Enter all necessary commands according to the tasks listed below.
Specifying the variety of zero line-code { ami |b8zs } AMI Referred to as Alternate
code suppression used for this Mark Inversion because a 1 is
port referred to as a mark and a 0 as a
space.
B8ZS Bipolar 8-zero
substitution, in which two
successive ones (bipolar
violations) are inserted whenever
the stream of user data contains
a string of eight or more
consecutive zeros. This insertion
is done in a way that allows each
of the 24 channels to carry 64
kbsp of data.
Note: Only B8ZS can be configured
for modular T1 ports.
Specifying the length (in feet) line-length {0-133 | 134-266 | This command appears in the CLI only
of the T1 line, in DSU mode 267-399 | 400-533 | 534-655} if rx-sensitivity is configured to
short-haul, which indicates DSU
mode.
Running loopback test on T1 loopback {local | remote } local returns the transmitted
port [duration <seconds>] data at the physical layer to the
receiving path
remote returns the received
data at the physical layer to the
transmitting path
start specifies the time (in
seconds) until the loopback starts
Possible values: 13600
duration Specifies the duration
of the loopback (in seconds)
Possible values: 13600
If duration is not specified, the
loopback test runs forever, until
stopped.
Use no loopback to disable the
loopback test.
Note Initialize the database of the MiTOP before inserting it into the device. Refer to
the Setting the Switches section in the Installation and Setup chapter of the
MiTOP E1T1 Installation and Operation manual.
Specifying the variety of zero code line-code { ami | b8zs } AMI Referred to as Alternate
suppression used for this port Mark Inversion because a 1 is
referred to as a mark and a 0 as a
space.
B8ZS Bipolar 8-zero
substitution, in which two
successive ones (bipolar
violations) are inserted whenever
the stream of user data contains
a string of eight or more
consecutive zeros. This insertion
is done in a way that allows each
of the 24 channels to carry 64
kbsp of data.
Specifying T1 operation mode line-interface {dsu | csu} dsu Digital Service Unit
csu Channel Service Unit
Specifying the T1 line type line-type { unframed |esf | sf } unframed No framing (relevant
only for MiTOP)
sf Super Frame (12 T1 frames)
esf Extended Super Frame (24
T1 frames, with on-line
performance monitoring and
4 Kbps control data link)
Running loopback test on T1 port loopback {local | remote } local returns the transmitted
[duration <seconds>] data at the physical layer to the
receiving path
remote returns the received
data at the physical layer to the
transmitting path
start specifies the time (in
seconds) until the loopback starts
Possible values: 13600
duration specifies the duration
of the loopback (in seconds).
Possible values: 13600
If duration is not specified, the
loopback test runs forever, until
stopped.
Use no loopback to disable the
loopback test.
Specifying the port clock quality source-clock-quality {stratum1 Clock quality used in adaptive clock
| stratum2 | stratum3 | recovery set according to parameter
stratum3e | stratum4} specified:
stratum1 PRC G.811
stratum2 Type II G.812
stratum3 Type IV G.812
stratum3e Type III G.812
stratum4 Free running
Selecting the transmit clock source tx-clock-source {loopback | loopback clock retrieved from
internal | domain <number> | the port's incoming (Rx) data
pw <number> } internal clock provided by
internal oscillator
domain clock provided by clock
domain, if device has timing
option
pw clock provided by PW bundle
Note: The domain and pw options are
available only for MiTOP.
5.18 T3 Ports
T3, also referred to as DS-3 (Digital Signal Level 3), equates to 28 T-1 lines or
44.736 million bits per second (roughly 43-45 Mbps upstream/downstream
speeds). DS-3s have enough bandwidth to allow very large database transfers
over busy wide area networks.
T3 ports are applicable to ETX-2i as follows:
Smart SFP T3 ports:
Smart SFP T3 ports are available when smart SFPs such as MiRICi-T3 or
MiTOP-T3 are provisioned (see Smart SFPs)
Smart SFP T3 ports do not support encapsulation via VCG
Smart SFP T3 ports are referenced as [<slot>/]<port>/<tributary>:
<slot> is relevant to modular ports.
<tributary> is always set to 1.
T3 module:
Modular T3 ports support encapsulation via VCG (see VCGs)
Standards
ITU-T G.703
ITU-T G.704
ITU-T G.823
Benefits
T3 lines enable high-capacity Ethernet services in remote locations and
transparently connect corporate LANs over existing PDH infrastructure.
Functional Description
In North America, DS-3 translates into T-3, which is the equivalent of 28 T-1
channels, each operating at 1.544 Mbps. Four T-1s are multiplexed to a T-2
frame, then seven T-2 frames are multiplexed, through an M23 (Multiplex 2-to-3
multiplexer). As each frame is transmitted 8,000 times per second, the total T-3
signaling rate is 44.736 Mbps.
Factory Defaults
By default, no smart SFP T3 ports exist.
If a T3 module is inserted, the modular T3 ports have the following configuration.
line-length up-to-225ft
line-type c-bit-parity
name T3 <slot>/<port>
Configuring T3 Ports
Running loopback test loopback {local | remote } [start local returns the transmitted
on T3 port <seconds> ] [duration <seconds>] data at the physical layer to the
receiving path
remote returns the received data
at the physical layer to the
transmitting path
start specifies the time (in
seconds) until the loopback starts.
Possible values: 13600
duration specifies the duration of
the loopback (in seconds).
Possible values: 13600
If duration is not specified, the
loopback test runs forever, until
stopped.
Use no loopback to disable the
loopback test.
Specifying if pm-enable
performance reporting
is enabled for the port
Selecting the transmit tx-clock-source {loopback | internal } loopback clock retrieved from the
clock source port's incoming (Rx) data
internal clock provided by
internal oscillator
Note: This command is relevant only if
the module has a single T3 port. In the
case of a module with two T3 ports,
the Tx clock source is configured at
the VCG port level (see Configuring
VCG Ports).
Note Initialize the database of the MiTOP before inserting it into the device. Refer to
the Setting the Switches section in the Installation and Setup chapter of the
MiTOP E1T1 Installation and Operation manual.
Specifying type line-type {m23 | c-bit-parity | m23 Four DS1 signals are are
of T3 line unframed } multiplexed into one DS2 signal, then
seven DS2 signals are multiplexed into one
DS3 signal.
c-bit-parity The c-bit parity framing
format is an enhancement of the M13
application, providing greater management
and performance functions.
unframed No framing (relevant only for
MiTOP).
Running loopback loopback {local | remote } [start local Returns the transmitted data at the
test on T3 port <seconds> ] [duration <seconds>] physical layer to the receiving path
remote Returns the received data at the
physical layer to the transmitting path
start Specifies the time (in seconds)
until the loopback starts.
Possible values: 13600
duration Specifies the duration of the
loopback (in seconds).
Possible values: 13600
If duration is not specified, the loopback
test runs forever, until stopped.
Use no loopback to disable the loopback test.
Specifying if pm-enable
performance
reporting is
enabled for the
port
Specifying the source-clock-quality {stratum1 | Clock quality used in adaptive clock recovery
port clock quality stratum2 | stratum3 | stratum3e | set according to parameter specified:
stratum4} stratum1 PRC G.811
stratum2 Type II G.812
stratum3 Type IV G.812
stratum3e Type III G.812
stratum4 Free running
Selecting the tx-clock-source {loopback | internal | loopback clock retrieved from the port's
transmit clock pw <number>} incoming (Rx) data
source internal clock provided by internal
oscillator
pw clock provided by PW bundle
Note: The pw option is available only for
MiTOP.
5.19 SFPs
The Ethernet ports are combo ports that have an RJ-45 connector and SFP slot,
and the port can function as a copper port or SFP slot.
The Ethernet ports that are combo ports functioning as SFP slots, are configured
as shown in Ethernet Ports. When you display the port status, the SFP
information is shown if applicable (see Viewing Ethernet Port Status). You can
insert regular SFPs into the SFP slots, or you can insert smart SFPs that provide
integrated configuration and management (see Smart SFPs).
Benefits
ETX-2i offers the use of a wide variety of TDM E1/T1/E3/T3 OC-3/STM-1 ports via
the smart SFP feature.
Functional Description
The smart SFP is provisioned in the specific Ethernet port where the SFP shall be
inserted. After this provisioning, the Ethernet port is no longer available for
Note If a smart SFP is inserted into ETX-2i while it is powered on, the smart SFP
becomes operational only after resetting ETX-2i.
Factory Defaults
By default, no smart SFPs are provisioned. When a smart SFP interface is created,
it is administratively disabled by default, with type set to not-applicable.
Note You can provision the smart SFP before you insert it.
The smart SFP interface is created if it does not already exist and the
config>port>smart-sfp([<slot>/]<port>)$ prompt is displayed.
2. Enter all necessary commands according to the tasks listed below.
Assigning the type of smart SFP type {mirici-e1 | mirici-t1 | mirici-e3 | The smart SFP port must be
mirici-t3 | mirici-155 | mitop-e1 | administratively disabled
mitop-t1 | mitop-e3 | mitop-t3 | before you can change the
not-applicable } type.
To change the type, you
must first set it to
not-applicable.
Examples
This example shows how a smart SFP can be provisioned, and a flow created over
the logical MAC port corresponding to a logical GFP port.
ETX-2i>config>port# gfp 1
ETX-2i>config>port>gfp(1)# info detail
name "GFP 1"
bind e1 1/1
no fcs-payload
scrambler-payload rx-tx
no vcat-header
ETX-2i>config>port>gfp(1)# exit
ETX-2i>config>port# logical-mac 1
ETX-2i>config>port>log-mac(1)# info detail
name "LOGICAL MAC 1"
no shutdown
bind gfp 1
tag-ethernet-type 0x8100
egress-mtu 1790
queue-group profile "DefaultQueueGroup"
l2cp profile "L2cpDefaultProfile"
ETX-2i>config>port>log-mac(1)#exit all
ETX-2i# configure flows
ETX-2i>config>flows>flow(flow1)# info detail
classifier "v1"
no drop
policer profile "Policer1"
no mark all
no vlan-tag
no l2cp
ingress-port logical-mac 1
egress-port ethernet 0/3 queue 0 block 0/1
no shutdown
Applicable Products
This feature is applicable to all ETX2i products, with the following condition:
ETX2i and ETX-2i-B ACL can be applied to management packets and router
interfaces.
Standards
Relevant sections of RFC 1812
Benefits
Service providers use ACLs to maintain network security by preventing malicious
traffic from entering the device. ACLs can be used to save network resources by
dropping unwanted packets.
When user or management data is marked via ACLs, service providers can apply
various traffic management techniques to the marked packets, such as allocating
more bandwidth to a certain traffic type.
Functional Description
Devices featuring ACLs can flexibly filter user or management traffic, by denying
or permitting IP packets to enter the host, according to the packets
source/destination address, protocol type, or other criteria.
ACL entries are sequentially numbered rules containing statements (Deny, Permit,
or Remark) and conditions. Remarks are free-text ACL entries used for
Note By default, logging is disabled. If you choose to enable it, the default logging
interval is five minutes.
Two packets matching the same rule on the same entity in the same direction are
logged only if the time between them exceeds the logging interval.
After a match, the rest of the rules are ignored. Packets not matching any rule
are dropped. Empty ACLs deny access of all packets matched to them.
Show Me Demo
Note If the video cannot be viewed, ensure that you have the latest version of Adobe
Reader.
Statistics
The device collects ACL statistics per router, router interface, and management
entity. The statistic counters include the number of rule matches that occurred
since the counters were last cleared. The statistic counters are cleared upon
device reboot. The user may also clear ACL statistics of any entity.
Factory Defaults
Parameter defaults are alphabetically listed in the tables below.
All ACL Rules ACL statement sequence Highest number in use in the ACL plus 10
log Disable
sequence-number
Configuring ACL
The ACL configuration tasks are performed at the access control, router interface,
and management levels.
To configure ACL:
1. Create an access control list.
2. Add deny and permit rules to the ACL.
3. Bind the ACL to a router interface or management entity.
4. Configure additional ACL parameters (logging interval, ICMP Unreachable
messages etc), if necessary.
Access-Control-Level Tasks
The following commands are available in the CLI access-control context:
config>access-control#. The exception to this are the deny, permit and remark
commands, which are performed in the access-list(acl_name) context:
configure>access-control>access-list(acl_name)#.
Creating and access-list [{ipv4 | ipv6}] <acl_name> Creating an ACL is performed by assigning
deleting an ACL no access-list <acl_name> a name and specifying the ACL IP type.
The ACL names must be unique.
The ACL name contains up to
252 alphanumeric characters.
Adding deny deny {tcp | udp} {any | <src-address> [/<src- The arguments of the deny rule vary
rules to an ACL prefix-length>]} [<src-port-range>] {any | depending on the protocol (TCP, UDP,
<dst-address>[/<dst-prefix-length>]} [<dst- ICMP, IP).
port-range>] [dscp <dscp-value> | DSCP and IP Precedence cannot be used
precedence <ip-precedence-value>] [log] together.
[sequence <sequence-number>]
Management-bound ACLs have the
deny icmp {any | <src-address> [/<src- following configuration limitations:
prefix-length>]} {any|<dstaddress>
Only TCP- or UDP-based rules can be
[/<dstprefix-length>]} [icmp-type <icmp-
defined.
type-number> [icmpcode <icmp-code-
number>]] [dscp <dscp-value> | precedence The destination IP address must be
<ipprecedencevalue>] [log] [sequence any.
<sequence-number>] For TCP/UDP, the destination port must
deny ip [protocol <ip-protocol-number>] be tcp/23 (Telnet), tcp/22 (SSH),
{any | <src-address> [/<src-prefix-length>]} tcp/830 (NETCONF), , udp/161 (SNMP),
{any |<dstaddress>[/<dstprefix-length>]} or any..
[dscp <dscp-value> | precedence The source port must remain any (i.e.
<ipprecedence-value>] [log] [sequence optional src-port-range field should not
<sequencenumber>] be configured).
DSCP and IP Precedence are not
supported.
log enables logging match events of the
rule into the event log and sending SNMP
traps.
Possible values for sequence:
12147483648.
Note: If the ACL already has a statement
with the same sequence number, the old
statement is replaced with the new one.
Adding permit permit {tcp | udp} {any | <src- The arguments of the permit rule vary
rules to an ACL address>[/<src-prefix-length>]} [<src-port- depending on the protocol (TCP, UDP,
range>] {any|<dst-address>[/<dst-prefix- ICMP, IP).
length>]} [<dst-port-range>] [dscp <dscp- DSCP and IP Precedence cannot be used
value> | precedence <ip-precedence-value>] together.
[set {dscp < dscp-marking-value> |
Management-bound ACLs have the
precedence <ip-precedence-marking-value>
following configuration limitations:
| pbit <pbit-marking-value>}] [log]
[sequence <sequence-number>] Only TCP- or UDP-based rules can be
defined.
permit icmp {any | <src-address>[/<src-
prefix-length>]} {any | The destination IP address must be
<dstaddress>[/<dstprefix-length>]} [icmp- any.
type <icmp-type-number> [icmpcode For TCP/UDP, the destination port must
<icmp-code-number>]] [dscp <dscp-value> be tcp/23 (Telnet), tcp/22 (SSH),
| precedence <ipprecedencevalue>] [set tcp/830 (NETCONF), udp/161 (SNMP) ,
{dscp < dscp-marking-value> | precedence or any..
<ipprecedence-marking-value> | pbit <pbit- The source port must remain any (i.e.
marking-value>}] [log] [sequence optional src-port-range field should not
<sequence-number>] be configured).
permit ip [protocol <ip-protocol-number>] DSCP and IP Precedence are not
{any | <src-address>[/<src-prefix-length>]} supported.
{any |<dstaddress>[/<dstprefix-length>]}
log enables logging match events of the
[dscp <dscp-value> | precedence
rule into the event log and sending SNMP
<ipprecedence-value>] [set {dscp < dscp-
traps.
marking-value> | precedence <ip-
Possible values for sequence:
precedence-marking-value> | pbit <pbit-
12147483648.
marking-value>}] [log] [sequence
<sequencenumber>] Note: If the ACL already has a statement
with the same sequence number, the old
statement is replaced with the new one.
Adding remarks remark <description> [sequence <sequence- The description contains up to 255
to an ACL number>] characters.
Reseqencing the resequence access-list <acl-name> Possible values for value: 1100000
rules in an ACL [<value>]
Setting the logging access-list <value> Enable logging at the maximum rate of the
logging interval no logging access-list value set at Access Control level. <0> is
of all ACLs equivalent to no logging access-list
command.
no logging access-list disables event
logging for all rules in the ACL.
Router-Level Tasks
The following commands are available in the CLI router-interface context:
router(number)> interface(number)#. The exception to this are the show access-
list summary and show access-list statistics commands, which can be used in the
router(number) context as well.
Sending/stop unreachables
sending ICMP no unreachables
Unreachable
messages
Displaying the show access-list summary Displays ACL status at the current level
summary of ACLs See Displaying Status below.
bound to router
interface
Management-Level Tasks
The following commands are available in the CLI management context:
configure>management>access#.
Binding the ACL access-group <acl-name> in The management entity supports the ACLs
to a no access-group in {ipv4 | ipv6} only in the in direction.
management When binding the ACL to the management
entity and entity, or when adding/editing rules in an
defining the ACL ACL that is bound to the management
direction entity, the rules must conform to the
following limitations:
The protocol rules must be of TCP/UDP
type.
The destination address must be set to
any.
The source port must be set to any.
The destination port must be tcp/830
(NETCONF), tcp/23 (Telnet), tcp/22
(SSH), udp/161 (SNMP), or any.
DSCP, IP precedence, and P-bit cannot
be used.
Displaying the show access-list summary Displays ACL status at the current level
summary of ACLs See Displaying Status below.
bound to a
management
entity
Examples
Management ACL
The table below summarizes the rules configured for the ACL. Items in red are
either implied or unavailable for the current parameter or serve as system
settings that cannot be changed. The deny rule appearing in the bottom row is a
system rule that is used to deny all non-compliant data.
Sequence Action Protocol Source IP TCP/UDP Dest. IP TCP/UDP Dest. Port Log
Number Source Port
Router ACL
Sequence Action Protocol IP Source IP TCP/UDP Dest. IP TCP/UDP ICMP ICMP ToS Mark Log
Number Protocol Source Port Dest. Port Type Code
10 Permit TCP N/A Any Any 192.168.1.0/24 1024..65535 N/A N/A Any No
20 Permit TCP N/A Any Any 192.168.1.100 25 N/A N/A Any Yes
30 Permit ICMP N/A Any N/A 192.168.1.0/24 N/A Any Any Any No
40 Deny IP Any Any N/A Any N/A N/A N/A Any N/A No
Sequence Action Protocol IP Source IP TCP/UDP Dest. IP TCP/UDP ICMP ICMP ToS Mark Log
Number Protocol Source Port Dest. Port Type Code
10 Deny TCP N/A 192.168.1.10 Any Any 80 N/A N/A Any N/A No
40 Deny IP Any Any N/A Any N/A N/A N/A Any N/A No
Configuration Errors
Table 6-4 lists the messages generated by the device when a configuration error
is detected.
Message Description
Cannot execute; invalid statement Invalid matching rule. For example, binding the ACL with a rule,
using a protocol other than TCP or UDP to the management
entity.
Cannot add statement; sequence Invalid sequence number of the rule. Allowed sequence number
number out of range range is 12147483648.
Cannot resequence; sequence number Resequencing has failed because the ACL interspace value is
out of range invalid.
Cannot clear; no such router interface Statistic counters cannot be cleared on the non-existing router
interface.
Cannot bind; no such access list A non-existing ACL cannot be bound to the router interface or
the management entity.
Cannot show; no such router interface Statistic counters cannot be displayed on the non-existing
router interface.
Cannot bind; invalid statement An access list with statements, which are not supported by the
management ACL, cannot be attached to the management
entity.
Displaying Status
The ACL status displays information on the ACL name, type (IPv4 or IPv6), and the
entity that the ACL is bound to. The status information is available for the ACLs at
the router, router interface, and management access levels.
Displaying Statistics
The ACL statistic counters gather information on the number of rule matches
registered on the ACL since the last reboot or counter clearing.
Note All ACLs have an implied last rule that denies all packets. The device does not
provide statistic counters for this rule. If you intend to collect statistics on the
number of packets discarded by the default ACL mechanism, you must add the
deny ip any any rule at the end of the ACL.
#***************************Adding Classifier_Profiles*********
config flows
classifier-profile all match-any match all
classifier-profile untagged match-any match untagged
#***************************Configuring_Flows******************
flow mng_in
classifier untagged
no policer
ingress-port ethernet 0/101
egress-port svi 99
no shutdown
exit
flow mng_out
classifier all
ingress-port svi 99
egress-port ethernet 0/101 queue 0 block 0/1
no shutdown
exit all
#*********************Configuring_Router_Interface*************
configure router 1
interface 1
bind svi 99
address 172.18.141.39/24
no shutdown
exit
static-route 172.17.0.0/16 address 172.18.141.1
exit all
save
Overview
RADview is a Windows-based modular, client-server, scalable management
system that can be used in a distributed network topology or a single-station
configuration. RADview consists of the system and the following optional
modules:
D-NFV Orchestrator D-NFV Orchestrator creates, configures and manages
virtual machines on the X.86 D-NFV module within RADs customer edge
devices. D-NFV Orchestrator accommodates the Network Planning
functionality, which is part of RADview-Service Manager and enables offline
planning of networks with RAD products.
Service Manager (SM) end-to-end Carrier Ethernet service provisioning for
Ethernet Access products. This module includes the Service Center (SC)
module, which is an end-to-end Carrier Ethernet and TDM service provisioning
for AXCESS+ products.
Performance Monitor (PM) portal for service SLA monitoring for both
carriers and their customers
The ETX2i element and network management systems include a CORBA
northbound interface, enabling easy integration into the customers umbrella
NMS. CORBA enables interconnectivity and communication across heterogeneous
operating systems and telecommunications networks. CORBA effectively supplies
a software interface that defines data models used between various
management layers. It supports multi-vendor distributed network management
applications, providing the data interface between clients and servers.
For more details about the RADview network management software, and for
detailed instructions on how to install, set up, and use RADview, contact your
local RAD partner.
Note The service name configuration is necessary only in the endpoint devices.
Enable PM collection for the Rx and Tx flows, as well as for the corresponding
destination NE.
All flows belonging to the same service End Point must use the same port.
Only one S-tag should be used for the service.
Run the RADview Discovery Service function (refer to the RADview online
help).
Discovery can be performed only on the user port (UNI). For more information,
refer to the Performance Management section.
Note Multi-port E-Line services can't be discovered and statistics can't be collected on
the flows.
Applicable Products
This feature is applicable to all ETX2i products.
Factory Defaults
By default, authentication is via the locally stored database (1st-level local).
Specifying authentication method auth-policy 1st-level tacacs+ [2nd-level { If 2nd-level is set to local, authentication is
preferably via TACACS+, then local | none } ] performed via the TACACS server. If the
optionally local TACACS server does not answer the
authentication request, then ETX2i
authenticates via the local database. .If the
TACACS server rejects the authentication
request, ETX2i ends the authentication
process.
If 2nd-level is set to none, authentication is
performed via the TACACS server only.
Specifying authentication method auth-policy 1st-level radius [2nd-level ETX2i first attempts authentication via the
preferably via RADIUS/ TACACS+, then tacacs+ [3rd-level {local | none}]] server specified by 1st-level. If the server
optionally TACACS+/ RADIUS, then auth-policy 1st-level tacacs+ [2nd-level does not answer the authentication
optionally local radius [3rd-level {local | none}]] request, then ETX2i attempts to
authenticate via the server specified by
2nd-level. If the server does not answer the
authentication request, then ETX2i
attempts to authenticate according to
3rd-level:
local ETX2i authenticates via the local
database
none No further authentication is
done, and the authentication request is
rejected.
Note: If at any time in this process, an
authentication server rejects an
authentication request, ETX2i ends the
authentication process and does not
attempt authentication at the next level.
Applicable Products
This feature is applicable to all ETX2i products.
Standards
RFC 2865, Remote Authentication Dial In User Service (RADIUS)
Benefits
The RADIUS protocol allows centralized authentication and access control,
avoiding the need to maintain a local user data base on each device in the
network.
Due to its generic nature, the RADIUS protocol can easily be used by service
providers and enterprises to manage access to the Internet, internal networks,
wireless networks, and integrated email services. These networks may
incorporate DSL, access points, VPNs, network ports, and more.
Functional Description
RADIUS servers have built-in mapping of users to service-types (Table 6-5). Note
that each user has the rights of all users above it. All users have default password
1234. It is highly recommended to change the default password when setting up
your device (Refer to Changing Password on how to change a password).
su ETX2i# 6 (administrative)
Network
Logging on to ETX-2i or
returning authentication error ETX-2i
RADIUS Server
Management Work Station Access accepted or denied
Shared Secret
Factory Defaults
By default, no RADIUS servers are defined. When the RADIUS server is first
defined, it is configured as shown below.
Defining a non-disclosed string (shared key <string> [hash] The shared secret is a secret key
secret) used to encrypt the user consisting of free text known to
password. the client and the server for
encryption.
The hash keyword denotes that
the string is hashed, rather than
clear text; usually it is added by
the device after hashing the clear
text that the user enters, before
saving it in the database.
If you enter the password as a
text string, do not use the hash
parameter. Use it only if you are
specifying the password as a
hashed value (obtained by using
the info command to display
RADIUS data).
Defining the UDP port to be used for auth-port <udp-port-number> Possible values: 165535
authentication
Timeouts :0 0 0 0
Unknown Types :0 0 0 0
Packets Dropped :0 0 0 0
Applicable Products
This feature is applicable to all ETX2i products.
Standards
TACACS+ Protocol Version 1.78 (IETF draft-grant-tacacs-02)
Benefits
The TACACS+ protocol allows centralized authentication and access control,
avoiding the need to maintain a local user data base on each device on the
network. The TACACS+ server encrypts the entire body of the packet, but leaves a
standard TACACS+ header.
Customers do not have to adapt their TACACS+ server privilege levels to RAD CLI
default values; CLI levels can be remapped in accordance with the customers
TACACS+ levels.
Factory Defaults
By default, no TACACS+ servers are defined. When the TACACS+ server is first
defined, it is configured as shown below.
retry 1
timeout 5 seconds
authentication-port 49
accounting-port 49
Functional Description
TACACS+ is a protocol that provides access control for routers, network access
servers, and other networked computing devices via one or more centralized
servers. TACACS+ is based on the AAA model:
Authentication The action of determining identity of a user
Authorization The action of determining what a user is allowed to do. It can
be used to customize the service for the particular user.
Accounting The action of recording what a user is doing, and/or has done
The TACACS+ client can be configured to use authentication/authorization with or
without accounting functionality.
When configuring users on external TACACS+ servers, see Table 6-6 to define
authorization levels for ETX2i standard users. Note that each user has the rights
of all users below it, in addition to those explained in its description.
Components
The TACACS+ remote access environment has three major components: access
client, TACACS+ client, and TACACS+ server.
The access client is an entity which seeks the services offered by the
network.
TACACS+ client, running on ETX2i, processes the requests from the access
client and passes this data to TACACS+ server for authentication.
TACACS+ server authenticates the request, and authorizes services over the
connection. The TACACS+ server does this by matching data from the
TACACS+ client`s request with entries in a trusted database.
TACACS+ server decides whether to accept or reject the user's authentication or
authorization. Based on this response from the TACACS+ server, the TACACS+
client decides whether to establish the user's connection or terminate the user's
connection attempt. The TACACS+ client also sends accounting data to the
TACACS+ server to record in a trusted database.
TACACS+ uses TCP for its transport and encrypts the body of each packet.
TACACS+ client and server can agree to use any port for authentication and
accounting. TACACS+ supports authentication by using a user name and a fixed
password.
Accounting
ETX2i supports up to five accounting groups, with up to five TACACS+ servers per
group. However, each TACACS+ server can be bound to a single accounting group
only.
A group can be defined with its own accounting level:
Shell accounting, which logs the following events:
Successful logon
Logon failure
Logoff
ETX2i - terminated management session
System accounting, which records system events/alarms registered in local
log file
Command accounting, which logs the following events:
Any shell command that was successfully executed by ETX2i
Any level that was successfully changed in a shell
Note If you intend to use TACACS+ for authentication, verify that TACACS+ is selected
as a level-1 authentication method (refer to the Access Policy section).
Defining the TCP port to be used for accounting-port <port-number> Possible values: 165535
accounting
Defining the TCP port to be used for authentication-port <port-number> Possible values: 165535
authentication
Defining a non-disclosed string (shared key <string> [hash] The shared secret is a secret
secret) used to encrypt the user key consisting of free text
password known to the client and the
server for encryption.
The hash keyword denotes
that the string is hashed,
rather than clear text; usually
it is added by the device after
hashing the clear text that
the user enters, before saving
it in the database.
If you enter the password as
a text string, do not use the
hash parameter. Use it only if
you are specifying the
password as a hashed value
(obtained by using the info
command to display TACACS+
data).
Defining timeout (in seconds) for timeout <seconds> Possible values: 130
response from TACACS+ server
Notes You can enter any combination of the parameters shell, system, or commands,
but you must enter at least one of them
Type no accounting to disable TACACS+ accounting for the group.
Configuration Errors
The following table lists the messages generated by ETX2i when a configuration
error is detected.
su level must be mapped to a You tried removing the last Leave at least one mapping of su.
TACACS+ level mapping of su, but su must be
mapped to at least one
TACACS+ level.
Counter Description
Request Timeouts Number of transaction timeouts that occurred between the client and
server
Unexpected Responses Number of times the TACACS+ client receives a TACACS+ packet that is
not expected at that time. Usually, this occurs due to a delayed response
to a request that has already timed out
Counter Description
Server Error Responses Number of errors received from the TACACS+ server
Transaction Failures Number of times the TACACS+ clients request is aborted by the TACACS+
server or the server fails to respond after maximum retry is exceeded
Pending Requests Number of TACACS+ clients requests minus number of TACACS+ server
responses or timeouts
Applicable Products
This feature is applicable to all ETX2i products.
Factory Defaults
By default, data rate is set to 9600 bps.
Specifying the desired data rate baud-rate { 9600bps | 19200bps | The default data rate is 9,600 bps.
38400bps | 57800bps | 115200bps
Defining whether in case of inactivity, timeout forever If you define a timeout, the timeout value
device remains connected or timeout limited <minutes> can be 060. The default is 10 minutes.
disconnects after a specified time
period
Disabling the control port serial-port-disable Once this command is issued, console
no serial-port-enable (default) access is denied for normal operation.
Access is allowed only during boot process.
Management connectivity can be resumed in
one of the following ways:
Entering no serial-port-enable command
via remote access (Inband or OOB via
Telnet, SNMP).
Setting to default configuration, by
pressing the external push button on the
front panel.
Specifying the number of rows to length <number-of-rows> The number of rows can be 0, to indicate
display no limit on the number of lines displayed, or
20.
Note Packets sent from or to the device itself are not related to the DHCP relay
functionality.
You can enable the following Layer-2 DHCP Relay agent features on your device
or on specific services of your device:
DHCP Snooping Configuration of servers and relay ports as trusted, and
client ports as untrusted.
DHCP Option 82 Add additional information to the DHCP request, including
Remote ID and Circuit ID.
Standards
[RFC 1542] Clarifications and Extensions for the Bootstrap Protocol
[RFC 2131] Dynamic Host Configuration Protocol
Benefits
Layer-2 DHCP Snooping verifies DHCP transactions and protects against rogue
DHCP servers and clients.
The DHCP server uses the Remote ID and Circuit ID information provided by
DHCP option 82 for the address allocation scheme.
Functional Description
A DHCP relay agent at Layer-2 forwards requests and replies between clients and
servers that are on the same Layer-2 subnet but not on the same physical
subnet. Unlike normal Layer-2 forwarding, in which IP datagrams are switched
transparently, a relay agent receives DHCP messages and generates new ones to
send on output interfaces.
DHCP servers are assumed to reside in trusted locations, usually beyond network
ports, while DHCP clients reside in untrusted locations, usually behind user ports.
Each port is configured as either DHCP trusted or untrusted.
The device can be configured with two DHCP functionalities:
DHCP Snooping
DHCP Option 82
DHCP Messages
The following table [per RFC 2131] describes the various DHCP client and server
messages:
DHCPINFORM Ask for configuration; address has been externally configured. Client
DHCP Snooping
DHCP relay supports DHCP snooping on the device (or specific services), for
added security. Servers and relay ports should be configured as trusted, and
client ports as untrusted.
In addition to verifying the validity of incoming DHCP messages, when enabled,
the DHCP relay does the following:
Blocks server DHCP messages (DHCPOFFER, DHCPACK, and DHCPNACK)
arriving from untrusted ports; allows from trusted ports.
Blocks client DHCP messages (DHCPDISCOVER, DHCPREQUEST, DHCPDECLINE,
DHCPRELEASE and DHCPINFORM) when they arrive from trusted ports; allows
from untrusted ports.
Forwards DHCP server packets only to untrusted ports and DHCP client
packets only to trusted ports.
DHCP snooping over a specific EVC is indicated by its Service ID (configured
over all EVC flows).
DHCP Option 82
The device (or specific services) can also be configured to enable DHCP option 82
(the relay agent information option). If enabled, upon intercepting a client DHCP
packet the relay agent adds option 82 to the DHCP request before forwarding the
packet to the DHCP server.
The following information is added to the DHCP request:
Remote ID the agent identification; usually agent MAC address
Circuit ID usually identification of the port and VLAN of the switch from
which the request was received.
The reply from the server is forwarded back to the client after removing option
82.
Figure 6-2 describes the flow of DHCP packets through a relay when option 82 is
enabled.
1. The DHCP client broadcasts a DHCP request.
2. The DHCP relay agent intercepts the request, and performs a sanity check on
the packet.
3. If it is not valid, it discards the message.
4. Otherwise, if it is valid, inserts option 82 in the packet and broadcasts it
towards the DHCP server. Option 82 information includes the two configured
suboptions: Circuit ID and Remote ID.
5. The DHCP server assigns an IP address based on the option 82 suboptions
and sends a lease back to the client.
6. The relay agent performs a sanity check on the packet and strips option 82
(Remote ID and Circuit ID fields) off the packet before forwarding the packet
to the client.
Factory Defaults
By default, no DHCP relay parameters are configured for ports. The system DHCP
relay parameters have the default values shown in the following table.
dhcp-option-82 no dhcp-option-82
dhcp-snooping no dhcp-snooping
System Parameters
This section explains how to enable or disable DHCP Option 82 and DHCP
Snooping for the device.
You can enable DHCP Option 82 and DHCP Snooping globally for the entire device
(i.e. all services) or for a specific service. You can repeat the command for each
service on which to enable the feature.
Note
If a feature is enabled for all services, the feature applies to all services,
regardless of service-specific configuration. If it is not enabled for all services, it
applies only to those services for which it was explicitly enabled.
It is possible to enable DHCP option 82 for the entire device, but set the format
of its sub-options (Circuit ID and Remote ID) either globally or per service.
You can disable these features on all services using the no form of the command.
To configure DHCP relay system parameters:
1. Navigate to configure system dhcp-relay.
The config>system>dhcp-relay# prompt is displayed.
2. Enter all necessary commands according to the tasks listed below.
Enabling DHCP option 82 dhcp-option-82 {all | service <service-name>} service the service on which to
[circuit-id {vlan-card-port | string <circuit-id- enable option 82
string>}] [remote-id {mac | hostname | string Possible values: all, service name (1-
<remote-id-string>} 31 characters)
no dhcp-option-82 {all | service <service-name>} circuit-id circuit ID format
Possible values: vlan-card-port
(default) , string (0-253 characters)
remote-id remote ID format
Possible values: mac (default),
hostname (SNMP sysName), or
string (0-253 characters)
Notes:
If hostname is chosen, if SNMP
sysName is > 253 characters, or
if SNMP sysName > 253
characters is configured while it
is in use by option 82, the
following message is displayed:
Only first 253 characters of
hostname are used in DHCP
option 82 remote ID.
Option 82 suboptions format
can be configured for a specific
service to be different from the
global configuration; however,
option 82 cannot be disabled on
a specific service if it is globally
enabled.
Both circuit-ID and remote-ID
suboptions are always sent if
option 82 is enabled.
Enabling DHCP snooping [no] dhcp-snooping {all | service <service-name>} service the service on which to
enable snooping.
Possible values: all, service name (1-
31 characters)
all All ports traffic is subjected to
snooping functionality.
Notes DHCP server, relay, and client applications are independent. You can configure
neither or any combination of them.
DHCP server is not supported on tunnel interfaces.
Applicable Products
This feature is applicable to ETX2i with an embedded router.
Standards
[RFC 951] Bootstrap Protocol
[RFC 1542] Clarifications and Extensions for the Bootstrap Protocol (relay agent
requirements)
[RFC 2131] Dynamic Host Configuration Protocol
[RFC 2132] DHCP Options and BOOTP Vendor Extensions (basic DHCP options)
[RFC 3046] DHCP Relay Agent Information Option (DHCP option 82)
Benefits
The main benefits of DHCP servers are:
Reduced costs of IP addresses There is no need to buy and manage an IP
address for each potential client. For example, there is no need to manually
assign an address for each machine that is connected to the network, even
briefly or rarely.
Reduced access costs Dynamic addresses are cheaper than static
addresses.
Reduced client configuration costs DHCP ease of configuration leads to fast
deployment and less operational overhead. There is no need to manually
configure connectivity parameters on each client, except for very basic
configuration (and sometimes not even this). The DHCP server can even start
a zero touch configuration process, which completely configures the client
without network manager intervention.
Centralized management Network managers only need to configure a single
central server. If a global parameter, e.g. DNS server, is changed, there is no
need to manually configure all the clients in the network.
Functional Description
The following describes the DHCP flow, from the time the client sends a
broadcast DHCP request and until the IP addresses are distributed.
The DHCP client sends to the DHCP server a broadcast DHCP request. If the
client and server are not directly connected to each other, the DHCP
messages can be forwarded by a DHCP Layer 2 or Layer 3 relay agent.
The DHCP relay agent (if one exists) intercepts the request, optionally inserts
the relay agent information option (option 82) into the packet, and
broadcasts it toward the DHCP server.
Any listening DHCP server can assign an IP address to the DHCP client (based
on information sent by the client or relay agent), as well as other options.
Before assigning an IP address, the server pings it. If a reply is received, this
means the address is a conflict, meaning it is an address that is already
occupied. The conflict enters the conflicts table.
DHCP server sends back to the client a lease offer, containing an IP address
and possibly other parameters. It sends its IP address in option 54 (server
identifier) to the client.
Note If the DHCP server offers a lease and the client then sends a DHCP request with
an IP address of a different server (in option 54), the server assumes that the
request is no longer relevant, and return the offered address to the pool of
available addresses.
The relay agent (if one exists) strips Option 82 from the packet (if one
exists), and then forwards the lease offer to the client.
The DHCP client accepts the offer. If the DHCP client received more than one
lease offer, it chooses a lease; usually the first one it received.
Before accepting a lease, a typical client sends a gratuitous ARP to the IP
address it is about to use. If two replies are received, the client should
decline the lease, and the server places the IP address into the conflicts table.
The server acknowledges the lease.
ETX2i saves the lease in a database that includes all active and inactive leases.
The lease database with address binding (IP address to client hardware address)
resides in permanent memory that withstands reboot. If possible, ETX2i assigns
to clients the same IP addresses they previously had.
The lease is usually granted for a limited time; therefore, the DHCP client should
renew it before it expires. A DHCP client may also release a lease once is no
longer needed.
The server does not delete a binding from the database when a lease expires.
However, if a new client asks for an address and the server does not have a free
address, then one of the unused addresses from the database may be used.
The server also saves a table of conflicts. A conflict is an IP address that the
server tried to assign but found out it is already occupied. The server does not
assign an address from the conflicts table unless all non-conflicting addresses
belong to active leases.
If you change the configuration so that it renders active leases invalid (such as
changing a pools range of addresses or network, excluding an address), the
server removes the leases from the binding database. Addresses in the conflict
database, which are no longer valid, are also removed.
The device may function as DHCP client, relay, or server at the same time.
DHCP Options
The following Tx options (i.e. sent from server to client) are supported by RAD
DHCP server and RAD clients:
Default routers (3) one or two
Lease time (51) offered lease time
Server identifier (54) IP address of the server offering the lease; not
configurable
The following Tx options are supported by RAD DHCP server, but unsupported by
RAD clients:
Domain name system (DNS) servers (6) one or two
Domain name (15)
NetBIOS name server (44)
NetBIOS node type [b, p, m, or h] (46)
The following Rx options (i.e. sent from client to server) are supported by RAD
DHCP server and RAD clients:
Lease time (51) requested lease time
Server identifier (54) IP address of the server whose offer is accepted (also
used by clients to send unicast messages to the server)
Client identifier (61) client unique identifier (typically MAC address)
The following Rx options are supported by RAD clients, but ignored by RAD DHCP
server:
Host name (12) client host name
Vendor class identifier (60) client vendor identifier
Note Options 66 (TFTP server name), 67 (boot file name), and 150 (TFTP server
address) are not supported by RAD DHCP server although RAD clients use
them for the zero touch configuration process.
Unsupported received DHCP options are ignored. They do not invalidate a
request.
Manual Bindings
In cases when it is important that a client, usually a router or server, not change
its address, it is possible to configure manual bindings, i.e. IP addresses that are
manually mapped to clients. This directs the server to grant fixed addresses to
specific clients (usually recognized by their MAC address).
Factory Defaults
By default, no DHCP server or DHCP server pool is defined. When a DHCP server
or DHCP server pool is first defined, it is configured as shown below.
DHCP server
number 1
clear --
bind router 1
exclude-address --
shutdown no shutdown
pool No pool
address-range no address-range
client-identifier no client-identifier
default-router no default-router
dns-server no dns-server
domain-name no domain-name
hardware-address no hardware-address
host no host
lease-default no lease-default
netbios-name-server no netbios-name-server
network no network
relay-information no relay-information
Binding DHCP server to router bind router <number> number router number
Note: The DHCP server works only on the
router to which it is bound. If the bound
router does not exist, the DHCP server is
idle.
Clearing DHCP server bindings, clear {binding {address <ipv4-address> | You can clear the entire DHCP server
conflicts, or statistics all} | conflict {address <ipv4-address> | binding database, or binding of a specific
all}} address.
When clearing a specific address, if ipv4-
address does not exist in the database,
an error message is generated:
No such address.
You can clear the entire conflicts
database, or a specific conflicting
address.
Clearing all conflicts clears both
abandoned (declined by clients) and
blocked (already in use) addresses.
Configuring the IP address that is not [no] exclude-address <ipv4-address> A single address to be excluded can be
to be offered to a client configured per command.
Repeating this command adds new excluded
addresses; it does not replace previous
excluded addresses.
Note: Excluded addresses are typically
addresses that are statically configured on
servers or routers.
Configuring DHCP server pool [no] pool See Configuring DHCP Server Pool.
Typing no pool removes the DHCP server
pool and the configuration related to it (IP
address ranges and DHCP options).
Displaying DHCP server bindings show binding See Viewing DHCP Server Binding.
Displaying DHCP server conflicts show conflict See Viewing DHCP Server Conflict.
Displaying DHCP server statistics show statistics See Viewing DHCP Server Statistics.
Note Typing no pool removes the DHCP server pool, as well as the configuration
related to it.
You must assign a unique pool name of 1 to 80 characters.
Configuring range of IP addresses that [no] address-range <start-ip> <end-ip> start-ip lowest IPv4 address of the range
server can assign to clients end-ip highest IPv4 address of the range
(relevant only for pool bound to Notes:
network)
An address range can be configured only
if the pool is bound to a network. It is
irrelevant if the pool is bound to a host.
The address range must be inside the
pools subnet (configured with the
network command).
If no range is configured, the default
value is the entire subnet of the pool.
A single range can be configured per
pool.
Typing no address-range <start-ip>
<end-ip> deletes an existing range. If
the specified range is not exactly the
one configured by the command, range
is not deleted.
Configuring client identifier (DHCP client-identifier <unique-identifier> Client identifier (option 61) is used for
option 61) no client-identifier manual binding, i.e. assigning a
preconfigured IP address to a specific client.
unique-identifier client identifier; 1-255
character string
Notes:
Client identifier can be configured only if
the pool is bound to a host (using host
command).
If the command is repeated, it replaces
the previous one.
Either client identifier or hardware
address can be configured; not both.
You cannot configure a client identifier
already configured on another pool.
Typing no client-identifier removes the
client identifier from the pool.
Configuring default router (DHCP default-router <address> [<address-2>] address default router IPv4 address
option 3) no default-router address-2 second default router IPv4
address
Notes:
Repeating this command replaces the
previous one.
address-2 must be different than
address-1.
Configuring DNS server (DHCP option dns-server <address> [<address-2>] address DNS server IPv4 address
6) no dns-server (mandatory)
address-2 second DNS server IPv4 address
(optional)
Notes:
Repeating this command replaces the
previous one.
address-2 must be different than
address-1.
Configuring domain name (DHCP domain-name <domain> Domain domain name; 1-255 character
option 15) no domain-name string
Note: Repeating this command replaces the
previous one.
Configuring client hardware address hardware-address <mac-address> MAC address is used for manual binding, i.e.
(MAC address) no hardware-address assigning a preconfigured IP address to a
specific client.
mac-address client MAC address
Notes:
The hardware address can be configured
only if the pool is bound to a host
(configured with the host command).
Repeating this command replaces the
previous one.
Either client identifier or hardware
address can be configured; not both.
You cannot configure a hardware
address already configured on another
pool.
Configuring client IP address and prefix host <ipv4-address>/<prefix-length> Ipv4-address client IPv4 address
length no host Prefix-length client IP prefix length
Possible values: 1-32
Notes:
If no host is invoked while client
identifier or hardware address is
configured, the device deletes the
configured client identifier or hardware
address.
Repeating this command replaces the
previous one.
Either the host or network command can
be configured; not both.
The address (while taking into account
the prefix length) must be a unicast
address.
The same pair of address and prefix
length may not be configured on more
than one pool.
The mask (reflecting the prefix length) is
passed to the client in option 1.
Configuring lease default validity time lease-default {time <days> [<hours> Possible values: 60-8640000 seconds (100
(DHCP option 51) [<minutes>]] | infinite} days); infinite (lease never expires, unless
no lease-default the client releases it.)
Notes:
If you configure lease validity time to
between 60 and 8640000 (100 days)
seconds, the server grants it.
If you configure less than 60 seconds,
the server offers 60 seconds.
If you configure more than 8640000
seconds, the server offers 8640000
seconds.
If the client does not send option 51, i.e.
it does not state for how much time it
requires the lease, the server offers the
default lease time (one day, unless
otherwise configured).
Repeating this command replaces the
previous one.
Configuring NetBIOS name server netbios-name-server <address> address NetBIOS name server IPv4
(DHCP option 44) [<address-2>] address
no netbios-name-server address-2 Second NetBIOS name server
IPv4 address
Note: Repeating this command replaces the
previous one.
Configuring NetBIOS node type (DHCP netbios-node-type <type> Type NetBIOS node type
option 46) no netbios-node-type Possible values: b, p, m, h
Note: Repeating this command replaces the
previous one.
Configure relay agent information relay-information circuit-id <circuit-id> Matching the received option 82 with the
(DHCP option 82) relay-information remote-id <remote-id> configuration determines the clients that
can receive offers of the pool.
no relay-information
Notes:
Repeating this command replaces the
previous one.
Either circuit-id or remote-id can be
specified, as only one of them can be
matched with received option 82.
Option 82 cannot be matched with a hex
pattern.
The relay agent information option can
be configured only if the pool is bound
to a network.
The same pair of address and prefix
length cannot be configured on more
than one pool.
IP Address : 192.168.1.1
Binding State: active
Bound to :
MAC : 11:22:33:44:55:66
ID : 0x01 rad111
Lease Time : 864000 seconds
Expires At : 1949/10/01 01:11:12
Counter Description
Bound to ID Client ID
Possible values: Hex string. Readable characters are printed as is; for
non-readable, the hex value is printed preceded by 0x; for example: 0x01
rad111.
Expires At Lease expiration date and time, formatted as other date and time
parameters in the device
Counter Description
Counter Description
Counter Description
Configuration Errors
The following table lists the messages generated by ETX2i when a configuration
error is detected.
No such address You tried clearing an IPv4 Make sure the address is in the
address that does not exist in database.
the database.
The pool is not bound to You tried to configure a range Bind the pool to a network using the
network of addresses for a pool that network command.
has not been bound to a
network.
Range is not inside the pools You tried to configure a range Configure a range inside the pools
network that is not in the pools subnet, using the network command.
subnet.
Range is already configured You can only configure a single Delete the existing address range, and
range per pool. You already then configure a new range.
configured a range for the
pool.
Range does not exist You tried to delete an address Delete the exact address range that
range that is not exactly the you configured.
same as the one configured.
The pool is not bound to host You tried to configure a Unbind the pool from the network, and
network while a host is bind it to a host using the host
configured. command.
You tried to configure a client Bind the pool to a host using the host
identifier (option 61) or command.
hardware address (MAC) for a
pool that is not bound to a
host.
Cannot have both client- You configured a client Remove the client identifier or
identifier and hardware-address identifier when a hardware hardware address configuration.
address is already configured,
or vice versa.
Client identifier configured on You tried to configure a client Configure a unique client identifier.
different pool identifier that has already
been configured on another
pool.
Hardware address configured on You tried to configure a Configure a unique hardware address.
different pools. hardware address that has
already been configured on
another pool.
The pool is bound to network You tried configuring a host Unbind the pool from the network.
while pool was bound to a
network.
Invalid address or prefix length You entered a non-unicast Enter a valid unicast address (taking
address. into account the prefix length).
Address and prefix configured You configured the same pair Configure a unique address and prefix
on another pool of address and prefix length length pair.
on another pool.
The pool is bound to host You tried configuring a Unbind the pool from the host.
network while pool was bound
to a host.
Invalid address or prefix length In case of a host: You entered Enter a valid unicast IP address (taking
a non-unicast address. into account the prefix length).
Applicable Products
This feature is applicable to all ETX2i products.
Standards
The supported NETCONF versions are based on the following standards:
RFC 6241 (06/2011), Network Configuration Protocol (NETCONF) 1.1
RFC 6020 (10/2010), YANG 1.0 - A Data Modeling Language for the Network
Configuration Protocol (NETCONF)
Benefits
Based on transactions, NETCONF reduces the burden on the network
management station.
Error recovery and sequencing tasks are removed from the management side.
YANG enables writing automatic scripts on the management side. YANG
models are richer than MIB, in that you can formally specify capability
options, i.e. what is allowed and not allowed on the device. In MIB, you can
only write a description.
Enhanced capabilities, in comparison to SNMP.
Functional Description
NETCONF is a session-based network management protocol that uses XML-
encoded remote procedure calls (RPCs) and configuration data to manage
network devices.
The mandatory transport protocol for NETCONF is SSH. The default TCP port
assigned for this mapping is 830. A NETCONF server implementation listens for
connections to the NETCONF subsystem on this port. Use of a dedicated port
makes it easier for the NETCONF server to identify and filter NETCONF traffic.
The following are characteristics of transactions:
Transactions are indivisible; all-or-nothing.
There is no internal order inside a transaction. It is a set of all-at-once
changes; not a sequence.
Parallel transactions do not interfere with each other; no-crosstalk.
Committed data always-sticks, i.e. it remains in the system even if fail-over,
power failure, restart, or more occurs; done-is-done.
The following deployment model shows the communication between the device
(NETCONF server; equivalent to SNMP agent) and management station (NETCONF
client; equivalent to SNMP manager).
Factory Defaults
The following is the default configuration of NETCONF.
Defining NETCONF session inactivity inactivity-timeout {time <minutes> | infinite} minutes: 1-60
timeout
Examples
To configure NETCONF session inactivity timeout to 15 minutes:
ETX2i>config>mngmnt>netconf# inactivity-timeout time 15
ETX2i>config>mngmnt>netconf#
To disable NETCONF:
ETX2i>config>mngmnt>netconf# shutdown
Standards
RFC 1332 The PPP Internet Protocol Control Protocol (IPCP)
Benefits
PPPoE in ETX2i is used to establish a management channel through which an IP
address can be acquired and the unit can be managed. You can connect ETX2i to
a central server for authentication and to acquire an IP address, and establish a
management channel that a remote management system can use to send
software and configuration files and manage ETX2i.
Functional Description
PPPoE consists of the following stages:
Discovery
PPP Session
Discovery
ETX2i locates a remote access concentrator by broadcasting a request to initiate
a PPPoE session. The request can contain a user-configurable service name (sent
as empty string if service name has not been configured). When an access
concentrator answers the request and the PPPoE initiation message sequence is
performed successfully, the PPPoE session can be established.
If ETX2i cannot establish the session due to timeout (after a set number of
retries), or if the session is terminated or rejected by the access concentrator,
ETX2i restarts the session initiation process.
PPP Session
After discovering the access concentrator, ETX2i builds a PPP link with the
remote peer, in the following stages:
Link Control Protocol (LCP) Negotiation
Authentication
Internet Protocol Control Protocol (IPCP) Negotiation
Authentication
ETX2i does not attempt to authenticate the PPP peer, but does respond to a
peer that requires authenticating ETX2i.
The following authentication methods are supported (you can specify whether to
refuse a particular method if it is offered by the peer):
Challenge Handshake Authentication Protocol (CHAP) This is the
recommended authentication method if authentication is being performed, as
the username and password are not sent in clear text.
If CHAP authentication is performed, ETX2i receives a challenge from the
peer, and authenticates as follows:
If the user name in the challenge matches a configured user, ETX2i uses
the login-user and its password.
If the user name in the challenge does not match any of the configured
users, ETX2i uses the default CHAP password. If no default CHAP
password has been configured, the CHAP authentication fails.
Password Authentication Protocol (PAP) This authentication method is less
secure, as the username and password are sent in clear text. If the PAP
username and password have not been configured, ETX2i cannot perform
PAP authentication.
No authentication
If authentication should be performed, ETX2i sends an authentication request to
the peer according to the method being performed, and the peer responds
accordingly.
If timeout occurs during authentication, ETX2i retries the authentication. After a
set number of retries, ETX2i terminates the PPPoE session, and then restarts the
session initiation process as described in Discovery.
If the peer rejects the authentication request, ETX2i terminates the PPPoE
session, and then restarts the session initiation process as described in
Discovery.
Factory Defaults
By default, no PPP port exists. When a PPP port is created, it is configured as
shown below.
Defining host name to send to PPP chap-hostname <name> If the CHAP host name is not configured,
peer if CHAP authentication is used ETX2i identifies itself by its device name
(assigned via the name command in the
system level).
Defining default password for CHAP chap-password <password> [hash] The default CHAP password is used for
authentication authentication if the username in a
received CHAP challenge does not match
any of the defined users.
The hash keyword denotes that the
string is hashed, rather than clear text;
usually it is added by the device after
hashing the clear text that the user
enters, before saving it in the database.
If you enter the password as a text
string, do not use the hash parameter.
Use it only if you are specifying the
password as a hashed value (obtained
by using the info command to display
PPP data).
Defining user name and password for pap-username <name> password <password> See above comments about the hash
PAP authentication [hash] parameter.
Specifying whether to refuse CHAP refuse-chap If you do not want ETX2i to use
authentication if it is offered by the CHAP authentication for the PPP
peer session, enter refuse-chap.
If you do want ETX2i to use CHAP
authentication if offered by the peer,
enter no refuse-chap.
Specifying whether to refuse not using refuse-no-auth If you do not want ETX2i to skip
authentication (i.e. whether to refuse authentication for the PPP session,
skipping authentication), if that is enter refuse-no-auth.
offered by the peer If you do want ETX2i to skip
authentication if offered by the peer,
enter no refuse-no-auth.
Specifying whether to refuse PAP refuse-pap If you do not want ETX2i to use PAP
authentication if it is offered by the authentication for the PPP session,
peer enter refuse-pap.
If you do want ETX2i to use PAP
authentication if offered by the peer,
enter no refuse-pap.
Displaying PPP port status show status See Viewing PPP and PPPoE Status.
Defining service name for PPPoE service-name <string> If the service name is configured, ETX2i
session accepts PPPoE offers only if the service
name in the offer matches.
Displaying PPPoE status show status See Viewing PPP and PPPoE Status.
Example
To configure for PPPoE:
Bind to SVI 1, router interface 1.
Authentication CHAP or PAP must be used.
CHAP hostname=ETXCHAP, default password=ppp1
PAP username=ETXPAP, password=ppp1
Incoming flow: Untagged, ingress ETH 6, egress SVI 1
Outgoing flow: Untagged, ingress SVI 1, egress ETH 6
exit all
configure
port
# Configure SVI 1
svi 1
no shutdown
exit
# Configure PPP port
ppp 1
bind svi 1
chap-hostname ETXCHAP
chap-password ppp1
pap-username ETXPAP password ppp1
no refuse-chap
no refuse-pap
refuse-no-auth
exit
exit
flows
# Configure classifier to match untagged packets
classifier-profile untagged match-any
match untagged
exit
# Configure incoming flow
flow ppp_in
classifier untagged
ingress-port ethernet 6
egress-port svi 1
no shutdown
exit
# Configure outgoing flow
flow ppp_out
classifier untagged
ingress-port svi 1
egress-port ethernet 6 queue 0 block 0/1
no shutdown
exit
exit
# Configure router interface bound to PPP port
router 1
interface 1
bind ppp 1
ipv6-autoconfig
no shutdown
exit
exit
# Save configuration
save
exit all
Name : PPP 1
LCP
-----------------------------------------------------------------------------
state : Opened
MRU Local : 1500 Peer : 1500
Authentication
-----------------------------------------------------------------------------
Of Us : CHAP State : Completed Identity : admin
IPCP
-----------------------------------------------------------------------------
State : Opened
Local IPv4 address : 22.22.22.22 Negotiated
Peer IPv4 address : 10.0.0.1
IPV6CP
-----------------------------------------------------------------------------
State : Opened
Local IPv6 address : fe80::d31:494c:56c:71b0 Negotiated
Applicable Products
This feature is applicable to all ETX2i products.
Standards
The supported SNMP versions are based on the following standards:
RFC 1901, Introduction to Community-Based SNMPv2. SNMPv2 Working Group
RFC 1902, Structure of Management Information for Version 2 of the Simple
Network Management Protocol (SNMPv2). SNMPv2 Working Group
RFC 1903, Textual Conventions for Version 2 of the Simple Network
Management Protocol (SNMPv2). SNMPv2 Working Group
RFC 1904, Conformance Statements for Version 2 of the Simple Network
Management Protocol (SNMPv2). SNMPv2 Working Group
RFC 1905, Protocol Operations for Version 2 of the Simple Network
Management Protocol (SNMPv2). SNMPv2 Working Group
RFC 1906, Transport Mappings for Version 2 of the Simple Network
Management Protocol (SNMPv2)
RFC 1907, Management Information Base for Version 2 of the Simple
Network Management Protocol (SNMPv2). SNMPv2 Working Group
RFC 1908, Coexistence between Version 1 and Version 2 of the Internet-
standard Network Management Framework. SNMPv2 Working Group
RFC 2104, Keyed Hashing for Message Authentication
RFC 2271, Architecture for Describing SNMP Management Frameworks
RFC 2272, message processing and dispatching for the Simple Network
Management Protocol (SNMP)
RFC 2273, SNMPv3 Applications
RFC 2274, User-Based Security Model (USM) for version 3 of the Simple
Network Management Protocol (SNMPv3)
RFC 2275, View-Based Access Control Model (VACM) for the Simple Network
Management Protocol (SNMP)
RFC 3412, Version 3 Message Processing and Dispatching
RFC 3414, User-based Security Model for SNMPv3
RFC 3416, Update for RFC 1904
Benefits
SNMP allows you to remotely manage multiple units from a central workstation
using a network management system.
SNMPv3 allows data to be collected securely from SNMP devices. Confidential
information such as SNMP commands can thus be encrypted to prevent
unauthorized parties from being able to access them.
Functional Description
In an SNMP configuration, one or more administrative computers manage a group
of hosts or devices. Each managed system continuously executes a software
component called agent, which reports information via SNMP back to the
managing workstations.
Factory Defaults
The following is the default configuration of the SNMP parameters (see
Configuring SNMPv3 Parameters for explanations of the parameters):
SNMP engine ID set to device MAC address
View named internet providing access to IETF MIBs and IEEE MIBs
User named "initial", with security level no authentication and no privacy
Group for SNMPv3 named "initial":
Security levels no authentication and no privacy, authentication and no
privacy, authentication and privacy
User initial
Views for read/write/notify "internet"
Notifications with tag unmasked for the device traps
Note When you enter password parameters, they should contain at least eight
characters.
Setting SNMP snmp-engine-id mac [ <mac-address> ] snmp If you use the mac
engine ID, as snmp-engine-id ipv4 [ <ip-address> ] option and dont
MAC address or specify the MAC
snmp-engine-id text <string>
IP address or address, the SNMP
string engine ID is set to the
device MAC address.
If you use the ipv4
option and dont
specify the IP address,
the SNMP engine ID is
set to the device IP
address.
Setting user privacy [ password <password> ] [ key <key-change> ] snmp>user Using no privacy
privacy disables privacy
password and protocol
optional key for Note: Password
changes minimum length is 10
for AES128 and 8 for
DES.
Examples
To create an SNMPv3 user and connect it to group:
User named MD5_priv:
Security level MD5 authentication, DES privacy
Group named "MD5Group":
All security levels
Contains set of views named "internet" (from default configuration)
exit all
configure management snmp
#********* Configure user MD5_priv with authentication method MD5 with DES privacy protocol
user MD5_priv md5-auth des
privacy password MD654321
authentication password MD654321
no shutdown
exit
#******** Configure access group MD5Group with various authentication and privacy options
access-group MD5Group usm no-auth-no-priv
context-match exact
read-view internet
write-view internet
notify-view internet
no shutdown
exit
access-group MD5Group usm auth-no-priv
context-match exact
read-view internet
write-view internet
notify-view internet
no shutdown
exit
To create notifications:
Notification named TrapPort:
Tag=Port
Bound to ethLos, sfpRemoved
Notification named TrapPower:
Tag=Power
Bound to powerDeliveryFailure, systemDeviceStartup
exit all
configure management snmp
#******** Configure notification TrapPort
notify TrapPort
tag Port
bind ethLos
bind sfpRemoved
no shutdown
exit
To create communities, target parameters, and target for network devices that
are working with SNMPv1:
Community read:
Name: public
Security name: v1_read (defined in default configuration)
Community write:
Name: private
Security name: v1_write (defined in default configuration)
Community trap:
Name: public
Security name: v1_trap (defined in default configuration)
Target parameters named snv1:
Message processing model SNMPv1
Version SNMPv1
Security name: v1_trap
Security level: no authentication and no privacy
Target named NMSsnmpv1:
Target parameters snv1
Tag list=unmasked
IP address 192.5.6.7
exit all
#******** Configure communities
configure management snmp
snmpv3
community read
name public
sec-name v1_read
no shutdown
exit
community write
name private
sec-name v1_write
no shutdown
exit
community trap
name public
sec-name v1_trap
no shutdown
exit
target NMS2
trap-sync-group 1
exit
target NMS3
trap-sync-group 2
exit
target NMS4
trap-sync-group 2
exit
trap-sync-group 1
tag-list port power
target-params TargParam1
exit all
save
Applicable Products
This feature is applicable to all ETX2i products.
Factory Defaults
By default, the following users exist, with default password 1234:
su
oper
tech
user
The default users cannot be deleted, but can be disabled (shut down).
Functional Description
ETX2i supports the following four user access levels:
Superuser (su) can perform all the activities supported by the system,
including creating new users, changing its and other user access levels and
passwords, deleting and disabling other users.
Operator (oper) can perform all the activities, except for defining, deleting or
disabling other users.
Technician (tech) can monitor the device (info, show status, show statistics).
User (user) can monitor the device (info, show status, show statistics).
The regular users (oper, tech, user) cannot define, delete or disable other users,
or change their own access levels. They are allowed to change their current
passwords. All users can view all CLI levels.
Password Hashing
You can specify a users password as a text string or as a hashed value, that you
obtain by using info detail to display user data.
Notes User passwords are stored in a database so that the system can perform
password verification when a user attempts to log in. To preserve
confidentiality of system passwords, the password verification data is typically
stored after a one-way hash function is applied to the password, in
combination with other data. When a user attempts to log in by entering a
password, the same function is applied to the entered value and the result is
compared with the stored value.
A cryptographic hash function is a deterministic procedure that takes an
arbitrary block of data and returns a fixed-size bit string, the (cryptographic)
hash value, such that any change to the data changes the hash value.
SSH Authentication
In addition to password, ETX2i can be configured to use more robust and secure
public key user authentication method for SSH sessions.
Configuring Users
To add a new user:
1. Verify that you are logged on as superuser (su).
2. Navigate to the management context (config>mngmnt).
3. Enter login-user, followed by a new user name if you intend to create a new
user, or an existing name, if you intend to change previously defined user.
Specifying user password password <password> [hash] Maximum password length is as follows:
Non-hashed 20 characters
Hashed 40 characters
The use of hash function is illustrated in the
example below.
Setting user public key for public-key <public-key> no public-key deletes the public key.
authentication Public key configuration is relevant only for the
public key authentication method.
Use the Base64 encoding (ASCII A to Z, a
to z, 0 to 9, +, / and space) for the
public key configuration.
Set the key string using the following format:
Begin and end with
Include: ssh-rsa, space, public key string,
space, comment
Enabling/disabling a user shutdown Default users (su, oper, tech, user) can be
no shutdown disabled, but cannot be deleted.
exit all
configure management login-user staff1 info detail
level su
password "3fda26f8cff4123ddcad0c1bc89ed1e79977acef" hash
no shutdown
exit all
configure management
login-user staff2
level su
password "3fda26f8cff4123ddcad0c1bc89ed1e79977acef" hash
no shutdown
exit
exit all
configure management login-user staff2 info detail
level su
password "3fda26f8cff4123ddcad0c1bc89ed1e79977acef" hash
no shutdown
For (sec) Duration of the active client Telnet session (to a remote
device) in seconds
Applicable Products
This feature is applicable to all ETX-2i products, with the following conditions:
PCS port is relevant to ETX2i with an SHDSL or VDSL2 module.
Standards
ITU-T G.8031
Benefits
The Ethernet linear protection provides a way to protect the flows belonging to
an EVC.
Functional Description
The protection is based on an EVC Termination Point (ETP). An ETP has one
subscriber port and one or more transport ports. Multiple transport ports are
used for protection only. There are two kinds of flows connected to the ETP
ports, subscriber flows and transport flows.
Subscriber flows run between UNIs and ETP subscriber port. You can define
classification and policing on subscriber flows, as well as marking.
Transport flows run between ETP transport ports and NNIs. You can define
actions such as push, pop, and marking on transport flows.
Note You can define transport flows between ETP transport ports and logical MAC
ports corresponding to MiRICi-155 smart SFPs.
Flows entering the ETP assign an internal CoS value to every frame using mapping
profiles (priority-to-CoS) or by setting fixed CoS values.
Flows exiting the ETP perform queuing based on the internal CoS value using
mapping profiles (CoS-to-queue).
Classifier profile Required, with any type of Required, with Required, with Required, with
criteria criteria: criteria: criteria:
Unclassified or SP VLAN Unclassified
VLAN
Queue / block Not allowed Required, with Not allowed Required, with
queue mapping queue mapping
profile classified by profile classified
CoS by CoS
CoS Required, with CoS Not allowed Required, with Not allowed
mapping profile CoS mapping
profile
Mark Required, with marking Required, with CoS For at least one For at least one of
profile classified by CoS mapping profile of the actions, the actions,
CoS mapping marking profile
profile classified by CoS
EVC Loopback
A loopback can be activated on any of the transport ports toward the network
and on the subscriber port toward the user or network.
In most cases you would activate a loop on the subscriber port toward the
network, thus you can loop the EVC traffic without affecting protection.
If you wish to run a loop on a specific EVC path when you activate the loop on
the transport ports, you have two options:
Loopback on a transport port affects OAM, as any traffic EVC path
redundancy is triggered if present.
Loopback only data without affecting redundancy.
Factory Defaults
By default, no ETPs are configured.
When you create an ETP port, by default it is configured as follows:
Name = ETP <etp-name> Subscriber Port <port-index> or
ETP <etp-name> Transport Port <port-index>, according to whether port is
subscriber or transport
Administratively enabled
When you first enter the ETP protection level, by default the protection is
configured as follows:
ETX-2i#configure etps etp ETP1 protection
ETX-2i>config>etps>etp(ETP1)>protection$ info detail
shutdown
no master-etp
mode bi-directional-1-to-1
no aps-protocol
revertive
wait-to-restore 300
ETX-2i>config>etps>etp(ETP1)>protection$
Configuring ETPs
This section describes how to configure ETPs.
To configure ETPs:
1. Navigate to configure etps etp <name> to select the ETP to configure.
Configuring ETP port port {subscriber | transport} <port-id> Use the no form to remove the port.
The port-id range is 12.
See the procedure below for more
information on configuring ETP ports.
Configuring ETP protection protection See Configuring ETP Protection for more
information.
Defining signal failure trigger sf-trigger { protection | working } port You can use MEPs from flows other
ethernet [<slot>/]<port-index> than the ETP transport flows.
sf-trigger { protection | working } port
logical-mac <port-number>
sf-trigger { protection | working } mep
<md-id> <ma-id> <mep-id>
sf-trigger { protection | working } port pcs
<port-number>
Examples
To configure an ETP:
Name = ETP1
Port members = subscriber 1, transport 1, transport 2
exit all
configure etps etp ETP1
port subscriber 1
exit
port transport 1
exit
port transport 2
exit all
Revertive mode
Time to wait before restoring transmission = 300 seconds
exit all
Applicable Products
This feature is applicable to all ETX-2i products, with the following conditions:
ETX2i and ETX-2i-B support up to six ring instances on the same port.
ETX-2i-10G supports up to eight ring instances on the same port.
PCS port is relevant to ETX2i with an SHDSL or VDSL2 module.
Standards
ITU-T G.8032v2, Y.1731
Benefits
G.8032 rings provide sub 50 ms protection for Ethernet traffic.
Functional Description
Ethernet Ring Protection (ERP) technology provides a scalable solution for
low-cost traffic protection and rapid service restoration, with SDH/SONET-type
resilience. It is built on traditional Ethernet MAC (IEEE 802.3) and bridging (IEEE
802.1) functionality. It is independent of any physical layer technologies and can
be utilized in any carrier network.
A ring can be configured on network or user ports. If a ring is configured, LAG or
protection on the network ports is not allowed.
Note Rings are color-aware via the setting of the DEI bit:
Set to 0 maps to green
Set to 1 maps to yellow
No additional configuration is needed for the color-aware functionality.
You can also define the color-aware functionality of the ring by associating the
ring with a predefined color mapping profile (see Color Mapping).This is an
alternative method to using the DEI bit setting.
Ring Topology
ETX-2i supports the following topologies:
Multi-ring
Multiple rings with a common link are usually referred to as ladder network (see
Figure 7-3).
The following terms are commonly used for describing ladder ring topology:
Interconnection nodes ring nodes that are common to both interconnected
rings (nodes C and G in Figure 7-3)
Major ring an Ethernet ring that controls a full physical ring and is
connected to the interconnection nodes on two ports (ring A-H-G-C-B in
Figure 7-3)
Sub-ring an Ethernet ring that is connected to a major ring at the
interconnection nodes. By itself, the sub-ring does not constitute a closed
physical ring. A sub-ring is connected to the interconnection nodes on only
one port (ring C-D-E-F-G in Figure 7-3). Link CG is not a part of the sub-ring;
H G F
Virtual Channel
A Major Ring Sub-Ring E
B C D
Figure 7-3. Physical Ladder Topology for Sub-Ring with R-APS Virtual Channel
Note Sub-rings without R-APS virtual channel do not have a Virtual Channel between G
and C.
H G G F
B C C D
In ladder networks, a common VLAN is shared on more than one physical ring. For
example, in Figure 7-3, a user connected to node E communicates with a user
connected to node A over the same VLAN. Ring topology includes a physical link
between nodes G and C. It belongs to the major ring and is used by the sub-ring
as its R-APS channel. Note that a sub-ring without a virtual channel would not
have an R-APS virtual channel between nodes G and C.
Passthrough VLANs
Passthrough VLANs over the ring are those VLANs that are not added/dropped to
the ring at the local ring node (ETX), but only traverse via the ring node (East to
West or vice versa).
By default, added/dropped VLANs at the local ring node, as well as passthrough
VLANs, must be configured as data VLANs, and each one is assigned a bridge
broadcast domain (device resource).
ETX-2i ring configuration supports a passthrough attribute, which automatically
assigns a ring/bridge bypass (East to West, West to East) for all passthrough
traffic (i.e. all traffic other than the local added/dropped VLANs that are
configured as data VLANs and use bridge broadcast domains). Passthrough traffic
can be configured for either the full VLAN range other than the VLANs defined as
data VLANs, or for a specific range of VLANs (again excluding the in-range
added/dropped VLANs configured as data VLANs).
As they do not go through the bridge and use its resources, ETX-2i allows an
unlimited number of passthrough VLANS to enter the ring, and does not require
configuring them as data VLANs. Added/dropped VLANs at the local ring node still
need to be configured as data VLANs. The number of added/dropped VLANs is
limited, because they go through the bridge and use up its resources (bridge
broadcast domains).
Use of passthrough VLANs upscales the ring capacity an unlimited number of
passthrough services can travel through the ring; there is only a limit to the
number of ring services added/dropped at the local ring node (maximum number
of broadcast domains per local node). Without using the passthrough attribute,
the maximum broadcast domain supported in a single local node limits the
number of VLANs at the entire ring to this number.
ERP Timers
The following timers are used in ERP operation:
Wait to Restore Period of time used by RPL owner to verify that the ring
(WTR) has stabilized before blocking the RPL after signal recovery.
Non-configurable; permanently set to 300 seconds.
Holdoff Period of time during which the Ethernet layer does not
report link faults to the ERP mechanism. This filters out
intermittent link faults.
Ring Commands
In addition to failure detection, protection switching can be initiated by the
following commands:
Color Mapping
ETX-2i supports color mapping configuration at ring nodes, in order to manage
ring QoS.
A ring can be configured with color mapping, according to either of the following
methods:
DEI the default; DEI value is not configurable; its default color aware
functionality is as follows:
DEI = 0 maps to green.
DEI = 1 maps to yellow.
Color mapping profile associating ring with a predefined color mapping
profile (p-bit to color). See Color Mapping Profiles section on how to define a
color mapping profile.
By default, a ring is configured with DEI color mapping.
CoS Mapping
ETX-2i supports CoS mapping configuration at ring nodes, in order to manage ring
QoS.
By default, the ring is associated with a default one-to-one p-bit to CoS profile,
where CoS 0 maps to the highest p-bit 7.
You can associate a predefined CoS mapping profile to the ring. Refer to CoS
Mapping Profiles section on how to define a CoS mapping profile.
Factory Defaults
By default, there is no Ethernet protection ring created in the ETX-2i system.
When the ring is created, it has the following default configuration.
bridge 0
color-mapping dei
east-port 0
interconnection-node no interconnection-node
shutdown shutdown
west-port 0
To configure ERP:
1. At the config>protection# prompt, enter:
erp <ring-number> [{major | sub}]
An ERP instance of the specified type is created if it does not already
exist, and the config>protection>erp(<ring-number>)# prompt is
displayed.
2. Enter all necessary commands according to the tasks listed below.
Defining color mapping type for color-mapping {dei | profile <profile- Packet at ring ingress and at any
ring name>} node mapped to color according
to one of the following:
dei DEI (default)
profile predefined p-bit color
mapping profile (p-bit to color);
string 1-32 characters
Associating CoS profile with ring cos-mapping profile <cos-mapping- profile predefined p-bit color
profile-name> mapping profile (p-bit to color);
no cos-mapping string 1-32 characters
no cos-mapping associates the
ring with a default one-to-one
p-bit to CoS profile, where CoS 0
maps to the highest p-bit.
Blocking the east or west port of force-switch {east | west} The force switch can be applied
a ring node, regardless of any to any number of nodes in the
failure conditions ring.
Blocking the east or west port of manual-switch {east | west} The manual switch command can
a ring node manually be applied to a single ring node
only.
Defining ring port type port-type { east | west } { node-port | node-port Port is not
rpl | neighbor | next-neighbor } connected to RPL.
rpl Port is designated as RPL.
neighbor Port is directly
connected to RPL owner.
next-neighbor Port is
connected to RPL owner via
neighbor.
Configuring dedicated VLAN for r-aps [vlan <vlan-id>] Range for vlan-id: 14094
R-APS messages [vlan-priority <vlan-priority>] Range for vlan-priority: 07
[mel <level>]
Range for level: 07.
The mel parameter specifies the
maintenance entity group (MEG)
level (MEL) of the R-APS
messages.
Enabling propagation of Signal sf-trigger {east | west} mep <md-id> Before enabling SF propagation,
Failure (SF) condition from the <ma-id> <mep-id> verify that the relevant CFM
Ethernet OAM service layer no sf-trigger {east | west} parameters have been
configured.
Connecting previously defined sub-ring <sub-ring-number> Note: This is available for major
sub-ring to a major ring rings only. The sub-ring number
must be lower than the number
of the major ring it is assigned
to.
Defining ring timers timers [guard <guard-msec>] guard While the guard timer is
[holdoff <holdoff-msec>] active, all received R-APS
messages are ignored by the
node; thus preventing the
receipt of outdated R-APS
messages. The range is 10 ms to
2 seconds in 10 ms steps.
holdoff specifies the amount
of time an ERP-enabled node
waits from the point it
recognizes a local failure until it
reacts to the failure, i.e. it blocks
the port adjacent to the failed
link and send R-APS (SF) to the
RPL owner. The range is 0 to
10 seconds in 100 ms steps.
Defining data VLANs for user vlan <vlan-id> If using No Passthrough VLAN
traffic mode (the default), configure
both added/dropped and
passthrough VLANs as data
VLANs. If configuring
passthrough VLANs, configure
dropped VLANs only.
Note: In Passthrough VLAN
mode, if you configure a
passthrough VLAN as a data
VLAN, it will behave as an added/
dropped VLAN, and go through
the bridge, instead of bypassing
it.
To remove the VLAN assignment,
enter: no vlan <vlan-id>.
Before removing the VLAN
assignment, verify that all flows
using this VLAN have been
disabled.
Defining amount of time for RPL wait-to-restore <seconds> This timer specifies how long the
owner to wait before blocking RPL owner waits to verify that
RPL after failure recovery ring failures have been cleared,
before blocking the RPL. The
range is 1 min (60 sec) to 12
min (720 sec).
Examples
This section illustrates the following configuration:
VLAN-aware bridge, with bridge ports 14
Ring:
vlan 4000
queue-block east 0/2 west 0/2
no shutdown
exit
timers holdoff 0
no shutdown
exit all
#*******Configure flows
flow data
classifier v100
ingress-port ethernet 0/3
egress-port bridge-port 1 3
reverse-direction block 0/1
no shutdown
exit
flow mng_in
classifier v4000
no policer
vlan-tag pop vlan
ingress-port bridge-port 1 4
egress-port svi 1
no shutdown
exit
flow mng_out
classifier all
no policer
vlan-tag push vlan 4000 p-bit fixed 0
ingress-port svi 1
egress-port bridge-port 1 4
no shutdown
exit all
#*******Configure router
interface
configure router 1
interface 1
address 172.18.141.11/24
bind svi 1
no shutdown
exit
static-route 0.0.0.0/0 address 172.18.141.1
exit all
save
West Port
----------------------------------------------
R-APS Message Rx Frames Tx Frames
SF 0 0
NR 0 0
NR,RB 0 0
Total Valid 0 0
Total Errors 0 0
Counter Description
R-APS SF Message Tx/Rx Total number of R-APS Signal Fail (SF) messages received or transmitted
by East/West port.
Received R-APS Signal Fail message indicates a failed port in the ring.
Transmitted R-APS Signal Fail message indicates a failed port in the
node.
R-APS NR Message Tx/Rx Total number of R-APS No Request (NR) messages received or
transmitted by East/West port.
Received R-APS No Request message indicates absence of failed ports in
the ring.
Transmitted R-APS No Request message indicates that the node fixed its
failed port.
Counter Description
R-APS NR, RB Tx/Rx Total number of R-APS No Request (NR), RPL Blocked (RB) messages
received or transmitted by East/West port.
Received R-APS No Request, RPL Blocked message indicates that RPL
port is blocked and all other not-failed blocked ports are unblocked in
the ring.
Transmitted from the RPL No Request, RPL Blocked message indicates
that RPL port is blocked.
Total Valid Rx/Tx Total number of valid R-APS messages received or transmitted by
East/West port
Total Errors Rx/Tx Total number of errored R-APS messages received or transmitted by
East/West port
Applicable Products
This feature is applicable to all ETX-2i products, with the following conditions:
VRRP group is relevant to ETX-2i.
PCS port is relevant to ETX2i with an SHDSL or VDSL2 module.
Standards
IEEE 802.1ag-D8
ITU-T Y.1731
Benefits
You can ensure that you are sending packets via links that have not failed.
Failures are propagated end-to-end via actions such as OAM CFM messages and
entity deactivation, as well as VRRP priority decrement.
Functional Description
In the network-to-user or user-to-network direction, if a link fails for which fault
propagation is enabled, the corresponding port shuts down or OAM CFM message
indicating failure is sent, thus signaling the connected CPE to stop forwarding
frames through the link.
You can enable fault propagation to be triggered by failure detection on a
network/user interface or entity, which causes a user-configurable action (such
as deactivation or OAM CFM message indicating failure sent or lowering VRRP
priority) to be performed on a user/network interface or entity. You can enable
Factory Defaults
By default, no fault propagation is configured. When you configure fault
propagation for a particular entity pair, the default configuration is as follows:
No trigger is defined for fault detection.
No action is defined to be performed when a fault is detected.
No holdoff is defined. Trigger activates fault propagation as soon as it is
detected.
Wait-to-restore time = 0
LAG port Logical MAC fault-propagation port lag <port> to port logical-
mac <port>
LAG port PCS port fault-propagation port lag <port> to port pcs <port>
Logical MAC Logical MAC fault-propagation port logical-mac <port> to port logical-
mac <port>
Logical MAC PCS port fault-propagation port logical-mac <port> to port pcs
<port>
PCS port (only Ethernet port fault-propagation port pcs <port> to port
with SHSDL ethernet [<slot>/]<port>
module)
PCS port (only Logical MAC fault-propagation port pcs <port> to port logical-
with SHSDL mac <port>
module)
Specifying the action to take when action-on-group { interface-deactivation | The following actions are supported:
fault propagation is triggered oam-cfm-if-status-tlv | oam-cfm-ais| interface-deactivation Deactivate
shaper-swap <shaper-profile> | policer- interface.
swap <policer-profile> | reset |
oam-cfm-if-status-tlv Send OAM CFM
vrrp-priority-decrement <number> }
interface status TLV to indicate failure.
oam-cfm-ais Send OAM CFM alarm
indication signal to indicate failure.
shaper-swap Change shaper rate
according to shaper-profile.
policer-swap Change policer rate
according to policer-profile.
reset Reset the card. Relevant for
ETX2i with VDSL card.
vrrp-priority-decrement Decrease VRRP
priority.
Typing no action-on-group removes the
action.
Notes:
The interface-deactivation action is
allowed only if the to-entity is an
Ethernet port.
The oam-cfm-if-status-tlv or
oam-cfm-ais action is allowed only if
the to-entity is a MEP.
The vrrp-priority-decrement
action is allowed only if the
to-entity is a VRRP group.
The shaper-swap action is relevant
only for the Queue Block Shaper
destination.
The policer-swap action is relevant
only for the Flow Policer destination.
shaper-swap and policer-swap
actions are enabled only if you have
activated the tmfp license for
enhanced fault propagation features.
Specifying the trigger(s) trigger { los | oam-cfm-loc | oam-cfm-rdi | The following triggers are supported:
oam-cfm-if-status-tlv | oam-cfm-ais | los link down
oam-cfm-all-rmep-fail | oam-cfm-cfs-clos |
oam-cfm-loc LOC detected
router-interface-down | bfd-session-down
| unavailable } oam-cfm-rdi RDI detected
oam-cfm-if-status-tlv
oam-cfm-ais AIS detected
oam-cfm-all-rmep-fail All remote MEPs
failed.
oam-cfm-csf-clos
router-interface-down specified RI is
operationally down.
bfd-session-down BFD session is
down.
unavailable VDSL connection to remote
station is down.
Typing no before the command removes the
specified trigger.
Note: The los trigger is allowed only if the
from-entity is an Ethernet port or ETP. The
OAM CFM triggers are allowed only if the
from-entity is a MEP.
Examples
To enable fault propagation:
From Ethernet port 0/3
To MEP 3 in maintenance association 3 in maintenance domain 2 (this
example assumes the MEP has been created)
Trigger: LOS
Action: Send OAM CFM interface status TLV.
Wait-to-restore time = 120 seconds
Holdoff timer = 150 milliseconds
exit all
config fault
fault-propagation port ethernet 0/3 to mep 2 3 3
trigger los
action-on-group oam-cfm-if-stat
wait-to-restore 120
holdoff 150
exit all
Configuration Errors
The following table lists the messages generated by the device when a
configuration error is detected.
Priority decrement fault You tried to configure a VRRP Either configure the to-element with a
propagation banned on VRRP group address owner as a different IP address that is not a virtual
address owner to-element. IP address, or use a virtual address that
is not a real address of the to-element.
VRRP priority preemption must You tried to configure a VRRP Enable preemption for the VRRP group.
be enabled for fault propagation group whose preemption is
disabled as a to-element.
Applicable Products
This feature is applicable to all ETX-2i products, with the following conditions:
Ethernet 10GbE ports are relevant only to ETX-2i-10G half and full 19.
LAG is supported with or without LACP (user-configurable), with 50ms LAG
switchover time.
Protection LAG groups can have up to two members, and load-balancing LAG
goups can have up to four members.
A protection LAG group can be made up of one or two adjacent network
ports or user ports; not both types.
A LAG group can include ports of the same speed only (1G or 10G).
A LAG group can function in protection or load-balancing mode.
A load-balancing LAG group can be made up of up to four members from
specified ports. The ports do not have to be adjacent.
ETX2i You can configure up to four LAG groups (protection and load-
balancing).
ETX-2i-B You can configure up to three LAG groups (protection and load-
balancing).
ETX-2i-10G half 19 You can configure up to six LAG groups (protection and
load-balancing).
Members in a protection LAG group can be: 1 and 2, 3 and 4, 5 and 6, 7
and 8, 9 and 10, or 11 and 12.
Members in a load-balancing LAG group can include ports from one of the
following groups: (A single LAG group cannot contain some ports from
one group and other ports from another group.)
1, 2
3-8 (if 3,4 are 10GbE, LAG can be supported only between the two.)
9-12
ETX-2i-10G full 19 You can configure up to 14 LAG groups (protection and
load-balancing):
Members in a protection LAG group can be: 1 and 2, 3 and 4, 5 and 6, 7
and 8, 9 and 10, 11 and 12, , or 27 and 28.
Members in a load-balancing LAG group can include ports from one of the
following groups: (A single LAG group cannot contain some ports from
one group and other ports from another group.)
1, 2
3-16
17-28
Standards
IEEE 802.3ad
Benefits
ETX-2i can continue to route traffic even if one of the links fails.
Functional Description
All LAG ports receive traffic at the same time and one port transmits. The LAG
members can be network or user interfaces, and must be connected to the same
switch/router. If LACP is activated, then LACP control frames are periodically
transmitted in order to locate failures as they occur.
You can configure an anchor port for a LAG group, which you can use to
configure flows to/from the LAG group. The default anchor port is the first port
bound to the LAG group. The MAC address of the anchor port is used for logical
port level entities (router interface over the LAG, OAM MEP over the LAG, etc.).
Protection
If the transmitting port fails, ETX-2i switches to a standby link. The equipment
connected to the Ethernet ports must use compatible switching criteria for
redundancy to be available:
For networks using Layer 2 switching The criterion is signal loss.
For networks using Layer-3 routing The router must support IEEE 802.3ad
or other link aggregation protocol that views the aggregated link as a single
logical interface.
Using link aggregation inherently provides redundancy, because if a port fails,
another port can continue transferring traffic. Failure of a link is detected by
sensing the loss of valid signals, or receiving a failure report via Link Aggregation
Control Protocol (LACP) if applicable, in which case all traffic is sent through the
other link.
Load Balancing
In a load balancing LAG group, traffic is distributed to the different ports
according to the configured distribution method. You can configure the following
distribution methods:
MAC source address
MAC destination address
MAC source address and MAC destination address
IP source address
IP destination address
IP source address and IP destination address
MAC source/destination address and IP source/destination address
For distribution method based on IP address, all non IP packets are forwarded on
the same port. For distribution method based on MAC source/destination address
+ IP source/destination address, fallback for non IP packets is based on MAC
address info.
Note All load balancing LAG groups in the device must use the same distribution
method.
The load balancing and distribution is performed after the queuing mechanism.
The port policer is supported at the port level, not on LAG aggregate ingress
traffic. Aggregate LAG egress traffic can be shaped at the LAG level up to a
maximum of 10 Gbps (level 1 shaper supported for rates up to 10 Gbps).
You can configure the minimum number of active ports in the LAG for it to be
considered operationally active. A port is considered as active if it has no physical
layer failure and LACP is synched (if LACP is enabled).
If there are flows over the anchor port when the LAG group is created and
enabled, the flows are inherited by the LAG group. The LAG group can be
administratively enabled if flows exist over the anchor port, but not if flows exist
over a non-anchor port. If the LAG group is deleted or administratively disabled,
the flows and traffic remain on the anchor port; they are not distributed to other
ports.
Factory Defaults
By default, no LAG groups are configured. When a LAG group is created, it has
the following default configuration.
Configuring LAG
This section explains how to define a link aggregation group (LAG) and enable link
aggregation control protocol (LACP).
Notes In order to enable LACP for the LAG, the ports bound to the LAG must be
associated with an L2CP profile that specifies peer action for MAC 0x02.
In a load-balancing LAG, all non-anchor ports bound to the LAG must not be
associated with a queue group profile (use command no queue-group).
Assigning an admin key to the admin-key {giga-ethernet | You must define admin key
LAG to indicate the port speed fast-ethernet | ten-giga-ethernet} before binding ports to the
LAG.
Adding a port to the LAG bind ethernet [<slot>/]<port-num> Entering no bind removes a link
bind logical-mac <port-num> from the LAG.
Enabling LACP and setting lacp [tx-activity {active | passive}] tx-activity Defines operation
LACP parameters [tx-speed { slow | fast }] [sys-priority mode:
<sys-priority>] active LAG interface
periodically transmits LACP
frames (LACPDUs) to all
links with LACP enabled.
passive LAG interface
does not initiate the LACP
exchange, but replies to
received LACPDUs.
tx-speed Defines time to wait
before sending LACP frames:
fast three seconds
slow 90 seconds
sys-priority determines
aggregation precedence. If
there are two partner devices
competing for the same LAG,
LACP compares the priorities
for each grouping of ports. The
LAG with the lower priority is
given precedence.
Possible values: 065535
Defaults:
If you type lacp without
specifying tx-activity, it is
set to active.
If you type lacp without
specifying tx-speed, it is set
to fast.
Typing no lacp disables LACP
protocol.
Examples
Protection LAG
To define LAG:
L2CP profile mac2peer, with mac0x02 set to peer action
LAG members Ethernet ports 1 and 2
LACP operation mode active
Distribution method one to one
System priority 32768
#****************Create L2CP profile mac2peer
exit all
configure port l2cp-profile mac2peer
mac 0x02 peer
exit
#****************Configure LAG 1
lag 1
bind ethernet 1
bind ethernet 2
lacp tx-activity active tx-speed slow sys-priority 32768
distribution-method one-to-one
no shutdown
exit all
ethernet 4
l2cp profile mac2peer
no queue-group
no shutdown
exit
ethernet 5
l2cp profile mac2peer
no queue-group
no shutdown
exit
ethernet 6
l2cp profile mac2peer
no queue-group
no shutdown
exit
ethernet 7
l2cp profile mac2peer
no shutdown
exit
ethernet 8
l2cp profile mac2peer
no queue-group
no shutdown
exit
#***********Configure LAGs
lag 1
mode load-balance
distribution-method dest-mac
admin-key giga-ethernet
bind ethernet 3
bind ethernet 4
bind ethernet 5
bind ethernet 6
lacp tx-activity active tx-speed fast
anchor-port ethernet 3
no shutdown
exit
lag 2
mode load-balance
distribution-method dest-mac
admin-key giga-ethernet
bind ethernet 7
bind ethernet 8
lacp tx-activity active tx-speed fast
anchor-port ethernet 7
no shutdown
exit
exit
flow lag1_3_to_1
classifier vlan100
no policer
ingress-port ethernet 3
egress-port ethernet 1 queue 0 block 0/1
no shutdown
exit
flow lag2_7_to_1
classifier vlan200
no policer
ingress-port ethernet 7
egress-port ethernet 1 queue 0 block 0/1
no shutdown
exit all
save
Links
---------------------------------------------------------------
Port Admin Oper LACP Redundancy
---------------------------------------------------------------
1/3 Up Up Sync Active
1/4 Up Up Sync Active
1/5 Up Up Sync Active
1/6 Up Up Sync Active
Group
---------------------------------------------------------------
Name : LAG 1
Group
---------------------------------------------------------------
Administrative Status : Up
Operation Status : Up
Mode : Redundancy
Speed : 1Gbps
MAC Address : 00-20-D2-50-C0-D3
Links
---------------------------------------------------------------
Port Admin Oper LACP Redundancy
---------------------------------------------------------------
1 Up Up Sync Active
2 Up Up Sync Active
Parameter Description
Group
Links
Parameter Description
Examples
To display the status of a protection LAG with all links down:
ETX-2i# configure port lag 1
ETX-2i>config>port>lag(1)# show status
Group
---------------------------------------------------------------
Name : LAG 1
Group
---------------------------------------------------------------
Administrative Status : Up
Operational Status : LLD (all links down)
Mode : Redundancy
Speed : Not Applicable
MAC Address : 00-20-D2-50-C0-D3
Links
---------------------------------------------------------------
Port Admin Oper LACP Redundancy
---------------------------------------------------------------
1 Up Down Not Sync Active
2 Up Down Not Sync Active
To display the status of a load balancing LAG with minimum links down:
ETX-2i# configure port lag 1
ETX-2i>config>port>lag(1)# show status
Group
---------------------------------------------------------------
Administrative Status : Up
Operational Status : LLD (minimum links down)
Mode : Load Balance
Speed : Not Applicable
MAC Address : 00-20-D2-EE-41-C1
Links
---------------------------------------------------------------
Port Admin Oper LACP Redundancy
---------------------------------------------------------------
1/1 Up Down Not Sync Active
1/2 Up Down Not Sync Active
Standards
IEEE 802.3ad
Benefits
ETX-2i can continue to route traffic even if one of the links fails.
Functional Description
Link protection offers an alternative to link aggregation, if protection without
LACP is acceptable. You can configure parameters such as revertive/non-revertive
mode, the restoration time in revertive mode, forcing active link, etc., however
the switchover time to the standby link is longer than for LAG.
In 1:1 bidirectional mode mode, the following topologies can be used:
Connection of both ports to the same switch/router
Connection of the ports to different switch/routers. The main advantage of
this topology is its higher availability, because each port can be routed along
a different path through the network. This topology is also referred to as
dual homing.
With 1:1 bidirectional redundancy mode, at any time only one of the ports is
actively carrying traffic, and the other port serves as the backup port. A RAD
proprietary redundancy algorithm, based on loss of Ethernet signal, is used to
detect line failure. The protection switching (flipping) time is less than 1 second.
It also depends on the network relearning time or aging.
The recovery mode after protection switching can be selected in accordance with
the application requirements:
Non-revertive mode ETX-2i does not automatically flip back after the failed
port returns to normal operation, but only when the currently used port fails,
or after a manual flip command.
Revertive mode ETX-2i flips back to the original port when it returns to
normal operation. Flipping back can be delayed by specifying a restoration
time, during which alarms are ignored. As a result, ETX-2i starts evaluating
the criteria for protection switching (flipping) only after the restoration time
expires, thereby ensuring that another flip cannot occur before the specified
time expires.
Factory Defaults
By default, bidirectional redundancy is not enabled.
To define the period of time that the failed link stops transmitting to report the
failure:
At the Ethernet Group context (config>protection>eth-group(<group id>)),
enter
tx-down-duration-upon-flip <seconds>
The secondary port resumes transmitting after the specified reporting time.
You may specify a time in the range between 0 and 30 seconds. This function
is useful if there is no autonegotiation between the link end points.
Example
To define link protection:
Ethernet group 1
Protection port Ethernet port 1/1
Working port Ethernet port 1/2
Operation mode One-to-one
exit all
configure protection ethernet-group 1
8.1 Bridge
The ETX-2i bridge is a Layer-2 forwarding entity that can be VLAN-aware or
VLAN-unaware.
Applicable Products
This feature is applicable to all ETX-2i products, with the following conditions:
PCS port is relevant to ETX2i with an SHDSL or VDSL2 module.
Standards
IEEE 802.1D
IEEE 802.1Q
Benefits
The bridge delivers E-LAN and E-Tree services.
Functional Description
The bridge operates in VLAN-aware or VLAN-unaware mode.
When the bridge is working in VLAN-aware mode:
Bidirectional flows are supported.
Each VLAN can work in E-LAN or E-Tree mode.
When the bridge is working in VLAN-unaware mode:
Bidirectional flows are not supported.
Only one egress flow per bridge port can be configured.
The bridge can work in E-LAN or E-Tree mode.
Traffic through the bridge is configured via flows between non-bridge ports (e.g.
Ethernet, ETP, logical MAC, PCS, SVI) and bridge ports, allowing editing action at
the bridge ports.
Different flows from the same port can be mapped to different bridge ports (see
Figure 8-1). However, different flows from one bridge port cannot be mapped to
different ports (see Figure 8-2).
Figure 8-1. Flows Mapped from Same Port to Different Bridge Ports Allowed
Figure 8-2. Flows Mapped from Same Bridge Port to Different Ports Not Allowed
Admission to Bridge
In order for a frame to be admitted to the bridge, its classification must match
the flow classification configured for the bridge port.
In VLAN-aware mode, VLAN membership is read-only and automatically learned
from the VLAN classification used in bridge port flows. Additionally, flows with
untagged classification must have a push editing action.
In VLAN-unaware mode, any packet may be admitted according to the configured
flow classifications.
VLAN Y..Z Push VLAN X, swap VLAN Z Not allowed Not allowed
p-bit fixed/copy/profile
Note It is recommended to manage ETX-2i via the bridge only if the bridge is
VLAN-aware.
Link A Link A
Bridge 3 Bridge 3
Link Cost
Each link in the network is allocated a certain cost. Usually, higher-bandwidth
links that are adjacent to the root bridge are assigned a lower cost. Lower-
bandwidth links that are multiple hops away from the root bridge are assigned a
higher cost. Once link costs are estimated, STP determines the lowest cost
connections from each bridge to the root bridge to determine the lowest-cost
path. It also blocks all the other higher cost links to prevent loops in the network.
Bridge 1 Bridge 2
Bridge 3
Physical Topology
Root Root
Root
RSTP and MSTP uses OOB MNG MAC as the Bridge Identifier.
Note Before using RSTP or MSTP, you are required to configure trapping of
01-80-C2-00-00 using an L2CP profile with a peer action for 01-80-C2-00-00.
ETX-2i supports RSTP and MSTP per 802.1Q over a bridge with the following port
types:
User
Network
PCS
Logical MAC
Note ETX-2i does not support RSTP and MSTP over a bridge with the following port
types:
OOB
LAG group
Ports configured with ETH protection
Ports configured as G.8032 ring nodes
Ports not connected to a physical port (such as a router interface or MEF 8
PW)
STP interoperability is supported per bridge port; when the RSTP/MSTP bridge
identifies STP messages on a port, it reverts to STP mode on that port.
Factory Defaults
By default, the bridge is not created in ETX-2i. When the bridge is created, its
default configuration is VLAN-aware, filtering enabled, and with no bridge ports
or VLANs. When VLANs are created, the default configuration is E-LAN mode.
ETX-2i>config# bridge 1
ETX-2i>config>bridge(1)$ info detail
name "BRIDGE 1"
vlan-aware
filtering
aging-time 300
ETX-2i>config>bridge(1)$ vlan 333
ETX-2i>config>bridge(1)>vlan(333)$ info detail
maximum-mac-addresses 0
mode e-lan
The default STP parameters are as follows:
admin-edge Disable
auto-edge Enable
forward-time 15 sec
hello-time 2 sec
max-age 20 sec
max-hops 20
mcheck Disable
mode rstp
restricted-role Disable
restricted-tcn Disable
revision 0
tx-hold-count 6
Note In Bridge configuration, different bridge ports that egress to the same ETH port
with different VLAN editing cannot share the same queue block.
Defining aging time for MAC aging-time <seconds> Possible values: 603000
table entries (seconds)
Configuring static MAC address static-mac <vlan-id> <mac-address> Note: Before creating the static
<bridge-port> MAC, you must create a flow
with the bridge port, and VLAN
(if applicable).
Searching MAC address table for show mac-table [vlan <vlan>] Vlan VLAN to search for
specific MAC address [mac-address <mac-address>] mac-address MAC address
to search for
Assigning a name to the bridge name <port-name> To delete the bridge port
port name, enter no name.
Configuring VLAN
The following commands are available in the vlan level, at the
config>bridge(1)>vlan(<vlan-id>)# prompt.
Configuring VLAN to work in mode {e-tree | e-lan} If you change to E-Tree, you
E-Tree or E-LAN mode need to define a bridge port as
root.
Configuring bridge port as root root <bridge-port number> Possible values: 116.
port in E-Tree mode no root < bridge-port_number> no root defines a bridge port
as a leaf in E-Tree mode.
Notes:
This command is available
only if the VLAN mode is
E-Tree.
Supports one root per VLAN
Supports more than one
root per VLAN; the number
of roots supported is
equivalent to the number of
bridge ports.
Configuring RSTP/MSTP
RSTP and MSTP are configured at the bridge and bridge-port levels.
Configuring the amount of time forward-time <430> sec When configuring forwarding
a port remains in the listening time, follow this rule:
and learning states before 2 (forwarding time - 1) =>
entering the forwarding state maximum aging time
Defining how often ETX-2i hello-time <110> sec Limitation: Define hello-time
broadcasts hello messages to must be configured so that
other devices to indicate that 2 (hello-time - 1) <= max-
the bridge is alive age.
Specifying spanning tree priority priority <0, 4096, 8192, 12288, This is the value of the first
of the bridge 16384, 20480, 24576, 28672, 32768, two octets of the bridge ID. It
36864, 40960, 45056, 49152, 53248, is used to make the bridge
57344, 61440> more (or less) likely to be
chosen as the root bridge.
The lower the number, the
more likely the bridge will be
chosen as the root bridge.
Mapping VLANs to MST instance vlan <14094> Map list of VLANS to MST
no vlan instance.
no vlan (vlan_lsit) removes
VLAN mapping from the MSTI.
This command can be repeated
to configure additional VLAN
mappings.
For two or more bridges to be
in the same MST region, they
must have the same VLAN-to-
MSTI mapping.
Defining port path cost cost <0200000000> If a loop occurs, the path cost
is used to select an interface
to place into the forwarding
state.
A lower path cost represents
higher speed links. It is
recommended to use the
default cost value (0) to let
ETX-2i to compute the best
possible cost according to the
link bandwidth (Table 8-44).
Defining bridge port priority port-priority <0, 16, 32, 48, 64, 80, This is the value of the first
96, 112, 128, 144, 160, 176, 192, octet of the bridge port ID. If a
208, 224, 240> loop occurs, the MSTP uses the
port priority, when selecting an
interface to put into the
forwarding state.
The lower the number, the
higher the port priority (the
lowest numbered port is
selected if a tie breaker is
needed).
Displaying bridge port spanning show status See Displaying Spanning Tree
tree status Status below.
1 Gbps 20 000
10 Gbps 2 000
1 Tbps 20
10 Tbps 2
Specifying MSTI port priority port-priority <0, 16, 32, 48, 64, 80,
96, 112, 128, 144, 160, 176, 192,
208, 224, 240>
Examples
VLAN-Aware Bridge
This section illustrates the following configuration:
VLAN-aware bridge, with bridge ports 14
VLAN 51 used for management, in E-LAN mode
VLAN 100 used for traffic, in E-Tree mode, with root bridge port 2
VLAN 200 used for traffic, in E-LAN mode
Management flows (unidirectional) between SVI 1 and bridge port 1
Traffic flows (bidirectional) between:
Ethernet port 1/1 and bridge port 2, with classification VLAN 100 and
VLAN 200
Ethernet port 0/3 and bridge port 3, with classification VLAN 100
Ethernet port 0/4 and bridge port 4, with classification VLAN 100
#*******Configure SVI
configure port svi 1
no shutdown
exit all
#*******Configure bridge
configure bridge 1
vlan-aware
#*******Configure VLANs
vlan 51
exit
vlan 100
mode e-tree
root 2
exit
vlan 200
exit all
flow mng_out
classifier unt
ingress-port svi 1
egress-port bridge-port 1 1
vlan-tag push vlan 51 p-bit fixed 0
no shutdown
exit
flow 1toBP2_200
classifier 200
ingress-port ethernet 1/1
egress-port bridge-port 1 2
reverse-direction block 0/1
no shutdown
exit
flow 3toBP3_100
classifier 100
ingress-port ethernet 0/3
egress-port bridge-port 1 3
reverse-direction block 0/1
no shutdown
exit
flow 4toBP4_100
classifier 100
ingress-port ethernet 0/4
egress-port bridge-port 1 4
reverse-direction block 0/1
no shutdown
exit all
VLAN ID : 51
VLAN ID : 100
VLAN ID : 200
Tagged Ports : 2
Untagged Ports : 0
VLAN-Unaware Bridge
This section illustrates the following configuration:
VLAN-unaware bridge, with bridge ports 14
Traffic flows (unidirectional), with classification to match all, between:
Ethernet port 0/1 and bridge port 2
Ethernet port 0/3 and bridge port 3
Ethernet port 0/4 and bridge port 4
#*******Configure bridge
configure bridge 1
no vlan-aware
flow BP2to1
class all
ingress-port bridge-port 1 2
egress-port ethernet 0/1 block 0/1
no policer
no shutdown
exit
flow 3toBP3
class all
ingress-port ethernet 0/3
egress-port bridge-port 1 3
no shutdown
exit
flow BP3to3
class all
ingress-port bridge-port 1 3
egress-port ethernet 0/3 block 0/1
no policer
no shutdown
exit
flow 4toBP4
class all
ingress-port ethernet 0/4
egress-port bridge-port 1 4
no shutdown
exit
flow BP4to4
class all
ingress-port bridge-port 1 4
egress-port ethernet 0/4 block 0/1
no policer
no shutdown
exit
Note ETX-2i displays only the first 1000 entries. To view the entire MAC table,
download it to your PC, using SFTP. See File Operations in Chapter 10.
If flow classification and port classification are configured for a port, the port
classification takes precedence over the flow classification.
Applicable Products
This feature is applicable to all ETX-2i products, with the following conditions:
PCS port is relevant to ETX2i with an SHDSL or VDSL2 module.
Pseudowire (PW) is relevant to devices that support smart SFP MiTOP
functionality.
D-NFV is relevant only for ETX2i with a D-NFV option.
Standards
IEEE 802.1ad, IEEE 802.1Q
Benefits
User traffic can be classified into different Ethernet flows (EVC.CoS) to provide
services in a flexible manner. With port classification, you can maintain network
security by preventing malicious traffic from being forwarded by the port, as well
as save network resources by dropping unwanted packets.
Functional Description
Ethernet flows are unidirectional, or bidirectional in the case of bridge flows. For
unidirectional flows, you have to define two flows between the two ports, one
for each direction. For bidirectional flows, you only need to define one flow from
a port to a bridge port, and specify the reverse-direction command.
Flow Classification
The ingress traffic is first classified into flows according to classification profiles.
The classification is per port and is applied to the ingress port of the flow.
Packets can be classified by means of their VLAN IDs and other criteria, fully
specified in Configuring a Classifier Profile.
In the following descriptions, VLAN refers to the service provider (outer) VLAN,
sometimes referred to as SP-VLAN, while inner VLAN refers to the Customer
Entity VLAN, sometimes referred to as CE-VLAN or C-VLAN.
Flow classifications that apply to the same port are allowed in the combinations
shown in Table 8-7. The priority shown is used to determine which classification
is used if incoming packets for the port fit the criteria of more than one
classification. Priority 4 is the lowest, priority 1 is the highest. NNI indicates
ingress network port, UNI indicates ingress user port.
VLAN + inner VLAN VLAN Single value for 30 (for inner 3 Both
VLAN + VLAN priority VLAN and range range)
VLAN + VLAN priority + inner VLAN for inner VLAN
VLAN + source MAC address
VLAN + destination MAC address
VLAN + source IP address
VLAN + destination IP address
VLAN + inner VLAN VLAN Single value for 30 (for inner 3 Both
+ VLAN priority VLAN + inner VLAN VLAN and range range)
VLAN + source MAC address for inner VLAN
VLAN + destination MAC address
VLAN + source IP address
VLAN + destination IP address
VLAN + inner VLAN VLAN + inner VLAN Single value for 10 for inner 2 Both
+ DSCP VLAN +inner VLAN + non IP VLAN and range VLAN
VLAN + DSCP for inner VLAN 1 for DSCP
VLAN + non IP and DSCP
Untagged
VLAN + inner VLAN VLAN + inner VLAN Single value for 10 (for inner 1 Both
+ non IP VLAN +inner VLAN + DSCP VLAN and range range)
VLAN + DSCP for inner VLAN
VLAN + non IP
Untagged
Note 1
If you combine the classifications VLAN and VLAN + VLAN priority, the VLANs must
be different.
For example, the following combination is not allowed:
VLAN 100
VLAN 100 + p-bit 5
The following combination is allowed:
VLAN 100
VLAN 200 + p-bit 5
You can achieve the combination VLAN 100 and VLAN 100 + p-bit 5 via the
following:
VLAN 100 + p-bit 04, 67
VLAN 100 + p-bit 5
You cannot create flows with VLAN classification overlap.
For example, the following combination is not allowed:
VLAN 100..300 + p-bit 3
VLAN 200 + p-bit 4
A sanity check detects that VLAN 200 is in the range 100-300 (i.e. VLAN
overlap), and does not allow this configuration.
Note 2 If you apply two classification profiles with IP address ranges to a port, the
profiles must have the same mask.
For example:
The following is valid (mask1 equal to mask2):
Classification #1: 10.10.0.0 10.10.0.255 -> mask1 = 255.255.255.0
Classification #2: 20.20.0.0 20.20.0.255 -> mask2 = 255.255.255.0
The following is invalid (mask1 not equal to mask2):
Classification #1: 10.10.0.00.10.0.255 -> mask1 = 255.255.255.0
Classification #2: 20.20.0.0 20.20.255.255 -> mask2 = 255.255.0.0
Classification Keys
The following classification keys are supported per port:
Legacy
VLAN
VLAN Inner VLAN
Table 8-9 and Table 8-10 show for the VLAN and VLAN Inner VLAN classification
keys, respectively, the queue mapping method and the parameters that can be
configured in a flow, the range per classification rule, maximum number of rules
per flow, and the internal flow priority. See Table 8-7 for the combinations of
flow classifications that are allowed per port.
Table 8-3. Queue Mapping Method and Configurable Flow Classification Parameters VLAN
Classification Key
1. Flow Untagged NA 1 3
2. DSCP Unclassified NA 1 2
3. P-bit
VLAN VLAN range [0..4094] 30 2
VLAN+P-bit VLAN range [0..4094]; 30 2
P-bit range [0..7]
VLAN+DSCP VLAN range [0..4094]; 30 2A
DSCP range [0..63]
VLAN+IP-P VLAN range [0..4094]; 30 2A
IP-P range [0..7]
VLAN+MAC SA Single VLAN value 1 1
SA MAC range
VLAN+MAC DA Single VLAN value 1 1
DA MAC range
VLAN+IP SA VLAN range [0..4094], 10 1
SRC IP
VLAN+IP DA VLAN range [0..4094], 10 1
Dest IP
VLAN+Ethertype Single VLAN value and 1 1
single Ethertype value
VLAN+Non IP VLAN Range [0..4094] 30 2
MAC SA SA MAC Range 1 1
MAC DA DA MAC Range 1 1
IP SA SRC IP Range 1 1
IP DA DST IP Range 1 1
Ethertype Single VLAN value 1 1
Non IP NA 1 2
Table 8-4. Queue Mapping Method and Configurable Flow Classification Parameters VLAN Inner
VLAN Classification Key
4. Flow Untagged NA 1 3
5. DSCP Unclassified NA 1 2
6. P-bit
VLAN, Inner VLAN Single Outer value 30 2
Inner VLAN range
[0..4094]
VLAN, Inner VLAN, p-bit Single Outer value 30 2
Inner VLAN range
[0..4094]
P-bit range [0..7]
VLAN, Inner VLAN, DSCP Single Outer value 30 2
Inner VLAN range
[0..4094]
DSCP range [0..63]
VLAN, Inner VLAN, non IP VLAN range [0..4094] 30 2
VLAN (one tag level only) VLAN range [0..4094] 30 2
MAC SA SA MAC range 1 1
MAC DA DA MAC range 1 1
IP SA SRC IP range 1 1
IP DA DST IP range 1 1
Ethertype Single VLAN value 1 1
Non IP NA 1 2
VLAN Actions
You can perform marking and tagging actions on the outer and inner VLAN such
as adding, replacing, or removing, as well as marking with p-bit. Only certain
combinations of actions on the outer and inner VLAN are allowed. If no action is
performed for the outer VLAN, then for the inner VLAN there must be no action
performed. Table 8-11 shows valid action combinations on ingress frame tags
and the resulting egress frame tags and p-bits, according to whether the ingress
frame is untagged, contains one VLAN, or is double-tagged. Any combination not
shown in the table is not supported.
In the ETX-2i bridge, if one of the bridge ports is configured with VLAN
classification, and another bridge port with VLAN + p-bit classification, in order to
mark the p-bit of the inner VLAN, you must mark the required p-bit at the VLAN +
p-bit bridge port.
Action on: Egress VLAN(s) and P-bit(s) for Ingress Frame Types:
Outer VLAN Inner VLAN Untagged One VLAN (X) Double VLANs
(X and Y)
Action on: Egress VLAN(s) and P-bit(s) for Ingress Frame Types:
Outer VLAN Inner VLAN Untagged One VLAN (X) Double VLANs
(X and Y)
Mark with p-bit C Mark with p-bit D Not applicable Not applicable X+ p-bit C,
unsupported unsupported Y + p-bit D
Mark with VLAN A Mark with p-bit D Not applicable Not applicable A + p-bit,
+ p-bit unsupported unsupported Y + p-bit D
Mark with VLAN A Mark with VLAN B Not applicable Not applicable A + p-bit according
+ profile E +p-bit D unsupported unsupported to E,
B +p-bit D
Unidirectional Hubs
You can configure a unidirectional hub (UDH) by defining a group of flows with
the same ingress port, classifier profile, and policer aggregate, and different
egress ports. The egress ports must be physical Ethernet ports, not virtual ports
such as SVI, ETP, etc. Only one queue-mapping profile and one marking profile
can be used for the flows in a UDH group, however VLAN tag editing can be
different in the different flows.
In unidirectional hub mode, the rate of each flow that is part of the group cannot
exceed the rate of the queue with the lowest rate, therefore it is not possible to
use different rates for different p-bits.
Multi-CoS Flows
A multi-CoS flow per MEF 10.3 contains multiple classes of service. It can be
assigned an envelope policer (see Envelope Bandwidth Profiles) to enable sharing
bandwidth between the CoSs, where each CoS is assigned a rank. Alternatively, if
bandwidth policing is not required but per-CoS counters are required.you can
specify that a multi-CoS flow has per-CoS counters.
mapped to the next highest rank, ending with mapping the last configured CoS to
1. For example, if CoS 1, CoS 5, and CoS 6 are configured, then three ranks are
used, and the mappings are:
CoS 1 to rank 3
CoS 5 to rank 2
CoS 6 to rank 1
Traffic that is mapped to a CoS that does not correspond to a CoS configured in
the envelope profile is dropped (the port-level counter Unmapped CoS Frames
indicates how many frames were dropped for this reason).
Multi-CoS flows must be assigned a CoS mapping profile, which can be used to
specify the mapping of untagged traffic to CoS in case of p-bit method, or non IP
to CoS in the case of DSCP.
Multi-CoS flows support only the following ingress/egress ports:
Ingress and egress port are Ethernet or logical MAC.
Egress port is bridge port (unidirectional and reverse flows supported).
Egress port is ETP subscriber or transport port.
The queue block mapping for the egress port in a multi-CoS flow is done as CoS
to queue mapping as follows: Cos 0 to queue 0, Cos 1 to queue 1, CoS 2 to
queue 2, etc. There is a predefined queue map profile with this mapping, with the
reserved name q-map-for-cos. This profile cannot be modified.
If a marking profile is assigned to a multi-CoS flow, it must be type CoS to p-bit.
Port Classification
You can define port classification to flexibly filter packet forwarding for ports.
Port classification consists of a set of sequentially numbered rules (similar to
ACLs), with the following rule types:
Comment Text used for commenting and visually organizing the rules.
Match Specifies the criteria for forwarding packets, as well as a flow
attribute and optional CoS (required for Multi-CoS MEF 10.3 flows)
Drop Specifies the criteria for dropping packets
The following table specifies the criteria.
Ethertype Value
DEI 0 or 1
IP protocol Value
Ethertype
Ingress packets are identified as outer VLAN-tagged packets if the packet outer
tag Ethertype equals the port configured Ethertype 0x811, 0x88a8, or one of
the two user-configurable global Ethertype values.
Ingress packets are identified as outer VLAN-tagged packets if the packet inner
tag Ethertype equals 0x811, 0x88a8, or one of the two user-configurable global
Ethertype values.
If the packet inner and outer tag Ethertypes do not meet these criteria, the
packet is treated as untagged.
Factory Defaults
By default, no flows or port classifiers are configured.
Note Classifier profiles are not used for flows that are defined with the port
classification attribute.
Note When a classification profile is assigned to a flow, each match in the profile is
allocated one of the available internal classification match entries, according to
the flow ingress port.
For example, if a classification profile is defined with matches to two different
VLANS, then if the profile is assigned to two flows that use different ingress
ports, the result is that four internal classification match entries are allocated. If
the profile is assigned to two flows that use the same ingress port, the result is
that two internal classification match entries are used.
Note Using the matching type my-mac or my-ip is equivalent to using the matching
type dest-mac <device-MAC-address> or dest-ip <host-IP-address>.
4. When you have completed specifying the criteria, enter exit to exit the
classifier profile context.
Configuring Flows
Note If the flow is being used for port classification (see Port Classification), it inherits
the ingress port from the port classification, and does not use a classifier profile.
To configure flows:
1. Navigate to config>flows.
2. Enter:
flow <flow-name> [port-classifier]
If the flow already exists, the config>flows>flow(<flow-name>)# prompt
is displayed, otherwise the flow is created and the
config>flows>flow(<flow-name>)$ prompt is displayed.
If port-classifier is specified, this flow is used for port classification, and
the commands ingress-port, classifier, reverse-direction, and
cos-mapping are not used.
3. Enter all necessary commands according to the tasks listed below.
Associating the flow with a classifier <classifier-profile-name> If the flow is multi-CoS, the
classifier profile classification must be one of the
following:
VLAN, VLAN + inner VLAN, VLAN
range
Match all
Untagged
This command cannot be used if
port-classifier was specified for the
flow.
Associating multi-CoS flow with cos-mapping-profile <cos-mapping-profile-name> This command cannot be used if
CoS mapping profile port-classifier was specified for the
flow.
Specifying the ingress packet ingress-color green You can set the packet color to
color ingress-color yellow green or yellow, or use a color
mapping profile (see Color Mapping
ingress-color profile <color-mapping-profile-name>
Profiles).
Specifying the ingress port ingress-port ethernet [<slot>/]<port> This command cannot be used if
ingress-port bridge-port <bridge-number> port-classifier was specified for the
<bridge-port-number> flow.
ingress-port etp <etp-name> {subscriber | transport} Note: If working with PW, packets
<port-number> forwarded to the SVI must be
ingress-port logical-mac <port> untagged, and pop any VLAN.
Specifying the egress port, and egress-port ethernet [<slot>/]<port> [queue If a queue mapping profile is used,
defining queue <queue-id> block <level-id/queue-id>] it must be compatible with the
egress-port ethernet [<slot>/]<port> classification criteria of the flow,
[queue-map-profile <queue-map-profile-name> e.g. if the classification is according
block <level-id/queue-id>] to DSCP then the queue mapping
should not be according to p-bit.
egress-port ethernet <port> [block <level-id/queue-id>]
egress-port bridge-port <bridge-number> For multi-CoS flows, the predefined
<bridge-port-number> [cos <cos-id>] q-map-for-cos queue mapping
profile should be used.
egress-port bridge-port <bridge-number>
<bridge-port-number> [cos-map-profile Note: If working with PW, packets
<cos-map-profile-name>] forwarded from the SVI must be
untagged or match all, and push
egress-port etp <etp-name> {subscriber | transport}
any necessary VLAN.
<port-number> [cos <cos-id>]
egress-port etp <etp-name> {subscriber | transport}
<port-number> [cos-map-profile
<cos-map-profile-name>]
egress-port logical-mac <port> [queue <queue-id>
block <level-id/queue-id>]
egress-port logical-mac <port> [queue-map-profile
<queue-map-profile-name> block <level-id/queue-id>]
egress-port logical-mac <port>
[block <level-id/queue-id>]
egress-port pcs <port> [queue <queue-id>
block <level-id/queue-id>]
egress-port pcs <port> [queue-map-profile
<queue-map-profile-name> block <level-id/queue-id>]
egress-port pcs <port> [block <level-id/queue-id>]
egress-port svi <port> [queue <queue-id>]
egress-port svi <port> [queue-map-profile
<queue-map-profile-name>]
Associating a Layer-2 control l2cp profile <l2cp-profile-name> L2CP profile can be attached only
processing profile with the flow to flows with the following
classification types:
VLAN/VLAN+P-bit
Outer+Inner VLAN / Outer +P-bit
+ Inner VLAN
P-bits
VLAN+Non IP
Untagged
Defining marking actions for the mark all See the following table for the
flow such as overwriting the VLAN marking actions.
ID or inner VLAN ID or setting the
priority, or specifying MAC and IP
address swap
Specifying that the flow is a multi-cos-counters <cos-list> <cos-list> is the list of CoS values
multi-CoS flow with counters for for the flow; the list can be a range
the multiple CoSs such as 1..3 or a list of values such
as 2,4,5
You can assign either multiple CoS
counters or an envelope policer to
a multi-CoS flow; you cannot assign
both.
Associating regular flow with a policer profile <policer-profile-name> Note: You cannot assign a policer
non-envelope policer profile or policer aggregate <policer-aggregate-name> profile to a flow with a bridge port
policer aggregate as ingress port.
Associating multi-CoS flow with policer envelope <policer-profile-name> You can assign either an envelope
envelope policer policer or multiple CoS counters to
a multi-CoS flow; you cannot assign
both.
Measuring data rate and line rate rate-measure interval <seconds> Possible values: 10300
of flow See Viewing Flow Data Rate and
Line Rate for details.
Defining flow to bridge port as reverse-direction block <queue-block-id> Note: This command is allowed only
bidirectional, if bridge is if port classifier was not specified
VLAN-aware for the flow, the bridge is
VLAN-aware, and the egress port is
a bridge port.
Assigning service name to flow for service-name <name> The flows that belong to the same
its subsequent discovery by service must be tagged in both
RADview directions.
Displaying measured flow data show rate See Viewing Flow Data Rate and
rate and line rate Line Rate for details.
Displaying flow status show status Fault propagation actions are
visible only for flows configured
with fault propagation and
activated fault propagation license.
See Viewing Flow Status.
Adding VLAN ID with p-bit set to vlan-tag push vlan <sp-vlan> p-bit fixed <fixed-p-bit> Inner-ether-type can be configured
specific value, and optionally [inner-vlan <inner-sp-vlan>[inner-ether-type to one of the four global device
adding inner VLAN ID with <inner-ether-type>] p-bit fixed <inner-fixed-p-bit>] level Ethertypes (see Ethertype
Ethertype (optional) and with section in Chapter 6).
p-bit set to specific value If not configured, the inner
Ethertype is set to 0x8100.
Adding VLAN ID with p-bit set to vlan-tag push vlan <sp-vlan> p-bit fixed <fixed-p-bit> Inner-ether-type can be configured
specific value, and optionally [inner-vlan <inner-sp-vlan> [inner-ether-type to one of the four global device
adding inner VLAN ID with <inner-ether-type>] level Ethertypes (see Ethertype
Ethertype (optional) and with p-bit profile <inner-marking-profile-name>] section in Chapter 6).
p-bit set via marking profile If not configured, the inner
Ethertype is set to 0x8100.
Adding VLAN ID with p-bit set to vlan-tag push vlan <sp-vlan> p-bit fixed <fixed-p-bit> Inner-ether-type can be configured
specific value, and optionally [inner-vlan <inner-sp-vlan> [inner-ether-type to one of the four global device
adding inner VLAN ID with <inner-ether-type>] p-bit copy] level Ethertypes (see Ethertype
Ethertype (optional) and with section in Chapter 6).
p-bit set by copying from the If not configured, the inner
incoming frame Ethertype is set to 0x8100.
Adding VLAN ID with p-bit set via vlan-tag push vlan <sp-vlan> Inner-ether-type can be configured
marking profile, and optionally p-bit profile <marking-profile-name> to one of the four global device
adding inner VLAN ID with [inner-vlan <inner-sp-vlan> [inner-ether-type level Ethertypes (see Ethertype
Ethertype (optional) and with <inner-ether-type>] p-bit fixed <inner-fixed-p-bit>] section in Chapter 6).
p-bit set to specific value If not configured, the inner
Ethertype is set to 0x8100.
Adding VLAN ID with p-bit set via vlan-tag push vlan <sp-vlan> Inner-ether-type can be configured
marking profile, and optionally p-bit profile <marking-profile-name> to one of the four global device
adding inner VLAN ID with [inner-vlan <inner-sp-vlan> [inner-ether-type level Ethertypes (see Ethertype
Ethertype (optional) and with <inner-ether-type>] section in Chapter 6).
p-bit set via marking profile p-bit profile <inner-marking-profile-name>] If not configured, the inner
Ethertype is set to 0x8100.
Adding VLAN ID with p-bit set via vlan-tag push vlan <sp-vlan> Inner-ether-type can be configured
marking profile, and optionally p-bit profile <marking-profile-name> to one of the four global device
adding inner VLAN ID with [inner-vlan <inner-sp-vlan> [inner-ether-type level Ethertypes (see Ethertype
Ethertype (optional) and with <inner-ether-type>] p-bit copy] section in Chapter 6).
p-bit set by copying from the If not configured, the inner
incoming frame Ethertype is set to 0x8100.
Adding VLAN ID with p-bit set by vlan-tag push vlan <sp-vlan> p-bit copy Inner-ether-type can be configured
copying from the incoming frame, [inner-vlan <inner-sp-vlan> [inner-ether-type to one of the four global device
and optionally adding inner VLAN <inner-ether-type>] p-bit fixed <inner-fixed-p-bit>] level Ethertypes (see Ethertype
ID with Ethertype (optional) and section in Chapter 6).
with p-bit set to specific value: If not configured, the inner
Ethertype is set to 0x8100.
Adding VLAN ID with p-bit set by vlan-tag push vlan <sp-vlan> p-bit copy Inner-ether-type can be configured
copying from the incoming frame, [inner-vlan <inner-sp-vlan> [inner-ether-type to one of the four global device
and optionally adding inner VLAN <inner-ether-type>] level Ethertypes (see Ethertype
ID with Ethertype (optional) and p-bit profile <inner-marking-profile-name>] section in Chapter 6).
with p-bit set via marking profile If not configured, the inner
Ethertype is set to 0x8100.
Adding VLAN ID with p-bit set by vlan-tag push vlan <sp-vlan> p-bit copy Inner-ether-type can be configured
copying from the incoming frame, [inner-vlan <inner-sp-vlan> [inner-ether-type to one of the four global device
and optionally adding inner VLAN <inner-ether-type>] p-bit copy] level Ethertypes (see Ethertype
ID with Ethertype (optional) and section in Chapter 6).
with p-bit set by copying from the If not configured, the inner
incoming frame Ethertype is set to 0x8100.
Displaying the flow statistics show statistics running See Viewing Flow Statistics.
Administratively enabling the flow no shutdown You can activate a flow only if it
is associated with at least a
classifier profile, ingress port,
and egress port.
A flow from a bridge port to a
physical port cannot be
activated if another flow from
the same bridge port, in the
same VPN, exits to a different
egress cluster (physical port and
queue block). This applies to
unidirectional flows and to the
reverse direction of bidirectional
flows.
Type shutdown to disable the
flow.
The following marking actions can be performed in the mark level, at the
config>flows>flow(<flow-name>)>mark# prompt.
Overwriting inner p-bit according inner-marking-profile <inner-marking-profile-name> See comments for marking-profile.
to marking profile
Overwriting p-bit with a new value p-bit <p-bit-value> Typing no p-bit removes the
overwriting of p-bit.
Overwriting inner p-bit with a new inner-p-bit <inner-p-bit-value> Typing no inner-p-bit removes the
value overwriting of inner p-bit.
Overwriting VLAN ID with a new vlan <vlan-value> Typing no vlan removes the
value overwriting of VLAN ID.
Overwriting inner VLAN ID with a inner-vlan <inner-vlan-value> [inner-ether-type Inner-ether-type can be configured
new value and optional Ethertype <inner-ether-type>] to one of the four global device level
value Ethertypes (see Ethertype section in
Chapter 6).
If not configured, the inner
Ethertype is set to 0x8100.
Typing no inner-vlan removes the
overwriting of inner VLAN ID.
Note In the case of LAG port, the port classifier rules must be configured for the
anchor port.
Examples
Classifier Profiles
To create classifier profile with criteria VLAN 20 and inner VLAN 30:
exit all
configure flows classifier-profile v20_inner_30 match-any
Traffic Flows
This section provides an example of configuring the following flows:
Outgoing traffic from port ETH 0/3 to port ETH 0/1:
Accept only traffic tagged with VLAN 10.
Add VLAN 100 with p-bit 5 (this causes VLAN 100 to be the outer VLAN
and VLAN 10 to be the inner VLAN).
Incoming traffic from port ETH 0/1 to port ETH 0/3:
Accept only traffic tagged with VLAN 100 and inner VLAN 10.
Remove the outer VLAN (VLAN 100).
ETP Flows
This section provides an example of configuring the following flows:
Flow sub1:
Ingress = ethernet 0/3
Egress = etp ETP1 subscriber 1, CoS mapping profile my-p-bit (see CoS
Mapping Profiles for details on CoS mapping profiles)
Flow trans1:
Ingress = etp ETP1 transport 1
Egress = ethernet 0/1, queue 0, block 0/1
Unidirectional Hub
This section provides an example of configuring a unidirectional hub with five
flows:
Ingress port = ETH 0/1
Egress ports:
ETH 0/3, queue 0, block 0/1
ETH 0/3, queue 0, block 0/2
ETH 0/5, queue 1, block 0/1
ETH 0/5, queue 1, block 0/2
ETH 0/6, queue 0, block 0/1
Criteria = VLAN 100
Policer profile bandwidth limits = CIR 10000, CBS 5000, EIR 0, EBS 0
Multi-CoS Flow
This section provides an example of configuring multi-CoS flows per MEF 10.3:
Flow with multi-CoS counters:
Ingress port = ETH 0/1
Egress port: ETH 1/1
Criteria = VLAN 10
Flow with envelope policer:
Ingress port = ETH 1/1
Egress port: ETH 0/1
Criteria = VLAN 10
Envelope profile bandwidth limits:
CIR 1000; maximum CIR 10,000; CBS 2000; EIR 0; EBS 0; maximum EIR 0
CIR 2000; maximum CIR 10,000; CBS 2000; EIR 0; EBS 0; maximum EIR 0
CIR 4000; maximum CIR 10,000; CBS 5000; EIR 0; EBS 0; maximum EIR 0
CIR 8000; maximum CIR 10,000; CBS 5000; EIR 0; EBS 0; maximum EIR 0
classifier v10
cos-mapping profile cos-pbit
no policer
multi-cos-counters 0..3
ingress-port ethernet 0/1
egress-port ethernet 1/1 queue-map-profile q-map-for-cos block 0/1
no shutdown
exit
#************Outer p-bit************
configure port ethernet 0/1 classifier
match p-bit 2 sequence 2 to-flow 2
exit all
#************Dest MAC************
configure port ethernet 0/1 classifier
match dst-mac 00-11-22-33-44-55 sequence 3 to-flow 3
exit all
#************ToS************
configure port ethernet 0/1 classifier
match tos 8 sequence 8 to-flow 8
exit all
#************Protocol************
configure port ethernet 0/1 classifier
match protocol 5 sequence 9 to-flow 9
exit all
no shutdown
exit all
#************ IP DSCP************
configure port ethernet 0/1 classifier
match ip-dscp 4..6 sequence 10 to-flow 10
exit all
#************IP Precedence************
configure port ethernet 0/1 classifier
match ip-dscp 4..6 sequence 11 to-flow 11
exit all
Note MAC swap is not performed if the flow is part of a unidirectional hub.
The following procedure shows how to run an application layer loopback test
using a flow.
Example
Note This example uses the classifier profile da mac aa, created in the classifier
profile examples.
ETH1
Figure 8-11. Application Layer Loopback Test on Flow with Three Attributes
Note This example uses the classifier profile all, created in the classifier profile
examples.
ETH 3 ETH 1
Figure 8-12. Application Layer Loopback Test on Flow with a Single Attribute
Examples
Rx Statistics
-----------------------------------------------------------------------------
Total
Packets : 20000
Bytes : 20000000
Drop Statistics
-----------------------------------------------------------------------------
Packets Bytes
Total : 197941 197941000
Green : 197941 197941000
Yellow : 0 0
Red : 0 0
Yellow/Red : 0 0
Drop Rate
-----------------------------------------------------------------------------
pps L1 (bps) L2(bps)
Total(Rate) : 243 1947758 1800000
Green(Rate) : 243 1947758 1800000
Yellow(Rate) : 0 0 0
Red(Rate) : 0 0 0
Yellow/Red(Rate) : 0 0 0
Tx Statistics
-----------------------------------------------------------------------------
Packets Bytes
Total : 197941 197941000
Green : 197941 197941000
Yellow : 0 0
Tx Rate
-----------------------------------------------------------------------------
pps L1 (bps) L2(bps)
Total(Rate) : 243 1947758 1800000
Green(Rate) : 243 1947758 1800000
Yellow(Rate) : 0 0 0
Peak Measurement
-----------------------------------------------------------------------------
L1 Min. L2 Min L1 Max L2 Max.
Tx Bit Rate [bps] : 0 0 1300 1252
Drop Bit Rate [bps]: 0 0 13000 121203
Cos Number : 2
Rx Statistics
-----------------------------------------------------------------------------
Total
Packets : 0
Bytes : 0
Drop Statistics
-----------------------------------------------------------------------------
Packets Bytes
Total : 0 0
Green : 0 0
Yellow : 0 0
Red : 0 0
Yellow/Red : 0 0
Drop Rate
-----------------------------------------------------------------------------
pps L1 (bps) L2(bps)
Total(Rate) : 0 0 0
Green(Rate) : 0 0 0
Yellow(Rate) : 0 0 0
Red(Rate) : 0 0 0
Yellow/Red(Rate) : 0 0 0
Tx Statistics
-----------------------------------------------------------------------------
Packets Bytes
Total : 0 0
Green : 0 0
Yellow : 0 0
Tx Rate
-----------------------------------------------------------------------------
pps L1 (bps) L2(bps)
Total(Rate) : 0 0 0
Green(Rate) : 0 0 0
Yellow(Rate) : 0 0 0
Peak Measurement
-----------------------------------------------------------------------------
L1 Min. L2 Min L1 Max L2 Max.
Tx Bit Rate [bps] : 0 0 0 0
Drop Bit Rate [bps]: 0 0 0 0
Cos Number : 3
Rx Statistics
-----------------------------------------------------------------------------
Total
Packets : 0
Bytes : 0
Drop Statistics
-----------------------------------------------------------------------------
Packets Bytes
Total : 197941 197941000
Green : 197941 197941000
Yellow : 0 0
Red : 0 0
Yellow/Red : 0 0
Drop Rate
-----------------------------------------------------------------------------
pps L1 (bps) L2(bps)
Total(Rate) : 243 1947758 1800000
Green(Rate) : 243 1947758 1800000
Yellow(Rate) : 0 0 0
Red(Rate) : 0 0 0
Yellow/Red(Rate) : 0 0 0
Tx Statistics
-----------------------------------------------------------------------------
Packets Bytes
Total : 197941 197941000
Green : 197941 197941000
Yellow : 0 0
Tx Rate
-----------------------------------------------------------------------------
pps L1 (bps) L2(bps)
Total(Rate) : 243 1947758 1800000
Green(Rate) : 243 1947758 1800000
Yellow(Rate) : 0 0 0
Peak Measurement
-----------------------------------------------------------------------------
L1 Min. L2 Min L1 Max L2 Max.
Tx Bit Rate [bps] : 0 0 1300 1252
Drop Bit Rate [bps]: 0 0 13000 121203
Cos Number : 5
Rx Statistics
-----------------------------------------------------------------------------
Total
Packets : 0
Bytes : 0
Drop Statistics
-----------------------------------------------------------------------------
Packets Bytes
Total : 0 0
Green : 0 0
Yellow : 0 0
Red : 0 0
Yellow/Red : 0 0
Drop Rate
-----------------------------------------------------------------------------
pps L1 (bps) L2(bps)
Total(Rate) : 0 0 0
Green(Rate) : 0 0 0
Yellow(Rate) : 0 0 0
Red(Rate) : 0 0 0
Yellow/Red(Rate) : 0 0 0
Tx Statistics
-----------------------------------------------------------------------------
Packets Bytes
Total : 0 0
Green : 0 0
Yellow : 0 0
Tx Rate
-----------------------------------------------------------------------------
pps L1 (bps) L2(bps)
Total(Rate) : 0 0 0
Green(Rate) : 0 0 0
Yellow(Rate) : 0 0 0
Peak Measurement
-----------------------------------------------------------------------------
L1 Min. L2 Min L1 Max L2 Max.
Tx Bit Rate [bps] : 0 0 0 0
Drop Bit Rate [bps]: 0 0 0 0
Example
Status Details
-----------------------------------------------------------------------------
: Ingress Port Oper Status: Down
Example
To display data rate and line rate for flow:
ETX-2i# configure flows flow f10_out
ETX-2i>config>flows>flow(f10_out)# rate-measure interval 30
ETX-2i>config>flows>flow(f10_out)#
Name : f10_out
Status : Passed
Start Time : 2014-11-13 12:24:36 UTC +00:00
Duration (Sec) : 30
Cos : 255
L1 L2
Rx Rate (bps) : 1000 950
Tx Rate (bps) : 1500 1400
Green Drop (bps) : 100 95
Yellow Drop (bps) : 100 95
Red Drop (bps) : 100 90
Overview
Network functions virtualization (NFV) is a network architecture concept that uses
IT virtualization technologies to virtualize entire classes of network node
functions into building blocks that connect or chain together to create
communication services.
NFV uses IT virtualization technologies to replace dedicated network devices with
software running on common off-the-shelf servers. NFV relies upon, but differs
from, traditional server-virtualization techniques, such as those used in enterprise
IT.
A virtualized network function (VNF) can consist of one or more virtual machines
running different software and processes on top of standard high-volume
servers, switches, and storage, or even cloud computing infrastructure, instead of
allocating custom hardware appliances for each network function.
The original approach to NFV advocates placement of VNFs not only in data
centers, but throughout the network, wherever they are most effective and least
expensive.
Distributed Network Functions Virtualization (D-NFV) is a solution for distributed
NFV at the customer edge. According to this concept, some network functions
are located in the cloud while others are distributed geographically to locations
out of the cloud, at customer premises.
D-NFV Orchestrator, a GUI network management application described in the
RADview Manual, manages D-NFV applications.
Orchestrator
Controller
ETX-2i ETX-2i
D-NFV Module
The D-NFV module resides on an x86 card connected to the ETX-2i NID, which
uses a cloud computing software platform to enable hosting virtual machines
providing virtual functions (VFs).
D-NFV Module software is based on a Linux machine that runs OpenStack services
and DNFV-OS software that provides an operation and maintenance environment.
D-NFV module has the following general features:
General
Based on x86 hardware and Linux Ubuntu distribution version 14.04.3
Supports D-NFV HW cards inserted into ETX2i
Supports IPv4
Supported by RADview
Supports DPDK acceleration.
DNFV-OS
OpenStack
Supports OpenStack Juno version 2014.2.3
Supports Compute Node functionalities
Supports Controller functionalities
Supports OVS and Linux Bridge
Applicable Products
This feature is applicable to ETX2i with D-NFV option.
Benefits
Rapid rollout of new services, network capabilities, and functions
Integration of higher-level applications (firewall, encryption, WINDOWS server,
and more) with a communication platform in a single device
Reduced number of physical network devices for better reliability and simpler
operation
Reduced customer site equipment footprint and less power consumption
Functional Description
D-NFV Module
D-NFV infrastructure is based on OpenStack, a software platform that controls
large pools of compute, storage, and networking resources and is managed via
the OpenStack API.
Related to D-NFV context, OpenStack provides two main functions:
Controller
Compute Node
The D-NFV module includes the following components:
Controller
Located in the cloud, Controller manages the edge devices VNF resources, such
as compute, storage, and network capabilities. Controller is also responsible for
controlling the deployment of VNF instances.
Compute Node
Compute Node is located in the customer edge device, where D-NFV modules
reside on a standard Intel x86 core that enables hosting virtual machines. These
VMs host VNFs. Compute Node is controlled by Controller.
ETX2i Device
The D-NFV module resides on an x86 card connected to the ETX-2i NID.
ETX
VNF2 VNF1
X86
Controller
Hypervisor (KVM)
HW Resources
P7 P8
Application Management
Application management includes both planning and deployment and is
performed via D-NFV Orchestrator, a module designed specifically for NFV
management.
D-NFV Orchestrator provides the following configuration capabilities:
Device configuration (except D-NFV module) Configuration to connect a
devices physical or logical ports to D-NFV module ports (using internal flows,
bridges) and provide the needed functionality (QoS, protocols).
VNF deployment (D-NFV module) Configuration to create connectivity,
allocate resources, and deploy the VNF instance.
D-NFV Orchestrator communicates with the device to set device configuration,
and with Controller to set VNF deployment. Controller communicates with
Compute Node.
D-NFV Orchestrator receives status and statistics events from the device and
Controller.
Note You can also run a Telnet/SSH session directly to the x86 processor.
Getting command help --help Shows DNFV-OS commands that you can
use to configure Compute Node.
Setting MTU size --mtu= <size> Maximum transmission unit; the largest size
packet (in octets), which can be sent in the
network
Table 8-7. DNFV-OS Correlation Map Between ETX-2i Ports and x86 Interface
Note
You can view the current map configuration by typing
cat /home/rad/work/code/mgmt/fault-propagation/dnfv-fp-ifs-map.conf.
When the DNFV-OS receives such a trap, it changes the appropriate VMs
vNIC(s) link status according to the trap content.
Fault Propagation configuration requires configuring both the ETX-2i device and
DNFV-OS (Compute Node).
The ETX2i devices sends the VM the internal trap adminDown, which by
default has the tag masked. This trap notifies the VM that a device port
has gone down, enabling synchronization between the VM and device
ports.
Enable SNMP trap-sync mechanism. For configuration details, refer to the
Configuring SNMPv3 Parameters section in Chapter 4 of the ETX2i Installation
and Operation Manual.
Mapping ETX-2i physical --ifs-map-entry=etx-port,x86- etx-port must match the SourceName field
port to x86 interface if within the ethLos trap (format: Ethernet
[slot/]port). See default table: Table 8-13
Note You can view the available host power command options, by entering
dnfv-ctrl-pwr--help.
Examples
etx2i-x86-acc login:
etx2i-x86-acc login: rad
Password:
Last login: Mon May 30 20:26:34 IDT 2016 on ttyS0
rad@etx2i-x86-acc:~$
Rebooting...
Shutting down...
Rebooting...
Done.
Rebooting...
target-params "x86_fp_trap"
address udp-domain <TRAP DESTINATION IP>
no shutdown
tag-list unmasked masked
trap-sync-group 1
exit
exit
exit
exit
save
The following shows how to configure the correlation map:
rad@compute1:~$
dnfv-fp-conf --ifs-map-entry="Ethernet 0/1,p4p2"
dnfv-fp-conf --ifs-map-entry="Ethernet 0/2,p4p1.200"
dnfv-fp-conf --ifs-map-entry="Ethernet 0/3,p4p1.201"
dnfv-fp-conf --ifs-map-entry="Ethernet 0/4,p4p1.202
The following shows how to configure DNFV-OS (Compute Node) with fault
propagation as follows:
SNMP trap community set to public
SNMP set community set to private
SNMP trap source IP address set to 172.17.231.238
Skipping the reboot post-execution step
rad@compute1:~$
dnfv-fp-conf --snmp-trap-community=public --snmp-set-
community=private --snmp-trap-src-ip=172.17.231.238 --no-
restart
Host: Compute
Name: compute1
Platform: ETX-2I
Add-on functionality:
aux-tools
tcpping
core-pinning
dp-acceleration
fault-propagation
rad@compute1:~$
The following example shows how to display Compute Node enhanced
information.
rad@compute1:~$ dnfv-info-max
Version: dnfv-1.1.0.015
Host: Compute
Name: compute1
Platform: ETX-2I
OS: Linux - Ubuntu 14.04.2 LTS
Cloud management: OpenStack - 2014.2.3
Add-on functionality:
aux-tools
tcpping
core-pinning
---
Packages:
...
---
Configuration files:
...
Configuring Controller
Perform the following steps to configure the Controller:
1. Install Controller (see Controller Installation).
2. Log into the Controller (see Logging into Controller).
3. Configure the Controller basic settings (see Configuring Controller
Parameters).
Controller Installation
DNFV-OS provides installation of a Controller image for the VMware virtualization
environment.
Controller can be installed during the D-NFV Orchestrator installation on the same
server or separately on another server.
For installation during D-NFV Orchestrator installation, see the relevant topic in
the RADview online help.
For installation on another server, use the installation image.
For example, dnfv-os-1.2.0.010-ctrl-vmware.ova.
VMware server system requirements are:
ESXi server version 5.0 or later
2GB RAM memory available
60GB hard drive
3. Click Next.
4. Select the Name and Location tab, and type a Name for the virtual machine.
Note You can also select Thick Provision: however, this uses more disk space.
To configure Controller:
At the rad@controller:~$ prompt, type dnfv-conf, followed by the necessary
configuration options, according to the tasks listed below.
Controller Verification
Examples
Host: Controller
Name: controller
Platform: VM
Add-on functionality:
aux-tools
rad@controller:~$
Maintenance
Upgrade
This section describes the Upgrade process for Controller and Compute Node. The
Upgrade process supports installation of x86 software above a previous
upgradeable version (from V. 1.2.0.10).
The Upgrade Apply process is automatic (remotely triggered).
You can update x86 software using either of the following two methods:
Upgrade Process
The Upgrade process is composed of two stages:
recommended to apply Upgrade (Apply stage) at night, when services are not
running.
The following are not supported:
Downgrade (related to packages)
Update of external packages (add-ons)
Downloading upgrade file download arch-url [--apply [-- arch-url <transfer-protocol> ://
and optionally, applying no-reboot]] <username>:<password>@<ip-address> /
the upgrade with or <file-name>
without reboot apply Use this command option to apply
the upgrade immediately after downloading
the file. If you do not want to upgrade
immediately following download, enter the
apply command option `at a later time (see
following task).
Applying the upgrade file in apply arch [--no-reboot] Use this command option in the case that
the remote host with or you did not apply the upgrade in the same
without reboot command as the download (see previous
task). In this case, you need to specify the
name of the upgrade file to apply.
arch file-name to apply
Patch Process
DNFV-OS supports a command to perform the x86 software patch update.
Backup
You should perform periodic backup of the DNFV Compute Node and Controller.
Then, if a problem occurs with the DNFV Compute Node or Controller, you can
replace it with a backed up version.
The Backup process saves the following components:
Compute Node
Compute Node configuration the configuration performed by DNFV-OS
commands
VNF instances the instances that OpenStack downloaded from the
Controller
VNF configuration the configuration performed by the user
VNF license the license that the user inserted
Controller
Controller configuration the configuration performed by DNFV-OS
commands
Controller information OpenStack file system
Controller Backup
The Controller backup process does the following:
Creates a text file (controller-config) with all historical controller
configuration commands (dnfv-conf and more)
Creates a tar file (controller-info) with all controller info (OpenStack file
system)
Backs up compute tokens
Packs all files into one backup file
Copies the backup file to the SFTP server
Getting command help --help Shows DNFV-OS command that can be used
to perform the backup process.
Getting command help --help Shows DNFV-OS command that can be used
to perform the backup process.
Restore
You can restore Compute Node or Controller, if you previously created a backup
file.
Getting command help --help Shows DNFV-OS command that can be used
to perform the restore process.
Controller Restore
The Controller Restore process requires access and login into the Controller
machine (x86).
The Compute Node restore process is automated by a single dnfv-restore
command.
The Restore command performs the following:
Enables access to the Controllers VM prompt
Login to Controllers VM
Unpacks the relevant backup file
Runs a script on Controller, which includes:
Running commands from the text file controller-config, and performing
reboot
Running the actual Restore command that does the following:
Copies from the SFTP server the relevant backup file
Unpacks the backup file
Opens the controller-info tar file
Restarts the compute tokens
To restore Controller:
At the rad@controller:~$ prompt, type dnfv-restore, followed by the
necessary option, according to the tasks listed below.
Getting command help --help Shows DNFV-OS command that can be used
to perform the restore process
Examples
Applicable Products
This feature is applicable to ETX2i and ETX-2i-B.
Standards
RFC 2784: Generic Routing Encapsulation (GRE)
RFC 4087: IP Tunnel MIB
RFC 2890
Benefits
Allows transport of Layer-2 frames over an IP infrastructure.
Functional Description
ETHoIP/GRE Encapsulation
ETHoIP/GRE encapsulation is illustrated in the following diagram.
The original Ethernet frame header and payload are encapsulated with a GRE
header, as described in RFC 2890, and a Tunnel IP header.
The Tunnel Identifier can be defined using one of the following two methods:
SRC IP (Key flag in GRE header is cleared)
SRC IP + key (If key is configured and k flag is set in GRE header)
Configured key is symmetrical (both Tx and Rx use the same key)
Both methods can coexist.
The following configuration is supported on the user side (Ethernet).
ETX-2
The Tunnel Tx flows can have the Match all classification profiles:
The Layer-2 GRE Tunnel interface supports configuration of the IP Tunnel DSCP to
one of the following:
A fixed value (0-63)
A previously defined p-bit to DSCP profile (refer to Configuring Marking
Profiles in the Quality of Service (QoS) section in Chapter 11).
Forwarding Model
The diagram below describes the ETHoGRE forwarding model.
Once encapsulated with IP/GRE, forwarding is done by the Router.
ETX-2
ETH
GRE Tunnel
Port
Identify My Tunnel
ETH
Router Port
GRE packets that exceed the GRE interface (Tunnel) MTU are discarded. There is
no support for fragmentation/reassembly.
Tunnel source IP should match one of the Router interface IP addresses.
Note When creating a GRE tunnel, it is recommended to configure OAM above the GRE
tunnel. See the example below.
Factory Defaults
Table 8-8. Tunnel Parameter Default Values
Configuring tunnel DSCP values dscp {fixed <number> | profile <profile-name>} number fixed DSCP value
Possible values:
0-63
255 means that the ETHoGRE
will use the DSCP profile.
profile-name name of profile
that maps p-bit to DSCP (refer
to Configuring Marking Profiles
in the Quality of Service (QoS)
section in Chapter 11).
Possible values: 1-32 character
string
Defining source IP address or router tunnel-source [<ip-address>] [router-interface Either router-interface number
interface number used to bind the <number>] of IP address must be defined;
tunnel to a router interface no tunnel-source not both.
ip-address must be a valid
unicast IPv4 or non-link-local
IPv6 address
The router interface anchoring
the tunnel may not be a
loopback interface.
Source and destination
addresses must both be IPv4 or
both IPv6.
Packets
Tunnel Encapsulated 1532
Tunnel Decapsulated 9800
Parameter Description
Tunnel Physical Interface Physical interface bound to the router interface anchoring the tunnel
Possible values:
Empty string
(<port-type> <port-number>)
Tunnel Source Address Tunnel source IP address
Possible values:
-- (Tunnel address is not configured.)
<IPv4 or IPv6 unicast address>/<prefix length>
Configuration Errors
The following table lists the messages generated by ETX-2i when a configuration
error is detected.
Tunnel already exists with a You tried changing the type of Delete the tunnel and then create a
different type an existing tunnel from gre-ip new tunnel (same index as deleted
to gre-eth, or vice versa. tunnel) with the new type.
Create a new tunnel (new index) of the
new type.
SVI type must be GRE SVI type is not GRE. Bind to SVI of type GRE.
The address is assigned to You tried to configure the Assign a unique address to the tunnel.
another interface tunnel with an address of an
already existing tunnel or
router interface.
Tunnel may not be anchored to You assigned to the router Assign another IP address.
loopback interface interface anchoring the tunnel
an address of a loopback
interface.
Configure either source address You tried to configure the Remove one of the configurations:
or interface, not both router interface anchoring the either the address or interface.
tunnel with both an address
and interface.
Source and destination must be You tried to configure tunnel Define destination and source with
both IPv4 or both IPv6 destination with an IPv4 same type of IP address both IPv4 or
address while the tunnel both IPv6.
source is an IPv6 address.
You tried to configure tunnel
source with an IPv4 address
while the tunnel destination is
an IPv6 address.
Examples
flow "user_in"
classifier "untagged"
ingress-port ethernet 0/1
egress-port svi 1
no shutdown
exit
flow "user_out"
classifier "all"
ingress-port svi 1
egress-port ethernet 0/1 queue 0 block 0/1
no shutdown
exit
flow "tunnel1_in"
classifier "v100"
ingress-port ethernet 0/3
egress-port svi 2
no shutdown
exit
flow "tunnel1_out"
classifier "v100"
ingress-port svi 2
egress-port ethernet 0/3 queue 0 block 0/1
no shutdown
exit
flow "tunnel2_in"
classifier "v200"
ingress-port ethernet 0/3
egress-port svi 3
no shutdown
exit
flow "tunnel2_out"
classifier "v200"
ingress-port svi 3
egress-port ethernet 0/3 queue 0 block 0/1
no shutdown
exit
exit
router 1
interface 1
address 20.20.20.20/24
bind svi 1
no shutdown
exit
tunnel-interface 1 gre-eth
no shutdown
tunnel-source router-interface 1
tunnel-destination 30.30.30.30
bind svi 2
exit
tunnel-interface 2 gre-eth
no shutdown
tunnel-source router-interface 1
tunnel-destination 40.40.40.40
bind svi 3
exit
exit
exit
tunnel-interface 1 gre-eth
no shutdown
tunnel-source router-interface 1
tunnel-destination 20.20.20.20
bind svi 2
exit
exit
exit
configure
oam
echo "OAM CFM Configuration"
# OAM CFM Configuration
cfm
maintenance-domain 1
name string "MD1"
maintenance-association 1
name string "MA1"
ccm-interval 3.33ms
classification vlan 100
mep 1
bind ethernet 0/3
classification vlan 100
remote-mep 10
ccm-priority 7
direction up
client-md-level 4
no shutdown
exit
exit
exit
exit
exit
fault
echo "Fault Propagation Configuration"
# Fault Propagation Configuration
fault-propagation mep 1 1 1 to policer flow "3"
action-on-group policer-swap "zero"
trigger oam-cfm-loc
exit
exit
exit
to predefined attributes and BW thresholds, and once detected, rate limits these
sessions per user configuration.
Rate limiting is released, once the session rate drops below a configured value.
Fat pipe detection supports up to ten simultaneous detected and policed sessions
(micro flows).
Applicable Products
This feature is applicable to ETX-2i-10G half 19 only.
Standards
N/A
Benefits
Minimizes traffic congestion and dropped packets in network
Functional Description
Activation of Fat pipe detection requires you to create and configure a Fat pipe
detection profile, and then bind it to an Ethernet port (see Configuring Ethernet
Port Parameters).
You can bind up to two Ethernet ports to a Fat pipe detection profile.
You must configure the following in the Fat pipe detection profile:
Search key used for Fat pipe differentiation; can include up to five of the
following L2-L4 packet attributes: dst-mac, src-mac, vlan, p-bit, inner-vlan,
inner-p-bit, dscp, ip-precedence, tos, protocol, src-ip-address, dst-ip-address,
l4-src-port, l4-dst-port
that a Fat pipe has been detected is the CIR+EIR (PIR) rate in the policer BW
profile.
It takes the algorithm one second to detect the first high-BW session, and
1+n seconds to detect the following n high-BW sessions.
2. Once the exceptionally high-BW sessions are found, the Fat pipe detection
procedure binds its defined two-rate three-color policer to the sessions, in
order to rate limit the BW of these sessions.
3. The sessions are monitored; once their BW drops below the CIR defined in
the policer for the defined release hold time, the policer is released and
alarms are cleared. Simultaneously, the search for additional high BW
sessions is resumed (Step 1).
At any time, you can display the information of active and history (closed) Fat
pipes of an Ethernet port (refer to Displaying Fat Pipe Information).
Factory Defaults
By default, ETX-2i-10G half 19 does not have a Fat pipe detection profile.
The default release-hold-time of a newly created Fat pipe detection profile is 60
seconds.
Configuring a search key for Fat pipe search-key [dst-mac] [src-mac] [vlan] [p-bit] [inner- The search key used for Fat
differentiation vlan] [inner-p-bit] [dscp] [ip-precedence] [tos] pipe differentiation can include
[protocol] [src-ip-address] [dst-ip-address] [l4-src-port] up to five L2-L4 packet
[l4-dst-port] attributes.
Notes:
The order of the attributes
is significant.
The search does not
recognize L3-L4 fields of
IPv6 packets.
Example
The following example describes how to define a fat pipe detection profile named
e2000, with regular policer 2000M, and searching according to source MAC
address.
To configure regular policer 2000M:
config qos policer-profile "2000M" bandwidth cir 500000 cbs
32000 eir 500000 ebs 32000
To define Fat pipe detection profile named e2000:
con port fat-pipe-detection-profile e2000
policer profile 2000M release-hold-time 30
search-key src-mac
exit all
Applicable Products
This feature is applicable to all ETX-2i products.
Standards
IEEE 802.3
Benefits
Layer 2 Control Protocol can be passed or filtered to Ethernet virtual connections.
Functional Description
ETX-2i can be configured to pass through Layer-2 control frames (including other
vendors L2CP frames) across the network, to peer supported protocols, or to
discard the L2CP frames. You can perform protocol tunneling with MAC address
swap, and discard the Loopback packets (Ethertype 0x9000).
You can create profiles to define the handling of Layer-2 Control Protocol traffic.
You then assign the required profile to an Ethernet port or to a flow (see
Configuring Ethernet Port Parameters and Configuring Flows, respectively), and
display the Layer-2 control processing statistics for an Ethernet port (see
Displaying Layer-2 Control Processing Statistics).
Factory Defaults
ETX-2i provides a default L2CP profile named L2cpDefaultProfile, configured as
follows:
For MAC hex byte 0x00 through 0x2f, action = tunnel
Default action = tunnel
When a new L2CP profile is created, it has the same configuration as
L2cpDefaultProfile.
Specifying the L2CP action for MAC mac <mac-addr-last-byte-value-list><mac-addr> mac-addr can be either of the
addresses (discard, tunnel, or peer) {discard | tunnel | peer} following:
Long MAC address, i.e. full
valid MAC adress [xx-xx-xx-
xx-xx-xx]
For example:
01-80-c2-00-00-02
Possible values:
01-80-c2-00-00-xx, where
xx= 0H-10H, 20H-2FH;
01-cc-cc-cc-cc-cc
01-cc-cc-cc-cc-cd
Short MAC address, i.e. last
byte of the control protocol
MAC address
[0x00..0x10,0x20..0x2F]
For example: 0x02 is the
short MAC address of
01-80-c2-00-00-02.
Possible values: 0H-10H,
20H-2FH
discard L2CP frames are
discarded.
tunnel L2CP frames are
forwarded across the network
as ordinary data.
peer ETX-2i peers with the
user equipment to run the
protocol. L2CP frames are
forwarded to the ETX-2i CPU.
Unidentified L2CP frames are
forwarded across the network
as ordinary data.
Note: Peer action cannot be
used with the MAC addresses
01-cc-cc-cc-cc-cc and 01-cc-cc-
cc-cc-cd.
Typing no mac
<mac-addr-last-byte-value-list>
<mac-addr> removes the
action for the specified MAC
address.
Defining a Loopback protocol for protocol loopback discard Typing no protocol loopback
discarding removes the action for the
Loopback protocol.
Choosing a protocol for tunneling protocol { lacp | stp | vtp | cdp | lldp | pvstp| pagp | udld | Typing no protocol { lacp | stp |
and specifying MAC swap if desired dtp } tunnel mac-change [<mac-address>] vtp | cdp | lldp | pvstp| pvstp |
pagp | udld | dtp } removes the
action for the specified
protocol.
Examples
To add L2CP profile named layer2ctrl1 with discard action for hex byte 0x01 and
0x03 (short MAC format):
exit all
ETX-2i#configure port
l2cp-profile layer2ctrl1
ETX-2i>config>port>l2cp-profile (layer2ctrl1)#mac 0x01 discard
mac 0x03 discard
exit all
To add L2CP profile named layer2ctrl2 with tunnel action for long MAC addresses
01-80-c2-00-00-00 and 01-80-c2-00-00-01 (long MAC format):
exit all
ETX-2i#configure port
l2cp-profile layer2ctrl2
ETX-2i>config>port>l2cp-profile(layer2ctrl2)#
mac 01-80-c2-00-00-00 tunnel
mac 01-80-c2-00-00-01 tunnel
exit all
To add L2CP profile 1 that uses LACP protocol for tunneling with L2CP MAC swap:
ETX-2i#configure port l2cp-profile 1
ETX-2i>config>port>l2cp-profile(1)#
protocol lacp tunnel mac-change 01-23-45-67-89-DD
exit all
To display the layer2ctrl1 L2CP profile:
ETX-2i#configure port l2cp-profile layer2ctrl1
ETX-2i>config>port>l2cp-profile(layer2ctrl1)# info detail
mac 0x00 tunnel
mac 0x01 discard
mac 0x02 tunnel
mac 0x03 discard
mac 0x04 tunnel
mac 0x05 tunnel
mac 0x06 tunnel
mac 0x07 tunnel
mac 0x08 tunnel
mac 0x09 tunnel
mac 0x0a tunnel
mac 0x0b tunnel
mac 0x0c tunnel
mac 0x0d tunnel
mac 0x0e tunnel
mac 0x0f tunnel
ETX-2i>config>port>l2cp-profile(layer2ctrl1)# info
mac "01-80-c2-00-00-05" discard
mac "01-80-c2-00-00-22" discard
mac "01-00-0c-cc-cc-cd" discard
Note
The info detail command displays all actions (including the default action (in
above example, tunnel). The info command only displays non-default actions.
Applicable Products
This feature is applicable to all ETX-2i products.
Standards
IEEE 802.1AB-2009
IEEE 802.3az-2010
Benefits
Automated discovery of devices simplifies management and network
maintenance, and reduces general setup costs of new equipment.
Functional Description
LLDP is a neighbor discovery protocol that enables network devices to advertise
information to peer devices on the same physical LAN and store information
about the network. LLDP is supported for all Ethernet ports, including the
management port and Ethernet ports that are bound to LAG. LLDP information is
exchanged by means of LLDP packets.
Note LLDP runs on physical links and is configured on each individual physical port; it
neither runs nor is configured over the LAG logical layer.
TPMR (Two-port MAC Relay) indicates a bridge that has only two
externally-accessible bridge ports, and supports a subset of the regular functions
of a MAC bridge. A TPMR bridge is transparent to all frame-based
media-independent protocols except for packets with destinations that terminate
at the bridge, or packets with destinations that are reserved MAC addresses that
are not defined for forwarding by the relay function of the TPMR bridge.
LLDP Packets
LLDP packets are sent periodically between ETX-2i and neighboring devices, in
order to obtain neighbor information. The information from the LLDP packets is
stored for a period of time, determined by the time-to-live (TTL) value in the
received packet. When the TTL expires, the LLDP information is discarded.
LLDP packets contain the following information:
Port Description ifDescr per RFC 2863, which is port name Optional
Factory Defaults
By default, no LLDP parameters are configured for ports. The system LLDP
parameters have the default values shown in the following table.
hold-multiplier 4
Configuring LLDP
LLDP parameters are configured at the following levels:
Global LLDP parameters that apply to the entire device are configured at the
system level.
Port LLDP parameters are configured at the Ethernet port level, to specify
which TLVs to send for the port.
Note In order for LLDP to function properly for the port, an L2CP profile must be
associated with it that specifies peer action for MAC address 01-80-C2-00-00-00,
01-80-C2-00-00-03 or 01-80-C2-00-00-0E, depending on the LLDPDUs
destination addresses configured.
System Parameters
This section explains how to configure global parameters such as bridge type, as
well as enable or disable LLDP for the device.
To configure LLDP system parameters:
1. Navigate to configure system lldp.
The config>system>lldp# prompt is displayed.
2. Enter all necessary commands according to the tasks listed below.
Enabling or disabling LLDP for device shutdown Enter no shutdown to enable LLDP.
Port Parameters
This section explains how to configure which TLVs to transmit for the port for the
different LLDP bridge types (see Table 8-14 to Table 8-16 for details on TLVs).
Example
The following example illustrates how to configure LLDP in the system.
#*********************************Configuring_LLDP in
system*****************
conf system lldp
tx-interval 10
hold-time 2
bridge-type nearest-bridge
no shutdown
exit all
#***************************Configuring_L2CP_Profile***********
**************
configure port
l2cp-profile lldp
mac 0x0e peer
exit all
Basic-Management Info
Bridge-Type : NEAREST
Chassis-type : MAC_ADDRESS
Chassis-id : 00:01:00:00:00:03
Port-Type : Locally Assigned
Port-id : eth-0/1
802.1
Port-vlanId : 10
Port-protocol Vlan-id : --
Vlan Name : --
Protocol Identity : Link-aggregation, OAM, ELMI
VID Usage : --
Management VID : --
Link-Aggregation
Link Aggregation Status : Enabled
Lag-portId : 100
802.3
MAC/PHY configuration
Auto Negotiation Support Status : Supported
Auto Negotiation Current Status : Enabled
Auto-negotiation-advertised Capability : --
Operational MAU Type : --
POWER/MDI configuration
Port-class : --
MDI Support Status : --
MDI Current Status : Disabled
PSE Pair Control Ability : --
Power Class : --
Max Frame Size : 1500
Applicable Products
This feature is applicable to ETX2i and ETX-2i-B 2u with 10 SFP.
Standards
ETX-2i and ETX-2i-B 2u with 10 SFP support MLD Snooping version 2.
Benefits
Enables reduction in traffic by reducing the number of unneeded packets on the
network.
Factory Defaults
By default, MLD Snooping is disabled.
Functional Description
ETX-2i supports MLD Snooping for both VLAN-unaware and VLAN-aware bridges.
MLDv2 snooping can be enabled and disabled per bridge. In VLAN-aware bridges
it can also be enabled and disabled per VLAN. If snooping is disabled at the bridge
level, the per-VLAN configuration is ignored. This allows MLDv2 snooping to be
disabled on the entire bridge, without changing the per-VLAN configuration (e.g.
for troubleshooting).
When MLDv2 snooping is enabled, the bridge keeps two lists, per port (in VLAN-
unaware bridges) or per port and VLAN (in VLAN-aware bridges).
Router port list Ports from which MLDv2 router traffic is received
Member port list Pairs of port and multicast group address, to which
multicast traffic is to be forwarded
Note Snooping is only enabled on a VLAN if it is enabled at both bridge and VLAN
levels. A command at either level does not change configuration of other levels.
Note Data for unsupported addresses is forwarded to all ports, including ones behind
which there is no host interested in the address. To avoid this, use addresses out
of the unsupported ranges.
Note Data for the duplicate address will be forwarded to the ports used by the one
already in the forwarding database. Duplicate addresses should either be
changed or configured statically.
Note
ETX-2i does not analyze group-specific and group-and-source-specific queries.
These queries are sent to group addresses, (unlike general queries, which are
sent to a fixed address). Information that could be learned from these queries
will eventually be learned from the periodic general queries, but it will take more
time for MLDv2 Snooping to adjust to that information.
Port Aging
Router port is the ETX-2i port facing the multicast router. Router port is learned
from receiving general queries and can age out. ETX-2x sets the router port aging
timer when a port is added to the router port list.
The timer is rearmed when receiving an MLDv2 general query or an IPv6 PIM
hello message with source address different from 0::0.
If the timer expires, the port is removed from the router port list.
The router port list is maintained per bridge port in VLAN-unaware bridges, or
per VLAN and bridge port in VLAN-aware bridges.
A member port is the ETX-2i port facing a multicast client. Member port is learned
from report messages and is subjected to agin. The ETX-2i sets the member port
aging timer when a port joins an IPv6 multicast group.
The timer is rearmed when receiving an MLDv2 report message.
If the timer expires, the port is removed from the multicast group forwarding
table.
The member port list is maintained per bridge port and multicast group in
VLAN-unaware bridges, or per VLAN, bridge port and multicast group in VLAN-
aware bridges.
ETX-2i must listen to MLDv2 general queries, sent to the link-scope all-nodes
multicast address (FF02::1), on all ports and all VLANs. General queries are sent
periodically by MLDv2 queries, to find the ports on which group members reside.
If a general query is received the bridge must:
Forward the query to all ports (VLAN-unaware bridges) of all ports in the
VLAN (VLAN-aware bridges) except the receiving port.
If the receiving port is not on the router-port list, add it to the list and set
the aging timer.
If the receiving port is on the router-port list, rearm its aging timer.
ETX-2i must listen to MLDv2 reports, sent to FF02::16, to which all MLDv2
multicast routers listen, on all ports and all VLANs. Reports are sent by listeners
as responses to router queriers or when asking to join or leave a multicast group.
If MLDv2 report is received the bridge must:
Peruse the report and update the member port list accordingly; that is, if a
host asks to join a group, add the receiving port to the member port list of
the group. Conversely, if a host is leaving a group the receiving port is not
immediately removed from the member list, since there may be other hosts
interested in the group on the port. Ports are only removed from the member
port list if the aging timer expires.
Forward it to all router ports (in VLAN-unaware bridges) or all router ports in
the VLAN (in VLAN-aware bridges).
If the receiving port is not on the member port list, add it to the list and set
the aging timer.
If the receiving port is on the member port list, rearm the aging timer.
ETX-2i must receive all multicast traffic from all ports and VLANs. If multicast
packet that is not MLDv2 protocol traffic is received, the device must:
Note A static router port is always on the router port list; it is not subjected to timer
aging.
A static member port is always on the member port list; it is not subjected to
timer aging.
Source-Specific Multicast
Source-Specific Multicast, or SSM, is a multicast service allowing hosts to
subscribe to specific multicast sources, and thus further reducing multicast traffic
in the network.
In addition to subscribing to a multicast group, hosts may ask to receive traffic
from a specific host. ETX-2i, however, does not maintain a per-source database.
This means that multicast traffic sent to a specific group will be forwarded to all
members of that group, regardless of whether or not they are interested in the
traffic source.
Display MLD snooping status show status See Displaying MLD Snooping
Status.
Router Ports:
VLAN Type Ports
------------------
r-v r-type r-ports
Host Ports:
VLAN IP Address Type Ports
----------------------------------------------------------
h-v h-ip h-type h-ports
Note
Port member tables are sorted by VLAN, then (the host port list) IP address, and
then type (static first).
Router Ports:
VLAN Type Ports
------------------
1 static 1-5, 7
2000 learned 2, 7-10
Host Ports:
VLAN Group IP Address Type Ports
----------------------------------------------------------
100 ff00:1111:2222:3333:4444:5555:6666:7777 static 1-5, 7
2000 ff11:1111:1111:1111:1111:1111:1111:1111 learned 2, 7-10
Parameter Description
admin-state MLD snooping admin state at bridge level; possible values: enabled,
disabled.
snooping-vlans VLANs for which MLD snooping is enabled
host-aging Aging time of host ports (in seconds)
router-aging Aging time of router ports (in seconds)
r-v VLAN the router ports of this entry are on; possible values: 1-4094.
r-type Type of this entry; possible values: static, learned
r-ports List of router ports
h-v VLAN the host ports of this entry are on; possible values: 1-4094.
h-ip Multicast IPv6 address this entry is on
h-type Type of this entry; possible values: static, learned
h-ports List of host ports
parameters define the way a payload is transported via the E1/T1 ports through
the PSN network. You can configure up to 64 PW bundles.
Note If you have performed shutdown and then no shutdown of a PW cross connect or
smart SFP port, you must perform shutdown and then no shutdown of the PW.
Applicable Products
This feature is applicable to devices that support smart SFP MiTOP functionality.
Standards
IETF RFC 5086 (CESoPSN)
IETF RFC 4553 (SAToP)
ITU-T Y.1413 (CESoPSN, SAToP)
ITU-T Y.1453 (CESoPSN, SAToP)
Functional Description
The device supports the CESoPSN and SAToP network encapsulation methods,
transmitting E1/T1 traffic over Ethernet (MEF 8) or UDP/IP packet-switched
networks. TDM PW is supported over G.8032 rings, for MEF 8 and UDP/IP.
Control Word Data control as defined in the relevant IETF RFCs and drafts
Note The source MAC address is the egress port MAC address for MEF 8 (Ethernet)
PWs, or the MAC address of the egress router interface for UDP/IP PWs.
CESoPSN CES (Circuit Emulation Services) over PSN, for framed E1/T1
traffic with or without CAS
CESoPSN
The CESoPSN method is a structure-aware format for framed E1/T1 services. It
converts structured E1/T1 data flows into IP packets and vice versa with static
assignment of timeslots inside a bundle according to IETF RFC 5086 and
ITU-T Y.1413. The CESoPSN packet size is a multiple of TDM frame size.
Figure 8-17 illustrates CESoPSN encapsulation without CAS.
TDM Payload
L2/L3 Control
4 25 4 25 4 25 CRC Ethernet Packet
Header Word
4 25 4 25 4 25
SAToP
The SAToP encapsulation method is used to convert unframed E1/T1 data flows
into Ethernet or IP packets and vice versa according to ITU-T Y.1413 and
IETF RFC 4553. It provides flexible packet size configuration and low end-to-end
delay.
FRG bits = 00
(no fragmentation)
TDM
Bitstream
N TDM Bytes
Jitter Buffer
The packets of each pseudowire are transmitted by ETX-2i at essentially fixed
intervals toward the PSN. The packets are transported by the PSN and arrive to
the far end after some delay. Ideally, the PSN transport delay should be constant,
meaning the packets arrive at regular intervals (equivalent to the intervals at
which they were transmitted). However, in reality, packets arrive at irregular
intervals, because of variations in the network transmission delay. The term
Packet Delay Variation (PDV) is used to designate the maximum expected
deviation from the nominal arrival time of the packets at the far end device.
Note
The deviations from the nominal transmission delay experienced by packets are
referred to as jitter, and the PDV is equal to the expected peak value of the jitter.
However, nothing prevents the actual delay from exceeding the selected PDV
value.
To compensate for deviations from the expected packet arrival time, ETX-2i uses
jitter buffers that temporarily store the packets arriving from the PSN (that is,
from the far end equipment) before being transmitted to the local TDM
equipment, to ensure that the TDM traffic is sent to the TDM side at a constant
rate.
For each pseudowire, the jitter buffer must be configured to compensate for the
jitter level expected to be introduced by the PSN; that is, the jitter buffer size
determines the Packet Delay Variation Tolerance (PDVT).
Two conflicting requirements apply:
As packets arriving from the PSN are first stored in the jitter buffer before
being transmitted to the TDM side, TDM traffic suffers an additional delay.
The added delay time is equal to the jitter buffer size configured by the user.
The jitter buffer is filled by the incoming packets and emptied to fill the TDM
stream. If the PSN jitter exceeds the configured jitter buffer size,
underflow/overflow conditions occur, resulting in errors at the TDM side:
A jitter buffer overrun occurs when it receives a burst of packets that
exceeds the configured jitter buffer size + packetization delay. When an
overrun is detected, ETX-2i clears the jitter buffer, causing an underrun.
A jitter buffer underrun occurs when no packets are received for more
than the configured jitter buffer size, or immediately after an overrun.
When the first packet is received, or immediately after an underrun, the buffer is
automatically filled with a conditioning pattern up to the PDVT level in order to
compensate for the underrun. Then, ETX-2i starts processing the packets and
emptying the jitter buffer toward the TDM side.
To minimize the possibility of buffer overflow/underflow events, two conditions
must be fulfilled:
The buffer must have sufficient capacity. For this purpose, the buffer size can
be selected by the user in accordance with the expected jitter characteristics,
separately for each pseudowire, in the range of 1 to 180 ms.
TDM clocks at both ends should be synchronized so that the read-out rate
shall be equal to the average rate at which frames are received from the
network. One way to achieve this is by adaptive clock recovery, which
continuously adapts the recovered clock to the packet rate. Other ways may
be by distributing the same clock to ETXs by SyncE, 1588, or External clock
input.
Factory Defaults
No PWs are included in the ETX-2i factory defaults. You must define the
necessary PWs in accordance with your application requirements.
When you create a PW, it is configured by default, as shown below.
ETX2i>config>pwe>pw(1)# inf d
shutdown
name "Put your string here"
description "Put your string here"
no peer
label in 0 out 0
no oam
vlan priority 0
ip-priority-type tos
tos 184
tdm-payload size 0 rate 0
jitter-buffer 2000
psn-oos stop-tx
udp-mux-method dst-port
pm-enable
5. Select the PW connection type: CESoPSN for framed E1/T1 packets, SAToP for
unframed E1/T1 packets.
6. Select the PSN type: UDP over IP or Ethernet.
To add a PW:
At the config>pwe# prompt, enter:
pw <pw> [type {ces-psn-data|e1satop|t1satop }] [psn {ethernet | udp-over-ip
}] [manually].
Parameter Description
Note
When the PW encapsulation type is SAToP and the PSN type is Ethernet, alarms
are forwarded toward E1 ports only if the E1 port trail mode is configured to
extended (see Configuring E1 Ports).
To configure a PW bundle:
1. Add a PW bundle as explained in Adding Pseudowire Bundle above.
2. At the config>pwe>pw(<pw-number>)# prompt, enter all necessary
commands according to the tasks listed below.
Clearing PW statistics clear statistics The current and running counters are cleared;
the interval counters are not cleared.
Configuring the value of dscp <number> number the value of the IP DSCP field in egress
the IP header DSCP field packets.
Possible values: 0-63
Note: Relevant only when IP priority type is
DSCP, and PSN type is UDP over IP.
Providing pseudowire description <pw-descr> For identification of the PW customer
description no description
Defining the egress port egress-port svi Relevant only if the PSN type is ethernet
for PW with Ethernet <port-number> Note: If you need to change the egress SVI port
encapsulation for an active PW configured over a built-in E1/T1
port, you need to do the following:
Administratively disable the PW.
Change the egress SVI.
Delete the relevant cross connect entry.
Administratively re-enable the PW.
Configure the cross connect.
Selecting the IP priority ip-priority-type {tos | dscp} Note: Relevant only when PSN type is UDP over
field used to configure the IP.
IP priority of the IP/UDP If you select IP priority type ToS, configure the
packet: ToS or DSCP tos value (see command in this table).
Otherwise, if you select IP priority type DCSP,
configure the dscp value (see command in this
table).
Selecting source and label [in <in-pw-label>] in-pw-label the PW label used in the inbound
destination circuit bundle [out <out-pw-label>] direction
identifiers (CBID), also out-pw-label the PW label used in the
referred to as PW labels outbound direction
Possible values for labels: 18191
Each PW bundle must have a unique in (source)
label.
It is not recommended to reuse the same out
(destination) value on PW bundles terminating at
the same peer.
Enabling OAM for the PW, oam [rising-threshold The delay threshold is set as follows:
and specifying rate in ms <rising>] [falling-threshold rising-threshold 1180 ms
<falling>]
falling-threshold 1180 ms
no oam
The falling threshold must be less than or equal
to the rising threshold.
Defining the peer for the peer <peer-number> peer-number the number of the remote peer
PW no peer which terminated this PW
The peer type must be according to the PSN
type:
IP address for UDP/IP
MAC address for Ethernet
Selecting the response to psn-oos {l-bit | stop-tx} Out-of-service conditions are responded to by
out-of-service conditions transmitting PW frames filled with all ones, or by
detected at the local E1/T1 stopping transmission.
physical port
Specifying TDM payload tdm-payload size <size> Note: TDM payload size can be configured for
size in bytes and rate rate <rate> CESoPSN only if the associated E1 port is not in
(number of time slots for CAS mode.
each frame in the packet) if Size according to PW type:
applicable e1satop N32; range 321440
t1satop N24; range 241440
ces-psn-data N number of time slots in a
bundle; range 41440
Rate: 131 for E1; 124 for T1
Note: Rate is relevant only for PW type
ces-psn-data.
It is recommended to specify the parameter
values such that the ratio size/rate is between 2
and 256.
A larger size increases the bandwidth utilization
efficiency, but also increases the connection
intrinsic latency, in particular when the PW
bundle is configured to carry a small number of
timeslots.
Specifying the Layer-3 tos <tos> tos the value of the IP TOS byte in egress
priority assigned to the packets
traffic generated by the PW Possible values: 0255
In accordance with RFC 2474, it is recommended
to use only values that are multiples of 4.
Note: Relevant only when IP priority type is TOS,
and PSN type is UDP over IP.
Specifying the UDP port udp-mux-method dst-port dst-port Standard multiplexing method:
multiplexing method UDP destination port = 0xC000 + <out-PW-label>
UDP source port is 0xC000 + <in-PW-label>
Note: Relevant only for PSN type UDP over IP
Enabling the VLAN tag on vlan priority <vlan-priority> vlan-priority the VLAN priority on every
every transmitting packet no vlan transmitted packet for this PW
for the PW and specifying Possible values: 0-7
the VLAN priority.
Entering no vlan disables the VLAN tag on the
transmitting packets for the PW.
Displaying PW statistics show statistics { current | current displays PW statistic counters for
interval <interval-num> | all- the current interval
intervals | all } interval displays PW statistics for the
selected interval
Possible values: 196
all-intervals displays PW statistics for all
intervals since the PW statistics collection has
been enabled
all displays PW statistics for current
interval and all intervals
Note: The statistics are visible only when
performance management is enabled for the
corresponding E1/T1 port.
See Viewing PW Statistics.
Displaying PW connectivity show connectivity-statistics Note: The statistics are visible only when
statistics performance management is enabled for the
corresponding E1/T1 port.
See Viewing PW Connectivity Statistics.
To delete a PW:
1. At the config>pwe>pw(<pw-number>)# prompt, enter:
shutdown
The PW is administratively disabled.
2. At the config>pwe# prompt, enter:
no pw <pw-number>.
The PW is removed.
To display PW information:
At the prompt config>pwe#, enter show summary.
For example,
ETX-2i>config>pwe# show summary
Viewing PW Statistics
ETX-2i PWs feature the collection of statistical diagnostics, thereby allowing the
carrier to monitor the transmission performance of the links.
The pseudowire transmission statistics enable analysis of pseudowire traffic
volume, and evaluation of the end-to-end transmission quality (as indicated by
sequence errors) and jitter buffer performance. By resetting the status data at
the desired instant, it is possible to ensure that only current, valid data is taken
into consideration.
Current
---------------------------------------------------------------
Time Elapsed (Sec) : 0
Valid Intervals : 0
Rx Packets : 354994
Tx Packets : 354995
Missing Packets : 0
Mis-order Dropped Packets : 0
Reordered Packets : 0
Malformed Packets : 0
Jitter Buffer Underrun : 0
The fields are:
Parameter Description
Missing Packets Number of missing packets as detected via CW sequence number gaps. This
count does not include misordered dropped packets.
Misordered Dropped Number of packets detected via CW sequence number to be out of sequence,
Packets and could not be re-ordered, or could not fit in the jitter buffer. This count
includes duplicated packets.
Parameter Description
Reordered Packets Number of packets detected via CW sequence number to be out of sequence,
but successfully reordered
Malformed Packets Number of packets with mismatch between the expected packet and the actual
packet sizes
Jitter Buffer Underrun Number of times jitter buffer was in underrun state
Parameter Description
Jitter Buffer Level Minimum displays the minimum level of the jitter buffer since the last reset (in
msec)
Average/Current for current and previous intervals, displays the average level
of the jitter buffer; for running interval, displays the current level of the jitter
buffer (in msec)
Maximum Units displays the maximum level of the jitter buffer since the last
reset (in msec)
Round Trip delay Minimum displays the minimum round trip delay since the last reset (in msec)
Average/Current for current and previous intervals, displays the average round
trip delay; for running interval, displays the current round trip delay (in msec)
Parameter Description
Maximum Units displays the maximum round trip delay since the last reset (in
msec)
Examples
To create and activate a CES PW with UDP encapsulation:
exit all
config flow
classifier-profile mng_untagged match-any
match untagged
exit
flow 1
classifier "mng_untagged"
ingress-port ethernet 1
egress-port svi 1 queue 0
no shutdown
exit
flow 2
classifier mng_untagged
ingress-port svi 1
egress-port ethernet 1 queue 0 block 0/1
no shutdown
exit all
config flow
classifier-profile mng_untagged match-any
match untagged
exit
flow 1
classifier mng_untagged
ingress-port ethernet 1
egress-port svi 1 queue 0
no shutdown
exit
flow 2
classifier mng_untagged
ingress-port svi 1
egress-port ethernet 1 queue 0 block 0/1
no shutdown
exit all
Note The E1 port must be configured for framed traffic with signaling.
configure
peer 1 ip 10.10.20.100
port
svi 1
no shutdown
exit
e1 1
tx-clock-source pw 1
line-type g732s
pm-enable
no shutdown
exit
exit
flows
classifier-profile "all" match-any
match all
exit
classifier-profile "unt" match-any
match untagged
exit
flow "in"
classifier "unt"
no policer
ingress-port ethernet 1
egress-port svi 1 queue 1
no shutdown
exit
flow "out"
classifier "all"
no policer
ingress-port svi 1
egress-port ethernet 1 queue 1 block 0/1
no shutdown
exit
exit
router 1
interface 1
address 10.10.20.200/24
bind svi 1
no management-access
dhcp-client
client-id mac
exit
no shutdown
exit
exit
pwe
pw 1 type ces-psn-cas psn udp-over-ip
peer 1
label in 20 out 20
no vlan
jitter-buffer 10000
psn-oos 1-bit
pm-enable
cas-frames-per-packet 16
no shutdown
exit
exit
cross-connect
pw-tdm pw 1 e1 1 time-slots 1..2
exit
exit
Applicable Products
This feature is applicable to devices that support smart SFP MiTOP functionality.
Functional Description
PW cross-connects are used to connect E1/T1 ports to pseudowire bundles.
Factory Defaults
No PW cross-connects are included in the ETX-2i factory defaults.
Examples
In these examples, PW 1 must be active; see Examples in Pseudowire Connections
for instructions on configuring and enabling PWs.
To assign E1 port timeslots 131:
exit all
config cross-connect
pw-tdm pw 1 e1 1 time-slots 1..31
exit all
8.11 Router
The router provides an IP forwarding plane for IPv4 and IPv6 packets, and also
interconnects internal Layer-3 support modules, such as management and
1588v2 (recovered clock). Any flow related to IP forwarding, management traffic,
or timing must be via an SVI or PPP that is bound to a router interface. The ETX-2i
dynamic router option provides up to 8 Gbps Layer-3 forwarding, with multiple
Virtual Routing and Forwarding instances (VRFs).
Standards
RFC 1812 Requirements for IP Version 4 Routers
RFC 2460 Internet Protocol, Version 6 (IPv6) Specification
RFC 2464 Transmission of IPv6 Packets over Ethernet Networks
RFC 4291 IP Version 6 Addressing Architecture
RFC 4294 IPv6 Node Requirements
RFC 4443 Internet Control Message Protocol (ICMPv6) for the Internet Protocol
Version 6 (IPv6) Specification
RFC 4862 IPv6 Stateless Address Autoconfiguration
RFC 5880 Bidirectional Forwarding Detection general protocol
RFC 5881 Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single
Hop) protocol
RFC 5882 Generic Application of Bidirectional Forwarding Detection (BFD)
RFC 2663 IP Network Translator (NAT) Terminology and considerations
RFC 2766 Traditional IP Address Translator
RFC 3489 Simple Traversal of User Datagram Protocol through Network Address
Translator (STUN)
RFC 7857 Traditional IP Address Translator
Benefits
The router provides IP Routing and Forwarding for IPv4 and IPv6 packets.
Functional Description
Overview
Any flow into/out of the device, which is related to management/timing, must be
via an SVI that is bound to a router interface. A router interface can be
associated via binding to only one SVI. If a flow is used for management
purposes, the router interface corresponding to the SVI should be enabled for
management access.
The router maintains a table of IPv6 neighbors, via discovery of neighboring IPv6
nodes. It is recommended to manage ETX-2i via a router interface defined as a
loopback interface, as this router interface remains active. To ensure that packets
generated by the router are transmitted with the loopback IP address, you need
to define the management source IP address for IPv4 and IPv6 (see Configuring
the Management Source IP Address).
The MAC addresses used by router interfaces are as follows:
Router interface that resides directly on a port uses that ports MAC address
Router interface that resides on a bridge port uses the Ethernet management
port MAC address
Router interface connected to an ETP subscriber port uses the Ethernet
management port MAC address.
The management and control packets transmitted by the router have a
configurable IP DSCP value, so that each router entity can control its traffic
priority by setting its DSCP value for its protocols (see Configuring the Router on
how to configure the DSCP).
Embedded Router
The following ETX-2i features are not supported with the embedded router
option:
Timing ports (do not appear on the front panel)
Bridge functionality
Smart SFP MiTOP functionality
Protocols
The embedded router uses the BFD protocol to trigger reroute for static routes
when faults are detected in the route to BFD neighbors with local addresses
(single hop). The router maintains a table of BFD neighbors for this purpose. ACLs
can be bound to ingress router interfaces of the embedded router; they cannot
be bound to router interfaces of the regular router.
In addition, the embedded router supports the following:
Border Gateway Protocol (BGP) See the Routing Protocol BGP section.
Open Shortest Path First (OSPF) See the Routing Protocol OSPF section.
Virtual Router Redundancy Protocol (VRRP) See the Virtual Router
Redundancy Protocol - VRRP section.
Routing Preferences
When there are conflicts between routes received from different sources, such as
static routes, OSPF routes, and BGP routes, the routers Routing Table Manager
(RTM) chooses among the sources according to configurable source preference
indices.
Capacity
The following table shows the limits applicable to the router.
Parameter Capacity
Routing table per VRF Two (one for IPv4, one for IPv6)
Total IPv6 routing table entries 3.5K for ETX2i; 2K for ETX-2i-B
ARP table per VRF Two (one for IPv4, one for IPv6)
Maximum ACLs per router interface Two (one for IPv4 inbound, one for
IPv6 inbound)
Maximum ACL rules per device 128 for ETX2i; 64 for ETX-2i-B
Parameter Capacity
Untagged None, push single VLAN, push VLAN DSCP to queue or fixed DSCP to p-bit or fixed
and inner VLAN
DSCP None, push single VLAN, push VLAN DSCP to queue or fixed DSCP to p-bit or fixed
and inner VLAN
DHCP Relay
DCHP relay uses a DHCP relay agent (either an Internet host or router) to pass
DHCP messages between DHCP clients and DHCP servers. One DHCP relay agent is
supported per device, and one DHCP server is supported to serve the DHCP relay
agent.
Note DHCP is designed to use the relay agent behavior specified in the BOOTP protocol
specification.
NAT Terminology
The following NAT terminology is used:
Inside network the private network side of the NAT function
Outside network the public network side of the NAT function
Inside local address the IP address assigned to a host on the inside
network. This is the address configured as a parameter of the computer OS
or received via dynamic address allocation protocols, such as DHCP. The
address is not likely a legitimate IP address assigned by the Network
Information Center (NIC) or service provider.
Inside global address a legitimate IP address assigned by the NIC or service
provider; represents one or more inside local IP addresses to the outside
world.
Outside local address the IP address of an outside host as it appears to the
inside network. Not necessarily a legitimate address, it is allocated from an
address space routable on the inside.
Outside global address the IP address assigned to a host on the outside
network by the host owner. The address is allocated from a globally routable
address or network space.
DA SA DA SA
Outside Global Inside Global Outside Local Inside Local
Outside Inside
NAT Host
Host
SA DA SA DA
Outside Global Inside Global Outside Local Inside Local
Translate
ALG
Some applications use IP addresses and port numbers inside their data payloads.
To extend the capabilities of NAT and enable it to operate with such applications,
ALGs can modify such information within data payloads. As different applications
employ different protocols or data formats, ALGs must be customized for each
application.
ETX-2i NAT supports the following ALGs:
ICMP
FTP for both active and passive FTP
SIP
ALG is always on and requires no configuration.
NAT Instances
ETX2i supports a single instance of NAT, which may be configured over each one
of the ETX2i VRFs.
Scale
20000 entries in the mapping table
Up to 32 NAT rules of static NAT, NAPT and Outside to Inside (Static IP:Port)
Factory Defaults
By default, no router interfaces exist. The other router parameters are configured
as shown in the following table.
By default, the source management IP address for IPv4/IPv6 is not configured.
name "Router#1
dhcp-client host-name sys-name In the DHCP client, the device name is used
as the host name.
dhcp-client vendor-class-id ent-physical-name In the DHCP client, the entity physical name
is used as the vendor class ID.
Deleting dynamic ARP entities clear-arp-table [<address>] Specify the IP address to clear only
the entries corresponding to it.
Setting the priority of static static-preference {ipv4 | ipv6} <priority> Possible values for number: 0255
routes for IPv4 and IPv6 RTM Default: 1
Enabling the static route and static-route The next hop must be a subnet of
the next gateway (next hop) <ip-address/ip-mask-of-static-route> address one of the router interfaces.
using the next hops IP address <ip-address-of-next-hop> [metric <metric>][ To set the default-gateway,
install | no-install ] configure the static route of address
no static-route <ip-address/prefix-length> 0.0.0.0/0 to next hop default
address address gateway address.
no static-route deletes static route
entry.
metric specifies the priority of the
static route
Possible values: 0255
Default: 1
install option forwards a specific
route entry into the FIB.
no-install option does not forward a
specific route entry into the FIB.
Enabling the static route and static-route no static-route deletes static route
the router interface number <ip-address/ip-mask-of-static-route> entry.
toward which the destination interface <router-interface-num> [metric metric specifies the priority of the
subnet is to be routed <metric>][ install | no-install ] static route: 1255 (default: 1).
no static-route <ip-address/prefix-length> install option forwards a specific
interface <router-interface-num> route entry into the FIB.
no-install option does not forward a
specific route entry into the FIB.
Displaying the summary of show access-list summary Refer to the Access Control List
ACLs bound to router interface (ACL) section for further information.
Displaying the interface table show summary-interface See Viewing Router Interface
Information.
Displaying IPv6 neighbors table show neighbor-table [address <ip-address>] See Viewing IPv6 Neighbors.
Displaying the routing table show routing-table [ address ip-address/ip-mask View routing
<ip-address/ip-mask> ] information for a specific IP address
[ protocol { dynamic | static } ] of a specified prefix length.
protocol { dynamic | static } View
information on only dynamic or
static routes.
See Viewing Routing Information.
Displaying the IPv4 or IPv6 RIB show rib { ipv4 | ipv6 } See Viewing RIB.
(Routing Information Base)
table
Providing host name to DHCP host-name name <string> You can specify a name, or specify
server host-name sys-name sys-name to indicate that the
system name should be used as
no host-name
the host name.
Providing vendor ID to DHCP vendor-class-id name <string> You can specify an ID, or specify
server vendor-class-id ent-physical-name ent-physical-name to indicate that
the device name should be used as
the vendor ID.
Configuring DHCP relay servers dhcp-relay-server <ip-address> You can add only one DHCP relay
no dhcp-relay-server <ip-address> server per device.
ip-address legal IPv4 server
address
no dhcp-relay-server <ip-address>
deletes the DHCP relay server.
You can delete the relay server
only when all router interfaces
associated with the router are
configured to DHCP Relay disable.
Binding ACL to router interface access-group Refer to the Access Control List
(ACL) section for further
information.
Specifying parameters for BFD bfd min-tx {100ms | 1s | 10s} min-tx minimum time interval
sessions min-rx {100ms | 1s | 10s} for periodic transmission of BFD
multiplier <multiplier-val> control packets
min-rx minimum interval for
periodic reception of BFD
control packets
multiplier detection time
multiplier: BFD session
detection time is calculated by
multiplying the negotiated
transmit interval by this value.
Possible values: 260
Binding router interface to SVI bind svi <port-number> You can bind one SVI to a
logical port router interface.
Enter no bind to unbind the
router interface.
Note: This command is available
only if the interface is not
loopback.
Binding router interface to PPP bind ppp <port-number> Only one router interface can
port for PPPoE be bound to a PPP port.
Enter no bind to unbind the
router interface.
Enabling/disabling DHCP client dhcp You cannot enable DHCP (for IPv4)
no dhcp in the following cases:
Router interface is bound to a
PPP port.
IPv4 address is configured.
Router interface is not
unnumbered.
DHCPv6 is enabled.
DHCP relay is enabled.
Providing client ID to DHCP server client-id id <string> You can specify an ID, or specify
client-id mac mac to indicate that the device
MAC address should be used as the
client ID.
Enabling or disabling DHCP relay dhcp-relay You can enable DHCP relay if DHCP
for the router interface no dhcp-relay client is disabled and a DHCP relay
server is defined in the Router
level.
Displaying the summary of ACLs show access-list summary Refer to the Access Control List
bound to router interface (ACL) section for further
information.
Displaying router interface status show status See Viewing Router Interface
Status.
To configure NAT:
1. At the config>router(<number>)# prompt, enter:
nat
Configuring or modifying NAT nat-timeout [ tcp < tcp- tcp - expiration timeout of TCP
translation table entry timeout timeout>] [ udp <udp-timeout> ] entries in NAT translation table
[ other <other-timeout> ] udp - expiration timeout of UDP
entries in NAT translation table
other - expiration timeout of other
protocol entries in NAT translation
table
Possible values: 60-432000
Default: 60
Displaying NAT translation table show nat-translations See Viewing NAT Translation Table
Displaying NAT statistics counters show nat-statistics See Viewing NAT Statistics,
Note According to the format of the IP address (IPv4 or IPv6), it is saved as the IPv4 or
IPv6 management source IP address.
Deleting a Router
You can delete a router if there are no router interfaces or OSPF entities
associated with it.
To delete a router:
At the config# prompt, enter:
no router <number>
Router Interface: 3
Name: RI003
Admin:Up Oper: Up Bound to: svi 31
Field Description
Field Description
IP Addresses
Field Description
IPv6 address
MAC address
State The Neighbor Unreachability Detection state for the interface when
the address mapping in this entry is used:
reachable confirmed reachability
stale unconfirmed reachability
delay waiting for reachability confirmation before entering
probe state
probe actively probing
invalid invalidated mapping
unknown state cannot be determined for some reason
incomplete address resolution is being performed
Field Description
Field Description
Viewing RIB
You can view the RIB (Routing Information Base) by using the command show rib.
This command is available in the CLI contexts for IPv4 or IPv6, at the router level:
config>router(<number>)#.
Field Description
Status Marks with a * an Active Route, i.e. route entry is forwarded to the
(Active FIB (Forwarding Information Base)
Route)
RI Local interface through which the next hop of this route should be
reached
Field Description
IP Addresses
Field Description
Lease Obtained Date and time when the DHCP lease was obtained
Lease Expires Date and time when the DHCP lease will expire, if not renewed
Lease Renewal Date and time when the device will try to renew the DHCP lease.
renewal time = (expired - obtained) * 0.5
If the lease last chance for renewal time passes, -- is displayed.
Otherwise, the next renewal time is displayed, as follows:
Date and time, formatted like other date and time values in the
device (by default as dd mm-yyyy hh:mm:ss)
If real time clock is not available, time in seconds since startup.
Lease Rebinding Date and time when the device will try to rebind the DHCP lease
Field Description
ETX-2IB-x86>config>router(1)>nat#
The above fields are:
Field Description
Entries Expired Number of entries expired and deleted in the translation table
Failed Mapping Number of entries that failed to be created in the translation table
due to table full or lack of UDP/TCP ports for allocation
Configuration Errors
The following table lists the messages generated by the device when a
configuration error is detected.
Cannot delete; interface You tried to delete a router Disassociate router interfaces from
associated with the router entity that has router router.
interfaces associated with it.
Cannot delete; OSPF entity You tried to delete a router Disassociate the OSPF entity from the
associated with the router entity that has an OSPF entity router.
associated with it.
Cannot add; DHCP relay server You tried adding a dhcp-relay- Remove the already existing dhcp-
already exists server to a device that already relay-server.
has one, but only one dhcp-
relay-server is allowed per
device.
Cannot delete; DHCP relay is You tried deleting a DHCP relay Disable DHCP Relay in all router
enabled in router interface server in a router entity that is interfaces associated with the router
associated with one or more entity.
router interfaces configured to
DHCP Relay disable.
Cannot add; IP address not legal You tried adding a DHCP relay
server with an illegal IP
address (0.0.0.0 , non-unicast,
not IPv4).
Cannot delete; OSPF Interface You tried deleting a router Disassociate the OSPF interface from
associated with the router interface associated with an the router interface.
interface OSPF interface.
Cannot set address; DHCP You tried adding an IPv4 Disable DHCP.
enabled address when DHCP is
enabled.
Cannot set address; too many You tried adding an IP address, Delete one of the associated addresses
addresses already configured but the amount of IP before associating a new IP address.
addresses already reached its
limit.
Cannot set address; Router You tried adding an IP address Unbind the router interface from the
Interface bound to PPP port when the router interface is PPP port.
bound to a PPP port.
Cannot modify; activated router You tried modifying or Shut down the router interface and try
interface removing a bound port while again.
the router interface was
activated (no shutdown).
You tried adding, modifying, or
removing a VLAN while the
router interface was activated
(no shutdown).
Cannot enable; DHCPv6 is You tried enabling DHCP even Disable DHCPv6.
enabled though DHCPv6 is enabled.
Cannot set; Router Interface You tried enabling DHCP while Unbind the router interface from the
bound to PPP port the router interface is bound PPP port.
to a PPP port.
OR
You tried enabling DHCPv6
client while router interface is
bound to PPP port.
Cannot enable; DHCP relay is You tried enabling DHCP client Disable DHCP relay.
enabled while DHCP relay is enabled.
Cannot enable; DHCP client is You tried enabling DHCP relay Disable DHCP client.
enabled while DHCP client is enabled.
Cannot set; DHCP relay server You tried enabling DHCP relay, Define DHCP relay server at Router
definition not exist but DHCP relay server is not level.
defined at Router level.
Cannot set; DHCPv6 client is You tried enabling DHCPv6 Remove existing DHCPv6 client.
already defined client when there is already
one defined in the device.
Cannot enable; DHCP (v4) is You tried enabling DHCPv6 Disable DHCPv4.
enabled while DHCPv4 is enabled.
Cannot set; Router Interface is You tried enabling DHCPv6 Associate DHCPv6 client with a router
loopback interface client while router interface is interface that is not defined as a
defined as loopback interface. loopback interface.
Cannot set; VRRP is enabled on You tried enabling DHCPv6 Disable VRRP on the router interface.
Router Interface client while VRRP is enabled on
the router interface.
VRRP and DHCP not allowed on You tried to enable DHCP for a Create the VRRP group for a different
the same interface router interface for which a router interface, or disable DHCP for
VRRP group is configured. the interface.
VRRP cannot be configured on You tried to bind a router Bind a different router interface to the
PPP interface for which a VRRP PPP port.
group is configured, to a PPP
port.
Cannot activate; must be bound You tried activating a router Bind the router interface to a loopback
to port interface, which is neither a interface or a port.
loopback interface nor bound
to a port.
Cannot activate; PPP lower layer You tried activating the router
is not bound interface bound to PPP port,
when PPP lower layer port is
not bound.
NAT already enabled for another You tried enabling NAT on a Disable NAT from the other router
router router instance while it was instance.
already enabled on another
router instance.
Address is not IPv4 address. You configured the IP address Configure the IP address of Inside IP
of Inside IP station with a non- station with an IPv4 address.
IPv4 address.
NAT rule with the same inside You configured the static NAT
global address already exists with the same inside global IP
(translated IP) as another
static NAT.
NAT rule with the same inside You configured the static NAT
local address already exists with the same inside local IP
(source IP) as another static
NAT.
Reference Title
RFC 2385 Protection of BGP Sessions via the TCP MD5 Signature Option
RFC 2545 Use of BGP-4 Multiprotocol Extensions for IPv6 Inter-Domain Routing
Benefits
Dynamic routing protocols enable routing tables to automatically adapt to
changing networks. BGP is the de-facto standard in the internet for
communicating routing information between Autonomous Systems (AS), making
it the only option for AS boundary routers (ASBR) to enable route communication
with other ASes.
Functional Description
In the context of RAD devices, BGP is intended for use on customer-premises
equipment (CPE) at the boundary of a large customer network that is an
independent stub AS connected to only one other AS (the service provider
network).
BGP functionality is explained in the following sections.
Show Me Demo
The following video gives an overview of BGP.
Note If the video cannot be viewed, ensure that you have the latest version of Adobe
Reader.
BGP Neighbors
BGP is configured only on AS Boundary Routers (ASBR). Each BGP router
recognizes a limited list of BGP neighbors from which it receives route updates
and to which it advertises route updates. A BGP neighbor relationship needs to
be manually defined on both BGP routers. BGP routers identify neighbors by their
IP addresses and AS numbers.
BGP neighbors always belong to the IPv4 unicast address family, and can
optionally belong to the IPv6 unicast address family.
AS Numbers (ASN)
BGP communicates paths as a list of numbers of the ASes that need to be
traversed to reach destinations. Generally, ASNs uniquely define the AS, and are
allocated for the individual AS by the Internet Assigned Numbers Authority
(IANA); however, ISPs can define private ASes for their customer networks with
ASNs in the range 6451265534.
Routing Preferences
When there are conflicts between routes received from different sources, such as
static routes, connected networks, OSPF routes, and BGP routes, the routers
Routing Table Manager (RTM) chooses among the sources according to
configurable source preference indices (lowest number indicates highest priority).
Separate preference indices are defined for BGP routes received from BGP
neighbors in the same AS (Internal BGP) and for BGP routes received from BGP
neighbors in other ASes (External BGP).
5 Local Preference Metric for internal neighbors to reach external Well-known discretionary
destinations (default 100)
6 Atomic Aggregate Includes ASes that have been dropped due to Well-known discretionary
route aggregation
4 Multiple Exit Metric for external neighbors to reach the local AS Optional nontransitive
Discriminator (MED) (default 0)
BGP Policies
The BGP functionality provides a flexible filtering mechanism to ensure that the
router processes only relevant BGP update packets. The filtering is done by
means of defining BGP policy profiles of the following types:
Prefix lists Filter by prefix and prefix length, where prefix is specified
by IP address and mask, with prefix length between 24 and
26
BGP policy profiles are assigned per IPv4/IPv6 unicast address family per neighbor.
One of each policy profile type can be assigned in the inbound direction (to be
applied to received packets) and outbound direction (to be applied to advertised
packets), per IPv4/IPv6 unicast address family per neighbor.
BGP policy profiles comprise sequentially numbered rules, each of which can be
one of the following:
Permit action Specifies criteria for permitting packet, and optionally sets
action in case of route map profile
If there is a need to add a rule between already existing rules with consecutive
sequence numbers, the rules can be interspaced to accommodate additional rules
between them.
The packet filtering is done as follows: Each BGP update packet is checked
according to the associated prefix list policy (if exists), and then the
associated route map policy (if exists), starting with the first rule.
If the packet doesnt match a rule, the next rule according to the sequence
number is checked.
If the packet matches a deny rule, it is dropped, and the filtering ends.
If the packet matches a permit rule, the packet is permitted. Any set
operation in the rule is performed, in the case of route map profile.
If the packet doesnt match any rule, it is dropped.
Maintained Information
BGP maintains the following network information, all of which can be viewed (see
Viewing BGP Status):
Neighbor connectivity details
Per-neighbor received routes
Per-neighbor advertised routes
Per-neighbor policy profiles
Per-neigbor communities
Per-neighbor RIB
Per neighbor summary
Factory Defaults
By default, BGP is not configured on RAD routers. The following tables show the
default values when it is configured.
Router
The following parameters determine BGP behavior for the whole router, for all
interfaces:
internal-preference Preference index for internal BGP routes. See Routing 200
Preferences.
redistribute Sources other than BGP of routes that should be advertised no redistribute
to BGP neighbors. See AS-Internal Destination Injection.
Neighbor
The following parameters determine BGP behavior per neighbor:
Configuring BGP
You can configure BGP on a RAD router that is at the boundary of an AS, after
the router itself has been properly configured. To configure BGP properly, you
need to know your network BGP design, including the routers IP address and
ASN, designated BGP neighbors IP addresses and ASNs, whether IPv6 is required,
and the desired method of passing AS-internal destinations to BGP.
When multiple VPN routers are configured on a device, each router should be
configured with its own instance of BGP. All of these BGP instances must share
the same ASN.
BGP parameters are configured at the following levels:
Configuring BGP at Router Level: Parameters that determine BGP behavior for
the whole router, for all IP families and neighbors
Configuring BGP Neighbors: Per-neighbor parameters
Configuring IPv4/IPv6 Unicast Address Families: Parameters that characterize
BGP behavior for IPv4/IPv6 unicast address families.
Follow these steps to configure BGP:
1. Define the BGP router IP address and ASN (see Configuring BGP at Router
Level).
2. Administratively enable BGP.
3. Define any necessary BGP neighbors, along with the remote AS to which the
neighbor belongs (see Configuring BGP Neighbors).
4. Administratively enable the BGP neighbors.
5. If it is necessary for BGP to be aware of AS-internal destinations that need to
be advertised, configure redistribution (of OSPF routes, static routes, and/or
connected networks) or explicit networks, for IPv4 and IPV6 unicast address
families (see Configuring IPv4/IPv6 Unicast Address Families).
6. For each BGP neighbor, if network design requires any non-default values for
IPv4 and IPV6 unicast address families, configure the parameters (see
Configuring Neighbor Parameters).
To configure BGP:
1. At the config>router(<number>)# prompt, type:
[no] bgp <ASN>
The config>router(<number>)>bgp(<ASN>)# prompt is displayed.
Notes <ASN> is the number of the local AS where the router is located
Type no bgp <ASN> to remove BGP from the router (if no neighbors are
defined).
Enabling BGP on the [no] bgp <ASN> <ASN> is the number of the local AS where the
router router is located.
Restarting BGP session clear-neighbor <IP-address> <IP-address> is the neighbors IP address (IPv4 or
with neighbor and [soft] IPv6).
reloading BGP policy If you specify soft, the link with the neighbor is
profiles not reset, but the BGP policy profiles are
reloaded.
Defining IP address for router-id <IP-address> To simplify management, the IP address can be
the router in BGP the actual IP address of one of the routers
communications interfaces, or there may be some other
organizational convention.
Defining or changing the router IP address
requires BGP to be administratively disabled
(shutdown).
Displaying the IPv4 or show community { ipv4 | ipv6 } See Viewing BGP Communities.
IPv6 community table
Displaying the IPv4 or show rib { ipv4 | ipv6 } See Viewing BGP RIB.
IPv6 RIB (Routing
Information Base) table
Setting password for [no] password <password> The <password> can be up to 80 characters.
neighbor session [hash] hash specifies that the password should be
encrypted.
no password deletes the password.
Change takes effect only after clear-neighbor
or shutdown.
Defining neighbors ASN remote-as <ASN> Available only when communication with the
neighbor is disabled (shutdown).
Defining the preference external-preference <priority> <priority> should be an integer in range 0255.
index for external BGP See Routing Preferences.
routes
Priority can be changed at any time.
Defining the preference internal-preference <priority>
index for internal BGP
routes
Associating prefix list prefix-list-bind Type no before the command to remove the association with
BGP policy with the <name> {in | out} the prefix list.
neighbor unicast
address family for
incoming or outgoing
direction
Associating route route-map-bind Type no before the command to remove the association with
map BGP policy to the <name>{in | out} the route map.
neighbor unicast
address family for
incoming or outgoing
direction
Configuring prefix list policy prefix-list <name> {ipv4 | ipv6} Type no prefix-list <name> to delete the
profile, for IPv4/IPv6 prefix list.
Configuring route map policy route-map <name> Type no before the command to delete
profile the route map.
Reseqencing the rules in a resequence <name> This command can be used when you
policy profile [<number>] need to insert rules in the middle of a
policy profile.
<name> name of the policy profile
<number> steps to insert between the
rule sequence numbers. For instance, if
you specify 10, the rule sequence
numbers are changed to 10, 20, 30, etc.
Range for <number>: 1100000.
Adding a deny deny <prefix>/<length> [ge <ge-value>] <prefix>/<length> prefix and length
rule [le <le-value>] [sequence <sequence>] identifying the network that this rule
matches, in the following form
according to IPv4 or IPv6:
(IPv4) <IPv4 address>/<132>
(IPv6) <IPv6 address>/<1128>
ge Rule matches packets with prefix
length greater than or equal to
<ge-value>.
le Rule matches packets with prefix
length less than or equal to <le-value>.
sequence assigns <sequence> as the
sequence number of the rule.
Sequence number range:
12147483648
The ge and le parameters are validated as
follows:
(IPv4) Prefix length <ge < le <= 32
(IPv6) Prefix length <ge < le <= 128
Adding a permit permit <prefix>/<length> [ge <ge-value>] For an explanation of the parameters, see
rule [le <le-value>] [sequence <sequence>] the comments above for the deny rule.
Adding a deny deny [match [as-path string] [community as-path BGP AS Path that this rule uses
rule string] [ prefix-list string] ][sequence to match to a route in ASCII format; in
sequence>] regular expression format (permitted
length 0127 characters).
Note: AS numbers are matched as decimal
numbers. For example, the AS number
'0x0123' should be represented in the
regular expression string as '291'. A NULL
string indicates that the field is not in use.
community BGP community that this
rule matches, in the form aa:nn
(permitted length 0127 characters). If
community is not specified, this rule
matches all packets.
Note: Community has the new-format
decimal notation. For example, the
community '0x00120101' should be
represented in the string as '18:257'.
prefix-list - BGP policy prefix-list profile
name that this rule matches; permitted
length 080 characters
sequence Assigns <sequence> as the
sequence number of the rule.
Sequence number range: 12147483648
Adding a permit permit[match [as-path string] [community as-path BGP AS Path that this rule uses
rule, and string] [ prefix-list string] ][set [as2-path- to match to a route in ASCII format; in
optionally prepend string] [as4-path-prepend string] regular expression format (permitted
specifying set [community string] [local-preference length 0127 characters).
actions number] [med number] ][sequence Note: AS numbers are matched as decimal
sequence>] numbers. For example, the AS number
'0x0123' should be represented in the
regular expression string as '291'. A NULL
string indicates that the field is not in use.
community BGP community that this
rule matches, in the form aa:nn
(permitted length 0127 characters). If
community is not specified, this rule
matches all packets.
Note: Community has the new-format
decimal notation. For example, the
community '0x00120101' should be
represented in the string as '18:257'.
prefix-list - BGP policy prefix-list profile
name that this rule matches; permitted
length 080 characters
set Specify set actions for BGP path
attributes (see Table 8-32).
as2-path-prepend/as4-path-prepend
Set AS prepend (for 2/4 octets AS size)
to <string>; permitted length 0127
characters
Note: You can define only one as-path-
prepend statement - as2-path-prepend or
as4-path-prepend.
community Set community to a string
in the form aa:nn (permitted length 0
127 characters.
local-preference Set local preference to
<number>.
Possible values: 04294967295
med Set Multiple Exit Discriminator
(MED) to <number>.
Possible values: 04294967295
sequence Assigns <sequence> as the
sequence number of the rule.
Sequence number range:
12147483648
Examples
This section illustrates configuring BGP policy profiles.
Configuration Example
In this example, a customer-premises RAD device has been placed at the
boundary of an organizations network, which is an independent AS. The RAD
device needs to be configured for BGP.
The only BGP neighbor is the Provider Edge (PE) router. Since this is a stub AS, it
has been decided that AS-internal destinations should be aggregated and
manually defined (with the network command) rather than enabling automatic
redistribution. IPv6 is required for this network.
Device IP ASN
CPE ASBR (the device being configured for BGP) 10.10.1.1 64515
Configuration Errors
The following table lists the messages generated by the device when a
configuration error is detected.
Cannot delete; BGP neighbor You tried to run no bgp, but Delete all neighbors and try again.
exist there are configured BGP
neighbors.
Cannot create; AS number must You tried to define BGP with Use the same ASN for BGP on all the
be equal for all BGP entities an ASN different from the BGP devices routers.
ASN configured for another
router on this device.
Cannot clear; unknown neighbor You tried to run clear-neighbor Use the correct IP address configured
on an IP address that is not for the neighbor.
configured for any defined
BGP neighbor.
Cannot set; AS number change You tried changing the BGP Delete all BGP entities, and then
requires deletion of all BGP ASN before deleting all BGP change the ASN.
entities entities.
Cannot set; change requires bgp You tried to set the router-id Run shutdown and then try again.
shutdown with BGP running.
Cannot activate; router-id You tried to enable BGP (no Set the router-id and try again.
number must be set shutdown) without having set
the router-id.
Cannot set; No such neighbor You tried to enter an IP / Use the correct IP address configured
neighbor context, but you for the neighbor.
specified an IP address that is
not configured for any
neighbor.
Cannot set; ipv4 unicast address You tried using the active IPv4 cannot be disabled for any
family always enable command in the IPv4 neighbor neighbors. If you meant to enable or
CLI context. disable IPv6, navigate to
config>router(<number>)>bgp(<ASN>)
>ipv6-unicast-af>neighbor(<IP-address
>)# and try again.
Cannot activate; remote IP You tried to run no shutdown Set the neighbors ASN (with the
address and AS number must be for a BGP neighbor, but this remote-as command) and then try
set neighbor does not yet have an again.
ASN.
Cannot set; Hold time should be You tried to run the timers Run the command again with hold time
greater than the keepalive time command with hold time less greater than keepalive time.
than or equal to keepalive
time.
Cannot bind; policy profile type You tried to bind a policy Change policy type to prefix-list-ipv4 or
does not match profile that does not match prefix-list-ipv6).
the required policy type
(prefix-list-ipv4 or prefix-list-
ipv6).
Cannot bind; prefix-list profile You tried to bind prefix-list Unbind route-map profile with match
already in use in match profile when route-map profile prefix-list statement from the BGP
statement with match prefix-list connection.
statement is already bound to
the same BGP connection.
Cannot bind; no such policy You tried to bind a policy Create the policy profile that you want
profile profile that does not exist. to bind.
Cannot bind; policy profile type You tried to bind a policy Bind the policy profile to route-map.
does not match profile that does not match
the required type (route-map)
Cannot bind; address-family You tried to bind a route-map Create a prefix-list address-family that
mismatch with match statement profile with match prefix-list is identical to bound connection
statement with a prefix-list address-family.
address-family that is not
identical to bound connection
address-family.
Cannot bind; prefix-list profile You tried to bind a route-map Unbind prefix-list profile from the BGP
already bound profile with match prefix-list connection.
statement when prefix-list
profile is bound to the same
BGP connection.
Cannot delete; prefix list is You tried to delete a prefix Unbind the policy profile from all
matched in a route-map list that is matched in a route- entities bound to it.
map.
Cannot create; name already in You tried creating a prefix-list Choose a unique name for the newly
use policy profile with a name that created prefix-list policy profile.
already exists in the system.
Cannot add statement; wrong You tried adding a rule with an Use the appropriate address type.
prefix address type address type (ipv4 or ipv6)
that is not related to the
profile type.
Cannot add statement; wrong You tried adding a rule with Correct the length paremeters so that
length parameters incorrect length parameters. length < ge-value <= le-value <=
address length of family (32 or 128).
Cannot add statement; regular The regular expression that Enter a new regular expression for the
expression is incorrect you entered does not translate AS path.
into a valid AS path.
Cannot add statement; no such You tried adding a statement Create the prefix-list profile or use an
policy profile with a prefix-list profile that existing prefix-list profile.
does not exist.
Cannot add statement; prefix- You tried adding a statement Use a prefix-list profile address-family
list address-family mismatch with a prefix-list profile that is similar to previous statements.
address-family that is different
than similar previous
statements.
Cannot add statement; the You tried adding a statement, Unbind the route map from the bgp
route-map is bound to bgp but the route-map profile connection.
connection with bound prefix- (with the new match prefix-
list list statement) is bound to a
connection with a bound
prefix-list profile.
Warning: prefix list profile You used a prefix-list profile Use another prefix-list profile or
contains permit statement that contains at least one remove all permit statements from
permit statement. the current prefix-list profile.
Set timer to 0 requires You tried to run the timers Run the command again with either
holdtime = keepalive = 0 command with one 0 value. both or neither parameter being 0.
Either both or neither must be
0.
Router config>router(<number>)>bgp(<ASN>)#
Neighbor config>router(<number>)>bgp(<ASN>)>neighbor(<IP-address>)#
For example:
ETX-2i>config>router(1)>bgp(64515)# info detail
router-id 10.10.1.1
no shutdown
echo "BGP Neighbor Configuration"#
# BGP Neighbor Configuration
neighbor 10.10.10.1
local-address 0.0.0.0
max-prefixes 0
password "" hash
remote-as 613
no shutdown
timers keepalive 30 holdtime 90
exit
echo "IPv4 Unicast Address Family Configuration"
# IPv4 Unicast Address Family Configuration
ipv4-unicast-af
external-preference 20
internal-preference 200
redistribute ospf
echo "IPv4 Unicast Address Family - Neighbor Configuration"
# IPv4 Unicast Address Family - Neighbor Configuration
neighbor 10.10.10.1
active
exit
exit
echo "IPv6 Unicast Address Family Configuration"
# IPv6 Unicast Address Family Configuration
ipv6-unicast-af
external-preference 20
internal-preference 200
echo "IPv6 Unicast Address Family - Neighbor Configuration"
# IPv6 Unicast Address Family - Neighbor Configuration
neighbor 10.10.10.1
no active
exit
exit
Field Description
Path
Field Description
Path
To display the prefix list policy profiles assigned to the neighbor 1.1.1.1 IPv4
unicast family:
ETX-2i>config>router(1)>bgp(64515)>ipv4-unicast-af>neighbor(1.1.1.1)# show
prefix-list
To display the prefix list policy profiles assigned to the neighbor 10:10:10::10
IPv6 unicast family:
ETX-2i>config>router(1)>bgp(64515)>ipv6-unicast-af>neighbor(10:10:10::10)#
show prefix-list
To display the route map policy profiles assigned to the neighbor 1.1.1.1 IPv4
unicast family:
ETX-2i>config>router(1)>bgp(64515)>ipv4-unicast-af>neighbor(1.1.1.1)# show
route-map
Name: aaaaaAAAAAbbbbbBBBBBcccccCCCCCdddddDDDDD (In)
10 permit (hit count: 0)
match community 1:2
set community 2:3 med 456799 local-pref 123456
20 deny (hit count: 2)
match community 1000:2000
Name: XXXX (Out)
10 permit (hit count: 10)
match community 3000:4000
set community 1000:2000 local-pref 110
20 permit (hit count: 1)
match community 100:200
40 permit (hit count: 2)
match as-path _150$ prefix-list AAAA community 10:20
set as2-path-prepend 100 100 community 30:40
To display the route map policy profiles assigned to the neighbor 10:10:10::10
IPv6 unicast family:
ETX-2i>config>router(1)>bgp(64515)>ipv6-unicast-af>neighbor(10:10:10::10)#
show route-map
Name: aaaaaAAAAAbbbbbBBBBBcccccCCCCCdddddDDDDD (In)
10 permit (hit count: 0)
match community 1:2
set community 2:3 med 456799 local-pref 123456
20 deny (hit count: 2)
match community 1000:2000
Name: XXXX (Out)
10 permit (hit count: 10)
match community 3000:4000
set community 1000:2000 local-pref 110
20 permit (hit count: 1)
match community 100:200
40 permit (hit count: 2)
match as-path _150$ prefix-list AAAA community 10:20
set as2-path-prepend 100 100 community 30:40
The above fields are:
Field Description
route map
rule
information
Network Community
===============================================================
Neighbor 2.2.2.2
0.0.0.0/0 65000:65000
111.222.111.220/30 20:20
Neighbor 33.33.33.33
0.0.0.0/0 1000:2000
111.222.111.220/30 100:100 200:200 300:300 400:400
Network Community
=============================================================================
Neighbor 2:2:2:2::2
::/0 > 11:11:11:11::1 65000:65000 1000:2000 3000:1000
11:11:11:11::/64 > :: 1000:2000
abcd:abcd:abcd:abcd:abcd:abcd:abcd:abcd/126
> abcd:abcd:abcd:abcd:abcd:abcd:abcd:abcd 65200:65200
Neighbor 33:33:33:33::33
::/0 > 11:11:11:11::1 20:30
11:11:11:11::/64 > :: 400:400
abcd:abcd:abcd:abcd:abcd:abcd:abcd:abcd/126
> abcd:abcd:abcd:abcd:abcd:abcd:abcd:abcd 65200:65200 4000:65500
The above fields are:
Field Description
* = Best Route
Network > Next Hop MED LocPrf Path
=============================================================================
Neighbor 2.2.2.2
* 0.0.0.0/0 > 172.17.171.1 1000 2000 3000 1000 100 2333
* 111.222.111.220/30 > 111.222.111.223 65200 65200 4000 800 65500
Neighbor 33.33.33.33
0.0.0.0/0 > 172.17.171.1 1000 2000 3000 1000 100 2333
111.222.111.220/30 > 111.222.111.223 65200 65200 4000 800 65500
Field Description
Status (Best Marks with a * the Best Route, i.e. the route entry forwarded to the
Route) Routers RIB (Routing Information Base)
Path
Field Description
AS Remote AS number
Possible values: 0..35655 or 0..4294967295
Field Description
Up/Down Amount of time that the underlying TCP connection has been in
existence, i.e. how long this peer has been in the Established state.
Note: Up/Down time is set to zero when a new peer is configured or the
router is booted.
Possible values: 0 - 4294967295 seconds
When up/down time = 0, displays never.
Otherwise displays in format number of days, hours, minutes, and
seconds, for example: 12d 06:23:53
Testing BGP
After configuring BGP on a router in an existing BGP environment, you should test
that BGP is working properly.
To test BGP:
1. Wait a few seconds after configuration for BGP communications to take
place.
2. For each configured BGP neighbor:
a. Navigate to the BGP neighbor CLI context
(config>router(<number>)>bgp(<ASN>)>neighbor(<IP-address>)#).
b. Enter show neighbor-connection and check that communication has been
successfully established.
c. Navigate to the IPv4 unicast address family neighbor context
(config>router(<number>)>bgp(<ASN>)>ipv4-unicast-af>
neighbor(<IP-address>)#).
d. Enter show advertised-route and check that the correct destination
routes are being advertised.
e. Enter show received-route and check that BGP routes are being received.
3. If IPv6 has been configured for this neighbor:
a. Navigate to the IPv6 unicast address family neighbor context
(config>router(<number>)>bgp(<ASN>)>ipv6-unicast-af>
neighbor(<IP-address>)#).
b. Enter show advertised-route and check that the correct destination
routes are being advertised.
c. Enter show received-route and check that BGP routes are being received.
Note
OSPF does not support the BFD protocol.
Benefits
Dynamic routing protocols enable routing tables to automatically adapt to
changing networks. Link-state dynamic routing protocols such as OSPF quickly
adapt to network changes, enable intelligent decisions for best routing paths,
and are highly scalable.
All the routers in an Autonomous System (AS) must use the same Interior
Gateway Protocol (IGP).
Functional Description
OSPF functionality is explained in the following sections.
Show Me Demo
The following video gives an overview of OSPF.
Note If the video cannot be viewed, ensure that you have the latest version of Adobe
Reader.
Link-State Routing
Link-state routing is one of the two main types of IGPs, along with distance-
vector routing. OSPF is a link-state routing protocol.
In link-state protocols, each router creates and maintains a relatively full map of
network connectivity. The connectivity map, called the Link-State Database
(LSDB), includes information on which routers are connected to which other
routers, and each connections cost metric, which takes into account things like
round-trip time, throughput, and link availability. The maps completeness enables
the router to intelligently calculate the optimal path from itself to any network
destination, without having to rely on partial path calculations made in other
parts of the network. These optimal paths are used to dynamically create a
routing table.
To supply information for LSDBs, each router in the network notifies the network
about its own immediate neighboring routers and the costs of its connections
with them. Routers collect this link-state information and issue Link-State
Advertisements (LSAs) to their neighbors. Upon receiving an LSA, each router
updates its LSDB.
AS-External Information
To enable routing to destinations outside the AS, designated Autonomous
System Boundary Routers (ASBRs) receive topology information about other ASs,
and distribute it to internal routers. ASBRs can be configured whether to
distribute topology from specified external sources (static routes or from BGP).
However, to reduce traffic, LSDB size, and routing table size, areas can be
configured so that only the area ABR is aware of the AS-external topology, and
the internal routers route traffic with destinations outside the AS through the
ABR. Two types of such areas can be configured:
An area which is neither stub nor NSSA is called a transit area. The backbone area
must always be a transit area.
Link-State Summarization
For AS-internal topology information, there is by default no difference between
the different types of non-backbone areas: ABRs of stub, NSSA and transit
(except for backbone) areas summarize AS-internal, area-external link-state
information for distribution to area-internal routers. However, a stub or NSSA
ABR can be optionally configured to suppress summary-LSAs, instead becoming
the areas single default gateway.
Designated Routers
To reduce network traffic, each network selects a Designated Router (DR) to
send LSAs outside of the network. A Backup Designated Router (BDR) is also
selected in case of DR failure. Routers are selected according to configurable
router priority indexes (lowest number indicates highest priority).
Authentication
OSPF can be configured to perform authentication, in which case OSPF
information is accepted only from password-authenticated routers.
Routing Preferences
When there are conflicts between routes received from different sources, such as
static routes, OSPF AS-internal routes, and OSPF AS-external routes, the Routing
Table Manager (RTM) chooses among the sources according to configurable
source preference indices (lowest number indicates highest priority).
Maintained Information
OSPF maintains the following network information, all of which can be viewed
(see Viewing OSPF Status):
Neighbor list
Interface information
LSDB
LSA counters (see Viewing OSPF Statistics)
default-cost Cost metric of default route, for stub area ABR to advertise 1
into the area. See Link-State Routing.
nssa Whether area is NSSA, and whether the area ABR will no nssa, no-summary
provide area routers with summary LSAs (or just rely on its
default route). See AS-External Information and Link-State
Summarization.
stub Whether area is a stub area, and whether the area ABR will no stub, no-summary
provide area routers with summary LSAs (rather than just
rely on its default route). See AS-External Information and
Link-State Summarization.
passive Whether OSPF packets can (no passive) or cannot (passive) no passive
be sent through this interface
Configuring OSPF
OSPF is not configured by default on RAD routers. On a router that does not have
OSPF defined, once the router itself and its interfaces have been properly
configured, you can configure OSPF. To configure OSPF properly, you will need to
know your network OSPF design.
Define OSPF on the [no] ospf After defining OSPF on the router, OSPF still
router (if not yet needs to be enabled (after setting router-id) with
defined), and provide no shutdown.
the router CLI ospf no ospf removes OSPF from the router (if no
context areas are defined).
Define ID for the router router-id <id> <id> is in IP address format: <0-255>.<0-
in OSPF 255>.<0-255>.<0-255> . The ID must be unique
communications in the AS. To simplify management, the ID can be
the actual IP address of one of the routers
interfaces, or there may be some other
organizational convention.
Define / remove OSPF [no] area <area-id> <area-id> is in IP address format: <0-255>.<0-
area, with an ID for the 255>.<0-255>.<0-255>. The ID must be unique
area in OSPF in the AS. To simplify management, the ID can be
communications the actual IP address of a network in the area, or
there may be some other organizational
convention. The backbone area ID must be
0.0.0.0 .
no area <area-id> removes the area from router
OSPF configuration (if the area is not associated
with any interfaces).
To further configure the area, see Configuring
OSPF at the Area Level
Make router an ASBR [no] asbr OSPF must be disabled to run this command.
(=distribute AS-external See AS-External Information.
routes)
Set ASBR to distribute [no] redistribute {static | bgp} To disable distribution: no redistribute .
routes from specified See AS-External Information.
external sources (static
or BGP) to the rest of
the AS, or disable
distribution
Set preference index external-preference <priority> <priority> should be an integer in range 0-255.
for OSPF AS-external See Routing Preferences.
routes
Set preference index internal-preference <priority> <priority> should be an integer in range 0-255.
for OSPF AS-internal See Routing Preferences.
routes
Make area a stub area, [no] stub [summary | All routers in a stub area must be configured as
or change a stub area no-summary] such. See AS-External Information.
back to a transit area This command is effective regardless of the areas
current type (transit or NSSA).
For the area ABR to just rely on its default route
rather than provide area routers with summary
LSAs, use stub no-summary . For it to go back to
providing summary LSAs, use stub summary. See
Link-State Summarization.
To change a stub area back to a transit area, use
no stub
Make area an NSSA [no] nssa [summary | All routers in an NSSA area must be configured as
area, or change an no-summary] such. See AS-External Information.
NSSA area back to a This command is effective regardless of the areas
transit area current type (transit or stub).
For the area ABR to just rely on its default route
rather than provide area routers with summary
LSAs, use nssa no-summary . For it to go back to
providing summary LSAs, use nssa summary. See
Link-State Summarization.
To change an NSSA area back to a transit area, use
no nssa
Set cost metric of default-cost <metric> Use only on stub area ABR.
default route, for stub Possible values: 116777215 (24-bit)
area ABR to advertise
See Link-State Routing.
into the area
Set internal IP address [no] range <ip-address>/ To set internal transit area summarization, on the
range(s) to be <mask-length> [advertise | transit ABR use: range <ip-address>/<mask-
summarized or hidden not-advertise] [nssa] length> advertise .
by a transit area ABR, To set internal transit area hiding, on the transit
or external IP address ABR use: range <ip-address>/<mask-length> not-
range(s) to be advertise .
aggregated by an NSSA
To set external NSSA aggregation, on the NSSA
ABR
ABR use range <ip-address>/<mask-length>
advertise nssa .
<ip-address> should represent an IP range, in IP
address format. <mask-length> should be an
integer in range 132, representing the number of
first bits in <ip-address> that are the network
mask.
To delete a configured range, use: no range <ip-
address>/<mask-length>.
See Explicit Range Aggregation.
Define OSPF on the ospf After defining OSPF on the interface, OSPF
interface (if not yet still needs to be enabled (after associating
defined), and provide the the interface with an area) with no shutdown.
interface CLI ospf context no ospf removes OSPF from the interface (if
no areas are defined)
Associate interface with an [no] area <area-id> Specify the area with its <area-id>.
area To disassociate the interface from any area,
use no area <area-id>.
Set the time between hello-interval <seconds> <seconds> should be in range 165535.
sending HELLO packets See Link-State Routing.
Set the time after which dead-interval <seconds> Possible values: 12147483647.
the connection with a See Link-State Routing.
silent neighbor is
considered failed
Set the priority index for priority <priority> Possible values: 0255.
becoming DR or BDR See Designated Routers
Set the time to be added transit-delay <seconds> The estimated time of LSA transmission over
to the LSAs age before the interface including propagation delays
transmission Possible values: 03600
Prevent OSPF packets from [no] passive A passive interface is still advertised as an
being sent through the OSPF interface, but doesnt itself run the
interface OSPF protocol.
To re-enable sending OSPF packets, use no
passive
Configuration Example
In this example, a router needs to be configured for OSPF. According to network
design, this router is a stub area ABR with two interfaces, one in the backbone
and one in a stub area. Authentication is used in both areas, but each area uses a
different password.
The relevant part of the network design is:
Configuration Errors
Table 8-50 lists the messages generated by the device when a configuration error
is detected.
Cannot be modified; OSPF You tried to associate an Enter shutdown and try again.
interface is administratively interface with an area, but the
enabled interface is OSPF-enabled
Cannot create OSPF interface; IP You tried to run ospf in the Set a fixed IP address for the
address wasnt configured interface context, but the interface.
interface itself has no fixed IP
address (it is possibly DHCP)
Cannot create OSPF interface; You tried to run ospf in the Remove interface IP addresses to
more than one IP address is interface context, but the leave only one, and try again.
configured interface itself has multiple IPv4
addresses
Cannot delete area; There is an You tried to run no area (router Go to the relevant interface OSPF
OSPF interface associated with OSPF context) on an area context and enter no area <area-id>.
the Area associated with an interface
Cannot delete ospf; ospf area or You tried to run no ospf (router Remove OSPF from all interfaces,
OSPF interface exist context) with existing areas or delete all areas, and try again.
OSPF interfaces
cannot enable OSPF interface; You tried to enable OSPF on an Set an area for the interface and try
area-id is not defined interface without an associated again.
area
Cannot enable OSPF; router-id is You tried to run no shutdown Set router-id and try again.
not configured (router OSPF context) with no
OSPF router ID
Cannot enable redistribute; You tried to run the redistribute If by network design this router
ASBR disabled command on a non-ASBR router should be an ASBR, enter asbr and
try again.
Cannot execute, license required You tried to run ospf (router Contact your RAD sales
context) without an OSPF representative to obtain a license.
license
Cannot modify area parameter; You tried to make an enabled Enter shutdown and try again.
area is administratively enable area into a stub or NSSA
Cannot modify; OSPF is enabled You tried to change router-id or Enter shutdown and try again.
asbr with OSPF enabled
Cannot set area as nssa; area-id You tried to make the backbone If this is not the backbone, change
0.0.0.0 cannot be nssa a stub or NSSA the area ID and try again.
Cannot set metric; Area is a You tried to run the default-cost If this area should be a stub area,
Transit command on a transit area enter stub and try again.
Cannot set ranges for external You tried to run the range If this area shouldnt be an NSSA,
routes for non NSSA command with the nssa option, enter no nssa and try again.
on a non-NSSA area
OSPF entity shall be initiated You tried to run ospf in the Exit to the router context and enter
before interfaces configuration interface context, but OSPF ospf. Then try again.
hasnt been defined on the
router
Router config>router(<router_number>)>ospf#
Area config>router(<router_number>)>ospf>area(<area-id>)#
Interface config>router(<router_number>)>interface(<interface_number>)>ospf#
For example:
rad_os_p# configure
rad_os_p>config# router 1
rad_os_p>config>router(1)# ospf
rad_os_p>config>router(1)>ospf# info detail
router-id 1.2.3.4
no asbr
external-preference 110
internal-preference 30
no graceful-restart
restart-interval 120
strict-lsa-checking
shutdown
echo "OSPF AREA Configuration"
# OSPF AREA Configuration
area 0.0.0.0
no nssa
no stub
no shutdown
exit
rad_os_p>config>router(1)>ospf#
Field Description
Sequence Signed 32-bit integer, incremented each time the router originates a new
instance of the LSA. Used to detect old and duplicate LSAs
Field Description
Field Description
Field Description
State The state of the connection with this neighbor. One of:
Down
Attempt
Init
Twoway
Exchangestart
Exchange
Loading
Full
Field Description
Checksum 32-bit sum of the checksums of the LSAs of this type. Can be used to
check if an LSDB has changed or to compare LSDBs.
Testing OSPF
After configuring OSPF on a router in an existing OSPF environment, you should
test that OSPF is working properly.
To test OSPF:
1. Wait a few seconds after configuration for OSPF communications to take
place.
2. Navigate to the CLI router OSPF context (config>router(<router_number>)>
ospf#).
3. Enter show interface-table and check that a DR and a BDR have been
successfully elected.
4. Enter show neighbor-table and check that connections have been established
with all neighbors.
5. Enter show routing-table and check that expected routes have been learned
from OSPF neighbors.
6. Exit the OSPF context, to the router CLI context.
7. Enter show routing-table and check that there are new routes marked as
originating in OSPF.
Standard Title
RFC 5798 Virtual Router Redundancy Protocol (VRRP) Version 3 for IPv4 and IPv6
RFC 6527 Definitions of Managed Objects for the Virtual Router Redundancy Protocol
Version 3 (VRRPv3)
ETX-2i can support either of the following VRRP versions at any time:
VRRPv2 (RFC 3768) supports only IPv4
VRRPv3 (RFC 5798) supports IPv4 and IPv6
The two versions cannot interwork together.
Benefits
A static default gateway router is a potential single point of failure, which is
eliminated by VRRP; it increases the availability and reliability of routing paths
without the need for dynamic routing or router discovery protocols on every
access device.
Functional Description
VRRP Group
A VRRP group is defined as a group of routers that share one or more virtual IP
addresses. If a routers physical IP address matches a virtual IP address, it is
referred to as the address owner. The routers in the group are assigned priorities
ranging from 1255, with 255 being the highest priority, however only priorities
1254 are configurable. Priority 255 is automatically assigned to the address
owner regardless of the configured priority. Up to 20 VRRP groups are supported
per device.
Master Router
At any time, one of the routers is the master (active) and the others are backups.
The router with the highest priority is selected as the master, therefore the
address owner is the master unless it has failed. If more than one router has the
highest priority, the one with the highest primary IP address is selected as
master. The primary IP address is one of the router interfaces real (IPv4) or
link-local (IPv6) IP addresses. It is used as the source address in VRRP
advertisements
The master router forwards upstream traffic packets destined for the virtual IP
address(es), and sends periodic advertisements to the backup routers at a
user-configurable interval. If a backup router does not receive an advertisement
for a set period, the backup router with the next highest priority takes over as
master.
Preemption
If preemption is enabled, then when a new router is added to a VRRP group and
its priority is higher than any of the routers in the group, it preempts the master
role. When a router with priority 255 (address owner) is added to a VRRP group
or becomes active, it preempts all lower-priority routers, even if preemption is
disabled. If no router has priority 255 and preemption is disabled, then no
preemption occurs.
Fault Propagation
If the VRRP master routers uplink toward the network fails, it does not affect the
VRRP state if VRRP is running on an Ethernet port connected to the user network;
however, the master might not be able to forward packets, or might delay the
packet forwarding by using an alternative route.
To solve this, the status of an interface can be used as a fault propagation
trigger, with the configured action of lowering the VRRP priority, in order to cause
a backup router to become the master. This VRRP redundancy is supported within
50 ms from the start of switchover. When the interface recovers, the original
priority is restored.
Note In order for fault propagation to interact properly with a VRRP group, preemption
must be enabled on all VRFs belonging to that group, and all the VRFs must not
be address owners.
Load Balancing
The VRRP backup virtual routers do not forward traffic incoming from the LAN
unless they become the master router. It would be advantageous to have multiple
routers forwarding the traffic instead of one being the active master, and the
rest idle backups. To achieve this, multiple VRRP groups (up to , 2) can be
configured for a router interface, with each router acting as the master of a
different virtual IP address.
Each virtual address can then be configured as default gateway for some of the
devices on the LAN, and each router handles the traffic of the devices for which
it is the default gateway. If a router fails, one of the other routers transitions to
master, and handles the failed routers traffic.
Factory Defaults
The default device VRRP version is 2.
By default, no VRRP groups exist. When a VRRP group is created, its default
configuration is the following:
description virtual router <ip-ver> group <id> <ip-ver> is either IPv4 or IPv6.
<id> is the group VRID.
priority 100
Configuring VRRP
VRRP is configured at the following levels:
System> router Configure device VRRP version.
Router interface Configure VRRP group parameters.
Note See Viewing VRRP Summary for details on displaying VRRP group summary
information at various levels.
Notes A VRRP group cannot be associated with a router interface for which any of the
following is true:
DHCP is enabled for the router interface.
The router interface is bound to a PPP port.
The router interface is a loopback interface.
Note The commands ip and no shutdown are mandatory for VRRP group configuration.
The other commands are optional; if they are not specified, then default values
are used (see Factory Defaults).
Field Description
Uptime (seconds) Time since VRRP role changed from Init to Backup or Master
Protected IP Address One or more virtual IP address(es) protected by the VRRP group; one
output line is displayed for each protected IP address.
Advertisement Interval Interval between VRRP advertisements (if the router is acting as
(seconds) master)
Reduced By Fault Router VRRP actual priority, after being reduced by fault propagation
Propagation to if applicable
Field Description
Configuration Errors
The following table lists the messages generated by the device when a
configuration error is detected.
Too many VRRP groups on this You tried to create a VRRP Delete one of the VRRP groups from
interface group for a router interface the interface.
for which the maximum
number of groups already
exists.
VRRP and DHCP not allowed on You tried to create a VRRP Disable DHCP for the interface.
the same interface group for a router interface
for which DHCP is enabled.
VRRP cannot be configured on You tried to create a VRRP Remove the PPP port association from
PPP group for a router interface the interface.
that is bound to a PPP port.
VRRP cannot be configured on a You tried to create a VRRP Create the VRRP group for a different
loopback router interface group for a router interface router interface.
that is a loopback router
interface.
Too many addresses associated You tried to associate an IP Delete one of the associated addresses
with VRRP group address with a VRRP group for before associating a new IP address
which the maximum number of with the group.
supported addresses is already
associated.
Incorrect IP version You tried to associate an IPv4 Associate an IPv4 address with an IPv4
address with an IPv6 group or group, or an IPv6 address with an IPv6
an IPv6 address with an IPv4 group.
group.
Active VRRP group must have You tried to dissociate the last Associate a virtual IP address with the
virtual IP IP address from an enabled VRRP group or disable the group.
VRRP group.
Cannot activate VRRP group You tried to administratively Associate a virtual IP address with the
without virtual IP address enable a VRRP group that does VRRP group.
not have at least one
associated virtual IP address.
VRRP priority preemption must You tried to disable Remove the fault propagation
be enabled for fault propagation preemption on a VRRP group configuration.
that is defined in fault
propagation as a to-element.
Priority decrement fault You tried to configure one of Either configure the to-element with a
propagation banned on VRRP the following: different IP address that is not a virtual
address owner Fault propagation IP address, or use a virtual address that
to-element virtual IP is not a real address of the to-element.
address as the to-element
IP address
Fault propagation
to-element IP address as
the to-element virtual IP
address.
Applicable Products
This feature is applicable to ETX2i, ETX-2i-B, and ETX-2i-10G with PTP options,
with the following conditions:
The following 1588v2 entities are supported by ETX2i and ETX-2i-10G:
Standalone slave clock
Boundary clock
For G.8275.1, the PTP port limits are as follows:
PTP ports with master role per device: Up to 7
PTP ports with slave role per device: Up to 2
<slot> is relevant for modular ports.
Standards
IEEE 1588 Precision Time Protocol
ITU-T G.8265.1 Precision Time Protocol Telecom Profile
ITU-T G.8275.1 Precision Time Protocol Telecom Profile
ITU-T G.8273.2 Telecom Boundary Clock (T-BC) Specification
Benefits
The Precision Time Protocol (PTP), defined in the IEEE 1588 standard, is a
high-precision time protocol for synchronization of clocks over a PSN. PTP is
beneficial for applications that recover or distribute timing information.
Functional Description
PTP Protocols
G.8265.1 is an end-to-end protocol based on IP packets. The synchronization
message rate and announce rate are negotiated between the slave and master.
The G.8265.1 protocol is used to obtain frequency and time.
G.8275.1 is a point-to-point protocol based on Layer-2 multicast messages. There
is no signaling phase; the message rate is always 16 PPS and the announce rate is
8 PPS. The G.8275.1 protocol is used to obtain time rather than frequency. It
obtains frequency from SyncE to get a more accurate time. The reference time is
taken from the CSM source if it is PRC; otherwise from the 1588v2 frequency.
1588v2 Entities
ETX2i supports the following 1588v2 entities:
Boundary clock Transfers time of day (ToD) and frequency from a remote
master clock to one or more slave clocks. The boundary
clock is implemented as a back-to-back master and slave
clock.
Note
Only IPv4 addresses are supported in the timing/synchronization messaging.
PTP Port
When a 1588v2 entity acts according to G.8275.1, you need to configure a PTP
port entity for each clock entity. The PTP port has a provisioned state that you
configure, as well as an actual state. The provisioned state can be one of the
following:
The actual state of the provisioned slave port that is selected as the best clock is
set to slave. The actual state of the provisioned slave ports that are not selected is
set to passive.
Slave Clock
The standalone slave clock complies with G.8265.1 or G.8275.1. The slave clock
complies with the standard G.8265.1 Telecom Profile 1 (E2E), as well as
Symmetricom Telecom-2008, when working according to G.8265.1.
G.8265.1
The G.8265.1 slave clock can work in one-way mode, where it receives only
frequency from up to two IEEE 1588 master clocks, or in two-way mode (full
synchronization), where it receives frequency and time. When the master clock
grants signal transmission it notifies the slave clock of the master clock quality
level and source port identification, then periodically transmits synchronization
signals.
The slave clock works in the following recovery modes:
G.8275.1
The G.8275.1 slave clock receives frequency from one or more IEEE 1588 master
clocks that periodically transmit synchronization signals.
The slave clock works in time (also referred to as hybrid) recovery mode. The slave
uses both Sync and Delay messages to reconstruct the remote clock, and takes
the reference frequency is taken from the clock domain (same the G.8265.1 slave
in hybrid mode).
G.8273.2 clock specification supports G.8275.1.
Boundary Clock
The boundary clock is defined in ETX2i as a back-to-back master and slave clock
sharing the same IP address and PTP domain. The slave can be a G.8265.1 or
G.8275.1 entity, and the master can be a G.8265.1 or G.8275.1 entity, or it can be
a dual mode master that supports both G.8265.1 and G.8275.1.
The boundary clock performs the following tasks:
The local slave recovers reference ToD and frequency from a remote master.
The local master uses the local slave recovered ToD as its reference ToD.
The local master uses the local slave recovered frequency as its reference
frequency.
Forwarding
G.8265.1
You need to configure the following for the G.8265.1 clock entities to function
correctly:
Corresponding SVI
Corresponding flows
Corresponding router interface. For the G.8265.1 boundary clock, the SVI
corresponding to the router interface must be connected via flow to a bridge
port.
In order to communicate with the remote master of the G.8265.1 boundary clock,
a peer must be defined with the remote master IP address; additionally, if the
remote master is not in the same subnet as ETX2i, a static route must be
configured to define how to reach the remote master.
G.8275.1
1588v2 traffic for PTP ports is transmitted and received by the 1588 entity
to/from an Ethernet port. You need to configure the following for the G.8275.1
clock entities to function correctly:
Corresponding SVI
Corresponding PTP port
Corresponding flows. The traffic from the Ethernet port to the SVI port should
be classified as untagged. The traffic from the SVI port to the Ethernet port
should be classified to match all packets.
Factory Defaults
By default, there is no configured master or slave clock.
Specifying which mac {01-1b-19-00-00-00 | Layer-2 IEEE 1588 packets have destination
destination MAC address to 01-80-c2-00-00-0e} MAC address 01-1B-19-00-00-00 or
use 01-80-C2-00-00-0E
Setting port priority priority <value> Priority is used when selecting the best
source from the PTP ports that are
provisioned as slaves.
Provisioning PTP port state state {master | slave | auto | master distributes time
auto-no-slave} slave provides time source
auto reserved for future use
auto-no-slave reserved for future use
See Configuring PTP Ports for more details
on the PTP port state.
Viewing network metrics show network-metrics See Viewing Clock Recovery Metrics.
Specifying the requested announce [rate { 16sec | 8sec | The allowed range for grant-period is:
rate for announce 4sec | 2sec | 1sec | 500msec | 601000 (default 300)
messages 250msec | 125msec }
[minimum-expected { 16sec |
8sec | 4sec | 2sec | 1sec |
500msec | 250msec |
125msec }]
[grant-period <grant-period>
Configuring port associated clock-identity clock-id <id> If this is not configured, by default a
with clock port [<slot>/]<number> standard clock ID is generated.
Specifying if recovered delay-respond [rate {16pps | The recovered clock works in one-way mode
clock works in one-way or 32pps | 64pps | 128pps }] if no delay-respond is entered. It works in
two-way mode, and [minimum-expected { 16pps | two-way mode if delay-respond is entered
desired rate if applicable 32pps | 64pps | 128pps }] with parameters.
[grant-period <grant-period>] The allowed range for grant-period is:
601000 (default 300).
Setting quality level quality-level { prc | ssu-a | The quality level values are according to the
ssu-b | type1-sec | type1-dnu | network type.
type1-ssm-based }
quality-level { prs | stu | st2 |
tnc | st3e | st3 | smc | st4 | dus
| type2-ssm-based | prov }
Specifying the requested sync [rate { 16pps | 32pps | The allowed range for grant-period is:
rate for synchronization 64pps | 128pps }] 601000 (default 300).
messages [minimum-expected { 16pps |
32pps | 64pps | 128pps }]
[grant-period <grant-period>]
Displaying statistics show statistics running Displaying the 1588v2 statistic counters
Note When configuring a boundary clock, the slave clock must be configured before the
master clock.
Defining the 1588v2 distributed-mode {frequency | In frequency mode, the master transmits sync and
message exchange mode time-frequency} announce messages to slaves.
In time-frequency mode, the master transmits
sync, announce, and delay response messages to
slaves.
Defining the master IP ip-address <address> The IP address must be the same as the IP address
address of the dedicated router interface.
Defining remote slave slave <ip> See the commands in the slave level below.
Defining the sync-rate { 16pps | 32pps | 64pps | All slaves within the domain must use the same
synchronization message 128pps } message rate.
rate
Enabling the master clock no shutdown shutdown disables the master clock.
Viewing current metrics show network-metrics current The metrics for the current
interval are displayed as
shown in Viewing Current
Metrics; see Table 9-1.
Viewing the metrics for a selected show network-metrics interval Allowed values for
interval <interval-number> interval-num: 124
Viewing all metrics show network-metrics all The metrics are displayed as
shown in Viewing Current
Metrics and Viewing Metrics
for Selected Interval; see
Table 9-1.
Viewing metrics for all intervals show network-metrics all-intervals The metrics for all intervals
are displayed as shown in
Viewing Metrics for Selected
Interval; see Table 9-1.
Parameter Description
Parameter Description
Elapsed Time This time counter, in seconds, shows the statistics total information
gathering time and indicates the statistics reliability (tightness).
Sampling Time Time of sample
Sampling Date Date of sample
Examples
G.8265.1
config flows
classifier-profile "Router_All" match-any
match all
exit
classifier-profile "Router_Untagged" match-any
match untagged
exit
flow "Router_In"
classifier "Router_Untagged"
policer profile policer1
ingress-port ethernet 0/1
egress-port svi 1 queue 1
no shutdown
exit
flow "Router_Out"
classifier "Router_All"
policer profile policer1
ingress-port svi 1
egress-port ethernet 0/1 queue 0 block 0/1
no shutdown
exit all
config router 1
interface 1
address 172.18.141.15/24
bind svi 1
no management-access
no shutdown
exit
static-route 172.17.171.0/24 address 172.18.141.1 metric 1
exit
peer 1 ip 172.17.171.158
exit all
configure
system
clock
domain 1
source 1 recovered 0/1
priority 1
quality-level ssm-based
wait-to-restore 0
clear-wait-to-restore
exit
exit
no shutdown
exit
Master Num : 1
IP : 222.17.171.158
PTSF : NACT
Clock Identity : 00B0AEFFFE011BC10001
Received QL : Type-1 SEC
Granted Sync Rate (pps) : 64
Granted Sync Period (sec) : 60
Granted Announce Rate (pps) : 2
Granted Announce Period (sec) : 60
Granted Delay Respond Rate (pps) : 64
Granted Delay Respond Period (sec) : 60
Master Num : 2
IP : 222.18.159.59
PTSF : NACT
Clock Identity : 00B0AEFFFE011BC10001
Received QL : Type-1 SEC
Granted Sync Rate (pps) : 64
Granted Sync Period (sec) : 60
Granted Announce Rate (pps) : 2
Granted Announce Period (sec) : 60
Granted Delay Respond Rate (pps) : 64
Granted Delay Respond Period (sec) : 60
G.8275.1
#****************Configure SVIs
exit all
configure port svi 1
no shutdown
exit
svi 4
no shutdown
exit
ethernet 0/1
l2cp profile SSM
tx-ssm
exit
ethernet 0/4
l2cp profile SSM
tx-ssm
exit
exit
#****************Configure flows
flow eth1_svi1
classifier untagged
ingress-port ethernet 0/1
egress-port svi 1
no shutdown
exit
flow svi1_eth1
classifier all
ingress-port svi 1
egress-port ethernet 0/1 queue 1 block 0/1
no shutdown
exit
flow eth4_svi4
classifier untagged
ingress-port ethernet 0/4
egress-port svi 4
no shutdown
exit
flow svi4_eth4
classifier all
ingress-port svi 4
egress-port ethernet 0/4 queue 4 block 0/1
no shutdown
exit
exit
#****************Configure PTP ports
system clock ptp-port 0/1 g.8275-1
port 1
bind svi 1
no shutdown
exit
port 4
bind svi 4
no shutdown
exit
exit
G.8265.1
no shutdown
exit
G.8275.1
#****************Configure SVIs
exit all
configure port svi 2
no shutdown
exit
svi 4
no shutdown
exit
svi 6
no shutdown
exit
#****************Configure flows
flow eth1_svi2
classifier untagged
ingress-port ethernet 0/1
egress-port svi 2
no shutdown
exit
flow svi2_eth1
classifier all
ingress-port svi 2
egress-port ethernet 0/1 queue 1 block 0/1
no shutdown
exit
flow eth3_svi4
classifier untagged
ingress-port ethernet 0/3
egress-port svi 4
no shutdown
exit
flow svi4_eth3
classifier all
ingress-port svi 4
egress-port ethernet 0/3 queue 3 block 0/1
no shutdown
exit
flow eth5_svi6
classifier untagged
ingress-port ethernet 0/5
egress-port svi 6
no shutdown
exit
flow svi6_eth5
classifier all
ingress-port svi 6
egress-port ethernet 0/5 queue 5 block 0/1
no shutdown
exit
exit
save
Dual Mode
To configure a boundary clock with G.8265.1 slave, and dual mode master:
G8265.1 slave:
PTP domain 4
SVI port 1
VLAN 2385
Flows between Ethernet port 0/1 and bridge port 1
Flows between SVI port 1 and bridge port 2
Remote master IP address 172.19.171.100
G8265.1 master:
PTP domain 4
IP address 172.19.171.101
Flows between Ethernet ports 0/2, 0/4, 0/6 and bridge ports 3, 5, 7
Router interface 1 (used for both G8265.1 slave and G8265.1 master):
IP address 172.19.171.101
SVI port 1
G8275.1 master:
PTP domain 5
Flows between Ethernet ports 0/30/5 and SVI ports 35
PTP ports 35 bound to SVI ports 35
no shutdown
exit all
save
#****************Configure flows
flow eth1_svi1
classifier untagged
ingress-port ethernet 0/1
egress-port svi 1
no shutdown
exit
flow svi1_eth1
classifier all
ingress-port svi 1
egress-port ethernet 0/1 queue 1 block 0/1
no shutdown
exit
flow eth2_svi2
classifier untagged
ingress-port ethernet 0/2
egress-port svi 2
no shutdown
exit
flow svi2_eth2
classifier all
ingress-port svi 2
egress-port ethernet 0/2 queue 1 block 0/1
no shutdown
exit
flow eth3_svi3
classifier untagged
ingress-port ethernet 0/3
egress-port svi 3
no shutdown
exit
flow svi3_eth3
classifier all
ingress-port svi 3
save
Current
-----------------------------------------------------------------------------
Master ID : 1
Master To Slave
-----------------------------------------------------------------------------
Id Tau Tdev minTdev Elasped Time
(Sec) (ns) (ns)
-----------------------------------------------------------------------------
1 1 100 501 00:33:29
2 2 55 452 00:33:28
3 4 41 400 00:33:28
4 8 39 400 00:33:29
5 12 71 400 00:33:25
6 16 121 438 00:33:21
7 24 171 411 00:33:14
8 32 231 520 00:33:06
9 48 180 484 00:32:51
10 64 162 593 00:33:07
11 96 63 674 00:32:06
12 128 115 402 00:32:07
13 196 146 547 00:32:41
14 256 138 673 00:29:57
15 384 132 879 00:32:07
16 512 96 400 00:25:46
17 768 172 400 01:04:00
18 1024 116 400 00:51:14
19 2048 1 1 00:34:14
20 4096 1 1 00:00:18
21 8192 1 1 00:00:19
22 32768 1 1 00:00:19
Slave To Master
-----------------------------------------------------------------------------
Id Tau Tdev minTdev Elasped Time
(Sec) (ns) (ns)
-----------------------------------------------------------------------------
1 1 128 449 00:33:30
2 2 63 400 00:33:30
3 4 45 400 00:33:28
4 8 54 406 00:33:29
5 12 75 400 00:33:25
6 16 122 420 00:33:21
7 24 187 406 00:33:14
8 32 233 428 00:33:06
9 48 189 477 00:32:51
10 64 158 400 00:33:07
11 96 64 400 00:32:06
12 128 122 400 00:32:07
13 196 135 400 00:32:41
14 256 130 569 00:29:57
15 384 129 400 00:32:07
16 512 107 400 00:25:46
17 768 103 400 00:51:13
18 1024 25 400 00:51:13
19 2048 1 1 00:34:09
20 4096 1 1 00:00:18
21 8192 1 1 00:00:19
22 32768 1 1 00:00:19
Master To Slave
-----------------------------------------------------------------------------
Id Tau Tdev minTdev Elapsed Time
(Sec) (ns) (ns)
-----------------------------------------------------------------------------
1 1 41448968 58527396 00:05:49
2 2 18079422 28993502 00:05:48
3 4 5276496 15718937 00:05:48
4 8 1201367 12813626 00:05:45
5 12 691645 12206705 00:05:49
6 16 506413 8053903 00:05:38
7 24 622610 3623477 00:05:39
8 32 347378 4017002 00:05:22
9 48 78378 9761690 00:05:39
10 64 139133 6660025 00:05:23
11 96 606 139842 00:04:53
12 128 1 1 00:04:19
13 196 1 1 00:03:19
14 256 1 1 00:04:21
15 384 1 1 00:00:11
16 512 1 1 00:00:13
17 768 1 1 00:00:14
18 1024 1 1 00:00:15
19 2048 1 1 00:00:15
20 4096 1 1 00:00:18
21 8192 1 1 00:00:19
22 32768 1 1 00:00:19
Slave To Master
-----------------------------------------------------------------------------
Id Tau Tdev minTdev Elapsed Time
(Sec) (ns) (ns)
-----------------------------------------------------------------------------
1 1 617756 400 00:30:44
2 2 770042 400 00:30:44
3 4 344708 400 00:30:44
4 8 246177 2935 00:30:41
5 12 226724 65673 00:30:37
6 16 159360 316373 00:30:41
7 24 218542 1682603 00:30:27
8 32 231636 3483920 00:30:27
9 48 203230 6556856 00:30:29
10 64 166905 9179698 00:29:55
11 96 103179 14061712 00:30:29
12 128 88556 19896568 00:29:55
13 196 79678 34140880 00:29:25
14 256 50201 47704072 00:29:57
15 384 60187 119676112 00:25:45
16 512 60686 237447312 00:25:46
17 768 1 1 00:25:47
18 1024 1 1 00:17:10
19 2048 1 1 00:00:15
20 4096 1 1 00:00:18
21 8192 1 1 00:00:19
22 32768 1 1 00:00:19
Applicable Products
This feature is applicable to ETX2i and ETX-2i-10G with timing options. It is not
applicable to ETX-2i-B.
Standards
ITU-T G.8261/G.8262-G.8264
Benefits
The clock selection provides synchronization over packet transport networks.
Functional Description
You can configure a slave (recovered) clock that complies with the IEEE-1588
Precision Time Protocol (PTP). You need to configure the clock domain before
configuring the recovered clock.
ETX2i supports one clock domain with up to two clock sources. The sources can
be network/user Ethernet ports, or the station clock. For ETX2i with EoPDH AIO
module, an Rx clock of a single E1 (bound to VCG 5) can also be provided as a
source clock to ETX2i CSM.
The timing subsystem automatically selects the best timing source to use for
synchronization.
Note
For ETX2i with EoPDH AIO module, the ETX2i CSM system clock can be provided
to module E1s (provided the E1s are bound to VCG 5). For further information,
refer to the VCGs section in Chapter 6.
Clock Domain
The domain parameters include the synchronization network type and the timing
quality level.
The synchronization network type identifies the type of synchronization network
connections and the synchronization level. Each synchronization network
connection is provided by one or more synchronization link connections, each
supported by a synchronized PDH trail, SDH multiplex section trail, or 802.3
physical media trail.
The synchronization network types are:
i. Option I (Europe)
ii. Option II (USA)
You can define the timing quality level of the domain and source, or work without
quality level. The supported quality levels are according to the synchronization
network type, as shown in the following tables. The quality levels are shown in
order of highest quality level to lowest quality level.
DNU Do Not Use This signal should not be used for synchronization. Lowest
DUS Don't Use for Sync This signal should not be used for synchronization. Lowest
Factory Defaults
By default, if a timing card is installed in the unit a clock domain entry is created
with the following configuration:
Synchronization network type 1
Minimum quality DNU
Mode auto (clock selection mechanism functions normally)
Setting clock mode mode { auto | free-run | force-t0-holdover } auto Clock selection
mechanism functions normally,
e.g. the best available clock
source is selected for
synchronization.
free-run Internal oscillator is
used for synchronization.
force-t0-holdover Clock is no
longer synchronized to
reference clock source.
Setting minimum quality of quality min-level-station { prc | ssu-a | ssu-b | sec | dnu } Typing no quality removes the
clock quality min-level-station { prs | stu | st2 | tnc | st3e | st3 | minimum quality parameter. If
smc | st4 | dus | prov } no minimum quality is defined
for the domain you cannot
quality min-level-station { unk | sec | dnu }
configure quality level for the
sources. A clock source with
quality level lower than the
defined minimum quality is
ignored by the clock selection
mechanism.
Note: The quality values are
according to the
synchronization network type
defined for the domain (see
Table 9-2 and Table 9-3).
Adding clock source source <src-id> recovered [<slot>/]<port> See Clock Sources.
source <src-id> rx-port {ethernet [<slot>/]<port>|e1 Notes:
<slot>/<port>} Only an E1 port bound to
source <src-id> station [<slot>/]<port> VCG 5 can be used as an Rx
port in CSM.
Only one E1 from the
EoPDH AIO module can be
used as a source. However,
if the selected E1 is
inactive, the system
automatically finds the next
active E1 in VCG 5, and uses
it as a source (redundancy).
Clock Sources
You can define up to two clock sources for the domain. The sources can be:
Ethernet ports
Recovered clock
Station clock
Factory Defaults
When a clock source is created, its default configuration is the following (see the
task list below for explanations of the parameters):
Priority = 2
Wait-to-restore = five minutes (300 seconds)
Hold-off = 300 milliseconds
Setting quality level quality-level { prc | ssu-a | ssu-b | sec | dnu | ssm-based } Notes:
quality-level { prs | stu | st2 | tnc | st3e | st3 | smc | st4 | If no minimum quality is
dus | ssm-based | prov } defined for the domain, this
command is not available.
The quality level values are
according to the
synchronization network
type defined for the domain
(see Table 9-2 and
Table 9-3)
The quality level ssm-based
indicates the quality level is
based on SSM messages.
This option requires that if
an Ethernet port is being
used as the clock source,
the port is associated with
an L2CP profile that
specifies peer action for
MAC 0x02.
Setting interface type interface-type e1 [{balanced | unbalanced}] If you specify e1 or 2mhz and
Note: You can configure interface-type 2mhz [{balanced | unbalanced}] do not specify balanced or
the interface type only if unbalanced, by default the
the station clock is interface is set as balanced.
administratively disabled
(shutdown).
Examples
To configure clock selection
Domain 1:
Synchronization network type 2
Quality level: Timing source is Stratum 3E clock
Source 1: Ethernet port 0/3 (which is configured with L2CP profile with
peer for MAC 0x02, and transmitting of clock SSM messages)
exit all
configure port l2cp-profile ssm
mac 0x02 peer
exit
ethernet 0/3
l2cp profile ssm
tx-ssm
exit all
ETX2i>config>system>clock>domain(1)>source(1)$ exit
ETX2i>config>system>clock>domain(1)# info detail
sync-network-type 2
quality min-level-station st3e
max-frequency-deviation 1200
mode auto
force-t4-as-t0
echo "Clock Source Configuration"
# Clock Source Configuration
source 1 rx-port ethernet 0/3
priority 2
quality-level ssm-based
wait-to-restore 300
hold-off 300
exit
Applicable Products
This feature is applicable to all ETX2i products, and to the integrated x86
processor, with the following restrictions:
Manual configuration of the date and time is relevant for ETX2i products, as
well as the integrated x86 processor.
SNTP configuration is relevant for ETX2i products.
NTP configuration is relevant for integrated x86 processors (in ETX2i with
DNFV).
Benefits
SNTP and NTP synchronize the internal clocks of network devices to a single time
reference source. SNTP and NTP provide comprehensive mechanisms to access
national time dissemination services, organize the NTP subnet of servers and
clients, and adjust the system clock in each participant. It improves the
timekeeping quality of the network by using redundant reference sources and
diverse paths for time distribution.
Functional Description
Network Time Protocol (NTP) is a networking protocol for clock synchronization
between computer systems over packet-switched, variable-latency data networks.
It is a large and very complex application for the synchronization of computers and
computer networks, incorporating complex statistical algorithms that filter out
small discrepancies in time and makes time adjustments. It synchronizes all
Note
SNTP is not supported on OOB ports.
Factory Defaults
The default configuration of the SNTP/NTP parameters is:
No SNTP/NTP servers are defined.
Polling interval is set to 15 minutes (relevant for SNTP only).
When an SNTP/NTP server is defined, its default configuration is:
IP address is set to 0.0.0.0
Not preferred
Administratively disabled (shutdown)
Defining the date date <date> Date is according to the configured date
format.
Displaying daylight saving time show summer-time See Viewing Scheduling Information.
scheduling information
Defining the time zone relative zone utc [<[{+|-}]hh[:mm]>] Possible values:
to Universal Time Coordinated -12:00 to +12:00, in 30-minute increments
(UTC)
Setting polling interval for SNTP poll-interval interval <minutes> If interval parameter is
requests poll-interval fast-mode specified, the allowed
range of minutes is:
11440
If fast-mode parameter is
specified, the interval is set
to 4 seconds (for accuracy
of TWAMP one-way
metrics).
Setting UDP port for NTP udp port <udp-port> Possible values: 165535
requests, to a specific UDP port udp default
or to default UDP port (123)
Examples
Administratively enabled
exit all
configure system date-and-time sntp
server 1
address 192.1.1.1
prefer
no shutdown
NTP Server Type UDP Port Tstap Date Time Strat Received
exit all
configure system
date-and-time
zone utc +03:00
ntp
server 1
address 172.17.171.141
prefer
no shutdown
exit
Applicable Products
This feature is applicable to all ETX2i products.
Factory Defaults
By default, no scheduling is configured.
The default value for daylight saving time offset is 60 minutes.
Functional Description
You can specify when the device local system time should reflect the start of
daylight saving time by adding an offset, and when it should reflect the end of
daylight saving time by subtracting the offset.
Daylight saving time can be scheduled in one of the following ways:
One shot Daylight saving time starts and ends once, at a specified
date and time (e.g. November 6 2016).
Note ETX2i logs the start and end of daylight saving time with the events
summer_time_started and summer_time_ended, respectively. Each event is also
sent as an SNMP notification to management stations.
Examples
To schedule daylight saving time starting March 27 2016 at 1:00 and ending
October 27 2016 at 2:00:
exit all
configure system date-and-time
summer-time date march 27 2016 01:00 october 27 02:00
save
To schedule daylight saving time starting on the first Friday in March at 2:00 and
ending on the last Sunday in October at 3:00:
exit all
configure system date-and-time
summer-time recurring 1 friday march 02:00 last sunday october
03:00
save
Configuration Errors
The following table lists the messages generated by the device when a
configuration error is detected.
Schedule with this name You tried to create a new schedule with Specify a name that is not being used
already configured a name that is used by an existing by an existing schedule.
schedule.
Summer-time already You entered the summer-time command Delete the existing summer-time
configured to configure daylight saving time, but configuration; and then re-enter the
the scheduling of summer-time has summer-time command.
already been configured.
Recurring summer-time You tried to configure summer-time start Enter the summer-time command
start and end must be and end in the same month. with summer-time start and end in
on different months different months.
Summer-time cannot You entered the summer-time command Enter the summer-time command
end before it starts (with one-shot schedule type) with with summer-time start time earlier
summer-time end time earlier than than the end time.
summer-time start.
Applicable Products
This feature is applicable to all ETX2i products.
Applicable Products
This feature is applicable to all ETX2i products.
Standards
The commands below are based on RFC 3841.
Configuring Parameters
To configure device information:
1. Navigate to configure system.
The config>system# prompt is displayed.
2. Enter the necessary commands according to the tasks listed below.
Specifying contact person contact <contact-person> Typing no contact removes contact person.
Assigning device name name <device-name> The device name can be 0-255 characters; however, the device
prompt displays only up to 20 characters, therefore if you enter a
name with more than 20 characters, the prompt displays the first
19 characters followed by *.
For example, a command that defines a device with a name
longer than 20 characters:
ETX2i# config sys name 12345678901234567ETX2i
results in the prompt:
12345678901234567ET*#
You can view the complete device name by typing
show device-information.
Typing no name removes the name entirely.
Displaying device show device-information The command output indicates after sw version number (sw:) if
information, MAC address, the device is using Static Router license (SR). No indication
and amount of time device means Dynamic Router license is being used (the default).
has been running
Example
To configure device information for ETX2i:
Device name ETX2i
Location floor-8
Contact Engineer-1
exit all
configure system
name ETX-2i
location floor-8
contact Engineer-1
exit all
10.4 Environment
You can define the temperature threshold of a chassis and display information
about chassis components.
Functional Description
Device Temperature
You can define minimum and maximum temperature thresholds, as well as
temperature unit (Celsius or Fahrenheit), in order to receive trap notification that
the device temperature has left the allowed range or returned to the allowed
range.
You can optionally use a hysteresis mechanism to avoid sending an excessive
amount of traps when a threshold is repeatedly crossed. The hysteresis defines
the margin around the temperature thresholds for sending trap notification of
temperature threshold crossed:
Sends trap notification of temperature too high when the temperature rises
above <maximum temperature + hysteresis value>.
After sending a trap notification of temperature too high, it sends a trap
notification of temperature OK when the temperature falls below <maximum
temperature - hysteresis value>.
Sends trap notification of temperature too low when the temperature falls
below <minimum temperature - hysteresis value>.
After sending a trap notification of temperature too low, it sends the trap
notification of temperature OK when the temperature rises above <minimum
temperature + hysteresis value>.
Device Fan
The device fan is activated when the temperature of the device exceeds a certain
limit (defined by RAD HW engineers; non-configurable). When the device
temperature once again drops below that limit, the fan stops.
A Fan Failure alarm is issued if the device fan stops working or its speed drops
below 100RPM.
Examples
To define temperature thresholds:
Minimum temperature = -20 degrees Celsius
Maximum temperature = 50 degrees Celsius
Hysteresis = 4
exit all
ETX-2i>configure chassis
ETX-2i>config chassis#
temperature-threshold celsius min -20 max 50 hysteresis 4
exit all
save
FAN Status
---------------------------------------------------------------
1 OK
Applicable Products
This feature is applicable to all ETX2i products.
SFTP Application
The SFTP protocol is used to provide secure file transfers via the product's
Ethernet interface. SFTP is a version of FTP that encrypts commands and data
transfers, keeping your data secure and your session private. For SFTP file
transfers, an SFTP server application must be installed on the local or remote
computer.
A variety of third-party applications offer SFTP server software. For more
information, refer to the documentation of these applications.
Note SFTP file transfers are carried out through TCP port 22. You should check that the
firewalls you are using on the server and Windows allow communication through
this port. If not, configure the firewall settings to open TCP port 22.
TFTP Application
The TFTP protocol is typically used for remote IP-to-IP file transfers via the
product's Ethernet interface. It can be used, however, for local file transfer as
well, as the transfer rate of the Ethernet interface is much faster than that of the
RS-232 interface.
For TFTP file transfers, a TFTP server application must be installed on the local or
remote computer. As it runs in the background, the TFTP server waits for any
TFTP file transfer request originating from the product, and carries out the
received request automatically.
A variety of third-party TFTP applications are available that allow the instant
creation of a TFTP server on a client computer. For more information, refer to the
documentation of these applications.
Note TFTP file transfers are carried out through UDP port 69. You should check that
the firewalls you are using on the server and Windows allow communication
through this port. If not, configure the firewall settings to open UDP port 69.
Copying Files
You can use the copy command to copy files within the ETX2i unit, or
download/upload files to the ETX2i unit via SFTP/TFTP.
To copy files:
At any prompt, enter:
copy <source-file-url> <destination-file-url>
Where:
<file-url> = <url-prefix> <file>
<url-prefix> can be empty, or one of the following:
tftp://<ipv4-address>/
tftp://[<ipv6-address>]/
sftp://<username>:<password>
@<ipv4-address>[:<port>]/
sftp://<username>:<password>@[<ipv6-address>][:<port>]/
xmodem:
Note It is not necessary to specify <port> when using the well-known SFTP port.
<file> can be empty, or one of the following files, or the file name on a
remote computer if applicable. If <file> is on a remote computer it can
contain a path and file name, or just a file name.
startup-config
restore-point-config
rollback-config
running-config
user-default-config
factory-default-config
log
sw-pack-1
sw-pack-2
sw-pack-3
sw-pack-4
zero-touch-config-xml
banner-text
pm-0
db-schema
mac-table
db-config
1tm_1
1tm_2
1tm_9
schedule-log
sniffer-file
user-script
script-result
cn-backup-file
The maximum length/range is:
<username> 160 characters
<password> 160 characters
<file> 196 characters
<port> 165535
Examples
Example
ETX-2i# file
ETX-2i>file# dir
Codes CConfiguration S-Software LO-Log OOther B-Banner
Name Type Size(Bytes) Creation Date Status
Example
ETX-2i# file
ETX-2i>file# show configuration-files
Configuration Last Modified Valid
-----------------------------------------------------------------------------
startup-config 2012-08-02 18:19:07 Yes
factory-default-config 2012-08-13 17:18:07 Yes
running-config 2012-04-10 00:00:06 Yes
running-config has been modified since last time it was equal to startup-config
Example
ETX-2i# file
ETX-2i>file# show sw-pack
Name Version Creation Time Actual
---------------------------------------------------------------
sw-pack-1 6.4 2014-11-14 14:28:44 ready
sw-pack-2 6.4 2014-11-14 14:28:44 active
Deleting Files
You can delete the following files:
restore-point-config
script-result
sw-pack-<n>
rollback-config
startup-config
user-default-config
user-script
zero-touch-config-xml
To delete a file:
1. At the file# prompt, enter:
delete <file-name>
You are prompted to confirm the deletion.
2. Confirm the deletion.
Example
ETX-2i# file
ETX-2i>file# delete startup-config
! The file will be erased. Are you sure? [yes/no] _yes
10.6 Inventory
The ETX2i inventory table displays the units components, hardware and
software revisions, and power supply types. You can display an inventory table
that shows all installed components, and you can display more detailed
information for each component. You can configure an alias name, asset ID, and
serial number for inventory components.
Applicable Products
This feature is applicable to all ETX2i products; however, the inventory display
differs for each product according to the different chassis components and port
configurations.
Standards
The inventory feature is implemented according to RFC 4133 Entity MIB
(RFC 2737 was made obsolete by RFC 4133 version 3).
Benefits
You can monitor the installed components and hardware/software revisions.
You can display more information for each installed inventory component. To do
so, you need to enter the inventory level with the corresponding inventory
component index, which is displayed in the Index column in the output of
show summary-inventory.
Parameter Description
Description Description of component type, in the form:
RAD.<device-name>.< Physical Class>, e.g. RAD.ETX2i.Port
Contained In Index of the component that contains the component for which
information is being displayed. This is 0 for the chassis, as it is not
contained in any component, and 1001 for all other components, as they
are all contained in the chassis.
Physical Class Class of component
Possible values: Chassis, CPU, Power Supply, Fan, Sensor, Port, Container,
Module
Relative Position Contains the relative position of this component among other components
in the same index range (e.g. index 40014002, etc.)
FRU Indicates whether this component is a field replaceable unit that can be
replaced on site.
For ETX2i this is normally true only for the chassis, and for the dual power
supplies.
Parameter Description
Processor Processor name
Possible processors:
Intel Atom Rangeley C2558
Intel Atom Rangeley C2758
Cores Core size
Possible values:
4 Quad
8 Octal
Examples
To display inventory summary for ETX2i:
ETX-2i# configure system
ETX-2i# config>system# show summary-inventory
Index Physical Class Name HW Ver SW Ver FW Ver
-----------------------------------------------------------------------------
1001 Chassis ETX-2i 0.1/ 6.4 5.0.0.0.0.36
4001 Fan Fan 1
4002 Sensor Temperature Sensor 1
4003 Power Supply PS 1
7001 Port Time of Day Port
7002 Port Mini BNC
7003 Port External Clock Port
7004 Port RS-232 Control Port
7005 Port MNG Port
7006 Port ETH Port 0/1
7007 Port ETH Port 0/2
7008 Port ETH Port 0/3
7009 Port ETH Port 0/4
7010 Port ETH Port 0/5
7011 Port ETH Port 0/6
7012 Port ETH Port 0/7
7013 Port ETH Port 0/8
10.7 Licensing
Some features require a license to be enabled before the feature can be
configured.
The following licenses are available:
TWAMP
Traffic Management Fault Propagation (TMFP)
SFP+ 10GbE Rate (ETX-2i-10G) licenses:
sfp-plus-factory-10g-rate activated by RAD operations only (not by
users), in order to set SFP+ ports as 10GbE, according to the ordering
option
sfp-plus-10g-rate (two or four-port) license that users can purchase
from RAD to upgrade two or four SFP+ 1GbE ports to 10GbE.
Applicable Products
This feature is applicable to all ETX2i products.
SFP+ 10GbE rate licenses are relevant for ETX-2i-10G only.
Benefits
The license mechanism enables fewer software version variants to be produced.
Also, it can be used to track licensed feature usage.
Factory Defaults
By default, feature licenses are disabled.
Functional Description
A feature that requires a license can be configured only if the feature license is
enabled.
For backward compatibility, in the event that a feature was defined as requiring a
license after having already been released without a license in a previous
software release, the feature configuration is allowed if it was done in a release
that did not require a license. In this case, a command enabling the license is
automatically added to the running-config file.
If ETX2i loads a configuration file that configures a feature requiring a license
when the license is not enabled, the device rejects that features configuration if
the configuration file was created by a software version that requires a license.
If no SFP+ ports are set to 10GbE rate according to the ordering option, any
two SFP+ ports can be configured to the 10GbE rate using the two-port
license.
It is not possible to downgrade to 1GbE, a port that is set to 10GbE according to
the ordering option.
If at any stage, a device returns to its factory default settings, the
sfp-plus-factory-10g-rate license remains (as it is saved in the Statuses file).
However, the user-configurable sfp-plus-10g-rate license is deleted.
Configuring Licenses
The ETX2i TWAMP, enhanced Fault Propagation Event Manager features, as well
as the SFP+ Ethernet port rate upgrade to 10GbE, require a license.
Traffic Management Fault Propagation (TMFP) license and TWAMP license in a VNF
(not in a device) are protected by a hardcoded password only known to you.
Configuration of the enhanced FP Event Manager or TWAMP (in VNF) features
requires you to enable the respective password-protected licenses.
The SFP+ Factory 10G Rate license is set in the factory. You cannot enable or
disable it, but can view its status and whether it is in use.
To enable licenses:
1. Navigate to admin license.
The admin>license# prompt is displayed.
2. Enter the necessary commands according to the tasks listed below.
Enabling TWAMP license in license-enable twamp password hardcoded password assigned to the device
VNF <password> [hashed] hashed If this option is specified, the device assumes the
Enabling Traffic license-enable tmfp <password> entered password is hashed. If not specified, the device assumes
Management Fault [hashed] the password is plain text (non-ecrypted), and if correct, hashes
Propagation (TMFP) license the password, and saves the hashed result in the license hard
password feature.
Enabling SFP Plus 10g rate license-enable sfp-plus-10g-rate amount number of SFP+ ports that can be upgraded to 10GbE
license <amount> Possible values: 2, 4
Example
This example displays the license summary.
ETX-2i-10G>admin>license# show summary
Feature Status Amount In Use
-----------------------------------------------
SFP+ 10G Rate Enabled 2 1
SFP+ Factory 10G Rate Enabled 2 2
TWAMP Disabled -- --
TMFP Enabled -- Yes
Parameter Description
Feature Feature name
Possible values:
SFP+ 10G Rate
SFP+ Factory 10G Rate
TMFP (Traffic Management Fault Propagation)
TWAMP
Status License status
Possible values: Enabled, Disabled
Amount License amount
Possible values:
-- : not applicable (for TMFP and TWAMP)
<1-4>: number of 10GbE licensed SFP+ ports
Parameter Description
In Use Indicates whether or not the license is in use.
Possible values:
-- : not applicable (for disabled license)
Yes/No: indicates whether or not enabled TMFP or TWAMP license is in use
<1-4>: number of 10GbE licensed SFP+ ports in use. The feature is
considered in use if the port is configured as 10GbE and enabled in
running-config.
Configuration Errors
The following table lists messages generated by ETX2i when a configuration
error is detected.
Message Description
License needed by running configuration You attempted to disable the license for a feature that is
configured in the device running configuration.
Wrong password You failed to set the correct password for the device.
Applicable Products
This feature is applicable to all ETX2i products.
Note If you are accessing ETX2i via SSH, the banner is printed between the user name
prompt and the password prompt.
You can display the banners configured for ETX2i by navigating to the device
level and entering info. For example:
ETX-2i# info
version "3.01A14" sw "5.9.1(0.08)"
configure
echo "System Configuration"
# System Configuration
system
login-message 'Authorized Users Only'
announcement 'Successful Login!'
exit
The configured banners are displayed before and after login, as shown below.
Authorized Users Only
user>su
password>****
Successful Login!
ETX-2i#
Notes The banner must contain only printable ASCII characters (0x200x7E), <Enter>
(0x0D), <Line Feed> (0x0A), and <Tab> (0x09)
The banner can contain up to 2,000 characters.
10.9 Reset
Note
This section describes how to reset using CLI commands. You can also reset the
device to its factory defaults or user configured defaults by pressing the push
button on the front panel. For details, refer to the description on resetting the
device in the Operation chapter.
Note You can request that the active software pack be confirmed after the next reboot
of ETX2i. Refer to the description of installing software in the Software Upgrade
chapter for details.
Applicable Products
This feature is applicable to all ETX2i products, with the exception that reset of
the x86 card is applicable only to ETX2i with D-NFV option.
To reset ETX2i to factory defaults and revert the device to its prior-to-shipment
state:
1. At the admin# prompt enter:
factory-default-all
A confirmation message is displayed:
The device will delete its entire database and reboot.
Are you sure? [yes/no]
2. Enter yes to confirm the reset to factory defaults with configuration and
counter reset.
The configuration and counter reset explained above is performed, the
unit resets, and after it completes its startup the factory defaults are
loaded. If a startup-config confirm request was active, it is canceled.
Note Rebooting the ETX2i device does not reset the x86 card.
To restart ETX2i:
1. At the admin# prompt enter:
reboot
A confirmation message is displayed:
Device will reboot. Are you sure? [yes/no]
2. Enter yes to confirm the reset.
The unit restarts.
Note You can reset the x86 card from the x86 screen only (chassis ve-module).
Applicable Products
This feature is applicable to all ETX2i products.
Benefits
You can view or save in a file general device status and statistics.
Factory Defaults
By default, the show tech-support command is predefined with the following
commands in order:
show configure system system-date
show configure system device-information
show configure system memory-details
show configure system buffers
show configure system summary-inventory
show file sw-pack
show file copy
show configure port summary
show configure service
show configure flows summary details
show configure oam cfm summary
show configure pwe summary
show configure system clock domain1 status
show configure protection erp-summary
show configure router 1 arp-table
show configure router 1 routing-table
show configure management users-details
show configure reporting active-alarms
Functional Description
When the tech-support command is invoked, its output is displayed on your
terminal or stored in a script file called script-result (, which can afterwards be
displayed or downloaded).
For each command, the following is displayed:
A timestamp formatted <date> <time> UTC {+|-}<hours>:<minutes>; for
example: 2015-05-35 11:10:09 UTC +02:00
The executed command
The command output, including errors and other messages, provided that the
command was invoked with the terminal argument (If the file argument is
invoked, the command output is stored in a file instead of being displayed on
the CLI terminal.)
Unlike other commands, the output is sent to the screen continuously, without
pausing after each page.
The CLI prompt does not return until all commands included in the script are
executed, or you stop the execution.
The terminal inactivity timer does not decrease while the script is being executed,
so the terminal remains open even if it takes a long time.
The script-result file is automatically cleared each time the show tech-support
command is invoked.
Applicable Products
This feature is applicable to all ETX-2i products.
Benefits
This test requires a single CLI command to perform a simple connectivity check
across Layer-2 service paths, without the need for configuration of a full TWAMP
controller and responder.
Functional Description
Layer-2 Ether-Access devices have the ability to initiate a connectivity test, and
also respond to in-service ping requests sent over Layer-2 services to a
configured IP address.
The in-service ICMP Echo ping test pings the Layer-2 EVC of the device from the
flow level. The in-service ping includes a mechanism to enable performing a
connectivity test across the flow inside the device, by configuring ICMP packets
entry-point to the flow, either at the flow ingress or egress. The in-service ping
runs independently of working routers.
The in-service test requires that the devices be activated in two modes:
ETX-2
Ping VRF
TWAMP
Router
Inte rfa ce
Ping
ETX-2
Ping VRF
Router
Inte rfa ce
Bridge
Port
Ping
ETH ETH
Port Bridge Port
1. Configure the in-service ping response at the device that responds to the
ping-request packets with ping-response packets. You can configure the IP
stack to start and listen to ping-requests being sent over a particular flow,
targeted to a provisioned IP address.
2. Configure the in-service ping request at the device generating the ping
test.
It is not possible to save the in-service ping responder configuration. It is erased
on reset, and does not appear in the info command.
When you invoke the commands, a temporary IP interface is created on the
device, as well as a routing entry in the static-route table. When the test has
completed, all IP context on the generator side that is related to the test is
cleared; the IP context on the responder side must be cleared manually.
Note In PtP mode, a service (flows) with corresponding classification must exist on the
requested ingress port prior to in-service ping-response commands generation;
it is optional to configure an opposite matching flow. In the case that an
opposite matching flow does not exist, the service ping works in down scope
(default) without any warning.
Note In PtP mode, a service (flows) with corresponding classification must exist on the
requested ingress port prior to in-service ping commands generation; it is
optional to configure an opposite matching flow. In the case that an opposite
matching flow does not exist, the service ping works in down scope (default)
without any warning.
Note
Invoking no service-ping terminates the command that was initiated in the same
data-base session or in a different database session (same user or different
user).
local-ip The temporary IP address provisioned on the Valid IP address and subnet
sender/responder for the duration of the test, mask
combined with subnet-mask [0.0.0.0/32|0:0:0:0::0/128]
dst-ip The IP address to which in-service ping request packets Valid IP address
are destined [0.0.0.0|0:0:0:0::0]
next-hop Next hop to use when destination IP is out of the Valid IP address
source subnet [0.0.0.0|0:0:0:0::0]
egress-port Egress port for PtP services (E-Line). The physical (e.g. ethernet, pcs, or logical-
Ethernet port) or logical (e.g. bridge ID) interface from mac
which the ping request/response exits. Valid attribute
only when bridge parameter is not introduced.
vlan Together with egress-interface, defines the flow Possible values: 04094
Default: -1 (untagged)
inner-vlan Together with egress-interface, defines the flow Possible values: 04094
Default: -1 (untagged)
p-bit The service VLAN priority bit used when encapsulating Possible values: 07
the ping packet Default: 0 (untagged)
inner-p-bit The inner-VLAN priority bit used when encapsulating the Possible values: 07
ping packet Default: 0 (untagged)
number-of-packets Number of in-service ping request packets for the test Possible values: 110000
Default: 5
payload-size Payload size of the in-service ping request packets Possible values: 321450
Default: 32
Examples
The following example illustrates configuring in-service ping test over Eth
services. Layer-2 E-Line service is provisioned between device UNI and NNI.
flow ping_E4toE3
classifier v100
ingress-port ethernet 4
egress-port ethernet 3 queue 3 block 0/1
no policer
no shutdown
exit
flow ping_E4toE3
classifier v100
ingress-port ethernet 4
egress-port ethernet 3 queue 3 block 0/1
no policer
no shutdown
exit
Configuration Errors
The following table lists the messages generated by the device when a
configuration error is detected.
Parameter or keyword missing The entered service (outer) Configure a service (outer) VLAN that
or wrong VLAN, does not also populate also populates the customer (inner)
the customer (inner) VLAN in VLAN in the command.
the command.
Invalid parameter value; local-ip The next-hop address does Choose local IP and next-hop IP
and next-hop must belong to not belong to the same addresses in the same network.
the same network network as the sender address
(local IP address).
Invalid parameter value; local-ip The destination IP address Make next hop address equal to the
and next-hop must be equal as belongs to the same network local IP address.
dst-ip belongs to the same as the sender, but the next-
network hop address is not equal to
the local IP address.
Applicable Products
This feature is applicable to all ETX-2i products, with the following conditions:
PCS port is relevant to ETX2i with an SHDSL or VDSL2 module.
Standards
IEEE 802.1ag-D8
ITU-T Y.1731
MEF 36
Benefits
Ethernet service providers can monitor their services proactively and guarantee
that customers receive the contracted SLA. Fault monitoring and end-to-end
performance measurement provide tools for monitoring frame delay, frame
delay variation, and frame loss and availability.
Functional Description
OAM enables detection of network faults and measurement of network
performance, as well as distribution of fault-related information. OAM
functionality ensures that network operators comply with QoS guarantees,
detect anomalies before they escalate, and isolate and bypass network defects.
As a result, the operators can offer binding service-level agreements.
ETX-2i provides the OAM (CFM) functions listed below in packet-switched
networks:
End-to-end Connectivity Fault Management (CFM) per IEEE 802.1ag:
Continuity check (CC)
Non-intrusive loopback, used to detect loss of bidirectional continuity
Link Trace for fault localization
End-to-end service and performance monitoring per ITU-T Y.1731:
Loss measurement
Delay measurement
OAM Elements
Maintenance entities (ME) that require management are grouped into ME groups
(MEGs, referred to as Maintenance Associations or MAs). The Ethernet OAM
mechanism monitors connectivity in MAs. Every MA belongs to a maintenance
domain (MD), and inherits its level from the MD to which it belongs. The MD
levels are used to specify the scope of the MA (provider, operator, customer,
etc). The following entities are used for monitoring:
Maintenance End Point (MEP) A MEP is both an endpoint of a single MA,
and an endpoint of a separate Maintenance Entity for each of the other
MEPs in the same MA. A MEP generates and receives CFM connectivity
messages and tracks responses.
MEPs are referred to as up MEPs or down MEPs, depending on their location
in the device. Up MEPs reside at bridge ingress and are bound to bridge
ports. These MEPs receive and send CFM PDUs from and to the bridge. Down
MEPs reside at port egress and are bound to physical ports. These MEPs
receive and send CFM PDUs from and to the network.
You can enable or disable (the default) Latching Loopback Function (LLF) for
a down or up MEP, which is configured with Rx and Tx flows (and not
Classification). This enables the MEP to perform simultaneous loopbacks for
different source MAC addresses. When LLF is enabled at the MEP level, the
MEP level responder can work with a third party generator. For example, the
Y.1564 test generator can work with the MEP-level responder having LLF
enabled, eliminating the need to add a Y.1564 test responder.
The OAM packets transmitted by MEPs usually contain a service VLAN ID
(S-tag) and customer VLAN ID (C-tag). However, there are cases where the
user side C-tag is unknown. To handle this case, you can specify for E-line
up MEPs that customer tags are excluded. Maintenance Intermediate Points
(MIPs) are intermediate entities unlike MEPs, which are directional entities
acting as service termination points. There are two types of intermediate
While working in a Bridge application, not learned user data packets, and
multicast and broadcast transmitted frames are counted several times.
MEP CCM
Lower MD-Level:
Multicast / unicast My-MAC / unicast different MAC
Packet received from Active side > MEP defect
Cross Connected CCM (mismatch; unexpected MD level): On
Packet received from Passive side > OAM discarded on port.
Equal MD-Level:
Multicast / unicast My-MAC
Packet received from Active side > OK
Packet received from Passive side > OAM discarded on port
Unicast different MAC (not My-MAC DA)
Packet received from Active side > DA MAC is not analyzed. No discard,
no alarm MEP in OK status.
Packet received from Passive side > OAM discarded on port
Higher MD-Level:
Multicast /unicast different MAC
Packet received from both sides > considered as user data
Unicast My-MAC
Packet received from both sides > OAM discarded on port
MEP LB/LT
Lower MD-Level:
LB/LT multicast / unicast My-MAC / unicast different MAC
Packet received from both sides > OAM discarded on port
Equal MD-Level:
Multicast / Unicast My-MAC (LB/LT)
Packet received from Active side > OK
Packet received from Passive side > OAM discarded on port
Unicast different MAC (not My-MAC DA)
LB
Packet received from both sides > OAM discarded on port
LT
Packet received from Active side > discarded by CPU; no indication
Packet received from Passive side > OAM discarded on port
Higher MD-Level:
Multicast /unicast different MAC
Packet received from both sides > considered as user data
Unicast My-MAC (relevant to LB only)
Packet received from both sides > OAM discarded on port
MEP LM/DM
Lower MD-Level:
Multicast / unicast My-MAC / unicast different MAC
Packet received from both sides > OAM discarded on port
Equal MD-Level:
Multicast / unicast My-MAC
Packet received from Active side > OK
Packet received from Passive side > OAM discarded on port
Unicast different MAC (not My-MAC DA)
MIP
SLM and LMM learned sessions are supported up to the scale supported in
the specific ETX-2i device. The sum of the learned session and configured
session cannot exceed the device session limit.
Preconfigured and learned sessions can coexist on the same MEP or on the
same device.
A sessions aging time is 10 minutes, meaning that when there is no SLM or
LMM received for a learned session for 10 minutes, the session is deleted.
MEP LOC deletes all learned sessions.
Factory Defaults
By default, there are no MDs, MAs, or MEPs.
The OAM CFM general parameters have the following default configuration.
alarm-type legacy
multicast-addr 01-80-C2-00-00-30
md-level 3
interface-status-tlv interface-status-tlv
classification vlan 0
ais no ais
bind no bind
ccm-priority 0
classification vlan 0
client-md-level 4
customer-tags-excluded no customer-tags-excluded
direction down
mef46-ll no mef46-ll
delay-threshold 1000
delay-var-threshold 1000
classification priority-bit 0
dmm-interval 1s
lmm-interval 1s
delay-measurement-bin no delay-measurement-bin
delay-var-measurement-bin no delay-var-measurement-bin
remote mac-address
00-00-00-00-00-00
Defining whether legacy alarm-type { legacy | soam } legacy OAM alarm names remain the same
alarms or newer alarms as in previous versions.
are used soam OAM alarm names change as
follows:
defErrorCCM MEP level alarm: invalid
CCM received with CCM Interval that has
not yet timed out; replaces mismatch
defMACstatus RMEP level alarm: Defect
reported by interface or port status TLV
defRDICCM RMEP level alarm: RDI
(remote defect); replaces rdi
defRemoteCCM RMEP level alarm: Loss
of continuity (LOC); replaces loc
defXconCCM MEP level alarm:
Unexpected CCM received from MAID or
lower MD level; replaces mismatch
Displaying OAM CFM show summary See Viewing OAM CFM Information for more
information such as details.
MDs, MAs, MEPs, etc.
Specifying the maintenance md-level <md-level> The allowed range for md-level is 07.
domain level Note: If prestandard OAM protocol is
being used, the only allowed value for
the maintenance domain level is 3.
Note: When md-level is set to 7, client
md-level, even if configured, becomes
meaningless, as it must have a higher
value than md-level but cannot exceed 7.
Specifying the name format name string <md-name-string> Maximum length of md-name-string is
and name of the name dns <md-name-string> 43 characters.
maintenance domain Maximum combined length of
name mac-and-uint <md-name-mac>
<md-name-uint> md-name-string and ma-name-string
(maintenance association name) is
no name
48 characters.
Format mac-and-uint Specify
md-name-mac as xx-xx-xx-xx-xx-xx,
and md-name-uint as an unsigned
integer decimal number (065535).
If prestandard OAM protocol is being
used, the maintenance domain must
have no name (use command no
name).
Specifying the interval ccm-interval {3.33ms | 10ms | Note: When ccm-interval is set to 3.33ms, then
between continuity check 100ms | 1s | 10s | 1min | 10min} if you have defined the maximum number of
messages MEPs (255), the interval is not enough time to
activate them with all the corresponding
remote MEPs.
Associating the MA with a classification vlan <vlan-id> Verify that the VLAN is the same as the VLAN
VLAN associated with the MEP.
Note: If a classifier profile is associated with
the MEP, the VLAN should be set to 0.
Configuring MEP for the MA mep <mepid> See Configuring Maintenance Endpoints.
Specifying the name format name string <ma-name-string> Maximum length of ma-name-string is
and name of the name primary-vid 45 characters.
maintenance association <ma-name-vid> Maximum combined length of md name
name uint <ma-name-uint> string and ma name string is 48 characters.
Note For every MEP, a flow must be configured with the same classification as the
MEP, in the direction UNI to NNI. This can be achieved using either of the
following methods:
Classification method Configure the MEP classification; the SW automatically
finds and matches the corresponding flows to the MEP according to the
MEPs configured classification.
Rx, Tx flows method Explicitly bind flows on a MEP. The MEP derives its
classification from its bound flows.
Note When changing the MEP classification method, you must delete the MEP and
then create a new MEP.
Defining sending of AIS ais [ interval { 1s | 1min }] When md-level is set to 7, client-md-level,
[priority <priority>] even if configured, becomes meaningless.
In this case, the MEP cannot be defined to
AIS transmission and must be set to no-
ais.
Binding the MEP to an bind ethernet [<slot>/]<port> To unbind the MEP, enter no bind.
Ethernet port
Binding the MEP to an ETP bind etp <etp-name> To unbind the MEP, enter no bind.
port if ETP is used {subscriber | transport} <port-id>
Binding the MEP to a logical bind logical-mac <port-number> To unbind the MEP, enter no bind.
MAC port
Binding the MEP to PCS bind pcs <port-number> To unbind the MEP, enter no bind.
port Note: Relevant only for the SHSDL module
option.
Binding the MEP to bridge bind bridge-port <bridge-number> The bridge port must not be used by a
port <port-number> flow.
Associating the MEP with a classification vlan <vlan-id> You can associate more than one MEP to
classifier profile or VLAN classification profile <profile-name> the same VLAN if the MEPs belong to MDs
with different levels.
Verify that the VLAN is the same as the
VLAN associated with the MA.
If using a classifier profile, it must be
EVC.cos or VLAN+inner-VLAN.
Specifying that MEP customer-tags-excluded This parameter is visible only for up MEPs,
transmits OAM PDUs with and is relevant to E-line only; it is not
only S-tag, and no C-tag applicable for up MEPs over bridge or ETP.
Defining the MAC address dest-addr-type [ccm {unicast|multicast}] If more than one remote MEP ID has been
type sent in OAM [pm {unicast|multicast}] defined for the MEP and you change the
continuity check messages CCM destination address type from
(CCM) and performance multicast to unicast, all remote MEP IDs
measurement messages are deleted except for the lowest remote
(PM) MEP ID.
If the MAC address type for PM messages
is unicast, then the MAC address for the
transmission of PM messages is
determined by the configuration of the
destination NE. If a remote MAC address is
configured for the destination NE, that
MAC is used. Otherwise if a remote MEP ID
is configured for the destination NE, the
remote MAC address is learned from CCM
messages. See Configuring Destination
NEs for details.
Defining a unicast MAC dest-mac-addr <mac-addr> MAC address is in format xx-xx-xx-xx-xx-xx
address if you defined
unicast MAC address type
for CCM messages with the
dest-addr-type command
Assigning unidirectional or flow uni-direction rx <rx-name> [ Rx flow: Flow with ingress port that is the
bidirectional Rx or Tx flow tx <tx-name>] MEP facing port
to the MEP flow bi-direction <name> Tx flow: Flow with egress port that is MEP
facing port
Up to eight Tx flows and eight Rx flows
can be assigned to the MEP.
Rx/Tx flows cannot be assigned if one of
the following is true:
VLAN is configured at the MA level.
VLAN or profile is configured at the
MEP level for the Rx classification.
To delete flow assignment, enter no flow
uni-direction or no flow bi-direction,
respectively.
Defining remote MEP with remote-mep[<rmep1>..<rmep2>,<rmep3> Possible values for remote MEP IDs:
which the MEP ] 18191
communicates You can define multiple remote MEP IDs in
one remote-mep command by specifying a
list of values separated by commas (with
no spaces between the values), using .. to
indicate ranges. You can end the
command line with <CR> and then input
another list. Up to 10 elements (where
each element is either a single remote
MEP or a range of multiple remote MEPs
having consecutively numbered IDs) can be
configured in a list.
The MEP ID must be different than the
remote MEP ID(s). You can use multiple
remote-mep commands to define up to
100 remote MEPs for the local MEP (up to
1024 total remote MEPS in device) if
standard OAM protocol is being used for
the MD and the destination address type
is multicast, otherwise you can define only
one remote MEP.
Configuring service for the service <serviceid> See Configuring Maintenance Endpoint
MEP Services.
Displaying MEF46 Latching show mef46-ll-status See Viewing MEF46 Latching Loopback
Loopback status Status.
Displaying MEP status show status
Displaying remote MEP show remote-mep <remote-mep-id> If a remote MEP was never learned, its
status status status is NEW. As a result, the following
takes place:
Dest NE that is configured under this
MEPs services cannot learn the remote
MAC address and therefore, does not
transmit LMM and DMM.
unavailability is not indicated and
therefore the unavailability counters
are not incremented.
Available counter increments, as it is
ready for use as soon as the remote
MEP is configured.
Rx Unicast LLMs : 2
Rx Multicast LLMs : 0
Rx Discarded LLMs : 0
Tx LLRs : 2
Tx Autonomous LLRs : 0
Num First Source MAC Address Last Source MAC Address Time Remaining
-----------------------------------------------------------------------------
1 00-20-D2-54-11-92 00:06:43
ETX2i config>oam>cfm>md(1)>ma(1)>mep(2)#
Parameter Description
Displayed
First Source MAC Addre Start of a block of source MACs in incoming frames that are
looped
Last Source MAC Addre End of a block of source MACs in incoming frames that are
looped
MD-Level MIP
When MD-level MIP mode is activated, ETX-2i provisions a MIP for each flow at
each physical port, bridge port, and ring port, subject to the limitations specified
above in OAM Elements. The MIPs are added for each specified MD level, or MD
level range.
Service-Level MIP
Service-level MIPs are intermediate entities that are defined in the maintenance
domain level.
To add a MIP:
At the config>oam>cfm>md(<mdid># prompt, enter:
mip <mipid>
The MIP is created and the prompt
config>oam>cfm>md(<mdid>)>mip(<mipid>)$ is displayed.
To delete a MIP:
At the config>oam>cfm>md(<mdid>)# prompt enter: no mip <mipid>
The maintenance intermediary point is deleted.
To configure a MIP:
1. Navigate to configure oam cfm maintenance-domain <mdid> mip <mipid> to
select the MIP to configure.
The config>oam>cfm>md(<mdid>)>mip(<mipid>)# prompt is displayed
2. Enter all necessary commands according to the tasks listed below.
Binding the MIP to an bind ethernet [<slot>/]<port> To unbind the MIP, enter no bind.
Ethernet port, logical MAC bind logical-mac <port-number>
port, or PCS port
bind pcs <port-number>
Note Only one service is allowed if the classifier profile associated with the MEP is
according to p-bit.
Each service sets delay and delay variation thresholds. If the thresholds are
exceeded, the service is declared as degraded. You can also define priority of
OAM messages originating from this service.
The prompt
config>oam>cfm>md(<mdid>)>ma(<maid>)>mep(<mepid>)>service(<serviceid>)$
is displayed.
Specifying the interval for loss lmm-interval {100ms | 1s | 10s} When changing lmm-interval,
measurement messages, to be you must perform NO LM and
used by all remote NEs defined then LM.
for service
Activating the MEP service no shutdown You can activate a service only
if the corresponding MEP is
active and you have defined at
least one destination NE.
Note: Following no shutdown
of MEP, the following warning
message appears to remind
you to activate relevant MEP
services: Warning: Relevant
MEP services must be activated
following MEP reactivation.
Assigning the delay delay-measurement-bin profile <name> The delay measurement bin profiles
measurement bin profile are defined in the conf>oam>cfm
level.
Assigning the delay variation delay-var-measurement-bin The delay measurement bin profiles
measurement bin profile profile <name> are defined in the conf>oam>cfm
level.
Defining the MAC address of remote mac-address <mac> If the MAC address is
the destination NE 00-00-00-00-00-00, the statistic
counters for the destination NE do
not increment.
Displaying the delay show delay-measurement-bins {rt-delay Relevant only if profiles were
measurement bins for delay | rt-delay-var | fw-delay-var | bw-delay- assigned via delay-measurement-bin,
measurements via DMRs var } current delay-var-measurement-bin.
show delay-measurement-bins {rt-delay rt-delay Round trip delay
| rt-delay-var | fw-delay-var | bw-delay- <rt-delay-var> Round trip delay
var } interval <interval-num> variation
show delay-measurement-bins {rt-delay <fw-delay-var> Forward delay
| rt-delay-var | fw-delay-var | bw-delay- variation
var } all
<bw-delay-var> Backward delay
variation
<current> Current statistics
<interval> Interval statistics
interval-num> Interval number
[number]
all all statistics
Far End Frame Total number of OAM frames lost from local MEP to remote
Loss Ratio MEP, divided by total number of transmitted OAM frames
since the service was activated
Near End Frame Total number of OAM frames lost from remote MEP to local
Loss Ratio MEP, divided by total number of transmitted OAM frames
since the service was activated
For non ratio-based counters (Frames Above Delay and Frames Above Delay
Variation), you have to define a sampling interval in addition to the rising and
falling thresholds. The purpose of the interval is to define a timeline, in seconds,
in which the service OAM data is sampled and compared with the pre-defined
service thresholds. For the ratio-based counters, defining a sampling interval is
not required.
<rising-threshold-thousandth>] [falling-threshold
<falling-threshold-thousandth>]
4. Type no shutdown to activate the event reporting for the counter.
event Specifies the type of event reporting none The event is not reported.
log The event is reported via the
event log.
trap An SNMP trap is sent to
report the event.
logandtrap The event is reported
via the event log and an SNMP trap.
You can view the following types of statistics for MEPs, services, and destination
NEs:
When a service is first activated, you can view statistics for only the current
interval. The statistics data is shown for the time elapsed since the beginning of
the interval. When the current interval ends, it becomes interval 1 and you can
select it for viewing interval statistics. After each interval ends, you can select it
for viewing interval statistics.
OAM CFM supports checking Availability status within an interval as well as
across intervals. In the case that there are less than n consecutive delta-t small
time intervals at the end of an interval that have changed Availability status
(become Available or Unavailable), the delta-t small time intervals at the
beginning of the next interval are checked to see if there is a total of n
consecutive delta-t small time intervals across the intervals (the end of the
current interval and the beginning of the next interval). If so, the delta-t small
time intervals at the end of the current interval are all considered to have a
changed Availability status (Available or Unavailable).
For example, when Availability is defined for ten one-second intervals, and there
are three SES seconds at the end of the current interval, those seconds are
considered Unavailable only if the first seven seconds of the next interval are
also SES, i.e. ten consecutive SES.
An interval is closed only after the following Availability and Unavailability
counters are updated accordingly, taking into consideration the Availabilty status
change of Delta-ts in the current interval that are affected by the Availability
status of Delta-ts in the new interval (see Table 11-5 for a description of the
counters):
Tx Frames [Forward]
Tx Frames [Backward]
Rx Frames [Forward]
Rx Frames [Backward]
Unavailable Seconds [Forward]
Unavailable Seconds [Backward]
Frame Loss Ratio (%) [Forward]
Frame Loss Ratio (%) [Backward]
Also, the statistics of the last History interval (i.e. the interval before the
current) can only be viewed n * Delta_t seconds after the current interval has
commenced.
Notes If RADview is being used to manage ETX-2i, then when the interval duration is
changed, it is recommended to clear the statistics of all relevant Dest NEs, in
order to avoid any inconsistencies.
interval-duration must be configured to a larger value than availability (delta_t
* n) calculation; otherwise, a sanity error occurs.
To display the OAM CFM statistics for a MEP, service, or destination NE:
1. Navigate to the level corresponding to the OAM MEP, service, or destination
NE for which you wish to view the statistics
configure oam cfm maintenance-domain <mdid>
maintenance-association <maid> mep <mepid>
or
configure oam cfm maintenance-domain <mdid>
maintenance-association <maid> mep <mepid> service <serviceid>
or
configure oam cfm maintenance-domain <mdid>
maintenance-association <maid> mep <mepid> service <serviceid> dest-ne
<dest-ne-index>).
The prompt for MEP, service, or destination NE is displayed:
config>oam>cfm>md(<mdid>)>ma(<maid>)>mep(<mepid>)#
config>oam>cfm>md(<mdid>)>ma(<maid>)>mep(<mepid>)>service(<ser
viceid>)#
config>oam>cfm>md(<mdid>)>ma(<maid>)>mep(<mepid>)>service(<ser
viceid>)>
dest-ne(<dest-ne-index>)#
2. Enter all necessary commands according to the tasks listed below.
Note The service for which you wish to view the statistics must be active. If the
service is not active, the commands to view statistics are not recognized.
Viewing show statistics The statistics are displayed as shown in Viewing Running Statistics; see
running running Table 11-5 and Table 11-6.
statistics
Viewing show statistics The statistics for the current interval are displayed as shown in Viewing
statistics current Current Statistics; see Table 11-5 and Table 11-6.
for the
current
interval
Viewing show statistics The statistics are displayed as shown in Viewing Running Statistics,
running all Viewing Current Statistics, Viewing Interval Statistics; see Table 11-5 and
statistics, Table 11-6.
statistics
for the
current
interval,
and
statistics
for all
intervals
Viewing show statistics The statistics for all intervals are displayed as shown in Viewing Interval
statistics all-intervals Statistics; see Table 11-5 and Table 11-6.
for all
intervals
Clearing clear-statistics The running statistics for the MEP, service, or destination NE are cleared
the (the interval and current counters are not cleared).
statistics
for the
service or
destination
NE
Parameter Description
Parameter Description
Lost Frames [Forward] (in service Total number of frames lost from local destination NE to remote
statistics) destination NE since the service was activated
Frames Loss[Forward] (in dest-ne Note: This counter is called Lost Frames for Services, and Frames Loss
statistics) for dest NEs.
Lost Frames [Backward] (in service Total number of frames lost from remote destination NE to local
statistics) destination NE since the service was activated
Frames Loss[Backward] (in dest-ne Note: This counter is called Lost Frames for Services, and Frames Loss
statistics) for dest NEs.
Frame Loss Ratio (%) [Forward] Lost Frames [Forward] divided by Tx Frames [Forward]
Note: Counts FLR during Available time only.
Frame Loss Ratio (%) [Backward] Lost Frames [Backward] divided by Tx Frames [Backward]
Note: Counts FLR during Available time only.
Unavailable Seconds [Forward] Number of seconds the remote destination NE is considered
unavailable
Note: This counter is displayed only for dest NEs.
Unavailable Seconds [Backward] Number of seconds the local destination NE is considered unavailable
Note: This counter is displayed only for dest NEs.
Available Seconds [Forward] Number of seconds the remote destination NE is considered available
Note: This counter is displayed only for dest NEs.
Two Way Unavailable Seconds Number of seconds that either the remote destination NE (forward)
and/or local destination NE (backward) are unavailable.
Note: This counter is displayed only for dest NEs current and interval
statistics.
Available Seconds [Backward] Number of seconds the local destination NE is considered available
Note: This counter is displayed only for dest NEs.
Two Way Available Seconds Number of seconds that both the remote destination NE (forward)
and local destination NE (backward) are available.
Note: This counter is displayed only for dest NEs current and interval
statistics.
Two Way Delay (mSec) Round trip frame delay
Two Way IFDV (mSec) Round trip frame delay variation
Current Forward IFDV (mSec) Difference between the current delay value and the previous current
delay value, for forward direction
Note: This counter is displayed only for dest NEs.
Current Backward IFDV (mSec) Difference between the current delay value and the previous current
delay value, for backward direction
Note: This counter is displayed only for dest NEs.
Frames Above Delay Threshold Number of DM frames whose delay value exceeded the configured
delay threshold
Frames Above IFDV Threshold Number of DM frames whose delay variation exceeded the configured
delay variation threshold
Two Way Delay (msec) [Min] Minimum frame delay value received in DM frame
Two Way Delay (mSec) [Average] Average of all frame delay values received in DM frames
Parameter Description
Two Way Delay (msec) [Max] Maximum frame delay value received in DM frame
Two Way IFDV (msec) [Min] Minimum difference between the frame delay values received in DM
frames
Two Way IFDV (mSec) [Average] Average difference between the frame delay values received in DM
frames
Two Way IFDV (msec) [Max] Maximum difference between the frame delay values received in DM
frames
Forward IFDV [Min] Minimum difference between the frame delay values received in DM
frames for forward direction
Forward IFDV [Average] Average difference between the frame delay values received in DM
frames for forward direction
Forward IFDV [Max] Maximum difference between the frame delay values received in DM
frames for forward direction
Backward IFDV [Min] Minimum difference between the frame delay values received in DM
frames for backward direction
Backward IFDV [Average] Average difference between the frame delay values received in DM
frames for backward direction
Backward IFDV [Max] Maximum difference between the frame delay values received in DM
frames for backward direction
Elapsed Time (sec) Time (in seconds) elapsed since the service was activated.
Exception: Following shutdown and then no shutdown of a service,
current statistics of the first interval display in Elapsed Time the time
that is aligned to the wall clock, and not the elapsed time since the
service was activated. Hence, all current statistics calculated using
Elapsed Time are not valid for the first interval following shutdown
and no shutdown.
CCM P-bit P-bit where CCM resides
MD Level MD level munber where CCM resides
CCM Tx frames Number of CCM Tx frames per MEP
RMEP ID The ID of the remote MEP associated with the MEP
CCM Rx frames Number of CCM Rx frames per remote MEP
Parameter Description
Specifying remote MEP by lbm address <mac-address> [repeat MAC address is in the
MAC address <repeat-num>] [data-tlv-length format <xx-xx-xx-xx-xx-xx>.
<length-val>] Allowed range of
Specifying remote MEP by lbm remote-mep <mep-id> [repeat repeat-num is 1500.
MEP ID <repeat-num>] [data-tlv-length Allowed range of
<length-val>] data-tlv-length is 01900.
Sending LBM messages to lbm multicast [repeat <repeat-num>] The only allowed value for
default multicast MAC repeat-num is 1.
address
Specifying remote MEP by MAC linktrace address <mac-address> MAC address is in the
address [ttl <ttl-value>] format <xx-xx-xx-xx-xx-xx>.
Specifying remote MEP by ID linktrace remote-mep <mep-id> Allowed range for ttl-value
[ttl <ttl-value>] is 164. This parameter
specifies number of hops.
Each unit in the link trace
decrements the TTL until it
reaches 0, which terminates
the link trace.
Examples
#**************************Configure MA
maintenance-association 1
classification vlan 100
#**************************Configure MEP
mep 1
classification vlan 100
bind ethernet 0/1
queue fixed 1 block 0/1
remote-mep 1..5,7,15..25,54,68,73..75,80,88..99,100,102,120
remote-mep 150,160..164,180
no shutdown
exit all
Note VLAN classification must not be configured for the MEP, in order to facilitate the
service discovery.
#**************************Configure classifiers
flows
classifier-profile v1 match-any
match vlan 1
exit
classifier-profile v21 match-any
match vlan 21
exit
#**************************Configure Rx flow
flow v21_v1
ingress-port ethernet 0/1
egress-port ethernet 0/3 queue 0 block 0/1
classifier v21
pm-collection interval 300
service-name gold
no shutdown
exit
#**************************Configure Tx flow
flow v1_v21
ingress-port ethernet 0/3
egress-port ethernet 0/1 queue 0 block 0/1
classifier v1
pm-collection interval 300
service-name gold
no shutdown
exit all
Direction : Down
Classification Profile : Class_A
CCM Priority : 7
MD Name : MD1
MA Name : MA1
Administrative Status : Up
Test Status : Off
Near End Frame Loss Ratio Log and trap 1e-9 1e-10
In this example, an SNMP trap and an event are generated as notification of the
rising threshold if during an 8-second sample interval, four DMM packets or
more exceed the 10-milliseconds delay threshold of this service. The alarm is
cleared (falling threshold) if ETX-2i detects an 8-second sample interval in which
two or fewer packets cross the thresholds.
A rising or falling threshold event is generated if a specific ratio is exceeded. For
example, an SNMP trap is sent if the far end Frame Loss Ratio (from ETX-2i to
the network) exceed 10^-4, i.e. more than one frame out of 10,000 LMMs sent
for this service are lost.
exit
R-MEP
-----------------------------------------------------------------------------
ID CCM Rx frames
-----------------------------------------------------------------------------
101 1286
102 0
103 0
ETX-2i>config>oam>cfm# ma 1 ma 1 mep 1 serv 1
ETX-2i>config>oam>cfm>md(1)>ma(1)>mep(1)>service(1)# show statistics running
Running Counters
-----------------------------------------------------------------------------
Forward Backward
TX Frames : 1548 1548
RX Frames : 1548 1548
Lost Frames : 0 0
R-MEP
-----------------------------------------------------------------------------
ID CCM Rx frames
-----------------------------------------------------------------------------
101 136
102 0
103 0
ETX-2i>config>oam>cfm# ma 1 ma 1 mep 1 serv 1
ETX-2i>config>oam>cfm>md(1)>ma(1)>mep(1)>service(1)# show statistics current
Current
-----------------------------------------------------------------------------
Forward Backward
Tx Frames : 1863 1863
Rx Frames : 1863 1863
Lost Frames : 0 0
Frame Loss Ratio (%) : 0.0000 0.0000
R-MEP
-----------------------------------------------------------------------------
ID CCM Rx frames
-----------------------------------------------------------------------------
101 303
102 0
103 0
ETX-2i>config>oam>cfm# ma 1 ma 1 mep 1 serv 1
ETX-2i>config>oam>cfm>md(1)>ma(1)>mep(1)>service(1)# show statist interval 1
Interval
-----------------------------------------------------------------------------
Interval : 1
Forward Backward
Tx Frames : 1541 1541
Rx Frames : 1541 1541
Lost Frames : 0 0
Frame Loss Ratio (%) : 0.0000 0.0000
Total Intervals
-----------------------------------------------------------------------------
Forward Backward
Tx Frames : 0 0
Rx Frames : 0 0
Lost Frames : 0 0
Forward Backward
Tx Frames : 899 899
Rx Frames : 899 899
Frames Loss : 0 0
Frame Loss Ratio (%) : 0.0000% 0.0000%
Unavailable Seconds : 0 0
Available Seconds : 1195 1195
Total Intervals
-----------------------------------------------------------------------------
Forward Backward
Tx Frames : 0 0
Rx Frames : 0 0
Frames Loss : 0 0
Frame Loss Ration (%) : 0.0000% 0.0000%
Unavailable Seconds : 0 0
Available Seconds : 0 0
Current
1 0..15000 0
2 15001..49000 0
3 49001..55000 0
4 55001..250000 0
5 250001..5000000 0
Type : rt Delay
Interval Bin
range Rx DMR
(us)
---------------------------------------------------------------
1 1 0..15000 36
1 2 15001..49000 0
1 3 49001..55000 0
1 4 55001..250000 0
1 5 250001..5000000 0
2 1 0..15000 753
2 2 15001..49000 0
2 3 49001..55000 0
2 4 55001..250000 0
2 5 250001..5000000 0
3 1 0..15000 713
3 2 15001..49000 0
3 3 49001..55000 0
3 4 55001..250000 0
3 5 250001..5000000 0
ETX-2i>config>oam>cfm>md(1)>ma(1)>mep(1)>service(1)>dest-ne(3)#
show delay-measurement-bins rt-delay-var all
Type : rt Delay Var
Current
---------------------------------------------------------------
Bin range Rx DMR
(us)
---------------------------------------------------------------
1 0..15000 0
2 15001..55000 0
3 55001..105000 0
4 105001..205000 0
5 205001..5000000 0
Interval Bin
range Rx DMR
(us)
---------------------------------------------------------------
1 1 0..15000 36
1 2 15001..55000 0
1 3 55001..105000 0
1 4 105001..205000 0
1 5 205001..5000000 0
2 1 0..15000 753
2 2 15001..55000 0
2 3 55001..105000 0
2 4 105001..205000 0
2 5 205001..5000000 0
3 1 0..15000 713
3 2 15001..55000 0
3 3 55001..105000 0
3 4 105001..205000 0
3 5 205001..5000000 0
Configuration Errors
The following table lists the messages generated by the device when a
configuration error is detected.
OAM CFM: A service with the You tried to configure more Check the priority bit classification and
same priority already exists than one service on the same verify that there is no other configured
priority bit. service on it.
OAM CFM: A Maintenance You previously configured Configure the MA with another name
Association with this format and another MA with the same or format.
name already exists configuration.
OAM CFM: A Maintenance You previously configured Configure the MD with another format,
Domain with this format name another MD with the same name, or level.
and level already exists configuration.
OAM CFM: Active MEP cannot You tried to delete or shut Disassociate the flow from the MEP,
work without a flow down a flow that is being used and then delete or shut down the flow.
by a MEP.
OAM CFM: Active MEP requires You did not configure a single Configure at least one remote MEP.
at least 1 remote MEP remote ID on the MEP.
OAM CFM: Active MIP cannot You did not configure a TX or Configure a TX or Rx flow on the
work without a flow Rx flow on the manual manual MIP that you configured.
MIP that you configured.
OAM CFM: Active MIP cannot The Tx or RX flow that you Configure the MIP with an active Tx or
work without an active flow configured on the MIP is not Rx flow.
active.
OAM CFM: AIS cannot be You configured MEP on a Configure MEP on a maintenance
enabled when MD level equals maintenance Domain with Domain other than Level 7.
seven (7) Level 7, and therefore AIS
could not be enabled on it.
OAM CFM: Cannot activate a You tried to activate a Service Configure a Dest NE under Service.
service without a dest-NE that has no Dest NE
configured under it.
OAM CFM: Cannot activate MIP You did not configure a bound Configure a bound port on the manual
without a bound port port on a manual MIP. MIP.
OAM CFM: Cannot change You tried to change Disable Fault CFM entity, and then
parameters when active parameters on an active Fault change parameters.
CFM entity.
OAM CFM: Cannot change pm to You tried to configure a Configure a multicast destination
multicast because there is a multicast destination address address on a Dest NE that does not
destne that counts loss on a Dest NE that has user have user data loss measurements.
data loss measurements.
OAM CFM: Cannot configure You configured a MEP to work Configure only one remote MEP per
destination address type unicast with unicast destination MEP.
and more than one remote MEP address, but also assigned to
it more than one remote MEP.
OAM CFM: Cannot configure ICC It is not legal to configure MD Change MA name to format other ICC.
with MD name name when MA name format
is ICC.
OAM CFM: Cannot delete a You tried to delete a remote Disassociate the remote MEP from the
remote MEP that is being used MEP from MEP configuration, Dest NE and then delete it.
by a dest-ne while this remote MEP is being
used in one of the MEPs Dest
NEs as remote peer address.
OAM CFM: Cannot delete destne; You tried to delete or shut Wait until RFC2544 test has completed,
it is bound to rfc2544 test. down a Dest NE that is used and then delete or shut down the Dest
on an active RFC2544 test. NE.
OAM CFM: Cannot delete MEP; You tried to delete a MEP Finish using the MEP under the Y.1564
MEP is under Y.1564 test. which is being used in a test, and then delete it.
Y.1564 test.
OAM CFM: Cannot delete or You tried to modify or delete a Remove the Bin profile from the Dest
change measurement profile used Bin profile. NE, and then modify or delete it.
first remove from dest-NE
OAM CFM: Cannot enable loss You tried to configure user Configure Dest NE without a multicast
measurement because pm is in data loss measurements on a address or use another loss
multicast Dest NE with multicast measurement method.
destination address.
OAM CFM: Cannot enable service You are trying to enable (no Enable the MEP (no shutdown).
while the MEP is not active shutdown) a service of one of
the MEPs priority bits, while
the MEP is not enabled
(shutdown).
OAM CFM: Cannot have a dest- You tried to configure remote Activate MEPs CCM or use remote-mac.
NE remote MEP-ID when CCM is MEP Id on the Dest NE while
disabled MEPs CCM is not active.
OAM CFM: Cannot modify a You tried to change remote Shut down the service, delete the Dest
remote MEP while it is being MEP parameters in MEP NE that uses this remote MEP or
used configuration while the change its configuration to remote
Remote MEP is being. used MAC.
OAM CFM: Cannot resolve this You are using remote MEP ID Use a remote MEP ID only of remote
remote MEP MAC address for loopback or linktrace MEP MAC address that was learned by
transmission, but the remote the CCM.
MEP MAC address was not
learned by the CCM yet.
OAM CFM: Cannot send more You sent more than one Send only one LB message to multicast
than one LB to multicast loopback message to the same address.
address multicast destination address
of the MEP. All relevant remote
MEPs should answer one LBR
from every remote MEP.
OAM CFM: Cannot shutdown You tried to disable a MEP Finish using the MEP under the Y.1564
MEP; MEP is under Y.1564 test. which is being used in a test, and then disable it.
Y.1564 test.
OAM CFM: Classification: Conflict You previoulsy configured Configure the MEP with a different
with another MEP classification another MEP with the same classification.
parameters.
OAM CFM: Classification: Inner You tried to configure a MEP Configure the MEP with a supported
VLAN range is not supported with a non-supported flow flow classification.
classification.
OAM CFM: Classification: You tried to configure a MEP Configure the MEP with a supported
Unsupported criteria with a non-supported flow flow classification.
classification.
OAM CFM: Classification: VID=0 You configured an Illegal VLAN Configure a VLAN with ID other than 0
is invalid on a MEP. on the MEP.
OAM CFM: Client MD level must You tried to configure a client Configure client MD level higher than
be higher than MD level Maintenance Domain Level MD level.
(MDL) lower than or equal to
the MDL.
OAM CFM: Conflict between You configured a destination Select a valid destination MAC address.
OAM destination MAC address MAC address that conflicts
and device MAC address with the devices MAC address.
OAM CFM: Deactivate service You did not deactivate service Deactivate service, and then erase last
before erasing last dest-NE before erasing last active Dest active Dest NE under it.
NE under it.
OAM CFM: dest-NE out of range You configured Dest NE ID out Confiugre a Dest NE ID between 1 and
the range 1..255. 255.
OAM CFM: EVC.COS: Illegal You did not configure Local Configure Local MEP Id.
remote MEP configuration MEP Id (can only occur via
SNMP).
OAM CFM: EVC.COS: More than 1 You tried to configure two Configure only one MEP on the same
MEP on the same MA is only MEPs on the same MA. MA or use vlan.p_bit classification for
allowed when all classifications all MEPs on MA.
are VLAN + pBit
OAM CFM: EVC.COS: Priority bit You did not configure EVC.cos Configure the EVC.cos MEPs flow
doesn't match classifier MEPs flow classification to classification to match the MEPs
match the MEPs configured configured priority.
priority.
OAM CFM: EVC.COS: Two MEPs You tried to configure two Configure two MEPs on the same MA
on the same MA must use MEPs on the same MA with with different priorities.
classifiers with same VLAN and same priority.
different priorities
OAM CFM: Event type must be You tried to configure for Configure an event for the Fault CFM
different than none unavailability, a Fault CFM frame report entity.
frame report entity that has
no event.
OAM CFM: Exceeded number of You tried to define more than Define only up to 100 fault CFM
entries in alarmTable 100 fault CFM entities. entities.
OAM CFM: Falling On Fault CFM entity, you Configure a lower limit for alarm falling,
alarm_threshold must be less configured a lower limit for which is lower than the higher limit of
than rising alarm_threshold alarm falling, which is higher alarm rising.
than the higher limit of alarm
rising.
OAM CFM: FPGA supports up to You tried to configure Bin Configure Bin profile limit which is up
1000000 uSec (1 second) profile limit which is higher to 1 second.
threshold than 1 second.
OAM CFM: Illegal MAC address You configured the MAC Configure a valid MAC address.
address with all zeroes or all
ones.
OAM CFM: Illegal queue block You did not configure a queue Configure a queue block on the MEP.
block on the MEP.
OAM CFM: Illegal value CFM entity was configured Configure CFM entity with legal indices.
with illegal or out of range
indices (for example, loopback
on an active CFM loopback).
OAM CFM: Invalid falling You configured the falling Configure the falling threshold
threshold threshold to less than one-of- between one-of-thousand and 1000
thousand or higher than 1000 one-of-thousand. Make sure that the
one-of-thousand. Or you falling threshold value is lower than the
configured the falling rising threshold.
threshold to a higher value
than the rising threshold.
OAM CFM: Invalid forwarding You configured E-LAN Configure another forwarding method.
method for MEP with direction forwarding method on a Down
set to down MEP.
OAM CFM: Invalid rising You configured the rising Configure the rising threshold between
threshold threshold to less than one-of- one-of-thousand and 1000 one-of-
thousand or higher than 1000 thousand. Make sure that the rising
one-of-thousand. Or you threshold value is higher than the
configured the rising threshold falling threshold.
to a lower value than the
falling threshold.
OAM CFM: Invalid time interval You tried to configure a fault Configure an interval between 1 and
CFM interval which is shorter 60 seconds.
than 1 second or longer than
60 seconds.
OAM CFM: Lmm and dmm You configured lmm-synthetic Configure one second on both lmm and
intervals must be equal if lmm- while in the service level, but dmm.
synthetic was selected you also set lmm or dmm
intervals to be different than 1
second.
OAM CFM: Local MEP-ID and You assigned the same ID to a Configure the remote MEP and local
remote MEP-ID are equal remote MEP and local MEP. MEP with different IDs.
OAM CFM: MA and MEP VLAN You configured a classification Configure a classification VLAN on the
don't match VLAN on MA level that does MA level to match the configured
not match the configured classification VLAN on the MEP level.
classification VLAN on the MEP
level.
OAM CFM: MA name max length You configured an MA name in Configure an MA name in ICC format up
is 13 characters when format is ICC format more than 13 to 13 characters long.
ICC characters long.
OAM CFM: MA-ID size exceeds You defined an MD or MA Define an MD or MA name that is not
limit name length that is longer longer than the maximum allowed
than the maximum allowed length.
length.
OAM CFM: Max allowed dest-NEs You tried to add more than Configure up to the allowed number of
in active services already allowed maximum Dest NEs. Dest NEs.
reached
OAM CFM: Max allowed number You already configured the Configure up to the allowed number
of remote MEPs reached maximum allowed number of remote MEPs per device.
remote MEPs on the device.
OAM CFM: MD level out of range You configured an MD level Configure an MD level between 0 and
that is smaller than 0 or bigger 7.
than 7 (can happen only via
SNMP).
OAM CFM: MEP direction is not You bound the MEP to the Bind a MEP of the correct direction to a
correct for port type wrong port. For example: You port.
bound a Down MEP to a Bridge
port or an UP MEP to an SVI.
OAM CFM: MEP must be active You tried to send LBM or LTM Activate MEP, and then send LBm or
for this action on a non-active MEP. LTM.
OAM CFM: MEP out of range You configured a MEP ID Configure a MEP ID between 1 and
outside the range 1..8191 8191.
OAM CFM: Name cannot be You did not configure an MD Configure a name for MD or MA.
empty or MA name.
OAM CFM: Name length too long You configured an illegal MD or Configure an MD/MA name up to 43
MA name length (more than characters.
43 characters).
OAM CFM: NE remote MEP-ID or You tried to define Dest NE Define a Dest NE that has different
MAC address conflicts with that has same indices as an indices than an existing Dest NE.
another NE on the current existing Dest NE.
service
OAM CFM: No port is bound to You tried to activate a MEP Bind a port to the MEP.
MEP with no bounded port.
OAM CFM: Only 10 TX flows per You tried to configure more Configure up to 10 Tx flows.
MEP are allowed than 10 Tx flows on a MEP.
OAM CFM: Only one destne can You tried to configure more Configure only one Dest NE on a
be configured if loss user data than one Dest NE on a service service with User Data Loss
was selected with User Data Loss measurement method.
measurement method.
OAM CFM: Only one RX flow per You tried to configure more Configure only one Rx flow on the MEP.
MEP is allowed than one Rx flow on a MEP.
OAM CFM: Please make sure you You configured a MEP to work When MEP is shutdown, configure a
configure a unicast type and with unicast destination valid unicast address as destination
MAC address when MEP is address, but did not configure address.
shutdown a valid unicast address as
destination address.
OAM CFM: Port is occupied with You tried to send loopback or Send loopback or linktrace only when
another action linktrace while there is another no other loopback or linktrace
active loopback or linktrace respectively, is active.
respectively.
OAM CFM: Port level MEP: Only You tried to configure more Configure only one MEP on an
one allowed per port than one MEP on an untagged untagged port.
port.
OAM CFM: Priority out of range You configured a Priority that Configure a Priority between 0 and 7.
is smaller than 0 or bigger
than 7 (can happen only via
SNMP).
OAM CFM: Profile must have You tried to use a flow with Use a flow with only one VLAN
only one entry multiple VLANs matching matching classification.
classification.
OAM CFM: Profile was not found You used a wrong or non- Use a correct or existing profile.
existing profile.
OAM CFM: Remote MEP doesn't You tried to configure a Configure the remote MEP ID at the
exist remote MEP Id at the Dest NE, MEP as Remote.
as remote peer address, but
this Remote MEP Id is not
configured at the MEP as
Remote.
OAM CFM: Remote MEP ID You tried to configure a Configure the remote MEP with an ID
cannot be equal to local MEP ID remote MEP with the same ID that is different than the MEP ID.
as the MEP itself.
OAM CFM: rfc2544 test is in You tried to change the status Wait until RFC2544 test terminates,
progress; cannot enable service of a service that one of its and then change the services status.
Dest NEs is used on an active
RFC2544 test.
OAM CFM: Service out of range You configured a service ID Configure a service ID between 1 and
outside the range 1..8 8.
OAM CFM: The Rx and Tx flows You configured Rx and Tx Configure Rx and Tx flows to start and
must be in opposite directions. flows so that they do not start end on opposite Ingress and Egress
and end on opposite Ingress ports.
and Egress ports.
OAM CFM: The Rx flow must You configured manual MIP, so Configure the Rx flows Ingress port to
originate from the bound port. that Rx flows Ingress port is be equal to the MIPs bound port.
not equal to the MIPs bound
port.
OAM CFM: There is no MEP with You tried to create an entry in Connect the flow to a MEP that already
those indices the MepFlow table and to exists.
connect between a flow and a
MEP that does not exist (can
only occur via SNMP).
OAM CFM: VID out of range You configured a VLAN ID Configure a VLAN ID between 1 and
outside the range 1..4094 4094.
OAM CFM: When using untagged You tried to configure a MEP Configure a MEP with EVC.cos
or EVC.COS MEP classification with EVC.cos classification and classification and Service Id equal to 1.
only service index 1 is permitted Service Id other than 1.
OAM CFM: MEF-46 should have You tried to configure MEF-46 Configure MEF-46 on a MEP that is
Tx/Rx flow classification on a MEP that is configured configured with Rx and Tx flows.
with a classifier profile or
VLAN.
Ethernet in the First Mile (EFM) is a link-layer OAM protocol that operates at the
level of the single link for remote management and fault indication. ETX-2i can
act as the active or passive side in an IEEE 802.3ah application.
The term last mile is often used by core network engineers to refer to access
links from an operators central office to the customers locations. The opposite
term first mile refers to the same access links but from the customers
perspective.
This section covers the monitoring of the Ethernet links using OAM EFM (OAM
Ethernet at the First Mile). ETX-2i can act as the active or passive side in an IEEE
802.3-2005 application.
Applicable Products
This feature is applicable to all ETX-2i products, with the following conditions:
PCS port is relevant to ETX2i with an SHDSL or VDSL2 module.
Standards
IEEE 802.3-2005
Benefits
Ethernet OAM (EFM) provides remote management and fault indication for the
Ethernet links. Remote link failure can be detected via OAM (EFM).
Functional Description
The OAM (EFM) discovery process allows a local data terminating entity (DTE) to
detect Ethernet OAM capabilities on a remote DTE. Once Ethernet OAM support
is detected, both ends of the link exchange state and configuration information,
such as mode, PDU size, loopback support, etc. If both DTEs are satisfied with
the settings, OAM is enabled on the link. However, the loss of a link or a failure
to receive OAMPDUs for five seconds may cause the discovery process to
restart.
DTEs may either be in active or passive mode. DTEs in active mode initiate the
ETH-OAM (EFM) communications and can issue queries and commands to a
remote device. DTEs in passive mode generally wait for the peer device to
initiate OAM communications and respond to commands and queries, but do not
initiate them.
A flag in the OAMPDU allows an OAM entity to convey the failure condition Link
Fault to its peer. Link Fault refers to the loss of signal detected by the receiver;
A Link Fault report is sent once per second with the Information OAMPDU.
Factory Defaults
By default, OAM EFM is not enabled for Ethernet/logical MAC/PCS ports.
Enabling link OAM (EFM) efm descriptor <12> The EFM descriptor must exist
before you can assign it to a port
Note: In order for link OAM (EFM)
to function properly, the relevant
Ethernet port must be associated
with an L2CP profile that
specifies peer action for MAC
0x02.
Displaying link OAM (EFM) show oam-efm Note: Relevant only for
parameters Ethernet/PCS ports, if link OAM
(EFM) is enabled.
Displaying link OAM (EFM) show oam-efm-statistics Note: Relevant only for
statistics Ethernet/PCS ports, if link OAM
(EFM) is enabled.
Examples
To enable active link OAM (EFM) Ethernet port 1/1:
#************** Configure L2CP profile for OAM EFM
exit all
configure port l2cp-profile mac2peer
mac 0x02 peer
exit all
To display the link OAM (EFM) status for Ethernet port 1/1
ETX-2i>config>port>eth(1/1)# show oam-efm
Administrative Status : Enabled
Operational Status : Link Fault
Loopback Status : Off
Information
---------------------------------------------------------------
Local Remote
Mode : Active --
MAC Address : 00-20-D2-30-CC-9D --
Unidirectional : Not Supported --
Vars Retrieval : Supported --
Link Events : Supported --
Loopback : Supported --
PDU Size : 1518 --
Vendor OUI : 0x0020D2 --
11.4 TWAMP
The full Two-Way Active Measurement Protocol (TWAMP) consists of two parts:
TWAMP Control Layered over TCP; used to initiate, start, and stop
measurement sessions
TWAMP Test Layered over UDP; used to exchange test packets between
two measurement nodes. The TWAMP Test includes three
tests: TWAMP Light, ICMP Echo, and UDP Echo.
Applicable Products
This feature is applicable to all ETX-2i products, with the following conditions:
PCS port is relevant to ETX2i with an SHDSL or VDSL2 module.
Standards
RFC 5357 A Two-Way Active Measurement Protocol (TWAMP)
RFC 2330 Framework for IP Performance Metrics
RFC 2681 A Round-trip Delay Metric for IPPM
RFC 4656 A One-way Active Measurement Protocol (OWAMP)
RFC 5481 Packet Delay Variation Applicability Statement
RFC 4737 Packet Reordering Metrics
RFC 5560 A One-Way Packet Duplication Metric
ITU-T Y.1540 Internet protocol data communication service IP packet
transfer and availability performance parameters
ITU-T Y.1541 Network performance objectives for IP-based services
ITU-T Y.1543 Measurements in IP networks for inter-domain performance
assessment
Benefits
TWAMP measures the IP performance of Layer-2 or 3 networks at all locations,
without the need for a special performance management system. Its ICMP Echo
service is useful for probing and general debugging, such as path continuity and
integrity verification.
Functional Description
ETX205A with PMC provides the full TWAMP feature: TWAMP Control and
TWAMP Test.
Full TWAMP supports the following:
IPv4 and IPv6, tagged and untagged, TWAMP frame format
PCP, DSCP, and TC (IPv6) for TWAMP generated traffic
Up to 64 TWAMP controllers and eight responders. Each controller and
responder is associated with a router interface within the configured router
entity, with the same IP address as the controller/responder. Controllers and
responders can reside on the same VRF or on different VRFs (up to four).
TWAMP controller supports up to 3,000 peers and up to 3,000 test sessions.
TWAMP Tests
TWAMP tests, a part of the Full TWAMP protocol, is layered over UDP; it is used
to exchange test packets between two measurement nodes.
The ETX-2i TWAMP controller supports the following TWAMP test protocols:
TWAMP Light (one-way or round-trip)
ICMP Echo (only round-trip)
The test protocol type (TWAMP Light or ICMP Echo) is defined per peer towards
specific responder. It is possible to operate mixed protocols (TWAMP Light and
ICMP Echo) per peer in the same TWAMP controller.
When the TWAMP responder receives a test packet, it reflects the test packet
after it adds an Rx stamp, a Tx stamp, and the following (if configured
accordingly):
Independent sequence number (tx-seq-num enabled)
Indication of forward fragmentation (tx-extended-info enabled)
Indication of responder ToD synchronization status (tx-extended-info
enabled)
When the TWAMP controller receives a test packet from the responder, it
calculates the following:
Packet Validity Determined by checking if the delay is less than the value
configured by command loss-timeout. If so, the Rx valid
count is incremented, otherwise the packet is dropped.
ToD Peer Status Calculated only for a peer with one-way calculation mode:
unknown tx-extended-info is disabled.
sync tx-extended-info enabled and responder ToD is
synchronized.
out-of-sync tx-extended-info enabled and responder ToD
is not synchronized.
which reflects the test packets to the controller. The controller processes the
resulting measurements and calculates metrics that can be displayed in test
reports (see Viewing TWAMP Reports).
In addition to viewing the metrics in the test reports, you can also view them via
the RADview Performance Management portal, if collection of PM statistics for
the OAM TWAMP component is enabled (via pm-collection command in the
reporting level). Refer to the Performance Management section in the
Monitoring and Diagnostics chapter for details.
TWAMP controllers and responders can operate in the following modes:
Layer-2 E-Line (pont-to-point) service L2 probe configuration; The TWAMP
controller/responder is associated with a router interface and bound to an
Ethernet/logical MAC/PCS port and flow.
IPv6 test sessions are not supported in this mode.
Up to a total of three controllers and responders are supported.
ETX-2i supports the two-way (round trip) ICMP Echo test, a member of the
TWAMP tests. It is a useful tool for testing and debugging path continuity and
integrity verification.
The test, supported for both IPv4 and IPv6, is based on ICMP/ICMPv6 Echo
request/reply packets. The ICMP Echo test is defined per peer towards a specific
responder, which can be any device or workstation with standard IPv4/IPv6 stack
that responds to standard ICMP/ICMPv6 Echo request packets. The ICMP peer can
generate multiple ICMP Echo test sessions to the same responder; these tests
differ in ICMP identifier, and possibly in packet length and DSCP. The ICMP peer
can generate ICMP Echo tests in continuous and non-continuous modes.
Prior to running the ICMP Echo test, you are required to configure the following
parameters:
Test packet definition:
Destination IP (peer level)
DSCP
Packet length
Transmit rate (pps)
Report/event/ alarm definition:
Loss timeout
Loss threshold
Delay threshold
Delay variation threshold
You do not configure peer parameters for the ICMP Echo test. The calculation
mode is not configurable; it is automatically set to default (round-trip). The
responder sequence number is also set to its default (off).
ICMP Echo test is performed as follows:
1. ICMP Echo IPv4/IPv6 test generates test packets based on IPv4/IPv6 ICMP
Echo request standard packets.
2. ICMP Echo builds test packets with:
Test session identifier
Controllers transmit sequence number
Controllers transmit timestamp
3. Controller identifies received packet according to ICMP identifier (represents
test session).
4. Packets round trip delay is calculated according to received and transmitted
timestamps.
5. Loss, duplicate, and reorder are calculated according to sequence number.
6. Metrics are calculated for roll-up window, current interval, and report interval
(as defined for TWAMP).
7. Metrics are collected, according to PM collection mechanism (as defined for
TWAMP).
8. ICMP Echo test events and alarms are generated as TWAMP events and
alarms with the same definitions.
Delay result (na / pass / fail)
DV result (na / pass / fail)
Loss result (na / pass / fail)
Factory Defaults
By default, no controllers or responders are configured.
Configuring TWAMP
You can configure low-scale (150 sessions) TWAMP in an ETX-2i device.
To configure TWAMP in an ETX-2i device, perform the following steps:
1. In the responder device:
a. Configure relevant SVI port (relevant for ETX-2i TWAMP; not in PMC
TWAMP in ETX205A) , router interface, and flows.
b. Configure relevant SNTP server(s).
c. Configure and activate TWAMP responder and relevant test session(s).
2. In the controller device:
a. Configure relevant SVI port, router interface, and flows.
b. Configure relevant SNTP server(s).
c. Configure TWAMP profile(s).
d. Configure and activate TWAMP controller, relevant peers, and test
sessions.
Configuring Controllers
To configure a TWAMP Light controller of an ETX-2i device:
1. Navigate to configure oam twamp.
The config>oam>twamp# prompt is displayed.
2. To configure the TWAMP controller, enter:
controller <name> [<number>] [light] [l2-probe]
Note The parameter l2-probe specifies that the controller is working in mode Layer-2
E-Line service (see Functional Description).
Binding controller to a port bind ethernet <port-index> Can bind controller to a port, only if
bind logical-mac <port-number> controller is in layer-2 probe mode.
bind pcs <port-number> Typing no bind deletes definition of
TWAMP ingress and egress port.
Defining peer entity peer <ip-address> twamp-light | See Running Test Sessions Via
(corresponding to responder), icmp-echo Controller Peers.
to run TWAMP test sessions
Associating controller with vlan-tag vlan <vlan> [p-bit <p-bit>] Can associate controller with VLAN
VLAN [inner-vlan <inner-vlan>] only if controller is in layer-2 probe
[inner-p-bit <inner-p-bit>] mode.
Possible values for vlan, inner-vlan:
0-4095, 0xFFFFFFFF (i.e. not
applicable)
Possible values for p-bit, inner p-bit:
0-7
Typing no vlan deletes VLANs for L2
service definition in L2 probe mode.
Activating all configured test activate duration <minutes> The tests run for the specified amount
sessions in one-time mode of time.
Type no activate to deactivate the
one-time (non-continuous) command.
Possible values for minures: 1-10080
(default: 1 minute)
Activating all configured test activate continuous The tests run until they are stopped.
sessions in continuous mode Type no activate to deactivate the
continuous command.
Defining the type of calculation-mode { round-trip | one-way round-trip: TWAMP controller peer
calculation for the TWAMP } calculates standard TWAMP metrics
metrics and partial one-way metrics:
Two-way metrics availability, loss,
delay, PDV (packet delay variation),
IPDV (inter-packet delay variation)
Partial one-way metrics IPDV,
duplicate packets, reordered
packets, fragmented packets (no
one-way delay or PDV metrics)
One-way loss and availability
one-way: TWAMP controller peer
calculates one-way metrics:
One-way metrics delay, PDV,
IPDV, duplicate packets, reordered
packets, fragmented packets
One-way loss and availability
Notes:
This parameter is masked when
using ICMP Echo protocol, as its
value is always round-trip (the
default).
This parameter can be changed
only if there is no active test
session.
You can set one-way mode only if
both the controller and responder
are ToD locked.
One-way loss and availability is
available only if responder is
configured to transmit an
independent sequence number
(tx-seq-num enabled), and
controller is configured accordingly
(responder-seq-num enabled).
One-way delay and PDV metrics are
available only if tx-extended-info
has been enabled in responder, and
it sent indication that its ToD (Time
of Day) is synchronized; the metrics
are accurate only if the controller
ToD is also synchronized.
The fragmented packet count in
the forward direction (controller to
responder) is available only if if tx-
extended-info has been enabled in
the responder, and it sent
indication of fragmentation.
Configuring test session test-session <number> The UDP and DSCP can be used to
[name <name-string>] distinguish between test sessions.
[udp-port <udp-port-number>] UDP port number: 165535
[test-profile <profile-name>]
Test profile name: Up to 32 characters
[dscp <dscp-number>]
DSCP number: 063 (default: 0)
Notes:
The udp-port parameter is masked
when using the ICMP Echo protocol.
iewing test report show report <name> all See Viewing TWAMP Reports.
show report <name> current
show report <name> interval
<interval-num>
Configuring delay variation delay-variation-event-type {pdv | ipdv} pdv Packet delay variation metric
event type to define whether ipdv Inter-packet delay variation
the PDV or IPDV metric is metric
used for the delay threshold
See RFC 5481 for details on these
metrics.
Defining test profile packet transmit-rate <pps> Note: In layer-2 probe mode, 150 pps
transmit rate in PPS is possible only if the test packet
payload length is not greater than 170.
Configuring Responders
This section describes how to create a TWAMP responder entity.
To configure a TWAMP Light responder of an ETX-2i device:
1. Navigate to configure oam twamp.
The config>oam>twamp# prompt is displayed.
2. To configure the TWAMP Light responder, enter:
responder <name> [<number>] [light] [l2-probe]
Note The parameter l2-probe specifies that the responder is working in mode Layer-2
E-Line service (see Functional Description).
Binding responder to a port bind ethernet <port-index> Can bind responder to a port, only if
bind logical-mac <port-number> responder is in layer-2 probe mode.
bind pcs <port-number> Typing no bind deletes definition of
TWAMP ingress and egress port.
Associating responder with a router-entity <number> The parameter <number> is the router
router that contains a number, in which a router interface
suitable router interface must be configured with the same IP
address as local-ip-address.
Possible values:
0 (default) no router entity
1-Maximum number of router entities
Associating responder with vlan-tag vlan <vlan> [p-bit <p-bit>] Can associate responder with VLAN<
VLAN [inner-vlan <inner-vlan>] only if responder is in layer-2 probe
[inner-p-bit <inner-p-bit>] mode.
Possible values for vlan, inner-vlan:
0-4095, 0xFFFFFFFF (i.e. not
applicable)
Possible values for p-bit, inner p-bit: 0-
7
Typing no vlan deletes VLANs for L2
service definition in L2 probe mode.
Peer test sessions show status in level config oam twamp controller peer
status
Counter Description
Loss Packets Fwd Number of packets lost in forward direction, calculated by Tx Packets Fwd
Rx valid count
Loss Packets Back Number of packets lost in backward direction, calculated by Tx Packets Back
Rx valid count
Loss Ratio Fwd Loss Packets Fwd divided by Tx Packets Fwd, converted to a percentage
Loss Ratio Back Loss Packets Back divided by Tx Packets Back, converted to a percentage
Counter Description
Availability Count Fwd (sec) Number of available seconds in forward direction. A (forward) minute is declared
as unavailable if it has more than 75% packet loss in forward direction,
therefore it is available if packet loss in forward direction is 25% or less. When a
minute is declared unavailable, the delay, delay variation, loss measurements,
and their derived metrics are ignored for that minute.
Availability Count Back (sec) Number of available seconds in backward direction. A (backward) minute is
declared as unavailable if it has more than 75% packet loss in backward
direction therefore it is available if packet loss in backward direction is 25% or
less. When a minute is declared unavailable, the delay, delay variation, loss
measurements, and their derived metrics are ignored for that minute.
Duplicate Packets Fwd Number of duplicate packets in forward direction. A packet is considered
duplicate (forward) if its controller sequence number or controller Tx timestamp
matches that of a previously received packet in forward direction.
Duplicate Packets Back Number of duplicate packets in backward direction. A packet is considered
duplicate (backward) if its responder Tx timestamp matches that of a previously
received packet in backward direction.
Duplicate Ratio Fwd Duplicate Packets Fwd divided by Tx Packets Fwd, converted to a percentage
Duplicate Ratio Back Duplicate Packets Back divided by Tx Packets Back, converted to a percentage
Reordered Packets Fwd Number of reordered packets in forward direction. A packet is considered
reordered (forward) if its controller sequence number or controller Tx timestamp
is smaller than that of a previously received packet in forward direction.
Reordered Packets Back Number of reordered packets in backward direction. A packet is considered
reordered (backward) if its responder sequence number is smaller than that of a
previously received packet in backward direction.
Reordered Ratio Fwd Reordered Packets Fwd divided by Tx Packets Fwd, converted to a percentage
Reordered Ratio Back Reordered Packets Back divided by Tx Packets Back, converted to a percentage
Fragmented Packets Fwd Number of fragmented packets in forward direction. When the TWAMP
responder receives a fragmented packet, when it reflects it to the controller, the
responder sends indication of fragmentation, if tx-extended-info was enabled.
When this indication is received, the controller increments the Fragmented
Packets Fwd counter.
Fragmented Packets Back Number of fragmented packets in backward direction. When the TWAMP
controller recognizes a fragmented packet, it increments the Fragmented
Packets Back counter.
Delay-Fwd Threshold Crossing Number of packets in forward direction with delay larger than the delay
Count threshold configured for the corresponding test profile
Delay-Back Threshold Number of packets in backward direction with delay larger than the delay
Crossing Count threshold configured for the corresponding test profile
Counter Description
PDV-Fwd Max (ms) Maximum of PDV (Packet Delay Variation) values in forward direction. Packet
Delay Variation is calculated according to ITU-T Y.1540, by subtracting the
minimum delay from the 99.9% percentile of the delay values
PDV-Fwd Average (ms) Average of PDV (Packet Delay Variation) values in forward direction, calculated
by subtracting Delay-Fwd Min from Delay-Fwd Average
PDV-Back Max (ms) Maximum of PDV (Packet Delay Variation) values in backward direction
PDV-Back Average (ms) Average of PDV (Packet Delay Variation) values in backward direction
IPDV-Fwd Max (ms) Maximum of IPDV (Inter Packet Delay Variation) values in forward direction. Inter
Packet Delay Variation is calculated according to RFC 5481, from the variations
of the delays between valid packets.
IPDV-Fwd Average (ms) Average of IPDV (Inter Packet Delay Variation) values in forward direction
IPDV-Back Max (ms) Maximum of IPDV (Inter Packet Delay Variation) values in backward direction
IPDV-Back Average (ms) Average of IPDV (Inter Packet Delay Variation) values in backward direction
Examples
flow E3toE1
classifier v100
ingress-port ethernet 0/3
egress-port ethernet 0/1 queue 0 block 0/1
no policer
no shutdown
exit
exit
Test session:
Profile with payload length 150, and loss timeout 1 second
UDP port 999
DSCP 0
exit all
#*********Configure SVI for TWAMP
configure
port svi 2 twamp
no shutdown
exit
exit
flow E3toE1
classifier v100
ingress-port ethernet 0/3
egress-port ethernet 0/1 queue 0 block 0/1
no policer
no shutdown
exit
exit
vlan 1
exit all
flow BP2toE0_1
classifier v1
ingress-port bridge-port 1 2
egress-port ethernet 0/1 block 0/1
no policer
no shutdown
exit
flow SVI2toBP3
classifier all
ingress-port svi 2
egress-port bridge-port 1 3
vlan-tag push vlan 1 p-bit fixed 0
no policer
no shutdown
exit
exit
configure
port svi 2 twamp
no shutdown
exit
exit
flow BP1to E1
classifier v1
ingress-port bridge-port 1 1
egress-port ethernet 1 block 0/1
no policer
no shutdown
exit
flow BP2to E3
classifier v1
ingress-port bridge-port 1 2
egress-port ethernet 3 block 0/1
no policer
no shutdown
exit
flow BP3toSVI2
classifier v1
ingress-port bridge-port 1 3
egress-port svi 2
vlan-tag pop vlan
no policer
no shutdown
exit
flow SVI2toBP3
classifier all
ingress-port svi 2
egress-port bridge-port 1 3
vlan-tag push vlan 1 p-bit fixed 0
no policer
no shutdown
exit
exit
Note This example assumes for the routers in the controller and responder:
In the controller, the next hop to reach the 22.22.22.0/24 subnet is
12.12.12.2
In the responder, the next hop to reach the 12.12.12.0/24 subnet is
22.22.22.2
flow SVI2toE1
classifier untagged
ingress-port svi 2
egress-port ethernet 0/1 queue 0 block 0/1
no policer
no shutdown
exit
exit
address 22.22.22.1/24
address 22:22:22::1/64
bind svi 2
no shutdown
exit
static-route 12.12.12.0/24 address 22.22.22.2
exit
flow SVI2toE1
classifier untagged
ingress-port svi 2
egress-port ethernet 0/1 queue 0 block 0/1
no policer
no shutdown
exit
exit
Controller Test Name Dir IP Size Loss Delay PDV IPDV Result
DSCP Ratio Max Max Max
(bytes) (ms) (ms) (ms)
----------------------------------------------------------------------------
1 fwd 22 1280 2.0E-2 0.658 0.065 0.048 Fail
1 bck 22 1280 0 0.263 0.014 0.011 Pass
Configuration Errors
The following table lists the messages generated by the device when a
configuration error is detected.
Cannot modify; TWAMP Tried modifying the bound Shut down the controller and then
controller is active port definition while controller modify the bound port definition.
was active (status was not
shutdown).
Cannot modify; TWAMP Tried modifying the bound Wait for the active test to terminate
controller has active test port definition while controller and then modify the bound port
had an active test. definition.
Cannot delete; TWAMP controller Tried removing the bound port Shut down the controller and then
is active while controller was active remove the bound port.
(status was not shutdown).
Tried removing the VLAN Shut down the controller and then
definition while controller was remove the VLAN definition.
active (status was not
shutdown).
Cannot delete; TWAMP controller Tried removing the bound port Wait for the active test to terminate
has active test while controller had an active and then remove the bound port.
test.
Tried removing the VLAN Wait for the active test to terminate
definition while controller had and then remove the VLAN definition.
an active test.
Cannot activate; router entity Tried activating controller Define router entity and local IP
and local ip address must be when router entity and/or local address, and then activate controller.
defined IP address were not defined.
Cannot activate; router entity, In l2-probe mode, tried Define router entity, local IP address,
local ip address and port must activating controller when and port, and then activate controller.
be defined router entity, local IP address,
and/or port were not defined.
Cannot delete; peer has active Tried deleting peer entity, Wait for active test to terminate, and
test while there was an active test. then delete peer entity.
Cannot create; name already in Tried giving a test session a Give test session a unique name.
use name that already exists under
peer context.
Cannot activate; controller not Tried activating peer test Wait for controller to be ready, and
ready sessions when controller then activate peer test sessions.
status was idle (not ready).
Cannot activate; peer has active Tried activating peer test Wait for active tests to terminate, and
test sessions while there were then activate peer test sessions.
active tests.
Cannot delete; TWAMP Tried removing active Shut down the responder and then
responder is active responder (status idle or delete it.
ready).
Tried deleting the bound port Shut down the responder and then
definition while responder was delete the bound port definition.
active (status idle or ready).
Tried removing VLAN definition Shut down the responderer and then
while responder was active remove the VLAN definition.
(status idle or ready).
Cannot modify; TWAMP Tried modifying the bound Shut down the responder and then
responder is active port definition while responder modify the bound port definition.
was active (status idle or
ready).
Standards
The following standards are supported:
IEEE 802.1p
IEEE 802.1Q
MEF 10.3
Benefits
QoS allows you to optimize bandwidth, avoiding the need to allocate excessive
bandwidth to facilitate the necessary bandwidth for traffic at different
requirements of speed and quality.
Functional Description
Traffic Management
ETX-2i traffic management entities are called queue groups. They are configured
over physical ports. The queue groups consist of 2-level scheduling elements
(queue blocks) per port. The queue blocks consist of internal queues.
Additionally, shapers operate at per-scheduling-element level to shape traffic
into a required traffic profile (CIR, CBS or CIR/EIR, CBS/EBS).
Each flow is assigned to a queue block as its destination. Each queue block
includes scheduling queues in accordance with CoS delivery priorities. Flow
packets are mapped in the following ways to queues:
Mapped explicitly to a specific queue
Mapped to a queue according a queue mapping profile (p-bit or DSCP to
queue)
Mapped according to the packets CoS, in case of bridge or ETP (set by CoS
mapping profile at the ingress), whereby CoS 7 is mapped to the lower
priority queue, and CoS 0 to the highest
Scheduling
ETX-2i supports a combination of traffic scheduling techniques, whereby
applications requiring low latency and jitter are mapped to Strict priority queues,
while other services are mapped to the remaining slots using weighted fair
queuing (WFQ) and best effort (BE):
The Strict priority queues ensure minimal latency and jitter for the RT traffic,
even when a large amount of bursty data traffic is sent over the same
uplink. Strict priority traffic is always processed first, while flows mapped to
the WFQ slots are buffered until the strict priority queues are empty.
Factory Defaults
See the following sections for each QoS types specific defaults.
0 Best effort
1 Background
2 Spare
3 Excellent effort
4 Controlled load
5 Video
6 Voice
7 Network control
Queue mapping profiles are used to convert the following user priorities into
internal priority queues.
Class of Service When ingress traffic is mapped to an internal CoS (e.g p-bit
(CoS) or DSCP to CoS) at the Bridge port ingress, ETP subscriber
ingress, and flow that uses an envelope policer
For each profile, you have to define the queue mapping to map the user priority
values to the internal queue values. The internal queues are combined into a
queue profile, which can be assigned to a queue block.
Factory Defaults
Examples
map 55 to 4
map 63 to 5
exit all
Note If the flow from UNI to NNI is classified with one of the above classifications
(p-bit only, ip-dscp, or ip-precedence), Up MEP and customer-tag-excluded MEP
do not work and it is therefore recommended not to use them.
Factory Defaults
By default, there are no CoS mapping profiles. When you create a CoS mapping
profile, it is configured as follows:
Classification p-bit
Mappings:
Map 0 to CoS 7.
Map 1 to CoS 6.
Map 2 to CoS 5.
Map 3 to CoS 4.
Map 4 to CoS 3.
Map 5 to CoS 2.
Map 6 to CoS 1.
Map 7 to CoS 0.
Untagged to CoS 7, for profile assigned to multi-Cos flow in case of p-bit
mapping
Non-IP to CoS 7, for profile assigned to multi-Cos flow in case of DSCP
mapping
4. If the CoS mapping profile is intended for use with a multi-Cos flow:
a. Define the mapping of untagged traffic in case of p-bit mapping:
map untagged to <0-7>
b. Define the mapping of non IP traffic in case of DSCP mapping:
map non-ip to <0-7>
Examples
Color mapping profiles with classification type p-bit are configurable, whereas
color mapping profiles with classification type DEI are not configurable.
Color mapping profiles can be assigned to flows and rings.
Factory Defaults
By default, there is no color mapping profile. When a color mapping profile with
classification type p-bit is created, all the p-bit values are mapped to green.
Example
To create a color mapping profile kcolpb to map odd p-bit values to green, and
even to yellow:
exit all
configure qos
color-map-profile kcolpb classification p-bit
map 0 to yellow
map 2 to yellow
map 4 to yellow
map 6 to yellow
exit all
save
Marking Profiles
Marking profiles map the p-bit, IP precedence, DSCP, or CoS classifications to the
egress priority tags (p-bit) or DSCP values (ip-dscp). The marking can also be
done per color (green and/or yellow), to support color re-marking, optionally
specifying the Drop Eligible Indicator (DEI) bit in the frame header.
In the case that you configure the ETHoGRE tunnel DSCP value using a DSCP
marking profile (refer to Ethernet over GRE (EoGRE) Tunnel section in Chapter
8), you must first configure the DSCP marking profile with classification p-bit and
method ip-dscp (see below).
Factory Defaults
ETX-2i provides a default non color-aware marking profile named
MarkingProfile1, which can be used when the ingress traffic is prioritized
according to the 802.1p requirements. It is defined with classification p-bit and
method p-bit, and the following markings:
P-bit 0 => priority 0
P-bit 1 =>priority 1
P-bit 2 =>priority 2
P-bit 3 =>priority 3
P-bit 4 =>priority 4
P-bit 5 =>priority 5
P-bit 6 =>priority 6
P-bit 7 =>priority 7
When a non color-aware marking profile is created, it has the same
configuration as MarkingProfile1.
Note You must specify cos if the marking profile is intended for use with a multi-CoS
flow.
Note While working with ETP, marking profile on Transport flows must be mapped by
cos (marking-profile 1 classification cos) and not p-bit (marking-profile 1
classification p-bit).
The dei parameter affects the Drop Eligible Indicator (DEI) bit in transmitted
frames as follows:
always-green Frames transmitted from the device are marked via the
DEI bit as not eligible to be dropped. In this case, the color-aware
parameter can be none or green-yellow.
always-yellow Frames transmitted from the device are marked via the
DEI bit as eligible to be dropped. In this case, the color-aware parameter
must be green-yellow.
by-policer Yellow frames transmitted from ETX-2i are marked via the
DEI bit as eligible to be dropped, and green frames transmitted from
ETX-2i are marked as not eligible to be dropped. In this case, the
color-aware parameter can be none or green-yellow.
3. Map the user priority (and packet color, if it is a color-aware marking profile)
to a priority marking value according to the specific profile parameters
(classification and method), as follows.
At the config>qos>marking-profile(<profile-name>)$ prompt, enter:
Non color-aware profile:
mark <user-priority> to <priority-marking>
Color-aware profile:
mark <user-priority> {all|green|yellow} to <priority-marking>
Where user-priority value can be set to:
0-7 for marking profile configured with classification p-bit, ip-
precedence, or cos
0-63 for marking profile configured with classification ip-dscp
And priority-marking value can be set to:
0-7 for marking profile configured with method p-bit
0-63 for marking profile configured with method ip-dscp
Bandwidth Profiles
ETX-2i supports the following bandwidth profiles:
You can control the egress bandwidth utilization by defining the committed
information rate (CIR) and committed burst size (CBS) in shaper and policer
profiles. You can also define the excessive information rate (EIR), excessive burst
size (EBS), and compensation in policer profiles.
CBS Defines the Committed Burst Size (CBS) for the current
profile. The CBS specifies the maximum guaranteed burst
size (green bucket size).
EIR Defines the Excess Information Rate (EIR). The EIR specifies
an extra bandwidth with no service guarantee (yellow
bucket rate).
EBS Defines the Excess Burst Size (EBS). The EBS specifies the
extra burst with no service guarantee (yellow bucket
size).
Compensation Defines the amount of bytes that the shaper or policer can
compensate for Layer-1 overhead (preamble and IFG) and
the overhead for the additional VLAN header in case of
stacking.
Color Aware You can specify the policer profile as color aware.
If the policer profile is specified as color aware, you can set the packet color as
follows:
1. If the arriving packet is marked green and and the CIR bucket complies, the
packet color is set to green.
2. If the result of the preceding test is not true, then ETX-2i checks if the EIR
bucket complies (if the coupling flag is set, the CIR+EIR bucket is used):
If the test result is true, the packet color is set to yellow.
If the test result is false, the packet color is set to red (packet is
dropped).
Factory Defaults
The default for bandwidth-round-up is no bandwidth-round-up. The default
value for envelope-ranks (maximum number of ranks in envelope profiles) is 4.
ETX-2i provides default bandwidth profiles, as specified in the following table.
cir 0
9999872
cbs 0
16000000
compensation 0 0
When an envelope profile is created, it has the default values shown in the
following table.
Parameter Value
compensation 0
cf-policy sharing-excess-bw
color-aware no color-aware
cos <n> bandwidth cir 0 cir-max 10000000 cbs 0 eir 0 eir-max 10000000 ebs 0
CIR3
EIR3
1
Rank #3 CBS 3 CF3
0
EBS3
CIR2
EIR2
1
Rank #2 CBS 2
CF 2
0
EBS2 Envelope
CIR2
EIR1
1
1
1
Rank #1 CBS CF
0
EBS1
0 1
CF0
When the envelope profile is assigned to a multi-CoS flow (see Multi-CoS Flows),
it enables the flow to share excess bandwidth. The bandwidth sharing can be
overflowed to the excess bucket (see Figure 11-7) or independent from the
excess bucket (see Figure 11-8).
CIR3
EIR3
1
3 3
CBS CF
EBS3
CIR2
EIR2
2
1
2
CBS CF
EBS2
2
CIR
EIR1
1
CBS1 CF1
EBS1
CIRenv
EIRenv
CBS3 CF3
0
EBS3
CBS2 CF2
0
EBS2
CBS1 CF1
0
EBS1
Note The following must be true in order to change the maximum number of ranks
from 4 to 8:
No more than 125 active envelope policer instances exist in the device.
No more than 32 envelope profiles are configured.
The following must be true in order to change the maximum number of ranks
from 8 to 4:
No envelope policer profile is configured with more than 4 ranks.
2. Enter:
envelope-ranks {4|8}
A message is displayed recommending that you reset the device in order
to save the configuration and for changes to go into effect.
Specifying the CIR (Kbps) and CBS bandwidth [cir <cir-kbit-sec>] [cbs <cbs-bytes>] Notes:
(bytes) bandwidth limits CIR allowed values:
010,000,000
(see Table 11-13 for the
shaper CIR granularity)
CBS allowed values:
0, or 6416777215
Compensating for Layer-1 overhead compensation <063> For pre-forwarding (ingress)
and additional VLAN tag (in bytes) traffic management, the
compensation is configurable in
the 0-63 range.
For post-forwarding (egress),
traffic management, the
compation is applied to level-0
shapers only. It can be set to 0
(data rate) or 20 (line rate).
Device CIR > 130 Mbps (fast) CIR <= 130 Mbps
(slow)
Examples
Multicast Multicast traffic from the port is limited per the configured
CIR and CBS bandwidth limits.
Unknown Unicast Unknown Unicast traffic from the port is limited per the
configured CIR and CBS bandwidth limits. This is relevant
only for traffic into a bridge.
2. Type:
policer-profile <policer-profile-name>
A policer profile with the specified name is created and the following
prompt is displayed:
config>qos>policer-profile(<policer-profile-name>)$
The new policer profile parameters (except for name) are configured by
default as described in Factory Defaults.
3. Configure the policer profile as described in Configuring Policer Profile
Parameters.
Specifying the CIR (Kbps), CBS bandwidth [cir <cir-kbit-sec>] [cbs <cbs-bytes>] Notes:
(bytes), EIR (Kbps), and EBS (bytes) [eir <eir-kbit-sec>] [ebs <ebs-bytes>] CIR & EIR allowed values:
bandwidth limits
010000000
CBS & EBS allowed values:
0, or 642097151
CIR can be set to zero only if
CBS is set to zero.
EIR can be set to zero only if
EBS is set to zero.
CIR + EIR must not exceed the
maximum available bandwidth.
CBS should be greater than the
maximum frame size.
For policer profiles that will be
attached to Ethernet ports to
limit broadcast/multicast
traffic, only the CIR and CBS
parameters are relevant (EIR
and EBS should be set to 0).
A high-speed policer (CIR or
EIR >= 100,000 Kbps) cannot
be associated with more than
64 flows.
The CIR and EIR granularity
depend on the configured
values, as described in
Table 11-14.
The actual rate is rounded
down or up according to the
setting of
bandwidth-round-up.
The CBS must be greater than
or equal to the CIR divided by
policer granularity.
IR (CIR, EIR) CBS < 2 MB <= CBS 4 MB <= CBS 8 MB <= CBS 16 MB <= CBS
2 MB < 4 MB < 8 MB < 16 MB < 32 MB
10,000 Kbps <= IR 100 Kbps 200 Kbps 400 Kbps 800 Kbps 1600 Kbps
< 100,000 Kbps
Examples
Note CIR and EIR are rounded down to 64K granularity, as this is a low-speed policer
with burst size < 64,000 bytes.
exit all
configure qos policer-profile Policer4
bandwidth cir 50000 cbs 28000 eir 30000 ebs 20000
compensation 56
exit all
Factory Defaults
By default, no policer aggregates exist. When a policer aggregate is created, it
has the following configuration:
No assigned policer profile
No assigned flows
Rate sampling window (interval for sampling the associated flow statistics)
set to 15 minutes
Note You assign flows to the policer aggregate in the flow level (see Configuring
Flows for details).
Examples
Specifying the CIR (Kbps), CBS cos <value> bandwidth [cir <cir-kbit-sec>] Range for cos value is 07; you can
(bytes), EIR (Kbps), and EBS [cir-max <cir-max-kbit-sec>] [cbs <cbs-bytes>] define up to four or eight cos
(bytes) bandwidth limits, for a [eir <eir-kbit-sec>] [eir-max <eir-max-kbit-sec>] values in an envelope profile.
particular CoS [ebs <ebs-bytes>] [coupling-flag <coupling-flag>] Range for <cir-kbit-sec>,
<cir-max-kbit-sec>, <eir-kbit-sec>,
and <eir-max-kbit-sec>:
010000000 (010 Gbps)
Range for <cbs-bytes>,
<ebs-bytes>:
02000000 (02Mbytes)
<cir-max-kbit-sec> must be greater
than or equal to <cir-kbit-sec>.
<eir-max-kbit-sec> must be greater
than or equal to <eir-kbit-sec>.
coupling-flag controls the path of
overflow tokens: 0=overflow to
committed token bucket, 1=
overflow to excess token bucket.
queue can hold at one time. For example, if you configure 16384 frame
buffers, then the queue can tolerate bursts of up to 16384 packets (if the
queue size allows it).
Depth (queue size), in bytes.
Factory Defaults
ETX-2i provides a default queue block profile named DefaultQueue1, which
defines queues 07 as follows:
Congestion avoidance WRED profile corresponding to queue
Scheduling method WFQ, with weight set to 100
Number of frame buffers 511
Depth 49,152
Specifying queue depth (in bytes) depth <value> Possible values: 642097152
Notes:
If queue depth is confgured to below 64, it is
automatically rounded up to 64 bytes.
The queue depth that you configure might be
changed by ETX-2i due to granularity . After you
configure the queue depth, it is recommended to
use info detail to see the actual value
If a queue contains a relatively small amount of
frame buffers such as the default value 511, it is
possible for the queue to be full when every
buffer is in use, even if the queue size has not
reached the maximum. This is more likely to
happen in the case of relatively small frame sizes.
Setting scheduling method scheduling { strict | wfq <weight>| The WFQ weight range is 31000
best-effort} Strict queues must have queue indices lower than
WFQ or best-effort queues, and WFQ queues must
have queue indices lower than best-effort queues.
065535 64
65536131071 128
131072262143 256
262144524287 512
5242881048575 1024
10485762097151 2048
Examples
queue 0
scheduling strict
depth 524288
exit
queue 1
scheduling strict
depth 212992
exit
queue 2
scheduling wfq 75
exit
queue 3
scheduling wfq 75
exit
queue 6
scheduling best-effort
depth 49152
exit
queue 7
scheduling best-effort
depth 49152
exit all
Factory Defaults
ETX-2i provides a default queue group profile named DefaultQueueGroup,
configured as shown:
ETX-2i# configure qos queue-group-profile DefaultQueueGroup
ETX-2i> config>qos>queue-group-profile(DefaultQueueGroup)# info
detail
queue-block 1/1
name "Level1QueueBlock"
profile "Scheduling1"
no shaper
exit
queue-block 0/1
name "Put your string here"
profile "DefaultQueue1"
bind queue 0 queue-block 1/1
shaper profile "Shaper1"
exit
queue-block 0/2
name "Put your string here"
profile "DefaultQueue1"
bind queue 1 queue-block 1/1
shaper profile "Shaper1"
exit
Note
Normally there is no need for you to enter the bind command. When you add a
queue block in level 0 to the profile, bind is done automatically.
You cannot use the bind command if the queue group contains a single
queue block in level 0.
Examples
Note This example uses the shaper profile and queue block profile created in the
examples in the preceding sections.
exit all
configure qos queue-group-profile QGroupProf1
queue-block 0/1
profile QBlockProf1
shaper profile Shap2
exit all
WRED Profiles
The ETX-2i traffic management engine employs a weighted random early discard
(WRED) mechanism for intelligent queue management and congestion
avoidance. The WRED algorithm monitors the fill level of each queue and
determines whether an incoming packet should be queued or dropped, based on
statistical probabilities.
Applicable Products
This feature is applicable to all ETX-2i products.
Functional Description
Congestion control policy is defined by:
Tail drop for green packets Packets are queued if there is room in the
queue, and are dropped if the queue is full.
WRED profile for yellow packets
100%
Tail drop for
green packets
Queue depth
Min Max 100% (% of maximum)
threshold threshold
Factory Defaults
There are eight WRED profiles available, named WREDProfile0 through
WREDProfile7, bound to the corresponding queues.
Note You can configure the parameters for the color yellow only.
Example
Standards
ITU-T Y.1564
Benefits
The Y.1564 testing methodology allows service providers to have a standard way
of measuring the performance of IP transport services. The tests are performed
per multiple traffic streams simultaneously, confirming policing per EVC or
EVC.CoS.
Factory Defaults
By default, there are no L3 SAT entities configured in ETX-2i.
When a peer profile is created, it has the following default configuration.
bw-steps 25 50 75 100
configuration-duration 100
performance-duration 120
policing-test policing-test
report-type no-clock-sync
udp-port 53248
availability-threshold 9990
delay-threshold 200000
delay-variation-threshold 100000
ip-size 256
loss-ratio-threshold 1000
dscp 0
router-entity 1
router-entity 1
udp-port 53248
Functional Description
L3 SAT testing has the following objectives:
Validate that the IP transport service is correctly configured.
Validate the quality of the services as delivered to the end user.
L3 SAT tests can be performed over Layer-3 networks, or as a Layer-3 service
over a Layer-2 network.
Test Phases
The methodology has a service configuration test phase followed by a service
performance test phase; the service configuration test is short in order to
prevent wasted time caused by failed service performance tests. The test
flowchart below illustrates the two phases.
Enter test
parameters
Start test
Pass
Service
performance
test
Pass
Test completed
Configuration Test
The configuration test validates that services are configured as intended before
proceeding to the service performance test. The following are performed:
Preliminary (common for all test sessions):
Verify connectivity If the connectivity subtest fails, the configuration
test fails and the L3 SAT to the relevant peer is stopped. Otherwise, the
detected responder type is recorded and shown in the test report.
Determine the path MTU If the MTU subtest fails, the configuration
test fails and the L3 SAT to the relevant peer is stopped. Otherwise, the
discovered MTU is recorded and shown in the test report.
Note The preliminary tests are always performed, even if the configuration phase is
not included in the scope of the test.
size at a time. The bandwidth subtest is successful if the subtest results are
within the configured Service Acceptance Criteria (SAC) limits.
If a bandwidth subtest fails for a particular packet size, the testing for that
packet size continues and all remaining bandwidth subtests are performed.
If packet sizes larger than the discovered MTU were configured for the test
session, the bandwidth subtest is considered failed for these packet sizes; it is
not performed for packet sizes larger than the MTU.
A test session is declared successful only if the results for all tested packet sizes
are within SAC limits.
The configuration test is declared successful if the results for all the test
sessions are successful.
Performance Test
The performance test validates the quality of the services over a
user-configurable period of time, as follows:
Traffic is generated for all services at the configured bandwidth level.
For all the test sessions, test packets are sent simultaneously at 100% of
the bandwidth configured per test session.
Per test session, the duration of the performance test is evenly divided
between the different packet sizes, e.g. per test session, each packet size is
transmitted for an equal amount of time.
The performance test is declared successful if the results are within SAC limits.
Test Elements
L3 SAT includes the following elements:
Peers Used to run TWAMP test sessions. One or more peers can
be configured per generator with IP address(es)
corresponding to responder(s).
Test Sessions One or more test sessions can be configured per peer.
Responders Receive test and OAM frames from generator, and transmit
responses to generator. Responders can be the following
types:
IP loop filters incoming traffic by destination IP address,
and loops it back while performing MAC address swap and
IP address swap
UDP loop filters incoming traffic by destination IP address
and UDP port, and loops it back while performing MAC
address swap, IP address , and UDP port swap
Loop and timestamp filters incoming traffic by
destination IP address and UDP port and performs IP loop
for loss measurement packets, UDP loop with timestamp
for delay measurement packets
Note
Responders can be ETX-2i devices or third-party devices. Third-party responders
can be only IP loop or UDP loop types. Only ETX-2i can be a loop and timestamp
responder, and only an ETX-2i responder can provide one-way metrics.
c. Configure and activate L3 SAT generator and relevant peers and test
sessions.
Configuring Generators
To configure L3 SAT generators:
1. Navigate to configure test l3sat.
The config>test>l3sat# prompt is displayed.
2. Enter:
generator <name> [l2-probe]
Note The optional parameter l2-probe is used to specify Layer-3 over Layer-2
operation. The default without the parameter is Layer-3 service.
Associating generator with vlan-tag <vlan> p-bit fixed <p-bit> <vlan> Outer VLAN tag of test
VLAN, if the generator is [inner-vlan <inner-vlan>] packets
working in layer-2 probe mode [inner-p-bit <inner-p-bit>] <p-bit> Outer VLAN priority of
vlan-tag <vlan> p-bit marking test packets
<dscp-to-pbit-profile> [inner-vlan <inner-vlan> Inner VLAN tag of
<inner-vlan>] [inner-p-bit <inner-p-bit>] test packets
<inner-p-bit> Inner VLAN priority
of test packets
<dscp-to-pbit-profile> Marking
profile used to mark outer VLAN
priority of test packets
Configuring Peers
To configure L3 SAT peers:
1. Navigate to configure test l3sat generator <name>.
The config>test>l3sat>generator(<name>)# prompt is displayed.
2. Enter:
peer <ip-address>
The prompt config>test>l3sat>generator(<name>)> peer(<ip-address>)#
is displayed.
3. Enter all necessary commands according to the tasks listed below.
Assigning a test session test-session <name> session-profile Multiple test sessions can be
<profile-name> bw <kbps> defined in the peer.
[dscp <number>] bw rate of the test session
traffic in Kbps
dscp priority value for the
test session traffic
Displaying results and show report <test-name> Available only if peer was
measurements for a specific test activated
Defining the duration of the configuration-duration <seconds> Possible values: 60300 seconds
configuration phase for each
test session
Setting the scope of the test: scope [configuration] [performance] You can enter the command
configuration test, performance with one or both parameters.
test, or both
Defining test packet size ip-size [64] [128] [256] [512] [1024] You can specify up to four
[1280] [1500] [mtu] [custom <size>] packet sizes.
Range for custom <size>:
522094
Configuring Responders
To configure L3 SAT responders:
1. Navigate to configure test l3sat.
The config>test>l3sat# prompt is displayed.
2. Enter:
responder <name> [l2-probe]
Note The optional parameter l2-probe s used to specify Layer-3 over Layer-2
operation. The default without the parameter is Layer-3 service.
Associating responder with a router-entity <number> The parameter <number> is the router
router that contains a number, in which a router interface
suitable router interface must be configured with the same IP
address as local-ip-address.
Associating responder with vlan-tag <vlan> p-bit fixed <p-bit> <vlan> Outer VLAN tag of test
VLAN, if the responder is [inner-vlan <inner-vlan>] packets
working in layer-2 probe [inner-p-bit <inner-p-bit>] <p-bit> Outer VLAN priority of
mode vlan-tag <vlan> p-bit marking test packets
<dscp-to-pbit-profile> [inner-vlan <inner-vlan> Inner VLAN tag of
<inner-vlan>] [inner-p-bit <inner-p-bit>] test packets
<inner-p-bit> Inner VLAN priority
of test packets
<dscp-to-pbit-profile> Marking
profile used to mark outer VLAN
priority of test packets
Note
Elapsed Time includes the time it has so far taken to perform the steps,
including the inter-step wait time.
prompt, enter:
show summary-report
ETX-2i>config>test>l3sat>generator(gen3)>peer(50.50.50.101)# show summary-
report
End Points
Generator Address : 50.50.50.100
Responder Address : 50.50.50.101
Responder Type : Loop & Timestamp
MTU (bytes) : 1500
Test
Scope : Configuration + Performance
Peer Profile Name : peer1
Start Date & Time : 2014-12-04 13:28:10
End Date & Time : 2014-12-04 13:31:23
Total Duration : 193
Overall Result : Failed
Test
Scope : Configuration + Performance
Peer Profile Name : peer1
Report Type : No Clock Sync
BW (Mbps) : 1.000
DSCP : 3
IP Sizes (bytes) : 128, 512, 750
Session Profile Name : session3
Start Date & Time : 2014-12-04 13:33:55
End Date & Time : 2014-12-04 13:42:08
Total Duration : 493
Overall Result : Failed
Configuration Phase
-----------------------------------------------------------------------------
Duration (sec) : 100
Configuration Result : Passed
Step Load
-----------------------------------------------------------------------------
Parameter Step#1 Step#2 Step#3 Step#4 Thr
---------------- -------- -------- -------- -------- --------
Tx Rate (Mbps) 0.249 0.500 0.749 1.001
IR - mean (Mbps) 0.249 0.499 0.750 1.001
PL - count 1 0 0 1
PLR 6.0E-4 0 0 1.0E-4 1.000E-3
PTD - min (ms) 4.075 4.073 4.062 4.077
PTD - mean (ms) 4.142 4.137 4.132 4.132 200.000
PTD - max (ms) 4.248 4.268 4.267 4.265
PTD - std (ms) 0.032 0.040 0.041 0.042
PDV - mean (ms) 0.067 0.064 0.070 0.070 0.150
PDV - max (ms) 0.173 0.195 0.205 0.188
IPDV-Fwd - mean (ms) 0.023 0.039 0.032 0.030
IPDV-Fwd - max (ms) 0.139 0.087 0.103 0.102
IPDV-Bck - mean (ms) 0.020 0.023 0.017 0.020
IPDV-Bck - max (ms) 0.057 0.075 0.063 0.112
---------------- -------- -------- -------- -------- --------
Result Passed Passed Passed Passed
Policing
-----------------------------------------------------------------------------
Parameter Policing Thr
---------------- -------- --------
Tx Rate (Mbps)
IR - mean (Mbps)
PL - count
PLR 0 1.000E-3
PTD - min (ms)
PTD - mean (ms) 200.000
PTD - max (ms)
PTD - std (ms)
PDV - mean (ms) 0.150
PDV - max (ms)
IPDV-Fwd - mean (ms)
IPDV-Fwd - max (ms)
IPDV-Bck - mean (ms)
IPDV-Bck - max (ms)
---------------- -------- --------
Result
Step Load
-----------------------------------------------------------------------------
Parameter Step#1 Step#2 Step#3 Step#4 Thr
---------------- -------- -------- -------- -------- --------
Tx Rate (Mbps) 0.250 0.498 0.749 0.997
Policing
-----------------------------------------------------------------------------
Parameter Policing Thr
---------------- -------- --------
Tx Rate (Mbps)
IR - mean (Mbps)
PL - count
PLR 0 1.000E-3
PTD - min (ms)
PTD - mean (ms) 200.000
PTD - max (ms)
PTD - std (ms)
PDV - mean (ms) 0.150
PDV - max (ms)
IPDV-Fwd - mean (ms)
IPDV-Fwd - max (ms)
IPDV-Bck - mean (ms)
IPDV-Bck - max (ms)
---------------- -------- --------
Result
Step Load
-----------------------------------------------------------------------------
Parameter Step#1 Step#2 Step#3 Step#4 Thr
---------------- -------- -------- -------- -------- --------
Tx Rate (Mbps) 0.250 0.498 0.748 0.999
IR - mean (Mbps) 0.250 0.498 0.748 0.998
PL - count 0 0 0 1
PLR 0 0 0 9.0E-4 1.000E-3
PTD - min (ms) 5.233 5.249 5.198 5.233
PTD - mean (ms) 5.296 5.297 5.318 5.318 200.000
PTD - max (ms) 5.577 5.357 5.731 5.757
PTD - std (ms) 0.052 0.025 0.099 0.102
PDV - mean (ms) 0.063 0.048 0.120 0.120 0.150
PDV - max (ms) 0.344 0.108 0.533 0.524
IPDV-Fwd - mean (ms) 0.028 0.021 0.064 0.058
IPDV-Fwd - max (ms) 0.079 0.064 0.470 0.488
IPDV-Bck - mean (ms) 0.024 0.013 0.039 0.046
Policing
-----------------------------------------------------------------------------
Parameter Policing Thr
---------------- -------- --------
Tx Rate (Mbps)
IR - mean (Mbps)
PL - count
PLR 0 1.000E-3
PTD - min (ms)
PTD - mean (ms) 200.000
PTD - max (ms)
PTD - std (ms)
PDV - mean (ms) 0.150
PDV - max (ms)
IPDV-Fwd - mean (ms)
IPDV-Fwd - max (ms)
IPDV-Bck - mean (ms)
IPDV-Bck - max (ms)
---------------- -------- --------
Result
Performance Phase
-----------------------------------------------------------------------------
Duration (min) : 5
Configuration Result : Failed
Parameter IP Size #1 IP Size #2 IP Size #3 IP Size #4 Thr
128 bytes 512 bytes 750 bytes 0 bytes
---------------- -------- -------- -------- -------- --------
Tx Rate (Mbps) 0.999 0.997 0.998
IR - mean (Mbps) 0.999 0.997 0.998
PL - count 0 0 0
PLR 0 0 0 0 1.000E-3
UAS - count 0 0 0
Availability (%) 100.00 100.00 100.00 99.90
PTD - min (ms) 4.046 4.764 5.187
PTD - mean (ms) 4.171 4.899 5.401 5.401 200.000
PTD - max (ms) 4.444 5.337 5.875
PTD - std (ms) 0.064 0.112 0.158
PDV - mean (ms) 0.125 0.135 0.214 0.214 0.150
PDV - max (ms) 0.398 0.573 0.688
IPDV-Fwd - mean (ms) 0.049 0.077 0.110
IPDV-Fwd - max (ms) 0.234 0.399 0.593
IPDV-Bck - mean (ms) 0.037 0.047 0.097
IPDV-Bck - max (ms) 0.165 0.358 0.543
PD-Fwd - count 0 0 0
PDR-Fwd 0 0 0 0
PD-Bck - count 0 0 0
PDR-Bck 0 0 0 0
PR-Fwd - count 0 0 0
PRR-Fwd 0 0 0 0
PR-Bck - count 0 0 0
PRR-Bck 0 0 0 0
Information Rate (IR) Number of received test packets times test packet Ethernet frame
length (in bits), divided by the elapsed time (in seconds)
Note: The test packet Ethernet frame length starts with the first
MAC address bit, and ends with the last FCS bit.
Packet loss (PL) Number of lost test packets. A test packet is considered lost in the
following cases:
Test packet was not received back at the generator, or was
received with a round-trip delay of over two seconds.
Report type parameter is clock-sync and the responder type is
loop and timestamp, and test packet was received with a
forward and/or backward delay over one second.
Packet loss ratio (PLR) Number of lost packets divided by the number of transmitted
packets
Round-trip packet transfer Minimum round-trip PTD. The round-trip PTD is calculated from the
delay (PTD) min test packet embedded timestamps. A round-trip PTD over two
seconds is ignored, as the packet is considered lost.
One-way packet transfer delay Minimum forward PTD. The forward PTD is calculated from the test
(PTD), forward min packet embedded timestamps. A forward PTD over one second is
ignored, as the packet is considered lost.
Note: The one-way PTD measurements are valid only when there is
TOD synchronization between the generator device and the
responder device, and accurate TOD synchronization is feasible only
with a responder of type loop and timestamp.
One-way packet transfer delay Minimum backward PTD. The backward PTD is calculated from the
(PTD), backward min test packet embedded timestamps. A backward PTD over one
second is ignored, as the packet is considered lost.
Round-trip delay variation (PDV) Average round-trip PDV. The round-trip PDV is calculated according
mean to ITU-T Y.1540, by subtracting the minimum PTD from the 99.9%
percentile of the PTD values.
One-way inter-packet delay Average forward IPDV. IPDV is calculated according to RFC 3393,
variation (IPDV) ), forward from the variations of the delays between valid packets.
mean Note: Appears in report only if responder type is loop and
timestamp.
One-way inter-packet delay Average backward IPDV. IPDV is calculated according to RFC 3393,
variation (IPDV) ), backward from the variations of the delays between valid packets.
mean Note: Appears in report only if responder type is loop and
timestamp.
One-way Packet Duplication PDR (forward) is calculated as PD (forward) divided by the number
Ratio (PDR), forward of received valid packets, converted to a percentage.
One-way Packets Reordered PRR (forward) is calculated as PR (forward) divided by the number
Ratio (PRR), forward of received valid packets, converted to a percentage.
Examples
Flows between Ethernet ports 0/1 and 0/3, classified to VLAN 100
exit all
#*********Configure SVI type TWAMP
configure
port svi 2 twamp
no shutdown
exit
exit
flow E3toE1
classifier v100
ingress-port ethernet 0/3
egress-port ethernet 0/1 queue 0 block 0/1
no shutdown
exit
exit
Test sessions:
Session1:
Packet sizes 128, 512, and 750
Bandwidth 10000
DSCP 11
Session2:
Default packet size (256)
Bandwidth 5000
DSCP 12
exit all
#*********Configure SVI type TWAMP
configure
port svi 2 twamp
no shutdown
exit
exit
flow E3toE1
classifier v100
ingress-port ethernet 0/3
egress-port ethernet 0/1 queue 0 block 0/1
no shutdown
exit
exit
peer-profile peer1
performance-duration custom 5
exit
Layer-3
This example illustrates configuring L3 SAT in Layer-3 mode:
Generator with IP address = 20.20.20.101
Responder with IP address = 20.20.20.20
exit
classifier-profile all match-any
match all
exit
#********* Configure flows between Eth port 0/3 & SVI 2
flow E3toSVI2
ingress-port ethernet 0/3
egress-port svi 2 queue 0
classifier v12
vlan-tag pop vlan
no shutdown
exit
flow SVI2toE3
ingress-port svi 2
egress-port ethernet 0/3 queue 0 block 0/1
classifier all
vlan-tag push vlan 12 p-bit fixed 0
no shutdown
exit
exit
Session2:
Default packet size (256)
Bandwidth 5000
DSCP 12
exit all
#*********Configure SVI for L3 SAT
configure
port
svi 2 twamp
no shutdown
exit
exit
flow SVI2toE3
ingress-port svi 2
egress-port ethernet 0/3 queue 0 block 0/1
classifier all
vlan-tag push vlan 12 p-bit fixed 0
no shutdown
exit
exit
performance-duration custom 5
exit
#*********Configure L3 SAT session profiles
session-profile session1
ip-size 512 custom 700
exit
session-profile session2
exit
Throughput test Detect the maximum frame rate without lost frames.
Packet loss test Detect the point at which frame loss does not occur.
Note
You can run the RFC-2544 tests up to 1 GbE at a time.
Applicable Products
This feature is applicable to all ETX-2i products.
Standards
RFC-2544, Benchmarking Methodology for Carrier Ethernet Networks
Benefits
You can evaluate the performance of network devices to provide performance
metrics of the Ethernet network and validate the SLA.
Functional Description
RFC-2544 testing uses OAM CFM messages such as Loopback (LB), Loss
Measurements (LM), and Delay Measurements (DM) frames. Therefore,
end-to-end OAM CFM is necessary for the testing. User data cant be
transmitted via associated OAM service data/flows while an RFC-2544 test is
running.
In a bidirectional throughput test, the local ETX-2i generates LBM + data TLV
messages towards the far-end device, which responds with LBR messages. The
local ETX-2i calculates the round trip throughput.
In a unidirectional throughput test, the local ETX-2i generates 1DM messages
towards the far-end device, which verifies the frames and calculates
unidirectional throughput. The convergence algorithm is based on a binary
search using LMM and LMR messages.
The packet loss test is performed as follows for all selected frame sizes:
Transmit x frames at a rate of 100% throughput.
Calculate frame loss with the formula: (tx - rx) / 100 * tx
Decrease rate by 10% and repeat the test until two trials result in no frame
loss.
The latency test is performed as follows:
Transmit DMM frames at throughput rate for 10 seconds.
Calculate the latency using DMM and DMR frames that are transmitted after
1 second.
The test result is the average of the number of iterations per frame size (up
to 5 minutes per frame size).
Applicable for round-trip mode
Note If the remote MEP status is NEW, ETX-2i does not launch the RFC-2544 test,
unless the relevant dest NE is configured with the remote MAC address.
Factory Defaults
By default, no profiles or tests are defined.
When you create a test profile, it is configured by default as shown below.
ETX-2i# config test rfc2544
ETX-2i>config>test>rfc2544# profile-name Testprf
ETX-2i>config>test>rfc2544>profile-nam(Testprf)$ inf d
frame-size 64
pattern all-ones
tlv-type data
test-direction bidirectional
frames-number-in-attempt 200000
frame-loss-tolerance 20
throughput-measurement-accuracy 100000
number-of-trials 1
no learning-frames
Performing Tests
In order to perform RFC-2544 tests, you must configure:
Bidirectional data flows that are administratively enabled. If one of the flows
is associated with the test, its egress port and queue block must be identical
to the associated port and queue block of the MEP to which the test is
bound.
MEP and Destination NE
RFC-2544 profile Template to create test runs. You can configure up to
eight test profiles.
RFC-2544 test Associated with RFC-2544 profile. Up to eight tests can use
the same test profile. In one RFC-2544 test, you can perform one or more of
the three test types.
If you are performing more than one type of test, they are performed in the
following order:
Throughput
Packet loss
Latency Up to 20 latency test attempts are performed in the remaining
time, according to the configured maximum test duration (each attempt
requires 15 seconds).
Configuring frame loss tolerance 1/1 frame-loss-tolerance <frames> Defines the success criteria for
(one to one) the throughput test.
Each throughput attempt is
defined as a success only if the
amount of lost packets is less
than or equal to the number of
frames configured for frame-
loss-tolerance.
Success in a throughput
attempt sets the next attempt
to a higher rate, while a failure
in an attempt sets the next
attempt to a lower rate.
Configuring frame sizes for the test frame-size [64] [128] [256] [512] [1024] [1280] You can specify one or more
[1518] [1700] [1900] [2000] [custom <custom>] standard frame sizes, as well as
a custom frame size (642000).
Activating the test activate date <dd-mm-yyyy> <hh:mm:ss> Type no activate to stop the
activate recurring <hours> test.
Associating test with flow in order to associated-flow <name> Flow must be active and its
retrieve bandwidth profile and QoS egress port and queue block
information. must be identical to the
associated port and queue
block of the MEP to which the
test is bound.
Binding to destination NE bind oam-cfm md <md-id> ma <ma-id> mep <mep-id> There must be bidirectional
service <service-id> dest-ne <dest-ne-id> flows using the same
classification and port
associated with the MEP.
Configuring maximum rate for test max-rate <bps> [convention {line-rate | data-rate}] max-rate The maximum rate
[compensation <compensation>] applies to throughput and loss
tests.
convention Determines
whether the interpacket gap is
included in test result
calculations:
line-rate Interpacket gap is
included.
data-rate Interpacket gap is
not included.
compensation Allowed range
is 063. The compensation
value is added to frame size, to
allow for Layer-1 overhead in
the network.
Note: It is not necessary to
configure the maximum rate if
associated-flow is used to
associate the test with a flow
that has a policer profile, as in
that case the maximum rate is
derived from the flow policer
profile.
Configuring maximum duration of max-test-duration <minutes> Possible values: 0, or 260
test The value 0 indicates no limit;
the test runs until it completes.
If a value from 260 is
configured, the test is stopped
when the configured maximum
duration has elapsed, whether
or not all the configured test
types have completed.
Displaying number of lost frames for show attempt-lost-frames See Viewing Lost Frames Per
each test attempt Test Attempt.
Displaying test report show report all See Viewing Test Report.
show report iteration <iteration-number>
Examples
Test Parameters
-----------------------------------------------------------------------------
Bind: MD : 1 MA : 1
MEP : 1
P-Bit : 0 VLAN : 200
Max Rate (bps) : 1000000000
Convention : Data Rate Compensation : 0
Frames in Burst : 200000
Pattern : All Ones
Frame Type : Data
Search Resolution : 1 Tolerance : 5
Learning Frames: : 0 Frequency :
Direction : Bidirectional
Flow Parameters
-----------------------------------------------------------------------------
Flow Name : test_flow1
Fixed Queue : 0 Mapping Profile :
Policer Name : test_policer
CIR (Kbps) : 9984 EIR (Kbps) : 0
Throughput Report
-----------------------------------------------------------------------------
Trial : 1
Status : Success Duration : <00:00:00:49>
Frame Size Theoretical Max Throughput Throughput Success
(FPS) (FPS) (Mbps) (%)
-----------------------------------------------------------------------------
64 1953125 1490312 763.040 76
256 488281 453309 928.379 92
1400 97656 96173 984.812 98
Throughput Report
-----------------------------------------------------------------------------
Trial : 2
Status : Success Duration : <00:00:00:52>
Frame Size Theoretical Max Throughput Throughput Success
(FPS) (FPS) (Mbps) (%)
-----------------------------------------------------------------------------
64 1953125 1490312 763.040 76
256 488281 453309 928.379 92
1400 97656 96173 984.812 98
Loss Report
-----------------------------------------------------------------------------
Trial : 1
Frame Size : 64
Theoretical Max (FPS) : 1953125
-----------------------------------------------------------------------------
100 98
90 100
80 100
Loss Report
-----------------------------------------------------------------------------
Trial : 2
Frame Size : 64
Theoretical Max (FPS) : 1953125
Latency Report
-----------------------------------------------------------------------------
Trial : 1
256 1
1400 1
Latency Report
-----------------------------------------------------------------------------
Trial : 2
ETX-2i>config>test>rfc2544>test(1)$
Test Parameters
-----------------------------------------------------------------------------
Bind: MD : 1 MA : 1 MEP
: 1
P-Bit : 0 VLAN : 100
Max Rate (bps) : 100000
Convention : Data Rate Compensation : 0
Frames in Burst : 100000 Pattern : All
Ones Frame Type : Data
Search Resolution : 10000 Tolerance : 50
Learning Frames : 0 Frequency :
Direction : Bidirectional
Counter Description
Counter Description
Max Rate (bps) The maximum rate at which the test starts
Frame Type The frame type (TLV) used in the transmitted packets:
Data or Test
Tolerance The number of packets that can be lost without declaring Fail
Learning Frames Indicates whether some frames are transmitted before the test
starts, in order to enable the network learning
Frequency Indicates whether learning frames are transmitted once per test or
once per trial
Parameter Description
Displayed
Parameter Description
Displayed
Trial : 1
Counter Description
Start Time The time of day that the test started (hh:mm:ss)
11.8 Syslog
ETX-2i uses the Syslog protocol to generate and transport event notification
messages over IP networks to Syslog servers.
Applicable Products
This feature is applicable to all ETX-2i products.
Standards
RFC 3164, RFC 5674
Benefits
Syslog protocol collects heterogeneous data into a single data repository. It
provides system administrators with a single point of management for collecting,
distributing, and processing audit data. Syslog standardizes log file formats,
making it easier to examine log data with various standard tools. Data logging
can be used for:
Long-term auditing
Intrusion detection
Tracking user and administrator activity
Product operation management
Functional Description
The Syslog protocol provides an instrument for generating and transporting
event notification messages from ETX-2i to servers across IP networks.
Elements
Typical Syslog topology includes message senders (clients) and message
receivers (servers). ETX-2i supports Syslog client functionality. It can send
messages to up to five Syslog servers. The receiver displays, stores, or forwards
logged information. The standard designates two types of receivers:
Transport Protocol
Usually, Syslog uses UDP port 514 for its transport, but devices and servers can
be defined to use any port for communication.
Message Format
The length of a Syslog message is 1024 bytes or less. It contains the following
information:
Facility and severity (see below)
Host name or IP address of the device
Timestamp
Message content
A typical Syslog message looks like this:
<145>Jan 15 13:24:07 172.17.160.69 Eth 1: Loss of signal (LOS)
4 Warning Event
Factory Defaults
By default, Syslog operation is disabled. When enabled, the default parameters
are as follows:
facility local1
port 514
severity-level informational
Defining Syslog device UDP port for port <udp-port-number> Possible values: 165535
communication Port configuration is allowed
only if a Syslog device is
administratively disabled.
Defining severity level severity-level { emergency | alert | The log messages that contain
critical | error | warning | notice | severity level above or equal to
informational | debug} the specified level are
transmitted.
emergency emergency
messages
alert critical alarms
critical major alarms
error minor alarms
warning events
notice cleared alarms,
accounting messages
informational
informational messages
debug debug messages
Defining Syslog server UDP port for port <udp-port-number> Possible values: 165535
communication
Parameter Description
Configuration Errors
The following table lists messages generated by ETX-2i when a configuration
error is detected.
Message Description
Syslog Port is out of range Selected UDP port value is out of allowed range (165535).
Port is illegal or Device Port is already in Selected UDP port is already in use.
use
Parameter cannot be changed if Logging Device/server UDP port or server IP address cannot be changed
Status/Server Access is enabled while Syslog server is enabled.
Example
Server IP address: 178.16.173.152
UDP port: 155
exit all
configure system
syslog device
no shutdown
exit
syslog server 1
address 178.16.173.152
port 155
no shutdown
save
exit all
Applicable Products
This feature is applicable to all ETX-2i products, except for capacity differences
between products that are specified where relevant.
Standards
ITU-T Y.1564
Benefits
The Y.1564 testing methodology allows service providers to have a standard way
of measuring the performance of Ethernet-based services. The tests are
performed per multiple traffic streams simultaneously, confirming policing per
EVC or EVC.CoS.
Factory Defaults
By default, Ethernet service activation testing functionality is disabled.
When a Y.1564 test profile is added, it has the following default settings:
auto-cos-completion no auto-cos-completion
ethernet-type 0x22e8
direction bidirectional
color-aware color-aware
traffic-policing traffic-policing
cir-steps s1-percent 25
s2-percent 50
s3-percent 75
s4-percent 100
configuration-duration 60 Seconds
rate-convention data-rate
responder-type y1564
user-traffic-blocked user-traffic-blocked
Functional Description
To assure quality of service (QoS), providers must properly configure their
networks to define how the traffic is prioritized in the network. This is
accomplished by assigning different levels of priority to each type of service and
accurately configuring network prioritization algorithms. QoS enforcement refers
to the method used to differentiate the traffic of various services via specific
fields in the frames, thus providing better service to some frames over other
ones.
SLAs
The service-level agreement (SLA) is a binding contract between a service
provider and a customer, which guarantees the minimum performance that is
assured for the services provided.
Customer traffic is classified into three traffic classes, and each is assigned a
specific color: green for committed traffic, yellow for excess traffic, and red for
discarded traffic.
Policing
ETX-2i can set different traffic policing parameters. When a policer is activated,
it monitors the incoming frames and determines their color mode (CM). If CM is
set to color aware, ETX-2i monitors incoming frames and assigns them the
relative color (green or yellow) based on the frame header matching the policer
setting and current information rate.
Notes When the Y.1564 test is configured as bidirectional, it may fail if the policer
profiles for the directions generator->responder and responder->generator
are different. For instance, the test could fail if a policer profile is defined for
the Rx and Tx flows in the generator, and the bandwidth of the ingress
policer is lower than that of the egress policer.
You should configure a non-default policer profile for the Tx flow, and
configure no profile for the Rx flow.
If multiple Tx flows are attached to the same MEP in the responder, any
policer profile attached to the Tx flows is not used in the responder egress
direction (back towards the generator).
The Y.1564 generator discovers the test rate per service or service.CoS
policer, even when the policer is not an aggregate policer.
associated MEP is bound to), so that the frames pass through all the links in the
network LAG.
In the Y.1564 test profile, you can select this operation mode, by setting a block
of 32 consecutive MACs as SA. The SAs of generated test frames are then
cyclically selected from the block of 32 consecutive MAC addresses. By default,
0x0020D2000100 is the first MAC address in the block of MACs used as SA in
test frames. However, you have the option of setting another first address,
provided it is a multiple of 32.
When the hashing function of the network LAG is set to SA+DA MAC, the Y.1564
frames pass through all the links of the LAG, enabling testing the SLA of the
different links.
L2
Network ETX-2i
Router
Y.1564 Standard
The ITU-T Y.1564 testing methodology ensures that quality is maintained across
networks with multiple streams and different policing parameters. Service
providers use the SAC (Service Acceptance Criteria) information which is normally
based on a subset of the users SLA to set pass/fail parameters.
There are two main objectives:
To validate that each Ethernet-based service is correctly configured
To validate the quality of the services as delivered to the end user
The test flowchart below illustrates the test phases.
Enter test
parameters
Start test
Pass
Service
performance
test
Pass
Test completed
Configuration Test
The configuration test validates that services are configured as intended before
proceeding to the service performance test. Each service is tested individually
and the information rate (IR), Frame Transfer Delay (FTD), Frame Delay Variation
(FDV), and Frame Loss Ratio (FLR) are measured simultaneously. The test is
declared successful if the information rate and frame counters are within the
Service Acceptance Criteria (SAC).
The configuration test consists of the following procedures (mandatory to
implement and optional to perform):
CIR (simple or stepped)
EIR (color-blind)
Traffic policing (color-blind); can be disabled
In addition, the configuration test consists of the following burst test
procedures (optional to implement):
CBS (color-aware or color-blind)
EBS (color-aware or color-blind)
The CBS and EBS burst sub-tests can be disabled (the default) or enabled. These
tests cannot coexist with another configuration test; if they do, a sanity error
occurs. However, they can coexist with other running performance tests.
A burst sub-test (CBS, EBS) consists of at least one transmission cycle. If
needed, the actual duration of a burst sub-test is automatically extended i.e. by
increasing the total duration of the configuration test.
Performance Test
The performance test validates the quality of the services over a
user-configurable period of time (one minute to five days). Traffic is generated
for all services at configured CIR levels; all Ethernet performance parameters are
measured simultaneously. The bandwidth test is performed according to the
bandwidth profile of a policer assigned to the associated flow, or a policer
assigned to the test.
Note If there are two bandwidth profiles (flow and test), the test bandwidth
profile is used.
OAM relevant packets are calculated as part of the test bandwidth.
Test Elements
The Y.1564 test is an intrusive procedure that includes two main elements:
Generator an entity that initiates the test, sends out the test and OAM
frames, receives responses from the responder, processes the resulting
measurements and displays test reports. In the case of a MEF46 LL
responder, the generator executes the Latching Loopback (LL) controller
functionality.
Responder an entity that receives the test and OAM frames from the
generator, and transmits a response to the generator. The responder can be
of the following types:
Regular responder adds time stamps to the OAM frames that it returns
to the generator
MAC swap responder does not add time stamps to the OAM frames
that it returns to the generator
MEF46 Latching Loopback responder Upon receiving LLM from the
generator, replies with LLRs. OAM frames are not looped back.
While performing/running the Y.1564 test, the responder does not transmit
PM packets.
The test operation can be configured as unidirectional or bidirectional (the
default). When bidirectional, service performance is measured on the frames
that make a round trip (generator > receiver > generator).
PSN
Forward
Backward
Generator Responder
Capacity
ETX-2i supports up to 8 simultaneous Y.1564 tests, with:
Up to eight generators; one MEP per generator
Up to 20 responders for ETX2i and up to eight for ETX-2i-B and ETX-2i-10G
The 8 generators and 8/20 responders can be activated over EVC, EVC.CoS, or a
combination of EVC and EVC.CoS. The Y.1564 generator is limited to two VLANs.
The rate of the Y.1564 traffic for a single generator/responder or several
generators/responders running in parallel, cannot exceed 1 Gbps for ETX2i or
ETX-2i-B; 10 Gbps for ETX-2i-10G.
The test requires that the corresponding ingress and egress flows (or a
bidirectional flow) be preconfigured at both ends.
Test Cases
The Y.1564 test supports two cases:
Internal MEP case Supported for E-Line, E-LAN, and E-Tree services over PTP
or Bridge, in which MEPs are not preconfigured
Service MEP case Full support over point-to-point and E-LAN services, where
Down or Up MEPs are preconfigured
Key=crs_mac
Generator Responder
Test
ETH Internal ETH ETH Automatic ETH
Frames
Port Up MEP ACL Port Port Block of User Port
Service Traffic
MAC Swap
Loopback
ETX-2 ETX-2
Figure 11-15. Y.1546 Test - Internal MEP Case (E-Line Services over PTP)
On all Flows to a
Bridge-port
Generator Responder
Test
ETH Internal ETH ETH Automatic ETH
Frames B
Port Up MEP ACL Port Port Block of User Port
Service Traffic
MAC Swap
Loopback
ETX-2 ETX-2
Figure 11-16. Y.1546 Test - Internal MEP Case (E-Line Services over Bridge)
Note When running the Y.1564 test in a device, without configuring the OAM (Internal
MEP case), configure the destination MAC address on the generator to the
responder NNI MAC, as per the device used.
The Y.1564 test for the Internal MEP case is performed as follows:
1. At the generator side, a unique MAC is configured.
2. At the generator side, an internal up MEP is automatically created.
3. At the generator side, the source transmits test frames at data rate
(different rates are used during different steps of the test) toward the
configured MAC.
4. DMM and LMM frames, transmitted periodically by the MEP at the generator
side, are interleaved with the test data.
5. At the responder side, the same unique MAC as used in the generator is
configured.
6. The responder loops back only frames with a destination MAC equal to the
configured MAC. If egress-port is a bridge-port, loop and ACL on all ingress
flows to a bridge-port.
7. At the generator receive side, an ACL forwards only frames whose source
MAC equals to the configured MAC.
8. When the generator receives the looped DMM and LMM frames, it
responds by sending DMR and LMR frames, respectively.
9. The responder loops back also the DMRs and LMRs.
10. Round-trip loss is measured by the sum of the LMR frame count and the
local count at the generator ingress.
11. Round-trip delay is measured by the DMR frame timestamps divided by two.
Note If a Y.1564 test is running over an ERP or ETP, any protection switchover causes
the test to fail.
Y.1564 test is supported over E-LAN in the presence of user traffic in the
following cases:
E-LAN service is newly installed.
E-LAN service is already installed and running on E-LAN nodes, and you add
a new node to the service. In this case, you can run the non-intrusive
Y.1564 test on the new node without disrupting (blocking) the traffic on the
other nodes.
For the Service MEP case, the MA of the service MEPs used by the test, must be
manually configured. The CoS on which the test is performed can optionally be
configured with a single value or several values from 0 to 7; the default all CoS
indicates that all the preconfigured EVC.CoS will be tested. The MEPs and flows
on which the test is performed are automatically learned from the configured
MA and CoS.
Generator Responder
Test
Frames Test Frames,
DMMs, LMMs
Policer
PSN
Policer
Ethernet Down Ethernet Ethernet Down Ethernet
Looped Test Frames,
Port MEP Port Port MEP Port
DMRs, LMRs
Figure 11-17. Full Y.1564 Traffic Path for EVC with Single CoS (Down MEP)
Generator Responder
Test Test
ETH Down ETH ETH Down ETH
Frames B B Frames
Port MEP Port Port MEP Port
Service Service
ETX-2 ETX-2
Note The responder can be configured to inject the test frames into the policer or
bypass it.
Policer
PSN
Policer
Ethernet Down Ethernet Ethernet Ethernet
Port MEP Port Port Port
Note In the case of a MAC swap loopback responder, the DMR timestamps include the
time spent by the packet in the responder, therefore the round-trip delay
measurements are less accurate.
3. Upon receiving the LLM, the responder identifies the port, VLAN tags, and
source MAC address of the generator.
4. The Responder returns an LLR.
5. If a reply is received, the Generator sends an LL Activate Request.
Down MEP
Depending on the specific implementation, a single MEP per EVC, or a separate
MEP per single or multiple EVC.CoS is required to provision the test. In all cases,
the service is supported with regular and aggregate policer. In case of a single
MEP, the Rx flow classification can be VLAN or Outer VLAN. In case of multiple
MEPs, all the MEPs must belong to the same MA, and the Rx flow classification
can only be VLAN + p-bit.
Up MEP
For multipoint-to-multipoint (E-LAN) services, the Y.1564 testing is performed
over an Up MEP, for either a single Cos (EVC) or multi CoS (EVC) service. The
testing frames are transmitted into the bridge, and the VLAN tag value of the
test traffic is defined by the Rx flow classification. In both cases, the service is
supported with regular and aggregate policer.
Generator
Test
Frames
BP
Tx Flow
Policer
BP Bridge BP
Rx Flow
Ethernet
Up MEP SVI
Port
Test Procedures
This section describes Y.1564 test procedures and success criteria.
rate
1.1CBS
PHY
CIR
Note If (8 CBS/CIR) > 90 msec, the transmission off period should be floor(9
CBS/CIR) instead of 100 msec.
Second generator (G2) should inject a burst of length 110% CBS at maximum
rate every 300 msec.
Note If (8f CBS/CIR) > 90 msec, the burst should be transmitted every floor (9
CBS/CIR) + 200 msec instead of every 300 msec.
Preparation:
Set EIR = 0 and EBS = 0 for the duration of the test.
Stop DMM transmission for the duration of the test.
Transmit LMM once at the beginning of the test (when the generators are
off) and once at the end of the test (when the generators are off).
Procedure:
G1 transmits green C frames at CIR.
C = ceiling (200 msec CIR/bitsInFrame)
where
bitsInFrame = the size of the test frame in bits
G2 transmits green B frames at maximum rate (1G or 10G).
B = ceiling (1.1 CBS/frameLength)
where
frameLength = the size of the test frame in bytes
The number of CIR/burst cycles actually performed during the test, are
counted.
Success criteria:
For color-aware test 0.99 number of cycles (C + N) (1-FLR) number
of green frames
For color-blind test 0.99 number of cycles (C + N) (1-FLR) total
number of frames
C = number of frames at CIR per cycle, defined above
N = number of frames in CBS w/o excess = floor (CBS/frameLength)
Where:
frameLength = the size of the test frame in bytes
rate
1.1EBS
PHY
CIR
First generator (G1) should transmit at CIR for ~200 msec, turn off for
100 msec, and start over.
Note If (8 EBS/EIR) > 270 msec, the transmission off period should be floor (9
EBS/EIR) 200 msec instead of 100 msec.
Note If (8 EBS/EIR) > 270 msec, the burst should be transmitted every floor(9
EBS/EIR) instead of every 300 msec.
Preparation:
Stop DMM transmission for the duration of the test.
Transmit LMM once at the beginning of the test (when the generators are
off) and once at the end of the test (when the generators are off).
Procedure:
G1 transmits green C frames at CIR.
C = ceiling (200 msec CIR/bitsInFrame)
where
bitsInFrame = test frame size in bits
G2 transmits yellow B frames at maximum rate (1G or 10G).
B = ceiling (1.1 EBS/frameLength)
where
frameLength = test frame size in bytes
The number of CIR/burst cycles actually performed during the test, are
counted.
Success criteria:
0.99 number of cycles C (1-FLR) total number of frames
C = ceiling (200 msec CIR/bitsInFrame)
N = number of frames in CBS w/o excess = floor (CBS/frameLength)
rate
1.1(CBS+EBS)
PHY
CIR+EIR
Preparation:
Stop DMM transmission for the duration of the test.
Transmit LMM once at the beginning of the test (when the generators are
off) and once at the end of the test (when the generators are off).
Procedure:
G1 transmits E frames at (CIR+EIR).
E = ceiling (200 msec (CIR+EIR)/bitsInFrame)
where
bitsInFrame = test frame size in bits
G2 transmits B frames at maximum rate (1G or 10G).
B = ceiling (1.1 (CBS+EBS)/frameLength)
where
frameLength = test frame size in bytes
The number of EIR/burst cycles actually performed during the test, are
counted.
Success criteria:
0.99 number of cycles (C + N) (1-FLR) total number of frames
C = ceiling (200 msec CIR/bitsInFrame)
Performance Test
Transmission rate is equal to CIR.
Success criteria FLR, FTD, FDV, and Availability are within SAC limits.
Note For the Y.1564 test Service MEP case, in devices with OAM MEP configured
with MEF46 Latching Loopback, there is no need to add a Y.1564 responder.
Note The DMM frame size in the Y.1564 test is set according to the frame size
configured for the test profile, rather than according to the dest NE
data-tlv-length configuration.
Specifying whether to include or burst-tests [cbs] [ebs] You can enter the command
exclude the CBS and EBS sub- with one or both parameters.
tests (burst tests) in the To specify not to include any
configuration phase burst tests in the configuration
phase, enter: no burst-tests.
Defining test frame size frame-size {64 | 128 | 256 | 512 | Range for custom bytes:
1024 | 1280 | 1518 | custom <bytes>}
642000
Setting the source MAC address multiple-sa-mac The source MAC addresses of
in test frames multiple-sa-mac base generated test frames are
<first-mac-address> cyclically selected from a block
of 32 consecutive MAC
no multiple-sa-mac
addresses beginning at default
address 0x0020D2000100 or
at configured base address.
base - the start of a block of
MACs to be used as the source
address in test frames.
Must be a multiple of 32.
Example: multiple-sa-mac base
0x000012345600
Setting the one-way service one-way-thresholds flr <ppm> ftd flr unidirectional Frame Loss
acceptance criteria <s> fdv <s> availability Ratio, measured in 1E-6 units
<percent/100> ftd unidirectional Frame
Transfer Delay, measured in
microseconds
fdv unidirectional Frame
Delay Variation, measured in
microseconds
availability unidirectional
availability, measured in
hundredths of percent units
Possible values: 0-100000
(for example, use value 8930 in
order to define 89.3%)
Creating, modifying, or deleting p-bit <0..7> The P-bit test profile allows
a Y.1564 test P-bit profile configuring separate frame
sizes and thresholds for
specific P-bits. The rest of the
P-bits are tested using the
general profile.
See P-bit configuration details
below.
Type no p-bit <0..7> to delete
a specific test P-bit profile.
Defining the convention of the rate-convention <data-rate | The convention of the rate
rate measurements in the line-rate> measurements section in the
Y.1564 test report Y.1564 test report is
determined by the option that
you select:
data rate section title is IR
[Mbps].
line rate section title is
ULR [Mbps].
Note: Configuring
rate-convention only changes
the title in the generated
Y.1564 test report according to
your selection (IR for data-rate;
ULR for line-rate). It does not
change the values of the
measurements in the report.
Therefore, after changing
rate-convention in the profile,
you must run the Y.1564 test
again to display the
measurements in the newly
selected rate-convention.
Defining the type of responder responder-type {y1564 | mac-swap | See Operation section.
that receives the test and OAM mef46-ll}
frames from the generator in
the Y.1564 test: regular
responder, MEF46 Latching
Loopback responder, or MAC
swap responder.
Setting the round-trip service round-trip-thresholds flr <ppm> ftd flr bidirectional Frame Loss
acceptance criteria <s> fdv <s> availability <availability> Ratio, measured in 1E-6 units
ftd bidirectional Frame
Transfer Delay, measured in
microseconds
fdv bidirectional Frame Delay
Variation, measured in
microseconds
availability bidirectional
availability, measured in
hundredths of percent units
(for example, use value 8930 in
order to define 89.3%)
Setting the scope of the test: scope [configuration] [performance] You can enter the command
configuration test, performance with one or both parameters
test, or both To specify with no scope
parameters, enter: no scope
The following P-bit test profile parameters can be configured at the p-bit level in
the config>test>y1564>profile(profile-name)>p-bit<value># prompt.
Defining test frame size frame-size {64 | 128 | 256 | 512 | Range for custom bytes:
1024 | 1280 | 1518 | custom <bytes>}
642000
Setting the one-way service one-way-thresholds flr <ppm> ftd flr service acceptance criteria
acceptance criteria <s> fdv <s> availability <availability> for unidirectional Frame Loss
Ratio, measured in 1E-6 units
ftd service acceptance
criteria for unidirectional Frame
Transfer Delay, measured in
microseconds
fdv service acceptance
criteria for unidirectional Frame
Delay Variation, measured in
microseconds
availability service acceptance
criteria for unidirectional
availability, measured in
hundredths of percent units
(for example, use value 8930 in
order to define 89.3%)
Setting the round-trip service round-trip-thresholds flr <ppm> ftd flr service acceptance criteria
acceptance criteria <s> fdv <s> availability <availability> for bidirectional Frame Loss
Ratio, measured in 1E-6 units
ftd service acceptance
criteria for bidirectional Frame
Transfer Delay, measured in
microseconds
fdv service acceptance
criteria for bidirectional Frame
Delay Variation, measured in
microseconds
availability service acceptance
criteria for bidirectional
availability, measured in
hundredths of percent units
(for example, use value 8930 in
order to define 89.3%)
Note For the Y.1564 test - Service MEP case, in devices with OAM MEP configured with
MEF46 Latching Loopback, there is no need to add a Y.1564 responder.
You can define up to 20 Y.1564 test responders for ETX2i and ETX-2i-B, when
each OAM MA includes eight services (p-bits). These 20 responders can be all
EVC, all EVC.CoS, or any combination of EVCs and EVC.CoSs. All the responders
can be activated simultaneously.
Defining the service to be tested bind <md <id> ma <id> [p-bit <0..7>] md the maintenance domain
no bind <md <id> ma <id> to which the service belongs
(165535)
ma the maintenance
association to which the
service belongs (165535)
p-bit the specific P-bits to be
tested, or all preconfigured
P-bits if none are specified
no bind md <id> ma <id>
removes responder association
with the service.
When enabling
auto-cos-completion, it is
mandatory to explicitly
configure the normally optional
p-bit command.
Defining the service to be tested bind flow <flow-name> Mutual exclusion with the other
no bind flow <flow-name> bind formats.
flow the multi-CoS flow that
carries the service OR a single-
CoS flow that is part of the
service.
Possible values: Variable length
string, up to 32 characters.
A corresponding flow must
already exist in the RAD flow
table.
no bind removes responder
association with the service.
Defining the service to be tested bind service <service-name> Mutual exclusion with the other
{ethernet} <port-index> bind formats
bind service <service-name> {lag | pcs service the name of the
| logical-mac | svi} <port-number> tested service. A flow
bind service <service-name> corresponding to service name,
bridge-port <bridge-number> port must already exist in the
<port-number> RAD flow table.
Setting the local MAC address local-mac mac <mac-address> Note: Command available only
used for the multipoint test no local-mac when responder is bound to a
flow.
mac the MAC address that
the responder uses for E-LAN
and E-Tree tests
Default value: 0x000000
Setting the destination MAC destination mac <mac-address> mac a configurable MAC
address or remote MEP number destination remote-mep <rmep-id> address that identifies the
generator side
Note: When there is more than
one generator on a certain
E-LAN service, each generator
has a unique remote MAC.
remote-mep identifier of a
remote MEP at the generator
side, towards which the test is
conducted.
Possible values: 08191
Note: You can disassociate the
destination remote MEP from
the responder by entering
destination remote-mep 0 (and
not no destination).
Displaying the Y.1564 test show status See Viewing Test Status
status (Responder Side)
Parameter Description
MEP Identifier of the MEP that is associated with the responder and
specific P-bit
Possible values: 18191
Service Identifier of the service that is associated with the responder and
specific P-bit
Possible values: 18 or
Defining the service to be tested bind md <id> ma <id> [p-bit <0..7>] md maintenance domain to
no bind md <id> ma <id> which the service belongs (1
65535)
ma maintenance association
to which the service belongs
(165535)
p-bit specific P-bits to be
tested, or all preconfigured
P-bits if none are specified
no bind md <id> ma <id>
removes generator association
with the service.
When enabling
auto-cos-completion, it is
mandatory to explicitly
configure the normally optional
p-bit command.
Defining the service to be tested bind flow <flow-name> [multi-cos] Mutual exclusion with the other
[p-bit <0..7>] bind formats; if the optional
no bind flow <flow-name> multi-cos attribute does not
exist, several bind commands
with different flow names can
be configured.
flow the multi-CoS flow that
carries the service OR a single-
CoS flow that is part of the
service. A corresponding flow
must already exist in the RAD
flow table.
Possible values: Variable length
string, up to 32 characters
multi-cos indicates that the
specified flow name is a
multi-CoS flow
p-bit specific P-bits to be
tested, or all preconfigured
P-bits if none are specified
Valid only together with the
optional multi-cos attribute.
For each specified P-bit, a
corresponding CoS (rank) must
already exist in the envelope
policer of the multi-CoS flow.
no bind removes generator
association with the service.
Defining the service to be tested bind service <service-name> Mutual exclusion with the other
{ethernet} <port-index> bind formats
[p-bit [<0..7>]] service the name of the
bind service <service-name> {lag | pcs tested service. A flow
| logical-mac | svi} <port-number> corresponding to service name,
[p-bit [<0..7>]] port must already exist in the
bind service <service-name> RAD flow table.
bridge-port <bridge-number> Possible values: Variable length
<port-number> [p-bit [<0..7>]] string, up to 32 characters
bind service <service-name> ethernet, lag, pcs, logical-mac,
etp <etp-name> {subscriber|transport} svi, bridge-port, etp subscriber,
<port-number> [p-bit <p-bit>] etp transport the port over
no bind service <service-name> which the service is tested
p-bit the specific P-bits to be
tested, or all preconfigured
P-bits if none are specified.
For each specified P-bit, a
corresponding flow must
already exist in the RAD flow
table.
no bind removes generator
association with the service.
Setting the destination MAC destination mac <mac-address> mac a configurable MAC
address or remote MEP number destination remote-mep <rmep-id> address that identifies the
responder side
Note: When there is more than
one responder on a certain E-
LAN service, each reponder has
a unique remote MAC.
remote-mep identifier of a
remote MEP at the responder
side, towards which the test is
conducted
Possible values: 0-8191
Note: Destination remote MEP
can be disassociated from the
generator by entering
destination remote-mep 0 (and
not no destination).
Assigning policer to test policer <p-bit> bandwidth If a policer is defined for the
[cir <cir-value>] [cbs <cbs-value>] test, then the test is
[eir <eir-value>] [ebs <ebs-value>] performed according to the
[compensation <compensation-value>] test policer, rather than
policer <p-bit> profile according to the associated
<policer-profile-name> flow policer.
p-bit CoS to which the
configuration applies
Possible values: 0..7
cir committed information
rate
cbs committed burst size
eir excessive information rate
ebs excessive burst size
compensation extra bytes
added to frame size to take
into account Layer-1 overhead
(preamble and IFG) in the
network and the overhead for
the added VLAN header.
Possible values: 0..63
profile an optional
predefined policer profile to be
used in the test
Note: The option to define a
test policer is useful if there is
no flow policer, or the flow
policer has different limits than
you wish to use for the test.
Displaying the status of the show mef46-ll-status See Viewing MEF46 Latching
MEF46 Latching Loopback Loopback Generator Status..
generator
Displaying the Y.1564 test show status See Viewing Test Status
status (Generator Side).
Displaying the test results and show report <summary | detailed> See Viewing Test Results.
measurements
The status screen appears. For information on the test status values,
see Table 11-25.
ETX2i>config>test>y1564>generator(1)# show mef46-ll-status
Tx LLMs : 3
Rx LLRs : 3
Rx Autonomous LLRs : 0
ETX2i >config>test>y1564>generator(1)#
Parameter Description
Displayed
Unrecognized TLV Indicates whether one or more of the included TLVs were not
recognized
Possible values: No, Yes
Associated EVC
---------------------------------------------------------------
Inner VLAN : --- Outer VLAN : 20
Parameter Description
Displayed
Parameter Description
Displayed
BWP in use Origin of the associated bandwidth profile for the EVc.CoS
Possible values: Test, Flow
Displayed when Status is other than Idle
Note In detailed test report, in case a step is Not Applicable, all step parameters
display value --- and not 0.
Summary
-----------------------------------------------------------------------------
Scope : Configuration+Performance
Profile Name : 1
CIR Test
-----------------------------------------------------------------------------
Step#1 Failed FLR 25.0 0.0 1.0E+00 0.004 0.0
Step#2 Failed FLR 50.0 0.0 1.0E+00 0.004 0.0
Step#3 Failed FLR 75.0 0.0 1.0E+00 0.004 0.0
Step#4 Failed FLR 100.0 0.0 1.0E+00 0.004 0.0
EIR Test
-----------------------------------------------------------------------------
Failed IR 101.0 0.0 1.0E+00 0.004 0.0
CBS Test
-----------------------------------------------------------------------------
Passed
EBS Test
-----------------------------------------------------------------------------
Passed
IR (Mbps)
-----------------------------------------------------------------------------
P-bit IR FLR FTD FDV Avail
(ms) (ms) (%)
-----------------------------------------------------------------------------
0 0.0 0.0E+00 0.0 0.0 1.66
Counter Description
Start Date & Time Date and time at the last test activation
End Date & Time Date and time when the last test ended (regardless of the end
result passed/failed/aborted)
Overall Result Possible values: Not Applicable, Passed, Failed, User Aborted,
System Aborted
P-bit
Result Result of the last configuration test for the specific P-bit and if it
failed, the reason for failure
Possible Result values: Not Applicable, Passed, Failed, User Aborted,
System Aborted
Possible reasons for failure: CIR, EIR, Policing, and/or CBS test
Test Name of the sub-test: CIR Test, EIR Test, Traffic Policing Test, CBS
Test, EBS Test
Reason for failure If sub-test failed, shows the reason(s) for failure.
Possible reasons for failure:
CIR Test FLR, FTD, or FDV
EIR Test IR
Traffic Policing Test IR
CBS Test Burst size
EBS Test Burst size
Counter Description
Reason for failure If sub-test failed, displays the reason for failure: FLR, FTD, or FDV
Summary
-----------------------------------------------------------------------------
Scope : Configuration+Performance
Profile Name : 1
Start Date & Time : 2017-05-21 13:04:44
End Date & Time : 2017-05-21 13:05:05
Total Duration : 00:00:21
Overall Result : Failed
CIR Test
-----------------------------------------------------------------------------
Parameter Step#1 Step#2 Step#3 Step#4 Thr
---------------- -------- -------- -------- -------- ----
Tx Rate (Mbps) 25.0 --- 75.0 100.0
IR - Min (Mbps) 0.0 --- 0.0 0.0
IR - Mean (Mbps) 0.0 --- 0.0 0.0
IR - Max (Mbps) 0.0 --- 0.0 0.0
Tx Count 6101 --- 18301 24391
Rx Count 0 --- 0 0
FL Count 6101 --- 18301 24391
FLR 1.0E+00 --- 1.0E+00 1.0E+00 3.0E-04
FTD - Min (ms) 0.004 --- 0.004 0.004
FTD - Mean (ms) 0.004 --- 0.004 0.004 26.000
FTD - Max (ms) 0.004 --- 0.004 0.004
FTD - Std (ms) 0.0 --- 0.0 0.0
FDV - Mean (ms) 0.0 --- 0.0 0.0 11.000
FDV - Max (ms) 0.0 --- 0.0 0.0
---------------- -------- -------- -------- -------- ----
Result Failed Not Applicable Failed Failed
EIR Test & Traffic Policing Test
-----------------------------------------------------------------------------
EIR Policing Thr
---------------- -------- -------- --------
Tx Rate (Mbps) 101.0 126.0
IR - Min (Mbps) 0.0 0.0
IR - Mean (Mbps) 0.0 0.0 0.0 - 10.128
IR - Max (Mbps) 0.0 0.0
Tx Count 24633 0
Rx Count 0 0
FL Count 24633 0
FLR 1.0E+00 0.0E+00
FTD - Min (ms) 0.004 0.0
FTD - Mean (ms) 0.004 0.0
FTD - Max (ms) 0.004 0.0
FTD - Std (ms) 0.0 0.0
FDV - Mean (ms) 0.0 0.0
FDV - Max (ms) 0.0 0.0
---------------- -------- -------- --------
Result Failed Failed
Burst Tests
-----------------------------------------------------------------------------
Parameter CBS EBS
--------------------------------- -------- --------
Number of Cycles 24 24
Frames per Cycle 70 140
Minimum Expected Frames 105881 105730
Actual Received Frames 106733 159260
--------------------------------- -------- --------
Result Passed Passed
IR (Mbps)
-----------------------------------------------------------------------------
P-bit Min Mean Max
-----------------------------------------------------------------------------
0 0.0 0.0 0.0
FL
-----------------------------------------------------------------------------
P-bit Count FLR Thr
-----------------------------------------------------------------------------
0 0 0.0E+00 3.0E-04
FTD (ms)
-----------------------------------------------------------------------------
P-bit Min Max Std Mean Thr
(ms) (ms) (ms) (ms)
-----------------------------------------------------------------------------
0 0.0 0.0 0.0 0.0 26.000
FDV (ms)
-----------------------------------------------------------------------------
P-bit Max Mean Thr
(ms) (ms)
-----------------------------------------------------------------------------
0 0.0 0.0 11.000
Availability
-----------------------------------------------------------------------------
P-bit UAS % Thr (%)
-----------------------------------------------------------------------------
0 59 1.66 99.90
Counter Description
Tx Rate (Mbps) The transmission rate to which the generator is configured in the
subtest
Counter Description
FTD Std (ms) The calculated standard deviation of the Frame Transfer Delay
Availability Thr The Availability service acceptance criteria for the reported P-bit
Burst Tests
Frames per Cycle The number of frames in a single burst transmission cycle
Actual Received The actual total number of frames received during the sub-test
Frames
Examples
This example shows how to create a Y.1564 test generator over a MEP located
between two Ethernet ports and bound to one of them. The Y.1564 test
(Service MEP case) is run over an OAM (CFM) service defined on P-bit 0. The test
in this example is run on a network port, but Y.1564 tests can also be run on
user ports.
Generator
Test
Frames
Flow 1 P-bit 0
Policer
Flow 2
************************Defining_Policer_Profile*****************************
exit all
config qos policer-profile v10 bandwidth cir 100000 cbs 10000 eir 10000 ebs
5000
#*********************************End****************************************
************************Defining_Classifier_Profile**************************
config flows classifier-profile vlan10 match-any
match vlan 10
exit all
#*********************************End****************************************
******************************Adding_Flows***********************************
configure flows flow v10_1to4
classifier vlan10
no policer
ingress-port ethernet 0/1
egress-port ethernet 0/4 queue 0 block 0/1
no shutdown
exit all
service 1
classification priority-bit 0
delay-threshold 100000
delay-var-threshold 10000
lmm-interval 100ms
dmm-interval 100ms
dest-ne 1
remote mep 2
loss single-ended
delay two-way
exit
no shutdown
exit all
#*********************************End****************************************
#*******************Configuring_Y.1564_Test_Profile_and_Generator************
config test y1564
profile 1
ethernet-type 0x22e8
frame-size 512
one-way-thresholds flr 100 ftd 13000 fdv 8000 availability 9990
round-trip-thresholds flr 200 ftd 26000 fdv 11000 availability 9990
scope configuration performance
direction bidirectional
color-blind
traffic-policing
cir-steps s1 25 s2 50 s3 75 s4 100
configuration-duration 60
performance-duration custom 1
rate-convention data-rate
exit
generator 1
test-profile 1
bind md 1 ma 1 p-bit 0
activate
exit all
save
#*********************************End****************************************
The following example shows the configuration of the Y.1564 test (Service MEP
case) over E-LAN service. Note that the node in the target device must be
explicitly configured with the remote MEP number.
bind md 1 ma 1
destination remote-mep 1
The following example shows the configuration of both the generator and
responder when the Y.1564 test is run in a device without configuring the OAM
(Internal MEP case). In this case, both generator and responder are bound to a
flow (and not to an MA or MD). Also, the destination MAC address on the
generator is configured to the responder NNI MAC.
#generator :
configure
qos
policer-profile "CIR10M-EIR20M"
bandwidth cir 9984 cbs 64000 eir 19968 ebs
64000
exit
exit
flows
classifier-profile "v100" match-any
match vlan 100
exit
classifier-profile "v1502-p3" match-any
match vlan 1502 p-bit 3
exit
flow "gd-dn"
classifier "v1502-p3"
no policer
vlan-tag pop vlan
ingress-port ethernet 4/1
egress-port ethernet 3/1 queue 1 block 0/1
no shutdown
exit
flow "gd-up"
classifier "v100"
policer profile "CIR10M-EIR20M"
vlan-tag push vlan 1502 p-bit fixed 3
ingress-port ethernet 3/1
egress-port ethernet 4/1 queue 0 block 0/1
no shutdown
exit
exit
exit
configure
test
echo "Configure Y1564"
# Configure Y1564
y1564
echo "Y1564 - Profile Configuration"
# Y1564 - Profile Configuration
profile "2"
performance-duration custom 1
exit
echo "Y1564 - Generator Configuration"
# Y1564 - Generator Configuration
generator "Generator1"
test-profile "2"
bind flow "gd-up"
Destination 00-20-D2-EE-1B-B7
exit
exit
exit
exit
#responder
configure
qos
policer-profile "CIR10M-EIR20M"
bandwidth cir 9984 cbs 64000 eir 19968 ebs
64000
exit
exit
flows
classifier-profile "v100" match-any
match vlan 100
exit
classifier-profile "v1502-p3" match-any
match vlan 1502 p-bit 3
exit
flow "gd-dn"
classifier "v1502-p3"
no policer
vlan-tag pop vlan
ingress-port ethernet 4/1
egress-port ethernet 3/1 queue 1 block 0/1
no shutdown
exit
flow "gd-up"
classifier "v100"
policer profile "CIR10M-EIR20M"
vlan-tag push vlan 1502 p-bit fixed 3
ingress-port ethernet 3/1
egress-port ethernet 4/1 queue 0 block 0/1
no shutdown
exit
exit
exit
configure
test
echo "Configure Y1564"
# Configure Y1564
y1564
echo "Y1564 - Profile Configuration"
# Y1564 - Profile Configuration
profile "2"
exit
echo "Y1564 - Responder Configuration"
# Y1564 - Responder Configuration
responder "Responder1"
test-profile "2"
bind flow "gd-up"
exit
exit
exit
The following example shows the configuration of the policer under the Y.1564
generator.
Configuration Errors
Table 11-28 lists the messages generated by ETX-2i when a configuration error
is detected.
Message Description
Illegal frame size value Invalid test frame size for Y.1564 profile
Illegal threshold value Invalid round-trip service acceptance criteria for Y.1564 profile
Illegal traffic policing value Invalid traffic policer for Y.1564 profile
Illegal CIR step value Invalid CIR step for Y.1564 profile
Illegal configuration duration value Invalid duration of the configuration test for Y.1564 profile
Illegal performance duration value Invalid duration of the performance test for Y.1564 profile
Illegal rate convention value Invalid rate measurement convention for Y.1564 profile
Illegal P-bit value Invalid P-bit value for Y.1564 profile or generator
Y.1564 profile does not exist (SNMP only) The configured Y.1564 test profile does not exist.
Max number of active generators has The maximum number of Y.1564 generators (eight) has been
been exceeded reached and no additional generators can be added.
Max number of active responders has The maximum number of Y.1564 responders (20) has been
been exceeded reached and no additional responders can be added.
Y.1564 profile has not been attached No Y.1564 profile has been attached to generator or responder.
Message Description
MEP or service have not been found MEP or OAM service within selected MD/MA does not exist.
MEPs have different destination MAC Y.1564 Generator works opposite one remote only. In EVC.cos,
address the MEPs under the MA are opposite several remotes, and
therefore the test does not work.
The device didn't learn the remote's No CCM was received from the remote MEP and its MAC address
mac-address. was not learned. This is relevant only if remote-mep is
configured on the DestNE.
MEPs have different source MAC All MEPs under the same MA must be bound to the same port.
addresses
MEPs have different classification types MEPs within selected MD/MA have different classification types.
MEPs have different VLANs MEPs within selected MD/MA have different VLANs.
MEPs have different inner VLANs MEPs within selected MD/MA have different inner VLANs.
MEP or service are not active MEP or OAM service within selected MD/MA has not been
activated yet.
OAM CFM: Max number of remote MEP The maximum number of remote MEP elements in a line has
elements in a line has been exceeded. been reached and no additional MEP elements can be added.
OAM CFM: Max allowed number of Adding MEPs to previously configured MEPs exceeds the allowed
<512/1024> remote MEPs has been maximum number of remote MEP elements that can be
reached. configured (512/1024).
I/O flow with matching CoS has not been The Y.1564 test mechanism failed to identify a MEP Tx flow with a
found P-bit, matching testing criteria.
Generator can test only one P-bit If there is only one Tx flow with the non-envelope Policer, only
one P-bit can be tested.
Applicable Products
This feature is applicable to all ETX-2i products.
Standards
N/A
Benefits
Port mirroring enables recording and analyzing inbound and outbound port
traffic, without disrupting traffic. Port mirroring allows constant monitoring of
network performance, sending an alert when a problem or error occurs.
Functional Description
You can configure port mirroring by defining a mirroring session, which
comprises one or two sources, the traffic direction of each source (one Rx, one
Tx, or one Rx-Tx), and a single destination.
Port mirroring supports the following interfaces as mirroring session sources and
destination for mirrored traffic:
ETH user or network ports
PCS
Logical MAC
LAG (Load balancing, Protection) is not supported.
At any time, you can monitor in your device inbound (Tx) traffic to one port
and/or outbound (Rx) traffic from another port, or both inbound and outbound
traffic of a single port. You can configure mirroring of Rx and Tx traffic either in
one mirroring session to the same destination port or in two mirroring sessions
to two separate destination ports.
Inbound traffic includes all traffic admitted into the source port following
physical layer tests, FCS, and more, but before filtering by L2CP, vlan-edit,
policing, and more. Outboumd traffic qualified for mirroring includes all packets
of the source that were actually transmitted, such as after the dequeue process
and filtering (e,g egress MTU).
The mirror port (destination port) can be a 1GbE or 10GbE user or network port.
The mirror port is dedicated solely for mirroring, and does not support
forwarding of inbound traffic.
A mirroring session source can be added while the session is running.
Configuration of a new mirror destination overrides the existing one; there is no
need to delete the existing destination.
Factory Defaults
By default, port mirroring is disabled.
Adding or removing source port from the [no] source {port <port-type> port type source port type
mirroring session <port-index>} {tx | rx | tx-rx} Possible values: ethernet, pcs,
or logical-mac
tx enable inbound mirroring.
rx enable outbound mirroring.
tx-rx enable both inbound
and outbound mirroring.
Adding or removing destination port [no] destination <port-type> port type destination port
from the mirroring session <port-index> type
Possible values: ethernet, pcs,
or logical-mac
Note: A destination port can be
used in one mirroring session
only.
Configuration Errors
The following table lists the messages generated by ETX-2i when a configuration
error is detected.
Examples
In the following example, all the outbound traffic from port 0/3 and inbound
traffic into port 0/4, is mirrored to Ethernet port 0/1.
ETX2i>configure mirroring-session 1
ETX2i>config>mirroring-session(1)# source port ethernet 0/3 rx
ETX2i>config>mirroring-session(1)# source port ethernet 0/4 tx
ETX2i>config>mirroring-session(1)# destination ethernet 0/1
ETX2i>config>mirroring-session(1)# no shutdown
exit
In the following example, all the inbound traffic to and outbound traffic from
port 0/4, is mirrored to Ethernet port 0/2.
ETX2i>configure mirroring-session 2
ETX2i>config>mirroring-session(2)# source port ethernet 0/4 tx-rx
ETX2i>config>mirroring-session(2)# destination ethernet 0/2
ETX2i>config>mirroring-session(2)# no shutdown
exit
Applicable Products
This feature is applicable to all ETX-2i products, with the following condition:
Scripts containing port numbers may have to be edited according to the
product port numbering.
Benefits
The PM data is useful for analyzing ETX-2i service quality. The flexible statistics
collection allows only the necessary data to be collected.
Functional Description
PM statistics collection is configured for the device, entity type, and specific
entities. PM statistics are collected for the following types of entities:
Ethernet ports
Flows
OAM TWAMP sessions
OAM CFM services
OAM CFM destination NEs
System parameters: memory usage and CPU utilization
Notes PM statistics collection is performed only if it is enabled for the entire device,
regardless of whether it is enabled for any entity
PM statistics are not collected for entities that are administratively disabled.
If it is the next interval, then the next interval is canceled, and a PM record
indicating the cancellation is inserted in the PM data.
If it is an interval with higher frequency, then ETX-2i collects the higher
frequency interval statistics and then resumes collecting the lower frequency
interval statistics. The PM data is retrieved from ETX-2i by RADview via TFTP
or SFTP. After PM data is retrieved, ETX-2i deletes the file and opens a new
one for further data.
Factory Defaults
Enabling PM statistics oam > cfm > md(<md-id>) > pm-collection PM collection can be
collection for a specific ma(<ma-id>) > mep(<mep- { interval <seconds> | enabled at a defined
OAM CFM service id>) > service(<service-id>) on-interval-close } interval or before an
interval expires.
Type no pm-collection to
disable PM statistics
collection for the service.
Enabling PM statistics oam > cfm > md(<md-id>) > pm-collection PM collection can be
collection for a specific ma(<ma-id>) > mep(<mep- { interval <seconds> | enabled at a defined
OAM CFM destination id>) > service(<service-id>) > on-interval-close } interval or before an
NE dest-ne(<dest-ne-index>) interval expires.
Type no pm-collection to
disable PM statistics
collection for the
destination NE.
Note
PM statistics are collected for entities for which PM statistics collection is
specifically enabled in the entity level via pm-collection, even if PM statistics
collection for the entity type is disabled.
To view the performance management configuration for the device and for
entity types:
1. Navigate to configure reporting.
2. Enter info detail | include pm to view PM-related commands in the
configuration.
Examples
To enable PM for all relevant entities in ETX-2i:
PM statistics collection enabled for device
PM statistics collection enabled for all relevant entities, every five minutes.
exit all
configure reporting
#**** Enable PM in device
pm
#**** Enable PM for Eth ports, collection interval=5 min
pm-collection eth interval 300
#**** Enable PM for flows, collection interval=5 min
pm-collection flow interval 300
#**** Enable PM for OAM CFM services, collection interval=5 min
pm-collection oam-cfm-service interval 300
#**** Enable PM for OAM CFM dest NEs, collection interval=5 min
pm-collection dest-ne interval 300
exit all
save
#**** Configure PM statistics collection interval for Eth port 0/3, to 1 min
configure port ethernet 0/3
pm-collection interval 60
exit all
save
Configuration Errors
Table 11-30 lists the messages displayed by ETX-2i when a configuration error is
detected.
Message Description
Invalid interval; must divide evenly into The pm-collection command was entered with an interval value
3600 that does not divide evenly into 3600.
Cannot execute; too many different Attempt was made to configure more intervals than the
intervals supported maximum.
LEDs
A red LED is usually an indication of a problem. Check the port that is associated
with the LED to further investigate the problem. Refer to the Operation chapter
for a description of the unit LEDs.
Statistic Counters
Statistic counters provide information on possible abnormal behavior and
failures. You can collect statistics on the following:
Ethernet ports
E1/T1 ports, if applicable
SHDSL ports, if applicable
VDSL ports, if applicable
Flows
RADIUS server
OAM CFM
For further information, refer to the relevant sections in Chapter 6 10 and the
relevant sections in the troubleshooting chart.
You can clear the statistics for Ethernet ports, flows, and OAM services.
Statistics clearing is globally enabled by default. Once statistics are cleared from
an interval, the interval becomes not valid.
Alarms and events can be masked per source type, source ID, or minimum
severity. When an alarm/event is masked, it is not written to the history log, and
any corresponding traps are not sent to management stations, regardless of
masking in the SNMP manager configuration. When an alarm/event is not
masked, any corresponding traps are sent only to management stations for
which the traps are not masked in the SNMP manager configuration.
Alarm Soaking
ETX-2i supports alarm soaking. This means that the device does not raise an
alarm immediately upon detecting an abnormal condition (i.e. defect); only after
the abnormal condition has occurred uninterrupted for a certain amount of time
(called the rising soaking time). Similarly, the alarm is cleared only after the
abnormal condition is resolved and remains resolved for a certain amount of
time (called the falling soaking time or clear time). In this way, alarm soaking
prevents fleeting alarms, i.e. alarms that rise and fall multiple times in a short
period. Instead of sending a flood of alarms to RADview, only one initial alarm is
sent, and the final clear alarm is sent only upon stabilization of the link.
The device supports alarm soaking, provided the following requirements are met:
The device supports configurable alarm rising and falling soaking times, as
follows:
Rising and falling soaking times may be configured to different values.
The configurable soaking time range is 0 (i.e. no soaking time) to 10,000
milliseconds.
The default rising soaking time is 2,500 milliseconds (2 seconds);
default falling soaking time is 10,000 milliseconds (10 seconds).
When a defect occurs, the device must wait the rising soaking time (either
configured or dictated by a standard) before raising the alarm. An alarm is
raised only if the defect exists for the entire soaking time. If the defect is
cleared and reoccurs, the rising soaking timer must be rearmed.
When a condition that caused an alarm is resolved, the device must wait the
falling soaking time (either configured or dictated by a standard) before
clearing the alarm. Only if the condition stays resolved for the entire soaking
time, the alarm is cleared. If the defect reoccurs, the soaking timer must be
rearmed.
Note All traps are maskable, by masking the corresponding alarm/event via the
alarm-source-attribute / alarm-source-typeattribute commands, or by masking
the corresponding alarm per severity via the mask-minimum-severity command.
Configuring alarm input alarm-input <port-number> [active {high | low | Three input alarms are
off}] [description <description>] supported over the Alarm
connector ( 9-pin Terminal
Block).
If you set alarm-input to active
state, configure alarm inputs
activation mode to one of the
following:
high active alarm input
indicated by high voltage
low active alarm input
indicated by low voltage
off active alarm input
disabled
In description, enter a
description of the alarm
generated by the alarm-input.
This description is saved in the
log and sent with snmp traps
when the alarm occurs.
Configuring alarm rising soaking-time interval [rising rising-msec] clear rising, falling: 010,000 ms
and falling soaking times [falling falling-msec] Default:
rising 2500 ms
falling 10000 ms
Note: The configured soaking
times apply only for entities for
which there is no standard
dictating a different behavior. If
there is such a standard (e.g.
for SDH/SONET and DS1), the
standard must be followed.
Notes Entries with source type card are relevant only for ETX2i modular option with
SHDSL or VDSL module.
Entries with source type pcs or shdsl are relevant only for ETX2i modular
option with SHDSL or VDSL module.
Entries with source type e1t1 are relevant only for ETX2i modular option
with E1/T1 module.
Entries with source type ptp-recovered or ptp-recovered-master are relevant
only for PTP ordering options.
Entries with source type clock-domain, clock-domain-source, or station-clock
are relevant only for timing ordering options.
11.14 Troubleshooting
This section contains a general troubleshooting chart that lists possible failures
and provides workarounds.
Use this chart to identify the cause of a problem that may arise during
operation. For detailed description of the LED indicators functions, refer to the
Operation chapter.
To correct the reported problem, perform the suggested corrective actions. If a
problem cannot be resolved by performing the suggested action, please contact
your RAD distributor.
The unit is dead No power Verify that both ends of the power
(POWER LED is off) cable are properly connected.
The unit is unreachable Incorrect management settings Using a local serial connection, enable
the relevant management access type
by entering telnet, snmp, and/or ssh at
the config>mngmnt>access prompt.
View the list of enabled management
access types and settings by entering
info detail at the config>mngmnt
prompt
Verify that a router interface has been
configured with management access
set to allow all, assigned an IP address,
and bound to an administratively
enabled SVI.
Verify that management flows have
been set up to/from the SVI, and that
the flows are enabled.
Physical link fails to Link may be administratively Administratively enable the link.
respond disabled. In case of Ethernet links, make sure
that the autonegotiation, speed, and
duplex modes match the configured
values on the access switch/router.
Ethernet LINK LED Ethernet cable problem Check the Ethernet cable to see
is off whether a cross or straight cable is
needed.
Check/replace Ethernet cable.
Verify that the range is within the
limits.
Check the port by connecting the
remote end of the cable to a different
switch.
Send the unit for repair.
To ping an IP host:
In any level, start pinging the host, specifying its IP address (IPv4 or IPv6)
and optionally the number of packets to send, payload size (in bytes), and
router entity number:
ping <ip-address> [number-of-packets <packets>] [payload-size <bytes>]
[router-entity <number>]
If the remote host answers, ETX-2i displays the ping results including the
round trip delay, rounded as in the following table.
: :
: :
Example
ETX-2i# ping 10.10.10.10
To trace a route:
In any level, start the trace route and specify the IP address (IPv4 or IPv6) of
the host to which you intend to trace route:
trace-route <1.1.1.1255.255.255.255>
Note You can define only two software packs simultaneously. Although the CLI allows
you to name the SW packs sw-pack-1 through sw-pack-4, it is recommended to
name them sw-pack-1 and sw-pack-2.
You can designate any of the software packs as active. The non-active software
pack serves as a backup that can be used if the active software becomes
corrupted.
The information in this chapter includes the following:
Software packs that can be loaded into each device
Detailed conditions required for the upgrade
Any impact the upgrade may have on the system
Description of downloading options
Application software can be downloaded to ETX2i via SFTP/TFTP with the copy
command, or via XMODEM, FTP, or TFTP, from the Boot screen.
The downloaded software pack can be installed as the active software via the
admin software install command, or from the Boot screen.
Note Software upgrade relates to upgrading from the products previous version to
current version. To upgrade from an older version, you may not be able to
upgrade directly to the latest version, but may be required to upgrade one
version at a time. Refer to the relevant User Manual for upgrade instructions.
12.2 Impact
During the software upgrade process, service is disrupted.
12.3 Prerequisites
SFTP/FTP/TFTP Prerequisites
Prior to upgrading via SFTP/FTP/TFTP, verify that you have the following:
Operational ETX2i unit with valid IP parameters configured
Connection to a PC with an SFTP/FTP/TFTP server application and a valid IP
address
Software image file stored on the PC. The image file (and exact name) can be
obtained from the local RAD business partner from whom the device was
purchased.
XMODEM Prerequisites
Prior to upgrading via XMODEM, verify that you have the following:
Operational ETX2i unit
Connection to a PC via a terminal emulation program
Software image file stored on the PC. The image file (and exact name) can be
obtained from the local RAD business partner from whom the device was
purchased.
Software Packs
Each ETX2i software download can contain two sw-packs from the available
options listed in the following table.
ETX-2i-10G ETX2_x.x.x(x.x)_sw-pack_2i_10g.bin
ETX-2i-10G-LC ETX2_x.x.x(x.x)_sw-pack_2i_10g_lc.bin
Pinging the PC
Check the integrity of the communication link between ETX2i and the PC by
pinging the PC from ETX2i.
Note Configure the connection timeout of the TFTP server to be more than 30 seconds
to prevent an automatic disconnection during the backup partition deletion
(about 25 seconds).
Note Choose an index that is not being used by the active software, or by a software
pack that you do not want to overwrite.
Note The file startup-config must exist before you can install software with creation of
a restore point.
Next time ETX2i reboots and loads new software, it starts a confirmation
timer. See the following procedure for more details on the confirmation.
Notes If startup-config does not exist, you must install the software pack without
creating a restore point.
As a defective startup-config can cause a loss of connection, it is not
recommended to install software and change startup-config at the same time.
However, if you must do both at the same time, first install the software and
only after verifying it, make the needed configuration changes (or vice versa).
!Device will install file and reboot. Are you sure? [yes/no] _
Note While the confirmation timer is running, ETX2i does not allow any commands
that change its configuration.
Caution The Boot screen procedures are recommended only for use by authorized
personnel, because it provides many additional options that are intended for use
only by technical support personnel.
The following software downloading options are available from the Boot screen:
Downloading using the XMODEM protocol. This is usually performed by
downloading from a PC directly connected to the CONTROL DCE port of the
unit.
Downloading using FTP/TFTP. This is usually performed by downloading from
a remote location that provides an IP communication path to an Ethernet port
of ETX2i.
Note If you miss the timing, ETX2i performs a regular reboot process (this process
starts with Loading/un-compressing sw-pack-<n> and ends with the login
screen).
System Boot
baud rate b Transmission bit rate (in kbps): 9600, 19200, or 115200
The boot parameters are displayed line by line. For each parameter, you
can type a different value, or click <Enter> to go to the next parameter.
The example below illustrates changing the file name to ETX2i.bin, and
the protocol to TFTP.
'.' = clear field; '-' = go to previous field; ^D = quit
Using FTP
Use the following procedure to download software release 6.4 to ETX2i via FTP.
Notes The <index> parameter corresponds to the software pack number to which to
copy the image file.
If you have set the file name in the boot parameters, you do not need to
specify <FileName>.
Using TFTP
Use the following procedure to download software release 6.4 to ETX2i via TFTP.
Notes The <index> parameter corresponds to the software pack number to which to
copy the image file
If you have set the file name in the boot parameters, you do not need to
specify <FileName>.
Using XMODEM
Use the following procedure to download software release 6.4 to ETX2i via
XMODEM.
Note The <index> parameter corresponds to the software pack number to which to
copy the image file.
4. Start the transfer in accordance with the program you are using. For example,
if you are using the Windows HyperTerminal utility:
Select Transfer in the HyperTerminal menu bar, and then select Send File
on the Transfer menu.
The Send File window is displayed:
Select the prescribed ETX2i software file name (you may use the
Browse function to find it).
Ethernet Private Line (EPL) is implemented using a point-to-point EVC. All service
frames at the UNI are mapped to a single EVC.
The data traffic flow in the application behaves as follows (from left to the right):
1. PC transmits untagged packets, traffic enters ETX2i (1) User port #3.
2. ETX2i (1) adds VLAN ID 10 towards the network.
3. ETX-5 accepts only traffic with VLAN 10 in port 1/10 and forwards the
packets to port 1/20 in the same I/O card.
4. ETX2i (2) accepts only traffic tagged with VLAN 10, removes the VLAN, and
forwards the untagged packets to PC.
Device Quantity
ETX2i (1) 1
ETX2i (2) 1
ETX-5 1
PC with application such as Ostinato that can 1
simulate traffic, and three network cards for
following:
Management (one network card)
Connect to simulate traffic (two network
cards)
Classifier profile that accepts only traffic tagged with VLAN ID 10 (data
traffic entering ETX2i (1) from the network)
Flow named 1t3 from network port #1 to user port #3, using the above
profile, and removing the SP-VLAN
exit all
#*********** Create classifier profiles
configure flows
classifier-profile untagged match-any
match untagged
exit
flow 1t3
classifier v10
ingress-port ethernet 0/1
egress-port ethernet 0/3 queue 0 block 0/1
vlan-tag pop vlan
no shutdown
exit all
save
ethernet 1/20
queue-group profile q_group_2_level_default
no shutdown
exit
sag 1/2
queue-group profile q_group_SAG_2_level_default
exit all
flow sap_20
classifier all
ingress-port sap 1/1/2
egress-port eth 1/20 queue-map-profile QueueMapDefaultProfile block 0/1
no shutdown
exit
flow 20_sap
classifier v10
ingress-port ethernet 1/20
egress-port sap 1/2/2 queue-map-profile QueueMapDefaultProfile block 0/1
no shutdown
exit
Rx Statistics
-----------------------------------------------------------------------------
Total
Packets : 20000
Bytes : 20000000
Drop Statistics
-----------------------------------------------------------------------------
Packets Bytes
Total : 197941 197941000
Green : 197941 197941000
Yellow : 0 0
Red : 0 0
Yellow/Red : 0 0
Drop Rate
-----------------------------------------------------------------------------
pps L1 (bps) L2(bps)
Total(Rate) : 243 1947758 1800000
Green(Rate) : 243 1947758 1800000
Yellow(Rate) : 0 0 0
Red(Rate) : 0 0 0
Yellow/Red(Rate) : 0 0 0
Tx Statistics
-----------------------------------------------------------------------------
Packets Bytes
Total : 197941 197941000
Green : 197941 197941000
Yellow : 0 0
Tx Rate
-----------------------------------------------------------------------------
pps L1 (bps) L2(bps)
Total(Rate) : 243 1947758 1800000
Green(Rate) : 243 1947758 1800000
Yellow(Rate) : 0 0 0
Peak Measurement
-----------------------------------------------------------------------------
L1 Min. L2 Min L1 Max L2 Max.
Tx Bit Rate [bps] : 0 0 1300 1252
Drop Bit Rate [bps]: 0 0 13000 121203
Pin Function
9 Ground
1 A+ B+
2 A- B-
3 B+ A+
4 C+ D+
5 C- D-
6 B- A-
7 D+ C+
8 D- C-
The E1/T1 connectors terminate in four RJ-45 connectors. If four E1/T1 ports
were ordered, each connector provides one port; if eight E1/T1 ports were
ordered, each connector provides two ports. Table A-3 and Table A-4 list the pin
assignments.
1 RX Ring Input
2 RX Tip Input
3 NC NC
4 TX Ring Output
5 TX Tip Output
6 NC NC
7 NC NC
8 NC NC
Channels 14 Channels 58
1 RX Ring Input NC NC
2 RX Tip Input NC NC
Channels 14 Channels 58
3 NC NC TX Ring Output
4 TX Ring Output NC NC
5 TX Tip Output NC NC
6 NC NC TX Tip Output
7 NC NC RX Ring Input
8 NC NC RX Tip Input
Note
Do not connect wires to the NC pins.
1 N.A. -
2 TXD Transmit data
4 N.A. -
5 GND Ground
3 Not connected
6, 7, 8 Not connected
Note This section is relevant only if an SHDSL module was ordered. One 8-pin RJ-45
connector is used for the 4-wire ordering option, and two 8-pin RJ-45 connectors
are used for the 8-wire ordering option. Each pin is wired as in the table below.
Pin Function
1 NC
2 NC
3 Loop 2
4 Loop 1
5 Loop 1
6 Loop 2
7 NC
Pin Function
8 NC
Note This section is relevant only for ETX2i with VDSL module.
The VDSL AIO electrical interface is made up of two 8-pin RJ-45 connectors one
connector for Loop 1 and Loop 2; the other for Loop 3 and Loop 4. Each
connector is wired in accordance with Table A-9.
Pin Function
1 NC
2 NC
3 Loop 2 / Loop 4
4 Loop 1 / Loop 3
5 Loop 1 / Loop 3
6 Loop 2 / Loop 4
7 NC
8 NC
Note This section is relevant only for ETX2i if a PTP option was ordered.
Pin Function
1 Option, NC
Pin Function
2 Option, NC
3 Tx/Rx 1PPS -
4 GND
5 GND
6 Tx/Rx 1PPS +
7 Tx/Rx TOD -
8 Tx/Rx TOD +
C.1 Overview
Note This appendix is applicable only to devices that contain an SEC/EEC clock module.
Timing loop
This is a network condition where a slave clock providing synchronization
becomes locked to its own timing signal. It is generally created when the slave
clock timing information is looped back to its own input, either directly or via
other network equipments. Timing loops should be prevented in networks by
careful network design.
QL_minimum
QL_minimum is a user configurable parameter used in the squelching of clock
output signals. If the QL of the signal used to derive the output falls below
QL_minimum then the output is squelched (cut-off or set to AIS).
Clock-Source Quality-Level
The clock-source quality-level of a SEC or SASE is defined as the grade of clock to
which it is ultimately traceable; i.e. the grade-of-clock to which it is synchronized
directly or indirectly via a chain of SECs, and SASEs however long this chain of
clocks is. For example, the clock-source quality-level may be a Primary Reference
Clock complying with Recommendation G.811, or it may be a Slave Clock in
holdover-mode, complying with Recommendation G.812, or a Recommendation
G.813 or G.8262 Clock in holdover or free-run.
The clock-source quality-level is essentially, therefore, an indication only of the
long-term accuracy of the NE Clock.
Station Clock
This is a node clock as defined in Recommendation G.810.
The functional definitions are given in Recommendation G.783.
The symbols and diagrammatic conventions are given in Recommendation G.783.
Squelch
An action that cuts-off (i.e. shuts down) an output signal. For some signals
(e.g. 2 Mbit/s) squelching may be realized by means of inserting AIS, instead of
shutting down the signal.
C.3 Abbreviations
This appendix uses the following abbreviations:
AIS Alarm Indication Signal
BITS Building Integrated Timing Supply
CI Characteristic Information
CK Clock signal (Timing information)
CLR Clear
CS Clock Source (Timing information)
CSid Clock Source identifier
DNU Do Not Use
DUS Don't Use for Sync
ESF Extended Super Frame
ESMC Ethernet Synchronization messaging Channel
ESSM Ethernet Synchronization Status Messages
FSw Forced Switch
HO Hold Off time
HO HoldOver mode
ID IDentifier
LO Lockout
LO Locked mode
LOS Loss Of Signal
LSB Least Significant Bit
MSB Most Significant Bit
MSw Manual Switch
NE Network Element
NSUPP Not supported
PDH Plesiochronous Digital Hierarchy
PRC Primary Reference Clock
PRS Primary Reference Source
QL Quality Level
SASE Stand Alone Synchronization Equipment
SDH Synchronous Digital Hierarchy
SEC Synchronous Equipment Clock
SF Signal Fail
SMC SONET Minimum Clock
SQLCH Squelch
SSF Server Signal Fail
The CSM control SW runs all the G.781 based attributes such as the clock
selection algorithms, external user commands etc. It receives and transmits
Quality Level (QL) and Server Signal Fail (SSF) information from/to the relevant
data and external clock ports. It is also responsible for correctly configuring the
SEC/EEC according to the relevant standards and user preferences (e.g. G.8262
option I).
Clock Domains
The CSM module supports one clock domain (one primary long-term frequency
source) only. In products that require to support multiple clock domains (e.g. to
support multiple service providers, each having its own primary long-term
frequency source), multiple instances of the CSM module are required.
The clock domain ID shall be configured by the user using the following CLI
command:
configure >system>clock> domain <id> // <id> - domain number
1
For more information regarding the terms in brackets see ITU-T
G.703/G.704/G.781.
STM-N
The STM-N transport signals carry (in addition to the payload) reference timing
information and an indication of the quality level of the source generating this
timing information, via the Synchronization Status Message (SSM) as defined in
Recommendation G.707.
2 Mbit/s (E1)
The 2 Mbit/s transport signals may carry (in addition to the payload) reference
timing information.
The 2 Mbit/s timing reference signals (without payload) carry reference timing
information to specific synchronization ports.
Both signals can carry an indication of the quality level of the source generating
the timing information via the SSM as specified in Recommendation G.704.
2 MHz (T12)
Synchronization can be carried through 2 MHz signals to specific synchronization
ports (so called station clock ports). This signal does not carry an indication of
the quality level of the source generating the timing information.
Both signals can carry an indication of the quality level of the source generating
the timing information via the SSM transported within the 1544 kbit/s signal's
Extended Super Frame (ESF) Data Link (DL) as specified in Recommendation
G.704.
Notes Equipment developed prior to this first revision of the Recommendation may
not be able to carry reference timing information and/or support SSM via its
802.3 interfaces
The equipment can have both nonsynchronous and synchronous 802.3
interfaces as defined in G.8264. Nonsynchronous 802.3 interfaces are
excluded from the synchronization distribution process
The relevant synchronization input/output ports (type and ID) that are to take
part in the clock selection process are user configured using the following CLI
command:
configure >system>clock>domain (id)#[no] source <src-id> {type}
[<id>] [{port type} <port-index>]
// type - {domain <domain-id>| rx-port {port-type}
<port-index>| station <station-id> | recovered
<recovered-id>}.
// rx-port {port-type} - E1, T1, Ethernet, SDH/SONET.
Note
For further details regarding the specific CLI structure, refer to Chapter 4
The following clock source quality levels are defined in the CSM synchronization
selection process of Option II network corresponding to Second generation.
QL-PRS PRS traceable (Recommendation G.811)
QL-STU Synchronized Traceability Unknown
QL-ST2 Traceable to Stratum 2 (Recommendation G.812, Type II)
QL-TNC Traceable to Transit Node Clock (Recommendation G.812, Type V)
QL-ST3E Traceable to Stratum 3E (Recommendation G.812, Type III)
QL-ST3 Traceable to Stratum 3 (Recommendation G.812, Type IV)
QL-SMC Traceable to SONET Clock Self Timed (Recommendation G.813 or
G.8262, Option II)
QL-ST4 Traceable to Stratum 4 Freerun (only applicable to 1.5 Mbit/s
signals)
QL-PROV Provisionable by the Network Operator
QL-DUS This signal should not be used for synchronization.
Note Squelching (signal cutoff) is applicable only for 2.048 MHz (T12) clock interfaces.
In case 2.048 Kb/s (E1) or 1.544 Kb/s (T1) are used, upon a squelching event
the interface would start transmitting AIS.
QL-PRC highest
QL-SSU-A |
QL-SSU-B |
QL-SEC |
QL-DNU |
Note
The quality levels QL-INVx, QL-FAILED, QL-UNC and QL-NSUPP are internal QLs
inside the NE and are never generated at an output port.
QL-PRS highest
QL-STU |
QL-ST2 |
QL-ST3 |
QL-SMC |
QL-ST4 |
QL-DUS |
Note
The quality levels QL-INVx, QL-FAILED, QL-UNC and QL-NSUPP are internal QLs
inside the NE and are never generated at an output port.
The quality level QL-PROV is provisionable by the network operator and may take
different order positions. The default position for QL-PROV is as shown in
Table C-2.
Note The implementation in RAD CSM always assumes this default position for
QL-PROV.
QL-UNK highest
QL-SEC |
Note
The quality levels QL-INVx, QL-FAILED, QL-UNC and QL-NSUPP are internal QLs
inside the NE and are never generated at an output port.
Note Valid SSM synchronization sources can also be overwritten using the Force QL
procedure.
In RAD CSM, when working in QL-enabled mode, the user must configure (force)
a specific QL level for all the ingress synchronization interfaces (assigned sync
sources) that does not support SSM (outputting the default QL-NSUPP).
A synchronization source issuing signal fail (SSF) cannot be QL overwritten by
user configuration (QL_FAILED is always distributed to the selection algorithm).
Code 0010 (Quality PRC) means that the source of the trail is a PRC clock
(Recommendation G.811).
Code 0100 (Quality SSU-A), means that the source of the trail is a Type I or V
SSU clock as defined in Recommendation G.812.
Code 1000 (Quality SSU-B), means that the source of the trail is a Type VI
SSU clock (Recommendation G.812).
Code 1011 (Quality SEC), means that the source of the trail is a SEC clock
(Recommendation G.813 or G.8262, Option I).
Code 1111 (quality DNU), means that the signal carrying this SSM shall not be
used for synchronization because a timing loop situation could result if it is
used.
Code 7CFFH (Quality ST3E) means that the source of the trail is a Stratum 3E
clock (Recommendation G.812, Type III).
Code 10FFH (Quality ST3) means that the source of the trail is a Stratum 3
clock (Recommendation G.812, Type IV).
Code 22FFH (Quality SMC) means that the source of the trail is a
SONET/Ethernet self-timed clock (Recommendation G.813 or G.8262, Option
II).
Code 28FFH (Quality ST4) means that the source of the trail is a Stratum 4
clock.
Code 40FFH (Quality PROV) is provisionable by the network operator.
Code 30FFH (Quality DUS) means that the signal carrying this SSM shall not be
used for synchronization because a timing loop situation could result if it is
used.
Note SSM disable for an Ethernet port causes it to stop transmitting ESMC frames.
Table C-4. Quality Level Set and Coding in Synchronization Status Message in Option I
Synchronization Networks
disabled 1111
Table C-5. Quality Level Set and Coding in Synchronization Status Message in Option II
Synchronization Networks
SSM SSM
coding [MSB..LS coding [MSB..LS
B] in STM-N B] in 1544
signal kbit/s signal
(BINARY) with ESF (HEX)
Table C-6. Quality Level Set and Coding in Synchronization Status Message in Option III
Synchronization Networks
QL-UNK 0000
QL-SEC 1011
0000 QL-INV0
0001 QL-INV1
0010 QL-PRC
0011 QL-INV3
0100 QL-SSU-A
0101 QL-INV5
0110 QL-INV6
0111 QL-INV7
1000 QL-SSU-B
1001 QL-INV9
1010 QL-INV10
1011 QL-SEC
1100 QL-INV12
1101 QL-INV13
1110 QL-INV14
1111 QL-DNU
Table C-8. Interpretation of Synchronization Status Message Codes in STM N Signals in Option II
Synchronization Networks
0000 QL-STU
0001 QL-PRS
0010 QL-INV2
0011 QL-INV3
0100 QL-TNC
0101 QL-INV5
0110 QL-INV6
0111 QL-ST2
1000 QL-INV8
1001 QL-INV9
1010 QL-ST3
1011 QL-INV11
1100 QL-SMC
1101 QL-ST3E
1110 QL-PROV
1111 QL-DUS
Table C-9. Interpretation of Synchronization Status Message Codes in 1544 kbit/s Signals in Option
II Synchronization Networks
Table C-10. Interpretation of Synchronization Status Message Codes in Option III Synchronization
Networks
0000 QL-UNK
0001 QL-INV1
0010 QL-INV2
0011 QL-INV3
0100 QL-INV4
0101 QL-INV5
0110 QL-INV6
0111 QL-INV7
1000 QL-INV8
1001 QL-INV9
1010 QL-INV10
1011 QL-SEC
1100 QL-INV12
1101 QL-INV13
1110 QL-INV14
1111s QL-INV15
Note
Interworking between Option I and II, Option I and III and Option II and III
synchronization networks is not defined.
Signal Fail
RAD CSM supports three levels (or sources) of signal fail triggering:
1. Signal fail for a synchronization source is activated in case of defects
detected in the transport layers. In addition an unconnected synchronization
signal has also signal fail active in order to allow correct processing in the QL
disabled mode.
2. Inclusion of specific synchronization failures conditions based on dedicated
detection mechanism embedded within the SEC/EEC device are also
supported. More specifically, RADs SEC/EEC implementation is capable of
detecting a large frequency deviation, beyond a pre-configured threshold, as
well as lack of activity on each one of the assigned synchronization sources.
Those alarm indications are also used to issue a Server Signal Fail (SSF) signal
towards the CSM.
An SSF signal is issued by the SEC/EEC HW in the following cases:
Activity alarm (leaky bucket mechanism). The configuration of the activity
detector is fixed and preconfigured for all RAD products.
10,000 ppm coarse frequency monitoring (fixed for all RAD products).
User configured HARD limit frequency monitoring. The user can configure
a HARD frequency limit within the range of 3.81 ppm to 60.96 ppm in
0.01 ppm steps using the following CLI command:
configure >system>clock>domain (id)># max-frequency-deviation
<value>
3. Synchronous Ethernet ports that fail to receive a valid ESMC message
immediately for a period of 5 seconds, issue a signal fail indication.
In order to avoid reactions on short pulses or intermittent signal fail information,
the signal fail information is passed through a hold-off and wait-to-restore
processes before it is considered by the selection process.
In QL enabled mode the QL of a synchronization source with active signal fail is
set to QL-FAILED. The selection process reacted to this QL value instead of the
signal fail signal in this mode.
When it comes to the user failure indications for a specific clock source, the
priority of presenting the specific SSF event cause is as follows:
1. A problem reported by the PHY (physical-fail)
2. Violation of the HARD frequency limit (monitoring-fail)
3. Lack of ESMC messages reception (if the interface is an Ethernet one) (esmc-
fail)
In other words, a violation of the HARD frequency limit would mask a concurrent
ESMC messages timeout indication. A problem reported from the PHY would mask
both concurrent HARD frequency violation and ESMC messages timeout
indications.
It should be stressed again that only the user indication would be masked, not
the actual failure signal (SSF). Moreover, new versions of CSM support
dedicated/independent user indications for each cause.
Hold-Off Time
The hold-off time ensures that short activation of signal fail is not passed to the
selection process.
In QL-disabled mode signal fail is active for the hold-off time before it is passed
to the selection process.
In QL-enabled mode a QL value of QL-FAILED exists for the hold-off time before it
is passed to the selection process. In the mean time the previous QL value is
passed to the selection process.
Note Other QL values than QL-FAILED are passed to the selection process immediately.
Separate hold-off timers are used for each input to a selection process
(nominated source). The hold-off time is user configured within the range of 300
ms to 1800 ms using the following CLI command:
configure >system>clock>domain (id)> source (src-id)# hold-off
<seconds>
Wait-to-Restore Time
The wait to restore time ensures that a previous failed synchronization source is
only again considered as available by the selection process if it is fault free for a
certain time.
In QL-disabled mode after deactivation of signal fail, it remains false for the wait
to restore time before signal fail false is passed to the selection process. In the
meantime, signal fail true is passed to the selection process.
In QL-enabled mode after a change of the quality level from QL-FAILED to any
other value, the quality value QL-FAILED is maintained for the wait to restore
time before the new QL value is passed to the selection process. In the
meantime, the quality level QL-FAILED is passed to the selection process.
Separate wait to restore timers are used for each input to a selection process
(nominated source).
The wait to restore time is user configurable (user configuration) in the range of
0 to 12 minutes in steps of 1 minute for all inputs of the selection process in
common using the following CLI command. The default value is 5 minutes.
configure >system>clock>domain (id)> source (src-id)#
wait-to-restore <seconds>
Each wait to restore timer can be cleared with a separate (user) Clear command
using the CLI command shown below. If a wait to restore timer is cleared the new
QL value (in QL-enabled mode), or signal fail value (in QL-disabled mode), is
immediately passed to the selection process.
configure >system>clock>domain (id)> source (src-id)#
wait-to-restore-clear //command
A new WTR state status was added to the source/show status command to
give the user more clarity regarding the current WTR state of each
synchronization source.
configure >system>clock>domain (id)> source (src-id)# show status
.
.
.
WTR State : { Inactive | Running }
1 highest
2 |
3 |
: |
K lowest
Notes The priority value is not ordered numerically. The following relation is present:
"1" > "2" > "3" > .. >"K"
The assigning of equal priorities to synchronization sources, in order to allow
for non-revertive operation, does not allow for a predefined initialization state
of known synchronization configuration following failure of a higher priority
source.
The CSM synchronization source ports priority is configured by the user using the
following CLI command:
configure >system>clock>domain (id)> source (src-id)#no
priority <num> ock-
// If no option is chosen, then this source is not taken to the
selection process
External Commands
Several external commands are available to the user via the products
management level (e.g. for maintenance purposes). These commands are
independent and have different impact on the selection processes.
The activation and deactivation of external commands associated with the
synchronization selection process are defined below. Furthermore, only one of
these external commands is active at a time as per the selection process.
Clear Command
A clear (CLR) command clears the forced switch and manual switch commands.
Note A forced switch command to a synchronization source #p, which is in the SF state
or has a QL of DNU in QL enabled mode, results in the network element entering
holdover.
A new Force switch state status was added to the domain/show status
command to give the user more clarity regarding the current Force switch state
of the clock domain.
configure >system>clock>domain (id) # show status
.
.
.
Force Switch: {InActive | Active}
The Manual switch state status is available under the domain/show status
command to give the user more clarity regarding the current Manual switch
state of the clock domain.
configure >system>clock>domain (id) # show status
.
.
.
Manual Switch: {InActive | Active}
To switch the CSM back into QL-enabled mode the following CLI command should
be used. Through this CLI command the user also configures the QL_minimum
level used for the T4 squelching mechanism.
configure >system>clock>domain (id)# quality min-level {level}
QL-enabled Mode
In QL-enabled mode the following parameters contribute to the selection
process:
Quality Level
Signal fail via QL_FAILED
Priority
External commands
If no overriding external commands are active, the algorithm selects the reference
with the highest quality level, which is not experiencing a signal fail condition. If
multiple inputs have the same highest quality level, the input with the highest
priority is selected. For the case that multiple inputs have the same highest
priority and quality level, the current existing selected reference is maintained if it
belongs to this group, otherwise an arbitrary reference from this group is
selected.
If no input could be selected, the CSM moves the SEC/EEC to holdover state while
distributing the internal oscillator QL level towards the output synchronization
interfaces (T4 immediately moves to squelch mode).
QL-disabled Mode
In QL-disabled mode the following parameters contribute to the selection
process:
Signal fail
Priority
External commands
If no overriding external commands are active, the algorithm selects the reference
with the highest priority which is not experiencing a signal fail condition. For the
case that multiple inputs have the same highest priority, the current existing
selected reference is maintained if it belongs to this group, otherwise an arbitrary
reference from this group is selected.
If no input could be selected, the CSM moves the SEC/EEC to holdover state (T4
immediately moves to squelch mode).
techniques should be used within network elements and SASEs that might open
the potential loop. Some of these are described hereafter that affect the
synchronization distribution functionality within a product.
T1530620-99
Figure C-3. RAD CSM Automatic DNU Generation Towards NE with SEC/EEC Timing
The clock source identifier CSid has been introduced to support the above feature
as shown in Figure C-3. To each transport and station clock input port a unique
CSid is assigned. This ID is processed in the CSM together with the clock and
quality level of the port. The CSid of the selected source for the SEC/EEC is
distributed to all output ports. If a transport output port receives the same CSid
as its associated input port the outgoing is set to DNU.
input port uses, in this case, the remote CSid (from the station clock output) as
CSid for the clock signal to the selection process (RI_CS = CI_CS) instead of its
own CSid (MI_CSid). This results in DNU insertion in the traffic output port
associated with the traffic input port used as source for the station clock (see
Figure C-4). If the station clock output is squelched or set to AIS, the remote CSid
is replaced by the own CSid (MI_CSid) and the automatic DNU insertion in the
traffic output port associated with the traffic input port used as source for the
station clock is removed (see Figure C-5).
SASE
station clock
active ports
RI_CS=1
output
MI_CSid=5
input
NEy
NEx NEz
CI_CS=1 CI_CS=1
MI_CSid=1 MI_CSid=3
SSM=0010 CI_CS=1 CI_CS=3
input input
T1530660-99
Figure C-4. Automatic DNU Generation in RAD CSM with SASE/BITS Timing (SSM/QL not Supported)
SASE
station clock
squelched/AIS ports
RI_CS=none
output
MI_CSid=5
input
NEy
NEx NEz
CI_CS=1 CI_CS=5
MI_CSid=1 MI_CSid=3
SSM=1011 CI_CS=1 CI_CS=3
input input
T1530670-99
Figure C-5. Removal of Automatic DNU Generation in RAD CSM with SASE/BITS Timing (SSM/QL not
Supported)
Delay Times
The following delay times are respected by the CSM module:
1. Holdover message delay THM This delay applies when the CSM (SEC/EEC)
switches to holdover because of loss of signal of the input reference and lack
of any other available reference. When this event occurs, the CSM (and
SEC/EEC) goes immediately into holdover but changes the output SSM to the
holdover code after a delay which has been defined to be between 500 ms
and 2000 ms.
2. Non-switching message delay TNSM This delay applies when the QL of the
selected synchronization source changes but no switchover to another source
is performed by the CSM. The outgoing SSM follows this change at the input
within a time defined to be less than 200 ms.
3. Switching message delay TSM This delay applies when a new synchronization
source is selected by the CSM. The output SSM change, if any, is done after a
delay that has been defined to be between 180 ms and 500 ms.
ESMC Support
If the interface type of the clock is Ethernet, that the CSM supports ESSM
(Ethernet SSM) messages transmission and reception for this port as per ITU-T
Recommendation G.8264.
Note 1: Bit 7 is the most significant bit of Byte 21. Bit7 to bit 4 (bits 7:4) represent the four bit version
number for the ESMC.
Note 2: The three least significant bits (bits 2:0) are reserved.
ESSM is sent with the slow protocol multicast MAC address (01 80 C2 00 00 02),
slow protocol Ethernet type (8809) and a specific sub type (0x0A). The OUI, ITU
subtype and version field values are shown in Table C-12. The E bit designates
the event that is the QL value changed. The R symbol designates the reserved
field.
The payload of the PDU contains one TLV 2 defined by the standard QL TLV. The
format of this TLV is given in Table C-13.
1 8 bits Type:0x01
Note 1: Bit 7 of Octet 4is the most significant bit. The least significant nibble, bit 3 to bit 0
(bits 3:0) contain the four bit SSM code.
The codes to be used for Synchronous Ethernet SSM are: EEC1=1011 and
EEC2=1010 as defined in ITU-T Recommendation G.8264.
2
Future ESMC applications may require additional TLVs.
In Auto operational mode, the selection between the clock states is done
automatically depending on the quality and availability of the incoming reference
signal and the selected QL mode.
When in Auto operational mode, a forced holdover command would force the
CSM to move into the Holdover operational mode (Holdover state) regardless of
the current clock state.
In QL-enabled mode, the Locked state is automatically selected if the incoming
reference is not in the signal fail state (SSF = false) and the quality level of the
incoming reference is better or equal to the configured QL_minimum level.
The Holdover state is automatically selected without delay when the incoming
reference goes into the signal fail state (SSF = true) or the quality level of the
incoming signal is lower than the configured QL_minimum level. The Holdover
state is left when both the signal fail clears (SSF = false) and the quality level of
the incoming signal is equal or better than the configured QL_minimum level.
In QL-disabled mode the Locked state is automatically selected if the incoming
reference is not in the signal fail state (SSF = false). The Holdover state is
automatically selected when the incoming reference goes into the signal fail state
(SSF = true).
The CSM state can be forced by the user using the following CLI command:
configure >system>clock>domain (id)# mode { auto | free-run |
holdover } //default auto
Note For detailed information regarding the CSM CLI, refer to Chapter 4.
configure
system
clock
domain
- master
- fallback
-source
station
The Master and Fallback Clocks are kept for the backward compatibility with the
existing old projects, in order to have just one Clock XML file. TBD
QL Minimum:
configure >system>clock>domain (id)# no quality
configure >system>clock>domain (id)# quality min-level {level}
// level {lprc, ssu-a, ssu-b, sec, dnu } // option I
// {prs, stu, st2, tnc, st3e, st3, smc, st4, dus} // option II
// {unk, sec} // option III.
HW inputs monitoring:
configure >system>clock>domain (id)># max-frequency-deviation <value>
// value in units of 0.01 ppm in the range of 381-6096 (3.81 ppm to 60.96 ppm).
// the value configured here is effective for all HW inputs.
// the default value is 1524.
Operational mode:
Synchronization of T4 on T0:
configure >system>clock>domain (id)# [no] force-t4-as-t0 //project dependent
Note
This command causes T4 clock output to be fed by DPLL T0 and to be locked on
the same source as T0.
External commands:
configure >system>clock>domain (id)# force < source-id >
configure >system>clock>domain (id)# manual < source-id >
configure >system>clock>domain (id)# clear
Notes
Command force never becomes inactive; even if the input is in SSF state only
clear deactivates it
Command manual becomes inactive if the input is SSF or QL changed
Command clear deactivates all commands; it returns to auto mode and cancels
force and manual.
System Clock: {source id} {quality} {state} // state has values: holdover, free-run
and locked.
Station-out Clock: {source id} {state} // state has values locked or unlocked
Force Switch: {InActive | Active}
Manual Switch: {InActive | Active}
configure >system>clock>domain (id)> source (src-id)# show status
Status: { ok, physical-fail, monitoring-fail, esmc-fail }
Tx quality: {ql }
Rx quality: {ql }
ESMC state: { locked | unlocked } // masked if disabled
WTR State : { Inactive | Running }
Notes
Tx and Rx quality and ESMC state are visible only for quality enabled mode.
ESMC state is visible only for Ethernet port type.
Tx quality is visible only if Tx SSM is enabled for this port.
International Headquarters
24 Raoul Wallenberg Street
Tel Aviv 69719, Israel
Tel. 972-3-6458181
Fax 972-3-6498250, 6474436
E-mail market@rad.com
www.rad.com