TER36089 - V1.0 SG R1.0 Ed1

TER36098
TER36098_V1.0-SG-Ed1
All Rights Reserved © 2015, Alcatel-Lucent

Lab 1: starting up Lab 7: Service Layer
Lab format Customer create
Autocomplete Port preparation
Search commands MTU
Log on Full mesh SDP’s
Boot Option File OAM
File system and boot cylce BGP tunnels
BGP-tunnels
NTP
Lab 8: EPIPE
Lab 2: Physical layer EPIPE configuration
Chassis mode Verification
Card – MDP – Port activation
Script file creation Lab 9: VPLS
Transactional CLI VPLS configuration
Verification
Lab 3: IP layer
System and network interfaces Lab 10: VPRN
VPRN configuration
Lab 4: IGP Verification
OSPF
ISIS Lab 11: IES
Routing and Policy distribution IES configuration
BFD Verification
Lab 5: MPLS
Lab 12: QoS
LDP
Classification
LDP FRR (Loop Free Alternate)
queues
LDP-shortcut
scheduler
RSVP-TE
Limiting oversubscription
Lab Extra: tips and tricks
FRR
CLI ranges
RSPV-shortcut
Enumerated ranges
Referenced ranges
Lab 6: BGP
Environment create
Configure iBGP
Environment reduce prompt
Route Reflector
History
Route Policy Statement
p
Search improvement
Prefix list
Configure eBGP
Policy import/export
Communities
Color legend in this lab guide:
*A:PE42>config>
------------------------ Configuration display
*A:S41# show bof

======================== Show commands
>> Incoming OSPF packet Debug commands

Lab Instruction Format
Note: The following information explains the format used for the labs and is for information
purposes only.
The CLI system prompt is shown in bolded text followed by # or $, for example:
Node#
or
In case you are ready sooner then
Node>config>system>security# the other participants in any of
the labs we will do, an optional
chapter with CLI tips and tricks is
The CLI command string is shown in unbolded text. available at the end.
Node# show time

Node# configure system name <PEx> 
<PEx> is the string (in this case the name of the routers), you do not need to type the <>, in this case
the name must be replaced by your string, e.g PE41. In this example:
Node# configure system name PE41
Many of the exercises will be explained using example configuration.

The info command shows us the configuration at the pwc (present working context)
PWC is interface to41

Example:
*A:PE42>config>router# interface "to41"

*A:PE42>config>router>if# info
----------------------------------------------
address 10.41.42.2/24
port 1/1/2
----------------------------------------------
configuration
To view the entire configuration file:
p y g
Node# admin display-config
NOTE: Not all commands are mandatory in this lab guide (like show and info), but you will build a
network and the underlying layers must be configured before proceeding to the next lab.

Auto-complete
3 ways to auto-complete commands
Command completion can be achieved by:
Abbreviation, if keystrokes entered are unique enough. The command is auto-

completed and activated
Node>config# ro [ENTER]
Node>config>router#
Tab Key or Space Key to auto-complete the command.

The command is auto-completed
Node>config# ro [SPACE]
Node>config# router
Node>config# ro [TAB]
TAB will also auto-complete on
Node>config# router strings/names
If match is not unique CLI will display possible matches:

Node>config# r [TAB]
redundancy router
Help: use <?>
If you get stuck in commands, try the question mark, it will display all possible option with basic
explanation.
A:PE42# configure router ?

- router [<router-name>]
<router-name>
<router name> : "Base"|"management"
Base | management Default - Base
[no] aggregate - Create/delete an aggregate route

[no] allow-icmp-red* - Allow or drop ICMP Redirects received on the management interface
[no] allow-icmp6-re* - Allow or drop IPv6 ICMP Redirects received on the management interface
[no] autonomous-sys* - Configure the AS number for the router
[no] bgp + Create/Configure or delete BGP instance
[no] confederation - Create/delete confederation autonomous systems within an AS
dhcp + Configure local DHCP servers
dhcp6 + Configure local DHCPv6 servers
…
Detailed info will pop up. The command stays at it‘s PWC

Searching commands
Tree search
The tree view in our CLI allows us a quick overview of possible commands.
Tree flat allows us to search commands.
This way, only keywords need to be remembered to find back the command line in SR-OS.
A:Core49# tree flat

admin
admin application-assurance
admin application-assurance upgrade
admin certificate
admin certificate display
admin certificate export
admin certificate gen-keypair
admin certificate gen-local-cert-req
admin certificate import
admin certificate reload
admin compare
admin debug-save
…
Since the list of commands is very large, narrow it down with match commands. | match <string>
Example, you want to find all OSPF Neighbors this router has, but you do not know the command.
Multiple match
*A Core49# tree flat | match ospf | match sho

*A:Core49# show
show router ospf
show router ospf area
show router ospf database
show router ospf interface
show router ospf lfa-coverage
show router ospf neighbor
show router ospf opaque-database
show router ospf range
show router ospf routes
Now try to find following commands:

Hint: You can repeat the previous commands using arrow up/down
- All OSPF debug commands
- How to display the route table

Log In to Your Node
1. Fill in the IP addresses of the management Ethernet ports and the port numbers of the network
ports for each PE in the network diagram drawing at the end of the module. Make sure these
Management IP-addresses, provided by the instructor, match the respective Node. You can ping
the address from you workstation and verify the activity on the management Ethernet port that
was assigned to you.
2. Check the wiring on the hardware to find the network port numbers.
3. Telnet from your workstation to your assigned Node using the management Ethernet port IP
address configured in the BOF.
Note: By default, Telnet is disabled. This means that the attempt to connect to the PE using Telnet
will
ill ffail.
il Use SS
SSH to connect to your P
PE. The
h username and d password
d iis “
“admin”.
d i ”
4. Verify your SSH connection. Can you see your connection? Does the Remote address match your
workstation’s IP-address?
Node# show system security ssh 

Node# show system connections 
5. After the SSH connection is established, enable the Telnet-server and retry Step 2. The Telnet
connection should now be allowed.
Node# configure 
Node>config# system 
Node>config>system# security 
Node>config>system>security# telnet-server 
6. Verify your configuration.
Node>config>system>security# info 
Note: The “info” command shows the most important, often non-default, settings within a
configuration context. The “info detail” command shows ALL settings, including the default,
within a configuration context.
7. Verify your Telnet connection (see step 4). What has changed in the Connections-list?

Set the Login Settings
1. Change the login idle timeout (default 30 minutes).
Node# configure system login-control idle-timeout 500 
BOF (Boot Option File)
Note: When a 7705 SAR and 7750 SR boots up, it executes the boot loader (boot.ldr) located on the
Compact Flash card CF3:, then loads the BOF (bof.cfg), also on CF3:, which tells the router where
to find the image (.tim files) and configuration files (.cfg files). The bof also configures the
management Ethernet and serial console ports (default serial port speed 115200) and activates
persistence, used for the SAM application.
1. Check the BOF file (Warning, do not change anything)
*A:S41# show bof

============================================================================
BOF (Memory)
============================================================================
primary-image ftp://*:*@172.31.77.40/./images/7750/FINAL12/i386-both.tim
primary-config ftp://*:*@172.31.77.40/./config/41/41.cfg
address 172.31.77.41/24 active
primary-dns 138.203.145.134
dns-domain sh.bel.alcatel.be
static-route 0.0.0.0/1 next-hop 172.31.77.1
static route
static-route 128
128.0.0.0/1
0 0 0/1 next
next-hop
hop 172
172.31.77.1
31 77 1
autonegotiate
duplex full
speed 100
wait 3
persist on
no li-local-save
no li-separate
console-speed 115200
============================================================================

File system and boot cycle
Note: if working wiht SIM’s (in training environment), this exercise cannot
be fully executed. Most likely the files will be on an ftp server.
Node# file 
Byy default,, compact
p flash 3.
Node>file cf3:\ #
Node>file cf3:\ # dir 

NTP (Network Time Protocol)
Time and date is important in a node (e.g. Alarm timestamp). It is also important that all nodes have
the same date and time configured.
We can configure the time and date of the node manually, or we can use an NTP server.
g
Configure the NTP server ((138.203.68.208 )).
Before configuration:
*A:S41# show system ntp
============================================================================
NTP Status
============================================================================
Configured : No
============================================================================
Configuration example:
*A:S41>config>system>time#
g y # info
----------------------------------------------
ntp
server 138.203.68.208
no shutdown
exit
Run the show command again:
*A:S41>config>system>time# show system ntp
============================================================================
NTP Status
============================================================================
Configured : Yes Stratum : -
Admin Status : up Oper Status : up
Server Enabled : No Server Authenticate : No
Clock Source : none
Auth Check : Yes
Current Date & Time: 2014/11/14 12:05:18 UTC
============================================================================
Try also
Node# show system ntp all 
Node# show system ntp detail 

Configure Chassis Mode and System Redundancy
Chassis Mode does not apply to the SAR or SAS, 7950 XRS. Mainly used in 7750 SR family.
Chassis mode has an effect on the operation of the router (e.g. if IPv6 is supported).
Depending on the chassis type and IOM type, the following modes can be configured:
Chassis Mode A: This mode corresponds to scaling and feature set associated with iom-20g
Chassis Mode B: This mode corresponds to scaling and feature set associated with iom-20g-b
Chassis Mode C: This mode corresponds to scaling and feature set associated with iom2-20g
Chassis Mode D: This mode corresponds to scaling and feature set associated with iom3-xp
When configuring
Wh fig i g a chassis
h i mode,d use ChChassisi M
Mode
d th
thatt aligns
lig with
ith th
the earliest
li t ggeneration
ti off IOM
installed. If the chassis mode is not explicitly provisioned in the configuration file, the chassis will
come up in Mode A by default.
In Mode A:
iom-20g-b comes online if provisioned as iom-20g or iom-20g-b
iom2-20g comes online if provisioned as iom-20g, iom-20g-b or iom2-20g
iom3 comes online if provisioned as iom3
Note: All IOMs must be IOM3-XP or IMMs in order to configure chassis mode D.
1. Set the chassis mode to mode d.

IPAxx# configure system chassis-mode <b|c|d> 
2. Show the chassis mode.

IPAxx# show chassis 
System redundancy applies if redundant SF/CPM cards are available.
Alcatel-lucent routers feature redundant SF/CPMs to provide the highest possible reliability. You
must configure the routers to synchronize the configuration between the active and standby control
cards Once you do,
cards. do the routers employ the Alcatel-Lucent high availability features including Non-
stop routing (NSR) and Non-stop services (NSS).
Configure redundancy.
IPAxx# configure redundancy synchronize config 
4. Manually synchronize the boot.ldr, the bof.cfg, the images and the saved configuration file.
IPAxx# admin redundancy synchronize boot-env 

Activate the IOMs, MDAs and MDA ports
1. Verify the state of the IOMs. How many IOMs are provisioned?
PEx# show card 
Note: The “show

show card detail
detail” command provides more detail information and includes detail
information on the flash cards as well.
2. Provision the IOMs and verify the new state as shown in step 1. What is the state now?
PEx# configure card <1> 

PEx>config>card# card-type <equipped card-type> 
3. Verify the state of the MDAs. How many MDAs are provisioned?
PEx>config>card# show mda 
4. Provision the MDAs and verify the new state as shown in step 1. What is the state now?
PEx>config>card# mda <1> 

PEx>config>card>mda# mda-type <equipped mda-type> 
5. Verify the state of the ports. What is their state?
PEx# show port 
6. Enable the ports.  The lab diagram shows you the ports we will use
PEx# configure port <X/X/X> no shutdown 
Note: you can enable each port one by one, or use a range command to enable a series of ports.
PEx# configure port <X/X/[Y..Z]> no shutdown 
Note: The brackets denoting the range of ports. Auto-completion does not work after closing the
bracket.
7. Verify that all the ports shown in the network diagram are Administratively and Operationally UP
and are configured as network ports (mode) (see step 5).
5) What is their MTU size?

Result
Try the show port command and check if all links between the routers are up and running.
*A:PE42# show port
==========================================================================
Ports on Slot 1
===========================================================================
Port Admin Link Port Cfg Oper LAG/ Port Port Port C/QS/S/XFP/
Id State State MTU MTU Bndl Mode Encp Type MDIMDX
---------------------------------------------------------------------------
1/1/1 Up Yes Up 1578 1578 - netw null xcme MDI
1/1/4 Down No Down 1578 1578 - netw null xcme
1/1/10 Up Yes Up 1514 1514 - accs null xcme MDI
Note: On the 7750SR, all Ethernet port default as network ports.

On the 7705SAR, the Ethernet ports default as access ports.
Creating a script file
Example: LLDP (link Layer Discovery Protocol)
When we use Ethernet for our transport,

transport like in this case,
case we can activate LLDP
LLDP.
An Ethernet port configured with LLDP will look like this:
*A:PE42>config>port# info
----------------------------------------------
ethernet
lldp
dest-mac nearest-bridge
g
admin-status tx-rx
notification
tx-tlvs port-desc sys-name sys-desc sys-cap
tx-mgmt-address system
exit
exit
exit
no shutdown
----------------------------------------------

We can create a script file in a txt format, and past the configuration.
Open a txt file on your windows computer.
Type or copy the correct configuration.

Copy-Past the desired configuration and
make sure the correct port numbers are
configure used. The text file can now be pasted in
port 1/1/1 the CLI context. Mind the correct starting
ethernet context.
lldp
admin-status tx-rx
notification
exit
exit
exit
no shutdown
exit
port 1/1/2
ethernet
lldp
admin-status tx-rx
notification
exit
it
exit
exit
no shutdown
exit
A i
Activate LLDP on all
ll E
Ethernet
h iinterfaces
f used
d iin our setup ((see llab
b di
diagram).
)

Purpose of rollback functionality is to undo changes without:
• reverting everything manually (shutdown xxx, no xxx, back, ...)
• rebooting the whole node (maybe after editing the config)
“Checkpoints” can be set whenever you feel that one might be needed later on to:
• Return to these checkpoints with a single command
• Useful in case of accidental misconfigurations or for lab environments
Revert
Compare
A ti config…
Active fi Ch
Changes made…
d
Checkpoint created: Checkpoint created:

Rollback save Rollback save
First thing we should do, specify the rollback location:

*A CORE48
*A:CORE48>config>system>rollback#
fi llb k# rollback-location
llb k l i 
i cf1:/My-Location
f1 /M L
No extension required, the standard extension .rb will be added.
*A:CORE48# admin rollback save 

Saving rollback configuration to cf1:/My-Location.rb ... OK
Our first checkpoint is set. Now let’s change the config: e.g. change the system name. Save a second
rollback checkpoint.
*A:CORE48# configure system name Core48 

*A:Core48#
A:Core48# admin rollback save 
*A:Core48#

Compare rollback
We can now compare the rollback checkpoints.
*A:Core48# show system rollback
===============================================================================
Rollback Information
===============================================================================
Rollback Location : cf1:/My-Location
Max Local Rollback Files : 10
Max Remote Rollback Files : 10
Save
Last Rollback Save Result : Successful
Last Save Completion Time : 2015/03/16 09:24:54 UTC
Revert
In Progress : No
Last Revert Initiated User : admin
Last Revert Checkpoint File: cf1:/MyLocation.rb.1
Last Revert Result : Successful
Last Revert Initiated Time : 2015/03/16 09:05:26 UTC
Last Revert Completion Time: 2015/03/16 09:05:29 UTC
Delete
Last Rollback Delete Result: None
===============================================================================
Rollback Files
===============================================================================
Idx Suffix Creation Time Release User
Comment
-------------------------------------------------------------------------------
latest .rb 2015/03/16 09:24:51 UTC B-12.0.R6 admin
1 .rb.1
b 1 2015/03/16 09
09:24:24
24 24 UTC BB-12.0.R6
12 0 R6 admin
d i
-------------------------------------------------------------------------------
No. of Rollback Files: 2
===============================================================================
*A:Core48# admin rollback compare latest-rb to 1

Processing cf1:/My-Location.rb ... 2.270 s
Processing cf1:/My-Location.rb.1 ... 1.260 s
----------------------------------------------
configure
system
+ name "Core48"
- name "CORE48" You can see what is added and
exit what is removed.
exit
----------------------------------------------
Finished in 3.560 s
Step back to the ‘old’ configuration:
*A:Core48# admin rollback revert 1

Restoring rollback configuration cf1:/My-Location.rb.1
Processing current config... 0.060 s
Processing "cf1:/My-Location.rb.1" ... 2.310 s
Resolving Dependencies... 0.040 s
Tearing setup down... 0.000 s The number specifies
p the
R b ildi
Rebuilding setup...
t 0
0.010
010 s
Finished in 2.430 s rollback.
*A:CORE48#

Every configured CLI change is immediately applied to the active configuration.
SR-OS also allows Transactional CLI: Move candidate CLI configuration to the active configuration by means of the
‘commit’ command and have rollback checkpoint created in order to undo changes quickly.
It is recommended to work in mode ‘exclusive’ allowing just one user to configure the candidate config.
*A:PE-12# candidate edit exclusive
*A:PE-12>edit-cfg# configure
*A:PE-12>edit-cfg>config#
: ed t c g co g# filter
te ip-filter
p te 100 c
create
eate
*A:PE-12>edit-cfg>config>filter>ip-filter# entry 10 create
*A:PE-12>edit-cfg>config>filter>ip-filter>entry# match 10.0.0.0/8
*A:PE-12>edit-cfg>config>filter>ip-filter>entry>match# exit
*A:PE-12>edit-cfg>config>filter>ip-filter>entry# action forward
*A:PE-12>edit-cfg>config>filter>ip-filter>entry# exit
*A:PE-12>edit-cfg>config>filter>ip-filter# exit all
*A:S48>edit-cfg#
*A:S48>edit-cfg# candidate view
----------------------------------------------
1: configure The info command will not
2: filter
3: ip-filter "10" create
work in edit move.
4: entry 10 create
5: match
6: src-ip "10.0.0.0/8"
7: exit
8:*
8: action forward
9: exit
10: exit
11: exit
12: exit
----------------------------------------------
*A:S48>edit-cfg#
*A:S48>edit-cfg# candidate commit
Saving checkpoint file... OK
INFO: CLI Successfully executed 12 lines in 0.000 s.
*A:S48#

Config is entered line by line in the candidate config.
When each line is entered a basic validation and syntax check is made. For example, if an object is
referenced that does not exist, an error is generated and remedial action can be taken (QoS policies, IP
filters, etc),
Note that the errored config remains in place – i.e. the system will warn you about the error, but still
allows it to remain in the candidate edit config.
Create an interface and add a filter that does not exists:
*A:Edge10# candidate edit exclusive

*A:Edge10>edit-cfg# configure router interface new
*A:Edge10>edit-cfg>config>router>if# port 1/1/10
*A:Edge10>edit-cfg>config>router>if# ingress filter ip 23
WARNING: CLI Line 6: Referencing non-existing
non existing object '23'.
23 .
*A:Edge10>edit-cfg>config>router>if#
*A:Edge10>edit-cfg>config>router>if# candidate view
----------------------------------------------
4: port "1/1/10"
5: ingress This command deletes the last
6 *
6:* fil
filter ip
i "23" line.
7: exit
----------------------------------------------
*A:Edge10>edit-cfg>config>router>if# candidate delete
INFO: CLI Removed 1 line: 'filter ip "23"'.
Add an non existing filter and try to commit the candidate.
*A:Edge10>edit-cfg>config>router>if# candidate commit

Error at line 6: Command 'filter ip "1"' failed in 'configure router
interface "new" ingress'
INFO: PIP #1229 Ingress filter-id
filter id check/scope failed
Reverting changes...
Processing "checkpoint tree" 0.000 s
Resolving Dependencies... 0.040 s
Tearing setup down... 0.000 s
Rebuilding setup... 0.010 s
Finished in 0.090 s
MINOR: CLI Commit failed and has been reverted.
The whole configuration will not be accepted if it fails.

To edit a candidate configuration also following commands are available.
*A:Edge10>edit-cfg>config# back
*A:Edge10>edit-cfg# candidate view
----------------------------------------------
1: configure You would like to change this
2: router port. Configuration is at line 4
3: interface "new"
4: port "1/1/10"
5: ingress
6:* filter ip "1"
7: exit
8: exit
9: exit
10: exit
----------------------------------------------
*A:Edge10>edit-cfg# candidate goto 4
*A:Edge10>edit-cfg>config>router>if# candidate replace
*A:Replace by: port 1/1/12
INFO: CLI Added 1 line: 'port "1/1/12"'. Text edit the line
INFO: CLI Removed 1 line: 'port "1/1/10"'.
Change port 1/1/10 to port 1/1/12
Info is not available as we have seen, but try also following command:
*A:PE-12>edit-cfg>config>service>ies# info operational 
Also try following commands:
*A:Edge10>edit-cfg>config>router>if# candidate discard

WARNING: This action is irreversible. Are you sure you want to
proceed (y/n)?
*A:S41>edit-cfg>config>router>if# candidate commit confirmed 1

Saving checkpoint file.. OK
INFO: CLI Successfully executed 6 lines in 0.000 s.
INFO: CLI The changes will be auto-reverted in 1 minutes (02/24/2015
12:55:19) unless they are confirmed.
*A:S41>edit cfg>config>router>if# candidate confirm
*A:S41>edit-cfg>config>router>if#
*A:S41>config>router>if#

Every transactional edit that is committed creates a rollback automatically.
It is possible to use these files as normal rollback files (compare – revert...)
*A:CORE48# show system rollback
===============================================================================
Rollback Information
===============================================================================
Rollback Location : cf1:/My-Location
Max Local Rollback Files : 10
Max Remote Rollback Files : 10
Save
Last Rollback Save Result : Successful
Last Save Completion Time : 2015/03/16 09:24:54 UTC
Revert
In Progress : No
Last Revert Initiated User : admin
Last Revert Checkpoint File: cf1:/My-Location.rb.1
Last Revert Result : Successful
Last Revert Initiated Time : 2015/03/16 09:35:02 UTC
Last Revert Completion Time: 2015/03/16 09:35:04 UTC
Delete
Last Rollback Delete Result: None
===============================================================================
Rollback Files
===============================================================================
Idx Suffix Creation Time Release User
C
Comment
t
-------------------------------------------------------------------------------
latest .rb 2015/03/16 09:41:08 UTC B-12.0.R6 admin
Candidate commit checkpoint
1 .rb.1 2015/03/16 09:24:51 UTC B-12.0.R6 admin
2 .rb.2 2015/03/16 09:24:24 UTC B-12.0.R6 admin
-------------------------------------------------------------------------------
No. of Rollback Files: 3
===============================================================================
*A:CORE48#

In case you are ready with the port configuration, and the other participants are not, please read
through the following extra information:
Hybrid ports — Configured for access and network facing traffic. While the default
mode of an Ethernet port remains network, the mode of a port cannot be changed
between the access/network/hybrid values unless the port is shut down and the
configured SAPs and/or interfaces are deleted. Hybrid ports allow a single port to
operate in both access and network modes. MTU of port in hybrid mode is the same as
in network mode except for the 10/100 MDA. The default encap for hybrid port mode
is dot1q; it also supports QinQ encapsulation on the port level. Null hybrid port mode
is not supported.
Once the port is changed to hybrid, the default MTU of the port is changed to match
the value of 9212 bytes currently used in network mode (higher than an access port);
this is to ensure that both SAP and network VLANs can be accommodated. The only
exception is when the port is a 10/100 fast Ethernet. In those cases, the MTU in hybrid
mode is set to 1522 bytes, which corresponds to the default access MTU with QinQ,
which is larger than the network dot1q MTU or access dot1q MTU for this type of
Ethernet
h port. The
h configuration
f off all
ll parameters in access and
d network
k contexts will
ll
continue to be done within the port using the same CLI hierarchy as in existing
implementation. The difference is that a port configured in mode hybrid allows both
ingress and egress contexts to be configured concurrently.
An Ethernet port configured in hybrid mode can have two values of encapsulation
t
type: d
dot1q
t1 and
d QinQ.
Qi Q The
Th NULL value
l iis nott supported
t d since
i a single
i l SAP iis
allowed, and can be achieved by configuring the port in the access mode, or a single
network IP interface is allowed, which can be achieved by configuring the port in
network mode. Hybrid mode can be enabled on a LAG port when the port is part of a
single chassis LAG configuration. When the port is part of a multi-chassis LAG
configuration, it can only be configured to access mode since MC-LAG is not
supported
t d on a network
t k portt and
d consequently
tl iis nott supported
t d on a h
hybrid
b id port.
t Th
The
same restriction applies to a port that is part of an MC-Ring configuration.

Configure
g the System
y Interface
The system interface represents the router at IP level, within the network.
System interfaces can be used to address a router
System: 10.6.0.42/32
S
System: 10
10.6.0.41/32
6 0 41/32
System: 10.6.0.43/32
Note: The system interface identifies each node within a network as a logical entity. It is a loopback
p
interface with no physical port assigned to it. This way, when a port should go down, the system
interface can still be available in the network.
Warning: Dual stack (ipv4 and ipv6) addresses will be configured for the system interfaces.
Dual stack for all other interfaces is optional since multiple scenario’s for IPv6 are possible.
(D l stack,
(Dual t k 6PE,
6PE 6VPE
6VPE, CGNAT
CGNAT…))
For the sake of simplicity, IPv4 is used during the construction and setup of further exercises.

IPv4 and IPv6 address plan
p
1. Study the address planning we will use for IPv4 and IPv6 addressing.
10.6.0.41/32
3ffe::1:41/128
The box number (x) will be used in the

construction of the System address for IPv4 and
IPv6.
10.6.0.x/32
3FFE::1:x/128
For IPv4 we will use following plan:
For the interface addresses, a

similar way to derive the address
from the box number:
- Take always the lowest number

first (in this example .41).
- The
Th llast octet iis 1 on the
h llowest
box. 2 on the highest box.
For IPv6 we will follow a different strategy using eui-64

Configure the System Interface
Since we will be working with IPv6, change chassis mode:
PEx>config> system chassis-mode c (or d)

(minimum)
network
1. Configure the System Interface (‘system’ is a fixed reserved name to identify the node in a
network topology).
PEx# configure router 

co g oute # interface
PEx>config>router# system 
te ace syste
PEx>config>router>if# address <10.6.0.X>/32 
Config>router>if# system ipv6 3FFE::1:X/128 
Repeat these steps for all the devices.
2. Verify the state of the configured system interface. Make sure that the interface is
administratively and operationally UP.
PEx# show router interface 
*A:edge41>config>router# info
…
interface "system"
address 10.6.0.41/32
ipv6
address 3FFE::1:41/128
exit
exit

Configure the Network Interfaces
Interface To-router-B Interface To-router-A

10.41.42.1/24 10.42.43.1/24
Port 1/1/1 Port 1/1/2
00-12-79-22-22-22 00-12-79-33-33-33
1. Configure the network interfaces as shown in the lab diagram.
PEx# configure router 

PEx>config>router# interface <topex> 
Note: Use a name that will easily identify the interface,

interface for example <topex> where x is the PE
number of the neighboring router.
PEx>config>router>if# address <X.X.X.X/X> 

PEx>config>router>if# port <Y/Y/Y> 
Note: Use the IP-addresses and p

port numbers as shown on the lab diagram.
g
<X.X.X.X/X> = the IP-address and subnet mask of the interface.
<Y/Y/Y> = the port number of the interface.
Optional parameter: Bidirectional Forward Detection (BFD)

PEx>config>router>if# bfd 150 receive 150 multiplier 3 
((use ? to find the meaning of the p
parameters))
2. Check the router interfaces, they should all be administratively and operationally UP.
You should also be able to ping each neighbor.
*A:edge41>config>router>if# show router interface
==========================================================================
Interface
f Table
bl ( (Router: Base)
)
==========================================================================
Interface-Name Adm Opr(v4/v6) Mode Port/SapId
IP-Address PfxState
--------------------------------------------------------------------------
system Up Up/Up Network system
10.6.0.41/32 n/a
3FFE::1:41/128 PREFERRED
to_42 Up Up/Down Network 1/1/2
10 41 42 1/24
10.41.42.1/24 n/a
…
--------------------------------------------------------------------------
Interfaces : 6

Optional: Configure the Network Interfaces IPv6
1. Configure the network interfaces as shown in the lab diagram.

We are going to use FD00:BEEF:52::/48 in the first network (and FD00:BEEF:53::/48 for the second
network)
Solution: There are many ways of thinking about the subnets; you can directly
subnet to /64 or you subnet to /52. We need 10 segments but thinking binary it is
4 bits (16 segments). Recall IPv6 for global unicast has 16 bits only reserved for
sub netting. We have 16 subnets and the range between these subnets is the
hexadecimal presentation of 4096 which is 1000
1000. The First subnet starts with
FD00:BEEF:52:0000::/52 , second FD00:BEEF:52:1000::/52, next FD00:BEEF:52:2000::/52 and so on.
for this training EUI-64 is used.
PEx>config>router>if# topex ipv6 address FD00:BEEF:52:1000::/52 eui-64
Replace 0000 with the figures on the lab diagram.
The address block fc00::/7 has

been reserved by IANA as
described in RFC 4193. These
addresses are called Unique Local
Addresses (ULA). They are defined
as beingg unicast in character and
contain a 40-bit random number in
the routing prefix to prevent
collisions when two private
networks are interconnected.
Despite being inherently local in
usage, the IPv6 address scope of
unique local addresses is global.

Debugging
gg g
SR-OS offers a lot of debugging options.

We will activate a log file who will send the debugging to our screen (session).
1. Verify the routing table that should now contain the locally attached networks, including the
system interface’s IP-address. What is the preference and metric of the locally connected
networks?
PEx# show router route-table 
Note: these local destinations were manually configured, no remote addresses are known at this
point.
LOG file creation

configure log
log-id 10
from debug-trace
to session
exit
One such logfile is enough for all debugging you might start in your session.
Activate the debug-trace session for the ICMP and ARP packets.
PEx# debug router ip arp 

Pex# debug router ip icmp 
Cl
Clear and
d view
i the
h ARP cache.
h
PEx# clear router arp all 

PEx# show router arp 
4. Ping the network interfaces of the neighbouring routers. Is the ping successful if you change the
source IP-address to your system address? If not, why not?
PEx# ping X.X.X.X 
Note: the ARP and ICMP messages are going in two directions and the router’s ARP cache will be
updated with a new entry.
5 Re-evaluate
5. Re evaluate the ARP cache
cache. What is the new entry? Where is this entry coming from,
from verify with
your neighbour.

Stop
p debugging
gg g
Debug message example
1 2014/08/14 13:12:50.25 CEST MINOR: DEBUG #2001 Base PIP

"PIP: ICMP
instance 1 (Base), interface index 3 (to44),
ICMP egressing on to44:
10.6.0.42 ->
> 10.6.0.44
type: Echo (8) code: No Code (0)
"
Note: these messages will only be displayed for the duration of this session. Ending your session
stops debugging,
d b i b
but to deactivate
d i the
h ddebug:
b
PEx# no debug  (keep typing if messages mess up your screen)
Note: To see the MAC-address of a port:
PE<x># show port <X/X/X> detail 
Event log
An alternative to debugging toward your session, is to create an event log to memory.
Th example
The l bbelow
l shows
h a fil
filter that
h targets the
h icmp
i messages between
b two network
k iinterfaces.
f
The filter output is logged in memory.
*A:S46>config>filter# info In this case 200

---------------------------------------------- num-entries
log 120 create
destination memory 200
exit
ip-filter 1 create
default-action forward
entry 10 create
match protocol icmp
dst-ip 10.46.47.2/32 This filter will not
src-ip 10.46.47.1/32 block anything
exit
log
og 120
0
action forward
exit
exit
----------------------------------------------

The filter will be linked with the desired interface
*A:s46>config>router>if# info
----------------------------------------------
address 10.46.47.1/24
port 1/1/2
ingress
filter ip 1
exit
egress
filter ip 1
exit
For the output we use following show command:
*A:s46>config>router>if# show filter log 120
=============================================================================
Filter Log
=============================================================================
Admin state : Enabled
D
Description
i ti : (N
(Not
t S
Specified)
ifi d)
Destination : Memory
Wrap : Enabled
-----------------------------------------------------------------------------
Maximum entries configured : 200
Number of entries logged : 5
-----------------------------------------------------------------------------
2015/05/06 11:08:45 Ip Filter: 1:10 Desc:
Interface: tope47 Direction: Egress Action: Forward
Src MAC: 9a-2e-01-01-00-02 Dst MAC: 9a-2f-01-01-00-02 EtherType: 0800
Src IP: 10.46.47.1 Dst IP: 10.46.47.2 Flags: 0 TOS: 00 TTL: 64 Len: 84
Protocol: ICMP Type: Echo Request Code: 0
2015/05/06 11:08:46 Ip Filter: 1:10 Desc:

Interface: tope47 Direction: Egress Action: Forward
Src MAC: 9a-2e-01-01-00-02 Dst MAC: 9a-2f-01-01-00-02 EtherType: 0800
Src IP: 10.46.47.1 Dst IP: 10.46.47.2 Flags: 0 TOS: 00 TTL: 64 Len: 84
Protocol: ICMP Type: Echo Request Code: 0"

Configure
g OSPF ((Open
p Shortest Path First))
Configuration of OSPF is done at interface level. The interface is added to an OSPF area.
Example configuration. Make sure you also activate ospf toward each neighbor in the network.
- Commands in blue are optional now, will be explained and added later.
Interfaces added under the area context

*A:PE42>config>router>ospf# info belong to that area.
----------------------------------------------
loopfree-alternate
traffic-engineering
area 0.0.0.0
interface "system"
exit
interface "to41"
interface-type point-to-point
exit
interface "to44"
exit
interface "to43"
exit
interface "to47"
to47
exit
exit
----------------------------------------------
Interface type Point-to-point if directly
connected to another router.
3. Verify your configuration.
PEx# show router route-table 

PEx# show router fib 1  ( IOM card)
PEx# show router ospf status 
PEx# show router ospf area 
PEx# show router ospf interface 
PEx# show router ospf database 
Note: In this example there is one area and 5 interfaces, that can be DR (Designated Router) or BDR
(Backup Designated Router) when configured as broadcast interfaces. The system interface should
not be configured point to point. Unless otherwise specified, the default values are followed.
Loopfree alternate: is required for LDP FRR (Label Distribution Protocol – Fast ReRoute)
Loopfree-alternate:
See further.
Traffic engineering: is required for MPLS tunnels created with RSVP-TE – see further.

Showing default values
To see the default values: info detail
Try this with the system interface.

Note that the default values are not show with the info command or with the
admin display-config
System interface in ospf
*A:PE42>config>router>ospf>area>if# info detail

----------------------------------------------
passive
interface-type broadcast
advertise-subnet
priority 1
hello-interval 10
dead-interval 40
retransmit-interval 5
transit-delay 1
no mtu
no metric
no authentication-type
no authentication-key
no bfd-enable
no loopfree-alternate-exclude
no shutdown
----------------------------------------------
Also try this one:

*A:Core47# admin display-config | match ospf context all 

Debugging
gg g OSPF
Possible debug commands on OPSF:
*A:PE42>debug>router>ospf#
[no] area - Enable/disable debugging for an OSPF area
[no] area-range - Enable/disable debugging for an OSPF area range
[no] cspf - Enable/disable debugging for an OSPF cspf
[no] graceful-resta*
graceful resta - Enable/disable debugging for OSPF graceful-restart
graceful restart
[no] interface - Enable/disable debugging for an OSPF interface
[no] leak - Enable/disable debugging for external routes leaked in to OSPF
[no] lsdb - Enable/disable debugging for an OSPF link-state database (LSDB)
[no] misc - Enable/disable debugging for miscellaneous OSPF events
[no] neighbor - Enable/disable debugging for an OSPF neighbor
[no] nssa-range - Enable/disable debugging for an NSSA range
[no] packet - Enable/disable debugging for OSPF packets
[no] rsvp-shortcut - Enable/disable debugging for rsvp-shortcut
[no] rtm - Enable/disable debugging for OSPF rtm
[no]
[ ] sham-neighbor
g - Enable/disable debugging
gg g for an OSPF sham-link neighbor
g
[no] spf - Enable/disable debugging for OSPF spf
[no] tunnel-endpoint - Enable/disable debugging for an OSPF tunnel endpoint
[no] virtual-neighb* - Enable/disable debugging for an OSPF virtual neighbor
Try debugging of ospf packets.

PEx# debug router ospf packet 
Example:
>> Incoming OSPF packet on I/F to47
OSPF Version : 2
Router Id : 10.6.0.47
Area Id : 0.0.0.0
Checksum : e835
Auth Type : Null
Auth Key : 00 00 00 00 00 00 00 00
Packet Type : HELLO
Packet Length : 48 "
12 2014/08/14 13:20:38.39 CEST MINOR: DEBUG #2001 Base OSPFv2

"OSPFv2: PKT
>> Incoming OSPF packet on I/F to44

OSPF Version : 2
Router Id : 10.6.0.44
Area Id : 0.0.0.0
Checksum : 8efd
Auth Type : Null
Auth Key : 00 00 00 00 00 00 00 00
Packet Type : DB_DESC
Packet Length : 32 "

"OSPFv2: PKT DROPPED
drop reason: MTU mismatch"

"OSPFv2: PKT
PEx# no debug 
Configure
g ISIS
ISIS is configured in a rather similar way as ospf. Notice the small differences.
1. Configure IS-IS using area 49.0051

2. Add all your interfaces
*A:PE42>config>router>isis# info
----------------------------------------------
area-id 49.0051
traffic-engineering If IPv6 is configured
ipv6-routing native on the interfaces.
reference-bandwidth 100000000
level 1
wide-metrics-onlyy
exit
level 2
wide-metrics-only
exit
interface "system"
exit
interface "to41"
exit
interface "to44"
exit
interface "to43"
exit
interface "to47"
interface-type
te ace type popoint-to-point
t to po t
exit
no shutdown
----------------------------------------------
Note: It is common practice to configure the interfaces point-to-point rather than the default
broadcast to avoid the DIS overhead.
Note: With this command the reference bandwidth can be set and the metrics of the links will be
calculated: reference-bandwidth/bandwidth (In OSPF this is done by default).
3. Special case for IS-IS: In regular IS-IS SPF operation, “narrow metrics” are used, meaning the
maximum metric value of any given link will be limited to 63, regardless of the result of
calculation in relation to the reference bandwidth given above.
To overcome this restriction, “wide metrics” can be enabled, which is an additional attribute
carried in the so called “traffic engineering TLVs (Type-Length-Value packet field formats).
Wide metric support necessitates the support for traffic engineering extensions on the IGP, which
is an optionally enabled feature. Some other uses of traffic engineering is discussed further in the
next MPLS section.

4. Try following commands.
*A:PE42# show router isis ?

- isis [<isis-instance>]
<isis-instance> : [0..31]
adjacency - Display ISIS adjacency information

database - Display ISIS database information
hostname - Display ISIS system-id to hostname mapping
interface - Display ISIS interface information
lfa-coverage - Display ISIS LFA coverage
routes - Display ISIS routes
spf - Display ISIS SPF information
spf-log - Display ISIS SPF Log information
statistics - Display ISIS statistics
status - Display ISIS status
summary-address
y - Display
p y ISIS summaryy addresses
topology - Display ISIS topology
Note: There are 5 interfaces in our example. The system interface has a metric of 0, all the links
have a metric of 10 by default. If the reference bandwidth changes, all metrics change at once.
PEx# show router route-table protocol isis 
It is very likely you do not see any entries, why?
PEx# show router isis adjacency 
7. View the IS-IS link state database.
PEx# show router isis database 
8. Turn on simple authentication (password) with a matching authentication key (choose one with
your neighbour).
PEx>config>router>isis>if# hello-authentication-type password 

PEx>config>router>isis>if# hello-authentication-key <your_password> 
Note: this configuration must match between neighbours’ interfaces or the adjacency will fail.

Debugging
gg g ISIS
Possible debug commands on ISIS:
*A:PE42# debug router isis

- isis [<isis-instance>]
- no isis [<isis-instance>]
<isis-instance>
<isis instance> : [1
[1..31]
31]
[no] adjacency - Enable/disable debugging for ISIS adjacency

[no] cspf - Enable/disable debugging for ISIS cspf
[no] graceful-resta* - Enable/disable debugging for ISIS graceful-restart
[no] interface - Enable/disable debugging for ISIS interface
[no] leak - Enable/disable debugging for ISIS leaks
[no] lsdb - Enable/disable debugging for ISIS LSDB
[no] misc - Enable/disable debugging for ISIS misc
[no]
[ ] p
packet - Enable/disable debugging
gg g for ISIS p
packet
[no] rtm - Enable/disable debugging for ISIS RTM
[no] spf - Enable/disable debugging for ISIS SPF
[no] tunnel-endpoint - Enable/disable debugging for an ISIS tunnel endpoint
Try debugging of isis packets.

PEx# debug router isis packet 
Example:
180 2014/08/14 15:11:12.38 CEST MINOR: DEBUG #2001 Base ISIS

"ISIS: PKT
(Inst 0)L1 CSNP 0100.0600.0048.00-00 in CSNP is in database and EQUAL"

"ISIS: PKT
(Inst 0)L1 CSNP 0100
0100.0600.0049.00
0600 0049 00-00
00 in CSNP is in database and EQUAL"
EQUAL

"ISIS: PKT
(Inst 0)L1 CSNP 0100.0600.0049.03-00 in CSNP is in database and EQUAL"

"ISIS: PKT
(Inst 0)RX L2 CSNP PDU on ifId 3 of len 147"

"ISIS: PKT
(Inst 0)RX L2 CSNP on ifId 3"

"ISIS: PKT
(Inst 0)LSP 0100.0600.0042.00-00, rem life 840 seqNum 0xda0 checksum 0x2727"
PEx# no debug 

Metrics
1. Verify that the routing table contains all the destinations. What is the metric of the system
interface of the opposite router? Trace the route to this IP-address. What path is taken?
2. Adjust the metric of the outgoing interface used by the path in Step 1 to 5000.
PEx# configure router ospf area 0 interface <topex> metric 5000 

PEx# configure router isis interface <topex> level 1 metric 5000 
3. Repeat Step 1. What has changed?
Note: When a router learns more then one route to a certain destination, the best route will be
selected. First the preference of the routing protocol the destination was learned on is compared
and the lowest preference is selected. Then, if this routing protocol still offers more then one
route to the destination, the route with the lowest metric will be selected and inserted into the
routing table. The administrator can influence this process by changing the preference and the
metrics as demonstrated in this lab exercise (metric). When a prefix has multiple routes with
equal preferences and metrics, only one is selected except when ECMP is activated (Equal Cost
Multi Path) – see further.
IP fast-reroute
We have configured LFA in our IGP configuration. If we want to allow the routers to use the
alternative paths,
paths following command is needed:
configure router ip-fast-reroute 
This command has an important impact on the convergence time.

Route Policies and Redistribution
1. Create a new interface <loop>, on your PE router as displayed below. This interface will be a loopback
interface, meaning it is not attached to any physical ports, but merely a logical entity that is always up and
running as long as the router itself is operational.
PEx# configure router interface loop 

PEx>config>router>if$ address 10.10.<XX>.1/32 
Note: <XX> = your PE number.
PEx>config>router>if$ loopback 
2. Check if this new IP address has been added to the route-table of your PE as a “Local” entry.
3. Ask your neighbors to ping this IP address. Also try to ping their newly created loopback interface IP
addresses. Why doesn’t this work?
4. Create a policy on your PE that will accept the directly connected (sub)networks (including loopback).
*A:PE42>config>router# info
----------------------------------------------
…
policy-options
begin Begin
policy-statement "policy-to-distribute"
entry 10
from
protocol direct
exit
action accept
exit
exit
default-action reject
exit Commit
commit
exit
…
----------------------------------------------
Configuring policies:
Policies need to be configured in editing mode. Meaning that the configuration is not active until decided by
the operator.
Starting the editing mode is done using the begin command.

To activate the policy, type the commit command.

5. Verifyy the p
policy.
y
PEx>show router policy 
Note: Until now, only a policy statement has been configured. It is not yet assigned to a routing
protocol and is therefore not used yet.
pp y the p
6. Apply policyy as an export
p p
policyy to yyour IGP. This will redistribute the connected ((sub)network
)
into your IGP domain.
PEx>config>router>ospf># export <policy_name> 

PEx>config>router>isis># export <policy_name> 
7. In the case of OSPF, the PE router needs to be marked as an ASBR (Autonomous System Boundary
Router) in order
d to get redistribution
d b to work.
k This
h is not required
d ffor IS-IS.
S S
PEx>config>router>ospf># asbr 
8. When all the nodes have finished step 6, verify the routing table. You should have 4 new entries:
the added local directly connected (sub)network and the others learned remotely over your IGP.
9. Repeat step 3. Is the ping successful now?

BFD ((Bi-directional Forward Detection))
Bi-Directional Forwarding Detection (BFD) is a light-weight protocol which provides rapid path
failure detection between two systems.
If a system running BFD stops receiving BFD messages on an interface, it will determine that
there has been a failure in the path and notifies other protocols associated with the interface. BFD
g either an optical
is useful in situations where two nodes are interconnected through p ((DWDM)) or
Ethernet network.
As general rule, the following steps are required to configure and enable a BFD session when
peers are directly connected:
1. Configure BFD parameters on the peering interfaces.
y 3p
2. Check that the Layer protocol,, that is to be bound to BFD,, is up
p and running.
g
3. Enable BFD under the Layer 3 protocol interface.
*A:S42>config>router# interface "to41"

*A:S42>config>router>if# info
----------------------------------------------
address 10.41.42.2/24
port 1/1/2
bfd 100 receive 100 multiplier 3
----------------------------------------------
*A:S41# configure router ospf area 0

OSPF *A:S41>config>router>ospf>area# info
----------------------------------------------
interface "system"
exit
interface "to42"
bfd-enable
exit
*A:S42>config>router>isis# info
ISIS ----------------------------------------------
area-id 49.0051
traffic-engineering
interface "system"
exit
interface "to41"
bfd-enable ipv4
exit

BFD ((Bi-directional Foreward Detection))
Note that BFD can be implemented in following cases:
• BFD for ISIS

• BFD for OSPF
• BFD for PIM
• BFD for Static route
• BFD IES
• BFD for RSVP
• BFD for T-LDP
• BFD support of OSPF CE-PE adjacencies
• BFD over IPSec tunnel
• BFD over VRRP
Some show commands:
*A:S42# show router bfd interface
===========================================================================
BFD Interface
===========================================================================
Interface name Tx Interval Rx Interval Multiplier
---------------------------------------------------------------------------
to41 100 100 3
----------------------------------------------------------------------------
No. of BFD Interfaces: 1
============================================================================
*A:S42# show router bfd session
=============================================================================
BFD Session
=============================================================================
Interface State Tx Intvl Rx Intvl
Multipl
Remote Address Protocols Tx Pkts Rx Pkts Type
-----------------------------------------------------------------------------
to41 Up (3) 100 100 3
10.41.42.1 ospf2 isis 4433 4439 iom
-----------------------------------------------------------------------------
No. of BFD sessions: 1
=============================================================================
Try also following show command:

Example:
*A:S42# show router bfd session src 10.41.42.2 detail 

Configure
g LDP
Interface To-router-B OSPF Interface To-router-A

10.41.42.1/24 ISIS 10.42.43.1/24
Port 1/1/1 Port 1/1/2
00-12-79-22-22-22 LDP 00-12-79-33-33-33
MPLS
RSVP
On our interfaces we have now ISIS and OSPF active.

We will now also active LDP, MPLS and RSPV.
For LDP
LDP, it is enough to activate the protocol to have the full functionality.
functionality
*A:S49>config>router>ldp# info
----------------------------------------------
interface-parameters
interface "to46"
exit
interface "to47"
exit
interface "to48"
exit
it
exit
targeted-session
exit
no shutdown
----------------------------------------------
1. Enable and provision LDP on all your network interfaces.
Note: when LDP is enabled, by default targeted LDP is also enabled. This will be used later on by the
service and can be disabled at this point, but this is not necessary.
2. Verify the state of the LDP parameters. How many sessions are active? What is the label
distribution, the label retention and control mode? Are the interfaces up?
PEx# show router ldp status 

PEx# show router ldp discovery 
PEx# show router ldp session 
PEx# show router ldp parameters 
PEx# show router ldp interface 
PEx#
# show
h bl 
router tunnel-table
l
3. Verify the Label Information Base (LIB). Why are some of the ingress and egress labels empty?

Configure
g LDP Fast ReRoute ((FRR))
LDP FRR improves convergence in case of a single link or single node failure in the network.
Convergence times will be in the order of 10s of milliseconds. This is important to some
application services (like VoIP) which are sensitive to traffic loss when running over the MPLS
network.
With t using
Without i FRR,
FRR link
li k and/or
d/ node
d failures
f il inside
i id an MPLS LDP network
t k result
lt iin ttraffic
ffi lloss iin
the order of 100s of milliseconds.
LDP used the IGP configuration: Loopfree alternate.

1. Enable and provision LDP on all your network interfaces.
*A:PE42>config>router>ospf# info
------------------------------------
loopfree-alternate
traffic-engineering
area 0.0.0.0
OSPF
interface "system"
…
*A:PE42>config>router>isis# info
-----------------------------------
area-id 49.0051
traffic-engineering ISIS
loopfree-alternate
ipv6-routing native
…
2. Now activate FRR in the LDP configuration
*A:S49>config>router>ldp# info
----------------------------------------------
fast-reroute
interface-parameters
interface "to46"
exit
i t f
interface "t
"to47"
47"
exit
interface "to48"
exit
exit
targeted-session
exit
no shutdown
----------------------------------------------

Verification of LDP
Verify the Label Information Base (LIB). Why are some of the ingress and egress labels empty?
PEx# show router ldp bindings 
Note: Byy default

f LDP will signal
g labels ffor the system
y address off the PE. To have labels distributed
for directly connected networks, an export policy is needed (see Step 8).
Verify the Label Forwarding Information Base (LFIB). What label will your router use to send a packet
to the system address (FEC) of your own router, your clockwise router, your opposite router and your
counter clockwise router?
PEx# show router ldp bindings active 
*A:S41>config# show router ldp bindings active
===============================================================================
Legend: (S) - Static (M) - Multi-homed Secondary Support
(B) - BGP Next Hop (BU) - Alternate Next-hop for Fast Re-Route
===============================================================================
LDP Prefix Bindings (Active) One pop action
===============================================================================
Prefix Op IngLbl EgrLbl EgrIntf/LspId EgrNextHop for this router.
-------------------------------------------------------------------------------
10.6.0.41/32 Pop 131071 -- -- --
10.6.0.42/32 Push -- 131071 1/1/2 10.41.42.2
10.6.0.42/32 Push -- 131067BU 1/1/3 10.41.43.2
10.6.0.42/32
/ Swap
p 131069 131071 1/1/2
/ / 10.41.42.2
10.6.0.42/32 Swap 131069 131067BU 1/1/3 10.41.43.2
10.6.0.43/32 Push -- 131071 1/1/3 10.41.43.2
10.6.0.43/32 Push -- 131068BU 1/1/2 10.41.42.2
10.6.0.43/32 Swap 131070 131071 1/1/3 10.41.43.2
10.6.0.43/32 Swap 131070 131068BU 1/1/2 10.41.42.2
10.6.0.44/32 Push -- 131071 1/1/1 10.41.44.2
10.6.0.44/32 Push -- 131070BU 1/1/2 10.41.42.2
10.6.0.44/32 Swap 131068 131071 1/1/1 10.41.44.2
10.6.0.44/32 Swap 131068 131070BU 1/1/2 10.41.42.2
-------------------------------------------------------------------------------
No. of Prefix Active Bindings: 13 Two push and
===============================================================================
swap actions for
each router in
the network.
(FRR)

ECMP via LDP ((Equal
q Cost Multi Path))
ECMP is activated at router level.
PEx# configure router ecmp 2 
Right
g now we do not see anyy ECMP in our LDP,, in our network there is no ECMP available yyet.
Shutdown port 1/1/3 temporarily .
This will trigger recalculation of the routing table. Normally every router will find two paths to the
opposite router. (e.g. From 41 you will find two possible paths with equal cost to 43).
Check the label table again

*A:S41>config# show router ldp bindings active
===============================================================================
Legend: (S) - Static (M) - Multi-homed Secondary Support
(B) - BGP Next Hop (BU) - Alternate Next-hop for Fast Re-Route
===============================================================================
LDP Prefix Bindings (Active)
===============================================================================
Prefix Op IngLbl EgrLbl EgrIntf/LspId EgrNextHop
-------------------------------------------------------------------------------
10.6.0.41/32 Pop 131071 -- -- --
10.6.0.42/32 Push -- 131071 1/1/2 10.41.42.2 ECMP
10.6.0.42/32 Push -- 131070BU 1/1/1 10.41.44.2
10.6.0.42/32 Swap 131069 131071 1/1/2 10.41.42.2
10.6.0.42/32 Swap 131069 131070BU 1/1/1 10.41.44.2
10.6.0.43/32 Push -- 131068 1/1/2 10.41.42.2
10.6.0.43/32 Push -- 131068 1/1/1 10.41.44.2
10.6.0.43/32 Swap 131070 131068 1/1/2 10.41.42.2
10.6.0.43/32 Swap 131070 131068 1/1/1 10.41.44.2
10.6.0.44/32 Push -- 131071 1/1/1 10.41.44.2
10.6.0.44/32 Push -- 131070BU 1/1/2 10.41.42.2
10.6.0.44/32 Swap 131068 131071 1/1/1 10.41.44.2
10.6.0.44/32 Swap 131068 131070BU 1/1/2 10.41.42.2
-------------------------------------------------------------------------------
No of Prefix Active Bindings: 13
No.
===============================================================================
Verify the LSP across the network.
PEx# oam lsp-ping prefix <X.X.X.X>/32 

PEx# oam lsp-trace prefix <X.X.X.X>/32 
Note: <X.X.X.X> = the IP-address of the system interface of another router.
Important:
A i
Activate port 1/1/3 again
i
PEx# configure router 1/1/3 no shutdown 

LDP-shortcut for IGP
When LDP shortcut is enabled, LDP populates the RTM (Route Table Manager) with next-hop
entries corresponding to all prefixes for which it activated an LDP Forwarding Equivalence Class
(FEC). For a given prefix, two route entries are populated in RTM. One corresponds to the LDP
shortcut next-hop and has an owner of LDP. The other one is the regular IP next-hop. The LDP
shortcut
h t t next-hop
t h always
l h
has preference
f over th
the regular
l IP next-hop
t h ffor fforwarding
di user packets
k t
and specified control packets over a given outgoing interface to the route next-hop.
PEx# configure router ldp-shortcut 
*A:S49# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Dest Prefix[Flags] Type Proto Age Pref
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.6.0.46/32 Remote LDP 00h14m08s 9
10.46.49.1 (tunneled) 100
10.6.0.47/32 Remote LDP 00h14m08s 9
10.47.49.1 (tunneled) 100
10.6.0.48/32 Remote LDP 00h14m08s 9
10.46.49.1 (tunneled) 200
10.6.0.49/32 Local Local 02d21h17m Now, all tunnel LSPs
0
system 0
10.46.47.0/24 Remote OSPF 02h44m06s that resolve an IGP
10
10.46.49.1 200 next hop will replace
10.46.48.0/24 Remote OSPF 02h44m06s 10
10.46.49.1 200 the IP next hops
10.46.49.0/24 Local Local 02d21h17m 0
to46 0
10.47.48.0/24 Remote OSPF 02h44m06s 10
10.47.49.1 200
10.47.49.0/24 Local Local 02d21h17m 0
to47 0
Press any key to continue (Q to quit)

Configure
g RSVP-TE with Bandwidth Constraints
MPLS relies on traffic engineering, activated in the IGP’s.
1. Enable traffic-engineering on your IGP.
PEx# configure router ospf traffic-engineering 

PEx# configure router isis traffic-engineering 
2. Verify the status of traffic-engineering on your IGP. Where can you see that traffic-engineering is
enabled?
PEx# show router ospf status 

PEx# show router isis status 
3. If not previously configured, enable MPLS on your system and the network interfaces.
*A:Edge44>config>router>mpls# info
----------------------------------------------
y
interface "system"
exit
interface "to41"
exit
interface "to43"
exit
interface "to42"
exit
no shutdown
----------------------------------------------
4. The previous step automatically enables RSVP on the interfaces. Verify.
PEx# show router mpls interface 

PEx# show router rsvp interface 
Optional: you can add BFD to your rsvp interfaces.
*A:Edge44>config>router>rsvp# info
----------------------------------------------
interface "system"
exit
interface "to41"
exit
interface "to43"
exit
interface "to42"
exit
no shutdown
----------------------------------------------

Limiting
g oversubscription
p - optional
p
Optional: You might want to limit the possible oversubscription.
5. Verify the capacity of your port facing your clockwise neighbour. What is the operational speed?
PEx# show port <X/X/X> 
Note: <X/X/X> = the port number facing your clockwise neighbour
6. Set the total maximum amount of reservable bandwidth by RSVP to 100% on the RSVP interface.
Verify the available bandwidth.
PEx# configure router rsvp interface <topex> 

PEx>config>router>rsvp>if# subscription 100 
Note: you can oversubscribe the interface up to 1000 percent.
PEx# show router rsvp interface <topex> detail 

P th and
Path d LSP creation
ti
Label switched paths (LSP) is the actual MPLS tunnel.

We can use constraints when we build them.
One of the constraints is a Path.
A path is a template with hops specified. Can be reused for several LSP’s.
In this lab we will first prepare some paths.

Afterward we will create LSP’s with two paths (one for primary, another for secondary).
Example of paths created in one router:
*A:PE43>config>router>mpls# info
----------------------------------------------
interface "system"
exit
interface "tope42"
exit
interface "tope41"
exit In case of strict hops,
interface "tope44"
exit use next hop interface
interface "toco" address.
exit
it Ph sical connecti
Physical connectivity
it
path "p-to44"
hop 10 10.42.43.1 strict between the routers is
hop 20 10.41.42.1 strict required
hop 30 10.41.44.2 strict
no shutdown
exit
path "p-to42" In case of loose
hop 10 10.6.0.44 loose hops, you can use
hop 20 10.6.0.41 loose system interface
hop 30 10
10.6.0.42
6 0 42 loose
no shutdown address.
dd
exit
path "p-to41"
hop 10 10.41.43.1 strict
no shutdown
exit
path "p-loose"
no shutdown
exit
Make sure you create paths to every router in the network. Also create secondary paths, but you
might also just create one ‘loose’ path with no hops specified.
PEx# show router mpls path 

Path and LSP creation
If the paths are ready, now create LSP’s
1. Configure an LSP to all the other PE’s in the network. Combine primary, secondary.
*A:PE43>config>router>mpls# info
----------------------------------------------
…
lsp "l-to44"
to 10.6.0.44
cspf LSP with primary
primary "p-to44"
exit
and secondary.
secondary "p-loose"
exit
it
no shutdown
exit
lsp "l-to42"
to 10.6.0.42
cspf LSP with primary
primary "p-to42" only.
exit
no shutdown
exit
lsp "l-to41"
l to41
to 10.6.0.41
cspf
fast-reroute one-to-one LSP with primary,
exit
primary "p-to41" secondary and
exit Fast-Reroute (see
secondary "p-loose" further).
exit
no shutdown
exit …
When configuring the primary, try <?> to see what other constraints can be added (bandwidth,
exclude, hop-limit...)
*A:PE43>config>router>mpls>lsp>primary#
[no] adaptive - Enable/Disable make-before-break functionality for the LSP path
[no] backup-class-t*
backup class t - Configure backup class-type
class type for the LSP path
[no] bandwidth - Amount of bandwidth to be reserved for the path
[no] class-type - Configure class-type for the LSP path
[no] exclude - Configure administrative groups that should be excluded when the LSP
path is setup
[no] hop-limit - Max number of hops that an LSP will traverse including ingress and
egress routers - overrides LSP hop-limit
[no] include - Configure administrative groups that should be included when the LSP
path is setup
[no] priority - Configure setup and hold priority
[no] record - Enable/disable recording of all hops that an LSP path traverses
[no] record-label - Enable/disable recording of recording of labels at each node that an
LSP path
th t
traverses
[no] shutdown - Administratively enable/disable the LSP path

PEx# show router mpls path lsp-binding 
PEx# show router mpls lsp detail 
PEx# show router mpls lsp path detail 
Overview of the tunnels available
*A:S49#
A:S49# show router tunnel-table
tunnel table
===============================================================================
Tunnel Table (Router: Base)
===============================================================================
Destination Owner Encap TunnelId Pref Nexthop Metric
-------------------------------------------------------------------------------
10.6.0.46/32 sdp MPLS 146 5 10.6.0.46 0
10.6.0.46/32 ldp MPLS - 9 10.46.49.1 100
10.6.0.47/32 sdp MPLS 147 5 10.6.0.47 0
10.6.0.47/32 ldp MPLS - 9 10.47.49.1 100
10.6.0.48/32 sdp MPLS 148 5 10.6.0.48 0
10 6 0 48/32
10.6.0.48/32 rsvp MPLS 1 7 10
10.46.49.1
46 49 1 200
10.6.0.48/32 ldp MPLS - 9 10.46.49.1 200
===============================================================================
Perform an OAM LSP ping and trace on the primary and secondary path of the LSP’s. Are the pings
successful? What path is taken by the primary path of the LSP? Does it follow the strict path as
configured? Are the OAM LSP ping and trace successful over the secondary path of the LSP?
PEx# oam lsp-ping <l-topex> path <p-topex> 

PEx# oam lsp-ping <l-topex> path <p-loose> 
PEx# oam lsp-trace <l-topex> path <p-topex> 
PEx# oam lsp-trace <l-topex> path <p-loose> 
Change the secondary path to standby mode and repeat your test. Why are the OAM ping and trace
over the secondary path successful now?
PEx# configure router mpls lsp <l-topex> secondary <p-loose> standby 

PEx# show router mpls status 

Configure
g one-to-one Fast Reroute + Facility
y
1. Configure Fast Reroute using the one-to-one method with node protection on the LSP to your
opposite router.
PEx# configure router mpls lsp <l-topex> fast-reroute one-to-one 
Note: at this time the primary path should have a bandwidth reservation of 10% and the secondary
path is in standby mode.
PEx# show router mpls path lsp-binding 
2. When all the nodes have finished step 1, verify how many detour LSP’s are created on your router.
PEx# show router mpls status 

PEx# show router rsvp session (detail) 
3. Verify the LSP to your opposite router. What kind of detours are available? Is the detour active?
<l topex> path detail 

PEx# show router mpls lsp <l-topex>
4. What label will be used to go to the next hop of the primary path? What label will be used to go to
the detour if the primary path fails?
5. Deactivate the secondary path of your LSP to your opposite router.
PEx# configure router mpls lsp <l-topex> secondary <p-loose> shutdown 
Note: this action is necessary to show the active detour. Otherwise the
secondary path will take over.
6. Shut the port facing the next hop of your LSP to your opposite router down to enable the detour to
take over.
over Repeat step 3.3 Is the detour active now?

RSVP-shortcut - Optional
p
RSVP LSP shortcut for IGP route resolution allows forwarding of packets to IGP learned routes
using an RSVP LSP. The use of RSVP shortcut for resolving IGP routes is enabled at the IS-IS
routing protocol level or at the OSPF routing protocol instance level, and will instruct IS-IS and
OSPF to include RSVP LSPs originating on this node and terminating on the router-id of a remote
node as direct links.
See configuration examples:
*A:S48>config>router>ospf# info
----------------------------------------------
traffic-engineering
rsvp-shortcut
area 0.0.0.0
0 0 0 0
interface "system"
exit
interface "to46"
exit
…
*A:S48>config>router>isis#
g info
----------------------------------------------
area-id 49.0051
traffic-engineering the rules determining
rsvp-shortcut how shortcuts are
interface "system"
exit installed into RTM are
interface "to46" (sorted by higher
interface-type point-to-point priority):
…
1. RSVP shortcut
1 RSVP h t t
2. LDP shortcut
3. IGP route with
regular IP next‐hop.
*A:S48# show router route-table
===============================================================================
Route Table (Router: Base)
===============================================================================
Next Hop[Interface Name] Metric
-------------------------------------------------------------------------------
10.6.0.46/32 Remote LDP 00h32m19s 9
10.46.48.1 (tunneled) 100 LDP shortcut
10.6.0.47/32 Remote LDP 00h32m19s 9
10.47.48.1 (tunneled) 100
10.6.0.48/32 Local Local 02d21h40m 0
system 0
10 6 0 49/32
10.6.0.49/32 Remote OSPF 00h05m17s 10
10.6.0.49 (tunneled:RSVP:1) 200 RSVP shortcut
h
10.46.47.0/24 Remote OSPF 03h06m21s 10
10.46.48.1 200
10.46.48.0/24 Local Local 02d21h40m 0

Objective:
W will
We ill work
k in
i two
t steps:
t fi t configure
first fi iBGP between
b t 4 routers,
t th configure
then fi eBGP
BGP between
b t th
the
networks
Establish iBGP routes using router reflectors to create a full exchange of all routes within each Metro
Area. The IGP has already been configured. Note that the sessions between the route reflectors are
not part of the route reflector client sessions.
The AS private range: 64 512 to 65 534

We will use 65100 and 65200
Note: Keep in mind that BGP related actions in the public space could have an large effect on the
internet!!
Also keep in mind that using private AS numbers does not solve this effect entirely.
Diagram # IBGP Sessions within each Metro Area
AS : 65100
RR 0.0.0.2
RR 0.0.0.1
RR 0.0.0.2
RR 0.0.0.1
AS 65200

Configure iBGP, peers within each AS
Route Reflectors The configuration below is indicative of the steps required to configure a router
reflector.
configure router autonomous‐system 65100 (or 65100)
* Will be handeled in
Example configuration Route Reflector:
p fg f the VPRN chapter.
*A:PE43>config>router>bgp# info
----------------------------------------------
group "redundant RR peer“
family ipv4 vpn-ipv4 Peering with the
type internal other RR
neighbor 10.6.0.44
exit
exit
group "route reflector cluster 1"
family ipv4 vpn-ipv4
type internal Peering with the
cluster 0.0.0.1 cluster members
neighbor 10.6.0.41
exit
neighbor 10.6.0.42
exit
it
exit
no shutdown
----------------------------------------------
type internal: for all neighbors, the peer‐as will be automatically set to the AS configured in the
router (your internal AS). This shortens the configuration.
Example of cluster member configuration
A:edge41>config>router>bgp# info
----------------------------------------------
group "peer to Route Reflectors"
type internal
neighbor 10.6.0.43 Peering to the
exit redundant RR‘s
neighbor 10.6.0.44
exit
no shutdown
----------------------------------------------
admin save

Review the BGP configuration
Using the syntax below, verify the current BGP configuration for your router:
show router bgp
show router bgp summary
show router bgp summary all
show router bgp neighbor
show router bgp group <group_name> detail
show router bgp neighbor <neighbor_ip> detail
show router bgp routes
*A:PE68>config>router>bgp#
g gp show router bgp
gp neighbor
g 10.6.0.43 received-routes
===============================================================================
BGP Router ID:10.6.0.68 AS:65100 Local AS:65100
===============================================================================
Legend -
Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid
Origin codes : i - IGP, e - EGP, ? - incomplete, > - best, b - backup
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop Path-Id Label
As-Path
-------------------------------------------------------------------------------
u*>i 10.10.43.1/32 500 None
10.6.0.43 None -
No As-Path
-------------------------------------------------------------------------------
Routes : 1
===============================================================================
*A:PE68>config>router>bgp# show router bgp neighbor 10.6.0.43 advertised-routes

===============================================================================
===============================================================================
Legend -
Origin codes : i - IGP, e - EGP, ? - incomplete, > - best, b - backup
===============================================================================
BGP IPv4 Routes
===============================================================================
Flag Network LocalPref MED
Nexthop Path-Id Label
As-Path
-------------------------------------------------------------------------------
i 10.6.0.68/32 100 None
10.6.0.68 None -
No As-Path
i 10.43.68.0/24 100 None
10.6.0.68 None -
No As-Path
i 25
25.25.25.25/32
25 25 25/32 100 None
10.6.0.68 None -
No As-Path
-------------------------------------------------------------------------------
Routes : 3
===============================================================================

Confirm the Operation of BGP Routing within the AS.
C fi th O ti f BGP R ti ithi th AS The following exercise is intended to
Th f ll i i i i t d dt
reaffirm the concepts and principles of BGP operations within an AS.
From the command line, type
show router route‐table
Question:
1. From which protocol, or protocols, are the routes being learned? Are there any listed as being
learned through BGP?
‐> no, policy needed.
Create a loopback interface on your assigned node and review the bgp route table. Assign an IP
address derived from your box number.
address, derived box number
The interface will be a loopback = not linked to a port. Used for testing purposes.
The goal is to export this subnet through bgp.
Example: Student 44 ‐ Loopback interface
*A:PE43>config>router#
i t f
interface "
"student44"
t d t44"
address 10.10.0.44/32
loopback
exit
----------------------------------------------
A loopback interface is
not linked to a port, but
x to the box itself. It can
be used for testing
purposes
purposes.

C t R ti P li Statement
Create a Routing Policy St t t
Using the example below, create and apply a routing policy to distribute the route created in the
previous exercise into BGP. Use your box number as the ID to uniquely identify your policy.
policy-options
li ti
begin
policy-statement "44"
description "student44 directed to bgp"
entry 10
description "direct to bgp"
from
protocol direct
exit
action accept
exit
exit
exit
commit
exit
#--------------------------------------------------
Verify the policy configuration
show router policy admin

show router policy <policy‐name>
Apply the policy to the BGP within your node. Example:
*A:Edge44>config>router>bgp# info
----------------------------------------------
export "44" If implemented in
group "redundant RR peer" the bgp root,
neighbor 10.6.0.43 applied to all groups
peer as 65100
peer-as
exit
exit
cluster 0.0.0.2
export "45"
neighbor 10.6.0.41 This implementation
peer-as 65100 applies only to this
exit group
neighbor 10.6.0.42
peer-as 65100
exit
exit
no shutdown
----------------------------------------------
Create a Prefix list
The previously created policy does indeed distribute the loopback address and locally connected
links… but maybe this is not desired in the network.
 Now remove the policy from BGP and try the same exercise with a prefix list
A prefix list gives us a way to easily control the prefixes distributed. It is a list that can be changed
on the fly and will be used in the policy, rather then implementing the addresses in the policy.
policy-options
begin
prefix-list "loopbacks"
prefix 10.10.0.44/32 exact
exit
policy-statement "BGP-prefix list"
entry 10
from
exit
action accept
local preference 500
local-preference
exit
exit
exit
commit
exit
#--------------------------------------------------
Apply the policy to BGP; this can be done in the BGP, group of neighbor contexts.
Check the result again in the routing tables of the routers in the network.

Establish eBGP routes using router reflectors to create a full exchange of all routes between AS.
AS 65100
RR 0.0.0.2
RR 0.0.0.1
RR 0.0.0.2
RR 0.0.0.1
AS 65200

Lab 2 Create eBGP Peers
Verify whether OSPF/ISIS Interfaces are configured between the two networks.
Prior to creating the eBGP sessions, ensure that there is no IGP running between the routers
inbetween the AS.
show router ospf interface

show router isis interface
Remove any Existing OSPF/ISIS Interfaces
Create the eBGP peering session between AS 65100 and 65200
We cannot use the system address of the other router, since it is not known in our network, to
set up the eBGP, use the next‐hop‐interface address.
*A:Edge44>config>router>bgp# info
-----------------------------------------
export "BGP-prefix list"
group "eBGP to AS-65200"
neighbor 10.44.49.2 *A:Core49>config>router>bgp$ info
peer-as 65200 -----------------------------------------
exit group "eBGP to AS-65100"
exit neighbor 10.44.49.1
group "redundant RR peer" peer-as 65100
neighbor 10.6.0.43 exit
peer-as 65100 exit
exit no shutdown
exit -----------------------------------------
cluster 0.0.0.2
neighbor 10.6.0.41
peer-as 65100
exit
neighbor 10.6.0.42
peer-as 65100
exit
exit
no shutdown
-----------------------------------------
show router bgp
show router bgp summary
show router bgp summary all
show router bgp neighbor
show router bgp group <group_name> detail
show router bgp neighbor <neighbor_ip> detail

Create a Routing Policy for eBGP routes. First we will create again a prefix list, holding the
system addresses of the routers in your network.
t dd f th t i t k
Create two sets of Prefix‐lists.
Create four communities (constructed with your AS and number 100 and 200 + the opposite
site)
100 = system addresses close to your router, 200 = system addresses opposite your router.
Note: The community is a tag that we will send along with the route update. The other side can
use it to attach different local cost (load balancing purposes).
ff gp p
Prefix-list set1 Prefix-list set2

Community: Community:
65100:100 65100:200
*A:Edge44>config>router>policy-options# info
----------------------------------------------
exit
prefix-list "system-addresses-set1"
exit
exit
community "65100:100" members "65100:100"

Create the policies: Export. The export policy will allow us to send the two prefix‐lists, each
with a different community tag.
ith diff t it t
The import policy allows us to give different local
----------------------------------------------
exit
exit
prefix 10
10.6.0.43/32
6 0 43/32 exact
exit
policy-statement “export eBGP system addresses"

entry 10
from
exit
action accept
community add "65100:100"
exit
exit
entry 20
from
exit
action accept
community add "65100:200"
exit
exit
exit
----------------------------------------------

Create the policies: Import.
Th i
The import policy will allow us to attach different local preference and metric.
t li ill ll t tt h diff tl l f d ti
----------------------------------------------
…
policy-statement "import eBGP"

entry 10
from Note that the
community
it "65200
"65200:100"
100" community tag is
exit
action accept
used to accept the
local-preference 200 routes.
metric set 50
exit
exit
entry 20
from
community "65200:200"
exit
action accept
local-preference 100
metric set 40
exit
exit
default-action accept
exit
----------------------------------------------
*A:Edge44>config>router>bgp>group# /clear router bgp neighbor all
/ brings you to the root, without leaving the pwc.
Implement the import an export policy to your BGP configuration.
*A:Core49>config>router>bgp# info
----------------------------------------------
min-route-advertisement 1
advertise-external ipv4 ipv6
group "eBGP to AS-65100"
family ipv4 ipv6
import "import"
export "eBGP system addresses"
neighbor 10.44.49.1
peer-as 65100
exit
exit

Check the result.
Check the result in the routing table and with following show command:
*A:Core49>config>router>policy-options# show router bgp routes 10.6.0.41/32 detail

===============================================================================
===============================================================================
Legend -
O i i codes
Origin d : i - IGP,
G e - EGP,
G ? - incomplete,
i l > - best,
b b - backup
b k
===============================================================================
BGP IPv4 Routes
===============================================================================
-------------------------------------------------------------------------------
Original Attributes
Network : 10.6.0.41/32
Nexthop : 10.44.49.1
Path Id : None
From
o : 10.44.49.1
0. . 9.
Res. Nexthop : 10.44.49.1
Local Pref. : n/a Interface Name : to_44
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : 100
Community : 65100:100
Cluster : No Cluster Members
Originator Id : None Peer Router Id : 10.6.0.44
Fwd Class : None Priority : None
Flags : Used Valid Best IGP
Route Source : External
AS-Path : 65100
Modified Attributes
Network : 10.6.0.41/32
Nexthop : 10.44.49.1
Path Id : None
From : 10.44.49.1
Res. Nexthop : 10.44.49.1
Local Pref. : 123 Interface Name : to_44
Aggregator AS : None Aggregator : None
Atomic Aggr. : Not Atomic MED : 50
Community
y : 65100:100

Configure a Customer
1. Create tow customers (e.g. 100). Provide the customer a description, contact information and a
phone number.
Note: A customer is locally significant, but it is advisable to be consistent throughout the network
(SAM).
*A:PE43>config>service# info Default customer 1,
----------------------------------------------
customer 1 create always available.
description "Default customer"
exit
customer 100 create
description "Olafur"
contact "copernicuslei 50"
phone "+3247466.55.99"
exit
Prepare the Ports

*A:PE43>config>port# info
----------------------------------------------
ethernet
mode access
lldp
admin-status tx-rx
notification
exit
exit
exit
no shutdown
----------------------------------------------
1. Change the port facing the customer (see lab diagram) to an access port.
2. Show port list.
*A:PE43# show port
===============================================================================
Ports on Slot 1
===============================================================================
-------------------------------------------------------------------------------
1/1/12 Up No Down 1514 1514 - accs null xcme

Service model
To build VPN services we use the service model.

We can distinguish following components:
SAP= Service Access Point

Point, where customer traffic enters the service.
service
Service= defines the behaviour of the service
Customer= owns the service
SDP= Service Distribution Path, tunnel access to get to the other sites

Configure a full mesh of SDPs
SDP’s allow us to tunnel our service traffic.
1. Configure a full mesh of SDPs to the other PEs in the network using LDP/RSVP and GRE.
1xx LDP
SDP
2xx RSVP
SDP
3xx GRE
SDP
Numbering scheme: use 1xx for LDP (replace xx with destination router), use 2xx for all RSVP and 3xx
for GRE based SDP’s.
Warning: GRE will not work if ‘shortcuts’ is active. Deactivate shortcuts on

LDP and RSVP before configuring GRE.
A:PE42>config>service# info
----------------------------------------------
…
sdp 144 mpls create
description "SDP_to_PE_44_over_LDP"
far-end 10.6.0.44
ldp
keep-alive
shutdown
exit
no shutdown
exit
sdp 244 mpls create
_ _ _ _ _
description "SDP_to_PE_44_over_RSVP-TE"
far-end 10.6.0.44
lsp "l-to44"
keep-alive
shutdown
exit
no shutdown
exit
sdp 341 create
description "SDP_to_PE_41_over_GRP"
far-end 10.6.0.41
k
keep-alive
li
shutdown
exit
no shutdown
exit
3. Verify the configured SDPs.
PE# show service sdp (detail) 
Note: In case the SDPs are remaining in the operationally down state, check
the detail command output carefully to look for some clues.

OAM Tools
Note: SDP Ping performs in-band uni-directional or round-trip connectivity tests on SDPs. The SDP Ping
OAM packets are sent in-band, in the tunnel encapsulation, so it will follow the same path as traffic
within the service. The SDP Ping response can be received out-of-band in the control plane, or in-
band using the data plane for a round-trip test.
1. Perform a uni-directional SDP Ping. What is the Path MTU? Why is there no Remote SDP-ID?
PEx# oam sdp-ping <XXX> 
Note: You have tested the local SDP but have not performed a round-trip test.
<XXX> is the local SDP.
2. Perform a round-trip SDP Ping Test. What is the Remote SDP-ID?
PEx# oam sdp-ping <XXX> resp-sdp <YYY> 
Note: This is a round-trip test, both directions are using the SDP.
<XXX> is the local SDP and <YYY> is the remote SDP.
SDP
3. Discover the MTU size supported over your SDPs. What is the MTU?
Note: The Path MTU Discovery tool provides a powerful tool that enables a service provider to get the
exact MTU supported between the service ingress and service termination points (accurate to one
byte). It is important to understand the MTU of the entire path end-to-end when provisioning
services,
i especially
i ll ffor virtual
i l lleased
d li
line (VLL) services
i where
h the
h service
i must support the
h ability
bili
to transmit the largest customer packet.
PEx# oam sdp-mtu <XXX> size-inc 1500 1600 step 10 
Note: <XXX> is the local SDP.

BGP-tunnels
SDP’s are created inside the Autonomous System normally.

But what if we want a inter-AS service?
Now we have eBGP active and the system addresses are distributed to the other network, we can create
SDP‘s with BGP-tunnel in MPLS.
BGP tunnels work on eBGP connections.

Preparation step:
*A:S44>config>router>bgp# info
----------------------------------------------
min-route-advertisement 1
advertise-external
advertise external ipv4 ipv6
group "eBGP to AS-65200" Allow BGP to
import "import eBGP" advertise labels in
export "export eBGP system addresses" IPv4
neighbor 10.44.49.2
peer-as 65200
advertise-label ipv4
exit
exit
no shutdown
Configuration of the SDP
Create an SDP using mpls.

The SDP should be configured as bgp-tunnel
*A:S44>config>service# info
----------------------------------------------
sdp 449 mpls create
far-end 10.6.0.49
bgp-tunnel
keep-alive
shutdown
exit
no shutdown
exit
PEx# show service sdp 
Now we have eBGP active, and the system addresses are distributed to the other network, we can create SDP‘s with
BGP‐tunnel in MPLS for
l f inter‐AS services.

MTU
Warning, this exercise might cause network troubles if not proper
executed.
1. Change the Maximum Transmission Unit (MTU) size of each network port. What minimum value is
necessary?
Note: Since MPLS has been configured on the network interfaces, the port that supports that interface
must have its MTU changed to 1540 bytes. If GRE were used the MTU would have to be changed to
1560. Configure the MTU size on both network ports on each of the nodes in your network.
PEx# configure port <X/X/[1..4]> ethernet mtu 1600 
*A:PE43>config>port# ethernet mtu 1600

A:PE43>config>port# info
*A:PE43>config>port# As long as the
---------------------------------------------- default value is
ethernet used, the info
mode access
mtu 1600 command will not
lldp show it.
admin-status tx-rx
notification
tx-mgmt-address
g system
y
exit
exit
exit
no shutdown
----------------------------------------------
PEx# show port <X/X/X>  for a more detailed report on one port
*A:PE43>config>port# show port 1/1/12
===============================================================================
Ethernet Interface
===============================================================================
Description : 10/100/Gig Ethernet TX
Interface : 1/1/12 Oper Speed : N/A
Link-level : Ethernet Config Speed : 1 Gbps
Admin State : up Oper Duplex : N/A
Oper State : down Config Duplex : full
Physical Link : No MTU : 1600
Single Fiber Mode : No Min Frame Length : 64 Bytes
IfIndex : 36044800 Hold time up : 0 seconds
Last State Change : 08/18/2014 10:52:38 Hold time down : 0 seconds
Last Cleared Time : N/A
…
…
Chance back to default value (hardware dependant).
PEx# config>port# ethernet no mtu 

Configure our test setup
The services we will create can be tested using PC’s. The data entering the services will use VLAN
tagging.
However, the PC’s will not send VLAN’s. We will create a test setup that maps untagged traffic into
tagged traffic, using a local EPIPE service (service ID: 1)
Not that for every service we will create, the VLAN needs to be changed.
1/1/13 and 1/1/14 are physically looped.
Untagged traffic from the PC will now enter the service tagged.
Untagged Tagged
EPIPE 1 services
1/1/12 1/1/13 1/1/14
1. Configure an ePipe 1 in every router.

 1/1/11 = PC
 1/1/12 = tagged traffic going out
 1/1/13 = tagged traffic entering the services we will build later
*A:Edge44>config>port# info
*A:PE43>config>service#
g # info ----------------------------------------
---------------------------------------- ethernet
… mode access
epipe 1 customer 1 create encap-type dot1q
sap 1/1/12 create lldp
exit dest-mac nearest-bridge
sap 1/1/13:503 create admin-status tx-rx
exit …
no shutdown ---------------------------------------
exit
----------------------------------------
VLAN
Tag value needs to change every
exercise we make.

Configure an ePipe
Note: Create an ePipe according to the lab diagram and follow the instructions provided.
1. Configure an ePipe 50x between your PE and your neighbour PE (according to lab diagram).
PEx# configure service epipe <50x> customer 100 create 
Config on one router config in the other router
*A:PE43>config>service# info *A:Edge44>config>service# info

---------------------------------------- ----------------------------------------
epipe 503 customer 100 create epipe 503 customer 100 create
sap 1/1/12 create sap 1/1/12 create
exit
it exit
it
spoke-sdp 244:503 create spoke-sdp 243:503 create
no shutdown no shutdown
exit exit
no shutdown no shutdown
exit exit
---------------------------------------- ----------------------------------------
In this example:
244 = SDP
503 = VC-ID
Different SDP will be used to connect
the service sites. But the VC label must
be the same on both sides.
Note: Use the SDPs over RSVP

RSVP-TE.
TE. These SDPs have TLDP enabled in the previous lab exercise. The :50x
is the VC-label and binds the SDP to the service. At this point TLDP labels are signalled to identify
the service on each side of the service.
2. Verify the ePipe. What is the label used to reach the remote PE? What is the label used to reach the
ePipe service on the remote PE?
PEx# show service sap-using 

PEx# show service service-using 
PEx# show service id 500 all 
PEx# show service id 500 labels 

OAM Tools
1. Verify the service with some real traffic (ping) coming from the test PC’s.
2. Verify the operation of your ePipe service using the Service Ping utility.
Note: Alcatel
Alcatel-Lucent’s
Lucent s Service Ping feature provides end
end-to-end
to end connectivity testing for an individual
service. The Service Ping operates at a higher level than the SDP diagnostics in that it verifies an
individual service and not the collection of services carried within an SDP. The Service Ping is
initiated from a router to verify round-trip connectivity and delay to the far-end of the service.
Alcatel-Lucent’s implementation functions for both GRE and MPLS tunnels and tests the following
from edge-to-edge:
 Tunnel connectivity
 VC label mapping
pp g verification
f
 Service existence
 Service provisioned parameter verification
 Round trip path verification
 Service dynamic configuration verification
PEx# oam svc-ping <X.X.X.X> service 500 
Note: in this service ping test the actual data path that customer traffic would take through the
service was not used. OAM messages were sent and received over the control plane rather than the
data plane. You can use the local-sdp and remote-sdp parameters to send the oam packets over the
same path as customer traffic.
PEx# oam svc

svc-ping
ping <X
<X.X.X.X>
X X X> service 500 local
local-sdp
sdp remote sdp 
remote-sdp
Note: <X.X.X.X> is the system IP address of the remote PE.
Note: The SVC-Ping is a useful OAM feature for a VLL but it does require that the port out to the CPE is
up, i.e. there is something connected to the port such as a PC NIC card, when a service is first
configured this may not be the case and so a VCCV-Ping is a better test of a VLL when first
configured.
fi d

2. Verifyy the operation
p of yyour ePipe
p service using
g the VCCV Ping
g utility.
y
Note: Alcatel-Lucent’s VCCV Ping feature provides end-to-end connectivity verification for an
individual ePipe and is used to check connectivity of a VLL in-band. It checks that the destination
(target) PE is the egress for the Layer 2 FEC. It provides a cross-check between the data plane and
the control plane. It is in-band, meaning that the VCCV ping message is sent using the same
encapsulation and along the same path as user packets in that VLL. This is equivalent to the LSP
ping for a VLL service. VCCV ping reuses an LSP ping message format and can be used to test a VLL
configured over an MPLS and GRE SDP. VCCV creates an IP control channel within the ePipe between
PE1 and PE2. PE2 should be able to distinguish, on the receive side, VCCV control messages from
user packets on that VLL.The 7750 SR uses the router alert label immediately above the VC label to
identify the VCCV-ping message. This method has a drawback that if ECMP is applied to the outer
LSP label, such as the transport label, the VCCV message will not follow the same path as the user
packets. When sending the label mapping message for the VLL, PE1 and PE2 include an optional
VCCV TLV in the PW FEC interface parameter field. The TLV indicates that the control channel will
make use of the router alert label method.
PEx# oam vccv-ping <2X>:500 reply-mode ip-routed 

VPLS Configuration
VPLS services offer Ethernet switching. Normally this would require STP as loop prevention mechanism,
but this protocol is not efficient (links will be blocked).
The ALU implementation allows an alternative to STP: meshed bindings.
If switching instances are linked with Mesh-SDP bindings, the traffic cannot re-enter the network and
create a loop.
Take a look at the different behavior below to see the difference between SAP, Spoke-binding and
Mesh-binding.
The problem with mesh-binding is that all instances must be connected through an SDP with all other
switching instances. In large VPLS services this could become a scaling problem.
Combining Spoke-bindings between smaller full-mesh networks is the solution.
For redundancy more Spoke binding can be set up,
up but then STP is required.
required

VPLS Configuration
1. Configure a VPLS service 60x according to the lab diagram at the end of this module.
*A:PE42>config>service>vpls# info
----------------------------------------------
stp STP not required with mesh-sdp
shutdown
exit
sap 1/1/14:601 create One or more SAP‘s
exit
mesh-sdp 241:601 create
no shutdown
exit
no shutdown
exit Full mesh of mesh-sdp bindings
no shutdown
exit
no shutdown
----------------------------------------------
Note: Change epipe 1 to match new VLAN value
2. Verify the VPLS. What are the labels used to reach the other PEs? What are the labels used to reach
the VPLS service on these remote PEs?
PEx# show service sap-using 

PEx# show service service-using 
PEx# show service id 600 labels 
Note: An VPLS is the equivalent of a VLAN connecting one or more switches. In order to ping
successfully, all CPEs will have to be members of the same subnet.

4. Verifyy the forwarding
g database. What are the age
g timers? How can you
y verifyy the age
g timer p
per mac
entry?
PEx# show service fdb-info 

PEx# show service fdb-mac 
PEx# show service fdb-mac expiry 
*A:PE43>config>service>vpls# show service fdb-mac
===============================================================================
Service Forwarding Database
===============================================================================
ServId MAC Source-Identifier Type Last Change
Age
-------------------------------------------------------------------------------
601 00:0c:29:31:11:c2 sdp:142:601 L/130 08/20/14 15:59:48
601 00:0c:29:82:71:ee sdp:141:601 L/204 08/22/14 09:52:42
601 00:0c:29:b1:38:62 sap:1/1/14:601 L/0 08/25/14 13:20:38
601 00:50:c2:4d:d7:71 sap:1/1/14:601 L/0 08/25/14 13:26:10
601 00:50:c2:4d:d7:72 sdp:142:601 L/0 08/20/14 16:03:29
601 00:50:c2:4d:d7:73 sdp:141:601 L/130 08/20/14 15:59:23
-------------------------------------------------------------------------------

Preparation
p of the Test network
Before we start configuring the routers, change the subnet on the test-pc’s.
Shorten the subnet mask, each test-pc should now be in a different subnet.
The VPRN routing will be able to connect them.
The VPRN routed network will have, on each site, an interface. This interface interacts with the test-
pc.
The interface will have a mask of /24 (or 255.255.255.0 on your test computer)
Untagged tagged
Interfaceto-pc
EPIPE 1 192.168.41.2/24
sap 1/1/12:701
192.168.41.1/24

VPRN Configuration:
g : BGP family
y
In the global BGP configuration, we have configured iBGP.

To support VPRN, we will now activate the BGP family vpn-ipv4
BGP becomes MP-BGP.
*A:PE43>config>router>bgp# info
----------------------------------------------
group "redundant RR peer"
neighbor 10.6.0.44
peer-as 65100
exit
exit
cluster 0.0.0.1
neighbor 10.6.0.41
peer-as
pee as 65
65100
00
exit
neighbor 10.6.0.42
peer-as 65100
exit
exit
no shutdown
----------------------------------------------
*A:PE43>config>router>bgp# family
- family [ipv4] [vpn-ipv4] [ipv6] [vpn-ipv6] [mcast-ipv4] [l2-vpn] [mvpn-ipv4]
[mdt-safi] [ms-pw] [flow-ipv4]
[route-target]
- no family
<ipv4> : keyword - provision support of the specific family

<vpn-ipv4> : keyword - provision support of the specific family
<ipv6> : keyword - provision support of the specific family
<vpn-ipv6> : keyword - provision support of the specific family
<mcast-ipv4>
<mcast ipv4> : keyword - provision support of the specific family
<l2-vpn> : keyword - provision support of the specific family
<mvpn-ipv4> : keyword - provision support of the specific family
<mdt-safi> : keyword - provision support of the specific family
<ms-pw> : keyword - provision support of the specific family
<flow-ipv4> : keyword - provision support of the specific family
<route-target> : keyword - provision support of the specific family
Warning: multiple families can be activated, but ALL keywords must be repeated.
Just adding a family overwrites the previous available families!
Example: if both vpn-ipv4 and vpn-ipv6 must be activated, this is the correct command:
PEx>config>router>bgp# family vpn-ipv4 vpn-ipv6 
Now, add family vpn-ipv4 and mvpn-ipv4.

VPRN service configuration
g
Create service 701

The service need a route-distinguisher (RD) and route-target (RT)
Use for both values <AS id>:<service id>

Example:
p 65100:701
Check following configuration example
*A:Edge44>config>service>vprn# info Route-distinguisher is what makes

routes unique.
----------------------------------------------
route-distinguisher 65100:701
auto-bind mpls
vrf-target target:65100:701
interface "to-pc" create
address 192.168.44.2/24
sap 1/1/14:701 create
exit
exit In VRPN, the vrf-target command is a
no shutdown
combination of the vrf-import and vrf-
----------------------------------------------
export in one command
command.
Note: In VRPN, a shortcut exists to alleviate the creation of SDP-bindings manually. The auto-bind
command creates the LDP SDP’s in one command. When this option is used, there is no need to
explicitly
li itl specify
if th
the SDP’
SDP’s as d
done iin th
the previous
i step.
t
Other options include:
*A:Core49>config>service>vprn# auto-bind ?
- auto-bind {ldp|gre|rsvp-te|mpls}
Try following show commands:

PEx# show router 701 route-table 
Note that other show commands, used at router level, can be used at VPRN level as will by adding the
service
se v ce id
d (in
( tthiss case 701)
0 )
e.g.
PEx# show router 701 interface 

Connect a PC Workstation on the access port and make sure that the PC has an IP address on the same
network as the CE Interface of the matching PE in your VPRN. Point the default gateway to this CE
interface (check lab diagram). Ping another CPE PC Workstation in the VPRN. Is the Ping
successful?
*A:Core49>config>service>vprn>if# show router bgp summary all
===============================================================================
BGP Summary
===============================================================================
Neighbor
ServiceId AS PktRcvd InQ Up/Down State|Rcv/Act/Sent (Addr Family)
PktSent OutQ
-------------------------------------------------------------------------------
10.6.0.46
Def. Instance 65200 2625 0 22h43m10s 0/0/4 (IPv4)
2702 0 1/1/4 (VpnIPv4)
10.6.0.47
2703 0 1/1/4 (VpnIPv4)
10.6.0.48
2700 0 3/1/3 (VpnIPv4)
10.44.49.1
227 0 0/0/0 (IPv6)
------------------------------------------------------------------------------
*A:Core49# show router 702 route-table
===============================================================================
Route Table (Service: 702)
===============================================================================
N t H
Next Hop[Interface
[I t f N
Name]
] M
Metric
t i
-------------------------------------------------------------------------------
192.168.56.0/24 Remote BGP VPN 00h23m15s 170
10.6.0.46 (tunneled) 0
10.6.0.47 (tunneled) 0
10.6.0.48 (tunneled) 0
192.168.59.0/24 Local Local 00h22m17s 0
to-pc 0
-------------------------------------------------------------------------------
No. of Routes: 4
Flags: L = LFA nexthop available B = BGP backup route available
n = Number of times nexthop is repeated
===============================================================================
Also try:
*A:Core49# show service id 702 base

OAM Tools
1. Perform a VPRN Ping from your directly connected VPRN interface to a remotely connected PC.
PEx# oam vprn ping 700 source <X.X.X.X> destination <Y.Y.Y.Y> 

vprn-ping
2. Perform a VPRN Trace from your directly connected VPRN interface to a remotely connected PC.
PEx# oam vprn-trace 700 source <X.X.X.X> destination <Y.Y.Y.Y> 
*A:Core49# oam vprn-ping 702 source 192.168.59.2 destination 192.168.58.2
Seq Rcvd-on Reply-Path Size RTT

----------------------------------------------------------------------------
[Send request Seq. 1.]
1 cpm In-Band 84 4.51ms
Node-Id 10.6.0.48
----------------------------------------------------------------------------
*A:Core49# oam vprn-trace 702 source 192.168.59.2 destination 192.168.58.2
q Rcvd-on
TTL Seq Reply-Path
p y RTT
---------------------------------------------------------------------------
[Send request TTL: 1, Seq. 1.]
1 1 cpm In-Band 2.64ms
Node-Id 10.6.0.48
Requestor 10.6.0.49
Route: 192.168.58.0/24
Vpn Label: 262126 Metrics 0 Pref 170 Owner bgpVpn
Next Hops: [1] ldp tunnel
Route Targets: [1]: target:65200:702
Responder
d 10
10.6.0.48
6 0 48
Route: 192.168.58.2/32
Vpn Label: 0 Metrics 0 Pref 0 Owner local
Next Hops: [1] ifIdx 2 nextHopIp none
---------------------------------------------------------------------------
Note: RTT values not representative for real hardware. Screenshot taken from
simulators.

Internet Enhanced Service
An IES is a routed, layer 3 connectivity service linking to the Core routed network (Global Routing
Table = internet):
It holds an Interface:
• SAP
• IP Address/mask
IES Interfaces can be included in the following routing protocol:
 Static, RIP, OSPF, ISIS, and BGP
VPLS can be bound to an IES
IES can terminate spoke-SDPs such as an EPipe, IPipe, or H-VPLS service
IES 500
GRT
SAP
Since the traffic in an IES service communicates using an IP interface for the core routing instance,
there is no need for the concept of tunneling traffic to a remote router
*A:S41>config>service>ies# info
----------------------------------------------
interface "internet" create
address 192.168.50.50/29
sap 1/1/11 create
exit
exit
no shutdown
----------------------------------------------
Add the interface to your IGP
*A:Core46>config>router>ospf# info
----------------------------------------------
…
area 0.0.0.0
…
interface "internet"
no shutdown
exit
exit
…
----------------------------------------------

Q
QoS
Quality of Service (QoS) is not just one feature but a set of implementations resulting in quality-
contoled traffic distribution.
QoS Basic parameters:
Identify
Id tif th
the High
Hi h P
Priority
i it packets
k t and d Classify
Cl if into
i t correctt Forwarding
F di ClClasses.
Queue the classified packets into dedicated hardware buffers.
Release or Schedule the packets from respective queues at assigned speeds.
There are 4 places where QoS policies can be implemented:
Network Ingress and Network Egress are preconfigured in SR-OS, but can be changed to represent a
network wide diffserv QoS behavior.
This lab will focus on SAP ingress. Methods on SAP egress and on the network side are similar.
SAP ingress example
*A S44>
*A:S44>config>qos>sap-ingress$
fi > > i $ i
info
f
----------------------------------------------
queue 1 create
exit
queue 3 create
exit 3. Queue
queue 4 create
exit
queue 11 multipoint create
exit
fc "h2"
h2 create
queue 4 2 F
2. Forward
d Cl
Class mapped
d tto Q
Queue
exit
fc "l1" create
queue 3
exit
dot1p 3 fc "l1"
dot1p 4 fc "h2" 1. Classification into forward Class
----------------------------------------------

Create a new SAP ingress policy. Use your box number to name the policy.
PEx# config# qos sap-ingress <#> create 
*A:Edge42>config>qos>sap-ingress$ info
----------------------------------------------
queue 1 create
exit
exit
----------------------------------------------
Two queues are available by default. 1 will be used for unicast traffic and 11 for BUM traffic.
(Broadcast, Unknown and Multicast)
C t ffour more queues ((queue 2

Create 2, 3
3, 4 and
d 5)
Add following parameters
CIR = Commited Information Rate (Kbps)

rate = Peak information Rate (Kbps)
CBS = Commited Burst Size (bytes|kilobytes)
MBS = Maximum Burst Size (bytes|kilobytes)
High Priority Only (%)
Create queues with following parameters:
Queue 2: rate 15M fc "be" create dot1p 0 fc "be“
Queue 3: fc "ef" create dot1p 5 fc "ef" priority low

dot1p 6 fc "ef" priority high
rate 5M cir 2M
cbs 2000 mbs 10000
high-prio-only 80 %
queue 4:
q fc "h2" create dot1p 3 fc “h2"
rate 15M CIR 2M

cbs 20
fc "l1" create dot1p 4 fc “l1"

Queue 5:
rate 15M cir 2M
cbs 60 mbs 5000

But what with all other forwarding classes and classifications not specified?
They will be send to queue 1 (unicast) or 11 (BUM)
And they will follow the default configuration.
The default behavior can be changed, this is an easy way to create a service-based classification:
All traffic on once SAP should be marked with a fc.
*A:Edge42>config>qos>sap-ingress$
g g q p g $ info
----------------------------------------------
description "all traffic to fc HIGH 1"
queue 1 create
exit
exit
default-fc "h1"
default-priority high
----------------------------------------------
Create two profiles:

-All traffic to fc L2 priority low
-All traffic to fc L1 priority high
To check the working of the QoS sap-ingress policy, check one of the Network ports in detail:
*A:Core49> show port 1/1/2 detail
Egress Queue 6 Packets Octets

In Profile forwarded : 0 0
In Profile dropped : 0 0
Out Profile forwarded : 0 0
Out Profile dropped : 0 0
===============================================================================

Scheduling
The scheduler is a fast-moving arm taking packets out of the queues. It provide bandwidth to the
queues.
The scheduler can be created in multi Tier, creating a more hierarchical and complex mechanism.
Example:
*A:Edge42>config>qos>info
scheduler-policy "CS_T500000_V50000" create

tier 1
scheduler "shape_500000K" create
rate 500000 cir 500000
exit
exit
tier 2
scheduler "be_3pc
p _rem" create
parent "shape_500000K" weight 30
exit
scheduler "bus2_16pc_rem" create
exit
scheduler "bus_80pc_rem" create
exit
scheduler "voice_50000K" create
parent "shape_500000K" level 8
rate 50000 cir 50000
exit
exit
exit
#--------------------------------------------------
Queues can be linked to the tier 1 or tier 2 schedulers.

Example
A:PE1>config>qos$ sap-ingress 99 create

queue 1 create
parent " be_3pc_rem " level 4 weight 20 cir-level 4 cir-weight 0
rate 15000 cir 0
exit
queue 3 create
rate 15000 cir 2000
exit
queue 4 create
rate 15000 cir 2000
exit
queue 5 create
q
parent " shape_500000K " level 4 weight 50 cir-level 6 cir-weight 50
rate 5000 cir 2000
exit

Scheduling lab
Lab: create the scheduler for the four fc’s and link to the queues:
Queue: 3
fc : ef
Level: 4
Weight: 50
CIR_level: 6
CIR_weight: 50
Queue: 5
fc : l1 Scheduler: ‘Parent’
Level: 4 PIR: 15M
Weight:
We g 50 CIR: 15M
CIR_level: 4
CIR_weight: 50
Queue: 4 Scheduler: ‘Child’

fc : h2 PIR: 15M
Level: 4 CIR: 5M
Weight: 30 Level: 4
CIR_level: 4 Weight: 50
CIR_weight: 50 CIR_level: 4
CIR
CIR_weight:
i ht 50
Queue: 2
fc : be
Level: 4
Weight: 20
CIR_level: 4
CIR_weight: 0
*A:S148>config>service>epipe# info Both schedular and QoS

---------------------------------------------- policy should be linked to
sap 1/1/8 create
ingress your SAP
scheduler-policy "148"
qos 148
exit
exit
spoke-sdp 146:506 create
no shutdown
exit
no shutdown
----------------------------------------------

CLI tips
p and tricks
If you happen to be faster then the other participants in the training, here are some tips&tricks to
keep you busy ;-)
Ranges in CLI
With ranges, commands can be given to a set of objects at once.
PEx# show port 1/1 
A:S41# show port 1/1
===============================================================================
Ports on Slot 1
===============================================================================
-------------------------------------------------------------------------------
1/1/7 Down No Down 1578 1578 - netw null
ll xcme
If you like to activate ports 1/1/4 – 1/1/5 – 1/1/6:
PEx# configure port 1/1/[4..6] no shut 
Note that the autocomplete does not work after range specification.
Multiple Range Commands
Up to a maximum of 6 ranges are supported. For instance, executing a command like:
PEx# configure filter ip-filter [1..2] create entry [1..2] create no match 
Is same as executing the following four commands (loop within a loop):

configure filter ip-filter 1 create entry 1 create no match 

Enumerated Range Commands
This allows us to provide non-contiguous numbers up to a maximum of 20. For instance, executing a
command like:
PEx# configure filter ip-filter [1,2,5,9] create default-action forward 
I same as executing
Is i the
h ffollowing
ll i ffour commands
d ((single
i l lloop):
)
configure filter ip-filter 1 create default-action forward 
R f
Referenced
d Range
R Commands
C d
Now that we have multiple ranges allowed, we can also backward reference another pre-existing
range on the command line. For instance, in the following command:
PEx# configure filter ip-filter [1..2] create entry [$0] create no match 
The first range [1..2], creates a variable 0, and the second range reference [$0] references the
variable 0. This command will result in the execution of two commands (single loop):
The first range is referenced to create the second range.
For another example, let's consider:

PEx# configure filter ip-filter [1,2] create entry [11..12] create match src-ip 10.10.[$1].10/32 
The first range [1,2], creates a variable 0, the second range [11..12] creates a variable 1, whereas the
third range [$1] creates a reference to variable 1. In this case 11 and 12 will be used. This will result
in an execution of four commands (loop within a loop):
configure filter ip-filter 1 create entry 11 create match src-ip 10.10.11.10/32 


Environment: Create
You can switch off the need for ‘create’ for your session
PEx# environment no create 

From then on you never have to specify the create anymore.
PEx# configure service epipe 8888 customer 1 

..is..
PEx# configure service epipe 8888 customer 1 create 
Environment: reduce prompt
The CLI prompt can be reduced:
PEx# environment reduced-prompt 2 
Results in:
PEx# configure router interface "sy" ipv6
PEx>...if>ipv6#
Recalling History
recalling history command gives you the previous commands. One can be re-issued with the <#>!
*A:7450-1# history
1 environment terminal length 48
2 environment no create
3 show version
4 configure port 1/1/1
5 info
i f
6 \configure router isis
7 \port 1/1/1
8 con port 1/1/1
9 \con port 1/1/1
…
*A 7450 1# !3
*A:7450-1#
*A:7450-1# show version

Improving search skills
‘Match’ is case sensitive.
*A:S41# show port | match up  No results
*A:S41# show port | match Up 

…
Or you can use the following command:
*A:S41# show port | match up ignore-case 

1/1/4 Up
p Yes Up
p 1578 1578 - netw null xcme MDI
Something shutdown in the router?
Search the configuration and include some pre-lines to find the context:
*A:S41# admin display-config | match shutdown pre-lines 3 
Other possibilities include:
*A:S41# show port | match ?

- match <pattern> context {parents|children|all} [ignore-case] [max-count <lines-count>] [expression]
- match <pattern> [ignore-case] [invert-match] [pre-lines <pre-lines>] [post-lines <lines-count>] [max-count
<lines-count>]
li t ] [[expression]
i ]


TER36089 - V1.0 SG R1.0 Ed1

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

TER36089 - V1.0 SG R1.0 Ed1

Încărcat de

Drepturi de autor:

Formate disponibile

TER36098

All Rights Reserved © 2015, Alcatel-Lucent

*A:S41# show bof

>> Incoming OSPF packet Debug commands

All Rights Reserved © 2015, Alcatel-Lucent

Node# show time

Many of the exercises will be explained using example configuration.

PWC is interface to41

*A:PE42>config>router# interface "to41"

All Rights Reserved © 2015, Alcatel-Lucent

3 ways to auto-complete commands

Command completion can be achieved by:

Abbreviation, if keystrokes entered are unique enough. The command is auto-

Tab Key or Space Key to auto-complete the command.

If match is not unique CLI will display possible matches:

Help: use <?>

A:PE42# configure router ?

[no] aggregate - Create/delete an aggregate route

All Rights Reserved © 2015, Alcatel-Lucent

A:Core49# tree flat

*A Core49# tree flat | match ospf | match sho

Now try to find following commands:

All Rights Reserved © 2015, Alcatel-Lucent

Node# show system security ssh 

6. Verify your configuration.

All Rights Reserved © 2015, Alcatel-Lucent

1. Change the login idle timeout (default 30 minutes).

Node# configure system login-control idle-timeout 500 

BOF (Boot Option File)

1. Check the BOF file (Warning, do not change anything)

*A:S41# show bof

All Rights Reserved © 2015, Alcatel-Lucent

All Rights Reserved © 2015, Alcatel-Lucent

*A:S41# show system ntp

Run the show command again:

*A:S41>config>system>time# show system ntp

All Rights Reserved © 2015, Alcatel-Lucent

1. Set the chassis mode to mode d.

2. Show the chassis mode.

System redundancy applies if redundant SF/CPM cards are available.

All Rights Reserved © 2015, Alcatel-Lucent

PEx# show card 

Note: The “show

PEx# configure card <1> 

PEx>config>card# show mda 

PEx>config>card# mda <1> 

5. Verify the state of the ports. What is their state?

PEx# show port 

PEx# configure port <X/X/X> no shutdown 

PEx# configure port <X/X/[Y..Z]> no shutdown 

All Rights Reserved © 2015, Alcatel-Lucent

*A:PE42# show port

Note: On the 7750SR, all Ethernet port default as network ports.

Creating a script file

Example: LLDP (link Layer Discovery Protocol)

When we use Ethernet for our transport,

All Rights Reserved © 2015, Alcatel-Lucent

Type or copy the correct configuration.

All Rights Reserved © 2015, Alcatel-Lucent

Checkpoint created: Checkpoint created:

First thing we should do, specify the rollback location:

No extension required, the standard extension .rb will be added.

*A:CORE48# admin rollback save 