Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Instructor Guide
Text Part Number: xx-xxxx-xx
Copyright 2005, Cisco Systems, Inc. All rights reserved. CCIP, the Cisco Powered Network mark, the
Cisco Systems Verified logo, Cisco Unity, Follow Me Browsing, FormShare, Internet Quotient, iQ
Breakthrough, iQ Expertise, iQ FastTrack, the iQ logo, iQ Net Readiness Scorecard, Networking Academy,
ScriptShare, SMARTnet, TransPath, and Voice LAN are trademarks of Cisco Systems, Inc.; Changing the Way We
Work, Live, Play, and Learn, Discover All Thats Possible, The Fastest Way to Increase Your Internet Quotient, and
iQuick Study are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, CCDA, CCDP, CCIE,
CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, the Cisco IOS logo, Cisco Press,
Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Empowering the Internet Generation,
Enterprise/Solver, EtherChannel, EtherSwitch, Fast Step, GigaStack, IOS, IP/TV, LightStream, MGX, MICA, the
Networkers logo, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, RateMUX, Registrar, SlideCast,
StrataView Plus, Stratm, SwitchProbe, TeleRouter, and VCO are registered trademarks of Cisco Systems, Inc.
and/or its affiliates in the U.S. and certain other countries.
All other trademarks mentioned in this document or Web site are the property of their respective owners. The use of
the word partner does not imply a partnership relationship between Cisco and any other company. (0203R)
Printed in the USA
Course Overview
Intended Audience
This course is for technical professionals who need to know how to
implement Cisco CRS-1 in their network environment. The following
are considered the primary audience for this course:
Install Technicians
NOC Engineers
Course Level
This course provides a fundamental level of information pertaining to
the Cisco Carrier Routing System family of products.
Prerequisites
The following courses are prerequisites:
Additional Information
Cisco Systems Technical Publications
You can print technical manuals and release notes directly from the
Internet. Go to http://www.cisco.com/univercd/home/home.htm.
Find the Cisco Systems product for which you need documentation.
Then locate the specific category and model or version for your
Version 2.0
vi
Version 2.0
Course Agenda
Day 1
Course and Student Introduction
Module 1 Introduction to CRS-1
Module 2 CRS-1 16-Slot Line Card Chassis Hardware
Module 3 CRS-1 8-Slot Line Card Chassis Hardware
Module 4 CRS-1 Line Card Chassis Common Elements
Module 5 Introduction to Cisco CRS-1 Multi-Shelf Architecture
Day 2
Module 6 Cisco IOS XR Overview and Initial Configuration
Lab 1 Hardware Discovery and Initial Configuration
Module 7 - Cisco IOS XR Operations
Lab 2 Cisco IOS XR Operations
Module 8 Cisco IOS XR Installation
Lab 3 IOS XR Software Installation
Day 3
Module 9 IOS XR Security
Lab 4 IOS XR Security
Module 10 Routing Protocols
Lab 5 IS-IS Routing Configuration
Lab 6 OSPF Routing Configuration
Lab 7 iBGP Routing Configuration
Lab 8 IP Multicast Configuration
Day 4
Module 11 Routing Policy Language
Lab 9 Building RPL Route Policies
Module 12 IOS XR MPLS
Lab 10 MPLS
Module 13 Craft Works Interface
Lab 11 Using CWI to Monitor and Configure
Module 14 Data Flow and MQC QoS
Course Summary
Version 2.0
vii
viii
Version 2.0
Overview
Description
This course is designed to train a variety of audiences on the CRS-1
platform. The course is modular in design. Only those modules which
a particular audience needs to perform its tasks needs to be presented,
thus shortening the duration that they need to be away from their job
functions to attend training.
The course introduces the student to the Cisco CRS-1 platforms, its
features and functions. The course then builds up on that information
by strengthening the students understanding of the platform. The
modules are both theoretical and practical in scope. Some of the
modules present both technology and features of certain elements of
the platform in order to build the students understanding of the
benefits of choosing the CRS-1. Most of the modules, however, are
specifically designed with clear, task oriented and specific objectives
built around the job functions of the intended student. Most modules
are re-enforced with review questions and hands-on lab exercises. The
aim of the review questions and lab exercises are to demonstrate the
students ability to use the knowledge and skills gained during this
course to perform measurable tasks.
Objectives
After completing this course, you will be able to do the following:
List and describe the major features and benefits of a Cisco CRS-1
routing system
List and describe the major features and benefits of Cisco IOS XR
operating system
Version 2.0
ix
Version 2.0
Contents
Course Overview.....................................................................................................................v
Course Agenda..................................................................................................................... vii
Module 1 .......................................................................................................... 11
Overview .............................................................................................................................11
Cisco CRS-1 Carrier Routing Systems..............................................................................12
Market Place Demands ......................................................................................................14
Current PoP Design............................................................................................................16
Getting the CRS-1 into the Network.................................................................................18
Cisco CRS-1 System Configurations ...............................................................................112
Cisco CRS-1 Line Card Chassis.......................................................................................116
Cisco CRS-1 Interfaces.....................................................................................................118
Summary...........................................................................................................................120
Module 2 .......................................................................................................... 21
Overview .............................................................................................................................21
CRS-1 16-Slot Line Card Chassis......................................................................................22
CRS-1 16-Slot Line Card Chassis Components................................................................24
CRS-1 16-Slot Line Card Chassis Slot Numbering ........................................................210
CRS-1 16-Slot Line Card Chassis Power System ...........................................................212
CRS-1 16-Slot Line Card Chassis AC Power Shelves and Rectifiers............................222
CRS-1 16-Slot Line Card Chassis DC Power System ....................................................230
CRS-1 16-Slot Line Card Chassis Alarm Module...........................................................242
CRS-1 16-Slot Chassis Line Card Chassis Cooling System...........................................248
CRS-1 16-Slot Chassis Single Line Card Switch Fabric................................................266
CRS-1 16-Slot Chassis S123 Switch Fabric Card...........................................................268
CRS-1 16-Slot Chassis Route Processor (RP) .................................................................274
Summary...........................................................................................................................288
Version 2.0
xi
Module 3 .......................................................................................................... 31
Overview .............................................................................................................................31
CRS-1 8-Slot Line Card Chassis........................................................................................32
CRS-1 8-Slot Line Card Chassis Components..................................................................34
CRS-1 8-Slot Line Card Chassis Slot Numbering ..........................................................310
CRS-1 8-Slot Line Card Chassis Power System .............................................................312
CRS-1 8-Slot AC Power System.......................................................................................318
CRS-1 8-Slot DC Power System ......................................................................................326
CRS-1 8-Slot Line Card Chassis Cooling System...........................................................332
CRS-1 8-Slot Line Card Chassis Switch Fabric .............................................................344
CRS-1 8-Slot Line Card Chassis Route Processor..........................................................350
Summary...........................................................................................................................362
Module 4 .......................................................................................................... 41
Overview .............................................................................................................................41
Modular Services Card.......................................................................................................42
DRP Architecture - LC Chassis .........................................................................................46
Physical Layer Module (PLIM)..........................................................................................48
Shared Port Adapters (SPAs) and SPA Interface Processor-800 (SIP-800) .................436
SIP Bandwidth Oversubscription....................................................................................444
4-Port OC-3c/STM-1 SPA.................................................................................................449
1-Port OC-192c/STM-64 PoS/RPR XFP SPA ..................................................................453
8-Port Gigabit Ethernet SPA ...........................................................................................457
Summary...........................................................................................................................461
Module 5 .......................................................................................................... 51
Overview .............................................................................................................................51
Switch Fabric Chassis ........................................................................................................52
Switch Fabric Components ................................................................................................56
System Configurations .......................................................................................................58
Switch Fabric Chassis Interconnections .........................................................................512
In-service upgrade from Standalone to Multi-Shelf.......................................................516
CRS-1 Management System Control Plane and Shelf Controller Gigabit Ethernet (SCGE) card ............................................................................................................................518
Summary...........................................................................................................................522
Module 6 .......................................................................................................... 61
Overview .............................................................................................................................61
xii
Version 2.0
Module 7 .......................................................................................................... 71
Overview .............................................................................................................................71
Cisco IOS XR Command Modes.........................................................................................72
Configuration Operations ................................................................................................714
Miscellaneous CLI Commands ........................................................................................752
Process Management........................................................................................................762
Summary...........................................................................................................................772
Module 8 .......................................................................................................... 81
Overview .............................................................................................................................81
Cisco IOS XR Software Packaging ....................................................................................82
Package Management ......................................................................................................820
Software Installation Review...........................................................................................836
Summary...........................................................................................................................846
Module 9 .......................................................................................................... 91
Overview .............................................................................................................................91
Cisco IOS XR Security Overview.......................................................................................92
Cisco IOS XR Security Implementation..........................................................................910
Security Configuration .....................................................................................................942
Access Control Lists .........................................................................................................958
Summary...........................................................................................................................970
Version 2.0
xiii
xiv
Version 2.0
Append A
A1
Troubleshooting
A-1
Appendix B ..................................................................................................... B1
Student Evaluation ........................................................................................ B1
Version 2.0
xv
xvi
Version 2.0
Module 1
Cisco CRS-1 Carrier Routing System
Overview
Description
This module describes the platforms and components that currently
support Cisco IOS XR software. You will learn about the hardware
requirements and specifically applicable features to the platforms.
Objectives
After completing this module, you will be able to do the following:
Describe the Market Place demands that drove the development efforts
of the Cisco CRS-1 routing system
Describe the current POP design and Cisco CRS-1 insertion strategy
Compare and contrast the Cisco CRS-1 16- and 8-slot line card chassis
Version 2.0
11
Module 1
12
Version 2.0b
Module 1
40 Gbps routing
Multishelf scale
Foundation for core
consolidation
Version 2.0b
13
Module 1
14
Version 2.0b
Module 1
Late 1990
Early 1992
POS
Mid 1995
1998-99
FDDI
X
XSwitch
2004-future
POS
POS
Shared
FDDI Ring
2000-02
Ethernet
ATM
POS
GSR
Cisco
75XX
GSR
DPT
Cisco
75XX
Cisco
75XX
Cisco
75XX
Cisco
75XX
Version 2.0b
15
Module 1
16
Version 2.0b
Module 1
OC-12/48->OC-192
Core
Peering
1GE->10GE
1GE/OC-3/12/48DPT
Distribution
DS-3, 1GE
OC-3/12/48
Aggregation
OC-3/12/48DPT
T1/1GE
OC-3/12
Version 2.0b
17
Module 1
18
Version 2.0b
Module 1
OC-12/48->OC-192
Core
CRS-1
CRS-1
Peering
1GE->10GE
1GE/OC-3/12/48DPT
Distribution
DS-3, 1GE
OC-3/12/48
Aggregation
OC-3/12/48DPT
T1/1GE
OC-3/12
Version 2.0b
19
Module 1
110
Version 2.0b
Module 1
STM-64/256
Core
10GE/STM-16/64DPT
STM-256 Ch DS-3
CRS-1
5 Logical Router
partitions
Distribution
Aggregation
STM-4/16 DPT
1G/10GE
GSR120/124xx
CAT6K
Version 2.0b
1GE/10GE
STM-4/16
111
Module 1
Multi-Shelf System
A CRS-1 Multishelf System consists of line card chassis and switch fabric
chassis (SFC) combinations. Possible combinations include:
2 12 Terabit Routerup to 6 line card chassis and one SFC, with support
for up to 96 MSCs
12 23 Terabit Routerup to 18 line card chassis and two SFC, with
support for up to 288 MSCs
23 46 Terabit Routerup to 36 line card chassis and 4 SFC, with support
for up to 576 MSCs
46 92 Terabit Routerup to 72 line card chassis and 8 SFC, with support
for up to 1152 MSCs
112
Version 2.0b
Module 1
Version 2.0b
113
Module 1
Multi-shelf Systems
Switch-fabric chassis are connected to line-card chassis using parallel
optical fiber cables. This allows data coming into the line-card chassis to be
processed and forwarded across any of the fabric chassis and then out
another port on another line-card chassis.
User data passes over the fiber from chassis to chassis. An out-of-band
Gigabit Ethernet network is used for system control and management, and
all traffic generated for this remains separate from user traffic.
114
Version 2.0b
Module 1
Multi-Shelf Systems
Switch Fabric
Fiber cables are used to
interconnect LC through
SFC
Interchassis management
system control plane
traffic does not pass
through fiber cables
Version 2.0b
115
Module 1
8-Slot
The Cisco CRS-1 8-slot chassis is a half-height chassis allowing it to be
installed in standard racks. The CRS-1 8-slot chassis supports 8 MSCs, 8
PLIMs, 2 RPs, and 4 fabric cards. MSCs and PLIMs are the same for both
the 16-slot and 8-slot chassis. Like the CRS-1 16-slot line card chassis, the
8-slot chassis contains a passive midplane that interconnects the RPs,
MSCs and PLIMs. The RPs and switch fabric cards in the 8-slot chassis are
a physically different size than the RPs and switch fabric cards in the 16slot chassis. A fully loaded 8-slot line card chassis supports a data
throughput rate of 640 Gbps.
The Cisco CRS-1 8-slot routing system provides the high-speed interfaces
in a smaller platform allowing easier deployment in places where power,
cooling, and other facilities might be hard to provision or too costly.
Software
Both Cisco CRS-1 routing systems use IOS XR software and provide the
same software features.
116
Version 2.0b
Module 1
CRS-1 16-slot
CRS-1 8-slot
Version 2.0b
117
Module 1
118
Version 2.0b
Module 1
PLIMs
Version 2.0b
119
Module 1
Summary
Cisco IOS XR Hardware and Platform Overview
In this module, you learned the following:
120
The Market Place demands that drove the development efforts of the
Cisco CRS-1 routing system
How to describe the current POP design and Cisco CRS-1 insertion
strategy
How to compare and contrast the Cisco CRS-1 16- and 8-slot line card
chassis
Version 2.0b
Module 2
CRS-1 16-Slot Line Card Chassis Hardware
Overview
Description
This module describes the CRS-1 16-slot line card chassis hardware
features and functions including the Field Replaceable Units (FRUs), and
components that comprise a single line card chassis system.
Objectives
After completing this module, you will be able to do the following:
List and describe the hardware features and functions of the CRS-1 16slot line card chassis
List and describe the features and functions of the FRUs and
components that comprise the CRS-1 16-slot Line Card chassis
List and describe the features and functions of the CRS-1 16-slot line
card chassis power system
List and describe the features and functions of the CRS-1 16-slot line
card chassis alarm modules
List and describe the features and functions of the CRS-1 16-slot line
card chassis cooling system
List and describe the features and functions of the CRS-1 16-slot line
card chassis switch fabric
List and describe the features and functions of the CRS-1 16-slot line
card chassis Route Processor
Version 2.0b
21
Module 2
Mid-plane Design
The Cisco CRS-1 16-slot chassis is a mid-plane design that interconnects
each of the Field Replaceable Modules (FRUs) together.
Front
The front side of the chassis is also referred to as the Physical Layer
Interface Module (PLIM) side. At the top of the chassis are two Power
Shelves, each with three AC rectifiers or three DC PEMs and one Alarm
module. It has two PLIM bays and upper and a lower. The upper bay has
eight PLIM slots, and two Fan Controllers (center). The lower bay has
eight PLIM slots and two Route Processor (RP) slots (center). At the
bottom of the chassis is the air intake grill.
Back
The back side of the chassis is also referred to as the Modular Services
Card (MSC) side. It has two eight slots MSC bays. The upper bay has eight
MSC/DRP slots and four Switch Fabric Card (SFC) slots (center). The
lower bay hold an addition eight MSCs/DRPs and four SFCs. Power
Shelves are at the very top of the chassis. Between the Power Shelves and
the upper MSC/DRP bay is the air exhaust grill.
Dimensions
The physical dimensions of the chassis are:
22
23.6 W x 41* D x 84 H
Module 2
Front
16 PLIM slots
2 RP slots + 2 Fan Controllers
Back
16 MSC Slots
8 Fabric cards
Dimensions:
23.6 W x 41* D x 84 H
(60 W x 104.2 D x 213.36H (cm))
Power: ~13.2 KW (AC or DC)
Weight: ~1600 lbs/723kg
Heat Dis.: 41000 BTUs
Version 2.0b
23
Module 2
Midplane
The chassis also contains a midplane that connects MSCs to their
associated PLIMs. The midplane design allows an MSC to be removed from
the chassis without having to disconnect the cables that are attached to the
associated PLIM. The midplane distributes power, connects the MSCs to
the switch fabric cards, and provides control plane interconnections. The
midplane is not field-replaceable by the customer.
PLIM Side
The PLIM side of the chassis is considered the front of the chassisthis is
where user data cables attach to the PLIMs and where cool air enters the
chassis. The PLIM side of the Cisco CRS-1 16-Slot Line Card Chassis
contains:
1. Two AC or two DC power shelves and AC rectifiers or DC power entry
modules (PEMs). The power shelves and AC rectifiers or DC PEMs
provide 13.2 kilowatts of redundant power for the chassis.
2. Two alarm modules that provide external alarm system connections.
The modules are located in the AC or DC power shelves.
3. Two fan controller cards that vary the high-speed fans in the fan trays
to adjust the airflow for ambient conditions.
4. Up to 16 PLIMs
5. Two route processor cards (RPs) that perform route processing and
supply the intelligence of the system by functioning as the line card
chassis system controller.
24
Version 2.0b
Module 2
1
2
3
4
5
Version 2.0b
25
Module 2
MSC Side
The MSC side, which is where warm air is exhausted, is considered the
rear of the chassis.
1. Air exhaust outlet
2. Upper fan tray pulls air up through the chassis and exhausts it out the
air exhaust outlet
3. Eight switch fabric cards that provide the three-stage Benes switch
fabric for the system. The switch fabric performs the cross-connect
function of the routing system, connecting every MSC (and its
associated PLIM) with every other MSC (and associated PLIM) in the
system. The switch fabric receives user data from one MSC and PLIM
pair and performs the switching necessary to route the data to the
appropriate egress MSC and PLIM pair.
4. The MSC provides the forwarding engine for Layer 3 routing of user
data, and the PLIM provides the physical interface and connectors for
the user data. One type of MSC exists, but it can be associated with
several different PLIMs, which provide different interface speeds and
technologies.
5. A removable air filter
6. Lower fan tray that draws air into the chassis
7. Lower fan tray that pushes air up through the chassis
26
Version 2.0b
Module 2
MSC Side
1
2
3
4
5
6
Version 2.0b
27
Module 2
Cable-Management
The CRS-1 16-slot line card chassis contains two horizontal cablemanagement brackets that provide cable management capabilities for the
MSCs and PLIMs installed in your line card chassis. The cablemanagement brackets are pre-installed on the front (PLIM) side of the line
card chassis directly above the upper and lower PLIM bays. In a singlechassis system, the following ports are for external cable connections:
RJ-45 external clock (EXT CLK 1 and EXT CLK 2) connectors for the
Building Integrated Timing Source (BITS) signaling cables from the fan
controller card
28
Version 2.0b
Module 2
Cable Management
Cablemanagement
Version 2.0b
29
Module 2
Power shelf 0 (PS0) and associated power module slots A0, A1, A2;
alarm module slot (AM0).
Power shelf 1 (PS1) and associated power module slots B0, B1, B2;
alarm module slot (AM1).
Upper PLIM card cage with eight MSC slots (left to right, 0, 1, 2, 3...4,
5, 6, and 7) and two double-width fan controller card slots, FC0 and
FC1.
Lower PLIM card cage with eight MSC slots (left to right, 8, 9, 10,
11...12, 13, 14, and 15) and two double-width route processor card slots,
RP0 and RP1.
MSC Side
The slot numbers on the MSC side of the chassis include:
Upper MSC-switch fabric cage, eight line card slots (7, 6, 5, 4...3, 2, 1, 0)
and four switch fabric card slots (SM0, SM1, SM2, and SM3).
Lower MSC-switch fabric cage, eight line card slots (15, 14, 13, 12...11,
10, 9, 8) and four switch fabric card slots (SM4, SM5, SM6, and SM7).
The MSC slot numbers are reversed from the PLIM slot numbers on the
other side of the chassis. Because an MSC mates with its associated PLIM
through the midplane, MSC slot 0 is on the far right side of the chassis
looking at it from the MSC (rear) side; PLIM slot 0 is on the far left side of
the chassis looking at if from the PLIM (front) side. MSC slot 0 and PLIM
slot 0 mate with one another through the midplane, and so do all the other
MSC and PLIM slots (2 through 15).
210
Version 2.0b
Module 2
Version 2.0b
211
Module 2
212
Alarm modules
Chassis midplane
Version 2.0b
Module 2
AC or DC power shelves
3 AC rectifiers or DC PEMs
per shelf
Alarm modules
Dual bus bars
Chassis midplane
Special components on
cards or modules, like DCto-DC converters, or ORing
diodes or EMI filters
Version 2.0b
213
Module 2
Power Architecture
The line card chassis power architecture uses A and B power shelves to
provide:
Redundant power for all components in the chassis (An A and a B side)
One entire power shelf fails, or one bus baran integral part of the
chassisfails
With this power architecture, it takes two failures before the system is
degraded; the failures would have to occur in both the A and B sides of the
power architecture and effect the same load zone for the degradation to
occur.
This architecture, which applies to either AC- or DC-powered line card
chassis, is built around:
Different power shelves are used for DC, AC Wye, and AC Delta input
power.
214
Version 2.0b
Module 2
Power Architecture
Version 2.0b
215
Module 2
Power Distribution
AC or DC power is brought into the chassis through the two power shelves.
The shelves contain the AC rectifier modules or the DC PEMs. The power
architecture is the same for an AC- or a DC-powered chassis. Power is then
distributed in the following way:
The A power (top) shelf then supplies 48 VDC to the A bus bar and the
B power (lower) shelf provides 48 VDC to the B bus bar
The two bus bars distribute power through the midplane to:
16 MSC slots
16 PLIM slots
Two RP slots
The fan trays receive their operating power from the fan
controller cards
Each of the units that takes its DC power from this power architecture also
has some components that are part of the overall power architecture.
These components are:
OR-ing diodes
EMI filters
216
Version 2.0b
Module 2
Power Distribution
Version 2.0b
217
Module 2
218
The upper fan tray is powered by load zone 2 (A0Z2 and B0Z2)
The lower fan tray is powered by load zone 5 (A2Z5 and B2Z5) through
the fan controller cards
Version 2.0b
Module 2
A0
A1
Z1 Z2
Z3
A2
Z4
Z5
AM0
Z6
B1
Z1 Z2
Z3
B2
Z4
Z5
AM1
Z6
Version 2.0b
219
Module 2
220
Load zone 2 (Z2) powers chassis slots FC0, RP1 (PLIM side) and SM0,
SM1, SM2 and SM3 (MSC side)
Load zone 5 (Z5) powers chassis slots FC1, RP0 (PLIM side) and SM4,
SM5, SM6 and SM7 (MSC side)
Load zone 6 (Z6) powers chassis slots 12, 13, 14, and 15
Version 2.0b
Module 2
Version 2.0b
221
Module 2
AC Rectifiers
The AC rectifier is an AC power supply, which converts facility AC power
into the DC power necessary to power the cards and modules in the
chassis. The AC rectifier module takes facility AC power from the AC
power shelf (either the Delta or Wye AC power shelf), rectifies the AC into
DC, provides filtering and control circuit, provides status signaling, and
passes the DC power to either the A or B line card chassis bus bars. Each
AC rectifier module has its own self-contained cooling fan which draws air
through the module.
222
Version 2.0b
Module 2
AC Power
Shelf
AC Rectifiers
Version 2.0b
223
Module 2
AC Power Architecture
The 3-phase AC power is brought into the power shelf and distributed to
the three AC rectifiers in the shelf. The AC rectifiers convert the AC power
into the DC power required by the chassis.
_____________________________ Note _________________________
Each phase of the three phase AC power source is used to power two
load zones in the line card chassis.
_________________________________________________________________
The DC power is then routed to bus bars (A and B). The buses distribute
the power through the midplane to the various cards and modules in the
chassis. The top power shelf powers the A bus, and the lower power shelf
powers the B bus. One entire power shelf could fail and the chassis would
still be operational.
_____________________________ Note _________________________
The same AC rectifiers are used in AC Delta power shelves and AC
Wye power shelves.
_________________________________________________________________
224
Version 2.0b
Module 2
AC Power Architecture
Version 2.0b
225
Module 2
Each AC rectifier module contains an ID EEPROM, with AC rectifierspecific information, such as the module part number, serial number,
assembly deviation, special configurations, test history; field-test history,
and field-traceability data that can be accessed by the control software.
226
Version 2.0b
Module 2
Fault
AC input fail
Circuit breaker trip
Over temperature
AC rectifier present
Voltage and current monitoring signals
Version 2.0b
227
Module 2
228
Version 2.0b
Module 2
Power
OK
Name
Color
PWR OK
Green
Fault
Yellow
AC Input Fail
Yellow
Breaker Trip
Yellow
ILIM
Yellow
OT
Yellow
Fault
AC Input
Fail
CB Trip
ILIM
Function
OT
Version 2.0b
229
Module 2
Alarm module
The power shelf is installed in the line card chassis from the front and
plugs into the chassis power interface connector panel.
230
Version 2.0b
Module 2
Power shelf installs in chassis from the front and plugs into
chassis power interface connector panel
Version 2.0b
231
Module 2
232
Version 2.0b
Module 2
Grnd
6 Input Connectors
Version 2.0b
233
Module 2
234
Version 2.0b
Module 2
Version 2.0b
235
Module 2
DC PEM
The DC power entry module takes facility DC power from the DC power
shelf, provides some filtering and protection circuitry, and passes the DC
power to either the A or B line card chassis bus bars. Each PEM has two
independent 48 or 60 VDC inputs.
The DC power enters each PEM at the rear of the power shelf through a
connector located on the power shelf midplane. After the power enters the
PEM, internal circuitry provides:
236
EMI filtering
Surge protection
Version 2.0b
Module 2
DC PEM
LEDs
Version 2.0b
237
Module 2
238
Version 2.0b
Module 2
Fault
DC input fail
Circuit breaker trip
Over temperature
PEM present
Voltage and current monitoring signals
Version 2.0b
239
Module 2
240
Version 2.0b
Module 2
Power
OK
Fault
Name
Color
Function
PWR OK
Green
Fault
Yellow
DC Input
Fail
DC Input Fail
Yellow
CB Trip
OT
Yellow
CB Trip
Yellow
OT
Version 2.0b
241
Module 2
242
Version 2.0b
Module 2
Ext.
Alarm
connector
LED
Indicators
Alpha
Indicators
Version 2.0b
243
Module 2
244
Alarm monitoring
Version 2.0b
Module 2
LEDs
Alpha
Relay
Alarm Relay connector is DA-15S
Version 2.0b
245
Module 2
Status Monitoring
The alarm module is responsible for monitoring the performance of the AC
rectifiers or DC PEMs plugged into the power shelf that it shares.
Power Good
Power Fail
Internal Fault
Since it has a backup power connection to the neighboring power shelf, the
alarm module is capable of reporting the status of an unpowered shelf.
246
Version 2.0b
Module 2
Status Monitoring
Version 2.0b
247
Module 2
248
An air filter
Version 2.0b
Module 2
Version 2.0b
249
Module 2
250
Version 2.0b
Module 2
Version 2.0b
251
Module 2
There are four normal operating fan-speeds, plus one high-speed setting
used when a fan tray has failed.
252
Version 2.0b
Module 2
Version 2.0b
253
Module 2
254
A fan tray boardThe board terminates signals to and from the fans,
filters common mode noise, and houses tracking and indicator parts.
Version 2.0b
Module 2
Status
LED
Statu s
Are interchangeable
Plug into the rear of LC chassis
Each line card chassis fan tray contains:
Nine fans
A front-panel status LED
Version 2.0b
255
Module 2
256
Version 2.0b
Module 2
BITs/SETs
Ext. Clk 1
BITs/SETs
Ext. Clk 2
Status
LEDs
Version 2.0b
257
Module 2
258
Version 2.0b
Module 2
Fan controller cards and fan trays have quickshutdown mode to aide in OIR
Version 2.0b
259
Module 2
The design accounts only for single faults, if a double fault occurs then the
system remains powered on, unless the double fault is both fan trays
failing or the thermal alarms indicate a problem serious enough to power
down the system.
When a single fan controller card fails, the partner fan controller card
provides all power to each fan or fan tray. In this mode the maximum
voltage that can be provided is 24 volts for a line card chassis.
260
Version 2.0b
Module 2
Version 2.0b
261
Module 2
Thermal Sensors
Thermal sensors placed on each individual board in the system are used to
monitor temperatures throughout the chassis. There are three types of
sensors in the chassis:
Inlet
Exhaust
Hot spot
Any of the three types of the sensors can send a thermal alarm. When a
thermal alarm occurs in the system, the fault condition is passed to the
service processor (SP) of each fan controller board and the control software
takes appropriate action to resolve the fault.
262
Version 2.0b
Module 2
Thermal Sensors
Inlet
Exhaust
Hot spot
Version 2.0b
263
Module 2
264
Version 2.0b
Module 2
Version 2.0b
265
Module 2
266
Version 2.0b
Module 2
Linecard Chassis
Egress
Ingress
PLIM
MSC
MSC
IP Data
PLIM
IP Data
S1
S2
S3
S1
S2
S3
1 of 8
Switch Fabric Card
Version 2.0b
267
Module 2
268
Version 2.0b
Module 2
Version 2.0b
269
Module 2
270
Version 2.0b
Module 2
Slots 0-7
Egress
Ingress
from
MSCs
To
MSCs and
RPS
Slots 8-17
(To fabric)
(From
Fabric)
4
Version 2.0b
271
Module 2
272
A board OK LED
An alphanumeric display
Version 2.0b
Module 2
Alpha
Status
LED
Version 2.0b
273
Module 2
274
One RP serves as the active master, while the other serves as the
standby unit
RPs are located in dedicated slots on the front side of the chassis in the
center of the lower PLIM card cage
Version 2.0b
Module 2
Version 2.0b
275
Module 2
RP Front Panel
Every line card chassis contains two route processor cards in
dedicated|redundant slots on the PLIM side of the chassis.
The RP front panel includes:
A GE copper port
A status OK LED
An Active/Standby LED
276
Version 2.0b
Module 2
SMP
CPUs
Memory
Modules
Version 2.0b
277
Module 2
Hard Drive
The RP hard drive is an IDE hard disk used for gathering debug
information, such as core dumps from the RP or MSCs. The IDE hard disk
is typically powered down and activated only when there is a need to store
data. The disk is not vital to a functioning line card chassis and is optional.
_____________________________ Note _________________________
Core dumps are discovered only through intervention with the line card
chassis system software.
_________________________________________________________________
Physically, the RP hard drive is a hot-pluggable PC board and sledmounted drive with a connector interface that gets cleanly seated into a
route processor card. In general, removal and replacement of this drive is
not required.
278
Version 2.0b
Module 2
Hard Drive
Version 2.0b
279
Module 2
280
Version 2.0b
Module 2
PCMCIA Flash
Version 2.0b
281
Module 2
Block Diagram
On the oppose page is a simple block diagram of an RP. In this drawing,
the dotted lines indicate distinct RP modules, such as the CPU and
memory controller (MEM CTL), and the To fabric and From fabric
modules.
The main components of the route processor card are:
1. A dual-CPU symmetric multiprocessor (SMP) set for processing. Among
other tasks, the CPU subsystem performs the function of the service
processor (SP) in the MSC and monitors the RPs temperature,
voltages, margining of the power supplies during factory test, and ID
EEPROM.
2. Two small form-factor pluggable (SFP) modules for external Gigabit
Ethernet (GE) connections. These modules connect to two external GE
switches that interconnect all line card and fabric chassis together to
form a control network. The GE switches are not used in a singlechassis CRS-1 routing system.
3. A third Ethernet port for 10/100/1000 Ethernet copper connectivity to
network management systems.
4. Internal Fast Ethernet (FE) midplane connections. Each line MSC in a
chassis connects to both RPs via an internal 100 Mbps FE connection.
The FE connections are traces in the midplane. There are also FE
connections to the fans, blowers, and power supplies. These connections
all form part of the control plane.
5. An IDE hard disk used for gathering debugging information, such as
core dumps from the RP or MSCs. The IDE hard disk does not contain
user data of any kind. The disk is typically powered down and activated
only when there is a need to store data. The IDE hard disk is not vital
to the functioning of the routing system and is user-removable.
6. Two ATA type PCMCIA flash slots for 1 GB of flash storage. One of the
PCMCIA flash subsystems is accessible externally and allows you to
transfer images and configurations by plugging in a PCMCIA flash
card. The other subsystem is fixed to the RP and is for permanent
storage of configurations and images. The RP comes standard with one
PCMCIA 1 GB flash.
282
Version 2.0b
Module 2
Block Diagram
LC FE
links
CTL GE link
FE/GE
switch
CTL GE link
PCI
9
Q
links
To
fabric
From
fabric
CPU
MEM
IF
CTL
CPU
IDE
PCMCIA
2
8
Aux and console
Management GE link
FPGA
Midplane
10
Version 2.0b
283
Module 2
7. The RP mates with the line card chassis midplane. Through the
midplane, the RP has connections to the routing system switch fabric.
To connect through the switch fabric, the RP has fabric interfaces
(From fabric and To fabric) similar to the one used on the MSC.
8. The From fabric module is part of the receive path of the RP. The
From fabric module queues the data from the switch fabric. It also
reorders and reassembles the cells into packets before queuing them for
slow path processing.
9. The To fabric module is part of the transmit path on the RP. The To
fabric module queues the packets and segments them into cells before
transmitting them to the switch fabric.
10. The Field Programmable Gate Array (FPGA) handles system control
register functions, such as; identifying which PLIMs are installed, RP
mastership signals, card present signals, card reset signals to cards
with service processors. In addition, the FPGA handles the front panel
alphanumeric display, the Active LED and the OK LED.
284
Version 2.0b
Module 2
LC FE
links
CTL GE link
FE/GE
switch
CTL GE link
PCI
9
Q
links
To
fabric
From
fabric
CPU
MEM
IF
CTL
CPU
IDE
PCMCIA
2
8
Aux and console
Management GE link
FPGA
Midplane
10
Version 2.0b
285
Module 2
286
Version 2.0b
Module 2
boards. Each RP examines its outgoing Reset lines to verify that they
are inactive.
3. Based on results of these tests, each RP decides whether it is ready to
become the active RP. If it is, it asserts Ready signal to its on-board
arbitration unit that propagates Ready signal to other RP.
4. Arbitration hardware chooses active RP. Hardware asserts Active
signal to chosen RP, along with an interrupt and propagates Active
signal to other RP, which also receives an interrupt. If a tie, Active is RP
in lower numbered slot.
Version 2.0b
287
Module 2
Summary
CRS-1 16-Slot Line Card Chassis Hardware
In this module, you learned the following:
288
To list and describe the hardware features and functions of the CRS-1
16-slot line card chassis
To list and describe the features and functions of the FRUs and
components that comprise the CRS-1 16-slot Line Card chassis
To list and describe the features and functions of the CRS-1 16-slot line
card chassis power system
To list and describe the features and functions of the CRS-1 16-slot line
card chassis alarm modules
To list and describe the features and functions of the CRS-1 16-slot line
card chassis cooling system
To list and describe the features and functions of the CRS-1 16-slot line
card chassis Switch Fabric
To list and describe the features and functions of the CRS-1 16-slot line
card chassis Route Processor
Version 2.0b
Module 3
CRS-1 8-Slot Line Card Chassis Hardware
Overview
Description
This module describes the CRS-1 8-slot line card chassis hardware features
and functions including the Field Replaceable Units (FRUs), and
components that comprise a single line card chassis system.
Objectives
After completing this module, you will be able to do the following:
List and describe the hardware features and functions of the CRS-1 8slot line card chassis
List and describe the features and functions of the FRUs and
components that comprise the CRS-1 8-slot Line Card chassis
List and describe the features and functions of the CRS-1 8-slot line
card chassis power system
List and describe the features and functions of the CRS-1 8-slot line
card chassis Switch Fabric
List and describe the features and functions of the CRS-1 8-slot line
card chassis cooling system
List and describe the features and functions of the CRS-1 8-slot line
card chassis Route Processor
Version 2.0b
31
Module 3
Mid-plane Design
The Cisco CRS-1 8-slot chassis is a mid-plane design that is fashioned after
the Cisco CRS-1 16-slot chassis.
Front
The front side of the chassis is also referred to as the Physical Layer
Interface Module (PLIM) side. It has eight PLIM slots and 2 Route
Processor (RP) slots. The lower section of the houses two DC Power Entry
Modules (PEMs) or two AC power rectifiers.
Back
The back side of the chassis is also referred to as the Multi-Services Card
(MSC) side. It has eight MSC slots and 4 Switch Fabric Card (SFC) slots.
The lower section of the houses two Power Distribution Units (PDUs) that
in turn contain either DC PEMs or AC power rectifiers.
Dimensions
The physical dimensions of the chassis are:
32
44.5 W x 93 D x 97.8 H cm
Version 2.0b
CRS-1 Essentials
Module 3
Midplane design:
Front
8 PLIM slots
2 RP slots
Back
8 MSC Slots
4 Fabric cards
Dimensions:
17.5 W x 36.6 D x 38.5 H
(44.5 W x 93 D x 97.8 H cm)
Power: 7.5 KW DC,
8.75 KW AC
Weight: ~ 600 lbs/275kg
Heat Dis.: 27,350 BTU
Rack mountable
Version 2.0b
33
Module 3
Midplane
The chassis also contains a midplane that connects MSCs to their
associated PLIMs. The midplane design allows an MSC to be removed from
the chassis without having to disconnect the cables that are attached to the
associated PLIM. The midplane distributes power, connects the MSCs to
the switch fabric cards, and provides control plane interconnections. The
midplane is not field-replaceable by the customer.
PLIM Side
The PLIM side of the chassis is considered the front of the chassisthis is
where user data cables attach to the PLIMs and where cool air enters the
chassis. The PLIM side of the Cisco CRS-1 8-Slot Line Card Chassis
contains:
1. Cable management system
2. Two route processor (RP) cards. The RP cards provide the intelligence
of the system by functioning as the system controller and by providing
route processing. Only one RP card is active at a time, the other
standby RP card is a backup in case the active RP card fails. The RP
card also monitors system alarms and controls the system fans. LEDS
on the front panel indicate active alarm conditions.
3. PLIMs
4. Air Filter
5. Two AC rectifier modules or two DC power entry modules (PEMs), one
for each power distribution unit (PDU). Each PDU supplies input
power to a rectifier or PEM, which in turn provides processed power to
the chassis.
34
Version 2.0b
CRS-1 Essentials
Module 3
Version 2.0b
35
Module 3
MSC Side
The MSC side of the chassis is considered the rear of the chassisthis is
where warm air is exhausted.
The components located on the MSC side of the chassis are:
1. Upper fan tray.
2. Four half-height switch fabric cards (S123). These cards provide the
three-stage Benes switch fabric (S1/S2/S3) for the routing system. The
switch fabric performs the cross-connect function of the routing system,
connecting every MSC (and its associated PLIM) with every other MSC
(and associated PLIM) in the system. The switch fabric receives user
data from one MSC and PLIM pair and performs the switching
necessary to route the data to the appropriate egress MSC and PLIM
pair. The switch fabric is divided into eight planes that evenly
distribute the traffic across the switch fabric. Each switch fabric card
implements two planes of the switch fabric.
3. Up to eight modular services cards (MSCs, also called line cards)
provides the forwarding engine for Layer 3 routing of user data and
connects through the mid-plane to the PLIM that provides the physical
interface and connectors for the user data. There is one type of MSC,
but it can be associated with several different PLIMs, which provide
different interface speeds and technologies.
4. Lower fan tray.
5. The power system consists of two AC or DC power distribution units
(PDUs), and two AC rectifier modules or two DC power entry modules
(PEMs), one for each PDU. Each PDU supplies input power to a
rectifier or PEM, which in turn provides processed power to the chassis.
36
Version 2.0b
CRS-1 Essentials
Module 3
MSC Side
Version 2.0b
37
Module 3
Cable Management
The Cisco CRS-1 8-Slot Line Card Chassis arrives with a pre-installed
horizontal cable-management bracket on the front of the chassis. In a
single-chassis system, the following ports are for external cable
connections:
RJ-45 external clock (EXT CLK 1 and EXT CLK 2) connectors for the
Building Integrated Timing Source (BITS) signaling cables from the RP
38
Version 2.0b
CRS-1 Essentials
Module 3
Cable Management
Version 2.0b
39
Module 3
MSC Side
The slot numbers on the MSC side of the chassis include:
Eight MSC line card slots numbered from right to left (0, 1, 2, 3, 4, 5, 6,
7)
The MSC (rear) slot numbers are reversed from the PLIM (front) slot
numbers. Therefore the MSC in slot 0 and PLIM in slot 0 mate with one
another through the midplane, and so do all the other MSC and PLIM slots
(0 through 7).
310
Version 2.0b
CRS-1 Essentials
Module 3
Front
Rear
Version 2.0b
311
Module 3
One AC rectifier or one DC power entry module (PEM) for each PDU
Different PDUs are used for DC, AC Wye, and AC Delta input power.
312
Version 2.0b
CRS-1 Essentials
Module 3
Version 2.0b
313
Module 3
Power Architecture
AC and DC power systems use A and B power supplies to provide reliable,
2N redundant power to all chassis components.
AC or DC input power enters the chassis through the two A or B power
supplies and is distributed to the A or B power bus. Both buses distribute
power through the midplane to the MSC, PLIM, switch fabric, and RP card
slots.
It takes two failures for the system to be degraded. In addition, the failures
must occur in both the A and B sides of the power architecture and affect
the same load zone for the degradation to occur.
Individual chassis components have power-related devices (OR-ing diodes,
inrush control circuits, and EMI filters) that are part of the chassis power
architecture. These power-related devices form part of the dual power
source (A and B bus) architecture, and enable online insertion and removal
(OIR) of the component, also called hot swapping.
314
Version 2.0b
CRS-1 Essentials
Module 3
Power Architecture
Version 2.0b
315
Module 3
Zone 1
Slot 0, 1, 2
Slot 0, 1, 2, Fan 1
Zone 2
Slot 3, 4, RP 0, RP 1
Slot 3, 4, SF 0, 1, 2, 3
Zone 3
Slot 5, 6, 7
Slot 5, 6, 7, Fan 0
316
Version 2.0b
CRS-1 Essentials
Module 3
Version 2.0b
317
Module 3
Use two PDUs of the same type (Delta or Wye) in the Cisco CRS1 8-Slot Line Card Chassis.
_________________________________________________________________________
318
Convert 200- to 240-VAC input power to 54.5 VDC used by the line
card chassis. Each AC rectifier is field-replaceable.
Version 2.0b
CRS-1 Essentials
Module 3
Provides:
Version 2.0b
319
Module 3
Power Redundancy
The AC power system provides 2N redundancy through the use of two AC
Delta or Wye PDUs that are connected to two independent 3-phase power
sources. Two types of PDUs:
Recommended AC service:
320
Version 2.0b
CRS-1 Essentials
Module 3
Power Redundancy
Version 2.0b
321
Module 3
322
Version 2.0b
CRS-1 Essentials
Module 3
CRS-8-LCC-PDU-ACD
AC Delta PDU
CRS-8-LCC-PDU-ACW
AC WYE PDU
CRS-8-AC-RECT
AC rectifier module
Version 2.0b
323
Module 3
324
Version 2.0b
CRS-1 Essentials
Module 3
Power
OK
Name
Color
PWR OK
Green
Fault
Yellow
AC Input Fail
Yellow
Breaker Trip
Yellow
ILIM
Yellow
OT
Yellow
Fault
AC Input
Fail
CB Trip
ILIM
Function
OT
Version 2.0b
325
Module 3
326
Version 2.0b
CRS-1 Essentials
Module 3
Version 2.0b
327
Module 3
328
Version 2.0b
CRS-1 Essentials
Module 3
Version 2.0b
329
Module 3
Circuit Breaker Trip Indicates that the DC PEM circuit breaker has
tripped.
330
Version 2.0b
CRS-1 Essentials
Module 3
Power
OK
Fault
Name
Color
Function
PWR OK
Green
Fault
Yellow
DC Input
Fail
DC Input Fail
Yellow
CB Trip
CB Trip
Yellow
OT
Yellow
OT
Version 2.0b
331
Module 3
332
Version 2.0b
CRS-1 Essentials
Module 3
Version 2.0b
333
Module 3
Power system airflowUp to 240 cubic feet (6800 liters) per minute
The chassis has a replaceable air filter mounted in a slide-out tray above
the lower fan tray. The line card chassis air filter, plugs into the rear
(MSC) side of the chassis.
Change the air filter as often as necessary. In a dirty environment, or
when you start getting frequent temperature alarms, check the intake
grilles for debris and check the air filter to see if it needs to be replaced.
Before removing the air filter for replacing, you should have a spare filter
on hand. Then, when you remove the dirty filter, install the spare filter in
the chassis.
334
Version 2.0b
CRS-1 Essentials
Module 3
Fan Trays
Air Filter
Air Intake
Air Exhaust
PDU
PLIM Side
(Front)
MSC Side
(Rear)
Version 2.0b
335
Module 3
336
Version 2.0b
CRS-1 Essentials
Module 3
Version 2.0b
337
Module 3
Thermal Sensors
Local thermal sensors (on individual cards) monitor temperatures and
generate a thermal alarm when the system is not cooling properly. A
temperature sensor might trip in response to elevated ambient air
temperature, a clogged air filter or other airflow blockage, or a combination
of these causes. A fan failure causes a fault message, but if no thermal
sensors have tripped, the fan control remains unchanged.
When a thermal sensor reports a thermal alarm, the sensor passes the
fault condition to its local service processor (SP), which then notifies the
system controller on the route processor (RP). The system controller passes
the fault condition to the SP. The fan control software then takes
appropriate action to resolve the fault.
When a thermal sensor trips, the fan control software tries to resolve the
problem (for example, by increasing fan speed). The software performs a
series of steps to prevent chassis components from getting anywhere near
reliability-reducing, chip-destroying temperatures. If the fault continues,
the software shuts down the card or module to save components.
338
Version 2.0b
CRS-1 Essentials
Module 3
Thermal Sensors
Version 2.0b
339
Module 3
a fan tray
DC PEM or AC rectifier
A double-fault fan failure involves two fan trays, two power modules (DC
PEMs or AC rectifiers), or any combination of two of these units. If a
double-fault failure occurs, the system remains powered on, unless both
fan trays have failed or thermal alarms indicate a problem serious enough
to power down the system. The failure of multiple fans is not considered a
double-fault failure because multiple fans can fail without impacting
system cooling.
___________________________CAUTION _______________________
When a cooling system component fails, it should be replaced as
soon as possible or within 24 hours at most.
_________________________________________________________________
340
Version 2.0b
CRS-1 Essentials
Module 3
A fan tray
DC PEM or AC Rectifier
A fan cable (internal not FRU)
Double-fault - system remains powered on
unless both fan trays fail or thermal alarms
indicate a serious problem warrants system
power down
Version 2.0b
341
Module 3
Fan Tray
The two fan trays plug into the rear (MSC) side of the chassis. Each fan
tray is hot-swappable and is considered a field-replaceable unit. The
chassis is designed to run with both fan trays in place.
Each fan tray contains:
342
Four fansEach fan uses a nominal +24 VDC as its input power. This
voltage is adjusted to increase or decrease the speed of the fan. The
fans operate in the range of 4000 to 6700 RPM. Two DC-to-DC
converters provide input power to a single fan.
A fan tray boardThe board terminates signals to and from the fans,
filters common-mode noise, and contains tracking and indicator parts.
Version 2.0b
CRS-1 Essentials
Module 3
Fan Tray
Version 2.0b
343
Module 3
344
Version 2.0b
CRS-1 Essentials
Module 3
CRS-1 8 slot LC
chassis:
Each fabric plane
comprised of S1, S2
& S3 ASICs
Each plane provides
2x speedup
Each SFC has 2
fabric planes of
fabric
Contains 4 SFC or 8
fabric planes total
System B/W
distributed equally
across all 8 planes
Version 2.0b
345
Module 3
Operation
In the CRS-1 routing system, the switch fabric receives user data from an
ingress MSC/PLIM pair and performs the switching necessary to route the
data to the appropriate egress MSC/PLIM pair.
Ingress data packets are received at a physical interface on a PLIM and
transferred to the associated MSC, where the packets are segmented into
cells for efficient switching by the switch fabric hardware. Each MSC
distributes data cells to each switch fabric plane and has multiple
connections per switch fabric plane.
Each switch fabric plane is independent and not synchronized with one
another. Each cell traverses the switch fabric using a single switch fabric
plane. (Cells are not bit-sliced across the switch fabric.)
The basic path of IP data packets through the Cisco CRS-1 8-Slot switch
fabric is shown in the diagram on the opposite page.
Each HS123 fabric card will actually contain two S1, two S2, and 2 S3 SEA
ASICs, belonging to 2 different fabric planes:
346
Stage 1 (S1)Receives cells from the MSC (or RP card) and distributes
them to Stage 2 (S2) elements in the fabric plane.
Version 2.0b
CRS-1 Essentials
Module 3
Operation
Version 2.0b
347
Module 3
348
S1 switch elementReceives data cells from the MSC (or RP) and
distributes them to the S2 stage. The S1 switch element is connected to
its corresponding S2 switch element within the same fabric plane.
Collects and processes statistics for the HS123 switch fabric card
Version 2.0b
CRS-1 Essentials
Module 3
Version 2.0b
349
Module 3
350
Version 2.0b
CRS-1 Essentials
Module 3
Version 2.0b
351
Module 3
RP Components
352
Version 2.0b
CRS-1 Essentials
Module 3
RP Components
Version 2.0b
353
Module 3
RP Front Panel
Every line card chassis contains two route processor cards in
dedicated|redundant slots on the PLIM side of the chassis.
The RP front panel includes:
A GE copper port
A status OK LED
An Active/Standby LED
354
Version 2.0b
CRS-1 Essentials
Module 3
RP Front Panel
CPU
Memory
Version 2.0b
355
Module 3
Block Diagram
On the oppose page is a simple block diagram of an RP. In this drawing,
the dotted lines indicate distinct RP modules, such as the CPU and
memory controller (MEM CTL), and the To fabric and From fabric
modules.
The main components of the route processor card are:
1. A single 1.2 GHz CPU processor that performs route processing and
distributes forwarding tables to the MSCs. Among other tasks, the CPU
subsystem performs the function of the service processor (SP) in the
MSC and monitors the RPs temperature, voltages, margining of the
power supplies during factory test, and ID EEPROM. In addition, it
provides alarm, fan and power supply controller function for the line
card chassis.
2. Two small form-factor pluggable (SFP) modules for external Gigabit
Ethernet (GE) connections. These modules connect to two external GE
switches that interconnect all line card and fabric chassis together to
form a control network. The GE switches are not used in a singlechassis CRS-1 routing system.
3. A third Ethernet port for 10/100/1000 Ethernet copper connectivity to
network management systems.
4. Internal Fast Ethernet (FE) midplane connections. Each line MSC in a
chassis connects to both RPs via an internal 100 Mbps FE connection.
The FE connections are traces in the midplane. There are also FE
connections to the fans, blowers, and power supplies. These connections
all form part of the control plane.
5. An IDE hard disk used for gathering debugging information, such as
core dumps from the RP or MSCs. The IDE hard disk does not contain
user data of any kind. The disk is typically powered down and activated
only when there is a need to store data. The IDE hard disk is not vital
to the functioning of the routing system and is user-removable.
6. Two ATA type PCMCIA flash slots for 1 GB of flash storage. One of the
PCMCIA flash subsystems is accessible externally and allows you to
transfer images and configurations by plugging in a PCMCIA flash
card. The other subsystem is fixed to the RP and is for permanent
storage of configurations and images. The RP comes standard with one
PCMCIA 1 GB flash.
356
Version 2.0b
CRS-1 Essentials
Module 3
Block Diagram
LC FE
links
CTL GE link
FE/GE
switch
CTL GE link
PCI
9
Q
links
To
fabric
From
fabric
CPU
MEM
IF
CTL
CPU
IDE
PCMCIA
2
8
Aux and console
Management GE link
FPGA
Midplane
10
Version 2.0b
357
Module 3
7. The RP mates with the line card chassis midplane. Through the
midplane, the RP has connections to the routing system switch fabric.
To connect through the switch fabric, the RP has fabric interfaces
(From fabric and To fabric) similar to the one used on the MSC.
8. The From fabric module is part of the receive path of the RP. The
From fabric module queues the data from the switch fabric. It also
reorders and reassembles the cells into packets before queuing them for
slow path processing.
9. The To fabric module is part of the transmit path on the RP. The To
fabric module queues the packets and segments them into cells before
transmitting them to the switch fabric.
10. The Field Programmable Gate Array (FPGA) handles system control
register functions, such as; identifying which PLIMs are installed, RP
mastership signals, card present signals, card reset signals to cards
with service processors. In addition, the FPGA handles the front panel
alphanumeric display, the Active LED and the OK LED.
358
Version 2.0b
CRS-1 Essentials
Module 3
LC FE
links
CTL GE link
FE/GE
switch
CTL GE link
PCI
9
Q
links
To
fabric
From
fabric
CPU
MEM
IF
CTL
CPU
IDE
PCMCIA
2
8
Aux and console
Management GE link
FPGA
Midplane
10
Version 2.0b
359
Module 3
360
Version 2.0b
CRS-1 Essentials
Module 3
boards. Each RP examines its outgoing Reset lines to verify that they
are inactive.
3. Based on results of these tests, each RP decides whether it is ready to
become the active RP. If it is, it asserts Ready signal to its on-board
arbitration unit that propagates Ready signal to other RP.
4. Arbitration hardware chooses active RP. Hardware asserts an Active
signal to the chosen RP, along with an interrupt and propagates Active
signal to other RP, which also receives an interrupt. If a tie, Active is
RP in lower numbered slot.
Version 2.0b
361
Module 3
Summary
CRS-1 8-Slot Line Card Chassis Hardware
In this module, you learned the following:
362
To list and describe the hardware features and functions of the CRS-1
8-slot line card chassis
To list and describe the features and functions of the FRUs and
components that comprise the CRS-1 8-slot Line Card chassis
To list and describe the features and functions of the CRS-1 8-slot line
card chassis power system
To list and describe the features and functions of the CRS-1 8-slot line
card chassis Switch Fabric
To list and describe the features and functions of the CRS-1 8-slot line
card chassis cooling system
To list and describe the features and functions of the CRS-1 8-slot line
card chassis Route Processor
Version 2.0b
CRS-1 Essentials
Module 3
Review Questions
CRS-1 8-Slot Line Card Chassis Hardware
1. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
2. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
3. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
4. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
5. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
2005 Cisco Systems, Inc.
Version 2.0b
363
Module 3
364
Version 2.0b
CRS-1 Essentials
Module 4
CRS-1 Line Card Chassis Common Elements
Overview
Description
This module provides a high-level overview of the hardware elements that
are common to both the CRS-1 16- and 8-slot line card chassis. The
Modular Services Card is presented first, followed by the physical layer
interface cards (PLIMs), and then the SPA Interface Processor (SIP)-800 is
presented. The module ends with a presentation on each of the currently
supported Shared Port Adapters (SPAs).
Objectives
After completing this module, you will be able to do the following:
List and describe the features and functions of the CRS-1 MSC
List and describe the features and functions of each of the PLIMs
supported by the Cisco CRS-1 routing system
List and describe the features and functions of the SIP-800 jacket card
List and describe the features and functions of each of the SPAs
supported by the Cisco CRS-1 routing system
Version 2.0b
41
Module 4
42
Version 2.0b
CRS-1 Essentials
Module 4
Mid-Plane
Physical
View
PLIMs
MSCs/DRPs
RPs/FCs
SFM
PLIMs
MSCs/DRPs
PLIM MSC
Logical
View
IP
Data
S1
S2
S3
Ingress
MSC
Egress
PLIM
IP
Data
Switch Fabric
Version 2.0b
43
Module 4
44
Version 2.0b
CRS-1 Essentials
Module 4
Power
Regulators
EgressQ
2*FabricQ
Egress
PSE
SP
CPU
Ingress
PSE
Version 2.0b
IngressQ
45
Module 4
64 MB boot flash
46
Version 2.0b
CRS-1 Essentials
Module 4
FE Links
M
I
D
P
L
A
N
E
Fabric
Connection
IngressQ
(SPRAYER)CPUCTRL
(SQUID)
SPONGE
FabricQ
(SPONGE)
CPUCTRL
(SQUID)
SP
PCI
IDE
MEM
CTL
CPU
CPU0
IDE
Aux & Console
CPU1
MEM
CTL
Mgmt GE
link
CPU
Aux & Console
Mgmt GE
link
Shared Resource
FLASH
FLASH
Version 2.0b
FLASH
FLASH
47
Module 4
48
Version 2.0b
CRS-1 Essentials
Module 4
Framing
Clock recovery
Serialization and de-serialization
Channelization
Conversion between optical signals and electrical signals
Version 2.0b
49
Module 4
410
Version 2.0b
CRS-1 Essentials
Module 4
Power Consumption65
to 150 Watts
Version 2.0b
411
Module 4
PLIM Types
Different PLIMs provide a range of optical interfaces, such as very-shortreach (VSR), intermediate-reach (IR), or long-reach (LR). The Cisco CRS-1
supports the following PLIMs for each chassis type.
412
Version 2.0b
CRS-1 Essentials
Module 4
PLIM Types
Version 2.0b
413
Module 4
PLIM Functionality
The PLA ASIC is the interface controller for the PLIM.
Ingress
In the ingress direction it takes all the traffic coming from the different
ports on the PLIM and places them into virtual queues. These queues are
serviced according to an egress-initiated backpressure which allows more
traffic to be sent to destination MSCs where the traffic queues are empty.
This allows queues on congested MSCs to empty. The PLA ASIC de-queues
packets and sends them to the PSE ASIC to be Layer3 processed.
Egress
In the egress direction it takes all the traffic from the EgressQ ASIC
buffers it and then transmits it to the appropriate egress port.
The diagram on the opposite page highlights the major actions that take
place when a packet enters the PLIM.
414
Version 2.0b
CRS-1 Essentials
Module 4
PLIM Functionality
PLA - L2 ASIC
Some L2 statistics
gathering
Consolidation of port
streams for Rx PSE
Stream separation on Tx
Ingress monitoring Rx
Buffers for congestion
Version 2.0b
M
I
D
P
L
A
N
E
OC192
Framer
OC192
Optics
OC192
Framer
OC192
Optics
OC192
Framer
OC192
Optics
OC192
Framer
OC192
Optics
PLA
PLIM I/F
415
Module 4
416
Payload scrambling
Version 2.0b
CRS-1 Essentials
Module 4
Version 2.0b
417
Module 4
The Cisco IOS XR software also provides diagnostic functions for the
PLIM, such as loopback tests, etc.
418
Version 2.0b
CRS-1 Essentials
Module 4
EgressQ
M
i
d
p
l
a
n
e
PLA768
Framer
RX PSE
MSC
1xOC768 PLIM
Version 2.0b
419
Module 4
Three port LEDs that provide information about the status of the port:
A STATUS LED
Off (dark), check that the board is properly seated and that system
power is on
420
Version 2.0b
CRS-1 Essentials
Module 4
A STATUS LED
Green indicates that the PLIM is properly seated and operating correctly
Yellow or amber indicates a problem with the PLIM
Off (dark), check that the board is properly seated and that system power
is on
Power consumption is 65 W
Version 2.0b
421
Module 4
Very-short-reach (VSR) optics with standard MTP (MPO) multifiber optic interfaces
The Cisco IOS XR software also provides loopback and diagnostic functions
for the PLIM, such as loopback tests, etc.
422
Version 2.0b
CRS-1 Essentials
Module 4
M
i
d
p
l
a
n
e
RAC1
Framer 1
RAC2
Framer 2
RAC2
Framer 3
PLA 1
Line card
Framer 0
PLA 0
EgressQ
Rx PSE
RAC0
4xoc192 PLIM
Version 2.0b
423
Module 4
424
Four ports (0, 1, 2, and 3) with TX and RX jacks for each port. The VSR
version of the PLIM provides standard MTP (MPO) multi-fiber optic
interfaces. All other PLIMs (LR, IR, and SR) have SC fiber-optic
interfaces.
Two DPT MODE LEDsOne DPT MODE LED is for ports 0 and 1, and
the other is for ports 2 and 3. DPT mode is always configured on pairs
of ports.
Version 2.0b
CRS-1 Essentials
Module 4
Four ports (0, 1, 2, and 3) with TX and RX jacks for each port
VSR version of PLIM provides standard MTP (MPO) multi-fiber optic interfaces
All other versions of PLIMs (LR, IR, and SR) have SC fiber-optic interfaces
Two DPT MODE LEDsOne DPT MODE LED is for ports 0 and 1, and other for ports 2 and 3
Power consumption: 138 Watts
Version 2.0b
425
Module 4
The Cisco IOS XR software also provides loopback and diagnostic functions
for the PLIM, such as loopback tests, etc.
426
Version 2.0b
CRS-1 Essentials
Module 4
PLA 0
EgressQ
RAC0
Framer 0
RAC1
Framer 1
RAC2
Framer 2
RAC3
Framer 3
M
i
d
p
l
a
n
e
Rx PSE
PLA 3
Framer 12
RAC13
Framer 13
RAC14
Framer 14
RAC15
Framer 15
16xoc48 PLIM
Line card
RAC12
Version 2.0b
427
Module 4
Sixteen slots for SFP optic modules, which provide SR or LR optics with
LC fiber-optic interfaces.
A STATUS LED
Green indicates that the PLIM is properly seated and operating
correctly
Off (dark), check that the board is properly seated and that system
power is on
Five green LEDs for each port. The LEDs, which correspond to the
labels on the lower left of the front panel, have the following meanings
(from left to right):
428
Version 2.0b
CRS-1 Essentials
Module 4
Sixteen slots for SFP optic modules, which provide SR or LR optics with LC fiber-optic interfaces
A STATUS LED
One of these DPT MODE or POS MODE LEDs is for each pair of ports, 0 and 1, 2 and 3, 4 and 5, 6 and 7, 8 and 9, 10 and
11, 12 and 13, and 14 and 15. DPT mode is always configured on pairs of ports
LED is on when a pair of ports are configured in DPT mode
Currently, 16-port OC-48 PLIM operates only in POS mode
Version 2.0b
429
Module 4
430
Version 2.0b
CRS-1 Essentials
Module 4
PLA 0
EgressQ
M
i
d
p
l
a
n
e
Rx PSE
PLA 1
Line card
PHY0
Optics 0
PHY1
Optics 1
PHY2
Optics 2
PHY3
Optics 3
PHY4
Optics 4
PHY5
Optics 5
PHY6
Optics 6
PHY7
Optics 7
8x10GE PLIM
Version 2.0b
431
Module 4
___________________________CAUTION _______________________
If your configuration cannot support oversubscription, use the
following guidelines to determine which PLIM slots to install
optic modules in.
_________________________________________________________________
Install the optic modules in any one of the following sets of PLIM slots:
432
Version 2.0b
CRS-1 Essentials
Module 4
If operation supports oversubscription and you want more than four optic
modules in a PLIM:
Version 2.0b
433
Module 4
434
A STATUS LED
Off (dark), check that the board is properly seated and that system
power is on
A LED for each portIndicates that the port is logically active; the
laser is on
Version 2.0b
CRS-1 Essentials
Module 4
STATUS LED
Version 2.0b
435
Module 4
436
A SIP contains subslots, which are used to house one or more SPAs.
The SPA provides interface ports for network connectivity.
During normal operation the SIP should reside in the router fully
populated either with functional SPAs in all subslots, or with a blank
filler plate inserted in all empty subslots.
SIPs support online insertion and removal (OIR), while SPAs are
inserted in their subslots.
Version 2.0b
CRS-1 Essentials
Module 4
If operation supports oversubscription and you want more than four optic
modules in a PLIM:
Version 2.0b
437
Module 4
The drawing on the opposite page illustrates the SPA subslot locations on
the Cisco CRS-1 SIP-800. The subslot labels are located inside the SPA
subslot and are only visible when the SPA is not installed.
438
Version 2.0b
CRS-1 Essentials
Module 4
Version 2.0b
439
Module 4
Each SPA provides a certain number of connectors, or ports, that are the
interfaces to one or more networks. These interfaces can be individually
configured using the Cisco IOS XR software command-line interface (CLI).
SPAs support online insertion and removal (OIR). They can be inserted
or removed independently from the SIP. SIPs also support online
insertion and removal (OIR) with SPAs inserted in their subslots.
440
Version 2.0b
CRS-1 Essentials
Module 4
SPA Bay 0
SPA Bay 1
SPA Bay 2
SPA Bay 3
SPA Bay 4
SPA Bay 5
SPA Bay 1
SPA Bay 2
SPA Bay 4
SPA Bay 5
Double Height
SPA Bays 1 & 4
Double Height
SPA Bays 2 & 5
Double Height
SPA Bays 0 & 3
Double Height
SPA Bays 0 & 3
Version 2.0b
441
Module 4
slotSpecifies the slot number in the Cisco CRS-1 in which the SIP that contains
the SPA is installed:
subslotSpecifies the secondary slot on the SIP where the SPA that you want to
select is installed:
portSpecifies the interface number that you want to select on the SPA:
442
Version 2.0b
CRS-1 Essentials
Module 4
Version 2.0b
443
Module 4
444
Version 2.0b
CRS-1 Essentials
Module 4
SPA0
PLA 0
EgressQ
M
i
d
p
l
a
n
e
SPA1
SPA2
SPA3
PLA 1
Rx PSE
SPA4
SPA5
MSC
SPA
4-Port OC3c/STM-1 PoS
SPA
1-Port OC192c/STM-64
PoS/RpR XFP
SPA
8-Port Gigabit
Ethernet SPA
Per-Port
Bandwidth
Number of Ports
Total Bandwidth
155.52 Mbps
622.08 Mbps
10Gbbps
10Gbps
1Gbps
8 Gbps
Version 2.0b
445
Module 4
Modular Optics
Some SPAs implement small form-factor pluggable (SFP) optical
transceivers to provide network connectivity. An SFP module is a fiberoptic transceiver device that mounts flush with the front panel to provide
network connectivity.
Cisco Systems qualifies the SFP modules that can be used with SPAs.
SFP-OC3-MM
SFP-OC3-SR
SFP-OC3-IR1
SFP-OC3-LR1
SFP-OC3-LR2
446
XFP-10GLR-OC192SR
SFP-GE-S
SFP-GE-L
SFP-GE-Z
Version 2.0b
CRS-1 Essentials
Module 4
Modular Optics
Types of optics modules that have been qualified for use with SPAs
supported on Cisco CRS-1:
SFP-OC3-LR2
Version 2.0b
447
Module 4
The 4-Port OC-3c/STM-1 POS SPA also provides support for SNMP v1
agent (RFC 11551157) and RFC 1213:
448
RFC 1155, Structure and Identification of Management Information for TCP/IPbased Internets
RFC 1156, Management Information Base for Network Management of TCP/IPBased Internets
Version 2.0b
CRS-1 Essentials
Module 4
4-Port OC-3c/STM-1 POS SPA is a single-height SPA that installs into one SIP subslot
OC-3c PoS SPA with SFP optical transceiver provides 155.52 Mbps per-port bandwidth
Data is encapsulated using PPP or HDLC
SPA interface is compliant with:
RFC 1619, PPP over SONET/SDH
RFC 1662, PPP in HDLC-like Framing
SPA also provides support for SNMP v1 agent (RFC 11551157) and RFC 1213
Version 2.0b
449
Module 4
450
Version 2.0b
CRS-1 Essentials
Module 4
LED Label
Color
State
C/A
Off
Off
Green
On
Amber
Off
On
Off
Green
On
Amber
On
Off
Off
Green
On
Amber
On
A/L
STATUS
Meaning
Version 2.0b
451
Module 4
The 1-Port OC-192c/STM-64 POS/RPR XFP SPA also provides support for
SNMP v1 agent (RFC 11551157) and RFC 1213:
452
RFC 1155, Structure and Identification of Management Information for TCP/IPbased Internets
RFC 1156, Management Information Base for Network Management of TCP/IPBased Internets
Version 2.0b
CRS-1 Essentials
Module 4
Framer processes incoming and outgoing SONET or SDH frames at OC-192c/STM-64 line rates
(9.95 Gbps)
Packet data is encapsulated in PPP or HDLC and is mapped into STS-192c/STM-64 frame
1-Port OC-192c/STM-64 POS/RPR XFP SPA interface compliant with:
1-Port OC-192c/STM-64 POS/RPR XFP SPA supports SNMP v1 agent (RFC 11551157) and RFC
1213
Version 2.0b
453
Module 4
454
Version 2.0b
CRS-1 Essentials
Module 4
LED Label
Color
State
WRAP
Off
Off
PASSTHRU
MATESYNC
CARRIER
Green
On
Amber
On
Off
Off
Amber
On
Off
Off
Amber
On
Off
Off
Green
On
Amber
On
Blinking
ACTIVE
STATUS
Meaning
Off
Off
Green
On
Amber
On
Off
Off
Green
On
Amber
On
Version 2.0b
455
Module 4
456
Version 2.0b
CRS-1 Essentials
Module 4
Version 2.0b
457
Module 4
458
Version 2.0b
CRS-1 Essentials
Module 4
LED Label
Color
State
Active/Link
Off
Off
Amber
On
Green
On
Off
Off
Amber
On
Green
On
STATUS
Meaning
Version 2.0b
459
Module 4
Summary
CRS-1 Line Card Chassis Common Elements
In this module, you learned the following:
460
The features and functions of each of the PLIMs supported by the Cisco
CRS-1 routing system
The features and functions of each of the SPAs supported by the Cisco
CRS-1 routing system
Version 2.0b
CRS-1 Essentials
Module 4
Review Questions
CRS-1 Line Card Chassis Common Elements
1. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
2. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
3. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
4. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
5. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
2005 Cisco Systems, Inc.
Version 2.0b
461
Module 4
462
Version 2.0b
CRS-1 Essentials
Module 5
Introduction to Cisco CRS-1 Multi-Shelf
Architecture
Overview
Description
This module provides a high-level overview of the CRS-1 Multi-Shelf
Architecture.
Objectives
After completing this module, you will be able to do the following:
Describe how the CRS-1 Line Card chassis and Fabric chassis are
interconnected with optical cables
List the basic steps to perform and in service upgrade from a standalone to a Multi-Shelf configuration
Version 2.0b
51
Module 5
52
Version 2.0b
Module 5
Version 2.0b
53
Module 5
54
Version 2.0b
Module 5
Version 2.0b
55
Module 5
Alarm Modules
Two alarm modules provide internal system status display. The alarm
modules are located in the AC or DC power shelves and can be inserted or
replaced during router operation.
AC/DC Power
Two AC or two DC Power shelves with AC rectifiers or DC power entry
modules (PEMs) provide either 8,800 Watts (DC) or 10,000 Watts (AC) of
redundant power.
56
Version 2.0b
Module 5
Version 2.0b
57
Module 5
System Configurations
Standalone
1.2 Terabit Router is a single chassis router containing the MSCs and all
three-stages of the switching fabric. The switch fabric cards contain all
three stages of the switch fabric and are referred to as S1/S2/S3 fabric
cards. This system supports up to 16 MSCs.
Multi-Shelf
The Cisco CRS-1 multi-Shelf systems are comprised of one or more Switch
Fabric chassis connecting two or more Cisco CRS-1 16-slot line card chassis
together to form a routing system. The phases of multi-shelf systems are:
23 Terabit Router18 line card chassis and two switch fabric chassis. This
system supports up to 288 MSCs.
46 Terabit Router36 line card chassis and 4 switch fabric chassis
supports up to 576 MSCs.
92 Terabit Router72 line card chassis and 8 switch fabric chassis
supports up to 1152 MSCs.
58
Version 2.0b
Module 5
System Configurations
System Configurations
Version 2.0b
59
Module 5
Phase 1
The number of supported switch fabric chassis that can be interconnected
with line card chassis to form 1 CRS-1 functioning router, can be 1 or 2.
In phase 1 2 switch fabric chassis can connect a maximum of 18 line card
chassis. As such the overall capacity of the system is 23 Tbps.
Phase 2
Phase 2 will support up to 4 switch fabric chassis. In phase 2, the
maximum number of supported 36 line card chassis, thus a total capacity
of 46 Tbps.
Phase 3
Phase 3 will support up to 8 switch fabric chassis. In phase 3 there will be
up to 72 line card chassis interconnected through up to 8 switch fabric
chassis thus a total capacity of 92 Tbps.
510
Version 2.0b
Module 5
System Configurations
Phase 1
Interconnects:
Interconnects:
Interconnects:
Number of
Number of
Fabric Chassis supported
Line Card
chassis
1
up to 6
Maximum
number of
slots
Maximum
capacity
96
7.68 Tbps
up to 18
288
23 Tbps
up to 36
576
46 Tbps
up to 72
1152
92 Tbps
Version 2.0b
511
Module 5
512
Version 2.0b
Module 5
Inter-chassis Management
System Control Plane traffic
does not pass through
optical cables
Version 2.0b
513
Module 5
Optical Cables
Line card chassis must be connected to fabric chassis in multi chassis
configurations. Cables used for interconnection are Cisco proprietary
cables that can link up to 72 chassis together to form a very high speed
router. The cables bundles are 100 meters in length.
The cables are made up of multiple bundles, ribbons and fibers as follows:
Each bundle is made up of 6 ribbon cables. Each ribbon cable has 12
fibers. Thus, each bundle has 72 fibers.
1 Bundle = 6 ribbon cables * 12 fibers/cable
Each line card chassis has 8 fabric cards. Each fabric card has bundle
connections. Thus, each line card chassis has 24 bundles.
1 line card chassis = 8 SFC * 3 bundles/card = 24 bundles/chassis
Each fabric card chassis has 24 fabric cards SFCs. Each SFC has 9
bundle connections. Thus, a switch fabric card terminates up to 216
bundles.
1 Switch fabric chassis = 24 SFCs * 9 bundles = 216 bundles
Fiber Bundle
8 fabric cards
24 bundles or connections
514
24 fabric cards
Version 2.0b
Module 5
Fiber Bundle
Version 2.0b
515
Module 5
516
Version 2.0b
Module 5
Version 2.0b
517
Module 5
Inter-chassis
The inter-chassis GE control plane is a system management plane that
allows management information, control signaling, statistics gathering, to
be passed from one chassis to another in a multi-chassis system
configuration. The key elements of the Inter-chassis control plane are:
Intra-chassis
The intra-chassis (or within one chassis) management plane uses the
100Mbps FE internal bus that allows the RP and the MSC to communicate
within the CRS-1, to pass alarms, statistics and routing information back
and forth. The elements that make up the intra-chassis plane are:
MSC CPU Used to manage the MSC, gather stats, load IOS XR, run
diags
518
Version 2.0b
Module 5
card
CRS-1 Management System Control Plane and Shelf Controller Gigabit Ethernet (SC-GE)
Inter-chassis
GE Network
LC
Intra-chassis
FE
RP
LC
Gig Ether
Switch
Optional 10 GE
LC
FE
RP
LC
Key Components
RP LC
SC-GE FC
SC-GE
S2
Switch Fabric
chassis
Gig Ether
Switch
FE
SC-GE
Version 2.0b
S2
519
Module 5
Management
Redundancy
The SC-GE card instructs individual SPs to power up nodes provides code
images for each card to download, and resets any node that it determines is
unresponsive. The designated Shelf Controller (dSC) is a single control and
arbitration point in the chassis, and determines master and standby DRP
board status when necessary. The SC-GE card hardware provides the
following control plane services:
520
FE connectivity between all nodes in the chassis and the control plane
via Broadcom 5606 switch.
Presences detect circuitry which allows the SC-GE card CPU to read a
vector of currently inserted cards, interrupts CPU on change in
presence vector (OIR event).
Reset circuitry which allows the SC-GE card to reset any single card in
the chassis. Reset outputs active only on master SC-GE card.
Version 2.0b
Module 5
card
CRS-1 Management System Control Plane and Shelf Controller Gigabit Ethernet (SC-GE)
LC FE
Links
B
A
C
K
P
L
A
N
E
CTL GE link
CTL GE link
FE/GE
Switch
PCI
IDE
CPU
MEM
CTL
FLASH
Version 2.0b
FLASH
521
Module 5
Summary
Introduction to Cisco CRS-1 Multi-Shelf Architecture
In this module, you learned the following:
522
How to list and describe physical components of the Cisco CRS-1 Fabric
chassis
How the CRS-1 Line Card chassis and Fabric chassis are
interconnected with optical cables
How to list the basic steps to perform and in service upgrade from a
stand-alone to a Multi-Shelf configuration
How to describe the CRS-1 Management System Control Plane and SCGE card
Version 2.0b
Module 6
Cisco IOS XR Overview and Initial
Configuration
Overview
Description
This module introduces you to the Cisco IOS XR software architecture, the
High-Availability (HA) features, and the software packaging model. This
module shows you the basics of Cisco IOS XR software and how to create
an initial configuration.
Objectives
After completing this module, you will be able to:
Version 2.0b
61
Module 6
Kernel
Cisco IOS XR software has core system functions, such as process
management, interprocess communication (IPC), memory management,
interrupt, and scheduling. Other system functions become services and run
above the kernel. User or client applications also run above the kernel with
the kernel acting as a sort of traffic director.
Distributed Infrastructure
The kernel is replicated across the router infrastructure. The services and
client applications can be distributed across the router infrastructure for
both standalone and multi-shelf hardware configurations. The
infrastructure includes route processors (RPs), distributed route processors
(DRPs), service processors (SPs), shelf controllers (SCs), modular service
cards (MSCs), and line cards (LCs).
Services
Services are composed of one or more processes which may be running on
the same or different CPUs. Each process has a memory-protected space.
Each process can have multiple threads all accessing the same address
space.
62
Version 2.0b
Module 6
Routing
modules
(BGP, OSPF)
Runs on
multiple
CPUs
Protocol
modules
(IP)
Application
modules
Distributed infrastructure
Version 2.0b
63
Module 6
High Availability
High availability in the Cisco routing systems is a combination of
hardware redundancy, and the software and operational components that
take advantage of that hardware.
Components
64
Kernel
Plane separation
Process-level redundancy
Nonstop forwarding
Version 2.0b
Module 6
High Availability
Kernel
Plane separation
Fault tolerance and isolation
Checkpoint support for process restart
Process-level redundancy
Route processor and Distributed RP failover
Nonstop forwarding
Instructor's Note
Do not spend a lot of time here! This is an intro and the points are detailed on the following
slides.
Version 2.0b
65
Module 6
Kernel
The QNX Neutrino microkernel has these main features:
Multiprocessor
Memory protection
66
Version 2.0b
Module 6
High Availability
Kernel
Applications
PO
Microkernel:
Distributed processing
File system
Lightweight messaging
Event management
Threads
C
I
S
S
I
X
Message queues
Scheduling
Debug
Timers
Synchronization
Instructor's Note
POSIX is a set of standard OS interfaces based on UNIX. The need for standardization arose
because enterprises using computers wanted to develop programs that could be moved among
different manufacturer's computer systems without recoding. Unix was selected as the basis for a
standard system interface partly because it was "manufacturer-neutral." However, several major
versions of Unix existed so there was a need to develop a common denominator system.
Informally, each standard in the POSIX set is defined by a decimal following the POSIX.
POSIX.1 is the standard for an application program interface in the C language. POSIX.2 is the
standard shell and utility interface. POSIX.1 and POSIX.2 interfaces are included in a somewhat
larger interface known as the X/Open Programming Guide. POSIX interfaces were developed
under the IEEE.
Version 2.0b
67
Module 6
Plane Separation
Processes can be tailored toward particular applications. Routing and
forwarding are separated, creating a clear separation of control, data, and
management planes. The control processes can be distributed across
multiple route processors (RPs) or distributed route processors (DRPs). If
desired, MPLS processes could run on another DRP altogether.
Cisco IOS XR software is partitioned into three planes:
Each plane is easily extensible using the dynamic link library (DLL)
mechanism. Such structure allows for better fault isolation and protection
among the planes. Planes can be distributed among multiple participating
processors (nodes). Distribution provides for process placement and
restartability, giving a high level of service availability so that failures do
not seriously impact router operation. All processes can be check-pointed,
so if a process fails, it can be restarted quickly or the redundant process
can take over faster.
68
Version 2.0b
Control plane
Control Plane
Control plane
Control Plane
IS-IS RIP
BGP
OSPFIS-IS
RIP
Routing policy
OSPFIS-IS
PIM
Routing
Policy
OSPF
IGMP PIM
Routing Policy
RIB IGMP
PIM
RIB IGMP
L2 drivers
ACL
RIB
L2 Drivers
FIB ACL
L2 Drivers
QoS FIB
ACL
LPTSQoS
FIB
Host services
LPTSQoS
PFI Services
Host
LPTS
Interfaces
PFI Services
Host
CLI
Interfaces
PFI
SNMPCLI
Interfaces
XMLSNMP
CLI
Netflow
XMLSNMP
Alarm
Netflow
Perf. mgmt. XML
Alarm
Netflow
SSH
Perf. Mgmt.
Alarm
SSH
Perf. Mgmt.
BGP
RIP BGP
Control plane
Process mgmt
Data plane
Data plane
IPC mech.
Memory mgmt.
Version 2.0b
Management plane
SSH
Module 6
High Availability
Plane Separation
Distributed subsystems/processes
Management plane
Management plane
e
rn
ke
o
cr
Mi
H/W abstraction
System services
Memory-protected microkernel
69
Module 6
610
Version 2.0b
Module 6
High Availability
Control
plane
Data
plane
Management
plane
Cisco IOS XR
Instructor's Note
This slide is animated. It starts with IOS XR and Layered. Click 1 control plane; click 2 data
plane; click 3 management plane; click 4 arrow and Fault isolation.
Version 2.0b
611
Module 6
612
Version 2.0b
Module 6
High Availability
Process
(Process fails)
New
instance
of
process
Checkpoint
shared
memory
store
Recover state
Active RP/DRP
Instructor's Note
There is a limitation on the number of times a process will restart. The limitation settings are
programmed in and not available to the user. This is to prevent a looping process restart scenario.
Version 2.0b
613
Module 6
Process-Level Redundancy
Process-level redundancy is implemented by a system manager process
creating the standby process. Because the active process created the
standby process, the active process has all the information it needs to
communicate (privately) with the standby process. Symbolic links and
abstract names are used to identify the processes. Clients do not see the
standby process until the active goes away.
If a process fails and it has created a standby process, a system-level
process called QNet Symlink Manager (QSM) and a library called Event
Connection Manager (ECM) are used to reestablish links from the clients
to the processes.
QSM provides:
ECM provides:
614
Version 2.0b
Module 6
High Availability
Process-Level Redundancy
process
Client
Standby
process
Standby process
Client
Active process uses a
checkpoint database to
share running state
with standby
Instructor's Note
Instructor emphasis on the note!
The checkpoint database is left out of this picture in the interest of simplicity. The previous page
explains that process.
The process level redundancy discussion continues to the next page.
Version 2.0b
615
Module 6
616
Version 2.0b
Module 6
High Availability
2. Standby process
becomes active
Client
New active
Client
Standbyprocess
process
Client
Instructor's Note
Animated starts w/ Active process and clients with arrows. Then follows each step 1 click 1
step
Version 2.0b
617
Module 6
618
Process
Version 2.0b
Module 6
High Availability
Active card
Standby card
Process A
Process A
1
Process B
Process B
2
Process C
Process D
Checkpt
process
1
2
Checkpt
process
1.
2.
3.
4.
Version 2.0b
Process C
619
Module 6
620
Version 2.0b
Module 6
High Availability
DRP failure
RP failure
Active DRP
Active RP
Checkpointed
Checkpointed
If no standby
DRP exists,
no
checkpointing
Standby DRP
Not
checkpointed
Standby RP
Active DRP
Instructor's Note
For clarification this slide is animated. The If no SDRP line and the accompanying arrow is
the animation based on the mouse click. When either an active RP or DRP, with a properly
configured standby, fails, the standby takes over. In the case of the DRP, a standby may not be
installed, and therefore no checkpointing.
Version 2.0b
621
Module 6
Nonstop Forwarding
The main objective of Cisco nonstop forwarding (NSF) is to continue
forwarding IP packets following a route processor (RP) switchover. NSF
works with the stateful switchover (SSO) feature to minimize the time a
network is unavailable to its users following a switchover. Cisco NSF helps
to suppress route flaps, thus reducing network instability.
Cisco NSF is supported by the BGP, OSPF, IS-IS, and MPLS protocols for
routing and by Cisco Express Forwarding (CEF) for forwarding. The
routing protocols, enhanced with NSF capability and awareness, can detect
a switchover and take the necessary action to continue forwarding network
traffic and recover route information from peer devices.
The IS-IS protocol can be configured to use state information, that has
been synchronized between the active and standby RPs, to recover route
information following a switchover, rather than information received from
peer devices.
Each protocol depends on CEF to continue forwarding packets during
switchover while the routing protocols rebuild the Routing Information
Base (RIB) tables. After the routing protocols have converged, CEF
updates the Forwarding Information Base (FIB) table and removes
outdated route entries. CEF, in turn, updates the MSCs with the new FIB
information.
622
Version 2.0b
Module 6
High Availability
Nonstop Forwarding
Active
RP
Control
updates
interrupted
affected by:
Active
RP
LC
But
Fwding
Ok!
Instructor's Note
Animated slide with 4 clicks: 1 Active RP goes down; 2 control updates arrow appears; 3
standby becomes active; 4 forwarding arrow and words appear
SPP Silicon Packet Processor
This slide can be used to explain how NSF and SSO operates
Version 2.0b
623
Module 6
Scalability
A key feature of Cisco IOS XR is its scalability, providing complete
distributed processing of routing protocols, data forwarding plane,
management plane, and infrastructure services to support carrier-class
router systems such as the Cisco CRS-1 Routing System.
Features
624
Adjacency management
Two-stage forwarding
Version 2.0b
Module 6
Scalability
Scalability Features
Adjacency management
Forwarding Information Base tables
Distributed interface management
Distributed configuration management
Two-stage forwarding
Version 2.0b
625
Module 6
Adjacency Management
An adjacency is a mapping of the next-hops Layer 3 address to the Layer 2
rewrite needed to get the packet to the next-hop. In traditional Cisco
routers, adjacency management is done in the RP.
With Cisco IOS XR software, the adjacency control plane runs in the MSC
and not in the RP. Adjacency management is done locally on every card for
interfaces resident on that card. One MSC does not know about adjacencies
on other MSCs. The RP does not keep any adjacency information; it pulls it
from the MSC when you request the information.
The ingress MSC, the receive adjacency table contains the destination
address and associated parameters to get the packet to the egress modular
services card or line card, based on the forwarding information found in the
Forwarding Information Base (FIB) tables.
The egress MSC, the transmit adjacency table contains the layer-2 rewrite
to be applied on the packet before sending it out.
626
Version 2.0b
Module 6
Scalability
Adjacency Management
RP
Interface
manager
Modular
services
card (MSC)
ARP/Map
tables
Adjacency
Information
Base
Instructor's Note
Emphasis: the MSC (CRS-1) and line cards (XR 12000) know only about the locally / directly
attached hosts and peers
Version 2.0b
627
Module 6
Two-Stage Forwarding
What is two-stage forwarding?
628
Version 2.0b
Module 6
Scalability
Two-Stage Forwarding
Scaling
With the number of cards/interfaces in a CRS-1, the amount of
forwarding information for each MSC must be limited
Version 2.0b
629
Module 6
630
Version 2.0b
Module 6
Scalability
RP or DRP
MSC-CPU
AIB
OSPF
RIB
ISIS
Switch fabric
BGP
FIB
process
MSC-PSE
Ifmgr
Hardware
FIB
Static
routes
Version 2.0b
631
Module 6
632
Version 2.0b
Module 6
Scalability
RP
Interface driver
Interface manager
Interface manager
global database
MSC
Interface manager
MSC
Interface manager
Interface driver
Interface driver
Interfaces
Interfaces
Version 2.0b
633
Module 6
Each RP has all three processes. The shared and admin processes are only
active on the primary RP. Each process maintains its own data store. A
replicator process copies data from the primary Sysdb to servers on other
RPs.
Each MSC has an active local process only since packet forwarding uses
only local data. Sysdb clients on the MSC use only the local server process;
IPC to other processes is minimized.
634
Version 2.0b
Module 6
Scalability
RP
Configuration manager
MSC
MSC
Configuration manager
Configuration manager
L2/L3
applications and
H/W drivers
L2/L3
applications and
H/W drivers
Hardware
Hardware
Version 2.0b
635
Module 6
Configuration Operations
Two-Stage Configuration
Cisco IOS XR introduces a two-stage configuration method.
In the first stage, you make, change, add to, or subtract from the running
configuration of the router, creating a target configuration. The running
configuration is not affected. The configuration is entered, the syntax is
checked for correctness, and then stored, discarded, or applied.
In the second stage, you commit the target configuration and make it part
of the running configuration.
Cisco IOS XR also has XML APIs, which compose an interface that can be
used to configure the router. Companies can write applications to obtain
billing, error, traffic, and policing information through the XML interface.
636
Version 2.0b
Module 6
Configuration Operations
Two-Stage Configuration
First stage
Second stage
Config database
Router#> Config t
Config agents
CLI/XML
Running config +
commit
Target
config
Config changes
Running config
Instructors Note
This slide is animated in 2 steps.
Click 1 shows all stage 1 elements
Click 2 shows all stage 2 elements
Version 2.0b
637
Module 6
An exact copy of the CFS is also maintained on the standby RP. The copy
helps preserve the router configuration state during and after a
redundancy switchover.
Saving Configuration Changes
638
Version 2.0b
Module 6
Configuration Operations
New binary
configuration
created; router uses
it to boot up
following reload
IOS XR
Running config
plus changes
Version 2.0b
RP disk0:
639
Module 6
640
Version 2.0b
Module 6
Configuration Operations
Login
Version 2.0b
641
Module 6
Command Modes
The CLI for Cisco IOS XR software is divided into different command
modes. Each mode provides access to a subset of commands used to
configure, monitor, and manage the router.
642
Version 2.0b
Module 6
Configuration Operations
Command Modes
Login
EXEC mode
Configuration modes
Version 2.0b
643
Module 6
Configuration Basics
Management IP Interfaces
IP addresses for out-of-band management purposes are assigned to:
644
Version 2.0b
Module 6
Configuration Basics
Management IP Interfaces
MgmtEth0/RP0/CPU0/0
MgmtEth0/RP1/CPU0/0
Management
network
connections
Version 2.0b
645
Module 6
646
Version 2.0b
Module 6
Configuration Basics
Loopback interfaces
Version 2.0b
647
Module 6
648
Version 2.0b
Module 6
Configuration Basics
RP/0/RP0/CPU0:router#configure
RP/0/RP0/CPU0:router(config)#interface MgmtEth0/RP0/CPU0/0
RP/0/RP0/CPU0:router(config-if)#ipv4 address 12.9.42.105/16
RP/0/RP0/CPU0:router(config-if)#no shut
RP/0/RP0/CPU0:router(config-if)#
Interface mode
Set the IP version
Version 2.0b
649
Module 6
650
Version 2.0b
Module 6
Configuration Basics
Interface command
Assign IP address
Visible as interface
Version 2.0b
651
Module 6
652
Version 2.0b
Module 6
Configuration Basics
IPv4 command
Assign IP address
Only visible in RIB
Version 2.0b
653
Module 6
Hostname
The hostname identifies a router on the network. Although devices can be
uniquely identified by their Layer 2 and Layer 3 addresses, such as an IP
address, it is often simpler to remember network devices by a hostname.
This name is used in the CLI prompt, in default configuration filenames,
and to identify the router on the network.
To configure the hostname, enter the hostname command in global
configuration mode, followed by the name of the router.
654
Version 2.0b
Module 6
Configuration Basics
Hostname
RP/0/RP0/CPU0:router(config)#hostname P1
RP/0/RP0/CPU0:router(config)#
Create a hostname
Version 2.0b
655
Module 6
656
Version 2.0b
Module 6
Configuration Basics
Version 2.0b
657
Module 6
658
Version 2.0b
Module 6
Configuration Basics
RP/0/RP0/CPU0:router(config)#commit
RP/0/RP0/CPU0:P1(config)#
Version 2.0b
659
Module 6
660
Version 2.0b
Module 6
Configuration Basics
Version 2.0b
661
Module 6
662
Version 2.0b
Module 6
Configuration Basics
RP/0/RP0/CPU0:P1(config)#show running-config
Building configuration...
!! Last configuration change at 15:57:39 UTC Wed Jun 16 2004 by cisco
!
hostname P1
Additional messages are not shown
interface MgmtEth0/RP0/CPU0/0
ipv4 address 12.9.42.105 255.255.0.0
!
interface POS0/4/0/0
ipv4 address 142.50.12.5 255.255.255.0
!
interface POS0/4/0/1
ipv4 address 142.50.16.5 255.255.255.0
Additional messages are not shown
end
Version 2.0b
663
Module 6
664
Version 2.0b
Module 6
Configuration Basics
RP/0/RP0/CPU0:P1(config)#show config
Building configuration...
interface POS0/4/0/3
ipv4 address 142.50.48.5 255.255.255.0
!
interface POS0/5/0/1
ipv4 address 142.50.36.5 255.255.255.0
pos
crc 16
!
!
end
Version 2.0b
665
Module 6
666
Version 2.0b
Module 6
Configuration Basics
Version 2.0b
Added
667
Module 6
Summary
Cisco IOS XR Overview
In this module, you learned to:
668
Version 2.0b
Module 6
Review Questions
Cisco IOS XR Overview and Initial Configuration
1. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
2. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
3. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
4. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
5. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
2005 Cisco Systems, Inc.
Version 2.0b
669
Module 6
670
Version 2.0b
Module 7
Cisco IOS XR Operations
Overview
Description
This module introduces you to the Cisco IOS XR configuration features,
including making, checking, and verifying changes; rolling back
configurations; and troubleshooting configurations.
Objectives
After completing this module, you will be able to:
Version 2.0b
71
Module 7
72
Version 2.0b
Module 7
Login
EXEC mode
Configuration modes
Version 2.0b
73
Module 7
Configuration Modes
74
Version 2.0b
Module 7
Configuration Modes
Configuration mode
Interface config submode
Create router
configurations
Perform router
operations
Version 2.0b
75
Module 7
Administration Modes
Administration mode is currently used to configure multiple logical routers
(LRs) and to install the Cisco IOS XR software.
76
Admin EXECEnter the admin EXEC mode from EXEC mode. The
admin EXEC mode applies primarily to logical routers. When logical
routers have been configured, EXEC mode provides visibility into only
one logical router, so you must enter administration EXEC mode to see
all system parameters. You install packages and update software from
administration EXEC mode, too.
Version 2.0b
Module 7
Administration Modes
Software installations
Logical router management
Version 2.0b
77
Module 7
78
Version 2.0b
Module 7
EXEC
RP/0/0/CPU0:P4#
Global
config:
RP/0/0/CPU0:P4#configure
RP/0/0/CPU0:P4(config)#
Submode and
Interface
config:
Protocol and
submode
config:
Admin
RP/0/0/CPU0:P4#admin
RP/0/0/CPU0:P4#(admin)#
Instructor's Note
This slide is animated. The instructor needs to click/Enter to see each example except the first.
Version 2.0b
79
Module 7
710
slot is the number of the physical slot where the card is installed
Version 2.0b
Module 7
Rack number
Slot = Physical
slot of card
Card Type
Module = CPU0 or SP
Rack
Slot
Module
Route processor
071
RP0/RP1
CPU0
071
015
CPU0, SP
071
SM0SM7
SP
Alarm card
071
AM0AM1
SP
071
FC0FC1
SP
Instructor's Note
The MSC actually has both the CPU0 and SP processors. From the EXEC mode you can only see
processes attributed to CPU0 when using the show process location command. You will see the
SP (and only the SP, not CPU0) processes from Admin mode when using the same command.
Version 2.0b
711
Module 7
712
The first position, or type, indicates the interface or card you are
connected to
The next position, or slot, represents the slot in which the primary RP
is located; for the CRS-1, the physical slot is either RP0 or RP1
The next position, or module, is the entity on the card that actually
runs the user commands. For the RP, this is CPU0
The last position is the name assigned to this router, typically defined
during initial configuration with the hostname command
Version 2.0b
Module 7
RP/0/RP0/CPU0:router
Direct terminal
connection
Management
network
connection
Version 2.0b
713
Module 7
Configuration Operations
Configuration Considerations
Consider additional configuration steps before putting the router into
service.
Domain Name and Domain Name Server
Configure a domain name and domain name server (DNS) for your router
to make contacting other devices on your network more convenient.
Telnet, HTTP, and XML Services
For security, all host services are disabled by default, but you can:
Enable the Telnet server, so you can log in to the router using IPv4 or
IPv6 Telnet clients
Enable the HTTP server, so you can log in to the router using the CWI
Enable the XML agent, which in turn enables XML Common Object
Request Broker Architecture (CORBA) agent services so that you can
manage and configure the router using an XML interface
Router Clock
714
Version 2.0b
Module 7
Configuration Operations
Configuration Considerations
Access convenience
Telnet, HTTP, and XML services
Log on to router through either IPv4 or IPv6 Telnet clients
HTTP for Craft Works Interface
XML for CORBA management and configuration access
Router clock
Logs
Version 2.0b
715
Module 7
After the configuration session is over, you exit the session. This exit
causes the session to become unlocked. At this point, the router can be
configured by other users.
716
Version 2.0b
Module 7
Configuration Operations
CLI
Config
database
Running
config
RP/0/RP0/CPU0:routername#configure exclusive
RP/0/RP0/CPU0:routername(config)#hostname P4
RP/0/RP0/CPU0:routername(config)#commit
RP/0/0/CPU0:P4(config)#
Instructor's Note
Might be used for critical configuration changes.
Exclusive or locking prevents other users from committing changes; it does not prevent them
from entering the config context. Other users can commit changes once you have exited config
exclusive mode.
Other changes being made by other users do not show up in your own configuration because
each session is unique. Changes made by others are not committed to the router when you
commit your own changes.
Version 2.0b
717
Module 7
Preconfiguration
Preconfiguration lets you configure physical interfaces before they are
inserted into the router. Preconfigured interfaces are not verified or
applied until the actual interface with the matching location
(rack/slot/module) is inserted into the router. When the anticipated
MSC/PLIM, or LC, is inserted and the interfaces are created, the
precreated configuration information is verified and, if successful,
immediately applied to the routers running configuration.
The preconfiguration information is created in a different system database
tree, called the preconfiguration directory on the RP.
_____________________________ Note _________________________
Only physical interfaces can be preconfigured.
Do not enter the no shutdown command for new preconfigured
interfaces because the no command removes the existing configuration.
Specifying an interface name that already exists and is configured (or
an abbreviated name like e0/3/0/0) is not permitted.
The option keyword is not validated against the type of the interface
that is getting preconfigured.
_________________________________________________________________
You are expected to provide names during preconfiguration that match the
name of the interface that will be created. If the interface names do not
match, the preconfiguration cannot be applied when the interface is
created. The interface names must begin with the interface type that is
supported by the router and for which drivers have been installed.
718
Version 2.0b
Module 7
Configuration Operations
Preconfiguration
Prior to
installing line
card, its
configuration
can be entered
CLI
Version 2.0b
719
Module 7
720
Version 2.0b
Module 7
Configuration Operations
RP/0/0/CPU0:P4#configure
RP/0/0/CPU0:P4(config)#interface pos 0/5/0/1 pos crc 16
RP/0/0/CPU0:P4(config-if)#ipv4 address 142.50.36.1 255.255.255.0
RP/0/0/CPU0:P4(config-if)#show config
Building configuration...
interface POS0/5/0/1
ipv4 address 142.50.36.1 255.255.255.0
pos
crc 16
!
End
RP/0/0/CPU0:P4(config)#clear
RP/0/0/CPU0:P4(config)#show config
Building configuration...
end
Version 2.0b
721
Module 7
722
Version 2.0b
Module 7
Configuration Operations
RP/0/0/CPU0:P4(config)#username ed
RP/0/0/CPU0:P4(config-un)#password ed
RP/0/0/CPU0:P4(config-un)#group root-system
RP/0/0/CPU0:P4(config-un)#show config | file disk0:ed
Building configuration...
[OK]
RP/0/0/CPU0:P4(config-un)#
Version 2.0b
723
Module 7
724
Version 2.0b
Module 7
Configuration Operations
RP/0/0/CPU0:P4(config)#show config
Building configuration...
end
RP/0/0/CPU0:P4(config)#load disk0:ed
Loading.
57 bytes parsed in 1 sec (56)bytes/sec
RP/0/0/CPU0:P4(config)#show config
Building configuration...
username ed
password 7 110C1D
group root-system
!
end
Version 2.0b
725
Module 7
726
Version 2.0b
Module 7
Configuration Operations
RP/0/0/CPU0:P4#configure
RP/0/0/CPU0:P4(config)#interface pos 0/5/0/1 pos crc 16
RP/0/0/CPU0:P4(config-if)#abort
RP/0/0/CPU0:P4#
Version 2.0b
727
Module 7
728
Version 2.0b
Module 7
Configuration Operations
RP/0/0/CPU0:P4#config
RP/0/0/CPU0:P4(config)#taskgroup bgp
RP/0/0/CPU0:P4(config-tg)#hostname P4xyz
RP/0/0/CPU0:P4(config)#commit
% Failed to commit one or more configuration items.
Please use 'show configuration failed' to view the errors
RP/0/0/CPU0:P4(config)#show config failed
!! CONFIGURATION FAILED DUE TO SEMANTIC ERRORS
taskgroup bgp
!!% Usergroup/Taskgroup names cannot be taskid names
!
RP/0/0/CPU0:P4(config)#
RP/0/0/CPU0:P4#config
RP/0/0/CPU0:P4(config)#taskgroup bgp
RP/0/0/CPU0:P4(config-tg)#hostname P4xyz
RP/0/0/CPU0:P4(config)#commit best-effort
% Failed to commit one or more configuration items.
Please use 'show configuration failed' to view the errors
RP/0/0/CPU0:P4xyz(config)#show config failed
!! CONFIGURATION FAILED DUE TO SEMANTIC ERRORS
taskgroup bgp
!!% Usergroup/Taskgroup names cannot be taskid names
!
Partial
configuration!
RP/0/0/CPU0:P4xyz(config)#
Version 2.0b
729
Module 7
730
Version 2.0b
Module 7
Configuration Operations
Config database
Running config
Target config
commit
Config log
CommitID# 100
CommitID# 099
CommitID# 098
CommitID# 001
rollback points
Version 2.0b
731
Module 7
732
Version 2.0b
Module 7
Configuration Operations
RP/0/RP1/CPU0:P4#show config ?
commit
Show commit information
failed
Contents of failed configuration
removed
Display configuration removed during package
(de)activation.
rollback
Show rollback information.
running-config Current operating configuration
sessions
Users with active configuration sessions
Version 2.0b
733
Module 7
Instructor's Note
Attempts to display changes prior to last boot, or beyond the 100 in the change database, result in
an error message
734
Version 2.0b
Module 7
Configuration Operations
Time Stamp
~~~~~~~~~~
05:40:54 PST
10:22:27 PST
10:13:15 PST
13:24:39 PST
13:17:51 PST
12:52:10 PST
12:51:02 PST
Wed
Mon
Mon
Thu
Thu
Thu
Thu
Mar
Feb
Feb
Feb
Feb
Feb
Feb
02
28
28
24
24
24
24
2005
2005
2005
2005
2005
2005
2005
Time Stamp
~~~~~~~~~~
10:22:27 PST
10:13:15 PST
13:24:39 PST
13:17:51 PST
12:52:10 PST
12:51:02 PST
11:06:20 PST
17:17:58 PST
10:11:59 PST
07:26:12 PST
03:27:26 PST
03:27:01 PST
Mon
Mon
Thu
Thu
Thu
Thu
Thu
Tue
Tue
Thu
Thu
Thu
Feb
Feb
Feb
Feb
Feb
Feb
Feb
Feb
Feb
Feb
Feb
Feb
28
28
24
24
24
24
24
15
15
03
03
03
2005
2005
2005
2005
2005
2005
2005
2005
2005
2005
2005
2005
Maximum of 100
Actual changes are viewable
Version 2.0b
735
Module 7
exclude
file
include
Instructor's Note
Last change is #168; previous change is #167; prior change is #166
736
Version 2.0b
Module 7
Configuration Operations
Same
Version 2.0b
737
Module 7
Another way you might use to see the changes made recently would be to
show the changes since a particular change. You would do this by using the
keyword, since Label/ID. This command is inclusive, also. The changes are
not shown in the order of their order of commitment, but are displayed in
the order they would appear in the running configuration.
738
Version 2.0b
Module 7
Configuration Operations
Instructor's Note
Previous page changes were in the same order as the numbers or so it appeared; however this
display is on the same order as the running configuration. Reminder, the running configuration is
actually a binary file that is interpreted when you use the show command
Version 2.0b
739
Module 7
740
Version 2.0b
Module 7
Configuration Operations
Previous
changes
would be
reversed
Version 2.0b
741
Module 7
742
Version 2.0b
Module 7
Configuration Operations
Version 2.0b
743
Module 7
744
Version 2.0b
Module 7
Configuration Operations
Version 2.0b
745
Module 7
746
Version 2.0b
Module 7
Configuration Operations
Replace
configuration
commit replace
Comment
Label
Version 2.0b
747
Module 7
748
Version 2.0b
Module 7
Configuration Operations
RP/0/0/CPU0:P4(config)#hostname P4abc
RP/0/0/CPU0:P4(config)#commit comment rename from P4 label P4abc
RP/0/0/CPU0:P4abc#show config commit list 1 detail
1) CommitId: 1000000133
Label: NONE
UserId:
cisco
Line: vty0
Client:
CLI
Time: 14:07:35 UTC Wed May 25 2005
Comment:
rename from P4 label P4abc
RP/0/0/CPU0:P4#show config
SNo. Label/ID
User
~~~~ ~~~~~~~~
~~~~
1
1000000133 cisco
commit list
Line
Client
~~~~
~~~~~~
vty0
CLI
Time Stamp
~~~~~~~~~~
14:07:35 UTC Wed May 25 2005
RP/0/0/CPU0:P4abc(config)#hostname P4hjk
RP/0/0/CPU0:P4abc(config)#commit label renameP4hjk
RP/0/0/CPU0:P4hjk#show config commit list 1 detail
1) CommitId: 1000000134
UserId:
cisco
Client:
CLI
Comment: NONE
RP/0/0/CPU0:P4#show config
SNo. Label/ID
User
~~~~ ~~~~~~~~
~~~~
1
renameP4hj cisco
Label: renameP4hjk
Line: vty0
Time: 14:19:50 UTC Wed May 25 2005
commit list
Line
Client
~~~~
~~~~~~
vty0
CLI
Time Stamp
~~~~~~~~~~
14:19:50 UTC Wed May 25 2005
RP/0/0/CPU0:P4hjk(config)#hostname P4
RP/0/0/CPU0:P4hjk(config)#commit label renameP4 comment rename back to P4
RP/0/0/CPU0:P4#show config commit list 1 detail
1) CommitId: 1000000135
Label: renameP4
UserId:
cisco
Line: vty0
Client:
CLI
Time: 14:20:48 UTC Wed May 25 2005
Comment:
rename back to P4
RP/0/0/CPU0:P4#show config commit list
SNo. Label/ID
User
Line
Client
Time Stamp
~~~~ ~~~~~~~~
~~~~
~~~~
~~~~~~
~~~~~~~~~~
1
renameP4
cisco
vty0
CLI
14:20:48 UTC Wed May 25 2005
Version 2.0b
749
Module 7
Configuration Sessions
Configuration sessions can be managed, if necessary. This management
can be helpful if a exclusive session is left open and prevents another
operator from making changes.
The show configuration sessions command displays the running
configuration sessions. The offending session can be removed by using the
clear configuration session command.
750
Version 2.0b
Module 7
Configuration Operations
Configuration Sessions
Date
Thu Mar 10 06:06:01 2005
Thu Mar 10 06:06:50 2005
Thu Mar 10 06:07:10 2005
Lock
Date
Thu Mar 10 06:06:50 2005
Thu Mar 10 06:07:10 2005
Lock
User
doug
cisco
View
Delete
Version 2.0b
751
Module 7
752
Version 2.0b
Module 7
Disk0:
Disk1: (optional)
Harddisk:
NVRAM:
Bootflash:
Version 2.0b
753
Module 7
File Commands
The Cisco IOS XR software has its own file system commands that closely
resemble standard UNIX commands, such as:
cdChange directory
These commands let you review files and file access across the multiple
media available in the Cisco routers. You can move between directories as
necessary to manage the router files.
Other commands that are available: copy, delete, mkdir, rmdir, and
more.
754
Version 2.0b
Module 7
File Commands
RP/0/0/CPU0:P4#dir disk0:
Directory of disk0:
2
drwx 16384
3
drwx 16384
4
drwx 16384
32
dr-x 16384
28
drwx 16384
1011
drwx 16384
1013
drwx 16384
5773
drwx 16384
6224
drwx 16384
6777
drwx 16384
7687
drwx 16384
7852
drwx 16384
7853
drwx 16384
7864
dr-x 16384
67168
-rwx 2940
67456
-rwx 126
9545
drwx 16384
Thu
Tue
Tue
Tue
Tue
Wed
Tue
Tue
Tue
Tue
Tue
Wed
Thu
Tue
Wed
Wed
Mon
Mar
Apr
Apr
Apr
Apr
May
Apr
Apr
Apr
Apr
Apr
May
Mar
Apr
Apr
Apr
Apr
31
5
26
26
26
18
26
26
26
26
26
25
31
5
6
6
25
10:47:50
15:53:44
21:02:15
21:01:17
20:55:04
10:20:09
20:57:58
20:58:14
20:58:42
20:59:14
20:59:38
09:38:31
10:59:56
16:00:42
12:35:54
12:35:54
10:57:22
2005
2005
2005
2005
2005
2005
2005
2005
2005
2005
2005
2005
2005
2005
2005
2005
2005
LOST.DIR
shutdown
config
aaa
c12k-os-mbi-3.2.83
instdb
c12k-base-3.2.83
c12k-admin-3.2.83
c12k-fwdg-3.2.83
c12k-lc-3.2.83
c12k-rout-3.2.83
usr
var
fping
sam_certdb
sam_crldb
tftp
RP/0/0/CPU0:P4#dir disk0:/config/running/commitdb
Directory of disk0:/config/running/commitdb
920736
920864
920960
921056
921408
921536
921664
-r-x
-r-x
-r-x
-r-x
-r-x
-r-x
-r-x
247
80
77
125
2142
2164
2192
Wed
Wed
Wed
Wed
Wed
Wed
Wed
May
May
May
May
May
May
May
25
25
25
25
25
25
25
15:32:40
14:19:50
14:20:48
14:58:30
14:20:49
14:58:30
15:32:40
2005
2005
2005
2005
2005
2005
2005
1000000137.snd
1000000134.snd
1000000135.snd
1000000136.snd
commitdb_info_1000000135.snf
commitdb_info_1000000136.snf
commitdb_info_1000000137.snf
Version 2.0b
755
Module 7
Instructor's Note
The restoration of a configuration replaces all or part of the existing configuration.
RP/0/0/CPU0:P4#more disk0:ed
username ed
password 7 110C1D
no group root-system
group cisco-support
end
RP/0/0/CPU0:P4#sho run username
username ed
password 7 110C1D
group root-system
RP/0/0/CPU0:P4#copy disk0:ed running-config
Parsing.
81 bytes parsed in 1 sec (80)bytes/sec
Committing.
5 items committed in 1 sec (4)items/sec
Updating.
Updated Commit database in 1 sec
RP/0/0/CPU0:P4#show run username
username ed
password 7 110C1D
group cisco-support
756
Version 2.0b
Module 7
Version 2.0b
757
Module 7
Redundancy Commands
The status of RP redundancy of the router is displayed using the show
redundancy command. The display shows you which RP is active and
which is standby. The display further shows the status of the standby RP,
along with the most recent reload and boot information.
Should the currently active RP need to be switched to the standby, you can
do it by entering the redundancy switchover command and confirming
the switchover.
Instructor's Note
It is possible for you to disable redundancy, if necessary. The command is
issued from configuration mode. We do not recommend this action unless
directed by support personnel.
Function is no longer available in version 3.2.
758
Version 2.0b
Module 7
Redundancy Commands
RP/0/0/CPU0:P4#show red
Redundancy information for node 0/0/CPU0:
==========================================
Node 0/0/CPU0 is in ACTIVE role
Partner node (0/1/CPU0) is in STANDBY role
Standby node in 0/1/CPU0 is ready
Reload and boot info
---------------------RP reloaded Mon Mar 7 06:22:03 2005: 3 days, 2 hours, 22 minutes ago
Active node booted Mon Mar 7 06:22:03 2005: 3 days, 2 hours, 22 minutes ago
Standby node boot Tue Mar 8 20:05:57 2005: 1 day, 12 hours, 38 minutes ago
Standby node last went not ready Thu Mar 10 08:10:36 2005: 33 minutes ago
Standby node last went ready Thu Mar 10 08:10:36 2005: 33 minutes ago
There have been 0 switch-overs since reload
RP/0/0/CPU0:P4#redundancy switchover
Updating Commit Database. Please wait...[OK]
Proceed with switchover 0/0/CPU0 -> 0/1/CPU0?[confirm]
Initiating switch-over.
Version 2.0b
759
Module 7
760
Version 2.0b
Module 7
Abbreviated commands
Help
Instructor's Note
There is a man command (man pages) available for online help with commands, features and
keywords. However, it is still a work-in-progress.
Version 2.0b
761
Module 7
Process Management
Cisco IOS XR software is a distributed operating system versus a
monolithic type of operating system. As part of the design, there are many
individual processes that are active during router operation. Occasionally
processes can experience problems. You can manage some of the processes;
only the operating system can access others. This is to protect the integrity
of Cisco IOS XR software.
As part of the resiliency of Cisco IOS XR software, processes may stop and
restart themselves. As a default there is a preprogrammed, pre-set limit as
to how many times during a predetermined period of time a process may
stop and restart. Those processes that do not have pre-set limitations can
be managed by you.
To manage the processes, there are show commands and process
commands.
762
Version 2.0b
Module 7
Process Management
RP/0/0/CPU0:P4#show process ?
<0-4294967295> job id
WORD
Name of the executable
aborts
Show process aborts
all
Show process data for all processes
blocked
Show detail for reply/send/mutex blocked processes.
boot
Show process boot info
cpu
Show CPU use per process
distribution
Show distribution of processes
dynamic
Show process data for dynamically created processes
failover
Show process failover info
family
Show process family information.
files
Show file and channel use per process
location
location to display
log
Show process log
mandatory
Show process data for mandatory processes
memory
Show memory use per process
searchpath
Show the search path
signal
Show signal use for processes.
startup
Show process data for processes created at startup
threadname
Show thread names.
Version 2.0b
763
Module 7
764
Last startedWhen the last respawn took place. This could be the
result of a RP switchover or router reboot
Version 2.0b
Module 7
Process Management
Version 2.0b
765
Module 7
Process Control
There are several choices of action you can use to manage processes. Many
of these should be used only in consultation with Cisco Systems, Inc.
technical support.
766
Version 2.0b
Module 7
Process Management
Process Control
RP/0/0/CPU0:P4#process ?
<0-4294967295> job id
WORD
Name of the executable
blocked
process blocked, capture state
crash
crash a process
mandatory
set mandatory reboot settings
restart
restart a process
shutdown
kill/stop a process
start
start a process
Version 2.0b
767
Module 7
Process Restartability
Due to its modular architecture, Cisco IOS XR software is easy to upgrade
or repair. Each process can be independently started and shut down for
maintenance or upgrade.
Restartability is based on the following features:
Process independence
Process placement
Distributed processes
Process restart is an inherent part of the process separation built into the
software architecture:
768
Version 2.0b
Module 7
Process Management
Process Restartability
Normal
forwarding,
OSPF, BGP
Stop BGP
Normal
forwarding,
OSPF, BGP
Start BGP
Instructor's Note
This animated slide has 2 clicks: 1 Stop sequence; 2 Restart sequence
Version 2.0b
769
Module 7
770
Version 2.0b
Module 7
Process Management
Version 2.0b
771
Module 7
Summary
Cisco IOS XR Operations
In this module, you learned to:
772
Version 2.0b
Module 7
Review Questions
Cisco IOS XR Operations
1. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
2. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
3. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
4. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
5. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
2005 Cisco Systems, Inc.
Version 2.0b
773
Module 7
774
Version 2.0b
Module 8
Cisco IOS XR Installation
Overview
Description
This module teaches you to select, prepare, install, activate, and deactivate
Cisco IOS XR software packages.
Objectives
After completing this module, you will be able to:
Version 2.0b
81
Module 8
Forwarding
Administration
Base
Routing
82
Version 2.0b
Module 8
Manageability
MPLS
Multicast
MPLS, UCP
Security
Routing
Line card
IPSec, encryption,
decryption
ORB, XML,
alarms management
Forwarding
FIB, ARP, QoS, ACL, so on
Administration
Resource management: rack, fabric, LR
Base
Interface manager, system database, checkpoint services,
configuration management, other slow-changing components
OS
Kernel, file system, memory management, and other slow changing core components
Instructor's Note
This slide is animated: Forwarding thru OS appears initially; click 1 will show Routing and Line
card packages, which are separately installed; click 2 Optional packages are added to the slide
There is NO significance to the location of the various boxes representing the packages.
Version 2.0b
83
Module 8
Packages
Software packages are groups of software components that provide bootup
and feature functionality for the various installed cards. These packages
can be installed, upgraded, or downgraded individually (provided the
packages are compatible with the running software), allowing you to
modify specific bootup and feature functionality without impacting other,
unrelated functions. Software packages are installed and managed using
the command-line interface (CLI). Software configurations are created by
activating or deactivating packages to add or remove functionality,
upgrade to new software, or downgrade to earlier versions.
The slide shows the currently available software packages and where they
are implemented.
Software Maintenance Updates (SMUs)
Software maintenance updates (SMUs) are files that contain fixes for
specific defects or sets of defects, and are installed using the same
procedures as PIE files (explained later in this section).
SMUs are not an alternative to maintenance releases. They provide quick
resolution of immediate issues. All bugs fixed by SMUs are integrated into
the maintenance releases.
Upgrades
One of the benefits of the package approach is that features, upgrades, or
software patches can be delivered without rebasing the entire image. The
result is a faster qualification time at a customer location, with faster and
easier delivery of bug fixes and incremental feature introduction. One
component upgrade does not force an upgrade of another component,
resulting in minimum disruption and instability.
Modular services cards can maintain state during upgrade or downgrade of
software resulting in less disruption to the system as a whole.
_____________________________ Note _________________________
The SC on the slide is for the shelf controller, which is a future
enhancement for the Cisco CRS-1 router.
_________________________________________________________________
84
Version 2.0b
Module 8
RP
MSC or LC
DRP
Multicast
MPLS
Manageability
Security
MPLS
Multicast
Optl
Manageability
Opt'l
Security
MPLS
Optl
Line card
Multicast
Forwarding
Mand.
Base
Routing
Routing
Line card
Line card
OS-MBI
Mand.
Mand.
SC
Forwarding
Forwarding
Admin
Base
Base
OS-MBI
Admin
Mand.
Base
OS-MBI
OS-MBI
Implementation locations
Version 2.0b
85
Module 8
86
comp-hfr-mini.pie-3.2.1
hfr-mpls-p.pie-3.2.1
hfr-k9sec-p.pie-3.2.1
hfr-mcast-p.pie-3.2.1
hfr-mgbl-p.pie-3.2.1
Version 2.0b
Module 8
MPLS
Multicast
Security
Manageability
RPL
BGP
OSPF
ISIS
Non-bootable files
Upgrade or add feature
packages
Example: hfr-mcast-p.pie-x.y.z
Routing
package
Instructor's Note
First mouse [Enter] click - Multicast PIE moves forward independently to emphasize PIEs do
not have dependencies.
Manageability t will move forward on the second mouse [Enter] click to indicate other examples
of PIEs.
Version 2.0b
87
Module 8
88
Version 2.0b
Module 8
ISIS process 1
ISIS process 2
ISIS process 3
ISIS process n
ISIS process 1
ISIS process 2
Upgraded
ISIS process 3
ISIS process ...
ISIS process
ISIS process
ISIS software
Instructor's Note
Rather than risk having process names change, or new processes introduced, this slide is only to
show the level to which upgrades/changes can be made with the new modular packaging.
Version 2.0b
89
Module 8
810
Version 2.0b
Module 8
Routing
Routing
Line card
Line card
Forwarding
Forwarding
Admin
Admin
Base
Base
OS-MBI
OS-MBI
Instructor's Note
Animated click or enter: arrow then 2nd column appear for emphasis
Remind students that PIEs will be new features as well as version upgrades, therefore they are
the most likely software installations they will do.
Version 2.0b
811
Module 8
Bootable Code
Packages are delivered to the user in the form of compressed .vm and PIE
files.
Files with the .vm extension are bootable files that contain bootup code and
mandatory package software, such as the core bundle. These files are used
to boot the router for the first time. This process also installs a mandatory
set of feature packages, or PIE files.
812
Version 2.0b
Module 8
Bootable Code
Bootable entities
Routing
Line card
Forwarding
Initial or emergency
installation files
Admin
Base
OS-MBI
Instructor's Note
Bootable code versions should only used for emergency recoveries only!
Version 2.0b
813
Module 8
Software Versions
Base Package Versions
SMU Versions
SMU versions are based on the software package associated with the SMU
and the Distributed Defect Tracking System (DDTS) number addressed by
the SMU. The version scheme is:
<package name>-<package version>.<primary DDTS>-<SMU version
number>
Composite SMU Versions
Composite SMUs are SMUs that apply to more than one software package.
These files have an additional prefix comp- that identifies them as
composite SMUs. The version scheme is:
comp- <composite number>.<primary DDTS>
814
Version 2.0b
Module 8
Software Versions
Software delivery
type
Composite PIE
comp-platform-composite_name.piemajor.minor.maintenance
Single package
PIE
platform-package_typep.piemajor.minor.maintenance
Composite SMU
comp-platform-composite_name.ddts.pie
Single package
SMU
platform-package_typemajor.minor.maintenance.ddts.pie
SMU example
c12k-base-3.2.83.CSCeg00654.pie
Version 2.0b
815
Module 8
Software Storage
Software is typically installed on an internal flash disk in the router. For
both the Cisco CRS-1 router and the Cisco XR 12000 Series Routers this is
disk0:.
You can download software prior to its actual installation. The software is
typically stored on a different media device, such as the optional flash
disk1:, until it is ready to be installed.
816
Version 2.0b
Module 8
Software Storage
CRS-1
Flash
disk1:
Version 2.0b
Flash
disk0:
internal
817
Module 8
818
Version 2.0b
Module 8
or
Router#clock set 17:24:23 June 30 2004
Instructor's Note
Why the emphasis on clock setting? When software installs are implemented a digital signature
check occurs. This check uses the date as part of the check. If the clock is off by determined
value, the add process will fail.
For Cisco internal classes only: using the .vm (executable) install process will circumvent the
check process
Version 2.0b
819
Module 8
Package Management
Adding Packages to the Router
Code fixes (SMUs) and optional or new packages must be transferred to
the router before they can be implemented. There are three ways of getting
software to the router:
You can copy the files to the router by using a flask disk with the needed
files or by copying the files from a server using one of the methods above.
Whichever method of these you choose, we recommend that PIE files be
stored on disk1:.
_____________________________ Note _________________________
Disk1: is not included by default.
_________________________________________________________________
820
Version 2.0b
Module 8
Package Management
Disk1:
TFTP, FTP,RCP, SFTP
Add
Commit
Activate
Deactivate
Server
Direct add
Disk0:
TFTP
FTP
Remote Copy Protocol (RCP)
SSH File Transfer Protocol (SFTP)
Version 2.0b
821
Module 8
822
Version 2.0b
Module 8
Package Management
Instructor's Note
Follow the documented install procedures. The package verification is by digital signature check.
During an add process, no process restarts occur; process restarts occur during activation only
The code in this example is an internal version and not for customer use
Version 2.0b
823
Module 8
824
Version 2.0b
Module 8
Package Management
Instructor's Note
This procedure unpacks, runs compatibility test, shuts down old process, activates new process. If
included, the CLI would be updated. For a mini-pie install, all cards and processes will be
restarted. Use show install inactive to determine the name to use for activation with a minipie
NO config commands during activation!!
Point out the important information relative to the affected processes. Additional messages not
shown show various stages the process enters and completes. There is not room to show them,
but the student should be made aware of what they are.
Version 2.0b
825
Module 8
826
Version 2.0b
Module 8
Package Management
RP/0/0/CPU0:P5(admin)#install commit
Install: The idle timeout on this line will be suspended for synchronous
install operations
Install 5: [ 1%] Install operation 'commit' assigned request id: 5
Install 5: [100%] Committing uncommitted changes in software configurations.
Install 5: [100%] Commit operation successful.
Install 5: [100%] Idle timeout on this line will now be resumed for
synchronous operations
Instructor's Note
The commit is a safety mechanism. This step saves the current state of the software. The software
can be verified that it works correctly by not invoking the commit. If installing the change causes
a system hang or the bug is not fixed, then the package would not be installed after a reboot
Version 2.0b
827
Module 8
828
Version 2.0b
Module 8
Package Management
Deactivating Packages
Instructor's Note
This is a general deactivation of a package. For a specific location, the location keyword can be
used: deactivate <package> location 0/1/CPU0.
Point out the important information relative to the affected processes.
Remind students of install commit requirement to make persistent across reloads.
Version 2.0b
829
Module 8
830
Version 2.0b
Module 8
Package Management
Package Removal
Instructor's Note
What happens if software is deleted the files and directories removed? And the correct steps for
deactivation and removal (install deactivate, commit, remove) are not followed? Software that is
still in use would no longer be available. The router should make multiple attempts to boot and
may appear to be hung; eventually it will give up attempting to boot the primary RP and will boot
the standby RP. The standby should be OK, as the code changes attempted on the primary are
not synchronized with the standby during the deactivation and removal. The standby becomes the
primary and returns the switch to the pre-change state.
Version 2.0b
831
Module 8
Installation Rollback
The install rollback command provides a method of returning to the
previously active installation point. You can return to either the last
committed package or to a noncommitted package. The slide shows an
example of rolling back to a previously committed package.
_____________________________ Note _________________________
The install rollback command without a reload option will only
rollback to the last install point. To roll back to an earlier install point
requires the reload option
_________________________________________________________________
You can determine the available rollback information by using these
commands:
832
Version 2.0b
Module 8
Package Management
RP/0/0/CPU0:P5(admin)#install rollback 2
Install: The idle timeout on this line will be suspended for synchronous install
operations
Install: Starting install operation. Do not insert or remove cards until the operation
completes.
RP/0/0/CPU0:P5(admin)#
Install: Now operating in asynchronous mode. Do not attempt subsequent install operations
until this operation is complete.
Install 11: [ 0%] Install operation 'rollback 2' assigned request id: 11
Install 11: [ 10%] Updating software configurations.
Install 11: [ 10%]
RP:
Install 11: [ 10%]
Activating c12k-admin-3.2.83
Install 11: [ 10%]
Activating c12k-base-3.2.83
Activating mprp-rp__boot-3.2.83
Deactivating c12k-admin-3.2.85
Deactivating c12k-base-3.2.85
Deactivating mprp-rp__boot-3.2.85
Change boot image to /disk0/c12k-os-mbi-3.2.83/mbiprp-rp.vm
Committed software
Non-committed software
Install 11: [ 10%] Checking running configuration version compatibility with new
ly activated software ...
Install 11: [ 10%] No incompatibilities found between the activated software and
router running configuration.
Install 11: [ 10%] Node 0/0/CPU0: *** Will be reloaded ***
Install 11: [ 10%] Node 0/1/CPU0: *** Will be reloaded ***
Note reload
Install 11: [ 10%] Node 0/3/CPU0: *** Will be reloaded ***
Install 11: [ 10%] Node 0/4/CPU0: *** Will be reloaded ***
Install 11: [ 55%] Downloading packages to impacted nodes
Install 11: [ 55%] Successfully downloaded packages to impacted nodesRP/0/0/CPU0
:Jun 2 06:12:24.596 : instdir[182]: %INSTALL-INSTMGR-6-SOFTWARE_CHANGE_START :
Software change transaction 11 is BEGINNING...
Install 11: [ 85%] Performing software change
P/0/0/CPU0:Jun 2 06:12:28.632 : instdir[182]: %INSTALL-INSTMGR-6-SOFTWARE_CHANG
E_END : Software change transaction 11 is COMPLETE.
[2KInstall 11: [100%] Reducing timeouts to better synchronize node reloads.
Install 11: [100%] *** This node is reloading, please hold back any commands ***
Install 11: [100%] NOTE: The changes made to software configurations will not be
Install 11: [100%] persistent across RP reloads. Use the command 'install commit
'
Install 11: [100%] to make changes persistent.
Version 2.0b
833
Module 8
834
Version 2.0b
Module 8
Package Management
Version 2.0b
835
Module 8
836
Version 2.0b
Module 8
Version 2.0b
837
Module 8
838
Version 2.0b
Module 8
server [c12k-mgbl:manageability-perf]
Version 2.0b
839
Module 8
840
Version 2.0b
Module 8
Version 2.0b
841
Module 8
842
Version 2.0b
Module 8
Version 2.0b
843
Module 8
844
Version 2.0b
Module 8
RP/0/0/CPU0:P5#show install ?
active
Show active package information
all
Show information for all locations
committed Show the committed package information
detail
Show information about constituent package
inactive
Show active package information
location
Show information for a specific location
log
Show log file
package
Name of the package
pie-info
Show information in a PIE file
requests
Show current requests
rollback
Show package information for a rollback point
which
Show the origin of a named process, component or package
|
Output Modifiers
<cr>
Version 2.0b
845
Module 8
Summary
Cisco IOS XR Installation
In this module, you learned to:
846
Version 2.0b
Module 8
Review Questions
Cisco IOS XR Installation
1. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
2. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
3. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
4. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
5. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
2005 Cisco Systems, Inc.
Version 2.0b
847
Module 8
848
Version 2.0b
Module 9
Cisco IOS XR Security
Overview
Description
This module teaches you Cisco IOS XR authentication, authorization, and
accounting, along with router security administration and access control
list configuration using the command-line interface (CLI). Neither
Cisco Craft Works Interface (CWI) nor XML security is discussed in this
module.
Objectives
After completing this module, you will be able to:
Instructor's Note
This module discusses IOS XR security for the CLI only. Please make the students aware that a
future IOS XR Security course will cover the TACACS+ and Radius implementations along with
CWI and XML security. Also, this course does not cover CA, IKE, IPSec, SFTP or SSL.
Version 1.0c
91
Module 9
92
Version 1.0c
Module 9
Version 1.0c
93
Module 9
94
Version 1.0c
Module 9
Version 1.0c
95
Module 9
96
Version 1.0c
Module 9
Version 1.0c
97
Module 9
The Secure Socket Layer (SSL) protocol and Transport Layer Security
(TLS) are application-level protocols that provide for secure communication
between a client and server by allowing mutual authentication, the use of
hash for integrity, and encryption for privacy. SSL and TLS rely upon
certificates, public keys, and private keys.
Secure Shell (SSH)
98
Version 1.0c
Module 9
Application-level protocols
Secures client/server communication
Requires RSA or DSA key pairs or CA certificate
Secure Shell
Version 1.0c
99
Module 9
910
Version 1.0c
Module 9
ADMIN
LR
AAA
Version 1.0c
911
Module 9
912
Additional users are assigned to user groups. The root-system user may
configure a few local users without any additional AAA configuration
Version 1.0c
Module 9
Version 1.0c
913
Module 9
Authorization
Authorization provides the method for access control of user account and
user group support. AAA authorization works by assembling a set of
attributes that describe what the user is authorized to perform.
Task Groups
Task IDs grant permission to perform certain tasks. Task IDs are added to
the task groups to define a security policy. Tasks IDs (rights) are pooled
into a task group that is then assigned to users.
User Groups
914
Version 1.0c
Module 9
Authorization
Task groups
Task identifiers
Control, configuration
or execution of
operations
Read, write, execute,
and debug actions
Task classes
Task ID examples:
basic-services
network
interface
bgp, isis, ospf, rib
Security policy
Version 1.0c
915
Module 9
Task-Based Authorization
The operational tasks of router control, configuration, and monitoring are
represented by task IDs. A task ID defines the permission to run an
operation. Task ID operations can be one, all, or a combination of:
Users are associated with sets of task IDs that define the breadth of their
authorized access to the router.
Task IDs
916
Version 1.0c
Module 9
Task-Based Authorization
Task IDs
Define permissions
CLI commands and API invocations
Instructor's Note
The permissions are based on Unix file permissions. An example could be a copy command. This
would require read access to the source file, write access to new target file and execute access to
the copy command. Reviewing the required permissions using the describe command (covered
later in this module) will help you understand the permissions.
Version 1.0c
917
Module 9
Task Groups
A task group is defined by a collection of task IDs. Task groups contain
task ID lists for each class of action.
Each user group is associated with a set of task groups applicable to the
users in that group. A users task permissions are derived from the task
groups associated with the user groups to which that user belongs.
Task Groups can be organized as:
Group Inheritance
root-systemRoot-system users
netadminNetwork administrators
sysadminSystem administrators
Users can configure their own task groups to meet particular needs.
Task groups support inheritance from other task groups.
918
Version 1.0c
Module 9
Task Groups
Groups
Defined by collection of task IDs
Task groups associated to user groups
Predefined or site-defined task groups
Support inheritance
Pre-defined Groups
root-system Root-system users
root-lr Root-logical router users
netadmin Network administrators
sysadmin System administrators
operator Day-to-day activity users
Version 1.0c
919
Module 9
Authentication
Authentication is accomplished by comparing the user ID and the userprovided password with the information stored in a security database for
the user.
Authentication of Root-System Users
The root-system user (or owner) is configured in the Admin plane and has
visibility into any logical routers. To support this feature, a AAA database
is defined for the Admin plane.
Authentication of LR Owner
An LR owner can log in to only those nodes belonging to the specific logical
router associated with that LR owner. If the user is a member of the LR
owner group, then the user is authenticated as an LR owner. All logical
routers have their own LR owner groups.
Authentication of LR User
User Groups
A user group defines a collection of users that share a set of attributes,
such as access privileges. Each user may be associated with one or more
user groups. User groups have a list of task groups that define the
authorization for the members of the group. All tasks are permitted by
default for root-system users.
920
Version 1.0c
Module 9
Authentication
Root-system user
LR owner
LR user
User Groups
Version 1.0c
921
Module 9
The user group root-system has root-system users as the only members.
The root-system user group has predefined authorization and the complete
responsibility for root-system user-managed resources and certain
responsibilities in logical routers. Authorization is enabled by default for
root-system users in any LR, including the root LR.
Administrators can configure their own user groups to meet particular
needs.
922
Version 1.0c
Module 9
root-system
root-lr
sysadmin
netadmin
operator
Version 1.0c
923
Module 9
924
netadminThe netadmin can perform all read commands except rootsystem owner tasks. The following are examples of write tasks that the
netadmin can perform: routing, forwarding, connectivity, VLAN, AAA,
and so on.
sysadminThe sysadmin can perform all read commands except rootsystem owner tasks. The following are examples of write tasks that the
sysadmin can perform: AAA, manageability, logging, and so on.
Version 1.0c
Module 9
root-system
Root-system owner
Read and write all commands available on the router
root-lr
Logical-router owner
Read and write all commands on the LR
Root-system owner tasks are read only
netadmin
Network administrators
Read all commands except root-system owner commands
Write routing, forwarding, connectivity, VLAN, AAA, and so on
sysadmin
System administrators
Read all commands except root-system owner commands
Write AAA, manageability, logging, and so on
operator
General user
Read and write basic operations
Read logs, CDP, and run diagnostics
Version 1.0c
925
Module 9
Users
Cisco IOS XR software attributes forms the basis of router user access.
Each router user is associated with the following:
926
List of user groups (at least one) of which the user is a member (thereby
enabling attributes such as task IDs)
Version 1.0c
Module 9
Users
Version 1.0c
927
Module 9
928
Version 1.0c
Module 9
Version 1.0c
929
Module 9
Remote AAA
Products such as Cisco Secure Access Control Server can be used to
administer the shared or external AAA database. The router communicates
with the remote AAA server using standard IP-based security protocol
(such as TACACS+). The remote security server should support enough
logic to create the different classes of users appropriately. Security data
stored in the server can be used by any client, provided the client knows
the server IP address, port, and key.
Client Configuration
The security server should be configured with the secret key shared with
the router and IP addresses of the clients.
Root-System User Management
LR users can be created and made members of multiple user groups. The
effective task permission set is derived by making a union of all
permissions enabled by all user groups.
User Group Management
User groups have unique names across the domain of the security server.
User groups, however, are qualified with lists of logical routers that can
refer to them.
Task Group Management
Task groups are defined by lists of permitted task IDs for each type of
action (read, write, and so on). The task IDs are defined in the router.
To support configuration of task groups in external software, the task ID
definitions may need to be exported.
930
Version 1.0c
Module 9
Remote AAA
IP
network
AAA subsystem
CLI
HTTP
AAA client
library
AAA
server
TACACSD
RADIUSD
External
AAA
server
XML
agents
Version 1.0c
931
Module 9
Method Lists
AAA data may be stored in a variety of data sources. AAA configuration
uses method lists to define an order of preference for the source of AAA
data. AAA may define more than one method list, and applications (such as
login) can choose one of them. For example, console and AUX ports may
use one method list, and the VTY ports may use another. If a method list is
not specified, the application tries to use a default method list.
Rollover Mechanism
Line: Use a line password and user group (applicable only for
authentication)
Server Grouping
Instead of maintaining a single global list of servers, the user can form
server groups for different AAA protocols (such as RADIUS, TACACS+,
and so on) and associate them with AAA applications (PPP, EXEC, and so
on).
932
Version 1.0c
Module 9
Method Lists
Local
TACACS+
RADIUS
Line
None
Version 1.0c
933
Module 9
Authentication
Authorization
Accounting
934
Version 1.0c
Module 9
Authentication lists
Authorization lists
Accounting lists
Version 1.0c
935
Module 9
936
Version 1.0c
Module 9
Version 1.0c
937
Module 9
4. AAA determines the role of the user (root-system user, root-lr user, or
LR user):
938
Version 1.0c
Module 9
Version 1.0c
939
Module 9
Accounting
Accounting provides a method for collecting and sending security server
information used for billing, auditing, and reporting, such as user
identities, start and stop times, executed commands (such as PPP), number
of packets, and number of bytes. Accounting enables you to track the
services users are accessing and the amount of network resources they are
consuming.
Cisco IOS XR software supports the TACACS+ method of accounting. The
router reports user activity to the TACACS+ security server in the form of
accounting records. Each accounting record contains accounting attributevalue (AV) pairs and is stored on the security server in an accounting log.
Use the aaa accounting commands to create named method lists defining
specific accounting methods that can be used on a per-line or per-interface
basis.
Method lists for accounting define the way accounting is performed,
enabling you to designate a particular security protocol to be used on
specific lines or interfaces for particular types of accounting services.
940
Version 1.0c
Module 9
Accounting
Accounting
database
RP/0/0/CPU0:POD5(config)#aaa accounting ?
commands . . . . . . . For EXEC (shell) commands
exec . . . . . . . . . For starting an EXEC (shell)
system . . . . . . . .For System events
RP/0/0/CPU0:POD5(config)#aaa accounting commands ?
word
Named accounting list
default
Default accounting list
RP/0/0/CPU0:POD5(config)#aaa accounting commands cisco ?
start-stop start and stop records
stop-only
stop records only
Version 1.0c
941
Module 9
Security Configuration
Site-Defined Task Groups, User Groups, and Users
Before configuring the security policy, some thought must be given to the
operational tasks that individual users are required to perform. This
planning can provide for all necessary user access, while maintaining
control over router security.
To configure user security policy, follow these steps:
1. Configure task groups and associate task IDs to the group.
Configure a task group and assign rights to it. For example, an OSPF task
group might have only OSPF configuration rights, whereas a BGP task
group might inherit all OSPF rights, in addition to the BGP configuration
rights.
2. Configure user groups.
Configure a user group and give it permissions by associating the group to
a particular task group.
3. Configure users.
Create users and assign them to one or more user groups.
942
Version 1.0c
Module 9
Security Configuration
Configuration flow
Version 1.0c
User
Name
Password
List of user
groups
943
Module 9
944
Version 1.0c
Module 9
Security Configuration
File: instmgr_cmds.parser
Required to
install
software
Instructor's Note
At this writing there is some discussion about this command as to availability or replacement. The
command is not documented and is available only to root-system and cisco-support groups.
Emphasize Task IDs; this command is useful when setting up Task groups and User groups; it is
the best way to see the rights needed to set up privileges and access
Version 1.0c
945
Module 9
946
Version 1.0c
Module 9
Security Configuration
Version 1.0c
947
Module 9
948
Version 1.0c
Module 9
Security Configuration
Version 1.0c
949
Module 9
950
Version 1.0c
Module 9
Security Configuration
Version 1.0c
951
Module 9
952
Version 1.0c
Module 9
Security Configuration
Version 1.0c
953
Module 9
Configuring Users
Each user is identified by a username that is unique across the
administrative domain. Each user should be made a member of at least one
user group. Deleting a user group may orphan the users associated with
that group.
The username command provides username and password authentication
for login purposes only. It provides the method of assigning a user to a user
group.
To create users with passwords, follow these steps:
1. Configure a username to add users who can access the system.
2. Configure the password for the user defined with the username
command. Passwords have two levels: password and secret.
PasswordLower security
SecretHigher security
954
Version 1.0c
Module 9
Security Configuration
Configuring Users
Configure a user
RP/0/RP0/CPU0:POD5#configure
RP/0/RP0/CPU0:POD5(config)#username ken
Assign a password
RP/0/RP0/CPU0:POD5(config-un)#password drowssap57
RP/0/RP0/CPU0:POD5(config-un)#
Instructor's Note
The two password choices, password and secret, offer levels of encryption. Password offers 0 or
7; 0 keeps the password in clear text, while 7 encrypts it. For secret, 0 keeps the password in clear
text; 5 encrypts it.
Version 1.0c
955
Module 9
956
Version 1.0c
Module 9
Security Configuration
WRITE
WRITE
EXECUTE
EXECUTE
Instructor's Note
A question may arise from the information regarding password encryption on the previous page.
Where does one see a clear text password? The show running config command will reveal any
clear text passwords; you will not see them with either of these commands.
Version 1.0c
957
Module 9
958
Version 1.0c
Module 9
ACL Overview
Version 1.0c
959
Module 9
Access lists perform packet filtering to control which packets move through
the network and where. Such control can help limit network traffic and
restrict the access of users and devices to the network. Access lists have
many uses, and therefore many commands accept a reference to an access
list in their command syntax. Access lists can be used to do the following
Provide traffic flow control. ACLs can restrict the delivery of routing
updates. If updates are not required because of network conditions,
bandwidth is preserved.
Provide a basic level of security for network access. ACLs can allow one
host to access a part of the network and prevent another host from
accessing the same area.
The order in which ACL statements are placed is important. Cisco IOS XR
software tests the packet against each condition statement, in order, from
the top to the bottom of the list. After a match is found, the permit action
or deny action is performed, and no other ACL statements are checked.
960
Version 1.0c
Module 9
ACL purposes
Version 1.0c
961
Module 9
962
Version 1.0c
Module 9
RP/0/RP0/CPU0:POD5#conf
RP/0/RP0/CPU0:POD5(config)#ipv4 access-list cisco
RP/0/RP0/CPU0:POD5(config-ipv4-acl)#30 deny 192.168.34.0 0.0.0.255
RP/0/RP0/CPU0:POD5(config-ipv4-acl)#40 permit 172.168.34.0 0.0.0.255
RP/0/RP0/CPU0:POD5(config-ipv4-acl)#commit
RP/0/RP0/CPU0:POD5(config-ipv4-acl)#exit
RP/0/RP0/CPU0:POD5(config)#interface POS 0/4/0/0
RP/0/RP0/CPU0:POD5(config-if)#ipv4 access-group cisco in
RP/0/RP0/CPU0:POD5(config-if)#commit
Version 1.0c
963
Module 9
Editing ACLs
A value-added feature in Cisco IOS XR software is line addition and
subtraction of individual access control elements in access lists. Individual
ACE statements within an ACL are numbered, making it easy to add or
subtract statements at any time.
Statements are added to the ACL by specifying an additional line number
followed by the new ACE.
Statements are removed from the ACL by specifying the no keyword
followed by the line number.
Instructor's Note
To apply an Extended name ACL:
RP/0/0/CPU0:POD3(config)#interface POS 0/4/0/0 ipv4 access-group ?
WORD access-list name
RP/0/0/CPU0:POD3(config)#interface POS 0/4/0/0 ipv4 access-group cisco ?
in
Filter incoming packets
out Filter outgoing packets
RP/0/0/CPU0:POD3(config)#interface POS 0/4/0/0 ipv4 access-group cisco in
964
Version 1.0c
Module 9
Editing ACLs
Sample ACL
RP/0/RP0/CPU0:POD5#show ipv4 access-list Ethernet_In
ipv4 access-list Ethernet_In
1 deny udp any eq netbios-ns any
2 deny udp any host 255.255.255.255 eq tftp
4 permit any
Add a line
RP/0/0/0:RP-POD1(config-ipv4-acl)#3 deny udp any eq netbios-dgm any
Sample ACL
RP/0/RP0/CPU0:POD5#show access-list ipv4 Ethernet_In
ipv4 access-list Ethernet_In
1 deny udp any eq netbios-ns any
2 deny udp any host 255.255.255.255 eq tftp
3 deny udp any eq netbios-dgm any
4 permit any
Remove a line
RP/0/0/0:RP-POD1(config-ipv4-acl)#no 3
Version 1.0c
965
Module 9
Resequencing ACLs
To add a statement in the middle of an access list, you can renumber the
ACEs in the ACL by using the resequence command.
For example, if statements 1 to 10 have been used and an ACE needs to be
added in the middle of the ACL, use the resequence command to change
the numbers by a factor of 10. Additional statements can then be inserted
in the newly created number space.
966
Version 1.0c
Module 9
Resequencing ACLs
Sample ACL
RP/0/RP0/CPU0:POD5#show access-list ipv4 Ethernet_In
ipv4 access-list Ethernet_In
1 deny udp any eq netbios-ns any
2 deny udp any host 255.255.255.255 eq tftp
3 permit any
Instructor's Note
This is an EXEC level command. This command will create a rollback file with the ACL as the
client.
Version 1.0c
967
Module 9
Copying ACLs
When an ACL has been created, using the copy command, the access list
can be recreated and the statements are renumbered. The new ACL is then
applied to the interfaces.
968
Version 1.0c
Module 9
Copying ACLs
Version 1.0c
969
Module 9
Summary
Cisco IOS XR Security
In this module, you learned to:
970
Version 1.0c
Module 9
Review Questions
Cisco IOS XR Security
1. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
2. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
3. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
4. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
5. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
2005 Cisco Systems, Inc.
Version 1.0c
971
Module 9
972
Version 1.0c
Module 10
Routing Protocols
Overview
Description
This module covers the Cisco IOS XR Release 3.2 implementation of the
Border Gateway Protocol (BGP), the Open Shortest Path First (OSPF)
protocol, the Intermediate System-Intermediate System (IS-IS) protocol,
and Multicast Routing. It also discusses functional and configuration
differences between Cisco IOS and Cisco IOS XR routing protocols.
Objectives
After completing this module, you will be able to:
Configure BGP
Configure OSPF
Configure IS-IS
Version 2.0a
101
Routing Protocols
Module 10
102
Version 2.0a
Module 10
Functional Differences
Instructor's Note
R3.2 BGP Implementation limits:
1024 neighbors configurable by bgp maximum neighbor command (max 1500)
512K IPv4 unicast prefixes configurable by maximum-prefix command (max 4G)
128K IPv4 multicast prefixes configurable by maximum-prefix command (max 4G)
128K IPv6 unicast prefixes configurable by maximum-prefix command (max 4G)
???? IPv6 multicast prefixes configurable by maximum-prefix command (max 4G)
Version 2.0a
103
Routing Protocols
Module 10
In Cisco IOS software, route maps, community lists, and as-path lists are
used to filter and modify BGP routes. Route policies written with the
Routing Policy Language (RPL) replace most usage of route maps in Cisco
IOS XR.
External BGP (EBGP) neighbors must have inbound and outbound policies
configured. If no policies are configured, no routes will be accepted from a
neighbor, nor will any routes be advertised to it. This default behavior is
intended to prevent routes from being accepted or advertised externally
without specific configuration. All routes are advertised to and accepted
from internal BGP (IBGP) neighbors if there are no policies.
BGP update message generation is dynamically calculated by an algorithm
that sorts neighbors into update groups, based on common outbound
routing policies. No configuration of this feature is required. Cisco IOS
12.0(24)S introduced a similar functionally called Dynamic Update Peergroups.
104
Version 2.0a
Module 10
Version 2.0a
105
Routing Protocols
Module 10
CLI Differences
Cisco IOS XR implements a hierarchical CLI configuration structure that
groups all BGP configuration and creates new submodes for neighbor and
address family configuration. In addition, address family group, session
group, and neighbor group submodes allow configuration of parameters
that can be inherited by address family and neighbor configurations
through the use command. Similarly, groups can inherit configuration
from another group of the same type through the use command.
New show commands have been added to view the inherited configuration
of neighbors along with the inherited group names.
106
Version 2.0a
Module 10
CLI Differences
router bgp
af-group
address-family
session-group
neighbor
neighbor-group
address-family
address-family
Instructor's Note
Presenting This Slide: The dashed arrows represent possible command inheritance with the use
command. That is, a group (af-group, session-group, or neighbor-group) may be used in other
configuration submodes and thus its commands inherited by that configuration.
Version 2.0a
107
Routing Protocols
Module 10
neighbor Command
To enter neighbor configuration mode for configuring BGP peer sessions,
use the neighbor command in BGP router configuration mode. From
neighbor configuration mode, you can enter address-family configuration
for the neighbor by using the address-family command that allows you to
configure routing updates for IPv4 and IPv6 address prefixes.
The neighbor command does not establish a peering session with the
neighbor. To create the neighbor peering session, you must configure a
remote autonomous system number by entering the remote-as command,
or the neighbor can inherit a remote autonomous system number from a
neighbor group or session group through the use command.
108
Version 2.0a
Module 10
neighbor Command
Cisco IOS
router(config-router)# neighbor 10.222.1.1 remote-as 100
router(config-router)# neighbor 10.222.1.1 update-source Loopback0
Cisco IOS XR
RP/0/RP0/CPU0:router(config)# router bgp 65000
RP/0/RP0/CPU0:router(config-bgp)# neighbor 10.222.1.1
RP/0/RP0/CPU0:router(config-bgp-nbr)# remote-as 100
RP/0/RP0/CPU0:router(config-bgp-nbr)# update-source Loopback0
Version 2.0a
109
Routing Protocols
Module 10
1010
Version 2.0a
Module 10
Cisco IOS
router(config-router)# neighbor group_1 peer-group
router(config-router)# neighbor group_1 remote-as 64500
router(config-router)# neighbor group_1 update-source loopback0
router(config-router)# neighbor 10.60.70.10 peer-group group_1
Cisco IOS XR
RP/0/RP0/CPU0:router(config-bgp)# neighbor-group group_1
RP/0/RP0/CPU0:router(config-bgp-nbrgrp)# remote-as 64500
RP/0/RP0/CPU0:router(config-bgp-nbrgrp)# update-source loopback0
RP/0/RP0/CPU0:router(config-bgp-nbrgrp)# exit
RP/0/RP0/CPU0:router(config-bgp)# neighbor 10.60.70.10
RP/0/RP0/CPU0:router(config-bgp-nbr)# use neighbor-group group_1
Instructor's Note
A neighbor group would be most valuable for a IBGP full mesh or route reflector configuration.
In both cases, the router will have many internal peers all typically with the same neighbor
configuration. This is the situation in our Routing lab that follows this module.
Version 2.0a
1011
Routing Protocols
Module 10
address-family Command
To configure various address-family configuration parameters for BGP
peering sessions, use the address-family command in the appropriate
configuration mode - router, neighbor, or neighbor group.
An address family must be explicitly configured in the router configuration
mode for the address family to be active in BGP. Similarly, an address
family must be configured under the neighbor for the BGP session to be
established for that address family. An address family must be configured
in router configuration mode before it can be configured under a neighbor.
Configure the address-family ipv4 or address-family ipv6 command at
the global level to enable configuration of neighbors. When you enter the
address-family command from neighbor configuration mode, you enter
neighbor address-family configuration mode. Use ipv4 for IPv4 neighbors
and ipv6 for IPv6 neighbors.
1012
Version 2.0a
Module 10
address-family Command
router(config-bgp)#
router(config-bgp-nbr)#
address-family {ipv4 | ipv6} {unicast | multicast}
RP/0/RP0/CPU0:router(config)# router bgp 65000
RP/0/RP0/CPU0:router(config-bgp)# address-family ipv4 unicast
RP/0/RP0/CPU0:router(config-bgp-af)# network 10.0.0.0/8
RP/0/RP0/CPU0:router(config-bgp-af)# exit
RP/0/RP0/CPU0:router(config-bgp)# neighbor 10.1.1.1
RP/0/RP0/CPU0:router(config-bgp-nbr)# remote-as 64500
RP/0/RP0/CPU0:router(config-bgp-nbr)# address-family ipv4 unicast
RP/0/RP0/CPU0:router(config-bgp-nbr-af)# weight 200
Version 2.0a
1013
Routing Protocols
Module 10
Configuration Example
The topology and configuration on the opposite page is similar to part of
the courses lab environment. Because this is a full-mesh iBGP topology, it
would be typical for all the iBGP neighbors to have the same configuration
commands. Notice how use of the neighbor group internal reduces the
configuration of the two BGP neighbors.
1014
Version 2.0a
Module 10
Configuration Example
P3
P1
.3
142.50.12
.1
100.10.20.3
100.10.20.1
POS 0/4/0/0
POS 0/3/0/1
.3
142.50.20
P2
.2
100.10.20.2
interface Loopback0
ipv4 address 100.10.20.3 255.255.255.255
!
interface POS0/3/0/1
ipv4 address 142.50.20.3 255.255.255.0
!
interface POS0/4/0/0
ipv4 address 142.50.12.3 255.255.255.0
!
router bgp 65000
address-family ipv4 unicast
!
neighbor-group internal
remote-as 65000
password encrypted 121A0C041104
update-source Loopback0
address-family ipv4 unicast
!
!
neighbor 100.10.20.1
use neighbor-group internal
description P1 router
!
neighbor 100.10.20.2
use neighbor-group internal
description P2 router
!
!
Version 2.0a
1015
Routing Protocols
Module 10
show Commands
With the hierarchical configuration structure supporting explicit
inheritance of address family, session, and neighbor groups, new show
commands exist to view the inherited configuration of neighbors along with
the inherited group names.
To view the effective configuration for a neighbor, you use the show bgp
neighbors <ip-address> configuration command. Names enclosed in
brackets (such as internal) are groups from which the configuration
parameter is inherited. If there is no name in the brackets, the parameter
is set directly in the neighbor configuration and not inherited. You can
view just the inherited group names with the show bgp neighbors <ipaddress> inheritance command.
Address family group, session group, and neighbor group configuration or
inheritance can be viewed in a similar manner using the show bgp
<group-type> <group-name> {configuration | inheritance}
command. Other options for configuring output allow defaulted parameter
values (defaults keyword) or an nvgen-style output (nvgen keyword) to be
viewed.
The overall operational state of BGP is best viewed using the show bgp
summary, show bgp neighbors, and show bgp update-group
commands.
1016
Version 2.0a
Module 10
show Commands
RecvTblVer
1
bRIB/RIB
1
SendTblVer
1
Spk
AS MsgRcvd MsgSent
0 65000
2607
2608
0 65000
2600
2600
Version 2.0a
TblVer
1
1
1017
Routing Protocols
Module 10
1018
Version 2.0a
Module 10
Description
Cisco IOS
Cisco IOS XR
Automatically summarize
subnet routes into classfull
network (A, B, or C) routes
when advertising outside AS.
bgp always-compare-med is
used
bgp client-to-client
reflection is the default
no bgp deterministic-med
was the default
Version 2.0a
1019
Routing Protocols
Module 10
By default, logging the neighbor status changes (up or down) and reset
reason is disabled by default in Cisco IOS but enabled in Cisco IOS XR.
This information can be used for troubleshooting connectivity problems
and measuring network stability.
The default metric command sets the MED value to advertise to peers for
routes that do not already have a metric set (routes that were received
with no MED attribute). Neither Cisco IOS nor Cisco IOS XR set a metric
by default.
Community values are now commonly displayed as two 16-bit values
separated by a colon. Cisco IOS displays them as one 32-bit decimal word
by default unless the ip bgp new format command is used. Cisco IOS XR
always displays communities as two 16-bit words and cannot be configured
otherwise.
Filtering BGP route information in Cisco IOS can be accomplished by a
variety of commands, such as neighbor distribute-list, ip as-path
access-list, neighbor filter-list and route-map. In Cisco IOS XR, RPL
policies can replace or have replaced most of these commands. The prefixlist in command for use with ORF is one exception.
1020
Version 2.0a
Module 10
Description
Cisco IOS
Cisco IOS XR
no default-metric is the
default
Version 2.0a
1021
Routing Protocols
Module 10
1022
Version 2.0a
Module 10
Description
Cisco IOS
Cisco IOS XR
no neighbor {ip-address |
peer-group-name} sendcommunity is the default
no-send-community-ebgp and
no-send-extendedcommunity-ebgp are the
default; always send to IBGP
neighbors
Synchronization is not
supported
Version 2.0a
1023
Routing Protocols
Module 10
1024
Version 2.0a
Module 10
Version 2.0a
1025
Routing Protocols
Module 10
The bRIB is the rendezvous point for the partial bestpaths sent to it by the
various speakers. It makes the ultimate routing decision, installs those
bestpath routes in the global RIB, and distributes them to all speakers.
1026
Version 2.0a
Module 10
Peers
Speaker
Partial
bestpaths
Final
bestpaths
bRIB
RIB
Final
bestpaths
Peers
Speaker
Partial
bestpaths
Version 2.0a
1027
Routing Protocols
Module 10
1028
Version 2.0a
Module 10
Feature Support
IS-IS
BGP
Static
Area 2
Area 3
NSSA
ASBR
Internal
Internal
ABR
ABR
Virtual
Link
Area 4
Stub
Area 0
Backbone
ABR
ABR
Internal
Internal
BBone
Passive
Area 1
Standard OSPFv2 and OSPFv3
Version 2.0a
1029
Routing Protocols
Module 10
CLI Differences
Cisco IOS XR OSPF configuration differs from that of Cisco IOS by using a
hierarchical CLI with inheritance of parameter values.
Hierarchical CLI
Hierarchical CLI is the grouping of related network component
information at defined hierarchical levels - OSPF router, area and
interface level:
router ospf lab
area 0
interface pos0/4/0/1
The router configuration prompt tells you what level you are at in the
configuration hierarchy. The following router prompt indicates that you
are in OSPF process (ospf), area (ar), and interface (if) configuration
submode:
RP/0/0/CPU0:router(config-ospf-ar-if)#
CLI Inheritance
In Cisco IOS XR, some OSPF parameter values can be inherited from a
higher level of the OSPF configuration hierarchy. With CLI inheritance
support, you do not have to explicitly configure a parameter for an area or
interface if it was defined at a higher level unless you want to set a
different value. For example, some parameters, like the hello interval of
interfaces in the same area, can be inherited from the area or router OSPF
process configuration level:
If the hello interval command is configured at the interface configuration
level, use the interface-configured value; else
If the hello interval command is configured at the area configuration
level, use the area-configured value; else
If the hello interval command is configured at the router OSPF process
configuration level, use the OSPF process-configured value; else
Use the default value.
1030
Version 2.0a
Module 10
CLI Differences
router ospf
area
interface
virtual-link
Version 2.0a
1031
Routing Protocols
Module 10
Configuration Differences
The key differences in OSPF configuration commands between Cisco IOS
and Cisco IOS XR are:
1032
Area commands no longer have an area prefix. For example, the area
authentication command is now just authentication.
The OSPF interface command specifies only the interface type and
number.
Cisco IOS XR OSPF supports Packet over SONET (POS) as a point-topoint network type and Ethernets as broadcast network type.
Alternately, both can be configured as a nonbroadcast (NBMA) network
type with the network non-broadcast command.
The timers spf command is similar to the Cisco IOS timers throttle
spf command.
Version 2.0a
Module 10
Configuration Differences
Cisco IOS
Cisco IOS XR
Instructor's Note
Through IOS XR R3.1, the same interface (POS, GigE) can be configured in multiple OSPF
instances. This is considered a design deficiency that should be corrected in R3.2.
Version 2.0a
1033
Routing Protocols
Module 10
Cisco IOS XR uses the term OSPFv3 to indicate OSPF for IPv6 in the
CLI and configuration tasks. Cisco IOS uses the OSPF for IPv6 term
in documents and the ipv6 keyword is appended to commands.
1034
OSPFv3 does not support route maps, but RPL will be supported postFCS.
Version 2.0a
Module 10
Version 2.0a
1035
Routing Protocols
Module 10
Configuring OSPF
OSPF is enabled from the global configuration mode.
1036
Version 2.0a
Module 10
Version 2.0a
1037
Routing Protocols
Module 10
1038
Version 2.0a
Module 10
Version 2.0a
1039
Routing Protocols
Module 10
1040
Version 2.0a
Module 10
Instructor's Note
OSPF can be configured on MgmtEth interfaces. If both Mgmt Eth interfaces are configured
with compatible OSPF parameters (hello interval, dead interval, etc.), an adjacency will be formed
between them. This results in both interfaces being represented in the router LSA as links to the
same transient network. Normally an OSPF router rejects received hellos with the same router
ID, however the OSPF specification allows this special case for multiple interfaces on the same
network.
Interestingly however, in the same scenario with IS-IS no adjacency will form.
Version 2.0a
1041
Routing Protocols
Module 10
To set the interval during which not seeing hello packets causes the router
to declare the neighbor down, use the dead-interval command. The dead
interval can be specified at the process, area, or interface level. If the dead
interval is specified at the process level, it is inherited by all areas under
that process and all interfaces in each of the areas. If the dead interval is
not set explicitly, it defaults to 30 seconds.
1042
Version 2.0a
Module 10
Version 2.0a
1043
Routing Protocols
Module 10
MD5 Authentication
To enable MD5 authentication for the OSPF process, use the
authentication message-digest command at the router command mode.
This authentication type applies to the operation of all interfaces for the
entire router process unless overridden at a lower hierarchical level, such
as the area or interface. For example, no authentication can be established
on a specific interface if the authenticate null command is used in the
interface submode for that interface.
The message-digest-key command must be used with the
authentication message-digest command to establish keying
information for the MD5 operation. Again, this command can apply to the
OSPF process, area, or interface.
_____________________________ Note _________________________
Your neighbor router must have the same key identifier (key-id).
_________________________________________________________________
1044
Version 2.0a
Module 10
MD5 Authentication
router (config-ospf)#
authentication [message-digest | null]
RP/0/RP0/CPU0:router(config-ospf)# authentication message-digest
router (config-ospf)#
message-digest-key key-id md5 [encryption-type] key
RP/0/RP0/CPU0:router(config-ospf)# message-digest-key 4 md5 key1
Version 2.0a
1045
Routing Protocols
Module 10
1046
Version 2.0a
Module 10
interface Loopback1
ip address 10.234.2.6 255.255.255.255
!
interface POS4/0
ip address 10.50.40.1 255.255.255.0
ip ospf message-digest-key 5 md5
ospf-key
!
router ospf 100
log-adjacency-changes detail
nsf
area 0 authentication message-digest
passive-interface Loopback1
network 10.50.40.0 0.0.0.255 area 0
network 10.234.2.6 0.0.0.0 area 0
interface Loopback1
ip address 10.234.2.6 255.255.255.255
!
interface POS0/4/0/0
ip address 10.50.40.1 255.255.255.0
!
router ospf 100
log adjacency changes detail
nsf
area 0
authentication message-digest
interface Loopback1
passive enable
interface POS0/4/0/0
message-digest-key 5 md5 ospf-key
Version 2.0a
1047
Routing Protocols
Module 10
Cisco IOS XR brings other changes by not supporting certain Cisco IOS
functionality and requiring different configuration:
1048
Version 2.0a
Module 10
Functional Differences
Architecture changes
Hierarchical configuration
Multiple IS-IS instances
Multi-topology as the default behavior
Other changes
IS-IS supports only IP routingno CLNS routing
SNP password validation done by default
Command and keyword consistency changes
Instructor's Note
Although not a hard configuration limit, internal testing of IS-IS was limited to 8 instances.
Version 2.0a
1049
Routing Protocols
Module 10
CLI Differences
The hierarchical Cisco IOS XR CLI results in easier and more logical
configuration. All IS-IS configuration is done and viewed under the IS-IS
routing process, enabling a more deductive flow of commands. IS-IS
interface configuration that was done in Cisco IOS under the global
interface configuration is now accomplished in an interface configuration
submode under the IS-IS router configuration. IPv4 and IPv6 topology
configuration is also accomplished in an address family submode under the
router configuration for instance (process-wide) parameters and under the
IS-IS interface configuration for interface-specific parameters.
_____________________________ Note _________________________
Although a logical hierarchy exists in the IS-IS configuration, no
support exists yet for inheritance of parameter values in the same way
there is for OSPF.
_________________________________________________________________
In general, there are some consistency changes with the CLI syntax in the
IS-IS implementation from Cisco IOS to Cisco IOS XR. Some commands,
keywords, and arguments have changed. Most have the same name, but
may be found in different locations (configuration submodes) due to the
new hierarchical structure.
Some attributes can be associated with IS-IS level 1 or level 2 area
operation. In those cases, such as hello-interval, the level [1|2] form of
the command is used. If the level designation is omitted, the attribute is
associated with both levels by default. In other cases where a tristate value
occurs for an attribute, that is, the Intermediate System is-type can be
level 1 or level 2 or both, Cisco ISO XR uses [level-1|level-2 |level-1-2].
This syntax also allows something other than level-1-2 to be the default.
1050
Version 2.0a
Module 10
CLI Differences
router isis
address-family
interface
address-family
Version 2.0a
1051
Routing Protocols
Module 10
1052
Version 2.0a
Module 10
1 Level 2 instance
2 Level 1 instances
Version 2.0a
1053
Routing Protocols
Module 10
Instructor's Note
In the configuration on the opposite page, weve set the IS-IS attached bit on all LSPs being
advertised by r1 and r2 into their respective Level 1 areas. The destinations in those Level 1 areas
are being redistributed into r3 for advertisement as internal routes to other routers in the
backbone Level 2 area. r3 will be knowledgeable about Level 2 area topology and any destinations
in other connected Level 1 areas.
1054
Version 2.0a
Module 10
router isis r2
is-type level-1
net 49.0002.0000.0000.0002.00
address-family ipv4 unicast
set-attached-bit
!
interface POS0/4/0/2
address-family ipv4 unicast
!
!
!
router isis r3
is-type level-2-only
net 49.0003.0000.0000.0003.00
address-family ipv4 unicast
redistribute isis r1 level-2 metric 0 metric-type internal
redistribute isis r2 level-2 metric 0 metric-type internal
distance 116
!
interface POS0/4/0/3
address-family ipv4 unicast
!
!
!
Version 2.0a
1055
Routing Protocols
Module 10
1056
Version 2.0a
Module 10
Version 2.0a
1057
Routing Protocols
Module 10
Configuration Comparison
In comparing the equivalent Cisco IOS and Cisco IOS XR configurations on
the facing page, the effect that the new hierarchical structure has had on
the location of commands like metric-style and passive should be readily
apparent. Command name changes, such as domain-password and
area-password consolidated to lsp-password with a level keyword, are
also obvious. Notice that the Cisco IOS log-adjacency-changes command
is essentially the same and now is not a single command, but rather a
command log with the required keywords adjacency changes.
1058
Version 2.0a
Module 10
Configuration Comparison
Version 2.0a
1059
Routing Protocols
Module 10
Debugging
Debugging is done from the EXEC prompt, just as in Cisco IOS. The
primary debugging flags are the main troubleshooting categories for Cisco
IOS. They allow you to select a feature of IS-IS and troubleshoot that
particular subprocess of IS-IS. Every main troubleshooting category has
subcategories where flags can be set to filter more specific events within a
subprocess. The flags contained under the primary options are category
specific, which means, for example, that the detail or interface flag that is
available under one subcategory of debugging might not be available under
another subcategory. This methodology follows the same troubleshooting
process that Cisco IOS does.
Filters can be designed to help narrow the troubleshooting process, either
by combining a sequence of debug commands to obtain information about
several subprocesses running or limiting the information displayed using
specific flags contained in the CLI. For example, you can use debug isis
adjacencies to enable debugging output for adjacency events. The
optional interface <type> < number> keyword identifies debugging
information for a specific interface, and the optional keyword detail
enables detailed debugging output.
Instructor's Note
While testing debug isis adjacencies with IOS XR R2.0, the detail keyword didnt seem to have
any effect on the specifics of the debug output; it appeared to be the same with or without the
keyword.
1060
Version 2.0a
Module 10
Debugging
Version 2.0a
1061
Routing Protocols
Module 10
Multicast Routing
Functional Differences
The nonhierarchical multicast configuration in Cisco IOS is replaced in
Cisco IOS XR with a hierarchical-structured CLI that groups each
multicast protocol configuration. Basic multicast operation is configured
under the multicast routing configuration submode and interfaces must be
explicitly enabled.
Internet Group Management Protocol (IGMP) operation is enabled
automatically when an interface is configured for multicast routing. Cisco
IOS XR defaults IGMP to version 3 operation unlike Cisco IOS which
defaults to version 2. Versions 1 and 2 can be configured per interface.
Protocol Independent Multicast (PIM) operation is also enabled
automatically when an interface is configured for multicast routing. Cisco
IOS XR supports sparse mode (SM), source-specific multicast (SSM), and
bidirectional (bidir) PIM operation but not dense mode (DM) configuration.
IOS XR PIM does not support a rate mechanism for switching to the
Shortest Path Tree (SPT). The default behavior switches immediately upon
receiving the initial multicast packet from the Rendezvous Point (RP) for a
SM group. Alternatively, you can force the forwarding to stay on the
shared tree using the spt-threshold infinity command in the router PIM
configuration submode.
Multicast Source Discovery Protocol (MSDP) operation is similar to that in
Cisco IOS except that, in Cisco IOS XR, Source-Active (SA) messages are
sent to peers automatically instead of waiting for an SA request.
For Cisco IOS XR Release 3.2, both IPv4 and IPv6 multicast is supported
on the Cisco CRS-1.
1062
Version 2.0a
Module 10
Multicast Routing
Functional Differences
Hierarchical configuration
Specific router protocol modes
Interfaces must be explicitly enabled
IGMP
Defaults to Version 3
PIM
No dense mode configuration
No rate mechanism for switching to Shortest Path Tree
MSDP
Initiates Source Active messages
IPv4 and IPv6 multicast on CRS-1 at Release 3.2
Instructor's Note
PIM dense mode operation is actually supported for Ciscos auto-RP protocol but can not be
configured for user multicast traffic.
In case a student asks, IOS XR IPv6 multicast is not yet supported on the XR 12000 platform.
Version 2.0a
1063
Routing Protocols
Module 10
CLI Differences
Cisco IOS XR multicast routing also uses a hierarchical configuration
architecture. Multicast protocol-specific configuration has been grouped
under the appropriate router process (IGMP, PIM, or MSDP) level
submode. Interface configuration commands entered in the router process
mode are inherited on all protocol interfaces, unless specifically changed at
the protocol interface level configuration submode.
Most configuration parameters have remained the same (with elimination
of the Cisco IOS ip <protocol> prefix in the command). Some new show
and debug commands have been added.
1064
Version 2.0a
Module 10
Multicast Routing
CLI Differences
router igmp
router pim
router msdp
interface
interface
interface
peer
Version 2.0a
1065
Routing Protocols
Module 10
Configuring Multicast
To configure multicast routing in Cisco IOS XR, first use the multicastrouting command in the global router configuration mode. Next, specify
the interfaces that are enabled for multicast, using the interface
<type><number> command to enter the interface configuration submode.
To activate multicast routing on interfaces, you must explicitly enable
them in the interface configuration submode with the enable command.
Alternatively, the interface all enable command entered in the router
configuration mode can activate multicast operation on all interfaces.
To turn off multicast routing on a particular interface, use the disable
command in the interface configuration submode.
In Cisco IOS XR, IGMP and PIM are activated by default on all interfaces
that are enabled for multicast, unless they are explicitly disabled in the
router pim or router igmp interface configuration submode.
_____________________________ Note _________________________
Although you can enable management Ethernet (MgmtEth) interfaces
for multicast routing and configure multicast routing protocols, no
multicast forwarding or protocol operation takes place on those
interfaces. Multicast operation is coded off and cannot be activated.
_________________________________________________________________
1066
Version 2.0a
Module 10
Multicast Routing
Configuring Multicast
RP/0/0/CPU0:router(config)#
Configure IPv4 multicast routing
RP/0/RP0/CPU0:router(config)# multicast-routing
RP/0/0/CPU0:router(config-mcast-ipv4)#
Enable all interfaces to take part in multicast
RP/0/RP0/CPU0:router(config-mcast-ipv4)# interface all enable
RP/0/0/CPU0:router(config-mcast-ipv4)#
Disable a specific interface from taking part in multicast
RP/0/RP0/CPU0:router(config-mcast-ipv4)# interface POS0/4/0/0
RP/0/RP0/CPU0:router(config-mcast-ipv4-if)# disable
Version 2.0a
1067
Routing Protocols
Module 10
PIM Configuration
To configure PIM-specific parameters on your router, use the router pim
command in the global configuration mode. All other PIM commands are
entered in the router PIM (process) submode or the PIM interface submode
below the PIM process. This configuration is necessary only if you want to
change the default operation of PIM, which is automatically enabled on all
active multicast interfaces unless otherwise disabled.
If your router is not an RP and cannot learn necessary RP addresses using
auto-RP operation, which is enabled by default, configure static RP
addresses using the rp-address command in the router PIM submode.
1068
Version 2.0a
Module 10
Multicast Routing
PIM Configuration
RP/0/0/CPU0:router(config)#
Configure PIM-specific behavior
RP/0/RP0/CPU0:router(config)# router pim
RP/0/0/CPU0:router(config-pim-ipv4)#
Version 2.0a
1069
Routing Protocols
Module 10
1070
Version 2.0a
Module 10
Multicast Routing
RP/0/0/CPU0:router(config-pim-ipv4)#
Configure PIM auto-RP candidate RP and mapping agent as necessary
RP/0/RP0/CPU0:router(config-pim-ipv4)# auto-rp candidate-rp
loopback 0 scope 16
RP/0/RP0/CPU0:router(config-pim-ipv4)# auto-rp mapping-agent
loopback 0 scope 16
RP/0/0/CPU0:router(config-pim-ipv4)#
Configure any PIM interface-specific parameters
RP/0/RP0/CPU0:router(config-pim-ipv4)# interface POS0/4/0/0
RP/0/RP0/CPU0:router(config-pim-ipv4-if)# hello-interval 100
Instructor's Note
Although auto-RP is a non-standard (non-RPF-based) function requiring dense mode PIM
operation to advertise control traffic, it provides an important failover advantage that static RP
assignment does not. With auto-RP, you can configure multiple routers as RP candidates. Should
the elected RP stop operating, one of the other preconfigured routers takes over the RP
functions. This capability is controlled by the auto-RP mapping agent.
Version 2.0a
1071
Routing Protocols
Module 10
Configuration Comparison
A fundamental difference exists in the basic configuration of multicast on
Cisco IOS and Cisco IOS XR. In Cisco IOS, you configure multicast routing
and then configure PIM on an interface, which automatically enables PIM
and IGMP operation. In Cisco IOS XR, you configure multicast routing
and enable an interface, which automatically activates PIM and IGMP
operation. You only have to configure only a PIM interface if you want to
modify its default parameter values.
1072
Version 2.0a
Module 10
Multicast Routing
Configuration Comparison
Cisco IOS XR
Cisco IOS
Enable Multicast:
Enable Multicast:
interface POS4/0
ip multicast-routing
multicast-routing
interface POS0/4/0/0
enable
PIM Configuration:
PIM Configuration:
interface POS4/0
ip pim sparse-mode
!
ip pim rp-address 1.1.1.1
ip pim send-rp-announce loopback0
scope 16
ip pim send-rp-discovery loopback0
scope 16
Cisco IOS XR
Cisco IOS
IGMP Configuration:
IGMP Configuration:
interface POS4/0
ip igmp version 3
router igmp
interface POS0/4/0/0
version 3
MSDP Configuration:
MSDP Configuration:
router msdp
peer 10.39.9.6
sa-filter in list 111
sa-filter out list 111
Version 2.0a
1073
Routing Protocols
Module 10
Summary
Routing Protocols
In this module, you learned:
1074
Version 2.0a
Module 10
Review Questions
Routing Protocols
1. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
2. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
3. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
4. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
5. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
2005 Cisco Systems, Inc.
Version 2.0a
1075
Routing Protocols
Module 10
1076
Version 2.0a
Module 11
Routing Policy Language
Overview
Description
This module teaches the Routing Policy Language (RPL). It describes RPL
architecture, defines syntax, and demonstrates a methodology to convert
route maps to RPL.
Objectives
After completing this module, you will be able to:
Version 2.0
111
Module 11
RPL Overview
Motivation
Classic Cisco IOS route maps have inherent scaling issues because of their
non-modular structure. Reuse of common policy is not possible because
there is no way to refer from one route map to another. Systems on the
scale of CRS-1 could possible need support for 1000s of route maps with
their implied redundancy.
112
Version 2.0
Module 11
RPL Overview
Motivation
Instructor Notes
Rewrote one major ISPs 15K lines of route maps in 1K lines of RPL policy.
Version 2.0
113
Module 11
114
Version 2.0
Module 11
RPL Overview
Version 2.0
115
Module 11
Fundamental Capabilities
The RPL has several fundamental capabilities that differ from those
present in traditional IOS route-map and acl/prefix-list oriented
configuration.
The first of these capabilities is the ability to build policies in a modular
form. Common blocks of policy can be defined and maintained
independently. These common blocks of policy can then be applied from
other blocks of policy to build complete (hierarchical) policies. This
capability can reduce the amount of configuration information that needs
to be maintained.
In addition, these common blocks of policy can be parameterized. This
allows for policies that share the same structure but differ in the specific
values that are set or matched against to be maintained as independent
blocks of policy.
116
Version 2.0
Module 11
RPL Overview
Fundamental Capabilities
Modularization
Parameterization
Question?
Do we need a more direct comparison between RPL and IOS route map/list mechanisms? More
specifics, like persistent comments?
Version 2.0
117
Module 11
118
Version 2.0
Module 11
RPL Overview
Version 2.0
119
Module 11
Infrastructure
Supporting RPL are four main components involved in configuring and
running policies:
Configuration front-end (CLI)Is the mechanism to enter and modify
policies. RPL configurations are committed to the router in the same way
other configurations are committed and may be displayed using the normal
configuration show commands.
Policy RepositoryCompiles created or modified policies into a form the
execution engine can understand. During this process it vverifies the
policies to be sure they can be executed properly. The Policy Repository
also tracks policy use and notifies the appropriate policy clients when inuse policies are modified.
Policy execution engineIs responsible for running policies as requested
by the policy client. It can be thought of as receiving a route from a policy
client and executing the policy against the specific route data.
Policy clients (the routing protocols)Call the policy execution engine at
the appropriate times to have a given policy applied to a specific route and
then carries out some number of actions. These actions may include
deleting the route from further consideration, passing it along as a
candidate for the best route, or advertising a modified route as
appropriate.
1110
Version 2.0
Module 11
RPL Overview
Infrastructure
Routing protocols
Policy configuration
Policy Repository
Execution Engine
Clients
(protocols)
Version 2.0
1111
Module 11
RPL Description
Basic Building Blocks and Functions
The policy language provides two kinds of persistent, namable objects: sets
and policies. Legal names for these objects can be any sequence of the
upper and lowercase alphabetic characters; the numerals 09; the
punctuation characters period, hyphen, and underbar. A name must begin
with a letter or numeral.
There are four kinds of sets: as-path-set, community-set, extcommunityset and prefix-set.
or:
prefix-set test2
[ . . . Prefix set statements . . . ]
end-set
1112
Version 2.0
Module 11
RPL Description
Route Policy
Language
AS Path Sets
Route Policies
Policy Sets
Community
Sets
Extended
Community
Sets
Version 2.0
Prefix Sets
1113
Module 11
Hierarchical Policy
Policy statements are processed sequentially in the order in which they
appear in the configuration. Policies that hierarchically reference other
policy blocks are processed as if the referenced policy blocks had been
directly substituted inline. Policies may refer to other policies such that
common blocks of policy may be reused. This is accomplished by using the
apply statement.
In the simple example on the facing page, the apply statement in policy
two causes policy one to be executed setting the Multi Exit Discriminator
(MED) attribute to 100 in any BGP route processed by policy two.
Continuing execution of policy one sets the community to 10:100. This is an
example of a hierarchical policy.
_____________________________ Note _________________________
You may have as many levels of hierarchy as desire; there is no arbitrary
limit. However, many levels of hierarchy may be difficult to maintain and
understand. Since policy execution is dynamic, changes to one policy affect
all those policies that reference it directly or indirectly.
_________________________________________________________________
1114
Version 2.0
Module 11
RPL Description
Hierarchical Policy
Version 2.0
1115
Module 11
Parameterized Policy
In addition to supporting reuse of policy blocks via the apply statement,
policies can also be defined which allow for parameterization of some of the
attributes. The trivial example on the facing page contains a
parameterized policy one which takes one parameter $med. Parameters
always begin with a dollar sign and consist otherwise of alphanumeric
characters.
Parameters can be substituted into any attribute that takes a parameter.
In this case we are passing a 16-bit MED value as a parameter. The
parameterized policy can then be used with different parameterizations as
shown. In this manner, policies that share a common structure but use
different values in some of their individual statements can be modularized.
1116
Version 2.0
Module 11
RPL Description
Parameterized Policy
Instructor's Note
For software engineers coding in a procedural language, this is like passing a parameter by value.
The equivalent of passing a parameter by reference is not allowed in the RPL.
Version 2.0
1117
Module 11
Attach Point
Policies do not become useful until they are applied to routes. For that to
happen they need to become known to routing protocols. As an example, in
BGP there are several places where policies can be used, the most common
of these is defining import and export policy:
neighbor <name or address>
address-family ipv4 unicast
policy <name> in|out
1118
Version 2.0
Module 11
RPL Description
Attach Point
neighbor 1.2.3.3
address-family ipv4 unicast
policy foo in
policy bar out
Version 2.0
1119
Module 11
The default originate attach point allows the default route (0.0.0.0/0) to be
conditionally generated and advertised to a peer, based on the presence of
other routes in the Routing Information Base (RIB). If any routes pass the
policy, the default route is generated and sent to the relevant peer.
Neighbor export/import
The neighbor export attach point is used to select the BGP routes to send
to a given peer or group of peers. The routes are selected by running the
set of possible BGP routes through the associated policy. Any routes that
pass the policy are then sent as updates to the peer or group of peers. The
routes that are sent may have had their BGP attributes altered by the
policy that has been applied.
The neighbor import attach point controls the reception of routes from a
specific peer. All routes that are received by a peer are run through the
attached policy. Any routes that pass the attached policy are considered as
candidates for selection as best path routes.
Network
The network attach point controls the injection of routes from the RIB into
BGP. A route policy attached at this point is able to set any of the valid
BGP attributes on the routes that are being injected.
1120
Version 2.0
Module 11
RPL Description
Aggregation
table-policy policy-name
Instructor's Note
Value Added: IGP policy attach points as of IOS XR Release 3.0
OSPF default originate and redistribute
IS-IS redistribute
Version 2.0
1121
Module 11
Redistribute
The show bgp attach point allows the user to display selected BGP routes
that pass the given policy. Any routes that are not dropped by the attached
policy will be displayed in a manner similar to the output of the show bgp
command. There is also a show bgp policy route-policy command which
previews the effects of a BGP neighbor export (outbound) policy by running
all routes in the RIB past the named policy. This command then displays
what each route looked like before and after it was modified.
Table
The table policy attach point allows the user to configure traffic-index
values on routes as they are installed into the global routing table. This
attach point supports the BGP policy accounting feature which uses the
traffic indexes that are set on the BGP routes to track various counters.
This way, you can select different sets of BGP route attributes using the
policy matching operations and then set different traffic indexes for each
class of route you are interested in tracking.
1122
Version 2.0
Module 11
RPL Description
Aggregation
table-policy policy-name
Instructor's Note
Value Added: IGP policy attach points as of IOS XR Release 3.0
OSPF default originate and redistribute
IS-IS redistribute
Version 2.0
1123
Module 11
Sets
In this context, the term set is used in its mathematical sense to mean an
unordered collection of unique elements. The policy language provides sets
as a container for groups of values for matching purposes within
conditional expressions. There are four kinds of sets: as-path-set,
community-set, extcommunity-set and prefix-set.
Named sets are defined at global configuration level and referenced from
conditionals within policy definitions. The set elements are bracketed
between a set type statement and an end-set statement with set elements
separated by comments:
as-path-set aset1
ios-regex _42$,
ios-regex _127$
end-set
This inline set above matches exactly the same AS paths as the named set
aset1, but does not require the extra effort of creating a named set separate
from the policy that uses it. Inline sets are used when the number of
elements is small and the set does not need to be referenced from other
policies.
1124
Version 2.0
Module 11
RPL Description
Sets
Version 2.0
1125
Module 11
Prefix Set
A prefix-set holds IPv4/IPv6 prefix match specifications, each of which has
four parts: an address, a mask length, a minimum matching length, and a
maximum matching length. The address is required, but the other three
parts are optional.
The address is a standard dotted-decimal IPv4 address or hexadecimal
IPv6 address. The mask length, if present, follows the address and is
separated from it by a slash. It is a positive decimal integer in the range
from 0 to 32 for IPv4 and from 0 to 128 for IPv6. If a prefix match
specification has no mask length, then the default mask length is 32 (IPv4)
or 128 (IPv6).
The optional minimum matching length follows the address and optional
mask length and is expressed as the keyword ge (mnemonic for greater
than or equal to), followed by a positive decimal integer in the range from 0
to 32 (IPv4) or 0 to 128 (IPv6). Finally, the optional maximum matching
length follows the rest and is expressed by the keyword le (mnemonic for
less than or equal to), followed by yet another positive decimal integer in
the range from 0 to 32 (IPv4) or 0 to 128 (IPv6). A syntactic shortcut for
specifying an exact length for prefixes to match is the eq keyword,
mnemonic for equal to.
The default minimum matching length is the mask length. If a minimum
matching length is specified, then the default maximum matching length is
32 (IPv4) or 128 (IPv6). Otherwise, if neither minimum nor maximum is
specified, the default maximum is the mask length.
_____________________________ Note _________________________
IPv6 addresses and prefixes are supported only for the BGP protocol.
Prefix sets may contain prefix specifications for both IPv4 and IPv6
using dotted-decimal and colon-separated hexadecimal formats,
respectively. However, IPv6 matching on destination, source, and next
hop and setting of IPv6 next hops is only supported at BGP attach
points
_________________________________________________________________
1126
Version 2.0
Module 11
RPL Description
Prefix Set
mask length
Version 2.0
1127
Module 11
The first element of the prefix-set will match only one possible value,
10.0.1.1/32 or the host address 10.0.1.1. The second element will match
only one possible value, 10.0.2.0/24. The third element will match a range
of prefix values, from 10.0.3.0/28 to 10.0.3.255/32. The fourth element will
match a range of values, from 10.0.4.0/24 to 10.0.4.240/28. The fifth
element matches prefixes in the range from 10.0.5.0/26 to 10.0.5.252/30.
The sixth element will match any prefix of length 28 in the range from
10.0.6.0/28 through 10.0.6.240/28.
The following prefix-set consists entirely of illegal prefix match
specifications:
prefix-set ILLEGAL-PREFIX-EXAMPLES
10.1.1.1 ge 16,
10.1.2.1 le 16,
10.1.3.0/24 le 23,
10.1.4.0/24 ge 33,
10.1.5.0/25 ge 29 le 28
end-set
1128
Version 2.0
Module 11
RPL Description
Version 2.0
1129
Module 11
AS Path Set
This inline form set matches exactly the same AS paths as the named set
shown on the facing page, but does not require the extra effort of creating a
named set separate from the policy that uses it:
(ios-regex '_42$', ios-regex '_127$')
1130
Version 2.0
Module 11
RPL Description
AS Path Set
as-path-set aset1
ios-regex _42$,
ios-regex _127$
end-set
Version 2.0
1131
Module 11
Community Set
A community-set holds community values for matching against the BGP
community attribute. A community is a 2 * 16-bit quantity. For notational
convenience, each community value is expressed as two unsigned decimal
integers in the range 0 to 65535, separated by a colon.
The following inline set is equivalent to the named set cset1 on the facing
page:
(12:34, 12:56, 12:78)
The language also provides symbolic names for the standard well-known
community values: internet is 0:0, no-export is 65535:65281, noadvertise is 65535:65282, and local-as is 65535:65283.
community-set cset2
123:456,
no-advertise
end-set
1132
Version 2.0
Module 11
RPL Description
Community Set
Version 2.0
1133
Module 11
There are two Border Gateway Protocol (BGP) extended communities types
currently supported. The Route Target (RT) community identifies one or
more routers that may receive a set of BGP routes carrying this
community. The Site of Origin (SoO) community (also known as Route
Origin community) identifies one or more routers that inject a set of routes
carrying this community into BGP. These named communities are entered
as one of the following:
Extended community sets also support both named and inline forms. The
following inline set is equivalent to the named set extcomm-set1 on the
facing page:
(RT:1.2.3.4:666, RT:1234:6667, SoO:1.2.3.4:777, SoO:45678:777)
1134
Version 2.0
Module 11
RPL Description
extcommunity-set extcomm-set1
RT:1.2.3.4:666,
RT:1234:666,
SoO:1.2.3.4:777,
SoO:4567:777
end-set
Version 2.0
1135
Module 11
Conditional Statements
The if-then-else statements provide a set of conditions and actions
- conditions come after the if or elseif
- actions come after the then
In its simplest form, an if statement uses a conditional expression to
decide which action(s) or disposition(s) should be taken for the given route.
For example:
if as-path in as-path-set-1 then
drop
endif
The above example indicates that any routes whose as-path is in the set aspath-set-1 shall be dropped. The contents of the then clause may be an
arbitrary sequence of policy statements:
if (origin is igp) then
set med 42
prepend as-path 73 5
endif
The RPL also provides a conditional syntax using the elseif keyword to
string together a sequence of tests:
if med eq 150 then
set local-preference 10
elseif med eq 200 then
set local-preference 60
else
set local-preference 0
endif
1136
Version 2.0
Module 11
RPL Description
Conditional Statements
Version 2.0
1137
Module 11
Nested Conditionals
The statements within an if statement may themselves be if statements,
as shown in the following example:
if community matches-any (12:34, 56:78) then
if med eq 8 then
drop
endif
set local-preference 100
endif
The above policy example will set the value of the local-preference
attribute to 100 on any route which has a community value of 12:34 or
56:78 associated with it. However, if any of these routes with both the
community value of 12:34 or 56:78 has a MED value of 8, then these routes
are dropped.
_____________________________ Note _________________________
Nesting allows you to set up a precondition which cannot easily be done
in a route map. In a route-map, the precondition would have to be
replicated in each route-map clause.
_________________________________________________________________
1138
Version 2.0
Module 11
RPL Description
Nested Conditionals
Version 2.0
1139
Module 11
Boolean Conditions
In the previous section describing conditional if statements, all of the
examples used simple Boolean conditions which evaluated to either true or
false. The RPL also provides means to build compound conditions from
simple conditions by means of three Boolean operators: negation (not),
conjunction (and), and disjunction (or). In RPL, negation has the highest
precedence, followed by conjunction, and then by disjunction. Parentheses
may be used to group compound conditions to override precedence or to
improve readability.
The following simple condition:
med eq 42
will be true if and only if the value of the MED in the route is 42, otherwise
it will be false.
A simple condition may also be negated using the not operator:
not next-hop in(10.0.2.2)
1140
Version 2.0
Module 11
RPL Description
Boolean Conditions
Version 2.0
1141
Module 11
Compound Conditions
A compound condition is a Boolean condition followed by the and or or
operator, itself followed by a Boolean condition:
med eq 42 and next-hop in (10.0.2.2)
origin is igp or origin is incomplete
1142
Version 2.0
Module 11
RPL Description
Compound Conditions
For example
med eq 10 and not destination in (10.1.3.0/24) or community is (56:78)
Version 2.0
1143
Module 11
Default Drop
All route policies have a default action to drop a route under evaluation
unless it is accepted. In IOS route-maps this is determined by a successful
match. In RPL this is determined when the route is modified (set) or
explicitly passed (pass).
Applied (hierarchical) policies implement this as though the applied policy
were pasted into the point where it is applied. As an example, consider a
policy to allow all routes in the 10 net and set their local-preference to 200
while dropping all other routes:
route-policy two
if destination in (10.0.0.0/8 ge 8 le 32) then
set local-preference 200
endif
end-policy
route-policy one
apply two
end-policy
At first it may seem that policy one will drop all routes because it neither
contains an explicit pass statement nor modifies a route attribute.
However, because the applied policy two does set an attribute, the net
result is that policy one will pass routes with destinations in net 10 and
drop all others. It is the same as if policy one were written:
route-policy one
if destination in (10.0.0.0/8 ge 8 le 32) then
set local-preference 200
endif
end-policy
1144
Version 2.0
Module 11
RPL Description
Default Drop
Acceptance determined by
Version 2.0
1145
Module 11
will only drop routes which originally had the MED set to 42; all other
routes will have their MED set to 42. A route which had an initial MED of
15 will have its MED set to 42 but will not be dropped because the
conditional compares the MED value of 15 in the original route not the
modified value.
1146
Version 2.0
Module 11
RPL Description
Version 2.0
1147
Module 11
1148
Version 2.0
Module 11
Attribute
BGP
as-path
community
dampening
destination
extended community
local preference
med
next-hop
origin
route-type
Cisco
source
suppress
tag
traffic-index
weight
Instructors Note
This module only covers RPL support for BGP route attributes. RPL also supports attributes
and operations for OSPF and IS-IS but they are not covered in this course.
Version 2.0
1149
Module 11
AS Path
In its simplest form, the AS path is a sequence of autonomous system
numbers traversed by a BGP route. In its more complex form, it is a
sequence of chunks each of which is either a sequence (ordered list) of AS
numbers or a (unordered list) set of AS numbers. RPL provides several
operations on the AS path: matching the AS path of a route against an aspath-set using various operators, prepending an AS number to an AS path
one or more times, and conditional checks based on the length of the AS
path.
An as-path-set comprises operations for matching an AS path attribute.
The only matching operation is a regular expression match, compatible
with the as-regexp provided by Cisco IOS in ip as-path access-list.
The is-local operator takes no arguments and evaluates to true for AS
paths that are empty. This test would be typically used to determine if this
router (or another router within this autonomous system or confederation)
originated the route. Routes that are locally originated within the
autonomous system, or confederation, carry an empty AS path. Per the
BGP specification, when a route is advertised across the autonomous
system boundary or a confederation boundary, the local AS number or
confederation id is appended to the AS path. The AS path of a locally
originated aggregate is also empty unless it has been modified by policy.
The neighbor-is operator tests the autonomous system number or
numbers at the head of the AS path against a sequence of one or more
integral values or parameters. In other words, it tests to see if the
sequence of AS numbers matches the path beginning with the neighboring
AS from which this route was heard.
The passes-through operator takes a single-quoted sequence of integers
or parameters as an argument. It can also take a single integer or
parameter as an argument. It evaluates to true if the supplied integer or
parameter appears anywhere in the AS path or if the supplied sequence of
integers and parameters appears in the same order anywhere in the AS
path. This includes the originates-from or neighbor-is locations in the
AS path.
1150
Version 2.0
Module 11
As Path
as-path -- Match
if
if
if
if
if
if
if
as-path
as-path
as-path
as-path
as-path
as-path
as-path
in as-path-set-1 then
is-local then
length eq 10 then
neighbor-is 10 then
originates-from 100 then
passes-through 10 11 then
unique-length eq 5 then
as-path -- Assignment
prepend as-path 2 3
prepend as-path 666 2
Instructor's Note
The required arguments for prepend as-path are the AS number to prepend to the AS path and
the number of times it should be prepended. The Release 2.0 online help is not clear about this.
It should be cleaned up in a subsequent release.
Version 2.0
1151
Module 11
Community
Communities are 2*16-bit values carried in BGP routes. Each route may
have zero or more communities in an unordered list. To test for the
presence of community values in the list (is-empty), test for any
community values in the list matching some (matches-any) or all
(matches-every) elements of a community-set, delete community values
from the list (delete), add community values to the list (set additive), or
replace the list with a defined set of community values (set) use the
community attribute with the appropriate operator(s).
1152
Version 2.0
Module 11
Community
community -- Match
if community is-empty then
if community matchs-any c1 then
if community matchs-every c2 then
community -- Assignment
set community (10:12)
set community ($as:12) additive
delete community in ($as:12, 10:$tag)
delete community not in keepcomm
delete community all
Instructor's Note
The difference between matches-any and matches-all is that matches-any is true if any
community in the route matches any community listed in the community-set. Whereas, matchesall is true only if each community in the community-set matches at least one community in the
route.
Version 2.0
1153
Module 11
Community Deletion
The command delete community all will remove all communities except
the well-known communities (internet, no-export, no-advertise, or local-as).
You can delete well-known communities but it must be done explicitly.
___________________________CAUTION _______________________
In general, there should be few circumstances where a wellknown community needs to be removed.
_________________________________________________________________
1154
Version 2.0
Module 11
Community Deletion
Version 2.0
1155
Module 11
Dampening
To configure BGP route dampening, use the set dampening command.
The BGP protocol supports route dampening via an exponential back-off
algorithm. The algorithm can be controlled by setting the four BGP
dampening values using the set dampening command:
set dampening <1-4 dampening parameters> [others default]
The dampening parameters are halflife, reuse, suppress, and maxsuppress (defined below). They are all optional provided that at least one
parameter is supplied and may appear in the statement in any order. If the
statement defines values for three or fewer of the parameters, then the
statement must end with others default indicating that any parameter
(listed below) not specified in the statement will receive its default value.
halflife
Once the route has been assigned a penalty, the penalty is decreased by
half after the halflife period. The process of reducing the penalty happens
every 5 seconds. The range of the half-life period is 1 to 45 minutes. The
default is 15 minutes.
reuse
If the penalty for a flapping route decreases enough to fall below this value,
the route is unsuppressed. The process of un-suppressing routes occurs at
10-second increments. The range of the reuse value is 1 to 20,000; the
default is 750.
suppress
A route is suppressed when its penalty exceeds this limit. The range is 1 to
20,000; the default is 2000.
max-suppress
1156
Version 2.0
Module 11
Dampening
route-policy foo-damp
if destination in (10.0.0.0/24 ge 28) then
set dampening max-suppress 30 halflife 10 others default
else
set dampening halflife 20 max-suppress 45 reuse 750
suppress 1000
endif
end-policy
Version 2.0
1157
Module 11
Destination
The destination of a route is also known in BGP as its network-layer
reachability information (NLRI). It comprises a prefix value and a mask
length. The policy language provides the ability to test them for a match
against a list of prefix-match specifications.
To match a destination entry in a named prefix-set or inline prefix-set, use
the destination in command in route-policy configuration mode:
destination in <prefix-set name> | <inline prefix-set>
The condition returns true if the destination entry matches any entry in
the prefix-set. An attempt to match a destination using a prefix-set that is
defined but contains no elements returns false.
1158
Version 2.0
Module 11
Destination
destination -- Match
if destination in (10.0.0.0/8 ge 8 le 32) then
set local-preference 200
endif
Version 2.0
1159
Module 11
Extended Community
Extended communities are 64-bit values carried in BGP routes. Each route
may have zero or more extended communities in an unordered list. To test
for the presence of community values in the list (is-empty), test for any
community values in the list matching some (matches-any) or all
(matches-every) elements of a community-set, use the extcommunity
attribute with the appropriate operator(s).
Matching of an extended community in the route against a specification in
a named or inline set is intuitive. Because there is no use of wildcards with
extended communities, a community in the route matches a specification in
the set if they encode the same 64-bit number.
1160
Version 2.0
Module 11
Extended Community
extcommunity -- Match
if extcommunity matchs-any ec1 then
If extcommunity matchs-every ec2 then
If extcommunity is-empty then
Version 2.0
1161
Module 11
Local Preference
The local preference attribute is a 32-bit value exchanged between routers
in the same AS as an indication about which path to a certain network is
preferred in exiting the AS. A path with a higher local preference is more
preferred. The default value for local preference is 100 which can be
modified using the bgp default local-preference command in router
BGP configuration mode.
You can define a particular path as more preferable or less preferable than
other paths by setting its local preference attribute value in route-policy
configuration mode:
set local-preference <preference-value>
1162
Version 2.0
Module 11
Local Preference
local-preference -- Assignment
set local-preference 200
Version 2.0
1163
Module 11
MED
The MED attribute is a 32-bit unsigned integer passed between BGP peers
in different ASes indicating a desire for incoming traffic to a particular
NLRI to be received on a particular route. The MED isn't communicated to
ASes beyond the neighboring AS. It is intended to be used in distributing
incoming traffic where there is more than one connection between a pair of
ASes; setting a higher MED for one route will make the traffic flow over
the other.
To compare the Multi-Exit Discriminator (MED) against an integer value
or a parameterized value, use the med command in route-policy
configuration mode:
med {eq | ge | le} <integer> | <parameter>
1164
Version 2.0
Module 11
MED
med -- Match
if (med eq 10) then ...
med -- Assignment
set med 10
Instructor's Note
In RPL, the route attribute metric is NOT overloaded in each protocol. The keyword med is
introduced to refer to the BGP multi-Exit discriminator. The keyword cost is used to refer to the
OSPF cost. The keyword metric refers to the IS-IS metric.
Version 2.0
1165
Module 11
Next-Hop
The next-hop is a dotted-decimal IPv4 address or colon-separated
hexadecimal IPv6 address. To compare the next-hop associated with the
route to data contained in either an inline or named prefix set, use the
next-hop in command in route-policy configuration mode:
next-hop in <prefix-set name> | <inline prefix-set>
The result is true if any value in the prefix-set matches the next-hop of the
route. A comparison which refers to a named prefix-set which has zero
elements in it returns false.
1166
Version 2.0
Module 11
Next-Hop
next-hop -- Match
if next-hop in some-prefix-set then ...
if next-hop in (10.2.23.4, 10.3.14.5) then ...
Version 2.0
1167
Module 11
Origin
The origin of a BGP route is an enumeration; it is either igp, egp or
incomplete. To match a specific origin type, use the origin is command
in route-policy configuration mode:
origin is {igp | egp | incomplete}
1168
Version 2.0
Module 11
Origin
origin -- Match
if origin is igp or origin is incomplete then
origin -- Assignment
set origin incomplete
Version 2.0
1169
Module 11
Source
The source of a BGP route is the IPv4 or IPv6 peering address of the
neighboring router from which you received a BGP route. To test the
source of the route against the elements of either a named or inline prefix
set, use the source in command in route-policy configuration mode:
source in <prefix-set name> | <inline prefix-set>
1170
Version 2.0
Module 11
Source
source -- Match
Version 2.0
1171
Module 11
Tag
A tag is a 32-bit integer associated with a given route in the RIB. To match
a specific tag value, use the tag command in route-policy configuration
mode:
tag {eq | ge | le} {integer | parameter}
1172
Version 2.0
Module 11
Tag
tag -- Match
if tag eq 10 then
tag -- Assignment
set tag 20
Version 2.0
1173
Module 11
Traffic-Index
The traffic-index is a special attribute for Ciscos BGP implementation. It
is not a BGP attribute carried with BGP routes but is a value that can be
set to support the BGP accounting feature. It is used as an index into a set
of counters maintained by the forwarding hardware. Traffic indexes can be
used to count traffic being forwarded on these routes in line cards by
enabling the BGP policy accounting counters on the interfaces of interest.
The traffic-index takes a value in the range from 1 to 63 inclusive or the
special keyword ignore. If traffic-index is set to ignore, then BGP policy
accounting is not done.
It is only valid to set the traffic-index in policies that are attached to the
table-policy attach point.
1174
Version 2.0
Module 11
Traffic-Index
traffic-index -- Assignment
set traffic-index 10
set traffic-index $tindex
set traffic-index ignore
Version 2.0
1175
Module 11
Weight
The weight of a route is a Cisco-specific BGP attribute used as the
strongest tie-breaker in the BGP route selection process. Given two BGP
routes with the same NLRI, a route with a higher weight will always be
chosen no matter what the value of other BGP attributes may be. Weight
only has significance on the local router; it is never sent between BGP
peers.
Weight is a number from 0 to 65535. Any path that a Cisco router
originates will have a default weight of 32768; other paths have weight of
0.
Usage
If you have particular neighbors that you want to prefer for most of
your traffic, you can assign a higher weight to all routes learned from
that neighbor.
1176
Version 2.0
Module 11
Weight
weight -- Assignment
Version 2.0
1177
Module 11
1178
Version 2.0
Module 11
Version 2.0
1179
Module 11
1180
Version 2.0
Module 11
ip prefix-list 101
10 permit 10.48.0.0/16 le 32
20 permit 172.48.0.0/19
30 permit 192.168.3.0/24
ip prefix-list 102
10 permit 172.16.10.0/24
20 permit 192.168.8.0/21
30 permit 192.168.32.0/21
ip community-list 1
10 permit 10:11
ip community-list 2
10 permit 10:12
ip community-list 3
10 permit 10:13
ip community-list 4
10 permit 10:14
Version 2.0
1181
Module 11
1182
Version 2.0
Module 11
Version 2.0
1183
Module 11
Direct Translation
First take the ip prefix-list command and translate it into the RPL
prefix-set command. Only the network content of the statements, not the
sequence numbers or permit/deny, is retained with commas separating
each network. RPL uses the end-set command to show where the set ends.
The ip community list command similarly changes to the RPL
community-set command. The communities are entered in a similar
fashion under the community-set command but again without any
sequence number or permit/deny.
1184
Version 2.0
Module 11
Direct Translation
prefix-set ps101
10.48.0.0/16 le 32,
172.48.0.0/19,
192.168.3.0/24
end-set
prefix-set ps102
172.16.10.0/24,
192.168.8.0/21,
192.168.32.0/21
end-set
community-set cs1
10:11
end-set
community-set cs2
10:12
end-set
community-set cs3
10:13
end-set
community-set cs4
10:14
end-set
Version 2.0
1185
Module 11
1186
Version 2.0
Module 11
Version 2.0
1187
Module 11
1188
Version 2.0
Module 11
Version 2.0
1189
Module 11
Nest Conditionals
Common operations in the first policy can now be coalesced by nesting the
conditionals, testing the destination address only once, and setting the
community only once.
1190
Version 2.0
Module 11
Nest Conditionals
Version 2.0
1191
Module 11
1192
Version 2.0
Module 11
route-policy policy2
if destination in ps102 then
set community (12:35) additive
if community matches-any cs1 then
set med 11
elseif community matches-any cs2 then
set med 12
elseif community matches-any cs3 then
set med 13
elseif community matches-any cs4 then
set med 14
else
set med 100
endif
endif
end-policy
Version 2.0
1193
Module 11
1194
Version 2.0
Module 11
route-policy policy1
if destination in ps101 then
set community (12:34) additive
if community matches-any (10:11) then
set med 11
elseif community matches-any (10:12) then
set med 12
elseif community matches-any (10:13) then
set med 13
elseif community matches-any (10:14) then
set med 14
else
set med 100
endif
endif
end-policy
Version 2.0
1195
Module 11
1196
Version 2.0
Module 11
route-policy policy2
if destination in ps102 then
set community (12:35) additive
if community matches-any (10:11) then
set med 11
elseif community matches-any (10:12) then
set med 12
elseif community matches-any (10:13) then
set med 13
elseif community matches-any (10:14) then
set med 14
else
set med 100
endif
endif
end-policy
Version 2.0
1197
Module 11
Parameterize
Create a parameterized policy block containing the common policy
structure from both policies and passing the unique community value in as
a parameter.
1198
Version 2.0
Module 11
Parameterize
Version 2.0
1199
Module 11
Parameterize (continued)
Finally, reduce the two policies by applying the parameterized policy in
place of their similar policy structure now contained in the parameterized
policy and passing it their unique community value.
11100
Version 2.0
Module 11
Parameterize (continued)
Question?
Do we need the whole new policy as a final slide in this section for comparison?
Version 2.0
11101
Module 11
Thus, instead of each line being an individual command, one can think of
each policy or set as a configuration object that can manipulated as a unit
using the edit command.
After entering the edit route-policy command, a copy of the route-policy
is copied to a temporary file and the MicroEmacs editor is launched. After
editing, save the changes by using the save-buffer command, ^X^S
(control-X control-S). To exit the editor, use the quit command, ^X^Q.
Upon quitting the editor, the policy object will be parsed and checked for
syntax errors. If there are no errors, a disposition query is displayed:
Successful parse of edited config.
Commit configuration? (yes or no):
If you answer no, you are asked whether editing should continue:
Continue editing? (yes or no):
If you answer yes, the editor continues on in the text buffer from where
you left off. If you answer no, the running configuration is not changed and
the editing session is ended.
If there is a syntax error in the policy object, you notified of the error and
also prompted to continue editing or not.
11102
Version 2.0
Module 11
edit
edit
edit
edit
edit
an as-path-set
a community-set
an extended-community-set
a prefix-set
a route-policy
Version 2.0
11103
Module 11
11104
Version 2.0
Module 11
Version 2.0
11105
Module 11
11106
Version 2.0
Module 11
Version 2.0
11107
Module 11
This command list by attach point type all attach points that use the
named policy.
show rpl policy <name> references [summary]
This command lists all policies that reference (apply) the named policy.
show rpl policy <name> uses {all | policies | sets} [direct]
11108
Version 2.0
Module 11
Version 2.0
11109
Module 11
Summary
Routing Policy Language
In this module, you learned:
11110
Version 2.0
Module 11
Review Questions
Routing Policy Language
1. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
2. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
3. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
4. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
5. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
2005 Cisco Systems, Inc.
Version 2.0
11111
Module 11
11112
Version 2.0
Module 12
Multiprotocol Label Switching (MPLS)
Overview
Description
This module discusses the implementation of MPLS in the Cisco IOS XR
operating system software.
Objectives
After completing this module, you will be able to:
Version 2.0c
121
Module 12
Label management
Forwarding
Rewrite setup
122
Label swapping
Version 2.0c
Module 12
Label management
Forwarding
Control plane
Data plane
Version 2.0c
123
Module 12
MFI Architecture
The MFI has two basic elements:
The control plane implements both the LSD and the LFD.
The data plane implements a part of the LFD and performs MPLS
encapsulation (encap) and decapsulation (decap).
124
Version 2.0c
Module 12
MFI Architecture
Basic elements
Label Switching
Database (LSD)
Label Forwarding
Database (LFD)
MPLS encapsulation and
decapsulation routines
Control plane
MFI architecture
LFD
MPLS encap and decap
Data plane
Data plane
Version 2.0c
MPLS-TE
LSD
APPL
FIB
Control plane
LSD
LFD
LDP
NetIO
LFD
APPL
encap/
decap
MPLS
encap/
decap
HW ASIC
125
Module 12
The LSD:
The LFD:
Works with Cisco Express Forwarding (CEF) to keep the output chain
correct during rewrites
126
Version 2.0c
Module 12
RP
TE
RSVP
LDP
IGP
LSD
RIB
LFD
FIB
MSC or
LC
Version 2.0c
127
Module 12
The LSD on the active RP distributes the label information to the standby
RP (SRP) and to all MSCs or line cards that require the information. The
MSC or line card stores the forwarding information.
128
Version 2.0c
Module 12
RP
LSD
LC
LFD
SRP
LFD
LSD
LC
LFD
Version 2.0c
LFD
LC
LFD
129
Module 12
1210
UnlabeledNo label for the destination from the next hop, or label
switching is not enabled on the outgoing interface
Version 2.0c
Module 12
Globally
By node
(Global)
(Node LC 0/1/0)
Outgoing
Interface
-----------tt1
tt1
PO0/3/0/3
tt1
PO0/3/0/3
PO0/3/0/3
Next Hop
--------------100.10.20.1
100.10.20.1
142.50.52.2
100.10.20.1
142.50.52.2
142.50.52.2
Bytes
T
Switched
O
----------- 0
0
0
0
0
0
Version 2.0c
1211
Module 12
1212
Version 2.0c
Module 12
Version 2.0c
Bytes
T
Switched
O
----------- 0
1213
Module 12
1214
Version 2.0c
Module 12
MPLS-enabled interfaces
RP/0/0/CPU0:P5#sho mpls interface
Interface
LDP
-------------------------- -------POS0/3/0/3
Yes
POS0/4/0/0
Yes
Tunnel
-------Yes
No
Enabled
-------Yes
Yes
Version 2.0c
1215
Module 12
1216
Version 2.0c
Module 12
Version 2.0c
1217
Module 12
Enabling LDP
To bring up the MPLS LDP protocol, use the mpls ldp command in global
configuration mode. The MPLS configuration follows a hierarchical
configuration method similar to the rest of the routing protocols.
When LDP is enabled on an interface, the LDP process starts neighbor
discovery by sending link hello messages on the interface, which may
result in eventual session setup with discovered neighbors. The link hello
has an LDP identifier.
If LDP is enabled on traffic engineering tunnel interfaces, targeted
discovery procedures are used instead of link discovery procedures.
1218
Version 2.0c
Module 12
Enabling LDP
Instructor's Note
LDP link hellos are UDP packets sent to the well-known LDP discovery port for all routers on
this subnet group multicast address. Receipt of a LDP link hello identifies a hello adjacency.
Version 2.0c
1219
Module 12
LDP Router ID
The link hello identifier is used to establish a neighbor peer session.
Establishing an LDP session between two neighbors requires a TCP
session connection. MPLS LDP will use the global router ID by default.
LDP uses the globally configured router ID by default. The router-id
command specifies an alternate IP address to use as the LDP router ID. IP
addresses selected as the LDP router ID must be advertisable by the IGP
to a neighboring router.
LDP uses the router ID in the following order:
1. Configured LDP router ID
2. Global router ID (if configured)
_____________________________ Note _________________________
Cisco recommends the router-id be a loopback address.
_________________________________________________________________
The MPLS LDP discovery transport-address command provides an
alternate address for the TCP session. When the interface keyword is
specified, LDP advertises the IP address of the interface in LDP discoveryhello messages sent from the interface. When the ip-address argument is
specified, LDP advertises the specified IP address in LDP discovery-hello
messages sent from the interface.
_____________________________ Note _________________________
When a router has multiple links connecting it to a peer device, the
router must advertise the same transport address in the LDP
discovery-hello messages it sends on all such interfaces.
_________________________________________________________________
1220
Version 2.0c
Module 12
LDP Router ID
Assign a router ID
RP/0/RP0/CPU0:P5(config)#mpls ldp
RP/0/RP0/CPU0:P5(config-ldp)#router-id loopback0
RP/0/RP0/CPU0:P5(config-ldp)#
Instructor's Note
The transport address would replace the router ID as the routers designated transport address for
the TCP session. The router ID is the default transport address.
Version 2.0c
1221
Module 12
LDP Neighbors
Sessions between neighbors can be managed using some of these
parameters.
Discovery Timers
The LDP discovery hello timer specifies how long to hold a session without
hearing an advertisement from the neighbor. The default value of 15
seconds can be changed with the discovery hello holdtime command.
Likewise, the discovery hello interval command lets you change the
time between neighbor hellos from its default value of 5 seconds.
Security
1222
Version 2.0c
Module 12
LDP Neighbors
TCP MD5
Version 2.0c
1223
Module 12
1224
Version 2.0c
Module 12
RP/0/RP0/CPU0:P5(config-ldp)#explicit-null
Version 2.0c
1225
Module 12
When the GR session parameters are conveyed and the session is up and
running, GR procedures are activated.
_____________________________ Note _________________________
Currently, the MPLS_LDP process must be restarted for graceful
restart to take affect.
_________________________________________________________________
The value of the forwarding-state-holdtime is used to keep the
forwarding plane state associated with the LDP control plane in case of a
control plane restart or failure. If the control plane fails, then the
forwarding plane keeps the LDP forwarding state for twice the forwarding
state hold time. The value of the forwarding state hold time is also used to
start the local LDP forwarding state hold timer after the LDP control plane
restarts. When the LDP GR sessions are renegotiated with its peers, the
restarting LSR sends the remaining value of this timer as the recovery
time to its peers.
1226
Version 2.0c
Module 12
Instructor's Note
When the LDP control plane restarts with GR capability, it starts forwarding-state hold timers
(default: 180 sec, configurable thru GR CLI). After restart, LDP tries to reconnect back with its
neighbors and sends recovery time to its neighbor after the session is reconnected. The value of
the recovery time is set to the remaining time of the fwding-state-hold-timer (If fwding-state
holdtime is to expire in 150 sec, recovery time = 150sec, meaning that neighbor has got 150 secs
to send its fwding state.
The value of the recovery time sent to each peer may be different, depending on the remaining
time for the fwding state holdtime at the time of session negotiation.
Version 2.0c
1227
Module 12
1228
Version 2.0c
Module 12
Version 2.0c
1229
Module 12
Session:
Discovery:
1230
Link Hellos:
Targeted Hellos
StatusEnabled or disabled
Timeouts:
Module 12
Version 2.0c
1231
Module 12
Local LDP IdentifierThe LDP identifier for the local router, displayed
as address:number, where address is the router ID and number is the
label namespace
Hold timeState of the forwarding hold timer and its current value
1232
Up timeThe length of time that this session has been up for (in
hh:mm:ss format)
Module 12
Version 2.0c
1233
Module 12
The show mpls ldp bindings command provides the label information for
both those assigned locally and for those learned from LDP neighbors:
(no route) Route is not valid. LDP times it out before the local
binding is deleted
1234
UpNeighbor up or down
Version 2.0c
Module 12
Assigned
locally
Learned
Outgoing
Interface
-----------tt1
tt1
PO0/3/0/3
tt1
PO0/3/0/3
PO0/3/0/3
Next Hop
Bytes
T
Switched
O
--------------- ----------- 100.10.20.1
0
100.10.20.1
0
142.50.52.2
0
100.10.20.1
0
142.50.52.2
0
142.50.52.2
0
Up
-Y
Y
Connect Count
------------3
3
Liveness Timer
------------------
Version 2.0c
Recovery Timer
------------------
1235
Module 12
1236
Version 2.0c
Module 12
How it works
Uses RSVP
Resource requirements
Available resources
Bandwidth
Version 2.0c
1237
Module 12
1238
Version 2.0c
Module 12
1.
2.
3.
4.
IS-IS
OSPF
Router ID (required)
Area (OSPF) or Level (ISIS)
Create TE Tunnels
P1
Explicit
Dynamic
PE4
P4
P5
PE5
P2
Version 2.0c
1239
Module 12
1240
Version 2.0c
Module 12
IS-IS example:
RP/0/RP0/CPU0:P5(config-isis-af)#mpls traffic-eng level 1
RP/0/RP0/CPU0:P5(config-isis-af)#mpls traffic-eng router-id loopback1
RP/0/RP0/CPU0:P5(config-isis-af)#
Version 2.0c
1241
Module 12
1242
Version 2.0c
Module 12
RP/0/RP0/CPU0:P5(config)#interface tunnel-te4
RP/0/RP0/CPU0:P5(config-if)#
P1
PE4
P4
P5
PE5
P2
Version 2.0c
1243
Module 12
1244
Version 2.0c
Module 12
Head-end IP address
Loopback address is recommended
100.10.20.5
P1
PE4
P4
P5
PE5
P2
Version 2.0c
1245
Module 12
1246
Version 2.0c
Module 12
RP/0/RP0/CPU0:P5(config-if)#destination 100.10.20.4
RP/0/RP0/CPU0:P5(config-if)#
100.10.20.5
P1
PE4
P4
P5
PE5
P2
100.10.20.4
Version 2.0c
1247
Module 12
1248
Version 2.0c
Module 12
RP/0/RP0/CPU0:P5(config-if)#bandwidth 100000
RP/0/RP0/CPU0:P5(config-if)#
100.10.20.5
P1
To here
P5
PE5
From here
PE4
P4
P2
100.10.20.4
Version 2.0c
1249
Module 12
Setting Priority
There are two priority settings, setup and hold.
Setup priority is used when signaling a label switched path (LSP) for the
tunnel, to determine which existing tunnels can be preempted. Valid
values are from 0 to 7, where a lower number indicates a higher priority.
Therefore, an LSP with a setup priority of 0 can preempt any LSP with a
non-0 priority.
Hold priority is associated with an LSP for the tunnel, to determine if it
should be preempted by other LSPs that are being signaled. Valid values
are from 0 to 7, where a lower number indicates a higher priority. The
lower the priority value, the less likely the tunnel will be preempted.
1250
Version 2.0c
Module 12
Setting Priority
Tunnel priority
Setup
Hold
RP/0/RP0/CPU0:P5(config-if)#priority 1 1
RP/0/RP0/CPU0:P5(config-if)#
100.10.20.5
P1
PE4
P4
P5
PE5
P2
100.10.20.4
Version 2.0c
1251
Module 12
1252
Version 2.0c
Module 12
RP/0/RP0/CPU0:P5(config-if)#path-option 1 dynamic
RP/0/RP0/CPU0:P5(config-if)#path-option 2 explicit name alternate
RP/0/RP0/CPU0:P5(config-if)#
100.10.20.5
P1
P5
PE5
Alternate
PE4
P4
P2
100.10.20.4
Version 2.0c
1253
Module 12
1254
Version 2.0c
Module 12
100.10.20.5
P1
P5
PE5
Used in
IGP here
PE4
P4
P2
100.10.20.4
Version 2.0c
1255
Module 12
1256
Version 2.0c
Module 12
RP/0/RP0/CPU0:P5(config)#mpls traffic-eng
RP/0/RP0/CPU0:P5(config-mpls-te)#interface POS 0/4/0/0
RP/0/RP0/CPU0:P5(config-mpls-te-if)#interface pos 0/3/0/3
RP/0/RP0/CPU0:P5(config-mpls-te-if)#
100.10.20.5
POS0/4/0/0
P1
P5
PE5
POS0/3/0/3
PE4
P4
P2
100.10.20.4
Version 2.0c
1257
Module 12
Configuring RSVP
To enter the RSVP configuration submode, use the rsvp command in the
global configuration mode. From this submode, RSVP global and interface
configuration commands can be entered.
This submode allows configuration of global RSVP parameters, such as GR
(signaling) and interface-specific configuration.
To configure RSVP on an interface, use the interface command in the
RSVP configuration submode. This command changes the configuration
mode to the RSVP interface submode, within which you can enter
interface-specific configuration commands; including setting the maximum
bandwidth that will be used. The bandwidth is allocated in kilobits per
second (Kbps). If no bandwidth is configured, a default amount of 75
percent of the total bandwidth of the link is allocated.
1258
Version 2.0c
Module 12
Configuring RSVP
Sets up signaling
Enter the RSVP context
Set the interfaces to be used
Set the total bandwidth available for reservation
RP/0/RP0/CPU0:P5(config)#rsvp
RP/0/RP0/CPU0:P5(config-rsvp)#interface POS 0/4/0/0
RP/0/RP0/CPU0:P5(config-rsvp-if)#bandwidth 100000
RP/0/RP0/CPU0:P5(config-rsvp-if)#
RP/0/RP0/CPU0:P5(config-rsvp-if)#interface POS 0/3/0/3
RP/0/RP0/CPU0:P5(config-rsvp-if)#bandwidth
RP/0/RP0/CPU0:P5(config-rsvp-if)#
Physical
link
% of
link b/w
for all
other traffic
TE
tunnels
RSVP
bandwidth
Unused b/w
for other
RSVP signaled
traffic: DSCP
Instructor's Note
Slide is animated. Click 1 RSVP bandwidth appears; click 2 TE tunnels appear; click 3
RSVP bandwidth disappears, unused b/w for other RSVP traffic: DSCP appears; click 4
% of link b/w available for all other traffic appears
Version 2.0c
1259
Module 12
1260
Version 2.0c
Module 12
(ospf
area 0)
(ospf
area 0)
Version 2.0c
1261
Module 12
1262
Version 2.0c
Module 12
tunnels
running
running
enabled
every 3600 seconds, next in 3403 seconds
every 300 seconds, next in 245 seconds
disabled
is signaled, connection is up
Version 2.0c
1263
Module 12
1264
Version 2.0c
Module 12
Version 2.0c
1265
Module 12
1266
Version 2.0c
Module 12
Summary of TE tunnels
RP/0/RP0/CPU0:P5#show mpls traffic-eng tunnels summary
Signalling Summary:
LSP Tunnels Process: running
RSVP Process: running
Forwarding: enabled
Head: 2 interfaces, 2 active signalling attempts, 2 established
0 explicit, 2 dynamic
6 activations, 4 deactivations
0 recovering, 0 recovered
Mids: 0
Tails: 0
Periodic reoptimization: every 60000 seconds, next in 22016 seconds
Periodic FRR Promotion: every 300 seconds, next in 146 seconds
Periodic auto-bw collection: every 300 seconds, next in 116 seconds
Fast ReRoute Summary:
Head:
1 frr tunnels, 1 protected, 0 rerouted
Mid:
0 frr tunnels, 0 protected, 0 rerouted
Summary: 1 protected, 1 link protected, 0 node protected, 0 bw protected
Backup:
1 tunnels, 1 assigned
Interface: 1 protected, 0 rerouted
Version 2.0c
1267
Module 12
1268
Version 2.0c
Module 12
Interfaces
RP/0/RP0/CPU0:POD1#show rsvp int
Interface
MaxBW
MaxFlow Allocated
MaxSub
----------- -------- -------- --------------- -------PO0/4/0/1
10M
10M
2M ( 20%)
0
PO0/4/0/3
10M
10M
2M ( 20%)
0
Reservations
RP/0/0/CPU0:P5#show rsvp reservation
Destination Add DPort
Source Add SPort Pro
Input IF Sty Serv Rate Burst
---------------- ----- ---------------- ----- --- ---------- --- ---- ---- ----100.10.20.1
1
100.10.20.5 1635
0 PO0/3/0/3 SE LOAD 10M
1K
100.10.20.5
5
100.10.20.1 1636
0
None SE LOAD 10M
1K
Version 2.0c
1269
Module 12
Summary
Multiprotocol Label Switching (MPLS)
In this module, you learned to:
1270
Version 2.0c
Module 12
Review Questions
Multiprotocol Label Switching (MPLS)
1. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
2. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
3. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
4. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
5. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
2005 Cisco Systems, Inc.
Version 2.0c
1271
Module 12
1272
Version 2.0c
Module 13
Craft Works Interface (CWI)
Overview
Description
This module describes the Craft Works Interface (CWI) software and the
benefits of using it. In this module you learn to use CWI to configure and
manage Cisco IOS XR routers.
Objectives
After completing this module, you will be able to:
Version 1.0b
131
Module 13
CWI Overview
Platform
CWI is a client-side Java-based application used to configure, manage, and
monitor a Cisco CRS-1 Carrier Routing System or Cisco XR 12000 Router
in your network. CWI was designed to manage large scale routers.
CWI can manage multiple routers in a single session. CWI compliments
and enhances the Cisco IOS XR feature set.
The CLI-based graphical configuration provides flexibility to enable you to
select the best interface for the specific task at hand.
132
Version 1.0b
Module 13
CWI Overview
Platform
Version 1.0b
133
Module 13
Management
The CWI includes configuration, fault, and inventory management
features with an emphasis on speed, efficiency, and reduced mistakes. This
is accomplished, such as bulk configuration, export of tabular data, client
side validation and context sensitivity.
CWI provides a consistent look and feel. After becoming familiar with one
application, learning others becomes much simpler.
134
Version 1.0b
Module 13
CWI Overview
Management
Version 1.0b
135
Module 13
CWI Launch
CWI uses Hypertext Transfer Protocol (HTTP) for the initial connection
from the desktop client to the router and the loading of the CWI files. The
files are locally cached to speed subsequent CWI launches.
CWI is currently launched from a browser, although stand-alone usage will
be a future enhancement. Even though the browser is used for the initial
loading of the Jar files, the browser can be closed after login.
136
Version 1.0b
Module 13
CWI Overview
CWI Launch
HTTP
JARJAR
CWI
clients
Initial connection
Loading of the CWI
applet and Jar files
Version 1.0b
CRS-1
137
Module 13
Run-Time Transport
CWI can communicate with the router using the following methods:
The initial requests from the CWI client to the HTTP server on the router
for the Jar files that contain the plug-ins are exchanged over TCP/IP
between HTTP ports. TCP/IP is also used as the underlying protocol for all
XML exchanges; Telnet, SSH and CORBA run over TCP.
The Common Object Request Broker Architecture (CORBA) is a set of
specifications to support platform- and language-independent, objectoriented distributed computing. CORBA is middleware technology, serving
to connect diverse components of a software system. Requests from the
CWI client made in XML format, are transferred over a CORBA bus using
CORBA Naming and Notification Services. The router sends responses and
notifications in XML over the CORBA bus.
Instructor's Note
CORBA was devised as an open standard by an assembly of over 800 corporations in the
computing industry, known collectively as the Object Management Group, to encourage
interoperability between systems regardless of platform or implementation language.
138
Version 1.0b
Module 13
CWI Overview
Run-Time Transport
IOS XR router
CWI client
Launcher
HTTP
server
HTTP Jar files
Telnet/SSH CLI
Serial Console/Terminal Server CLI
CWI
Command
parser
Telnet, SSH
CORBA XML
CORBA
agent
CORBA XML
notifications
CORBA
services
CORBA bus
Version 1.0b
139
Module 13
Security Features
CWI will auto detect the most secure transport for the selected connection
type. User login and command privileges are handled by the normal router
AAA functions.
1310
Version 1.0b
Module 13
CWI Overview
Security Features
HTTP
HTTPS
IIOP
IIOP SSL v2
Telnet
SSH v1/v2
AAA
Authorization
Authentication (used by HTTP/HTTPS, IIOP SSL, Telnet/SSH, IPsec)
Accounting
Version 1.0b
1311
Module 13
The CWI Desktop window has two primary panes. The panes allow you to
view the routers with associated objects and use the applications that let
you manage the routers. These panes are:
Toolbar
Above the two primary panes is the Application toolbar, which contains
tool icons that represent commonly used tasks in the application pane.
From left to right, these tools are:
1312
FindOpens the Find dialog box, allowing you to search the active
window for specific text.
Find NextFinds the next instance of the specific text in the active
window.
PastePastes the data or text from the Clipboard into the currently
selected field.
Version 1.0b
Module 13
CWI Overview
Desktop Window
Menu bar
Toolbar
Inventory
Tree
Application
pane
Status bar
Instructor's Note
Same slide for following page!!! One slide covers 2 text pages!
Version 1.0b
1313
Module 13
Help ContentsOpens the CWI Online Help for the currently active
application.
Status Bar
Located at the bottom right of the CWI Desktop window, the status bar
provides information on the status of the CWI Desktop. The left side of the
status bar may contain a progress message when the application is
processing a task. There are three icons on the right side of the status bar:
1314
Version 1.0b
Module 13
CWI Overview
Menu bar
Toolbar
Inventory
Tree
Application
pane
Status bar
Version 1.0b
1315
Module 13
Desktop Menu
The CWI Desktop menu bar provides a list of options available based on
the chosen object and active application. The CWI Desktop menu bar is
located under the CWI Desktop title bar.
From left to right, the CWI Desktop menu options are:
1316
EditAllows you to cut, copy, and paste CWI application data and
text, search for data and text in a CWI application, and specify CWI
application preferences.
ViewAllows you to show and hide the CWI Desktop toolbar, status
bar, Alarm Dashboard, and display objects in the Inventory Tree in
logical and physical views.
HelpAllows you to view the online help and the CWI application
version information.
Version 1.0b
Module 13
CWI Overview
Desktop Menu
Version 1.0b
1317
Module 13
Inventory Tree
A Logical Router is a collection of physical inventory contained in racks
that forms a complete router. The Inventory Tree displays a dynamic
expandable and collapsible hierarchy of LR objects in two possible views.
Multiple LRs can be logged in to and displayed in the Inventory Tree.
Physical View
The Physical View displays all objects in a logical router (LR), arranged
according to physical location in racks, providing a physical reference for
objects in a router. The Physical View is useful when performing
operations on a complete rack and for providing a logistical frame of
reference.
Logical View
The Logical View displays all of the LR objects shown under a single LR,
facilitating operations on all objects of an LR. This is the default view of
the Inventory Tree.
1318
Version 1.0b
Module 13
CWI Overview
Inventory Tree
Version 1.0b
1319
Module 13
Tools Menu
The tools menu allows you to invoke a specific desktop application:
1320
Version 1.0b
Module 13
CWI Overview
Tools Menu
Version 1.0b
1321
Module 13
Alarm Dashboard
The Alarm Dashboard displays an alarm count, by severity, of all active
alarms on all Cisco IOS XR routers to which you are currently logged in
from CWI. Six alarm severity levels are indicated by colored buttons in the
Dashboard. Each severity button indicates the number of active alarms of
that severity on the Cisco routers. Moving the mouse pointer over a
severity button provides a tool-tip description of the severity, as shown
below:
Alarm Severity
Color
Description
Emergency
Red
System is unusable
Alert
Purple
Critical
Orange
Error
Yellow
Warning
Blue
Warning occurred
Notification
Green
You can open the Alarm Viewer application for a specific alarm severity by
double-clicking the severity button on the Alarm Dashboard.
_____________________________ Note _________________________
After double-clicking a severity button, the Alarm Dashboard closes
when the Alarm Viewer application opens.
_________________________________________________________________
The button on the far right of the Dashboard indicates a running count of
all alarm notifications on the Cisco routers since the last reset. Doubleclick the running count button to reset the count to zero (0).
The connection status between CWI and the management agent on the
router is indicated by the NE Connectivity Status icon which looks like a
PC and communications link on the middle right of the Dashboard. The
icon shows a green communication link if the connection is good and a red
link if it is broken.
1322
Version 1.0b
Module 13
CWI Overview
Alarm Dashboard
Emergency (red)
Critical (orange)
Warning (blue)
Running count
Alert (purple)
Error (yellow)
Notification (green)
Double-click on:
Version 1.0b
1323
Module 13
Desktop Applications
Alarm Viewer
The Alarm Viewer application allows you to dynamically view alarm
records from the alarm management functions of the router. Alarm Viewer
can be started from the following areas in the CWI Desktop.
Inventory Tree
Rack View
CWI Dashboard
CWI Desktop menu
The Alarm Viewer window is the basically the same regardless of whether
it contains all alarms or active alarms. The only difference is that Alarm
Viewer for all alarms contains active, cleared, and non-bistate alarms, and
Alarm Viewer for active alarms contains only active and non-bistate
alarms.
Alarm Table
The Alarm table displays alarms in tabular format. The table displays
alarms against the object selected in the Inventory Tree when Alarm
Viewer is started. The alarms can be filtered using the Filter tool. The
Severity column is color-coded to indicate the severity of alarms.
The Alarm pane displays a single alarm. When an alarm is selected in the
Alarm Viewer table, the Alarm pane displays the alarm details:
1324
TimeStampIs the date and time the alarm was generated on the
router
Version 1.0b
Module 13
Desktop Applications
Alarm Viewer
Toolbar
Alarm table
Alarm pane
Instructor's Note
One slide for these two pages of text!!
Version 1.0b
1325
Module 13
Correlated IDIs zero (0) if the alarm has not been correlated;
otherwise, it is a numeric ID used to find correlated events in the Event
Correlation log
Toolbar
The Alarm Viewer toolbar contains tool icons that represent common tasks
in the Alarm Viewer window. Click the tool to select the task. When the
pointer is positioned over the tool, a tool-tip appears describing the
function of the tool:
FilterOpens the Alarm Filter dialog box, which allows you to filter
the records in the Alarm table.
1326
Version 1.0b
Module 13
Desktop Applications
Toolbar
Alarm table
Alarm pane
Version 1.0b
1327
Module 13
Inventory Viewer
The Inventory Viewer application allows you to retrieve object attribute
information, making it available for viewing or export. Inventory Viewer
can be started from the following areas in the CWI Desktop:
Inventory Tree
CWI toolbar
When no object is selected in the Inventory Tree, the attributes for all
objects are retrieved and displayed in the Inventory table. Multiple objects
can be selected in the Inventory Tree for display in Inventory Viewer. If an
object is selected that does not contain an entity that can be displayed in
Inventory Viewer, an error message is displayed.
The following functions are supported in Inventory Viewer:
1328
Version 1.0b
Module 13
Desktop Applications
Inventory Viewer
Inventory table
Version 1.0b
1329
Module 13
Rack View
The Rack View application displays a graphical representation of the
physical equipment in a Cisco IOS XR router. It allows you to interact with
and obtain information on the physical equipment. Rack View is
dynamically updated, providing an accurate representation of the current
state of a rack.
Rack View can be started from the following areas in the CWI Desktop.
Inventory Tree
CWI Desktop menu
Full ViewIs the default view mode. When Rack View is started, all
corresponding racks are displayed. If there are too many racks to fit in
the Rack View pane, a horizontal scroll bar allows access to the full
view.
The Rack View toolbar contains one icon, the Magnify tool, which lets you
open the Shelf View mode for a selected rack. Clicking the tool changes the
pointer to the Magnify tool. When you click on a rack with the Magnify
tool, the Shelf View mode window appears with a larger-scale image of the
selected rack, showing all cards in the shelf. Only one Shelf View mode
window can be open for a rack.
Rack View preferences can be set with the CWI Desktop toolbars
Preferences tool. You can choose to display the front chassis, the back
chassis, or both front and rear chassis.
1330
Version 1.0b
Module 13
Desktop Applications
Rack View
Version 1.0b
1331
Module 13
Interface Viewer
The Interface Viewer application provides a convenient way to view in a
text-based window the interfaces on selected objects. Interface Viewer can
be started from the following areas in the CWI Desktop:
Inventory Tree
CWI Desktop menu
1332
MTUIs the size, in bytes, of the largest frame that can be handled by
the interface
Version 1.0b
Module 13
Desktop Applications
Interface Viewer
Interface
table
Version 1.0b
1333
Module 13
Troubleshooter
The Troubleshooter application allows you to run fault-isolation tests on
the communication path between the CWI client and the logical router
(LR) management agent on the router
If a failure is encountered, you can click the Failed button next to the
corresponding test. This action opens a window that describes the reason
for the failure, possible cause, and recommended repair. If CWI is able to
perform an automatic repair, the Repair button is enabled.
The following tests are run:
LR DNS Name TestChecks the Java DNS resolution from the client
(proper DNS name support for the LR). No automatic repair is
provided.
IP host configuration
CORBA naming service status (running or not running)
XML agent status (running, not running, or jammed)
XML registration with the naming service
1334
Version 1.0b
Module 13
Desktop Applications
Troubleshooter
Version 1.0b
1335
Module 13
Router Configuration
Craft Works Interface (CWI) supports three modes of configuration:
1336
Graphical configuration
Version 1.0b
Module 13
Router Configuration
Modes
CLI sessions
Telnet
Terminal
SSH Plus
Editors
Configuration Editor
Replace Configuration Editor
Graphical configuration
Version 1.0b
1337
Module 13
Inventory Tree
CWI toolbar
1338
Version 1.0b
Module 13
Router Configuration
Toolbar
Command
list
Instructor's Note
One slide for 2 test pages!!
Version 1.0b
1339
Module 13
The Terminal, Telnet and SSH Plus application toolbars contain tool icons
that represent common tasks in the Terminal/Telnet/SSH window. When
the pointer is positioned over the tool, a tool-tip appears, describing the
function of the tool. Click the tool to select the task. From left to right,
these tools are:
1340
Version 1.0b
Module 13
Router Configuration
Toolbar
Command
list
Version 1.0b
1341
Module 13
Configuration Editor
The Configuration Editor application is available in the Main Menu
Desktop and displays the target configuration (including RPL) in command
line interface (CLI) format. Use this application when you want to edit a
copy of the current configuration or view changes made to the
configuration that have not been committed to the router.
Some special features are:
1342
Version 1.0b
Module 13
Router Configuration
Configuration Editor
Changed
commands
Added
commands
Deleted
commands
Version 1.0b
1343
Module 13
1344
Version 1.0b
Module 13
Router Configuration
Version 1.0b
1345
Module 13
ControllersSONET
1346
Lock/Unlock
Load
Save
Commit
Clear
Rollback
Version 1.0b
Module 13
Configuration Desktop
Toolbar
Configuration
Applications
Tree
Configuration
Applications
Launch
Context
Version 1.0b
1347
Module 13
Row Copy and Paste copies the specified attributes of a row to one or
more selected rows
1348
Search
Sort
Filter
Column arrangement
Preferences
Version 1.0b
Module 13
Version 1.0b
1349
Module 13
Launch Context
The Launch Context pane displays the router objects that were chosen in
the Inventory Tree when the Configuration Desktop was launched from the
CWI Desktop. Only objects listed in the Launch Context pane are available
for configuration.
1350
Version 1.0b
Module 13
Configuration
Applications
Tree
Launch
Context
Version 1.0b
1351
Module 13
1352
LoadOpens the Load dialog box, which allows you to enter the path
and name of a configuration file to load. The file is located on the
router. Loading a configuration overwrites all currently uncommitted
changes and closes all active configuration applications. The loaded
configuration becomes the target configuration.
Version 1.0b
Module 13
Lock/Unlock
View
uncommited
configuration
Load Save
Version 1.0b
Commit
Clear
Rollback
1353
Module 13
1354
Version 1.0b
Module 13
Clone special
Add record
Row Paste
Set defaults
Filter Table
Undo
Common
Common
Configuration
configuration
tools
tools
Clone record
Row copy
Delete record
Redo
Find
Cut
Paste
Preferences
Common
application
tools
Export
Version 1.0b
Find next
Copy
Refresh
Help
1355
Module 13
Administration Configuration
The Administration Configuration applications are used to manage user
access, permissions, and alarms. The applications are:
1356
Version 1.0b
Module 13
Administration Configuration
Version 1.0b
1357
Module 13
Applications Configuration
The Applications Configuration applications allow you to configure and set
up protocol-specific applications. The two applications that can be
configured are:
1358
Version 1.0b
Module 13
Applications Configuration
Version 1.0b
1359
Module 13
Interface Configuration
The Interface Configuration applications are used to display, configure,
and manage Ethernet and packet-over-SONET (POS) interfaces. The
applications are:
1360
Version 1.0b
Module 13
Interface Configuration
Version 1.0b
1361
Module 13
Policy Configuration
The Policy Configuration applications are used to display, configure, and
manage policies used for access control, packet filtering, Quality of Service
(QoS), and routing control. The applications are:
1362
Version 1.0b
Module 13
Policy Configuration
Version 1.0b
1363
Module 13
Protocol Configuration
The Protocol Configuration applications are used to manage, create,
display, and edit protocol data and settings on the Cisco IOS XR router.
Configuration of these protocols is a complex and time-consuming function,
with multiple fields and information that need to be considered and
configured. The applications let you display, edit, and configure:
1364
Version 1.0b
Module 13
Protocol Configuration
Version 1.0b
1365
Module 13
Getting Started
CWI Router Configuration
To a Cisco IOS XR router to be managed by CWI over a network
connection, several steps must be followed. In addition to the configuration
steps listed below, make sure, if you are enabling support for CWI to a
new router, that it has a route (default or other) back to the CWI client
PC or workstation.
Step 1 Enter the configuration mode:
RP/0/0/CPU0:router# config
Step 5 When the router prompts you to commit, respond with yes.
1366
Version 1.0b
Module 13
Getting Started
Instructor's Note
Firewall port configuration to support CWI:
HTTP/HTTPS
IIOP/IIOPSSL
Notifications
Telnet/SSH
80/443
10001/10002
49901 to 49950
23/22
Inbound
Inbound
Outbound
Inbound
Version 1.0b
1367
Module 13
Launching CWI
Use the following procedure to start CWI on the client PC or workstation
and login to the CRS-1 router. Some steps are necessary only if SSL is
configured on the routers HTTP server and XML agent.
Step 1 Start a supported web browser.
Step 2 In the Address field located near the top of the web browser
window, enter the DNS name or IP address of the router to be accessed:
http://router-dns-name/
or
http://router-ip-address/
or if SSL is configured for the HTTP server on the router:
https://router-dns-name/
or
http:// router-ip-address/
Step 3 If SSL is configured for the HTTP server, accept the router SSL
certificate. Click Yes to trust and accept the SSL certificate for this router
session only, or click Always to automatically trust and accept the SSL
certificate in this session and all subsequent CWI sessions.
Step 4 If an HTTP authentication dialog box appears (HTTP
authentication is enabled), enter an AAA user name and password.
Step 5 Click the Craft Works Interface link in the web browser.
Step 6 If an HTTP authentication dialog box appears (HTTP
authentication is enabled), enter an AAA username and password.
Step 7 If this is the first time the CWI client has started CWI, the Java
plug-in must be installed and the CWI Cisco security certificate must be
accepted. Click Yes to trust and accept the security certificate for this
router session only, or click Always to automatically trust and accept the
security certificate in this session and all subsequent CWI sessions.
Step 8 If SSL is configured for the XML agent, the router SSL certificate
must be accepted.
If this is the first time you have started CWI or installed a new version of
CWI, the CWI components start downloading. Otherwise, a cached version
of the CWI components is used, reducing the CWI start time.
Step 9 Log in to the Cisco IOS XR router when the CWI Login dialog box
appears.
1368
Version 1.0b
Module 13
Getting Started
Launching CWI
http://<router-dns-name>
or
http://<router-ip-address>
Version 1.0b
1369
Module 13
1370
Version 1.0b
Module 13
Getting Started
Version 1.0b
1371
Module 13
1372
Version 1.0b
Module 13
Getting Started
Version 1.0b
1373
Module 13
Testing Communication
If a problem is encountered during login, you can troubleshoot the problem
using the CWI Troubleshooter.
1374
Version 1.0b
Module 13
Getting Started
Testing Communications
Version 1.0b
1375
Module 13
Logging In
Depending on the authentication security options configured on the router,
you may have had to enter a valid username and password several times.
CWI can communicate with the router using the following methods:
1376
Version 1.0b
Module 13
Getting Started
Logging In
Version 1.0b
1377
Module 13
Summary
Craft Works Interface
In this module, you learned to:
1378
Version 1.0b
Module 13
Review Questions
Craft Works Interface
1. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
2. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
3. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
4. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
c. <Insert Answer c>
d. <Insert Answer d>
e. <Insert Answer e>
5. <Insert Question>
a. <Insert Answer a>
b. <Insert Answer b>
2005 Cisco Systems, Inc.
Version 1.0b
1379
Module 13
1380
Version 1.0b
Module 14
Data Flow and MQC QoS
Overview
Description
This module provides a high-level overview of data flow through the CRS-1
Routing System. The components comprising the MSC are reviewed
followed by a detailed explanation of the data flow through the MSC/PLIM
pair. Switch Fabric Cell structure is described along with worst case cell
loading. Switch Fabric Architecture and Switch Fabric features are
presented, followed by a brief description of using MQC CLI to create Mapclasses, Map-polices and attaching a service policy to an interface.
Objectives
After completing this module, you will be able to do the following:
Describe how data flows from ingress interfaces through the switch
fabric and out through the egress interface
Describe the IngressQ ASIC and EgressQ ASIC queuing and shaping
features
Use MQC to create class-maps and policy-maps and attach servicepolices to an interface
Version 2.0b
141
Module 14
IngressQ/EgressQ
IngressQ is the RX queuing ASIC, EgressQ is the TX queuing ASIC and
both reside on the MSC. Each of these ASICs implements features such as
P2MDRR, low-latency queuing and shaping support. In addition, the
IngressQ contains fabric queues and the packet to fabric cell conversion
functionality.
FabricQ
The MSC contains two FabricQ ASICs in the transmit path from the fabric
towards the PLIM. The FabricQ reassembles the fabric cells and converts
these back to packets. Although each ASIC contains queuing functionality
and provide low-latency and precedence-based queuing, these queues are
not directly configurable.
142
Version 2.0b
Module 14
EgressQ
2*FabricQ
SP & FIA
Ingress
PSE
Version 2.0b
Power
Regulators
Egress
PSE
Line Card
CPU
IngressQ
143
Module 14
Life of a Packet
Overview
QoS in the CRS-1 is distributed in many locations and is performed end-toend. This means that not only is QoS present in the MSC, but also in the
fabric. As a result, the CRS-1 is able to differentiate traffic types end-toend without dropping packets.
1. A packet that is forwarded by the CRS-1 takes the following path
through the system:
a. The framer on the PLIM receives a frame carrying the IP packet.
The Framer ASCIs perform the appropriate SONET/SDH/Ethernet
deframing/decapsulation and removes the CRC.
144
Version 2.0b
Module 14
Life of a Packet
To Fabric
CPUCTRL
GW
Fabric
RX PSE
L3 Engine
From
PLIM
CPU
To
PLIM
FabricQ
FabricQ
Reass.
Reass.
TX PSE
L3 Engine
EgressQ
Out Q
M
I
D
P
L
A
N
E
OC192
Framer
& Optics
1
OC192
Framer
& Optics
PLA
OC192
Framer
& Optics
Fabric
OC192
Framer
& Optics
From
Version 2.0b
145
Module 14
146
Version 2.0b
Module 14
Life of a Packet
To Fabric
CPUCTRL
GW
Fabric
RX PSE
L3 Engine
From
PLIM
CPU
To
PLIM
FabricQ
FabricQ
Reass.
Reass.
TX PSE
L3 Engine
EgressQ
Out Q
M
I
D
P
L
A
N
E
OC192
Framer
& Optics
2
OC192
Framer
& Optics
PLA
OC192
Framer
& Optics
Fabric
OC192
Framer
& Optics
From
Version 2.0b
147
Module 14
3. The packet, together with the buffer header information from the PLA
is extracted and is passed to the RX PSE.
a. The RX PSE performs the destination lookup and ingress feature
processing such as:
Access-lists
QoS classification
Policy routing
b. The result of the destination lookup will be all the information that
is needed to send the packet to the destination slot and port. The
information includes:
Which queue within the FabricQ (Hi or Low) ASIC the packet is
going to be queued in
The mapping of ports to queues is reflected from the IngressQ into the
RX PSE where WRED is performed per queue. The RX PSE classifies
the packet and performs rate limiting and WRED prior to sending it
into the IngressQ ASIC.
148
Version 2.0b
Module 14
Life of a Packet
To Fabric
IngressQ
In Q/
Segmenter
RX PSE
L3 Engine
CPUCTRL
GW
From
PLIM
CPU
To
PLIM
FabricQ
FabricQ
Reass.
Reass.
TX PSE
L3 Engine
EgressQ
Out Q
M
I
D
P
L
A
N
E
OC192
Framer
& Optics
2
OC192
Framer
& Optics
PLA
OC192
Framer
& Optics
Fabric
OC192
Framer
& Optics
From
To Fabric
CPUCTRL
GW
Fabric
3a
RX PSE
L3 Engine
From
PLIM
CPU
To
PLIM
FabricQ
FabricQ
Reass.
Reass.
TX PSE
L3 Engine
EgressQ
Out Q
M
I
D
P
L
A
N
E
OC192
Framer
& Optics
2
OC192
Framer
& Optics
PLA
OC192
Framer
& Optics
Fabric
OC192
Framer
& Optics
From
Version 2.0b
149
Module 14
1410
Version 2.0b
Module 14
Life of a Packet
IngressQ
PSE
8192 Queues
WRED
1K Ports (Port/VLAN)
HP
LP
MDRR/
Shaper
P1
LP
From
RX
PSE
MDRR/
Shaper
MDRR/
Shaper
Shaping
Min/max BW
4a
Fabric
Cells
IngressQ
In Q/
Segmenter
CPUCTRL
GW
To
fabric
P1023
Configurable
Dynamic
Mapping of
Queues to ports
Max BW
To Fabric
3a
RX PSE
L3 Engine
From
PLIM
CPU
To
PLIM
FabricQ
FabricQ
Reass.
Reass.
P2
MDRR/
Aggregate
Shaper
TX PSE
L3 Engine
EgressQ
Out Q
M
I
D
P
L
A
N
E
OC192
Framer
& Optics
2
OC192
Framer
& Optics
PLA
OC192
Framer
& Optics
Fabric
OC192
Framer
& Optics
From
Version 2.0b
1411
Module 14
5. Cells are sent into the fabric. The cells arrive at the stage 1 (S1) of the
switch fabric. The S1 simply distributes the incoming cells across the
available S2 stages within the plane. The S1 can avoid an S2 stage for
which it has received an out-of-resources message and select an
alternative S2 path.
1412
Version 2.0b
Module 14
Life of a Packet
4a
Fabric
Cells
IngressQ
In Q/
Segmenter
To Fabric
Fabric
Cells
Fabric
3a
CPUCTRL
GW
RX PSE
L3 Engine
From
PLIM
CPU
To
PLIM
FabricQ
FabricQ
Reass.
Reass.
TX PSE
L3 Engine
EgressQ
Out Q
M
I
D
P
L
A
N
E
OC192
Framer
& Optics
2
OC192
Framer
& Optics
PLA
OC192
Framer
& Optics
Fabric
OC192
Framer
& Optics
From
Version 2.0b
1413
Module 14
1414
Version 2.0b
Module 14
Life of a Packet
MSC
2 Levels of priority
HP Low latency path
LP Best effort traffic
8 of 8
2 of 8
S1
1 of 8
S1
S1
S2
S2
S2
S1
16
MSC
S1
S1
S3
S3
S3
S2
S2
S2
S3
S3
S3
Multicast support
1M multicast
groups
H -Unicast
H -Unicast
H -Unicast
H -Unicast
H -Multicast
H -Multicast
H -Multicast
H -Multicast
H -Unicast
H -Unicast
H -Multicast
H -Multicast
S1
RR
S2
S3
S2
H -Unicast
H -Unicast
H -Multicast
H -Multicast
H -Unicast
H -Unicast
H -Unicast
H -Unicast
H -Unicast
HH-Multicast
-Multicast
H -Unicast
H -Multicast
H -Multicast
S1
S2
H -Unicast
H -Multicast
H -Multicast
H -Multicast
S3
S2
H -Unicast
Hi Priority Cells
Lo Priority Cells
RR
H -Unicast
H -Unicast
H -Unicast
H -Unicast
H -Multicast
H -Multicast
H -Multicast
H -Multicast
H -Multicast
Version 2.0b
H -Unicast
H -Unicast
HH-Unicast
-Unicast
H -Multicast
H -Multicast
HH-Multicast
-Multicast
1415
Module 14
6. The cells arrive from the fabric onto one of the two FabricQ ASICs. All
the cells from a single packet are received by the same FabricQ ASIC.
The selection of the FabricQ ASIC is based on the destination port/subinterface towards which the packets are sent. The cells carry cell
sequence numbers to guarantee correct reassembly. Packets also have a
packet sequence number that is used to ensure the correct packet
order. After a packet has been reassembled and is in the right packet
order, it is sent to one of the FabricQ raw queues.
a. Each FabricQ ASIC supports a total of 4096 raw queues. The raw
queues are not user configurable. Four queues are assigned for
every physical or logical interface configured on the egress MSC:
b. The packet will be place into the appropriate queue based upon the
information contained in the buffer header assigned to the packet.
The packet is passed to the TX PSE.
1416
Version 2.0b
Module 14
Life of a Packet
4a
Fabric
Cells
IngressQ
In Q/
Segmenter
To Fabric
Fabric
Cells
Fabric
3a
CPUCTRL
GW
RX PSE
L3 Engine
From
PLIM
CPU
To
PLIM
FabricQ
FabricQ
Reass.
Reass.
TX PSE
L3 Engine
EgressQ
Out Q
M
I
D
P
L
A
N
E
From
Fabric
2
OC192
Framer
& Optics
PLA
OC192
Framer
& Optics
Fabric
Fabric
Cells
OC192
Framer
& Optics
OC192
Framer
& Optics
Version 2.0b
1417
Module 14
7. The buffer header descriptor and the packet itself are now processed
by the TX PSE. The TX PSE performs full layer 3 processing including:
a. Destination address lookup (route lookup)
b. Applies the appropriate egress features to the packet such as:
Access-list processing
QoS classification
WRED
1418
Version 2.0b
Module 14
Life of a Packet
4a
Fabric
Cells
IngressQ
In Q/
Segmenter
To Fabric
Fabric
Cells
Fabric
3a
CPUCTRL
GW
RX PSE
L3 Engine
CPU
From
PLIM
To
PLIM
FabricQ
FabricQ
Reass.
Reass.
TX PSE
L3 Engine
EgressQ
Out Q
M
I
D
P
L
A
N
E
From
Fabric
2
OC192
Framer
& Optics
PLA
OC192
Framer
& Optics
Fabric
Fabric
Cells
OC192
Framer
& Optics
OC192
Framer
& Optics
Version 2.0b
1419
Module 14
8. The packet is now passed to the EgressQ ASIC which places the packet
in the appropriate queue before shaping and packet-to-packet modified
deficit round robin are applied.
The EgressQ supports a total of 8192 shape queues which are user
configurable. These queues are can be mapped into 2048 groups and in
turn mapped into 768 physical or logical ports.
1420
Version 2.0b
Module 14
Life of a Packet
Fabric
Cells
4a
IngressQ
In Q/
Segmenter
To Fabric
Fabric
Cells
Fabric
3a
RX PSE
L3 Engine
CPUCTRL
GW
From
PLIM
CPU
To
PLIM
FabricQ
FabricQ
Reass.
Reass.
TX PSE
L3 Engine
EgressQ
Out Q
M
I
D
P
L
A
N
E
Fabric
Cells
From
Fabric
OC192
Framer
& Optics
PLA
OC192
Framer
& Optics
OC192
Framer
& Optics
2K Groups
8192 Queues
WRED
Fabric
OC192
Framer
& Optics
HP
LP
(VLAN/Tunnel)
MDRR/
Shaper
G1
LP
from
TX
PSE
P1
MDRR/
Group
MDRR/
Shaper
MDRR/
Shaper
Configurable Dynamic
Mapping of
Queues to groups and ports
Shaping
Min/max BW
G2
MDRR/
Aggregate
Group
To
PLIM
GX
MDRR/ PX
Group
Max BW
9.
2005 Cisco Systems, Inc.
Version 2.0b
1421
Module 14
Once the packet has been queued and shaped it is then passed to the
PLA ASIC on the PLIM.
1422
Version 2.0b
Module 14
Life of a Packet
4a
Fabric
Cells
IngressQ
In Q/
Segmenter
To Fabric
Fabric
Cells
Fabric
3a
CPUCTRL
GW
RX PSE
L3 Engine
From
PLIM
CPU
To
PLIM
FabricQ
FabricQ
Reass.
Reass.
TX PSE
L3 Engine
EgressQ
Out Q
M
I
D
P
L
A
N
E
From
Fabric
2
OC192
Framer
& Optics
PLA
OC192
Framer
& Optics
9
Fabric
Fabric
Cells
OC192
Framer
& Optics
OC192
Framer
& Optics
Version 2.0b
1423
Module 14
10. Finally the packet is sent through the egress port, and onto the
physical link.
1424
Version 2.0b
Module 14
Life of a Packet
4a
Fabric
Cells
IngressQ
In Q/
Segmenter
To Fabric
Fabric
Cells
Fabric
3a
CPUCTRL
GW
RX PSE
L3 Engine
From
PLIM
CPU
To
PLIM
FabricQ
FabricQ
Reass.
Reass.
TX PSE
L3 Engine
EgressQ
Out Q
M
I
D
P
L
A
N
E
From
Fabric
2
OC192
Framer
& Optics
PLA
OC192
Framer
& Optics
10
9
Fabric
Fabric
Cells
OC192
Framer
& Optics
OC192
Framer
& Optics
Version 2.0b
1425
Module 14
1426
The IngressQ has 8192 queues, 8 of which are allocated data to the
MSC CPU queues.
Version 2.0b
Module 14
IngressQ
PSE
8192 Queues
WRED
HP
LP
1K Ports (Port/VLAN)
MDRR/
Shaper
P1
LP
From
RX
PSE
MDRR/
Shaper
MDRR/
Shaper
Shaping
Min/max BW
P2
To
fabric
P1023
Max BW
Version 2.0b
MDRR/
Aggregate
Shaper
Configurable
Dynamic
Mapping of
Queues to ports
1427
Module 14
1428
8 of the 8192 queues are reserved for data being passed to the MSC
CPU
The mapping of ports to queues is reflected back into the TX PSE where
WRED is performed per queue
TX PSE classifies the packet and performs rate limiting and WRED
prior to sending it into the shaping queue.
Per group
Version 2.0b
Module 14
2K Groups
8192 Queues
WRED
HP
LP
(VLAN/Tunnel)
MDRR/
Shaper
G1
LP
from
TX
PSE
P1
MDRR/
Group
MDRR/
Shaper
MDRR/
Shaper
Configurable Dynamic
Mapping of
Queues to groups and ports
Shaping
Min/max BW
G2
MDRR/
Aggregate
Group
To
PLIM
GX
MDRR/ PX
Group
Max BW
Version 2.0b
1429
Module 14
1430
Version 2.0b
Module 14
Header
FEC
Bits
Cast (Mcast/Ucast)
Fabric Priority
Vital
Source Address
10
13
Trailing Offest
18
Snoop/CTB
32
Packet 2
Packet 1
Packet 2
Packet 2
Packet 1
30
bytes
30
bytes
30
bytes
30
bytes
Version 2.0b
1431
Module 14
Packet Cell Count - This field specifies the total number of cells in either
the first or second packet in the cell. When there is only one packet in the
current payload, this field specifies the total cell count for the current
packet. When two packets are in the current payload, this field indicates
the total cell count of Packet 2.
Packet 1 Cell Sequence Number - This field specifies the cell sequence
number for Packet 1 and is used for cell reassembly to reorder cells
arriving across the fabric. The cell sequence number should be contiguous
and monotonically increasing starting with 0 for the first cell in a packet.
(Note: Since the cell payload is 120 bytes, the fabric supports payloads of
up to 15,360 bytes, although the official maximum MTU supported by the
system is 9k bytes). When two packets are in the current payload
(indicated by the Packet 2 Payload Offset being non-zero) the cell sequence
number for packet 2 is zero since it is by definition the first cell in packet 2.
Destination Address (12 bits)/FGID- When the cast bit marks the cell
as a multicast cell, this 18-bit field is concatenated with the 2 bit payload
offset field in the MSC / link portion of the cell header to produce a 20 bit
Fabric Group ID. The FGID is used to determine how the Multicast Data
Cell should be duplicated and forwarded to within the Fabric. When the
cast bit marks the cell as a UC cell, the least significant 12 bits specify a
destination address (the address space has been changed from previous
revisions to a contiguous address space). Note that this field is used for
internal fabric control bits at the last stage of the fabric (between S3 and
FabricQ (Sponge)) since the destination address is not needed there.
Snoop/CTB - When set to one and for unicast traffic, this bit indicates
that the current cell is part of a snooped packet. (Note - the microcode and
software to support a snoop function on CRS-1 will be a future
development). When the cell is a multicast cell, this bit is used to indicate
CTB or Control Traffic Bit. Cells marked with the CTB bit carry software
control plane traffic and are given preference to multicast buffer resources
over regular high and low priority multicast traffic.
Internal Fabric Control Bits - These bits are used internally by the
fabric for various functions and may be redefined as cells traverse from
stage to stage.
1432
Version 2.0b
Module 14
Header
FEC
Bits
Cast (Mcast/Ucast)
Fabric Priority
Vital
Source Address
10
13
Trailing Offest
18
Snoop/CTB
32
Packet 2
Packet 1
Packet 2
Packet 2
Packet 1
30
bytes
30
bytes
30
bytes
30
bytes
Version 2.0b
1433
Module 14
Example
The worst case scenario is when two 61 byte packets are sent through the
CRS-1 from ingress to egress interface. The packets are broken into cells
and then processed. As illustrated, packet 1 takes up the first two 30 byte
boundary areas and one byte of the third 30 byte boundary area. This
causes the remaining portion of the third boundary area, 29 bytes to be
padded out. Next, the four 30 byte boundary area of the first cell is filled
with the first 30 bytes of packet 2. The remaining 31 bytes of packet 2 then
fill the first 30 byte boundary area of cell 2, and 1 byte of the second 30
byte boundary area of cell 2 remaining 29 bytes of the second 30 byte
boundary area of cell 2 are filled with padding. The action of padding out to
the 30 byte boundary causes added overhead and additional processing
load.
1434
Version 2.0b
Module 14
Header
FEC
Pkt 1
PAD Pkt 2
Pkt 2 PAD
Pkt 3
Pkt 5
Pkt 4
30
bytes
30
bytes
30
bytes
30
bytes
Version 2.0b
1435
Module 14
1436
Version 2.0b
Module 14
Fabric Plane
Upper shelf
Ingress MSC
S1
S2
S3
S1
S2
S3
RP
Lower shelf
Ingress MSC
Ingress speed
32 connections x 2.5Gbps = 80Gbps
80Gbps x 8/10 coding = 64Gbps
Minus cell tax = ~50Gbps
IngressQ
MSC
Slots
0-7
FabricQ
S1
S2
S3
MSC
MSC
MSC
Slots
8-15
S1
S2
S3
From
Fabric
To
Fabric
Note: RPs in slot
RP0 & RP1
Version 2.0b
1437
Module 14
Egress
On the egress side of the switch fabric planes, there are 4 S3 ASICs per
fabric plane. The S3 ASICs are split across the egress MSC slots in a
similar fashion to the S1 ASICs on the ingress side of the switch fabric
plane. The 2 upper S3 ASICs connects to MSC slots 0 through 7 and the 2
lower S3 ASICs on each switch fabric plane connects to the 2 RPs and the
remaining MSCs in slots 8 through 15.
Each S3 ASIC has 36 egress serial links; therefore the 4 S3 ASICs have a
total of 144 2.5 Gbps egress serial links. Of the 144, 72 are used by the
upper 2 S3 ASICs and the remaining 72 are used by the lower 2 S3 ASICs.
The 2 upper S3 ASICs per switch fabric plane, uses 64 2.5Gbps serial
links to connect to MSC in slots 0 through 7 the remaining 8 serial links
are unused. The lower 2 S3 ASICs use 64 2.5 Gbps serial links to connect
to the MSCs in slots 8 through 15. In addition the lower 2 S3 ASICs have 8
- 2.5Gbps serial links connected to RP0 and RP1 (4 per RP).
The raw from-fabric (egress) bandwidth is 160Gbps (64 * 2.5Gbps =
160Gbps). This is then reduced by:
1. For serial to parallel encoding and error correction 8B10B encoding is
used. As the name implies 8 bits are packed into 10 bits thus a loss of
20% of the bandwidth.
2. Cell header represents about 12% in overhead
The final result of all the combined overhead is an approximate egress
bandwidth of 100Gbps split across the 2 FabricQ ASICs per MSC.
_____________________________ Note _________________________
Egress forwarding capacity is only 40Gbps, so the MSC must
backpressure should it become overloaded.
_________________________________________________________________
1438
Version 2.0b
Module 14
S3
S3
Plane
3
S3
S3
S3
S3
Plane
2
S3
S3
Plane
4
S3
S3
Plane
6
S3
S3
Plane
8
S3
S3
S3
S3
S3
S3
Egress MSC
Plane
1
S3
S3
S3
S3
Plane
5
S3
S3
S3
S3
S3
S3
Plane
7
S3
S3
S3
S3
Egress speed
64 x 2.5Gbps = 160Gbps
160Gbps x 8/10 coding = 128Gbps
Minus cell tax = ~ 100Gbps
IngressQ
FabricQ
0-7
S1
S2
S3
MSC
MSC
8-15
S1
S2
S3
From
Fabric
To
Fabric
Note: RPs in slot
RP0 & RP1
Version 2.0b
1439
Module 14
Priority queuing
There are two levels of priorities that the IngressQ (Sprayer) ASIC assigns
packets to. These priorities are maintained all the way through the fabric
card out to the destination card. These priorities only deal with cell
traversing the switch fabric and have nothing to do with L2/L3 QoS or CoS.
High Priority
Low Priority
Service Enabling
Using the 3 stage Benes topology with buffering, speedup, self routing and
distribution enable non-blocking, but these enhancements do not enable
services. Most switch fabric mechanisms on routers can not differentiate
service types.
As part of the buffering mechanisms in the CRS-1 fabric, unique Hi
priority and Lo priority queues are designated for both unicast and
multicast traffic in each of the stages in the fabric. Hence the overall
fabric provides a layer of granularity for differentiating low latency vs. best
effort traffic.
In addition to the queuing, the fabric is over-provisioned with 2.5x speed
up ensuring that no traffic loss will occur unless the router is heavily
oversubscribed. Hence all low latency (high priority) packets will always be
transmitted through the fabric without being dropped.
1440
Version 2.0b
Module 14
40 Gbps
8 of 8
MSC
2 X Speedup
@ S3
2 of 8
16
S1
S2
MSC
1 of 8
S1
S1
S2
S2
S1
S1
S3
S3
S2
S1
2 Levels of priority
HP Low latency path
LP Best effort traffic
S3
S2
S2
S3
S3
S3
Multicast support
1M multicast
groups
H -Unicast
H -Unicast
H -Unicast
H -Unicast
H -Multicast
H -Multicast
H -Multicast
H -Multicast
H -Unicast
H -Unicast
H -Multicast
H -Multicast
S1
RR
S2
S2
S2
H -Unicast
H -Unicast
H -Multicast
H -Multicast
H -Unicast
H -Unicast
H -Unicast
H -Unicast
H -Unicast
HH-Multicast
-Multicast
H -Unicast
H -Multicast
H -Multicast
S1
S2
H -Unicast
H -Multicast
H -Multicast
H -Multicast
S2
S2
H -Unicast
Hi Priority Cells
Lo Priority Cells
RR
H -Unicast
H -Unicast
H -Unicast
H -Unicast
H -Multicast
H -Multicast
H -Multicast
H -Multicast
H -Multicast
Version 2.0b
H -Unicast
H -Unicast
HH-Unicast
-Unicast
H -Multicast
H -Multicast
HH-Multicast
-Multicast
1441
Module 14
136 byte cells 120 byte payload, 12 byte header and 4 byte FEC
Simple 23T -> 23T & 46T -> 92T upgrade by upgrading switch cards
(and later MSCs capable of using the switch fabric cards in Phase 3)
1442
Mcast cells queued separately from unicast (also have their own high
and low priority queues)
Version 2.0b
Module 14
40 Gbps
8 of 8
MSC
2 X Speedup
@ S3
2
1
2 of 8
16
S1
S2
S1
S1
S1
S1
MSC
1 of 8
S2
S2
S1
2 Levels of priority
HP Low latency path
LP Best effort traffic
S3
S3
S3
S2
S2
S2
S3
S3
S3
Multicast support
1M multicast
groups
Version 2.0b
1443
Module 14
1444
Version 2.0b
Module 14
Version 2.0b
1445
Module 14
Traffic Class
The purpose of a traffic class is to classify traffic on your router. The classmap command is used to define a traffic class.
A traffic class contains three major elements: a name, a series of match
commands, and, if more than one match command exists in the traffic
class, an instruction on how to evaluate these match commands. The traffic
class is named in the class-map command line; for example, if you enter
the class-map premium command while configuring the traffic class in the
Modular QoS CLI (MQC), the traffic class would be named premium.
The match commands are used to specify various criteria for classifying
packets. Packets are checked to determine whether they match the criteria
specified in the match commands; if a packet matches the specified
criteria, that packet is considered a member of the class and is forwarded
according to the QoS specifications set in the traffic policy. Packets that
fail to meet any of the matching criteria are classified as members of the
default traffic class.
The instruction on how to evaluate these match commands needs to be
specified if more than one match criterion exists in the traffic class. The
evaluation instruction is specified with the class-map match-any or match-all
command. If the match-any option is specified as the evaluation instruction,
the traffic being evaluated by the traffic class must match one of the
specified criteria. If the match-all option is specified as the evaluation
instruction, the traffic being evaluated by the traffic class must match all
of the specified criteria.
1446
Version 2.0b
Module 14
Traffic Class
Version 2.0b
1447
Module 14
1448
Version 2.0b
Module 14
Version 2.0b
1449
Module 14
Creating a class-map
To create a class-map containing match criterion, use the class-map
global configuration command to specify the class-map name. Optional
match commands can be used in class-map configuration mode, as
needed.
Within the class-map configuration mode you can specify additional
criteria to match against using the match command, these criteria are:
1450
access-group
any
discard-class
dscp
mpls
precedence
protocol
qos-group
Version 2.0b
Module 14
Creating a class-map
RP/0/RP1/CPU0:P1#config
RP/0/RP1/CPU0:P1(config)#class-map routine
RP/0/RP1/CPU0:P1(config-cmap)#match precedence ipv4 routine
RP/0/RP1/CPU0:P1(config-cmap)#exit
RP/0/RP1/CPU0:P1(config)#class-map match-any variety
RP/0/RP1/CPU0:P1(config-cmap)#match precedence ipv4 critical
RP/0/RP1/CPU0:P1(config-cmap)#match access-group blockacl
RP/0/RP1/CPU0:P1(config-cmap)#match mpls experimental topmost 1
RP/0/RP1/CPU0:P1(config-cmap)#exit
RP/0/RP1/CPU0:P1(config)#
RP/0/RP1/CPU0:P1(config-cmap)#match ?
access-group
Access Group
any
Default class
discard-class
dscp
mpls
precedence
protocol
An IP Protocol Number
qos-group
Match on qos-group
RP/0/RP1/CPU0:P1(config-cmap)#match
Version 2.0b
1451
Module 14
Traffic Policy
The policy-map command is used to create a traffic policy. The purpose of a
traffic policy is to configure the QoS features that should be associated
with the traffic that has been classified in a user-specified traffic class or
classes. A traffic policy contains three elements: a name, a traffic class
(specified with the class command), and the QoS policies. The name of a
traffic policy is specified in the policy-map CLI (for example, issuing the
policy-map policy1 command would create a traffic policy named policy1).
The traffic class that is used to classify traffic to the specified traffic policy
is defined in policy map configuration mode. After choosing the traffic class
that is used to classify traffic to the traffic policy, the user can enter the
QoS features to apply to the classified traffic. This is done in policy-map
class configuration mode.
The MQC does not necessarily require that users associate only one traffic
class to one traffic policy. When packets match to more than one match
criterion, as many as 16 traffic classes can be associated to a single traffic
policy.
1452
Version 2.0b
Module 14
Traffic Policy
Version 2.0b
1453
Module 14
Creating a policy-map
To configure a policy-map, use the policy-map global configuration
command to specify the traffic policy name.
The class-map is associated with the policy-map when the class
command is used. The class command must be issued after entering
policy-map configuration mode. After entering the class command, you
are automatically in policy-map class configuration mode, which is where
the QoS policies for the traffic policy are defined.
In this example the two previously created two class maps named routine
and variety were associated with the policy-map named traffic-class using
the class command.
Within the policy-map class configuration mode you can specify:
1454
bandwidth
commit
describe
do
exit
no
police
priority
queue-limit
random-detect
service-policy
set
shape
show
Version 2.0b
Module 14
RP/0/RP1/CPU0:P1(config)#policy-map traffic-class
RP/0/RP1/CPU0:P1(config-pmap)#class routine
RP/0/RP1/CPU0:P1(config-pmap-c)#bandwidth percent 10
RP/0/RP1/CPU0:P1(config-pmap-c)#exit
RP/0/RP1/CPU0:P1(config-pmap)#class variety
RP/0/RP1/CPU0:P1(config-pmap-c)#bandwidth percent 50
RP/0/RP1/CPU0:P1(config-pmap-c)#priority
RP/0/RP1/CPU0:P1(config-pmap-c)#exit
RP/0/RP1/CPU0:P1(config-pmap)#exit
RP/0/RP1/CPU0:P1(config)#
RP/0/RP1/CPU0:P1(config-pmap)#class variety
RP/0/RP1/CPU0:P1(config-pmap-c)#?
bandwidth
bandwidth
commit
Commit the configuration changes to running
describe
Describe a command without taking real actions
do
Run an exec command
exit
Exit from this submode
no
Negate a command or set its defaults
police
Police traffic
priority
assign priority to this class
queue-limit
queue-limit
random-detect
enable random-detect
service-policy Configure QoS Service policy
set
Set QoS values
shape
Shape traffic
show
Show contents of configuration
RP/0/RP1/CPU0:P1(config-pmap-c)#
Version 2.0b
1455
Module 14
1456
Version 2.0b
Module 14
RP/0/RP1/CPU0:P1(config)#int pos0/4/0/2
RP/0/RP1/CPU0:P1(config-if)#service-policy output traffic-class
RP/0/RP1/CPU0:P1(config-if)#end
Uncommitted changes found, commit them before
exiting(yes/no/cancel)? [cancel]:y
RP/0/RP1/CPU0:P1#
RP/0/RP1/CPU0:P1(config)#sh run
Building configuration...
class-map match-any routine
match precedence ipv4 routine
!
class-map match-any variety
match mpls experimental topmost 1
match precedence ipv4 critical
match access-group ipv4 blockacl
!
policy-map traffic-class
class routine
bandwidth percent 10
!
class variety
priority
!
interface POS0/4/0/2
service-policy output traffic-class
RP/0/RP1/CPU0:P1(config)#
Version 2.0b
1457
Module 14
Displaying a policy-map
You use the show policy-map interface pos0/X/X/X to display the
statistical effects a policy-map has when applied to an interface.
1458
Version 2.0b
Module 14
Displaying a policy-map
(packets/bytes)
: 0/0
0
: 0/0
0
: 0/0
0
(rate -)
: 0
:
:
:
:
:
:
42
0
0
0
59904000
0/0
(packets/bytes)
: 72/9068
0
: 72/9068
0
: 0/0
0
(rate -)
: 0
:
:
:
:
:
:
14
0
0
0
2995200
0/0
(packets/bytes)
: 257/358833
0
: 44/3234
0
: 0/0
0
(rate -)
: 0
:
:
:
:
:
:
13
0
0
0
59904000
0/0
Version 2.0b
1459
Module 14
Summary
Data Flow and MQC QoS
In this module, you learned the following:
1460
How to describe how data flows from ingress interfaces through the
switch fabric and out through the egress interface
How to describe the IngressQ ASIC and EgressQ ASIC queuing and
shaping features
How to describe the major features of the Cisco CRS-1 switch fabric
To use MQC to create class-maps and policy-maps and attach servicepolices to an interface
Version 2.0b
Appendix A
Troubleshooting
Overview
Description
This module discusses CRS-1 modular services card (MSC) and switch
fabric card (SFC) troubleshooting. It also shows how memory and CPU
problems can be identified and resolved.
Objectives
After completing this module, you will be able to:
Version 2.0
A1
Troubleshooting
Appendix A
Operational-Level Checks
Checking the Card State
When looking at CRS-1 cards, make sure that the card is in the IOS-XR
RUN mode. The RUN mode means that IOS-XR is loaded on the card and
in full operational mode. Several other states exist, like MBI-RUNNING or
IN-RESET, which are intermediate states a card goes through when
booting.
To view the slot locations of the different nodes and the PLIM type that is
mated through the midplane, use the show platform command.
A2
Version 2.0
Appendix A
Operational-Level Checks
Normal operational
status of CRS-1 cards
that have booted is
IOS-XR RUN.
RP/0/RP1/CPU0:mttr-1#sh platform
Node
Type
PLIM
State
Config State
-------------------------------------------------------------------------------------------------------------------------0/1/SP
MSC(SP)
0/1/CPU0
MSC
N/A
IOS-XR RUN
4OC192-POS/DPT
PWR,NSHUT,MON
IOS-XR RUN
PWR,NSHUT,MON
0/RP1/CPU0 RP(Active)
N/A
IOS-XR RUN
PWR,NSHUT,MON
0/SM0/SP
N/A
IOS-XR RUN
PWR,NSHUT,MON
FC/S(SP)
Version 2.0
A3
Troubleshooting
Appendix A
Resetting a Card
To reset a CRS-1 card, use the hw-module node < r s i > reload
command. This command causes a complete reset of that card. The
software, configuration, drivers, and routing and forwarding tables are
reloaded.
A4
Version 2.0
Appendix A
Operational-Level Checks
Resetting a Card
Version 2.0
A5
Troubleshooting
Appendix A
A6
Version 2.0
Appendix A
Operational-Level Checks
Version 2.0
A7
Troubleshooting
Appendix A
A8
Version 2.0
Appendix A
RP/0/RP1/CPU0:mttr-1# top
98 processes; 320 threads;
Write down
CPU states: 0.0% idle, 39.2% user, 60.7% kernel
thread ID for
Memory: 1024M total, 202M avail, page size 4K
isolation
CPU COMMAND
38.03% gsp
33.94% procnto-600-smp-cisco-instr
26.83% procnto-600-smp-cisco-instr
0.39% ipv4_fib_mgr
Version 2.0
A9
Troubleshooting
Appendix A
A10
Version 2.0
Appendix A
Version 2.0
A11
Troubleshooting
Appendix A
A12
Version 2.0
Appendix A
Version 2.0
Process
tcam_mgr
dllmgr
eth_server
gsp
pkgfs
netio
sysdb_svr_local
fqm
wdsysmon
mpls_lfd
A13
Troubleshooting
Appendix A
A14
Version 2.0
Appendix A
From
fabric
fabricq 0|1
(SPONGE)
pse 1
(METRO)
Egressq
(SHARQ)
To
line
cpuctrl
(SQUID)
pla
(MOOSE 0|1)
Aka
reindeer/bambi
From
line
To
fabric
ingressq
(SPRAYER)
pse
(METRO) 0
Version 2.0
A15
Troubleshooting
Appendix A
Ingress
Troubleshooting Ingress Interfaces
To see whether any packets have been dropped or there are any input and
output errors, use the show interface command. Usage of this command
is a good first step to take to look for any errors that are occurring on a
particular interface.
In this example, you see 57 input errors and 28 cyclic redundancy check
(CRC) in the input direction, which you can then investigate.
You also see that the pla (Moose) ASIC is the interface controller, which
means all traffic to and from the interface must pass through it. So, a good
next step is to look at the pla (Moose) ASIC and see if there are any errors.
A16
Version 2.0
Appendix A
Ingress
Version 2.0
A17
Troubleshooting
Appendix A
A18
Version 2.0
Appendix A
Ingress
Version 2.0
A19
Troubleshooting
Appendix A
In the pla (Moose) troubleshooting output shown on the oppose page, you
see the categories of packet sizes received and sent and the total number of
packet byte counters. These categories are more for statistical information
rather than troubleshooting, but they result from the troubleshooting
process.
A20
Version 2.0
Appendix A
Ingress
POS0/2/0/2 Rx Statistics
------------------------------------------------------------------------------TotalOctets
: 1904958626719
TotalPkts
: 3882676509
UnicastPkts
: 3882676509
MulticastPkts
:0
BroadcastPkts
:0
64Octets
:2
65to127Octets
: 1584114119
128to255Octets : 149750275
256to511Octets : 390598060
512to1023Octets : 1178976903
1024to1518Octets : 579127866
1519to1548Octets : 1
1549to9216Octets : 10763
>9216Octets
:0
BadCRCPkts
:0
BadCodedPkts
:0
Runt
:0
ShortPkts
: 98520
802.1QPkts
:0
Drop
:0
PausePkts
:0
ControlPkts
:0
Jabbers
:0
BadPreamble
:0
POS0/2/0/2 Drop
------------------------------------------------------------------------------RxFiFO Drop
: 49
PAR Tail Drop : 0
TxFIFO Drop
:0
Version 2.0
A21
Troubleshooting
Appendix A
A22
Version 2.0
Appendix A
Ingress
Node: 0/0/cpu0:
---------------------------------------Look to make sure device
PSE 0, Summary Info:
state is up, indicating that
------------------------------------------------Metro is active
<text omitted>
DeviceState : 0 (UP)
StartupOpts : 00000000 MmappedBase : 0x609b0000
ClsDisMask : 0x1000 NFusedPPEs : 199 (188 hwf, 11 swf)
MPUcodeName : /pkg/gsr/ucode/ingress_mp_v1.mucode
PPEUcodeName: /pkg/gsr/ucode/ingr ess_turbo_pos_v1.mucode
INTR-Status : 00000000 INTR-Enable : 0x7ffffe
NColdResets : 1
NWarmResets : 0
Check for excessive resets,
NResetRetry : 0
which indicate hardware
NIntrtps : 3
NIntrptThrot: 0
problems
Version 2.0
A23
Troubleshooting
Appendix A
A24
Version 2.0
Appendix A
Ingress
RP/0/RP1/CPU0:mttr-1# show cont pse statistics loc 0/0/cpu0 | exclude ": 0"
.
PSE 0, Statistics Info:
CDP : 1442 (informational number of CDP packets received)
DROP_IPV4_CHECKSUM_ERROR : 2534657
DUMMY_COUNTER : 1131918326098 (indicates idle packets sent on a link)
.
PSE 1, Statistics Info: !! (this displays the SECOND PSE asic )
DROP_L3_LOAD_INFO : 2651376
DUMMY_COUNTER : 1131912204019
Dummy counters do not
Version 2.0
A25
Troubleshooting
Appendix A
A26
Version 2.0
Appendix A
Ingress
To determine whether packets punted by PSE (not for data path) are dropped:
RP/0/RP1/CPU0:mttr-1# show controllers cpuctrl ports ingressq pdma all
RP/0/33/1# show controllers cpuctrl ports ingressq pdma all active loc 0/0/cpu0| include errors
Rx Pkt errors = 0
Rx NoBuffers = 0
Rx NoBufferLimit = 0
Rx Pkt errors = 0
Rx NoBuffers = 0
Rx NoBufferLimit = 0
Rx Pkt errors = 0
Rx NoBuffers = 0
Rx NoBufferLimit = 0
Rx Pkt errors = 0
Rx NoBuffers = 0
Rx NoBufferLimit = 0
Rx Pkt errors = 0
Rx NoBuffers = 0
Rx NoBufferLimit = 0
Rx Pkt errors = 0
Rx NoBuffers = 0
Rx NoBufferLimit = 0
Rx Pkt errors = 0
Rx NoBuffers = 0
Rx NoBufferLimit = 0
Version 2.0
A27
Troubleshooting
Appendix A
With this command, you can find out whether the ingressq ASIC is
receiving any packets from the PSE (Metro) and cpuctrl (Squid) ASICs,
and how many such packets are being dropped. Note, too, that packets
marked as received from or transmitted to the CPU are being transmitted
to the cpuctrl FPGA, which is the traffic cop for every packet that is sent
to the CPU by the punt path.
Note that the rx pkts (received packets) and tx pkts (transmitted
packets) counters are nearly identical. These two counters identify the
number of packets received from the PSE ASIC and then forwarded to the
fabric. A counter in the example displays 2 as the number of packets
dropped due to length errors. This number is the difference between the
two counters. The cells dropped are equal to the number of packets because
they were probably dropped during cell assembly and reassembly.
Now take a look at the tx cells to fabric counter and note that this
number does not have to be equaland it most likely never willto the
number of packets sent because a cell does not always map directly to a
packet received.
A28
Version 2.0
Appendix A
Ingress
Ingressq Rx Statistics.
Packets received
-----------------------------------------------------------------------from Metro
rx pkts
:
1281816 (
645169854 bytes)
rx pkts from cpu
:
487579 (
110400014 bytes)
rx control pkts from cpu
:
487579 (
110400014 bytes)
Packets
sent to
rx data pkts from cpu
:
0 (
0 bytes)
the fabric
Ingressq Tx Statistics.
-----------------------------------------------------------------------tx pkts
:
1281814 (
653384420 bytes)
tx pkts to cpu
:
794227 (
534768680 bytes)
tx control pkts to cpu
:
794217 (
534767520 bytes)
tx data pkts to cpu
:
10 (
1160 bytes)
tx pkts shaped
:
487587 (
118615740 bytes)
tx cells to fabric
:
1290015
Ingressq Drops.
-----------------------------------------------------------------------length error drops
:
2
crc error drops
:
97273
OOR error drops
:
0
Difference between
backpressure discard drops :
0
the two preceding
tail drops
:
0
counters
cell drops
:
2
Version 2.0
A29
Troubleshooting
Appendix A
The EIO link between the ingressq and PSE ASICs has gone bad.
A software bug has caused the ingressq ASIC to enable the EIO link
before waiting for the link to be fully trained.
The implication of an error means that the ingressq ASIC could be losing
packets if the counter keeps increasing at run time. If this loss happens,
look at the state of the EIO link at the ingressq ASIC with the following
command:
show controller ingressq eio link all loc <>
This command tells you if either the link training failed or the link is
getting trained multiple times. You need to consider the health of that
ingressq EIO link when you see CRC errors.
A30
Version 2.0
Appendix A
Ingress
Ingressq Rx Statistics.
Packets received
-----------------------------------------------------------------------from Metro
rx pkts
:
1281816 (
645169854 bytes)
rx pkts from cpu
:
487579 (
110400014 bytes)
rx control pkts from cpu
:
487579 (
110400014 bytes)
Packets
sent to
rx data pkts from cpu
:
0 (
0 bytes)
the fabric
Ingressq Tx Statistics.
-----------------------------------------------------------------------tx pkts
:
1281814 (
653384420 bytes)
tx pkts to cpu
:
794227 (
534768680 bytes)
tx control pkts to cpu
:
794217 (
534767520 bytes)
tx data pkts to cpu
:
10 (
1160 bytes)
tx pkts shaped
:
487587 (
118615740 bytes)
tx cells to fabric
:
1290015
Ingressq Drops.
-----------------------------------------------------------------------length error drops
:
2
crc error drops
:
97273
OOR error drops
:
0
Difference between
backpressure discard drops :
0
two preceding
tail drops
:
0
counters
cell drops
:
2
Version 2.0
A31
Troubleshooting
Appendix A
Egress
Fabricq (Sponge)
Packets arriving from the fabric first come into the fabricq (Sponge) ASIC.
Two fabricq ASICs exist for each MSC, and buffering is done in the fabricq
because packets are being drawn from the fabric faster than the card can
actually process them.
Note that an input cell counter refers to cells received from the fabric.
Immediately following these cell counters is a counter that shows the total
number of packets reassembled by the fabricq ASIC. Two different sets of
counters also occur, one for each of the fabricq ASICs.
A32
Version 2.0
Appendix A
Egress
Fabricq (Sponge)
Refers to cells
received from
the fabric
32
Version 2.0
A33
Troubleshooting
Appendix A
The packet counters are divided by ASIC level, with the second ASIC
information continuing after fabricq ASIC 0.
A34
Version 2.0
Appendix A
Egress
Dropped packets
+----------------------------------------------------------+
Ucast pkts
:
0 (+
0)
Mcast pkts
:
0 (+
0)
Cpuctrlcast pkts
:
0 (+
0)
Vital denied pkts
:
0 (+
0)
NonVital denied pkts :
0 (+
0)
Unicast lost pkts
:
5395 (+
0)
Ucast partial pkts
:
0 (+
0)
PSM OOR Drops
:
0 (+
0)
Location: 0/2/CPU0
Asic Instance: 1
Fabric Destination Address: 33
Input Cell counters:
+----------------------------------------------------------+
Data cells
: 25730549142 (+
15121398 )
Control cells
: 1097010241
(+
534738 )
Idle cells
: 6025247961239 (+ 2933063120 )
Reassembled packet counters
+----------------------------------------------------------+
Ucast pkts
: 3751617451 (+ 2204902 )
Mcast pkts
:
0 (+
0)
Cpuctrlcast pkts
:
0 (+
0)
Dropped packets
+----------------------------------------------------------+
Ucast pkts
:
0 (+
0)
Mcast pkts
:
0 (+
0)
Cpuctrlcast pkts :
0 (+
0)
Vital denied pkts :
0 (+
0)
NonVital denied pkts :
0 (+
0)
Unicast lost pkts :
7831 (+
7831)
Ucast partial pkts :
0 (+
0)
PSM OOR Drops
:
0 (+
0)
Version 2.0
A35
Troubleshooting
Appendix A
Egressq (Sharq)
From the previous commands, you can figure out the state of the egressq
(Sharq) ASIC by looking at the ASIC state. During normal operation, the
state should display normal.
You can look at traffic statistics to see the number of packets (and bytes)
received from the PSE ASIC and sent to the PLA ASIC. Counters also exist
that let you look at packets dropped by the PSE and Squid ASICs.
A36
Version 2.0
Appendix A
Egress
Egressq (Sharq)
Version 2.0
A37
Troubleshooting
Appendix A
A38
Version 2.0
Appendix A
S1
S1
S1
S1
S1
S1
S1
S1
S1
S1
S1
S1
S1
S1
S1
S3
Sprayer
Port
S1
LINE CARD
S3
S3
S3
S2 S3
S3
S3
S3
S1
S1
S1
S1
S1
S1
S1
FABRIC CARDS
Version 2.0
Port
Sponge
S1
Sprayer
S
2
S3
S3
S3
S3
S3
S3
S3
S3
S3
S3
S3
S3
S3
Sponge
S3
S3
S3
LINE CARD
A39
Troubleshooting
Appendix A
A40
Version 2.0
Appendix A
Version 2.0
A41
Troubleshooting
Appendix A
A42
Version 2.0
Appendix A
To see how many cells have been transmitted across each plane:
RP/0/RP1/CPU0:mttr-1# admin show controller fabric plane all stat
Version 2.0
A43
Troubleshooting
Appendix A
A44
Version 2.0
Appendix A
Version 2.0
A45
Troubleshooting
Appendix A
A46
Version 2.0
Appendix A
RP/0/RP1/CPU0:mttr-1#
Version 2.0
A47
Troubleshooting
Appendix A
Summary
Troubleshooting
In this module, you learned to:
A48
Version 2.0
Appendix B
Student Evaluation
Version 2.0
B1