Professional Documents
Culture Documents
RAX711-R (A) Configuration Guide (Rel - 05)
RAX711-R (A) Configuration Guide (Rel - 05)
RAX711-R (A) Configuration Guide (Rel - 05)
com
RAX711-R (B)
Configuration Guide
(Rel_05)
Raisecom Technology Co., Ltd. provides customers with comprehensive technical support and services. For any
assistance, please contact our local office or company headquarters.
Website: http://www.raisecom.com
Tel: 8610-82883305
Fax: 8610-82883056
Email: export@raisecom.com
Address: Raisecom Building, No. 11, East Area, No. 10 Block, East Xibeiwang Road, Haidian District, Beijing,
P.R.China
Postal code: 100094
-----------------------------------------------------------------------------------------------------------------------------------------
Notice
Copyright © 2018
Raisecom
All rights reserved.
No part of this publication may be excerpted, reproduced, translated or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in Writing from Raisecom
Technology Co., Ltd.
Preface
Objectives
This document introduces features and related configurations supported by the RAX711-R,
including basic principles and configuration procedures of basic configurations, zero-
configuration, interface management, Ethernet, IP services, routing, MPLS, OAM, QoS,
network reliability, security, and system management and maintenance. In addition, this
document provides related configuration examples. The appendix of this document provides
terms, acronyms, and abbreviations involved in this guide.
This document helps you master principles and configurations of the RAX711-R
systematically, as well as networking with the RAX711-R.
Versions
The following table lists the product versions related to this document.
Conventions
Symbol conventions
The symbols that may be found in this document are defined as below.
Raisecom
RAX711-R (B) Configuration Guide Preface
Symbol Description
Indicate a hazard with a medium or low level of risk which, if
not avoided, could result in minor or moderate injury.
Indicate a tip that may help you solve a problem or save time.
General conventions
Convention Description
Times New Roman Normal paragraphs are in Times New Roman.
Arial Paragraphs in Warning, Caution, Notes, and Tip are in Arial.
Command conventions
Convention Description
Convention Description
{ x | y | ... } * Alternative items are grouped in braces and separated by
vertical bars. A minimum of one or a maximum of all can be
selected.
[ x | y | ... ] * Optional alternative items are grouped in square brackets and
separated by vertical bars. A minimum of none or a maximum
of all can be selected.
Change history
Updates between document versions are cumulative. Therefore, the latest document version
contains all updates made to previous versions.
Issue 05 (2018-02-10)
Fifth commercial release
Added GRE tunnel.
Added the emulated Ethernet test.
Added the Y.1564 test.
Modified the RFC2544 test.
Modified BFD.
Added configuration examples for some modules.
Optimized some contents.
Issue 04 (2017-03-20)
Fourth commercial release
Added LDP MD5.
Added L3VPN PE-CE EBGP.
Raisecom
RAX711-R (B) Configuration Guide Preface
Issue 03 (2016-11-30)
Third commercial release
Added the RAX711-R-4GC4E1-BL-S (A.10).
Added the RAX711-R-4GC4E1-S (A.10).
Added the RAX711-R-4GC (A.10).
Added the RAX711-R-4GE (A.10).
Issue 02 (2015-08-20)
Second commercial release
Added L2CP.
Synchronous Ethernet is added.
MPLS TE is added.
MPLS TE protection is added.
BFD for multiple PWs is added.
PW redundancy is added.
Interface backup is added.
ISIS which supports multi-process is added.
Expanded OAM which supports routing interface is added.
Other functionalities are added.
Issue 01 (2015-03-20)
Initial commercial release
Raisecom
RAX711-R (B) Configuration Guide Preface
Contents
4 Ethernet ......................................................................................................................................... 52
4.1 Configuring VLAN ........................................................................................................................................ 52
4.1.1 Preparing for configurations ................................................................................................................. 52
4.1.2 Configuring VLAN properties .............................................................................................................. 53
4.1.3 Configuring VLANs based on Access interfaces .................................................................................. 53
4.1.4 Configuring VLANs based on Trunk interfaces .................................................................................... 54
4.1.5 Checking configurations ....................................................................................................................... 54
4.2 Configuring MAC address table..................................................................................................................... 55
4.2.1 Preparing for configurations ................................................................................................................. 55
4.2.2 Configuring static MAC address table .................................................................................................. 55
4.2.3 Configuring dynamic MAC address table ............................................................................................. 55
4.2.4 Configuring blackhole MAC address .................................................................................................... 56
4.2.5 Checking configurations ....................................................................................................................... 57
4.2.6 Maintenance .......................................................................................................................................... 57
4.3 Configuring QinQ .......................................................................................................................................... 58
4.3.1 Preparing for configurations ................................................................................................................. 58
4.3.2 Configuring basic QinQ ........................................................................................................................ 58
4.3.3 Configuring VLAN mapping based on QinQ ....................................................................................... 58
4.3.4 Checking configurations ....................................................................................................................... 59
4.4 Configuring LLDP ......................................................................................................................................... 59
4.4.1 Preparing for configurations ................................................................................................................. 59
4.4.2 Enabling global LLDP .......................................................................................................................... 60
4.4.3 Enabling interface LLDP ...................................................................................................................... 60
4.4.4 Configuring LLDP basic functions ....................................................................................................... 60
4.4.5 Configuring LLDP Trap ........................................................................................................................ 61
Raisecom
RAX711-R (B) Configuration Guide Preface
6 IP services ..................................................................................................................................... 79
6.1 Configuring interface IP address .................................................................................................................... 79
6.1.1 Preparing for configurations ................................................................................................................. 79
6.1.2 Configuring interface IPv4 address ....................................................................................................... 79
6.1.3 Checking configurations ....................................................................................................................... 80
6.2 Configuring DHCPv4 client ........................................................................................................................... 80
6.3 Configuring ARP ............................................................................................................................................ 81
6.3.1 Preparing for configurations ................................................................................................................. 81
6.3.2 Configuring ARP .................................................................................................................................. 82
6.3.3 Checking configurations ....................................................................................................................... 82
6.4 Configuring fault detection ............................................................................................................................ 83
6.4.1 Configuring task scheduling ................................................................................................................. 83
6.4.2 PING ..................................................................................................................................................... 83
6.4.3 Traceroute ............................................................................................................................................. 84
6.5 Maintenance ................................................................................................................................................... 84
6.6 Configuration examples ................................................................................................................................. 84
6.6.1 Example for configuring DHCPv4 client .............................................................................................. 84
6.6.2 Example for configuring ARP ............................................................................................................... 86
Raisecom
RAX711-R (B) Configuration Guide Preface
7 IP routing ...................................................................................................................................... 88
7.1 Configuring routing management .................................................................................................................. 88
7.1.1 Preparing for configurations ................................................................................................................. 88
7.1.2 Configuring routing management ......................................................................................................... 88
7.1.3 Configuring IP FRR .............................................................................................................................. 89
7.1.4 Configuring BFD .................................................................................................................................. 89
7.1.5 Checking configurations ....................................................................................................................... 89
7.2 Configuring static route .................................................................................................................................. 90
7.2.1 Preparing for configurations ................................................................................................................. 90
7.2.2 Configuring static route ........................................................................................................................ 90
7.3 Configuring routing policy ............................................................................................................................. 90
7.3.1 Configuring IP prefix-list ...................................................................................................................... 90
7.3.2 Configuring route mapping table .......................................................................................................... 91
7.3.3 Checking configurations ....................................................................................................................... 94
7.4 Configuring OSPF .......................................................................................................................................... 94
7.4.1 Configuring OSPF routing process ....................................................................................................... 94
7.4.2 Configuring OSPF special area ............................................................................................................. 95
7.4.3 Configuring OSPF network type ........................................................................................................... 96
7.4.4 Configuring OSPF routing information control .................................................................................... 98
7.4.5 Configuring OSPF interface ................................................................................................................ 101
7.4.6 Configuring OSPF authentication mode ............................................................................................. 104
7.4.7 Configuring OSPF routing policy ....................................................................................................... 105
7.4.8 Configuring OSPF GR ........................................................................................................................ 107
7.4.9 Configuring BFD for OSPF ................................................................................................................ 107
7.4.10 Configuring OSPF for MPLS-TE ..................................................................................................... 108
7.4.11 Checking configurations ................................................................................................................... 108
7.4.12 Maintenance ...................................................................................................................................... 109
7.5 Configuring ISIS .......................................................................................................................................... 109
7.5.1 Configuring ISIS basic function.......................................................................................................... 109
7.5.2 Configuring ISIS routing property ...................................................................................................... 110
7.5.3 Configuring ISIS network ................................................................................................................... 111
7.5.4 Optimizing ISIS network .................................................................................................................... 112
7.5.5 Configure ISIS authentication ............................................................................................................. 115
7.5.6 Controlling ISIS routing information .................................................................................................. 115
7.5.7 Configuring ISIS BFD ........................................................................................................................ 116
7.5.8 Configuring ISIS GR .......................................................................................................................... 117
7.5.9 Configuring ISIS TE ........................................................................................................................... 117
7.5.10 Checking configurations ................................................................................................................... 118
7.5.11 Maintenance ...................................................................................................................................... 118
7.6 Configuring BGP ......................................................................................................................................... 118
7.6.1 Configuring BGP basic functions........................................................................................................ 118
7.6.2 Configuring BGP route advertisement ................................................................................................ 119
Raisecom
RAX711-R (B) Configuration Guide Preface
13 Security...................................................................................................................................... 303
13.1 Configuring storm control .......................................................................................................................... 303
13.1.1 Preparing for configurations ............................................................................................................. 303
Raisecom
RAX711-R (B) Configuration Guide Preface
Figures
Figure 8-1 Configuring static bidirectional LSP without IP capability .............................................................. 154
Figure 9-2 Configuring static Tunnel to carry static VPWS services ................................................................. 180
Figure 9-3 Configuring RSVP-TE-based dynamic Tunnel to carry dynamic VPWS services ........................... 183
Figure 12-3 Flow for configuring PW dual-homed protection switching .......................................................... 279
Raisecom
RAX711-R (B) Configuration Guide 1 Basic configurations
Figure 14-2 Configuring rate limiting based on traffic policy ........................................................................... 337
Figure 14-3 Configuring queue scheduling and congestion avoidance .............................................................. 340
Figure 14-4 Configuring interface-based rate limiting ....................................................................................... 343
Tables
Table 14-1 Bandwidth statistics in the case of MPLS QoS CAR configurations ............................................... 346
Raisecom
RAX711-R (B) Configuration Guide 1 Basic configurations
1 Basic configurations
This chapter describes basic information and configuration procedures of the RAX711-R, as
well as related configuration examples, including following sections:
CLI
Accessing device
Backup and upgrade
Remote zero-configuration
Network management
Configuring RMON
1.1 CLI
1.1.1 Overview
The Command-line Interface (CLI) is a medium for you to communicate with the RAX711-R.
You can configure, monitor, and manage the RAX711-R through the CLI.
You can log in to the RAX711-R through the terminal equipment or through a computer that
runs the terminal emulation program. Enter commands at the system prompt.
The CLI supports following features:
Configure the RAX711-R locally through the Console interface.
Configure the RAX711-R locally or remotely through Telnet/Secure Shell v2 (SSHv2).
Commands are classified into different levels. You can execute the commands that
correspond to your level only.
The commands available to you depend on which mode you are currently in.
Shortcut keys can be used to execute commands.
Check or execute a historical command by checking command history. The last 20
historical commands can be saved on the RAX711-R.
Enter a question mark (?) at the system prompt to obtain online help.
The RAX711-R supports multiple intelligent analysis methods, such as fuzzy match and
context association.
1.1.2 Levels
The RAX711-R classifies CLI into 16 levels in a descending order:
0–4: checking level. You can execute basic commands, such as ping, clear, and history,
for performing network diagnostic function, clearing system information, and showing
command history.
5–10: monitoring level. You can execute commands, such as show, for system
maintenance.
11–14: configuration level. You can execute commands for configuring services, such as
Virtual Local Area Network (VLAN) and Internet Protocol (IP) routing.
15: management level. You can execute commands for running systems.
1.1.3 Modes
The command mode is an environment where a command is executed. A command can be
executed in one or multiple certain modes. The commands available to you depend on which
mode you are currently in.
After connecting the RAX711-R, enter the user name and password to enter the user EXEC
mode, where the following command is displayed:
Raisecom>
Enter the enable command and press Enter. Then enter the correct password, and press
Enter to enter privileged EXEC mode. The default password is raisecom.
Raisecom>enable
Password:
Raisecom#
In privileged EXEC mode, enter the config command to enter global configuration mode.
Raisecom#config
Raisecom(config)#
The CLI prompts Raisecom is a default host name. You can modify it by executing
the hostname string command in privileged EXEC mode.
Commands executed in global configuration mode can also be executed in other
modes. The functions vary on command modes.
You can enter the exit or quit command to return to the upper command mode.
However, in privileged EXEC mode, you need to execute the disable command to
return to user EXEC mode.
You can enter the end command to return to privileged EXEC mode from any
modes but user EXEC mode or privileged EXEC mode.
Command modes supported by the RAX711-R are listed in the following table.
Keystroke Description
Press the up arrow (↑) key. The previous command is displayed. If no previous
command is available, no change is shown on the
screen after you press the key.
Press the down arrow (↓) key. The next command is displayed. If no previous
command is available, no change is shown on the
screen after you press the key.
Press the left arrow (←) key. Move the cursor back one character. If the cursor is in
front of the command, no change is shown on the
screen after you press the key.
Keystroke Description
Press the right arrow (→) key. Move the cursor forward one character. If the cursor is
behind the command, no change is shown on the
screen after you press the key.
Press the Backspace key. Erase the character to the left of the cursor. If the
cursor is in front of the command, no change is shown
on the screen after you press the key.
Press the Tab key. When you press it after entering a complete keyword,
the cursor moves forward a space. When you press it
again, the keywords matching the complete keyword
are displayed.
When you press it after entering an incomplete
keyword, the system automatically executes some
commands:
If the incomplete keyword matches a unique
complete keyword, the unique complete keyword
replaces the incomplete keyword, with the cursor
forward a space from the unique complete keyword.
If the incomplete keyword matches no or more
complete keywords, the prefix is displayed. You can
press the Tab key to alternate the matched complete
keywords, with the cursor at the end of the matched
complete keyword. Then, press the Space bar to
enter the next keyword.
If the incomplete keyword is wrong, you can press
the Tab key to wrap, and then error information is
displayed. However, the input incomplete keyword
remains.
Press Ctrl + A. Move the cursor to the beginning of the command line.
Press Ctrl + C. The ongoing command will be interrupted, such as
ping, and traceroute.
Press Ctrl + D or the Delete Delete the character at the cursor.
key.
Press Ctrl + E. Move the cursor to the end of the command line.
Press Ctrl + K. Delete all characters from the cursor to the end of the
command line.
Press Ctrl + X. Delete all characters from the cursor to the beginning
of the command line.
Press Ctrl + Z. Return to privileged EXEC mode from the current
mode (excluding user EXEC mode).
Press the Space bar or y. Scroll down one screen.
Press the Enter key. Scroll down one line.
Complete help
You can acquire complete help under following three conditions:
You can enter a question mark (?) at the system prompt to display a list of commands
and brief descriptions available for each command mode.
Raisecom>?
After you enter a keyword, press the Space and enter a question mark (?), all correlated
commands and their brief descriptions are displayed if the question mark (?) matches
another keyword.
Raisecom(config)#ntp ?
After you enter a parameter, press the Space and enter a question mark (?), associated
parameters and descriptions of these parameters are displayed if the question mark (?)
matches a parameter.
Raisecom(config)#interface ip ?
Incomplete help
You can acquire incomplete help under following three conditions:
After you enter part of a particular character string and a question mark (?), a list of
commands that begin with a particular character string is displayed.
Raisecom(config)#c?
cespw cespw
cfm Connectivity fault management protocol
class-map Set class map
clear Clear screen
clock-mgmt Clock management
command-log Log the command to the file
cpu Configure cpu parameters
create Create static VLAN
After you enter a command, press the Space, and enter a particular character string and a
question mark (?), a list of commands that begin with a particular character string is
displayed.
Raisecom(config)#show li?
After you enter a partial command name and press the Tab, the full form of the keyword
is displayed if there is a unique match command.
Error messages
The following table lists some error messages that you might encounter while using the CLI
to configure the RAX711-R.
The Console interface of the RAX711-R is a Universal Serial Bus (USB) A-shaped
female interface, which is translated into a Universal Asynchronous
Receiver/Transmitter (UART) in the device.
The Console interface is used as an interface for the RAX711-R being connected to a PC that
runs the terminal emulation program. You can configure and manage the RAX711-R through
this interface. This management method does not involve network communication.
You must log in to the RAX711-R through the Console interface under the following 2
conditions:
The RAX711-R is powered on for the first time.
You cannot log in to the RAX711-R through Telnet.
To log in to the RAX711-R through the Console interface, follow these steps:
Before logging in to the RAX711-R through the USB interface, install the driver for
translating the USB interface into the UART interface to the PC. To download the
driver, visit http://www.raisecom.com.cn/support.php and then click
USB_Console_Driver.
Step 1Use the configuration cable with dual USB male interfaces to connect the Console interface
of the RAX711-R with the USB interface of the PC, as shown in Figure 1-1.
Step 2Run the terminal emulation program on the PC, such as Hyper Terminal on Microsoft
Windows XP. Enter the connection name at the Connection Description dialog box and then
click OK.
Step 3Select COM N (N refers to the COM interface ID into which the USB interface is translated.)
at the Connect To dialog box and then click OK.
Step 4Configure parameters as shown in Figure 1-2 and then click OK
Step 5 Enter the configuration interface and then enter the user name and password to log in to the
RAX711-R. By default, both the user name and password are set to raisecom.
System files
System files are the software/files required for running the device, including the system
Bootrom file, system configuration file, system startup file, and FPGA file. In general, these
files are saved to the memory of the device.
File management refers to backing up, upgrading, loading, and deleting system files.
PAF file
PAF, which has defined various specifications supported by the device, is for controlling the
function and specification of the device, such as zero-configuration for local and remote
devices. You can know the specification supported by the device through the values. The
following examples illustrate several main values.
ZERO_CONFIG_MODE_CLIENT: if the value is configured to 0, it means that the
zero-configuration supported by the remote device is off; if the value is configured to 1,
it means that the zero-configuration supported by the remote device is on.
ZERO_CONFIG_MODE_CLIENT: the prerequisite is that the
"ZERO_CONFIG_MODE_CLIENT=1". If the value is configured to 0, it means that the
zero-configuration supported by Telecom is off; if the value is configured to 1, it means
that the zero-configuration supported by Telecom is on. To realize the zero-configuration
scheme supported by Telecom, you have to apply for the IP address only on the uplink
interface.
ZERO_CONFIG_MANAGE_VLAN: if the value is configured to 0, it means that the
management VLAN is not configured. Thus, the remote device will go through all the
VLANs while it is traversing the IP address automatically.
You can download the parameters to the device through the download command after they
are configured. They will take effect after the device is rebooted by the reboot command.
Other functions of PAF files:
Customize the default IP address of the SNMP interface.
Support naming conventions based on product version. For example, the PAF files can
be named "product version.paf".
Backup
Backup refers to copying the saved system file from the device memory to the server memory
for recovering the backup file when the device fails. This ensures that the device works
properly. You need to recover the old system file in the following cases:
The system file is lost or damaged because the device fails.
The device works improperly because of upgrade failure.
The RAX711-R supports backing up the system configuration file, system startup file, and
system log file.
Upgrade
To resolve the following problems, you can upgrade the device:
Adding new features to the device
Releasing the new software after fixing Bugs of the current software
The RAX711-R supports being upgraded through the following 2 modes:
FTP upgrade in BootROM mode
FTP/TFTP upgrade in system configuration mode
The RAX711-R supports IPv4-based FTP/TFTP.
Raisecom#reboot
Please input 'yes' to confirm:yes
Rebooting ...
begin...
Step Operation
2 Press Space to enter the raisecom interface when "Press space into Bootstrap menu..." appears on the
screen, then input "?" to display the command list:
[Raisecom]:?
? print this list
h print this list
b boot system
uf filename upload file
ls list files
R filename remove file
i modify network manage port ip address
r reboot system
ss switch system
u update system
ub update bootrom
ul update license
Ensure the input file name is correct. In addition, the file name should not be longer than
80 characters.
Step Operation
4 Enter "ss" and correctly select the system boot file to be loaded when the RAX711-R is booted next
time.
[Raisecom]:ss
Current boot info:
primary:core/RAX711-RP1R2C20_package.zRAX711-R.z
current:core/RAX711-RP1R2C20-RP1R1C00_package.zRAX711-R
Index Partition Free Size(byte)
--------------------------------------------------
1 core/ 36143104
Please select a partition: 1
Index Filename system-version
---------------------------------------------------------------------------
1 RAX711-RP1R2C20-RP1R1C00_package.zRAX711-R
v1.0.0_20180125
Please select a image for next booting: 1
Save boot info...successful!
5 Enter "r" to execute the bootstrap file quickly. The RAX711-R will be rebooted and upload the
downloaded system boot file.
Scenario
The remote devices are scattered at the user side of the network. It consumes a lot of time and
efforts to configure them. Remote zero-configuration supports applying for network
management parameters, such as the management IP address, management VLAN, and
default gateway, after the devices are powered on. Therefore, devices can be managed quickly.
This improves the efficiency for configuring devices.
In general, remote devices can automatically apply for IP addresses when they are properly
connected to the local device and zero-configuration server of the local device is configured
properly. To change parameters about remote zero-configuration, see contents of this section.
Configurations in this section fit for RAX711-R remote devices that are connected to the
zero-configuration server indirectly.
When the remote zero-configuration is configured based on DHCP, the remote device
support using the IP address automatically obtained on Loopback 1 and being managed
through the IP address of Loopback 1.
When the remote zero-configuration is configured based on extended OAM, the remote
device support using the IP address automatically obtained on Loopback 1 and being
managed through the IP address of Loopback 1.
Prerequisite
Both the local and remote devices are configured with zero-configuration mode.
No interface of the remote device is configured with the management VLAN.
The uplink interface is UP.
You can configure the IP address manually based on the Layer 3 physical
interface, sub-interface, VLAN interface, or Layer 3 Trunk interface.
Scenario
When you need to log in to the RAX711-R through the NView NNM system, you need to
configure SNMP basic functions for the RAX711-R.
Prerequisite
Configure the IP address of the SNMP interface.
Configure the route, making the route between the RAX711-R and the NView NNM
system reachable.
Configuring SNMP v3
Step Command Description
1 Raisecom#config Enter global configuration
mode.
2 Raisecom(config)#snmp-server access group-name [ read Create and configure the
view-name ] [write view-name ] [notify view- SNMP access group.
name ][ context context-name { exact | prefix } ] usm
{ noauthnopriv | authnopriv | authpriv }
3 Raisecom(config)#snmp-server group name user user usm (Optional) configure the
mapping between users and
the SNMP access group.
4 Raisecom(config)#snmp-server contact syscontact (Optional) configure the
identifier and contact
information of the
administrator.
5 Raisecom(config)#snmp-server host ip-address version 3 Configure the IP address of
{ noauthnopriv | authnopriv | authpriv } user-name the SNMP target host.
[ udpport udpport ]
6 Raisecom(config)#snmp-server location sysLocation (Optional) specify the physical
location of the RAX711-R.
7 Raisecom(config)#snmp-server user user-name [ remote Create the user name and
engine-id ] authentication { md5 | sha } key-word configure the authentication
mode.
8 Raisecom(config)#snmp-server view view-name oid-tree Configure the SNMP view.
[ mask] { included | excluded }
3 Raisecom(config)#snmp-server contact
contact (Optional) configure the identifier and
contact mode of the administrator.
Steps for configuring Trap of SNMP v1, v2c, and V3 are identical except the step for
configuring the SNMP target host. Configure the SNMP target host as required.
Trap refers to unrequested information sent to the NView NNM system automatically, which
is used to report some critical events.
You need to do the following operations before configuring Trap:
Configure SNMP basic functions. The user name and SNMP view are required for
SNMP v3.
Configure the routing protocol, making the route between the RAX711-R and the NView
NNM system reachable.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface interface-type Enter Layer 3 physical interface
interface-number configuration mode.
3 Raisecom(config-port)#ip address ip-address
vlan-id Configure the IP address of the RAX711-R.
To avoid multiple devices sending KeepAlive Trap at the same time during the same period
which may lead to the overload of the NM, the KeepAlive Trap is sent randomly within the
sending period plus 5s.
Scenario
RMON helps monitor and gather statistics about network traffics.
Compared with SNMP, RMON is a more efficient monitoring method. After you specify an
alarm threshold, the iTN8800 actively sends alarms when the threshold is exceeded without
obtaining variable information. This helps reduce traffic of Central Office (CO) and managed
devices and facilitates network management.
Prerequisite
The route between the iTN8800 and the NView NNM system is reachable.
2 System management
This chapter introduces the system management and configuration process of the RAX711-R
and illustrates relevant configuration examples.
User management
Device management
Time management
Configuring system log
Configuring alarm management
Configuring Banner
Configuration examples
which makes the fan adjust the rotational speed automatically based on the surrounding
temperature. Therefore, the RAX711-R can work properly.
Device time
To ensure that the RAX711-R can cooperate with other devices, you need to configure system
time and time zone precisely for the RAX711-R.
DST
Daylight Saving Time (DST) is set locally to save energy. About 110 countries around the
world apply DST in summer, but vary in details. Thus, you need to consider detailed DST
rules locally before configuration.
The RAX711-R supports being configured with DST.
Time protocol
With development and extension of Internet in all aspects, multiple applications involved in
time need accurate and reliable time, such as online real-time transaction, distributed network
calculation and processing, transport and flight management, and database management. In
the network, you can release the time information through time protocols. At present,
Network Time Protocol (NTP) and Simple Network Time Protocol (SNTP) are commonly-
used time protocols.
NTP is a standard protocol for time synchronization in telecommunication network. It is
defined by RFC1305. It is used to perform time synchronization between the distributed time
server and clients. NTP transmits data based on UDP, using UDP port 123.
NTP is used to perform time synchronization on all hosts and switches in the network.
Therefore, these devices can provide various applications based on the uniformed time. In
addition, NTP can ensure a very high accuracy with an error about 10ms.
Devices, which support NTP, can both be synchronized by other clock sources and can
synchronize other devices as the clock source. In addition, these devices can be synchronized
mutually through the NTP packet.
The RAX711-R supports performing time synchronization through multiple NTP working
modes:
Server/Client mode
In this mode, the client sends clock synchronization message to different servers. The servers
work in server mode automatically after receiving the synchronization message and send
response messages. The client receives response messages, performs clock filtering and
selection, and is synchronized to the preferred server.
The client and server are relative. The device used for providing the time standard is a server
and then device used for receiving time services is a client.
In this mode, the client can be synchronized to the server but the server cannot be
synchronized to the client.
Symmetric peer mode
In this mode, there are the symmetric active peer and symmetric passive peer. The device,
which sends the NTP synchronization packet actively, is the symmetric active peer.The device
working in the symmetric active mode, sends clock synchronization messages to the device
working in the symmetric passive mode. The device that receives this message automatically
enters the symmetric passive mode and sends a reply. By exchanging messages, the
symmetric peer mode is established between the two devices. Then, the two devices can
synchronize, or be synchronized by each other.
The RAX711-R supports working as the NTP v1/v2/v3 client to be synchronized by the
server.
The SNTP is the simplification of the NTP. Compared with the NTP, SNTP supports the
server/client mode, which is defined by RFC1361.
The RAX711-R supports working as the SNTP client to be synchronized by the server.
For example, if DST starts from 02:00 a.m. second Monday of April to 02:00 a.m.
second Monday of September, the clock is moved ahead 60 minutes. Thus, the
period between 02:00 and 03:00 second Monday of April does not exist.
Configuring time during this period will fail.
DST in the Southern Hemisphere is opposite to that in the Northern Hemisphere.
It is from September this year to April next year. If the starting month is later than
the ending month, the system judges that it is located in the Southern
Hemisphere.
Scenario
The RAX711-R generates critical information, debugging information, or error information of
the system to system logs and outputs the system logs to log files or transmits them to the host,
Console interface, or monitor for viewing and locating faults.
Prerequisite
N/A
Raisecom(config)#logging
discriminator distriminator-
number { facility | mnemonics |
msg-body } none
Scenario
When the RAX711-R fails, the alarm management module will collect the fault information
and output the alarm in a log. The alarm information includes the time when the alarm is
generated, the name and descriptions of the alarm. It helps you quickly locate the fault.
If the RAX711-R is configured with the NView NNM system, alarms can be report to the
NView NNM system directly. The NView NNM system can provide reasons that may cause
alarms, as well as processing suggestions. This helps to troubleshoot faults immediately.
If the RAX711-R is configured with hardware monitoring, when the operating environment of
the device is abnormal, the RAX711-R supports saving to the hardware monitoring alarm
table, sending Trap to the NView NNM system, and outputting to the system log. It notifies
users to process the fault and prevent the fault from occurring.
Raisecom Proprietary and Confidential
37
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-R (B) Configuration Guide 2 System management
With alarm management, you can directly perform following operations on the RAX711-R:
alarm inhibition, alarm auto-report, alarm monitoring, alarm inverse, alarm delay, alarm
storage mode, alarm clearing, and alarm viewing.
Prerequisite
After hardware monitoring is configured on the RAX711-R,
When alarms are output in Syslog form, alarms are generated to the system log. When
needing to send alarms to the log host, you need to configure the IP address of the log
host on the RAX711-R.
When needing to send alarms to the NView NNM system in a Trap form, you need to
configure the IP address of the NView NNM system on the RAX711-R.
All functional modules that support alarm management can be configured with the
function of enabling/disabling alarm monitoring, alarm auto-report, and alarm clearing.
Scenario
Banner is a prompt displayed when you log in to or exit the device, such as the precautions or
disclaimer.
You can configure the Banner of the RAX711-R as required. In addition, the RAX711-R
provides the Banner switch. After Banner display is enabled, the configured Banner
information appears when you log in to or out of the RAX711-R.
After configuring Banner, you should use the write command to save configurations.
Otherwise, Banner information will be lost when the RAX711-R is restarted.
Prerequisite
N/A
Networking requirements
As shown in Figure 2-1, configure system log to output system logs of the RAX711-R to the
log host, facilitating view them at any time.
Configuration steps
Step 1 Configure the IP address of the RAX711-R.
Raisecom#config
Raisecom(config)#interface gigaethernet 1/0/1
Raisecom(config-outband)#ip address 20.0.0.6 255.0.0.0 1
Raisecom(config-outband)#exit
Raisecom(config)#logging on
Raisecom(config)#logging host 20.0.0.168 warnings
Raisecom(config)#logging rate-limit 2
Checking results
Use the show logging command to show system log configurations.
Raisecom#show logging
Syslog logging: enable
Dropped Log messages: 0
Dropped debug messages: 0
Rate-limited: 2 messages per second
Squence number display: disable
Debug level time stamp: none
Log level time stamp: datetime
Log buffer size: 4kB
Debug level: low
Syslog history logging: disable
Syslog history table size:1
Dest Status Level LoggedMsgs DroppedMsgs Discriminator
----------------------------------------------------------------------
buffer disable informational(6) 0 0 0
console enable informational(6) 3 0 0
trap disable warnings(4) 0 0 0
file disable warnings(4) 0 0 0
Log host information:
Max number of log server: 10
Current log server number: 1
Target Address Level Facility Sent Drop Discriminator
-------------------------------------------------------------------------
20.0.0.168 warnings(4) local7 0 0 0
View whether the log information is displayed on the terminal emulation Graphical User
Interface (GUI) of the PC.
Networking requirements
As shown in Figure 2-2, configure hardware monitoring to monitor the temperature of the
RAX711-R. When the temperature value exceeds the threshold, an alarm is generated and is
reported to the NView NNM system in a Trap form, notifying users to take related actions to
prevent the fault.
Configuration steps
Step 1 Configure the IP address of the RAX711-R.
Raisecom#config
Raisecom(config)#interface gigaethernet 1/1/1
Raisecom(config-gigaethernet 1/1/1)#ip address 20.0.0.6 255.255.255.0
Raisecom(config-gigaethernet 1/1/1)#exit
Checking results
Use the show snmp config command to show Trap configurations.
Use the show snmp host command to show Trap target host configurations.
3 Interface management
This chapter describes the configuration of basic function on the interface including following
sections:
Configuring basic information about interface
Configuring Ethernet interface
Configuring Ethernet sub-interface
Configuring VLAN interface
Configuring optical module DDM
Configuring loopback interface
Configuring loopback
Checking configurations
Scenario
Optical module DDM can provide users with a method to detect the performance parameters
of SFP optical transceiver. Users can, according to the test data, predict the life of the optical
transceiver, isolate system faults, and verify the compatibility of the optical transceiver during
the on-site installation.
Prerequisite
N/A
Scenario
Network maintenance personnel can test and analyse the fault on the interface and network
through interface loopback.
The ingress packet and egress packet is defined as bellows:
Ingress packet: test packets received by the interface
Egress interface: test packets retuned to the remote device after loopback
Prerequisite
The current interface is in the Forwarding status and it can forward packets received from it or
report them to the CPU.
4 Ethernet
This chapter describes principles and configuration procedures of Ethernet, as well as related
configuration examples, including following sections:
Configuring VLAN
Configuring MAC address table
Configuring QinQ
Configuring LLDP
Configuring loop detection
Configuring L2CP
Configuration examples
Scenario
The main function of VLAN is to carve up logic network segments. There are 2 typical
application modes:
Small LAN: on one Layer 2 device, the LAN is carved up to several VLANs. Hosts that
connect to the device are carved up by VLANs. So hosts in the same VLAN can
communicate, but hosts between different VLANs cannot communicate. For example,
the financial department needs to be separated from other departments and they cannot
access each other. In general, the port connected to the host is in Access mode.
Big LAN or enterprise network: multiple Layer 2 devices connect to multiple hosts and
these devices are concatenated. Packets take VLAN Tag for forwarding. Ports of
multiple devices, which have identical VLAN, can communicate, but hosts between
different VLANs cannot communicate. This mode is used for enterprises that have many
people and need a lot of hosts, and the people and hosts are in the same department but
different positions. Hosts in one department can access each other, so you have to carve
up VLAN on multiple devices. Layer-3 devices like a router are required if you want to
communicate among different VLANs. The concatenated ports among devices are in
Trunk mode.
Prerequisite
N/A
VLANs that are created by using the vlan vlan-id command are in active status.
All configurations of a VLAN cannot take effect until the VLAN is activated.
5 Raisecom(config-port)#switchport access Configure the VLAN list available for the Access
egress-allowed vlan { all | vlan-list } interface.
[ confirm ]
Scenario
When configuring the MAC address table, you can configure static MAC addresses for fixed
and important devices to prevent illegal users from accessing the network from other
locations.
To avoid saving too many dynamic MAC addresses to the MAC address table and exhausting
resources of the MAC address table, you need to configure the aging time of dynamic MAC
addresses to ensure upgrading dynamic MAC addresses effectively.
Prerequisite
N/A
Raisecom(config)#mac-address static
unicast mac-address vsi vsi-name
It must be a unicast MAC address. The
interface-type interface-number local MAC address, multicast address, all-
Raisecom(config)#mac-address static F, and all-0 MAC addresses cannot be set
unicast mac-address vsi vsi-name vc-id to the static MAC address.
vc-id peer ip-address
4.2.6 Maintenance
No. Command Description
1 Raisecom(config)#clear mac-address dynamic Clear MAC addresses.
Raisecom(config)#clear mac-address dynamic [ vlan
vlan-id ] [ interface-type interface-number ]
Raisecom(config)#clear mac-address dynamic vsi vsi-
name [ interface-type interface-number ]
Raisecom(config)#clear mac-address dynamic vsi vsi-
name [ vc-id vc-id peer ip-address ]
Raisecom(config)#clear mac-address dynamic mac-
address [ vlan vlan-id | vsi vsi-name ]
Scenario
With basic QinQ, you can add outer VLAN Tag and freely plan your own private VLAN ID.
Therefore, the data between devices on both ends of the Internet Service Provider (ISP)
network can be transparently transmitted, without conflicting with the VLAN ID in the ISP
network.
VLAN mapping based on QinQ can be applied to the following scenarios:
N:1 VLAN mapping
Single-layer VLAN to double-layer VLAN
2:2 VLAN mapping
Double-layer VLAN to single-layer VLAN
Prerequisite
Connect interfaces and configure physical parameters of interfaces. Make the physical
layer Up.
Create a VLAN.
Scenario
When you obtain connection information between devices through the NView NNM system
for topology discovery, you need to enable LLDP on the RAX711-R. Therefore, the RAX711-
R can notify its information to the neighbours mutually, and store neighbour information to
facilitate the NView NNM system querying information.
Prerequisite
N/A
After global LLDP is disabled, you cannot re-enable it immediately. Global LLDP
cannot be enabled unless the restart timer times out.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#lldp enable Enable global LLDP. By default, global LLDP is disabled.
When configuring the delivery delay timer and the delivery period timer, set the value
of the delivery delay timer to be smaller than or equal to one quarter of the value of
the delivery period timer.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#lldp message- (Optional) configure the delivery period timer of the
transmission interval second LLDP packet. By default, it is configured to 30s.
3 Raisecom(config)#lldp message- (Optional) configure the delivery delay timer of the
transmission delay second LLDP packet. By default, it is configured to 2s.
4 Raisecom(config)#lldp message- (Optional) configure the aging coefficient of the
transmission hold-multiplier LLDP packet. By default, it is configured to 4.
coefficient
5 Raisecom(config)#lldp restart-delay (Optional) configure the restart timer. After global
second LLDP is disabled, it cannot be enabled unless the
restart timer times out. By default, it is configured to
2s.
After enabled with LLDP Trap, the RAX711-R will send Traps after detecting aged
neighbors, newly-added neighbors, and changed neighbor information.
Scenario
In the network, hosts or Layer 2 devices connected to access devices may form a loopback
intentionally or involuntary. Enable loop detection on downlink interfaces of all access
devices to avoid the network congestion generated by unlimited copies of data traffic. Once a
loopback is detected on a port, the interface will be blocked.
Prerequisite
Configure physical parameters on an interface and make the physical layer Up.
Loop detection and STP are mutually exclusive. They cannot be enabled
simultaneously.
For directly connected devices, you cannot enable loop detection on both ends
simultaneously.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface interface-type Enter interface configuration mode.
interface-number
3 Raisecom(config-port)#portswitch Choose any interface mode for
configuration.
4 Raisecom(config-port)#mode l2
4.5.4 Maintenance
No. Command Description
1 Raisecom(config)#clear loopback-detection statistic Clear loop detection statistics.
[ interface-type interface-list ]
Scenario
You can configure the process methods of Layer 2 control packets in the user network on the
access device within MAN according to the services provided by carriers. It can be
configured on the interface of the device at user network.
Prerequisite
N/A
of the RAX711-R to work in Layer 2 physical interface configuration mode. For details, refer
to section 3.1 Configuring basic information about interface.
Networking requirements
As shown in Figure 4-1, the switch is connected uplink to the IP network through interface
GE 1/2/1 of iTN A to make PC 2 and PC 3 access the IP network. Configure a static unicast
MAC address on interface GE 1/2/1 for forwarding packets from the switch to the IP network.
Meanwhile, enable dynamic MAC address learning on iTN A. Configuration parameters are
shown as below:
MAC address of the switch : 000E.5E03.0405
VLAN and interface type of interface GE 1/2/1: VLAN 10 and Access
Aging time of dynamic MAC addresses: 500s
Configuration steps
Step 1 Create and activate VLAN 10. Add interface GE 1/2/1 to VLAN 10.
Raisecom#config
Raisecom(config)#create vlan 10 active
Raisecom(config)#interface gigaethernet 1/2/1
Raisecom(config-port)#portswitch
Raisecom(config-port)#switchport access vlan 10
Raisecom(config-port)#exit
Checking results
Use the show mac-address static command to show MAC address configurations.
Networking requirements
As shown in Figure 4-2, PC 1, PC 2, and PC 5 are in VLAN 10; PC 3 and PC 4 are in VLAN
20. iTN A and iTN B are connected through a Trunk interface and disallow packets of VLAN
20 to pass. Therefore, PC 3 and PC 4 cannot communicate with each other. Enable interface
protection on PC 1 and PC 2 to make them fail to communicate. However, PC 1 and PC 2 can
communicate with PC 5 respectively.
Configuration steps
Step 1 Create and activate VLAN 10 and VLAN 20 on iTN A and iTN B respectively.
Configure iTN A.
iTNA#config
iTNA(config)#create vlan 10,20 active
Configure iTN B.
iTNB#config
iTNB(config)#create vlan 10,20 active
Step 2 Add interface GE 1/2/1 (Access) and interface GE 1/2/2 (Access) of iTN B to VLAN 10. Add
interface GE 1/2/3 (Access) to VLAN 20. Interface GE 1/1/1 is in Trunk mode and allows
packets of VLAN 10 to pass.
Step 3 Add interface GE 1/2/1 (Access) of iTN A to VLAN 10 and interface GE 1/2/2 (Trunk) to
VLAN 20. Interface GE 1/1/1 works in Trunk mode and allows packets of VLAN 10 to pass.
Checking results
Use the show vlan command to show VLAN configurations.
Take iTN B for example.
iTNB#show vlan
Switch Mode: --
Use the show interface switchport command to show VLAN configurations on the interface.
Take iTN B for example.
Use the show switchport protect command to show configurations of interface protection.
Use the ping command to learn allowable VLANs for the Trunk interface.
Raisecom Proprietary and Confidential
68
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-R (B) Configuration Guide 4 Ethernet
Networking requirements
As shown in Figure 4-3, iTN A and iTN B are connected to VLAN 100 and VLAN 200
respectively. To communicate through the ISP, Department A and Department C, Department
B and Department D should set the outer Tag to VLAN 1000. Configure interfaces GE 1/2/1
and GE 1/2/2 on iTN A and iTN B working in dot1q-tunnel mode and being connected to
VLAN 100 and VLAN 200. Interface GE 1/1/1 is used to connect the ISP network, which
works in Trunk mode and allows packets with double tag to pass. The TPID is configured to
9100.
Configuration steps
Step 1 Create and activate VLAN 100, VLAN 200, and VLAN 1000.
Configure iTN A.
iTNA#config
iTNA(config)#create vlan 100,200,1000 active
Configure iTN B.
iTNB#config
iTNB(config)#create vlan 100,200,1000 active
Step 2 Configure interfaces GE 1/2/1 and GE 1/2/2 working in dot1q-tunnel mode. Set the outer
TPID to 9100.
Configure iTN A.
Configure iTN B.
Step 3 Configure interface GE 1/1/1 allowing packets with double Tag to pass.
Configure iTN A.
Configure iTN B.
Checking results
Use the show switchport qinq command to show QinQ configurations.
Take iTN A for example.
Networking requirements
As shown in Figure 4-4, user network 1 is connected to the RAX711-R through interface GE
1/2/1 and user network 2 is connected to the RAX711-R through interface GE 1/2/2. The
network administrator needs to monitor packets transmitted to and sent by user network 1
through the Monitor PC and then get anomalous data traffic and analyze causes and address
problems.
The monitor PC is connected to the RAX711-R through interface GE 1/2/3.
Configuration steps
Step 1 Create port mirroring group 1.
Raisecom#config
Raisecom(config)#mirror group 1
Step 3 Set interface GE 1/2/1 to the mirroring port and set the mirroring rule to ingress.
Checking results
Use the show mirror-group command to show port mirroring configurations.
Raisecom#show mirror-group
Mirror Group 1 :
Monitor Port :
gigaethernet1/2/3
Source Port :
gigaethernet1/1/1 : egress
gigaethernet1/2/1 : ingress
5 Clock synchronization
Scenario
In the PTN, to communicate properly, the sender must put the pulse in the specified timeslot
when sending the digital pulse signal and the receiver can extract the pulse from the specified
timeslot. To realize this, you must resolve the synchronization problem.
The synchronous Ethernet technology can perform clock synchronization in the PTN.
Because it does not support phase synchronization and supports frequency synchronization
only, synchronous Ethernet technology is applied for the base station, fixed network TDM
relay, leased clock network relay, and wireless base stations which have no requirement on
phase synchronization, such as Global System for Mobile Communications (GSM) and
Wideband Code Division Multiple Access (WCDMA).
The RAX711-R supports selecting the optimum clock source automatically. You just need to
configure clock source properties of synchronous Ethernet. In addition, the RAX711-R
supports selecting the specified clock source manually.
Prerequisite
N/A
The SyncE supports the clock source which is based on link aggregation interface.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#synce enable Enable synchronous Ethernet.
By default, synchronous Ethernet is disabled.
3 Raisecom(config)#synce operation- Configure the working status of synchronous Ethernet.
type { auto-select | forced-freerun
| forced-holdover }
By default, it works in the compulsory shock status.
4 Raisecom(config)#synce source Configure the SSM quality level property of the
{ internal | interface { clock0 | synchronous Ethernet clock source.
clock1 | interface-type interface-
number | tdm interface-number }
priority priority [ quality-level
level ] [ ring-outside ]
[ lockout ]
5 Raisecom(config)#synce ssm Configure the function that SSM quality level of the
{ standard | extend | disable } synchronous Ethernet participates in selecting source
[ transmit-threshold threshold ] and configure the threshold.
6 Raisecom(config)#synce switch-mode (Optional) enable automatic recovery of synchronous
{ revertive [ wtr-time time ] | Ethernet clock source and configure the WTR of the
non-revertive } clock source.
By default, the automatic recovery of clock source is
enabled.
7 Raisecom(config)#synce source hold- Configure the hold-off time of the clock source.
off-time time
8 Raisecom(config)#clock interface (Optional) configure 2M clock mode.
{ clock0 | clock1 } mode { digital
[ sa sa ] | digital-crc [ sa sa ] |
anolog } [ shutdown-threshold
quality-level level ]
Networking requirements
As shown in Figure 5-1, the RNC device transmits clock information to the iTN A through the
synchronous Ethernet. iTN A is connected to Carrier's NodeB. Clock signals are transmitted
to NodeB stations through downlink GE.
Configuration steps
Configure clock source properties.
Configure iTN A.
Raisecom#hostname iTNA
iTNA#config
iTNA(config)#synce enable
iTNA(config)#synce ssm standard
Configure iTN B.
Raisecom#hostname iTNB
iTNB#config
iTNB(config)#synce enable
iTNB(config)#synce ssm standardiTNB(config)#synce source interface
gigaethernet 1/1/1 priority 1 1iTNB(config)#synce operation-type auto-
select
Checking results
Use the show synce command to show clock synchronization configurations of the
synchronous Ethernet.
iTNA#show synce
Synce : enable
Synce running status(PLL): locked(auto-select)
Current clock source: gigaethernet 1/2/1(Ql:2)
Previous clock source: null(Ql:--)
Revertive mode : enable
Latest switch time : 2000-11-07,02:49:45.083
Holdoff time(ms) : 1800
Wait restore time(min): 5
iTNB#show synce
Synce : enable
Synce running status(PLL): freerun(auto-select)
Current clock source: gigaethernet 1/2/1 (Ql:2)
Previous clock source: null(Ql:--)
Revertive mode : enable
Latest switch time : 2000-11-07,02:49:45.083
Holdoff time(ms) : 1800
Wait restore time(min): 5
Use the show synce ssm command to show SSM status of the synchronous Ethernet.
6 IP services
Scenario
You need to configure the IP address and MTU before configuring IP services.
Prerequisite
N/A
Scenario
When working as the DHCPv4 client, the RAX711-R can obtain an IP address from the
DHCPv4 server. You can use the IP address to manage the RAX711-R.
When IP addresses are assigned in a dynamic mode, the IP address assigned to the DHCPv4
client has a lease period. When the lease period expires, the DHCPv4 server will withdraw the
IP address. If the DHCPv4 client wishes to continue to use the IP address, it needs to renew
the IP address. If the lease period does not expire and the DHCPv4 client does not need to use
the IP address, it can release the IP address.
The RAX711-R supports configuring DHCP Client on the Layer 3 interface only.
Prerequisite
The RAX711-R is not enabled with DHCPv4 Server and works in common DHCP Client
mode.
Before enabling the DHCPv4 client on the Layer 3 interface to apply for the IP
address, configure DHCPv4 client information.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter Layer 3 interface configuration mode.
interface-type interface-number
Scenario
Address Resolution Protocol (ARP) is a protocol used for resolution of IP addresses into
Ethernet MAC addresses (physical addresses).
Prerequisite
Configure the IP address of the interface. For details, refer to section 3.1 Configuring basic
information about interface.
6.4.2 PING
Step Command Description
1 Raisecom#ping ip-address [ count count ] Use the ping command to test IPv4
[ size size ] [ waittime period ] [ source- network connectivity.
ip ip-address ] [ df-bit ]
The RAX711-R cannot perform other operations in the process of Ping. It can
perform other operations only when Ping is finished or Ping is broken off by pressing
Ctrl+C.
6.4.3 Traceroute
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface interface-type Enter Layer 3 interface configuration mode.
interface-number
3 Raisecom(config-port)#ip address ip- Configure the IP address of the interface.
address [ ip-mask ]
4 Raisecom(config-port)#exit Exit Layer 3 interface configuration mode and
enter global configuration mode.
5 Raisecom(config)#exit Exit global configuration mode and enter
privileged EXEC mode.
6 Raisecom#traceroute ip-address [ firstttl (Optional) use the traceroute command to
fitst-ttl ] [ maxttl max-ttl ] [ port test the IPv4 network connectivity and view
port-number ] [ waittime period ] [ count nodes passed by the packet.
times ] [ size size ]
By default, the initial TTL is configured to 1;
the maximum TTL is configured to 30; the
interface ID is configured to 33433; the
timeout is configured to 3s; the number of
detection packets is configured to 3.
6.5 Maintenance
Command Description
Raisecom(config)#clear arp [ all | vrf vrf-name ] [ ip- Clearing ARP entries.
address | interface interface-type interface-number | |
[ vid vlan-id ] [ cevid vlan-id ] ]
Networking requirements
As shown in Figure 6-1, the RAX711-R works as the DHCPv4 client with the host name
being set to raisecom. The RAX711-R accesses to the DHCPv4 server and the NView NNM
system through the service interface. The DHCPv4 server assigns an IP address to the
RAX711-R. Therefore, the NView NNM system can discover and manage the RAX711-R.
Configuration steps
Step 1 Configure DHCPv4 relay.
Raisecom#config
Raisecom(config)#interface gigaethernet 1/1/1
Raisecom(config-ip)#ip dhcp client hostname raisecom
Checking configurations
Use the show ip dhcp client command to show DHCPv4 relay configurations.
Networking requirements
As shown in Figure 6-2, the RAX711-R is connected to hosts. In addition, it connects to the
Router through interface GE 1/1/1. The IP address and MAC address of the Router are set to
192.168.27.1/24 and 000e.5e12.1234 respectively.
Set the aging time of dynamic ARP entries to 600s. To enhance security of communication
between the RAX711-R and the Router, you need to configure static ARP entries on the
RAX711-R.
Configuration steps
Step 1 Add a static ARP entry.
Checking results
Use the show arp command to show information about all ARP entries in the ARP table.
Raisecom#show arp
ARP table aging-time: 600 seconds(default: 1200s)
ARP mode: Learn reply only
Ip Address Mac Address Type Interface ip
-----------------------------------------------------------
192.168.27.1 000E.5E12.1234 static 0
192.168.27.2 BC30.5BCA.ACE0 dynamic 0
192.168.27.12 F04D.A22D.F0F6 dynamic 0
192.168.27.16 D4BE.D9E4.F8EE dynamic 0
192.168.27.51 BC30.5BAD.6FBA dynamic 0
192.168.27.57 000C.292A.D21A dynamic 0
192.168.27.73 14FE.B5E6.F42F dynamic 0
Total: 7
Static: 1
Dynamic:6
7 IP routing
Scenario
Dynamic routing protocols require the Router ID. If no Router ID is specified when these
dynamic routing protocols are enabled, the Router ID of routing management will be used.
The RAX711-R has the capability to establish and refresh the routing table. In addition, it can
forward data packets based on the routing table. By viewing the routing table, you can learn
network topology structure and locate faults.
Prerequisite
N/A
Scenario
The static route has the following advantages:
Consume less time for the CPU to process them.
Facilitate the administrator to learn the route.
Be configured easily.
However, when configuring the static route, you need to consider the whole network. If the
network structure is changed, you need to modify the routing table manually. Once the
network scale is enlarged, it will consume lots of time to configure and maintain the network.
In addition, it may cause more errors.
The default route is a specific static route. It will be used when no matched route is found in
the routing table.
Prerequisite
N/A
If one record is in permit type, all mismatched routes are in deny type by default.
Only matched routes can pass filtering of the IP prefix-list.
If one record is in deny type, all mismatched routes are in deny type by default.
Even matched routes cannot pass filtering of the IP prefix-list. Therefore, you
need to add a permit record after multiple deny records to allow other routes to
pass.
If there are multiple records in the IP prefix-list, there must be a record in permit
type.
All routers in the Stub area must be configured with the Stub property through the
area area-id stub command.
To configure an area as a Totally Stub area, all routers in the area must be
configured through the area area-id stub command. In addition, all ABRs in the
area must be configured through the area area-id stub no-summary command.
The backbone area cannot be configured to a Stub area.
ASBR should not be in the Stub area, which means that routes outside the AS
cannot be transmitted in the Stub area.
Priorities configured through the neighbour and ip ospf priority priority commands
are different:
The priority configured through the neighbor command indicates that whether the
neighbor has the right for election. If you configure the priority to 0 when
configuring the neighbor, the local router believes that the neighbor has no right
for election and will not send Hello packets to the neighbor. This method helps
reduce the number of Hello packets transmitted through the network during DR
and BDR election processes. However, if the local router is a DR or BDR, it will
send the Hello packet to the neighbor, whose priority is configured to 0, to
establish the neighboring relationship.
The priority configured by the ip ospf priority priority command is used for actual
DR election.
is Type2 by default.
If no Tag is specified, take the original Tag of
After the routing cost is manually configured through the ip ospf cost command,
the manually-configured routing cost takes effect.
If the routing cost is not configured manually but the link reference bandwidthis
configured, the routing cost is automatically configured based on link bandwidth
reference value. The formula is: cost = link reference bandwidth (bit/s) / link
bandwidth. If the cost value is greater than 65535, it is configured to 65535. If no
link reference bandwidth is configured, it is configured to 100 Mbit/s by default.
Before configuring OSPF receiving policy, ensure that the IP ACL used by the
OSPF receiving policy has been created.
When the RAX711-R performs filtering based on IP ACL, if the ACL mode is
configured to permit, all routes, which match with the ACL, can pass. Others are
filtered.
You cannot modify the IP ACL unless it is not used by any routing policy.
Different from IP ACL, the IP prefix-list can be modified even it is being used.
If the configured IP prefix-list does not exist, do not filter received routes.
Before configuring OSPF global releasing policy, ensure that the IP ACL used by
the OSPF global releasing policy has been created.
You cannot modify the IP ACL unless it is not used by any routing policy.
Different from IP ACL, the IP prefix-list can be modified even it is being used.
After global releasing policy is configured, routes cannot be redistributed to the
local LSDB unless it passes the global releasing policy. After protocol releasing
policy is configured, the route can be redistributed through the protocol releasing
policy.
After protocol releasing policy is configured, the redistributed protocol route can
be redistributed to the local LSDB through the protocol releasing policy. If global
releasing policy is also configured, the route must be redistributed through the
global releasing policy.
If the configured filtering policy does not exist, it believes that the command fails to
configure the filtering policy and no filtering operation is performed on received routes.
7.4.12 Maintenance
Command Description
Rasiecom#clear ip ospf [ process-id | vrf vrf-name ] Reboot the OSPF process.
process [ graceful ]
Configuring overhead
The ISIS overhead can be configured automatically or manually. After the automatic
calculation of the overhead on the interface is enabled, the ISIS will automatically calculate
the overhead on the interface according to the following rules:
When the type of overhead is configured to wide, ISIS will automatically calculate the
value according to the interface rate, the formula is: overhead on the interface =
reference rate/interface rate × 10, and the max value obtained is 16777214.
When the type of overhead is configured to narrow, the interface overhead is:
– 60 for interface rate between 1 and 10 Mbit/s
– 50 for interface rate between 1 and 100 Mbit/s
– 40 for interface rate between 101 and 155 Mbit/s
– 30 for interface rate between 156 and 622 Mbit/s
– 20 for interface rate between 623 and 2500 Mbit/s
– 10 for other conditions
Adjacencies
This configuration is only applied to Level-1-2 routers.
If the host is Level-1-2 router, it needs to establish association with peer router in certain
area (Level-1 or Level-2). Configuring an area for establishing adjacency can restrain the
interface from receiving and sending the Hello packet only from that certain area.
In the point-to-point link, the interface can only receive and send one type of Hello
packet. Configuring an area for establishing adjacency can reduce the processing time
between routers and save bandwidth.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface interface-type Enter interface configuration mode.
interface-number
3 Raisecom(config-port)#isis circuit-type Configure an area for establishing interface
{ level-1 | level-1-2 | level-2-only } adjacency.
By default, it is Level-1-2.
considered invalid. The Holddown time is configured based on the interface and different
router in the same area can set different Holddown time.
By changing the time interval for sending Hello packet of ISIS or the invalid number of Hello
packet, you can adjust the Holddown time.
Configuring LSP
Step Command Description
7.5.11 Maintenance
No. Command Description
1 Rasiecom#clear isis area-tag [ graceful-restart ] Clear information about ISIS.
2 Rasiecom#clear isis neighbor [ system-id ] Clear information about ISIS
neighbors.
Configuring RR
Prefix notification rules of the Router Reflector (RR) are shown as below:
Rule 1: the RR just notifies or reflects the optimum path to which it returns.
Rule 2: the RR always notifies the prefix to the BGP neighbor.
Rule 3: when notifying the prefix, the RR client follows the common IBGP loopback
prevention rule.
Rule 4: to notify the IBGP neighbor, client, or non-client of the prefix, follow rules 5, 6,
and 7.
Rule 5: the RR notifies all its clients and non-clients of the prefix, which is learned from
the external BGP neighbor.
Rule 6: the RR notifies all its clients of the prefix, which reaches the RR through a non-
client IBGP neighbor.
Rule 7: the RR notifies other clients and non-clients of the route, if the prefix reaches the
RR through a client.
In some networks, clients of the RR have established a full connection. They can
exchange routing information directly without using route reflection. In this case, you
can use the no bgp client-to-client reflection command to disable route reflection
among clients of the RR.
To enhance network reliability and prevent faults from occurring at a single node, you
need to configure one or more RRs in a cluster. You can configure the identical
cluster ID for all RRs in the cluster to identify the cluster. This helps avoid loopback.
7.6.10 Maintenance
Command Description
Rasiecom#clear ip bgp dampening [ network- Clear all route dampening information.
address [ network-mask ] ]
Command Description
Rasiecom#clear ip bgp { all | ip-address | Reset all or specified BGP connections in the public
external | internal } [ ipv4 unicast | network.
vpnv4 unicast ]
Rasiecom#clear ip bgp [ ipv4 unicast |
vpnv4 unicast ]as-id
Rasiecom#clear ip bgp { all | ip-address | Update all or specified BGP routes of the public
external | internal } [ ipv4 unicast | network without breaking the BGP connecting.
vpnv4 unicast ] { in | out | soft }
Rasiecom#clear ip bgp [ ipv4 unicast |
vpnv4 unicast ] as-id { in | out | soft }
Networking requirements
As shown in Figure 7-1, all devices in the network are initiated with OSPF. The whole AS is
divided into Area 0, Area 1, and Area 2. After OSPF basic functions are configured, devices
can communicate with each other. In addition, all devices share the whole AS routing
information.
Configuration steps
Step 1 Configure the IP address and encapsulated VLAN for the sub-interface.
Configure iTN A.
Raisecom#hostname iTNA
iTNA#config
iTNA(config)#create vlan 10 active
iTNA(config)#interface gigaethernet 1/2/1.1
iTNA(config-subif)#encapsulation dot1Q 10
Configure iTN B.
Raisecom#hostname iTNB
iTNB#config
iTNB(config)#create vlan 10,20 active
iTNB(config)#interface gigaethernet 1/2/1.1
iTNB(config-subif)#encapsulation dot1Q 10
iTNB(config-subif)#ip address 192.168.10.2 255.255.255.0
iTNB(config-subif)#exit
iTNB(config)#interface gigaethernet 1/2/2.1
iTNB(config-subif)#encapsulation dot1Q 20
iTNB(config-subif)#ip address 192.168.20.1 255.255.255.0
iTNB(config-subif)#exit
Configure iTN C.
Raisecom#hostname iTNC
iTNC#config
iTNC(config)#create vlan 20,30 active
iTNC(config)#interface gigaethernet 1/2/2.1
iTNC(config-subif)#encapsulation dot1Q 20
iTNC(config-subif)#ip address 192.168.20.2 255.255.255.0
iTNC(config-subif)#exit
iTNC(config)#interface gigaethernet 1/2/1.1
iTNC(config-subif)#encapsulation dot1Q 30
iTNC(config-subif)#ip address 192.168.30.1 255.255.255.0
iTNC(config-subif)#exit
Configure iTN D.
Raisecom#hostname iTND
iTND#config
iTND(config)#create vlan 30 active
iTND(config)#interface gigaethernet 1/2/1.1
iTND(config-subif)#encapsulation dot1Q 30
iTND(config-subif)#ip address 192.168.30.2 255.255.255.0
iTND(config-subif)#exit
Step 2 Create the OSPF instance and OSPF area and add the IP address to the OSPF area.
Configure iTN A.
Configure iTN B.
Configure iTN C.
Configure iTN D.
Checking results
Use the show ip ospf command to show OSPF basic information about the RAX711-R. Take
iTN A for example.
iTNA#show ip ospf
OSPF information
Ospf instance 1
---------------------------------------------
Router id: 10.0.0.1
Admin status: UP
Operate status: UP
Version: 2
Max equal cost paths: 1
RFC1583 Compatibility: NO
Opaque lsa support: YES
TE support: YES
Min lsa generation interval: 5000
Min lsa arrival: 1000
Spf schedule interval: 5000
Area border router: NO
Autonomous System border router:YES
External lsa(Type 5) count: 0
External lsa checksum: 0
Use the show ip ospf lsdb command to show LSDB information about the RAX711-R. Take
iTN A for example.
Use the show ip route ospf command to show routing table information about the RAX711-R.
Take iTNA for example.
Use the show ip ospf neighbor command to show OSPF neighbor information about the
RAX711-R. Take iTNA for example.
Priority 1
Hold time 38
Networking requirements
As shown in Figure 7-2, there are multiple ASs in a network. To efficiently transmit routes
between ASs and make them communicate with each other, all iTN devices should run the
BGP. Establish the EBGP connection between iTN A and iTN B and establish IBGP between
iTN B and iTN C. Ensure that iTN C can access the network segment (with the IP address and
subnet mask being set to 6.1.1.0 and 255.255.255.0 respectively) directly connected with iTN
A.
Configuration steps
Step 1 Configure the IBGP connection.
Configure iTN B.
Configure iTN C.
Configure iTN B.
Step 3 Configure iTN A to release the route to the network segment, whose IP address and subnet
mask is configured to 6.1.1.0 and 255.255.255.0 respectively.
Checking results
Use the show ip bgp command to show local configurations.
Networking requirements
As shown in Figure 7-3, iTN A↔iTN B serves as the active route while iTN A↔iTN C↔iTN
B serves as the standby route. When a link between iTN A↔iTN B fails, the devices are
required to fast respond to the faults and switch services to the standby route iTN A↔iTN
C↔iTN B to recover services as soon as possible.
After IP FRR is configured, a standby route will be generated. Therefore, when the active link
fails, services can be fast switched to the standby link.
Configuration principle
Enable OSPF routes on iTN A, iTN B, and iTN C respectively and make routes among
devices reachable.
Configure a routing policy on iTN A and apply it when IP FRR is enabled. Therefore,
when the link between iTN A and iTN B fails, the standby link iTN A↔iTN C↔iTN B
can be quickly started.
Configure BFD.
Data preparation
Table 7-1 lists the data required for configuring IP FRR.
Configuration steps
Step 1 Configure the IP address of the interface.
Raisecom Proprietary and Confidential
134
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-R (B) Configuration Guide 7 IP routing
iTN A
iTNA#config
iTNA(config)#interface loopback 2
iTNA(config-loopback2)#ip address 1.1.1.1 255.255.255.255
iTNA(config-loopback2)#interface gigaethernet 1/1/1
iTNA(config-gigaethernet1/1/1)#ip address 10.10.10.1 255.255.255.0
iTNA(config-gigaethernet1/1/1)#interface gigaethernet 1/1/2
iTNA(config-gigaethernet1/1/2)#ip address 20.10.10.1 255.255.255.0
iTNA(config-gigaethernet1/1/2)#exit
iTN B
iTNB#config
iTNB(config)#interface loopback 2
iTNB(config-loopback2)#ip address 2.2.2.2 255.255.255.255
iTNB(config-loopback2)#interface gigaethernet 1/1/1
iTNB(config-gigaethernet1/1/1)#ip address 10.10.10.2 255.255.255.0
iTNB(config-gigaethernet1/1/1)#interface gigaethernet 1/1/2
iTNB(config-gigaethernet1/1/2)#ip address 30.10.10.2 255.255.255.0
iTNB(config-gigaethernet1/1/2)#exit
iTN C
iTNC#config
iTNC(config)#interface loopback 2
iTNC(config-loopback2)#ip address 3.3.3.3 255.255.255.255
iTNC(config-loopback2)#interface gigaethernet 1/1/1
iTNC(config-gigaethernet1/1/1)#ip address 20.10.10.2 255.255.255.0
iTNC(config-gigaethernet1/1/1)#interface gigaethernet 1/1/2
iTNC(config-gigaethernet1/1/2)#ip address 30.10.10.1 255.255.255.0
iTNC(config-gigaethernet1/1/2)#exit
Step 2 Create an OSPF routing process, and define the IP addresses on which OSPF runs and the
area ID for the interface.
iTN A
iTNA(config)#router opsf 1
iTNA(config-router-ospf)#network 1.1.1.1 0.0.0.0 area 0
iTNA(config-router-ospf)#network 10.10.10.1 0.0.0.0 area 0
iTNA(config-router-ospf)#network 20.10.10.1 0.0.0.0 area 0
iTNA(config-router-ospf)#exit
iTN B
iTNB(config)#router opsf 1
iTNB(config-router-ospf)#network 2.2.2.2 0.0.0.0 area 0
iTNB(config-router-ospf)#network 10.10.10.2 0.0.0.0 area 0
iTNB(config-router-ospf)#network 30.10.10.2 0.0.0.0 area 0
iTNB(config-router-ospf)#exit
iTN C
iTNC(config)#router opsf 1
iTNC(config-router-ospf)#network 3.3.3.3 0.0.0.0 area 0
iTNC(config-router-ospf)#network 20.10.10.2 0.0.0.0 area 0
iTNC(config-router-ospf)#network 30.10.10.1 0.0.0.0 area 0
iTNC(config-router-ospf)#exit
Step 3 Configure a routing policy used to match IP address based on IP prefix list and enable IP FRR.
iTN A
iTN B
Checking results
After configurations are complete, you can use the show ip route detail command to check
whether the IP FRR standby route is successfully created.
8 MPLS
Scenario
Configurations on MPLS basic functions are prerequisites for making other MPLS functions
effective. The Label Switching Router (LSR) is the network device, which can exchange and
forward the MPLS label. The LSR is also called the MPLS node. The LSR is the basic
element in the MPLS network. All LSRs support MPLS. To enable global MPLS function,
you must enable the LSR ID.
Prerequisite
N/A
Scenario
The static LSP is established by the administrator by manually assigning labels for all FECs.
It is suitable for simple and stable small-size network. To manually assign labels, the outgoing
label value of the last node is the incoming label value of the next mode.
The static LSP does not use the label distribution protocol and does not exchange the control
packet. Therefore, it consumes fewer resources. However, the LSP, established by statically
assigning labels, cannot be dynamically adjusted according to the network topology changes.
The administrator needs to manually adjust the static LSP.
Prerequisite
Configure MPLS basic functions.
When creating the static unidirectional LSP without IP capability, you should
configure the physical interface to work in Layer 3 physical interface mode.
Otherwise, configurations will fail.
Step Command Description
1 Raisecom#config Enter global configuration
mode.
2 Raisecom(config)#mpls static-lsp ingress lsp-name Configure the static
dest-network nexthop-mac mac-address interface-type unidirectional LSP Ingress
interface-number out-label out-label lsr-id egress- node.
lsr-id tunnel-id tunnel-id
3 Raisecom(config)#mpls static-lsp transit lsp-name in- Configure the static
label in-label nexthop-mac mac-address interface-type unidirectional LSP Transit
interface-number out-label out-label lsr-id ingress- node.
lsr-id egress-lsr-id tunnel-id tunnel-id
4 Raisecom(config)#mpls static-lsp egress lsp-name in- Configure the static
label in-label lsr-id ingress-lsr-id tunnel-id unidirectional LSP Egress node.
tunnel-id
5 Raisecom(config)#mpls static-lsp egress lsp-name (Optional) configure the
diffserv-mode pipe [ exp-to-local-priority profile- differential service mode of the
number ] static unidirectional LSP Egress
Raisecom(config)#mpls static-lsp egress lsp-name node.
diffserv-mode uniform [ exp-to-local-priority
profile-number ]
When creating the static bidirectional LSP without IP capability, you should configure
the physical interface to work in Layer 3 physical interface mode. Otherwise,
configurations will fail.
Scenario
The LDP LSP is the dynamic LSP created through the LDP. The LDP is used to dynamically
assign labels for LSRs to establish the LSP dynamically. The LDP is used to exchange label
information among LSRs. Therefore, when forwarding the packet, the LSR can add related
tag to the packet based on the label requirement of the next-hop LSP. Then, the packet can be
processed properly at the next-hop LSR.
Prerequisite
Enable MPLS.
Scenario
MPLS TE is for solving the traffic congestion on the link caused by unbalanced load which
cannot be resolved by traditional routing. It can accurately control traffic paths to avoid
congestion nodes, thus solving the problem of some paths being overloaded but some paths
being unoccupied.
RSVP is used for dynamically creating public network LSP tunnel in the MPLS TE. It can
create, maintain, and remove MPLS TE LSP and provide false alarm.
The device supports choosing the shortest path through Constraint-based Shortest Path First
(CSPE) and supports 32 neighbors at most.
Prerequisite
The MPLS is enabled.
Scenario
At the MPLS control plane, you cannot detect the fault when the traffic is forwarded along the
LSP. However, you can acknowledge and locate the fault through Ping and Traceroute
operations.
Prerequisite
Establish the path before the Ping test is performed.
Establish the path before the Traceroute test is performed.
Networking requirements
As shown in Figure 8-1, the user has branches in areas A and B. Branches need to exchange
point-to-point VPN leased-line services. Because the network scale is small and the topology
is stable, you can configure bidirectional static LSP between PE A and PE B to work as the
public Tunnel of the L2VPN. By default, devices are configured with IP addresses.
Configuration steps
Step 1 Enable MPLS.
Configure PE A.
Configure P.
Configure PE B.
Configure PE B.
Checking configurations
Use the show mpls bidirectional static-lsp command to show configurations of the static
bidirectional LSP on PE A, P, and PE B.
Configurations on Ingress node PE A are shown as below.
Forward XcIndex: 7
Forward Ds mode: Uniform
Forward PipeServClass: --
Forward Exp2LocalPriMap: 0
Forward LocalPri2ExpMap: 0
Backward Destination: --
Backward In-Label: 2002
Backward Out-Label: 2001
Backward In-Interface: all interfaces
Backward Out-Interface: gigaethernet1/1/1
Backward Next-Hop: --
Backward Next-Mac: 000E.5E11.1111
Backward Vlan-Id: --
Backward XcIndex: 8
Backward Ds mode: Uniform
Backward PipeServClass: --
Backward Exp2LocalPriMap: 0
Backward LocalPri2ExpMap: 0
Tunnel-Id: 1
LSP Status: Down
Backward PipeServClass: --
Backward Exp2LocalPriMap: 0
Backward LocalPri2ExpMap: 0
Tunnel-Id: 1
LSP Status: Down
Networking requirements
As shown in Figure 8-2, the user has branches in areas A and B. Branches need to exchange
point-to-point VPN leased-line services. To facilitate network maintenance and reduce manual
intervention, you can configure the dynamic LSP between PE A and PE B to work as the
public Tunnel of the L2VPN. By default, devices are configured with IP addresses.
Configuration steps
Step 1 Enable MPLS and LDP globally.
Configure PE A.
Configure P.
Configure PE B.
Step 2 Enable MPLS and LDP on the interface and configure LDP basic properties.
Configure PE A.
Configure P.
Configure PE B.
Step 3 Configure the IP address of the Loopback interface and OSPF route.
Configure PE A.
PEA(config)#interface loopback 1
PEA(config-loopbackif)#ip address 192.168.1.1 255.255.255.0
PEA(config-loopbackif)#exit
PEA(config)#router ospf 1
PEA(config-router-ospf)#network 0.0.0.0 255.255.255.255 0.0.0.0
PEA(config-router-ospf)#exit
Configure P.
P(config)#interface loopback 1
P(config-loopbackif)#ip address 192.168.1.2
P(config)#router ospf 1
P(config-router-ospf)#network 0.0.0.0 255.255.255.255 area 0.0.0.0
P(config-router-ospf)#exit
Configure PE B.
PEB(config)#interface loopback 1
PEB(config-loopbackif)#ip address 192.168.4.2 255.255.255.0
PEB(config)#router ospf 1
PEB(config-router-ospf)#network 0.0.0.0 255.255.255.255 area 0.0.0.0
PEB(config-router-ospf)#exit
Checking results
Use the show mpls lsp ldp command to show LSP configurations on PE A, P, and PE B.
Configurations on PE A
Configurations on P
Configurations on PE B
Networking requirements
As shown in Figure 8-3, the user has branches in areas A and B. Branches need to exchange
point-to-point VPN leased-line services. To provide accurate bandwidth guarantee, you can
configure the RSVP-TE LSP between PE A and PE B to work as the public Tunnel of the
L2VPN. By default, devices are configured with IP addresses.
Configuration steps
Step 1 Configure RSVP-TE basic functions.
Configure PE A.
Configure P.
P(config-port)#mpls rsvp-te
P(config-port)#interface gigaethernet 1/1/2
P(config-port)#ip address 2.1.1.1 255.255.255.0
P(config-port)#mpls enable
P(config-port)#mpls ldp
P(config-port)#rsvp-te
P(config-port)#exit
Configure PE B.
Configure PE B.
Configure PE B.
Checking results
Use the show mpls rsvp-te lsp command to show RSVP-TE LSP configurations.
Configurations on PE A
Configurations on P
Configurations on PE B
9 MPLS VPN
This chapter describes principles and configuration procedures of MPLS VPN, as well as
related configuration examples, including following sections:
Configuring VPWS
Configuring VPLS
Configuring L3VPN
Maintenance
Configuration examples
Scenario
VPWS is a point-to-point L2VPN technology. It forms a service mode that multiple services
can be provided in a network. Therefore, the carrier can provide Layer 2 services and Layer 3
services in a MPLS network.
L2VPN extracts services from the sub-interface based on the access mode. Therefore the
system processes VLAN Tags of Ethernet packets in symmetrical and asymmetric modes, as
listed in Table 9-1 and Table 9-2.
Dot1q sub- Inbound No action Add the outermost Tag of the packet. The TPID and
interface direction of VLAN Tag can be configured. By default, the TPID is
the interface configured to 0x8100 and the VLAN Tag is configured
to 0.
Dot1q sub- Ingress interface Remove the outermost Tag Remove the outermost Tag of the packet
interface of the packet. and then add the outermost Tag based on
You need to use the vlan interface configurations.
translation svlan untag You need to use the vlan translation
command to enable svlan untag command to enable removing
removing the outermost the outermost Tag. Otherwise, the
Tag. Otherwise, the outermost Tag cannot be removed.
outermost Tag cannot be By default, for the added outermost Tag,
removed. the TPID is configured to 0x8100 and the
VLAN Tag is configured to 0.
Egress interface Add the outermost Tag of Replace the outermost Tag of the packet.
the packet. You need to use the vlan translation
You need to use the vlan svlan untag command to enable adding
translation svlan untag the outermost Tag. Otherwise, the
command to enable adding outermost Tag cannot be removed and the
the outermost Tag. new Tag cannot be added. The added Tag
Otherwise, the outermost is the SVLAN encapsulated for the sub-
Tag cannot be removed. interface.
The added Tag is the
SVLAN encapsulated for
the sub-interface.
QinQ sub- Ingress interface Remove the outermost Tag Remove the outermost Tag of the packet
interface of the packet. and then add the outermost Tag based on
You need to use the vlan interface configurations.
translation svlan untag You need to use the vlan translation
command to enable svlan untag command to enable removing
removing the outermost the outermost Tag. Otherwise, the
Tag. Otherwise, the outermost Tag cannot be added.
outermost Tag cannot be By default, for the added outermost Tag,
removed. the TPID is configured to 0x8100 and the
VLAN Tag is configured to 0.
Remove the outermost 2 Remove the outermost 2 Tags of the
Tags of the packet. packet and then add the outermost Tag
You need to use the vlan based on interface configurations.
translation svlan untag You need to use the vlan translation
cvlan untag command to svlan untag cvlan untag command to
enable removing the enable removing the outermost 2 Tags.
outermost 2 Tags. Otherwise, the outermost Tag cannot be
Otherwise, the outermost 2 added.
Tags cannot be removed. By default, for the added outermost Tag,
the TPID is configured to 0x8100 and the
VLAN Tag is configured to 0.
Egress interface Add the outermost Tag of Replace the outermost Tag of the packet.
the packet. You need to use the vlan translation
You need to use the vlan svlan untag command to enable adding
translation svlan untag the outermost Tag. Otherwise, the
command to enable adding outermost Tag cannot be removed and the
the outermost Tag. new Tag cannot be added. The added Tag
Otherwise, the outermost is the SVLAN encapsulated for the sub-
Tag cannot be removed. interface.
The added Tag is the
SVLAN encapsulated for
the sub-interface.
Prerequisite
Configure basic properties of the Layer 3 physical interface, sub-interface, and LAG
interface.
Configure MPLS basic functions.
Configure Tunnel functions.
The Tunnel label and PW label of a device should be in a label domain. That is, these
2 labels are different.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface interface-type Enter Layer 3 physical interface
interface-number configuration mode.
Raisecom(config)#interface interface-type Enter sub-interface configuration mode.
interface-number.subif
Raisecom(config-port)#encapsulation dot1Q Configure the VLAN encapsulated in the
vlan-id-1 [ to vlan-id-2 ] ingress packet on the sub-interface or the
encapsulated segment VLAN ID.
That is, the device supports service
extraction based on VLAN ID or VLAN
ID list.
Scenario
VPLS is a L2VPN technology which is based on MPLS and Ethernet technology. VPLS can
provide point-to-multipoint VPN networking topology. VPLS provides a more perfect
solution for carriers, who use point-to-point L2VPN services. In addition, it does not need to
manage internal routing information about users, which is required in L3VPN.
Prerequisite
Configure basic properties of the Layer 3 physical interface, sub-interface, and LAG
interface.
Configure MPLS basic functions.
Configure related functions of Tunnel.
The Tunnel label and PW label of a device should be in a label domain. That is, these
2 labels are different.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#mpls vsi vsi-name Create a VSI and enter VSI configuration mode.
static
3 Raisecom(config-vsi)#vsi-id id Configure the VSI ID.
Scenario
MPLS L3VPN is a PE-based L3VPN technology for ISP's solutions. It uses the BGP to
release the VPN route and uses MPLS to forward VPN packets in the ISP network.
As shown in Figure 9-1, in the MPLS L3VPN scenario, the PE device and CE device
exchange routes through EBGP. They also support static routes and OSPF routes.
MPLS L3VPN provides a flexible networking mode and is of good expansibility. In addition,
it supports MPLS QoS and MPLS TE well. Therefore, it is applied to increasing larger scales.
Prerequisite
Configure the basic attributes of the Layer 3 physical interface, sub-interface, link
aggregation interface, and so on.
Configure basic functions of MPLS.
Configure related functions of Tunnel.
9.4 Maintenance
Command Description
Raisecom(config)#clean pw-proxy { arp | ndp } vpn- Clear the learned ARP and NDP
interface interface-type interface-number entries.
Rasiecom#clear ip bgp [ all | ip-address | external ] Reconfigure all or the specified BGP
vrf vrf-name [ as-id ] connections in the VRF.
Rasiecom#clear ip bgp [ all | ip-address | external ] Update all or the specified BGP routes
vrf vrf-name [ as-id ] { in | out | soft } in VRF without disconnecting BGP
connections, namely, soft
reconfiguration.
Networking requirements
As shown in Figure 9-2, the user has branches in areas A and B. Branches communicate with
each other through the point-to-point VPN leased-line. Because the network scale is small and
the topology is stable, you can configure bidirectional static LSP between PE A and PE B to
work as the public Tunnel of the L2VPN. By default, devices are configured with IP addresses.
Configuration steps
Step 1 Configure the static Tunnel. For details, refer to section 8.6.1 Example for configuring static
bidirectional LSP without IP capability.
Step 2 Configure static L2VC.
Configure PE A.
Configure PE B.
Checking results
Use the show mpls l2vc static command to show static VPWS configurations on PE A and
PE B.
Show static VPWS configurations on PE A.
Pw Bandwidth Cir : --
Pw Bandwidth Pir : --
Pw Bandwidth Valid : InValid
Pw Weight : --
Pw Flow Queue : --
Pw DsMode : Uniform
Pw PipeServClass : --
Pw Exp2LocalPriMap : 0
Pw LocalPri2ExpMap : 0
Create time : 2000-11-11,14:38:16
Up time : 0 days, 0 hours, 0 minutes, 0 seconds
Last change time : 2000-11-11,14:38:16
Networking requirements
As shown in Figure 9-3, the user has branches in areas A and B. Branches need to exchange
point-to-point VPN leased-line services. To facilitate network maintenance and reduce manual
intervention, you can configure the RSVP-TE-based dynamic Tunnel to carry dynamic VPWS
services to meet user's leased-line telecommunication requirements. By default, devices are
configured with IP addresses.
Figure 9-3 Configuring RSVP-TE-based dynamic Tunnel to carry dynamic VPWS services
Configuration steps
Step 1 Configure RSVP-TE-based dynamic Tunnel. For details, refer to section 8.6.3 Example for
configuring RSVP-TE-based dynamic LSP.
Step 2 Configure dynamic L2VC.
Configure PE A.
Configure PE B.
Checking results
Use the show mpls l2vc command to show static VPWS configurations on PE A and PE B.
Show static VPWS configurations on PE A.
Vc id : 1
Encapsulation type : raw
Tunnel type : mplsTe
Destination : 10.1.1.1
Tunnel policy : --
Tunnel number : 1
Local vc label : 10243
Remote vc label : --
Ac status : down
Pw state : down
Vc state : down
Local statuscode : 0xa
Remote statuscode : 0x0
Vc signal : pwIdFecSignaling
Local cw : enable
Operational cw : enable
Local vc mtu : 9600
Remote vc mtu : --
Tpid : 0x9100
Svlan : --
Pw role : PrimaryPw
Pw work status : Working
Pw access mode : mesh
Pw QosMode : --
Pw Bandwidth Cir : --
Pw Bandwidth Pir : --
Pw Bandwidth Valid : InValid
Pw Weight : --
Pw Flow Queue : --
Pw DsMode : Uniform
Pw PipeServClass : --
Pw Exp2LocalPriMap : 0
Pw LocalPri2ExpMap : 0
Create time : 2014-07-25,10:13:17
Up time : 0 days, 0 hours, 0 minutes, 0 seconds
Last change time : 2014-07-25,10:13:17
----------------------------------------
Networking requirements
As shown in Figure 9-4, the headquarter G exchange private-line services with branch A over
the IP RAN where end-to-end communication is implemented through multi-section PW and
protection implemented by deploying active/standby Tunnel and active/standby PW. In this
networking topology, the IP RAN device is named based on the network where it resides,
which should be the same with the carrier network name. For example, U1 is the client-side
IPRAN access device. A2 is the network-side access device. And B is the aggregation core
layer device.
Deploy active/standby static PWs between U1-1 and A2-1, and U3 and A2-1.
Deploy active/standby dynamic PWs between A2-1 and B-1, and A2-2 and B-2.
Deploy dynamic PWs between B-1 and B-2, and B-3 and B-4.
Raisecom Proprietary and Confidential
185
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-R (B) Configuration Guide 9 MPLS VPN
Configuration strategy
Configure LSR-ID on U1, U2, and B. Enable MPLS globally. Enable LDP on A2 and B.
Configure the IP address of the service interface and loopback interface planned by U1,
A2, and B.
Configure the active/standby static Tunnel between U1-1 and A2-1 and configure the
active/standby static PW.
Enable OSPF on A2-1, B-1, and B-3. Advertise and learn routes over the entire network.
Enable LDP sessions on A2-1, B-1, and B-3 and establish LDP remote sessions
respectively, preparing for the assignment of PW labels.
Configure active/standby PWs A2-1, B-1, and B-3 respectively. The labels are
automatically distributed according to the LDP protocol.
Configure the static-to-dynamic PW on A2.
Enable BFD and establish PW redundancy protection.
(Optional) configure QoS rate limiting for the PW.
Configuration data
Table 9-3 lists configuration data.
Loopback 1 is a dedicated interface for the DCN network management. To prevent conflicts,
loopback 1 interface is prohibited. You can enable another loopback interface of which the IP
address can be used as the IP address of the LSR-ID. Loopback 2 is used in this example.
Configuration steps
Step 1 Configure MPLS globally.
U1-1
A2-1
B-1
B-3
Step 2 Configure the IP address of the planning interface and enable LDP session.
U1-1
U1-1(config)#interface loopback 2
U1-1(config-loopback2)#ip address 1.1.1.1 255.255.255.255
U1-1(config-loopback2)#interface gigaethernet 1/1/1
U1-1(config-gigaethernet1/1/1)#ip address 10.10.1.1 255.255.255.0
U1-1(config-gigaethernet1/1/1)#exit
A2-1
A2-1(config)#interface loopback 2
A2-1(config-loopback2)#ip address 2.2.2.2 255.255.255.255
A2-1(config-loopback2)#interface gigaethernet 1/1/1
A2-1(config-gigaethernet1/1/1)#ip address 10.10.1.2 255.255.255.0
A2-1(config-gigaethernet1/1/1)#interface gigaethernet 1/1/2
A2-1(config-gigaethernet1/1/2)#ip address 10.10.2.1 255.255.255.0
A2-1(config-gigaethernet1/1/2)#mpls ldp
A2-1(config-gigaethernet1/1/2)#interface gigaethernet 1/1/3
A2-1(config-gigaethernet1/1/3)#ip address 100.10.1.1 255.255.255.0
A2-1(config-gigaethernet1/1/3)#mpls ldp
/*configure the IP address of the interface on the ring and enable LDP.
B-1
B-1(config)#interface loopback 2
B-1(config-loopback2)#ip address 3.3.3.3 255.255.255.255
B-1(config-loopback2)#interface gigaethernet 1/1/1
B-1(config-gigaethernet1/1/1)#ip address 10.10.2.2 255.255.255.0
B-1(config-gigaethernet1/1/1)#mpls ldp
B-3
B-3(config)#interface loopback 2
B-3(config-loopback2)#ip address 5.5.5.5 255.255.255.255
B-3(config-loopback2)#interface gigaethernet 1/1/1
B-3(config-gigaethernet1/1/1)#ip address 10.10.5.1 255.255.255.0
B-3(config-gigaethernet1/1/1)#mpls ldp
A2-1(config-tunnel1/1/1)#destination 1.1.1.1
A2-1(config-tunnel1/1/1)#mpls te commit
A2-1(config-tunnel1/1/1)#exit
A2-1(config)#mpls bidirectional static-lsp egress lsp1-1 lsr-id 1.1.1.1
tunnel-id 2
A2-1(config-ingress-lsp)#forward in-label 103
A2-1(config-ingress-lsp)#backward 1.1.1.1 255.255.255.255 nexthop
10.10.1.1 out-label 104
U1-1(config)#router ospf 1
U1-1(config-router-ospf)#network 1.1.1.1 255.255.255.255 area 0
U1-1(config-router-ospf)#network 10.10.1.1 255.255.255.255 area 0
U1-1(config-router-ospf)#exit
A2-1
A2-1(config)#router ospf 1
A2-1(config-router-ospf)#network 2.2.2.2 255.255.255.255 area 0
A2-1(config-router-ospf)#network 10.10.1.2 255.255.255.255 area 0
A2-1(config-router-ospf)#network 10.10.2.1 255.255.255.255 area 0
A2-1(config-router-ospf)#network 100.10.1.1 255.255.255.255 area 0
A2-1(config-router-ospf)#exit
B-1
B-1(config)#router ospf 1
B-1(config-router-ospf)#network 3.3.3.3 255.255.255.255 area 0
B-1(config-router-ospf)#network 10.10.2.2 255.255.255.255 area 0
B-1(config-router-ospf)#exit
B-3
B-3(config)#router ospf 1
B-3(config-router-ospf)#network 5.5.5.5 255.255.255.255 area 0
B-3(config-router-ospf)#network 10.10.5.1 255.255.255.255 area 0
B-3(config-router-ospf)#exit
B-1
B-3
Checking results
After step 4, you can use the show mpls l2vc command to show PW working status.
After step 6, you can use the show mpls ldp targeted neighbour command to check
status of LDP neighbor sessions.
After step 6, you can use the show mpls ldp interface command to show whether
physical layer interface is enabled with LDP.
After step 6, you can use the show mpls ldp session command to show LDP sessions
and the running status.
After step 7, you can use the show mpls switch-l2vc command to show configurations
of PW switching.
After all configurations are complete, you can execute the Ping operation based on
MPLS VC to check the connectivity of the L2VPN.
After completing Step 9, you can use the show bfd state command to show BFD status.
Common questions
After a LDP session is configured, it is not Up.
Check whether the network-side interface IP address is correctly configured.
Check whether the OSPF route is enabled and whether the entire network routes have
been advertised and learned.
Check whether the NNI interface is enabled with LDP.
Check if the NNI interface is up.
After static-to-dynamic PW switching is configured, the PW is not Up.
Check whether the UNI of PE3 is configured with a dynamic PW.
Check whether the UNI of PE3 is Up.
Check whether the binding between the static tunnel and the PW is correct in the PW
switching configuration. That is, the tunnel should be bound to the static PW at the local
end.
Check whether the MTU, Raw/Tag, MTU, TPID, and control word of the two PWs are
the same.
The end-to-end PW cannot be pinged through.
Check whether the configuration of the tunnel parameters is correct and whether the
status is Up.
Check whether LDP is Up.
Check whether the static PW and dynamic PW are up.
Check whether the interface planning is consistent with the network topology.
Check whether the configuration process is correct.
Networking requirements
Figure 9-5 shows a backhaul CE+L3VPN network solution. The base station accesses device
A which functions as the CE device on the service network. CE 1 and CE 2 belong to VPN 1.
They access the MPLS L3VPN network through PE 1 and PE 2 respectively. The RT of VPN
1 is 100:1. Different VPN users cannot access each other. OSPF runs between PE 1 and PE 2.
Establish public routes for interconnection. Configure MP-BGP between PE 1 and PE 2 to
advertise L3VPN routes. Configure static routes between PEs and CEs. This completes the
deployment of the mobile backhaul network.
Configuration strategy
Configure basic MPLS functions on PE devices and configure VRF.
Configure the IP addresses of the interfaces on PE and CE devices.
After configuring the IP address of the PE client-side interface, bind the VRF to the
client-side interface.
Enable OSPF public network routes between PE 1 and PE 2.
Configure a MPLS static public network tunnel between PE 1 and PE 2.
Enable MP-IBGP routes between PE 1 and PE 2, and enable VPNv4.
Configure a static route between the PE and the CE. Configure the static VRF-based
private network route to the CE on the PE and configure the gateway from the CE to the
PE.
Configuration data
Table 9-4 lists configuration data.
Configuration steps
Step 1 Configure VRF on PE 1 and PE 2.
PE 1
PE1#config
PE1(config)#ip vrf VPN1
PE1(config-vrf)#rd 100:1
PE1(config-vrf)#route-target import 100:1
PE1(config-vrf)#route-target export 100:1PE1(config-vrf)#exit
PE 2
PE2#config
PE 2
PE 2
PE1(config)#router ospf 1
PE1(config-router-ospf)#network 10.10.1.0 0.0.0.255 area 0
PE1(config-router-ospf)#network 1.1.1.1 0.0.0.0 area 0
PE1(config-router-ospf)#exit
P1(config)#router ospf 1
P1(config-router-ospf)#network 10.10.1.0 0.0.0.255 area 0
P1(config-router-ospf)#network 10.10.3.0 0.0.0.255 area 0
P1(config-router-ospf)#network 2.2.2.2 0.0.0.0 area 0
P1(config-router-ospf)#exit
PE 2
PE2(config)#router ospf 1
PE2(config-router-ospf)#network 10.10.3.0 0 0 0.0.0.255 area 0
PE2(config-router-ospf)#network 4.4.4.4 0.0.0.0 area 0
PE2(config-router-ospf)#exit
Step 6 is for configuring the static public network tunnels. Step 7 is for configuring
dynamic public network tunnels. You can choose one as required.
Step 6 (Optional) configure a static public network tunnel between PE 1 and PE 2.
PE 1
PE 2
PE 2
PE1(config)#router bgp 1
PE1(config-router)#bgp router-id 1.1.1.1
PE1(config-router)#neighbor 4.4.4.4 remote-as 1
/*The Ass at both ends must be the same. If they are the same, the device
is in IBGP routing mode. Otherwise the device is in EBGP mode.*/
PE1(config-router)#neighbor 4.4.4.4 update-source 1.1.1.1
PE1(config-router)#address-family vpnv4
/*Configure a public network neighbor and ensure that the public network
routes are reachable, that is, the LSR-ID of the peer is reachable. If
there are multiple PE devices, you need to configure multiple public
network neighbors which are irrelevant with IPv4 private network
neighbors.*/
PE1(config-router-af)#neighbor 4.4.4.4 activate
PE1(config-router-af)#neighbor 4.4.4.4 send-community extended
/*You must adopt the extended mode. L3VPN is implemented based on
extended BGP.*/
PE1(config-router-af)#exit-address-family
PE1(config-router)#address-family ipv4 vrf vpn1
/*Configure IPv4 private network neighbors to match VRFs. If there are
multiple VRFs, configure multiple IPv4 neighbors and configure multiple
IPv4 private network neighbors on the peer end. This does not affect
VPNv4 public network neighbors.*/
PE1(config-router-af)#redistribute static
PE1(config-router-af)#redistribute connected
PE1(config-router-af)#exit-address-family
PE1(config-router)#exit
PE 2
PE2(config)#router bgp 1
PE2(config-router)#bgp router-id 4.4.4.4
PE2(config-router)#neighbor 1.1.1.1 remote-as 1
PE2(config-router)#neighbor 1.1.1.1 update-source 4.4.4.4
PE2(config-router)#address-family vpnv4
PE2(config-router-af)#neighbor 1.1.1.1 activate
PE2(config-router-af)#neighbor 1.1.1.1 send-community extended
PE2(config-router-af)#exit-address-family
PE2(config-router)#address-family ipv4 vrf vpn1
PE2(config-router-af)#redistribute static
PE2(config-router-af)#redistribute connected
PE2(config-router-af)#exit-address-family
PE2(config-router)#exit
Step 9 Configure a static route pointing to CE 1 on PE 1 and configure a static route pointing to CE 2
on PE 2.
PE 1
Raisecom Proprietary and Confidential
202
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-R (B) Configuration Guide 9 MPLS VPN
PE 2
CE 2
Checking results
Use the show ip vrf detail command to check whether VRF configurations on PE 1 and
PE 2 are correct respectively.
PE 1
PE 2
Use the show ip route command to show whether the public network routes learned by
the PE and P devices are correct. Take PE 1 for example.
PE 1
PE1(config)#show ip route
Routing Tables: Default-IP-Routing-Table
-------------------------------------------------------------------------
--
Flag: C - connected, S - static, R - RIP, B - BGP, O - OSPF, I - IS-IS
P - Protocol, s - States, > - selected , * - active, Dis - Distance
Use the show interface tunnel command to show whether tunnel configurations on PE 1
and PE 2 are correct. Take PE 1 for example.
PE 1
Use the show ip bgp neighbor command to show whether PE 1 and PE 2 have
established the BGP neighbor.
Use the show ip bgp vpnv4 all command to check whether the PE has learned the
VPNv4 neighbor.
10 TDMoP
This chapter describes principles and configuration procedures of TDMoP, as well as related
configuration examples, including the following sections:
Configuring Tunnel
Configuring PW
Configuring TDMoP clock
Maintenance
10.2 Configuring PW
10.2.1 Preparing for configurations
Scenario
After being received by the TDM interface, TDM service data flows are encapsulated into PW
packets. PW packets of the same type will form PW service flows and traverse the PSN. After
reaching the other end of the PSN, PW service flows are decapsulated to TDM service flows,
which are forwarded through the TDM interface.
Prerequisite
The TDMoP card is in place.
Scenario
The TDMoP system supports clock synchronization in nature. The PTN is an STDM-based
best-effort network. It may cause end-to-end delay. TDM services are encapsulated into
Ethernet packets and then are transmitted cross the PTN. This also influences the performance
for de-encapsulating TDM services. However, TDMoP clock recovery technology can reduce
impact caused by PTN delay.
The clock recovery mechanism adopted by the TDMoP system depends on the Rx clock
source of the TDM interface.
Prerequisite
A PW is created.
10.4 Maintenance
Command Description
Raisecom(config-tdm-port)#loopback Configure the loopback mode of TDM interfaces.
{ internal | external |
bidirectional }
By default, there is no loopback on the TDM interface.
You can use the no loopback command to configure the
TDM interface not to perform loopback.
11 OAM
This chapter describes principles and configuration procedures of OAM, as well as related
configuration examples, including following sections:
Configuring EFM
Configuring CFM
Configuring MPLS-TP OAM
Configuring BFD
Configuring SLA
Configuring link quality alarm
Maintenance
Configuration examples
Scenario
Deploying EFM between directly-connected devices can effectively improve the management
and maintenance capability of Ethernet links and ensure network running smoothly.
Prerequisite
Connect interfaces and configure physical parameters of interfaces. Make the physical layer
Up.
EFM active functions can be configured when the RAX711-R is in active mode.
By getting the current variable values of the peer, you can get current link status.
IEEE 802.3 Clause 30 defines and explains supported variables and their denotation
gotten by OAM in details. The variable takes Object as the maximum unit. Each
object contains Package and Attribute. A package contains several attributes.
Attribute is the minimum unit of a variable. When an OAM variable is obtained, object,
package, branch, and leaf description of attributes are defined by Clause 30 to
describe requesting object, and the branch and leaf are followed by variable to
denote object responds variable request. The RAX711-R supports getting OAM
information and interface statistics.
Peer variable cannot be obtained unless EFM connection is established.
Step Command Description
1 Raisecom#show oam peer oam-info [ gigaethernet Show OAM basic information
interface-number ] about the peer device.
Raisecom#show oam peer [ gigaethernet interface-
number ]
The peer EFM remote loopback will not take effect until the remote loopback
response is configured on the local device.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface Enter Layer 2 physical interface configuration mode.
gigaethernet interface-number
OAM link monitoring is used to detect and report link errors in different conditions.
When detecting a fault on a link, the RAX711-R provides the peer with the generated
time, window, and threshold, etc. by OAM event notification packets. The peer
receives event notification and reports it to the NView NNM system through SNMP
Trap. Besides, the local device can directly report events to the NView NNM system
through SNMP Trap.
By default, the system sets default value for error generated time, window, and
threshold.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#interface gigaethernet Enter Layer 2 physical interface configuration
interface-number mode.
3 Raisecom(config-port)#oam errored-frame Configure the monitor window and threshold
window framewindow threshold for an error frame event.
framethreshold
By default, the monitor window is configured
to 1s and the threshold is configured to 1 error
frame.
4 Raisecom(config-port)#oam errored-frame- Configure the monitor window and threshold
period window frameperiodwindow threshold for an error frame period event.
frameperiodthreshold
By default, the monitor window is configured
to 1000ms and the threshold is configured to 1
error frame.
5 Raisecom(config-port)#oam errored-frame- Configure the monitor window and threshold
seconds window framesecswindow threshold for an error frame seconds event.
framesecsthreshold
By default, the monitor window is configured
to 60s and the threshold is configured to 1s.
6 Raisecom(config-port)#oam errored-symbol- Configure the monitor window and threshold
period window symperiodwindow threshold for an error symbol event.
symperiodthreshold
By default, the monitor window is configured
to 1s and the threshold is configured to 1 error
frame.
After entering remote configuration mode, you can show the command list supported by the
remote device by executing list command. Then you can manage the remote device by
executing those commands. For example:
Use the snmp-server community command to configure the network management for
the remote device.
Use the switch-mode dot1q-vlan native-vlan command to configure VLAN for the
remote device.
Use the reboot command to reboot the remote device.
Use the erase command to delete configuration files from the remote device.
There are still a lot of commands that you can use to monitor and manage the remote device
by the extended OAM. I will not list them one by one, you can use them according to your
actual need. The function of some related command line is the same as the command executed
locally.
Scenario
To expand application of Ethernet technologies at a Telecom-grade network, the Ethernet
must ensure the same QoS as the Telecom-grade transport network. CFM solves this problem
by providing overall OAM tools for the Telecom-grade Ethernet.
CFM can provide following OAM functions:
Fault detection (Continuity Check, CC)
Fault acknowledgement (LoopBack, LB)
Fault location (LinkTrace, LT)
Alarm Indication Signal (AIS)
Ethernet lock signal (Lock, LCK)
Client Signal Fail (CSF)
Prerequisite
Connect interfaces and configure physical parameters of the interfaces. Make the
physical layer Up.
Create a VLAN.
Add interfaces to the VLAN.
CFM fault detection and CFM fault location functions cannot take effect until the
CFM is enabled.
concurrently.
If the MD name is specified, it must be globally
unique.
Levels of different MDs must be different.
Raisecom(config-service)#service
remote-mep mep-list remote-mac mac- 802.1ag down MEP needs to manually add
address [ interface-type interface- the remote MEP and specify the interface. It
number ] fails to find the remote MEP automatically.
8 Raisecom(config-service)#service (Optional) configure remote MEP learning. Add
remote-mep learning active dynamically learned remote MEPs to the static
remote MEP list.
9 Raisecom(config-service)#service Enable alarm inhibition.
suppress-alarms enable mep { mep-
list | all } By default, it is enabled.
Before executing this command, you must ensure that global CFM is enabled.
Otherwise, the Ping operation fails.
If there is no MEP in a service instance, Ping operation will fail because of failing
to find source MEP.
Ping operation will fail if the specified source MEP is invalid. For example, the
specified source MEP does not exist or CFM is disabled on the interface where
the specified source MEP is.
Ping operation will fail if the Ping operation is performed based on the specified
destination MEP ID and the MAC address of destination is not found based on
the MEP ID.
Ping operation will fail if other users are using the specified source MEP to
perform Ping operation.
Before executing this command, you must ensure that global CFM is enabled.
Otherwise, the Traceroute operation fails.
If there is no MEP in a service instance, Traceroute operation will fail because of
failing to find source MEP.
Traceroute operation will fail if the specified source MEP is invalid. For example,
the specified source MEP does not exist or CFM is disabled on the interface
where the specified source MEP is.
Traceroute operation will fail if the Ping operation is performed based on the
specified destination MEP ID and the MAC address of destination is not found
based on the MEP ID.
If the CC feature is invalid, you can ensure Layer 2 Traceroute operation works
normally by configuring static RMEP and specifying MAC address.
Traceroute operation will fail if other users are using the specified source MEP to
perform Traceroute operation.
If the service instance associates with the emulated Ethernet PW, when LB is
performed, you need to enable global CFM and Ethernet CFM on the AC-side
Ethernet interface.
4 Raisecom(config-service)#service lck level Configure the level for sending the LCK
md-level [ vlan vlan-id ] packet. The level must be higher than the
service instance level.
By default, use the level of the MIP, which
is higher than the MEP level, to send the
LCK packet.
5 Raisecom(config-service)#s service lck (Optional) configure the LCK packet
period { 1 | 60 } delivery period. By default, the LCK packet
delivery period is configured to 1s.
6 Raisecom(config-service)#service lck start Configure the MEP to send the LCK packet.
mep { mep-list | all }
By default, the MEP does not send the LCK
packet.
Scenario
To extend the application of MPLS-TP technology in Telecom-grade network, the MPLS-TP
network needs to achieve the same service level as the Telecom-grade transport network.
Connectivity Fault Management (CFM) helps the MPLS-TP network to resolve the problem
by providing complete OAM tools.
CFM can provide the following OAM functions for the MPLS-TP network:
Fault detection (Continuity Check, CC)
Fault acknowledgement (LoopBack, LB)
Fault location (LinkTrace, LT)
Alarm Indication Signal (AIS)
Client Signal Fail (CSF)
Lock (LCK)
Packet Delay and Packet Delay Variation Measurements (DM)
Frame Loss Measurements (LM)
The principle of MPLS-TP OAM is similar to the one of Ethernet-based OAM. Only the
carrying modes of related packets are different.
To ensure that users can get qualified network services. The Carrier and users sign a Service
Level Agreement (SLA). To effectively fulfil the SLA, the carrier needs to deploy the SLA
feature on the device to measure the network performance and takes the measurement result
as the basis for ensuring the network performance.
SLA selects 2 detection points, configures, and schedules the SLA operation on one detection
point to detect the network performance between the 2 detection points.
The SLA feature counts the round-trio packet loss ratio, round-trip/unidirectional (SD/DS)
delay, jitter, jitter variance, and jitter distribution and reports them to the upper monitoring
software (such as the NView NNM system). And then the upper monitoring software analyses
the network performance to get a data meeting users' requirements.
Prerequisite
Connect the interface and configure physical parameters of the interface. Make the
physical layer Up.
Configure MPLS basic functions.
Before configuring SLA, deploy CFM between devices that need to detect the network
performance.
Before enabling CFM packet delivery, configure the association relationship between
the service instance and the static L2VC.
If no MEP is configured for the service instance, the Ping operation will fails
because no source MEP is found.
The Ping operation will fail if the specified source MEP is invalid. For example,
the specified source MEP does not exist or CFM is disabled on the interface
where the specified source MEP is.
The Ping operation will fail if another user is using the specified source MEP to
initiate the Ping operation.
If no MEP is configured for the service instance, the Traceroute operation will
fails because no source MEP is found.
The Traceroute operation will fail if the specified source MEP is invalid. For
example, the specified source MEP does not exist or CFM is disabled on the
interface where the specified source MEP is.
The Traceroute operation will fail if another user is using the specified source
MEP to initiate the Traceroute operation.
Scenario
To reduce effect of faults on the device and improve network availability, the RAX711-R
needs to detect communication faults with adjacent devices. Therefore, it can take actions
immediately to ensure service being transmitted properly.
BFD is one-way detection. Therefore, it must be enabled on the local end and peer end
together. Otherwise, BFD fails.
Prerequisite
Configure an IP address for the device to be tested and ensure all routes among devices are
reachable.
Scenario
To provide users with qualified network services, the carrier signs a SLA with users. To carry
out SLA effectively, the ISP needs to deploy SLA feature on devices to measure the network
Raisecom Proprietary and Confidential
234
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-R (B) Configuration Guide 11 OAM
performance, taking the measured results as an evidence for ensuring the network
performance.
By selecting two detection points (source and destination RAX711-R devices), SLA
configures and schedules SLA operations on a detection point. Therefore, network
performance between these 2 detection points can be detected.
SLA takes statistics on round-trip packet loss ratio, round-trip/unidirectional (SD/DS) delay,
jitter, throughput, and LM packet loss ratio test. In addition, it reports these data to the upper
monitoring software (such as the NView NNM system) to help analyze network performance
for getting an expected result.
Prerequisite
When configuring Layer 2 test operations, you should deploy CFM between local and
remote devices that need to be detected. Layer 2 Ping operation succeeds between local
and remote devices.
When configuring Layer 3 test operations (icmp-echo and icmp-jitter), Layer 3 Ping
operation succeeds between local and remote devices.
After configuring one operation (differed by operation ID), you cannot modify or
configure it again. You need to delete the operation in advance if you need to
configure it again.
SLA supports scheduling up to 16 operations at one time. Before you stop
scheduling the same operation, you cannot modify scheduling information or re-
schedule the operation. If you need to reschedule the operation, you need to
finish the scheduling (reach scheduling life time or stop scheduling) before
performing the next scheduling.
During Ethernet SLA measurement, the operation performs delay and jitter
measurement in hardware mode, when you create the DOWN MEP (specify the
MD name when you configure the MD) and use the DM packet to create the
operation. The delay and jitter measurement accuracy in hardware mode is at a
microsecond level. Other modes are realized in software mode. The delay and
jitter measurement accuracy in software mode is at a millisecond level.
During MPLS-TP SLA, no MEP direction is distinguished and no MD name
needs to be specified. The operation, created through the DM packet, performs
delay and jitter measurement in hardware mode. The delay and jitter
measurement accuracy in hardware mode is at a microsecond level. The
software mode is unavailable.
The operation life period should be no shorter than the interval for executing the
SLA operation.
The interval for executing the SLA operation shall be no shorter than 20s.
The operation lifetime should not be shorter than the interval for scheduling the
SLA operation.
The interval for scheduling the SLA operation should not be shorter than 20s.
Scenario
By enabling link quality alarm, you can test the transmission error code rate on the interface.
When the error code rate reaches the preconfigured threshold, link status alarm will be
triggered, thus through link quality can be monitored.
Prerequisite
N/A
3 Raisecom(config-port)#link-quality low bit- Configure the error code rate threshold for
error-threshold error-ratio bit-error- triggering link quality alarm and the error
confficient bit-error-power resume-ratio code rate threshold for recovering the link
bit-error-confficient bit-error-power quality.
4 Raisecom(config-port)#bit-error test enable Configure the link quality detection
[ interval interval-value ] [ window window- algorithm and enable detection.
value ] [ period period-value ]
11.7 Maintenance
Command Description
Raisecom(config)#clear { ais | lck | csf | ccm } Clear AIS, LCK, CSF, and CCM
packet statistic statistics.
Raisecom(config)#clear ethernet cfm errors [ level Clear error CCM records.
md-level ]
Raisecom(config)#clear ethernet cfm remote-mep Clear information about discovered
[ level md-level ] remote MEPs.
Command Description
Raisecom(config)#clear mpls-tp cfm errors [ level md- Clear MPLS-TP error CCM records.
level ]
Raisecom(config)#clear mpls-tp cfm remote-mep [ level Clear configurations about MPLS-TP
md-level ] discovered remote MEPs.
Raisecom(config)#clear cfm suppress-alarm source Clear alarm inhibition information
about MPLS-TP MEPs.
Raisecom(config)#clear mpls-tp cfm suppress-alarm Clear source information about
source inhibited MPLS-TP AIS/LCK alarms.
Raisecom(config)#clear { ais | lck | csf | ccm } Clear MPLS-TP AIS, LCK, CSF, and
packet statistic CCM statistics.
Networking requirements
As shown in Figure 11-1, sub-interface Gigaethernet 1/5/1.10 on iTN A and sub-interface
Gigaethernet 1/5/1 on iTNB are directly connected through Switch E and Switch F which are
for emulating fault nodes and detecting BFD alarm. Configure BFD for IP single-hop
detection on the iTN A and iTN B.
Configuration steps
When configuring the BFD session ID, configure the local end and remote end with
the same ID.
Step 1 Configure the sub-interface to encapsulate the VLAN and IP address. Then iTN A and iTN B
can ping through each other.
iTN A
iTNA#config
iTNA(config)#interface gigaethernet 1/5/1.10
iTNA(config-gigaethernet 1/5/1.10)#encapsulation dot1Q 10
iTNA(config-gigaethernet 1/5/1.10)#ip address 1.1.1.1
iTNA(config-gigaethernet 1/5/1.10)#exit
iTN B
iTNB#config
iTNB(config)#interface gigaethernet 1/5/1.10
iTNB(config-gigaethernet 1/5/1.10)#encapsulation dot1Q 10
iTNB(config-gigaethernet 1/5/1.10)#ip address 1.1.1.2
iTNB(config-gigaethernet 1/5/1.10)#exit
Step 2 Configure BFD for IP single-hop detection without configuring the default value of the
parameter.
iTN A
iTN B
Checking results
After configuring the IP address of the sub-interface, use the show ip route command to
show the route learning status.
iTNA#show ip route
Routing Tables: Default-IP-Routing-Table
-------------------------------------------------------------------------
Flag: C - connected, S - static, R - RIP, B - BGP, O - OSPF, I - IS-IS
P - Protocol, s - States, > - selected , * - active, Dis - Distance
After configuring BFD for sub-interface, use the show bfd config command to show
BFD configurations.
Disconnect the link between Switch E and Switch F to create a fault. Use the show bfd
state command to show BFD status.
Network requirements
As shown in Figure 11-2, iTN A and iTN B access user services through their respective GE
1/2/1.10 interfaces. User services are transmitted to the peer through the PW links deployed
on iTN devices. To detect the connectivity of PW links between iTN devices, enable BFD for
PW on iTN A and iTN B to detect the status of the PW link. Once a fault is detected, an alarm
will be reported.
Configuration strategy
Configure the IP address of the device interface.
Configure basic MPLS functions, such as LSP and PW.
Configure BFD for PW detection.
Data preparation
Table 11-1 lists data needed for BFD for PW detection.
Configuration steps
Step 1 Configure the IP address of the device interface. Take iTN A for example. Configuration
steps for iTN B are similar.
iTN A
iTNA#config
iTNA(config)#interface Loopback 2
iTNA(config-Loopback2)#ip address 1.1.1.1 255.255.255.255
iTNA(config-Loopback2)#interface gigaethernet 1/1/1.10
iTNA(config-gigaethernet1/1/1.10)#encapsulation dot1Q 10
iTNA(config-gigaethernet1/1/1.10)#ip address 10.10.10.1 255.255.255.0
iTNA(config-gigaethernet1/1/1.10)#interface gigaethernet 1/2/1.10
iTNA(config-gigaethernet1/2/1.10)#encapsulation dot1Q 10
iTNA(config-gigaethernet1/2/1.10)#ip address 20.10.10.1 255.255.255.0
iTNA(config-gigaethernet1/2/1.10)#exit
iTN B
iTNB(config-tunnel1/1/1)#mpls te commit
iTNB(config-tunnel1/1/1)#exit
iTNB(config)#mpls bidirectional static-lsp ingress lspAB lsr-id 1.1.1.1
tunnel-id 1
iTNB(config-ingress-lsp)#forward 1.1.1.1 255.255.255.255 nexthop
10.10.10.1 gigaethernet 1/1/1.10 out-label 20
iTNB(config-ingress-lsp)#backward in-label 10
iTNB(config-ingress-lsp)#exit
iTNB(config)#interface gigaethernet 1/2/1.10
iTNB(config-gigaethernet1/2/1.10)#encapsulation dot1Q 10
iTNB(config-gigaethernet1/2/1.10)#mode l2
iTNB(config-gigaethernet1/2/1.10)#mpls static-l2vc destination 1.1.1.1
tagged vc-id 1 in-label 101 out-label 101 tunnel 1/1/1 mtu 9600
iTNB(config-gigaethernet1/2/1.10)#exit
iTN B
Checking results
After completing configurations, use the show bfd config command to check the
configuration results.
Networking requirements
As shown in Figure 11-3, configure the Y.1564 test type on the iTN A device, create test
services and configure the test packet attributes to implement configuration test and
performance test on the target network. Configure loopback on the iTN B device to loop the
data flow to iTN A for analysis. The AC-side interface of the iTN A is GE 1/2/1.10, and the
AC-side interface of the iTN B is GE 1/2/1.10, which are used to access user services.
Configure Tunnel and PW on iTN A and iTN B respectively to carry user services for
transmission over the IP RAN network.
Configuration strategy
Configure basic MPLS functions, such as LSP, tunnel, and PW on iTN A and iTN B.
Configure the Y.1564 test operation on iTN A.
Configure loopback on iTN B.
Schedule the Y.1564 test operation.
Data preparation
Table 11-2 lists data needed for Y.1564 test.
Configuration steps
Step 1 Refer to Table 11-2. Configure the IP addresses of interfaces on iTN A and iTN B.
For details, refer to section 6.1 Configuring interface IP address.
Step 2 Configure OSPF routing.
iTN A
iTN B
Step 3 Configure basic MPLS functions on iTN A and iTN B, such as LSP and PW.
iTN A
iTN B
Step 5 Configure internal loopback on the AC-side interface (PW service extraction interface) on
iTNB, looping data flow back to iTN A.
Checking results
After completing Step 1, use the show mpls bidirection static-lsp command to show
LSP configuration results.
After completing Step 1, use the show mpls l2vc command to show PW configuration
results.
Pw DsMode : Uniform
Pw PipeServClass : --
Pw Exp2LocalPriMap : Default
Pw LocalPri2ExpMap : Default
Create time : 1972-06-22,09:02:04
Up time : 0 days, 0 hours, 2 minutes, 41 seconds
Last change time : 1972-06-22,09:02:04
----------------------------------------
Total l2vc : 1 1 up 0 down
/*L2VC is UP, which means that it is normal.*/
Use the ping mpls vc-id destination command to check whether PW path is well
connected.
After configurations are complete, you can use the show sla group-id configuration
command to check configuration results of performance test.
After configurations are complete, use the show sla configuration command to show
configuration results of throughput test.
Use the show sla group-id result command to show performance test results.
Use the show sla result command to show throughput test results.
Step 1(25%):
Min Mean Max
Flr(0.001%): 0 0 0
Ftd(us): 76 77 89
Fdv(us): 0 0 12
Ir(Mbit/s): 250.000 250.000 250.000
Delay range(us): 13
BER(ES): 0
Available(%): 100
Result: PASS
12 Network reliability
This chapter describes principles and configuration procedures of network reliability, as well
as related configuration examples, including following sections:
Configuring link aggregation
Configuring interface backup
Configuring ELPS
Configuring ERPS
Configuring VRRP
Configure PW redundancy protection
Configuring MPLS-TP linear protection switching
Configuring HA hot backup
Maintenance
Configuration examples
Scenario
When needing to provide greater bandwidth and reliability for a link between two devices,
you can configure manual or static LACP link aggregation.
Prerequisite
Configure physical parameters of the interface and make the physical layer Up.
In a LAG, member interfaces that share loads must be identically configured. Otherwise,
data cannot be forwarded properly. These configurations include QoS, QinQ, VLAN,
interface properties, and MAC address learning.
– QoS: traffic policing, traffic shaping, congestion avoidance, rate limiting, SP queue,
WRR queue scheduling, WFQ queue, interface priority, and interface trust mode.
– QinQ: QinQ status on the interface, added outer VLAN tag, policies for adding outer
VLAN Tags for different inner VLAN IDs.
Raisecom Proprietary and Confidential
257
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-R (B) Configuration Guide 12 Network reliability
– VLAN: the allowed VLAN, default VLAN, and the link type (Trunk, Hybrid, and
Access) on the interface, and whether VLAN packets carry Tag.
– Interface properties: speed, duplex mode, and link Up/Down status.
– MAC address learning: MAC address learning status and MAC address limit.
Scenarios
In a dual-uplink networking scenario, you can realize redundancy backup of the
primary/secondary link and fast switching of services through interface backup, thus
improving service reliability.
Prerequisite
N/A
Scenario
To make the Ethernet reliability up to Telecom-grade (network self-heal time less than 50ms),
you can deploy ELPS at Ethernet. ELPS is used to protect the Ethernet connection. It is an
end-to-end protection technology.
ELPS provides 3 modes to detect a fault.
Detect faults based on the physical interface status: learning link fault quickly and
switching services immediately, suitable for detecting the fault between neighbor devices.
Detect faults based on CFM: suitable for multi-device crossing detection.
Detect faults based on the physical interface and CFM: sending Trap when detecting a
fault on the physical link/CFM.
Prerequisite
Connect interfaces and configure physical parameters for them. Make the physical layer
Up.
Create the management VLAN and VLANs of the working and protection interfaces.
Configure CFM detection between devices (preparing for CFM detection mode).
Fault detection modes of the working line and protection line can be different.
However, we recommend that fault detection mode configurations of the working
line and protection line keep consistent.
When configuring end-to-end fault detection mode for the working/protection line,
we do not recommend using the physical link detection mode if there are other
devices along the link. We recommend using the CC fault detection mode.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ethernet line-protection Set the fault detection mode of the working
line-id { working | protection } failure- line/protection line to failure-detect
detect physical-link physical-link.
By default, the fault detection mode is
configured to failure-detect physical-link.
Raisecom(config)#ethernet line-protection Set the fault detection mode of the working
line-id { working | protection } failure- line/protection line to failure-detect cc.
detect cc [ md md-name ] ma ma-name level
level mep local-mep-id remote-mep-id This fault detection mode cannot take effect
unless you finish related configurations on
CFM.
Raisecom(config)#ethernet line-protection Set the fault detection mode of the working
line-id { working | protection } failure- line/protection line to failure-detect
detect physical-link-or-cc [ md md-name ] physical-link-or-cc.
ma ma-name level level mep local-mep-id
remote-mep-id In this mode, it believes that the link fails
when a fault is detected on the physical
link/CC.
This fault detection mode cannot take effect
unless you finish related configurations on
CFM.
By default, traffic is automatically switched to the protection line when the working
line fails. Therefore, you need to configure ELPS switching control in some special
cases.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ethernet line- Lock protection switching. After this configuration,
protection line-id lockout the traffic is not switched to the protection line even
the working line fails.
3 Raisecom(config)#ethernet line- Switch the traffic from the working line to the
protection line-id force-switch protection line forcedly.
4 Raisecom(config)#ethernet line- Switch the traffic from the working line to the
protection line-id manual-switch protection line manually. Its priority is lower than
the one of forced switch and APS.
After you perform the MS-W operation (Traffic is switched from the protection line
back to the working line.), if a fault/recovery event occurs or if other protection group
commands, such as lockout, force-switch, or manual-switch, are executed, both ends
of the protection group may select different lines. In this case, you should use the
clear ethernet line-protection line-id end-to-end command command to delete
configured protection group command to make both ends of the protection group
select the identical line.
Scenario
With development of Ethernet to Telecom-grade network, voice and video multicast services
bring higher requirements on Ethernet redundant protection and fault-recovery time. The
fault-recovery time of current STP system is in second level that cannot meet requirements.
By defining different roles for nodes on a ring, ERPS can block a loopback to avoid broadcast
storm in normal condition. Therefore, the traffic can be quickly switched to the protection line
when working lines or nodes on the ring fail. This helps eliminate the loopback, perform
protection switching, and automatically recover from faults. In addition, the switching time is
shorter than 50ms.
The RAX711-R supports the single ring, intersecting ring, and tangent ring.
ERPS provides 3 modes to detect a fault:
Detect faults based on the physical interface status: learning link fault quickly and
switching services immediately, suitable for detecting the fault between neighbor devices.
Prerequisite
Connect interfaces and configure physical parameters for them. Make the physical layer
Up.
Create the management VLAN and VLANs of the working and protection interfaces.
Configure CFM detection between devices (preparing for CFM detection mode).
Only one device on the protection ring can be set to the Ring Protection Link
(RPL) Owner and one device is configured to RPL Neighbor. Other devices are
set to ring forwarding nodes.
In actual, the tangent ring consists of 2 independent single rings. Configurations
on the tangent ring are identical to the ones on the common single ring. The
intersecting ring consists of a master ring and a sub-ring. Configurations on the
master ring are identical to the ones on the common single ring. For details
about configurations on the sub-ring, see section 12.4.3 (Optional) creating
ERPS protection sub-ring.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ethernet ring-protection Create a protection ring and set the node to
ring-id east { interface-type interface- the RPL Owner.
number } west { interface-type interface-
number | port-channel channel-number } By default, there is no ERPS protection ring.
node-type rpl-owner rpl { east | west }
[ not-revertive ] [ protocol-vlan vlan-
id ] [ block-vlanlist vlan-list ]
The east and west interfaces cannot be
the same one.
Raisecom(config)#ethernet ring-protection Create a protection ring and set the node to
ring-id east { interface-type interface- the RPL Neighbour.
number | port-channel channel-number }
west { interface-type interface-number |
port-channel channel-number } node-type
rpl-neighbour rpl { east | west} [ not-
revertive ] [ protocol-vlan vlan-id ]
[ block-vlanlist vlan-list ]
Raisecom(config)#ethernet ring-protection Create a protection line and set the node to
ring-id east { interface-type interface- the protection forwarding node.
number | port-channel channel-number }
west { interface-type interface-number |
port-channel channel-number } [ not-
revertive ] [ protocol-vlan vlan-id ]
[ block-vlanlist vlan-list ]
By default, traffic is automatically switched to the protection line when the working
line fails. Therefore, you need to configure ERPS switching control in some special
cases.
Step Command Description
1 Raisecom#config Enter global configuration mode.
2 Raisecom(config)#ethernet ring- Switch the traffic on the protection ring to the west/east
protection ring-id force-switch interface forcedly.
{ east | west }
east: block the east interface.
west: block the west interface.
3 Raisecom(config)#ethernet ring- Switch the traffic on the protection ring to the west/east
protection ring-id manual-switch interface manually. Its priority is lower than the one of
{ east | west } forced switch and APS.
Scenario
In general, we configure a default route to the breakout gateway for all devices in a LAN.
Therefore, these devices can communicate with the external network. If the gateway fails,
devices in the LAN fail to communicate with the external network.
The VRRP technology combines multiple routers to form a backup group. By configuring a
virtual IP address for the backup group, you can set the default gateway to the virtual IP
address of the backup group to make devices in the LAN communicate with the external
network.
VRRP helps improve network reliability. It facilitates avoiding network interruption caused
by failure of s single link and prevents changing routing configurations because of link failure.
Interfaces of the router, which support VRRP, include the Layer 3 physical interface,
VLAN interface, and sub-interface.
Prerequisite
N/A
Scenario
PW redundancy protection is used in the networking scenario of CE connecting to 3 PEs
asymmetrically, multiple CEs connecting to Multiple PEs, and CE accessing a networking
with MS-PW, etc.
Prerequisite
The AC link between dual-homed CE and PE supports E-Trunk or E-APS link protection.
PE can access each other through IGP routing protocol.
PW or MS-PW is created.
Scenario
MPLS-TP linear protection switching protects the primary link by providing a backup link.
Therefore, it provides end-to-end protection for LSP links between devices.
Prerequisite
Configure MPLS basic functions.
Configure the static LSP.
Configure MPLS-TP OAM.
Create the working PW, protection PW, protection MS-PW/tributary PW.
Scenario
PW dual-homed protection switching protects client-side access links and network-side
working PWs by cooperating with the working PW, protection PW, and bypass PW. By
bridging any two nodes among the service PW, DNI-PW, and access link, dual-homed
protection can prevent access-side faults from triggering network-side faults, and vice versa.
For example, when the client-side access interface of the PE node fails, the working node will
bridge the working PW and bypass PW to a multi-section PW and the protection node will
bridge the bypass PW with the access link, transmitting the service flow on the working PW,
bypass PW, and access PW. Figure 12-2 shows the application.
Prerequisite
Configure MPLS basic functions, create a LSP, and associate the Tunnel interface.
12.8.4 Configuring PW
Configuring working PW
For configuring the working PW, see section 9.1.2 Configuring static L2VC or section 9.1.3
Configuring dynamic L2VC.
Configure the working PW pointing to the PE B on PEA.
Configure the working PW pointing to the PE A on PE B.
Configuring protection PW
For configuring the protection PW, see section 9.1.2 Configuring static L2VC or section 9.1.3
Configuring dynamic L2VC.
Configure the protection PW pointing to the PE C on PE A.
Configure the DNI-PW pointing to the PE C on PE B.
Configure the DNI-PW pointing to the PE B on PE C.
Configure the active PW which is pointing to PE A as the protection PW of the
protection node on PE C.
Scenario
High Availability (HA), including hot backup, batch backup, and realtime backup, is used to
provide high reliability of the system. Devices which support HA hot backup should be
equipped with 2 cards. The master card works in Master mode and the slave card works in
Slave mode. Whenever the master card fails, the slave card will be activated and continue to
work to ensure that the system can run properly.
Prerequisite
The RAX711-R is inserted with the active and standby MCCs.
12.10 Maintenance
Command Description
Raisecom(config)#clear lacp statistics Clear LACP statistics.
[ interface-type interface-number ]
Raisecom(config)#clear mlacp mlacp-group Clear statistics of received and transmitted packets
[ icg-id ] statistics of the chassis group.
Raisecom(config)#clear ethernet line- Clear statistics of the protection group.
protection statistics
Raisecom(config)#clear ethernet line- Clear end-to-end switching control commands.
protection aps-id end-to-end command
Raisecom(config)#clear ethernet ring- Clear statistics of the protection ring, including the
protection ring-number statistics number of transmitted APS packets, the number of
received APS packets, the last switching time, and
the fault detection mode.
Command Description
Raisecom(config)#clear ethernet ring- Clear switching control commands of the
protection ring-number command protection ring, including the force-switch and
manual-switch commands.
Raisecom(config)#clear mpls line-protection Clear statistics of the MPLS linear protection pair.
[ aps-id ] statistics
Networking requirements
As shown in Figure 12-4, to improve the reliability of the link between iTN A and iTN B, you
can configure manual link aggregation on iTN A and iTN B. Add GE 1/1/1 and GE 1/1/2 to a
LAG to form a single logical interface. The LAG performs load-balancing according to the
source MAC address.
Configuration steps
Configuration procedures for iTN A and iTN B are identical. In this section, take
configurations on iTN A for examples.
Step 1 Create a manual LAG.
Raisecom#hostname iTNA
iTNA#config
iTNA(config)#interface port-channel 1
iTNA(config-port-channelif)#mode manual
iTNA(config-port-channelif)#exit
iTNA(config)#interface port-channel 1
iTNA(config-port-channelif)#load-sharing mode src-mac
Checking results
Use the show port-channel command to show global configurations on manual link
aggregation.
iTNA#show port-channel
Group 1 information:
Mode : Manual Load-sharing mode : src-mac
MinLinks: 1 Max-links : 8
UpLinks : 0 Priority-Preemptive: Disable
Member Port: gigaethernet1/1/1 gigaethernet1/1/2
Efficient Port:
Networking requirements
As shown in Figure 12-5, to improve the reliability of the link between iTN A and iTN B, you
can configure static LACP link aggregation on iTN A and iTN B. Add GE 1/1/1 and GE 1/1/2
to a LAG to form a logical interface.
Configuration steps
Step 1 Configure the static LACP LAG on iTN A and set iTN A to the active end.
Raisecom#hostname iTNA
iTNA#config
iTNA(config)#lacp system-priority 1000
iTNA(config)#interface port-channel 1
iTNA(config-port-channelif)#mode lacp
iTNA(config-port-channelif)#exit
iTNA(config)#interface gigaethernet 1/1/1
iTNA(config-port)#port-channel 1
iTNA(config-port)#lacp port-priority 1000
iTNA(config-port)#lacp mode active
iTNA(config-port)#exit
iTNA(config)#interface gigaethernet 1/1/2
iTNA(config-port)#port-channel 1
iTNA(config-port)#lacp mode active
iTNA(config-port)#exit
Raisecom#hostname iTNB
iTNB#config
iTNB(config)#interface port-channel 1
iTNB(config-port-channelif)#mode lacp
iTNB(config-port-channelif)#exit
iTNB(config)#interface gigaethernet 1/1/1
iTNB(config-port)#port-channel 1
iTNB(config-port)#exit
iTNB(config)#interface gigaethernet 1/1/2
iTNB(config-port)#port-channel 1
iTNB(config-port)#exit
Checking results
Use the show port-channel command on iTN A to show global configurations on static
LACP link aggregation.
iTNA#show port-channel 1
Group 1 information:
Mode : Lacp Load-sharing mode : src-dst-mac
MinLinks: 1 Max-links : 8
UpLinks : 0 Priority-Preemptive: Disable
Member Port: gigaethernet1/1/1 gigaethernet1/1/2
Efficient Port:
Networking requirements
As shown in Figure 12-6, CE 1 services are transmitted through PE 1 and PE 2 respectively.
PE 1 and PE 2 are connected to the PE 4 which locates at the core layer through the static PW
carried by the static Tunnel. The services of the peer CE 2 are transmitted through PE 3 which
is also connected to the core-layer PE 5 through the static PW. The PE devices at the core
layer are enabled with the dynamic PW which is carried by the LDP LSP dynamically. The
core-layer devices include PE 4, PE 5, PE 6, and PE 7. The devices at the access side are all
configured with two static PWs (master/slave) and enabled with PW redundancy protection.
To implement service transmission and protection at the core layer, you can enable static-to-
dynamic PW conversion on PE 4 and PE 5 and enable dynamic PW conversion on PE 6 and
PE 7.
Configuration strategy
Configure MPLS basic functions on the PE devices, configure MPLS LDP, and establish
Tunnels between PE devices.
Enable OSPF on PE 4, PE 5, PE 6, and PE 7 and ensure that routes are reachable
between PE devices.
Configure static routes among PE 1, PE 2, and PE 4 and configure static routes between
PE 3 and PE 5.
Configure the static-to-dynamic PW conversion on PE 4 and configure static-to-dynamic
PW conversion on PE 5.
Configure static PWs among PE 1, PE 2, and PE 4 and configure static PWs on PE 3 and
PE 5.
Configure PW redundancy.
Data preparation
Figure 12-7 shows the data preparation.
Configuration steps
Step 1 Enable MPLS and LDP globally.
Configure PE 1.
Configure PE 6.
PE1(config)#interface loopback 2
PE1(config-loopback2)#ip address 1.1.1.1 255.255.255.0
PE1(config-loopback2)#exit
Configure PE 2.
PE2(config)#interface loopback 2
PE2(config-loopback2)#ip address 2.2.2.2 255.255.255.0
PE2(config-loopback2)#exit
Configure PE 4.
PE4(config)#interface loopback 2
PE4(config-loopback2)#ip address 4.4.4.4 255.255.255.0
PE4(config-loopback2)#exit
PE4(config)#router id 4.4.4.4
PE4(config)#router ospf 1 router-id 4.4.4.4
PE4(config-router-ospf)#network 4.4.4.4 0.0.0.255 area 0
PE4(config-router-ospf)#network 60.0.0.1 0.0.0.255 area 0
PE4(config-router-ospf)#network 70.0.0.1 0.0.0.255 area 0
PE4(config-router-ospf)#exit
Configure PE 6.
PE6(config)#interface loopback 2
PE6(config-loopback2)#ip address 6.6.6.6 255.255.255.0
PE6(config-loopback2)#exit
PE6(config)#router id 6.6.6.6
PE6(config)#router ospf 1 router-id 6.6.6.6
PE6(config-router-ospf)#network 6.6.6.6 0.0.0.255 area 0
PE6(config-router-ospf)#network 60.0.0.2 0.0.0.255 area 0
PE6(config-router-ospf)#network 30.0.0.1 0.0.0.255 area 0
PE6(config-router-ospf)#exit
Configure PE 7.
PE7(config)#interface loopback 2
PE7(config-loopback2)#ip address 7.7.7.7 255.255.255.0
PE7(config-loopback2)#exit
PE7(config)#router id 7.7.7.7
PE7(config)#router ospf 1 router-id 7.7.7.7
PE7(config-router-ospf)#network 7.7.7.7 0.0.0.255 area 0
PE7(config-router-ospf)#network 70.0.0.2 0.0.0.255 area 0
PE7(config-router-ospf)#network 50.0.0.1 0.0.0.255 area 0
PE7(config-router-ospf)#exit
Configure PE 5.
PE5(config)#interface loopback 2
PE5(config-loopback2)#ip address 5.5.5.5 255.255.255.0
PE5(config-loopback2)#exit
PE5(config)#router id 5.5.5.5
PE5(config)#router ospf 1 router-id 5.5.5.5
PE5(config-router-ospf)#network 5.5.5.5 0.0.0.255 area 0
PE5(config-router-ospf)#network 30.0.0.2 0.0.0.255 area 0
PE5(config-router-ospf)#network 50.0.0.2 0.0.0.255 area 0
PE5(config-router-ospf)#exit
Configure PE 3.
PE3(config)#interface loopback 2
PE3(config-loopback2)#ip address 3.3.3.3 255.255.255.0
PE3(config-loopback2)#exit
Configure PE 2.
Configure PE 3.
Configure PE 4.
Configure PE 5.
Configure PE 5.
Configure PE 6.
Configure PE 7.
Configure PE 2.
Configure PE 3.
Configure PE 5.
Configure PE 4.
Configure PE 5.
Configure PE 6.
Configure PE 7.
Checking configurations
After configurations are complete, use the following commands to check whether LDP LSP is
correctly created and whether the status is Up and check whether the status of PW, VC, and
AC are Up.
show mpls ldp session
show mpls ldp targeted neighbour
show mpls lsp ldp
show mpls l2vc
show mpls switch-l2vc
Networking requirements
Figure 12-8 shows the scenario of the PW dual-homing protection applied to the mobile
backhaul network. There is a working PW between PE A and PE B, a protection PW between
PE A and PE C, and a bridge PW (bypass PW) between PE B and PE C. Service data will be
switched to the protection PW for transmission when the working PW fails to work. When
some AC at the RNC side fails, the bypass is bridged with the working/protection PW to form
a MS-PW. The MS-PW provides PW dual-homed protection switching to protect service data.
Configuration steps
Step 1 Configure the IP addresses of Layer 3 physical interfaces on PE A, PE B, and PE C.
PE A
PEA#config
PEA(config)#interface gigaethernet 1/1/1
PEA(config-gigaethernet1/1/1)#ip address 10.0.0.10 255.0.0.0
PEA(config-gigaethernet1/1/1)#interface gigaethernet 1/1/2
PEA(config-gigaethernet1/1/2)#ip address 30.0.0.10 255.0.0.0
PEA(config-gigaethernet1/1/2)#interface loopback 1
PEA(config-loopback1)#ip address 132.0.0.1 255.255.255.0
PEA(config-loopback1)#exit
PE B
PEB(config)#interface gigaethernet 1/1/1
PEB(config-gigaethernet1/1/1)#ip address 10.0.0.20 255.0.0.0
PEB(config-gigaethernet1/1/1)#interface gigaethernet 1/1/2
PEB(config-gigaethernet1/1/2)#ip address 20.0.0.20 255.0.0.0
PEB(config-gigaethernet1/1/2)#interface loopback 1
PEB(config-loopback1)#ip address 132.0.0.2 255.255.255.0
PEB(config-loopback1)#exit
PE C
PE B
PE C
PE C
PE B
PEB(config-tunnel1/1/1)#destination 10.0.0.10
PEB(config-tunnel1/1/1)#mpls tunnel-id 1
PEB(config-tunnel1/1/1)#mpls te commit
PEB(config-tunnel1/1/1)#interface tunnel 1/1/2
PEB(config-tunnel1/1/2)#destination 20.0.0.30
PEB(config-tunnel1/1/2)#mpls tunnel-id 2
PEB(config-tunnel1/1/2)#mpls te commit
PEB(config-tunnel1/1/2)#exit
PE C
PE B
PE C
PE B
PE C
Step 7 Configure the working nodes and protection nodes for PW 1:1 protection group and MC-PW
protection group.
PE A
PE B
PE C
PEC(config)#mpls line-protection 2 mc-pw protection vc-id 3 destination 10.0.0.10 ttl 1
Step 8 Asscoiate the MC-PW protection groups of PE B and PE C with ICCP channels respectively.
PE B
PE C
Checking results
Use the show iccp channel command to show ICCP configurations on PE B.
Use the show mpls line-protection config command to show MPLS protection switching
configurations on PE A, PE B, and PE C.
Configurations on PE A
Id:1
Name:--
Working Entity Information:
Vc-Id:1 destination:20.0.0.20
State/LCK/M: Active/N/N
Link State:failure
Protection Entity Information:
Vc-Id:2 destination:30.0.0.30
State/F/M: Standby/N/N
Link State:failure
Wtr(m):5
Holdoff(100ms):0
Configurations on PE B
Configurations on PE C
13 Security
This chapter describes principles and configuration procedures of security, as well as related
configuration examples, including following sections:
Configuring storm control
Configuring RADIUS
Configuring TACACS+
Configuring Dot.1x
Configuring URPF
Configuring port mirroring
Configuring interface isolation
Configuring CPU protection
Configuring CPU monitoring
Configuring memory monitoring
Maintenance
Configuration examples
Scenario
In the Layer 2 network, after storm control is configured, it can inhabit generation of
broadcast storm when unknown multicast, unknown unicast, and broadcast packets increase,
thus ensuring forwarding normal packets.
Prerequisite
Configure physical parameters on an interface and make the physical layer Up.
value = 0
When storm control is enabled, you can configure rate limiting. However,
configurations cannot take effect. When storm control is disabled, rate limiting
configurations take effect automatically.
Scenario
To control users accessing devices and network, you can deploy the RADIUS server at the
network to authenticate and account users. The RAX711-R can be used as a Proxy of the
RADIUS server to authenticate users based on results returned by the RADIUS server.
Prerequisite
N/A
Scenario
To control users accessing devices and network, you can deploy the RADIUS server in the
network to authenticate and account users. Compared with RADIUS, TACACS+ is more
secure and reliable. The RAX711-R can be used as a Proxy of the TACACS+ server to
authenticate users based on results returned by the TACACS+ server.
Prerequisite
N/A
Scenario
Dot.1X is the abbreviation of IEEE 802.1X. It is an access control and authentication protocol
based on Client/Server. The main purpose is to solve the problem of access authentication for
WLAN users. The network space of the WLAN features openness and terminal mobility, so it
is difficult to define whether the terminal belongs to the network through the physical space.
Therefore, how to prevent illegal access by an external user through interface authentication is
a problem facing the wireless network. IEEE 802.1X, an authentication technology, is
designed to meet this demand.
The IEEE 802.1X protocol focuses only on the opening and closing of an interface. The
interface is opened for legitimate users who log in through an account and password. When an
unauthorized user accesses the interface or there is no user access, the interface is closed. The
result of the IEEE 802.1X authentication lies in the change of the interface status, and does
not involve the IP address negotiation and allocation that must be considered in the normal
authentication technology. It is the most simplified implementation scheme in various
authentication technologies.
The IEEE 802.1X architecture consists of three parts:
Supplicant System applicant: the WLAN client-side host installed with the IEEE 802.1X
Client.
Authenticator: a WLAN access device installed with an IEEE 802.1X authenticator.
Authentication Server: it is usually deployed in the AAA center of the carrier and is an
IEEE 802.1X authentication service system.
Prerequisite
N/A
Scenario
You can enable Unicast Reverse Path Forwarding (URPF) on the routing interface to avoid
network attacks which are based on source address spoofing. After it is enabled, the interface
will legally check the source address of the packet upon receiving the packet. If the packet
passes the legal check, the interface will match it with the forwarding table and then forward
it, otherwise, it will be discarded.
Prerequisite
N/A
Scenario
Port mirroring refers to mirroring packets of the specified mirroring port to the destination
port or aggregation group without affecting packet forwarding. With port mirroring, users can
monitor sending and receiving status of one or more interfaces for analyzing network status.
Prerequisite
N/A
Scenario
To isolate Layer 2 data of interfaces in the same VLAN and provide physical isolation
between interfaces, you need to configure interface isolation.
By adding interfaces that need to be controlled to a VLAN protection group, you can enhance
network security and provide flexible networking scheme for users.
Interface isolation helps isolate interfaces in a VLAN, enhance network security, and provide
flexible networking schemes.
Raisecom Proprietary and Confidential
311
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-R (B) Configuration Guide 13 Security
Prerequisite
N/A
Scenario
When the RAX711-R receives a great number of attack packets in a short period, the CPU
will run with full load and its utilization rate will reach to 100%, which may cause the
breakdown of the device. CPU CAR helps efficiently limit the rate of packets entering the
CPU.
Prerequisite
N/A
Scenario
CPU monitoring is used for monitoring task status, CPU utilization rate, and stack usage in
real time. It provides CPU utilization threshold alarm to facilitate discovering and eliminating
a hidden danger, helping the administrator locate the fault quickly.
Prerequisite
To output CPU monitoring alarms in a Trap form. You need to configure the IP address of
Trap target host on the RAX711-R, that is, the IP address of the NView NNM system.
Scenario
The RAM utilization monitoring can be used for monitoring the RAM utilization in real time.
It provides CPU utilization threshold alarm to facilitate discovering and eliminating a hidden
danger, helping the administrator locate the fault quickly.
Raisecom Proprietary and Confidential
314
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-R (B) Configuration Guide 13 Security
Prerequisite
To output RAM utilization rate monitoring alarms in the form of a Trap. You need to
configure the IP address of the Trap target host on the RAX711-R, that is, the IP address of
the NMS.
13.11 Maintenance
Command Description
Raisecom(config)#clear filter statistics Clear statistics of the filter.
Networking requirements
As shown in Figure 13-1, to prevent the iTN A from being affected by broadcast, you need to
configure storm control on the iTN A to limit broadcast and unknown unicast with the
threshold being set to 2000pps.
Configuration steps
Configure storm control on iTN A.
Raisecom#config
Raisecom(config)#interface gigaethernet 1/1/1
Raisecom(config-port)#storm-control broadcast enable
Raisecom(config-port)#exit
Raisecom(config)#interface gigaethernet 1/1/2
Raisecom(config-port)#storm-control broadcast enable
Raisecom(config-port)#exit
Raisecom(config)#storm-control pps 2000
Actual Storm control pps: 2000 pps
Checking results
Use the show storm-control interface command to show whether the configuration is right
or not.
Raisecom#show storm-control interface
Threshold: 2000 pps
Threshold: 2000 pps
Interface Broadcast Multicast Unicast
----------------------------------------------------------------
gigaethernet1/1/1 Enable Disable Disable
gigaethernet1/1/2 Enable Disable Disable
gigaethernet1/1/3 Enable Disable Disable
gigaethernet1/2/12 Enable Disable Disable
Networking requirements
As shown in Figure 13-2, to control users accessing iTN A, you need to deploy RADIUS
authentication and accounting features on iTN A to authenticate users logging in to iTN A and
record their operations.
Raisecom Proprietary and Confidential
316
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-R (B) Configuration Guide 13 Security
Set the interval for sending Accounting Update packet to 2min. Set the processing policy for
accounting failure to offline.
Configuration steps
Step 1 Authenticate login users through RADIUS.
Raisecom#radius 192.168.1.1
Raisecom#radius-key raisecom
Raisecom#user login radius-user
Checking results
Use the show radius-server command to show RADIUS configurations.
Raisecom#show radius-server
Authentication server IP: 192.168.1.1 port:1812
Backup authentication server IP:0.0.0.0 port:1812
Authentication server key: raisecom
Accounting server IP: 192.168.1.1 port:1813
Backup accounting server IP: 0.0.0.0 port:1813
Accounting server key: raisecom
Accounting login: enable
Update interval(min.): 120
Accounting fail policy: offline
Networking requirements
As shown in Figure 13-3, to control users accessing iTN A, you need to deploy TACACS+
authentication on iTN A to authenticate users logging in to iTN A.
Configuration steps
Authenticate login users through TACACS+.
Raisecom#tacacs-server 192.168.1.1
Raisecom#tacacs-serverkey raisecom
Raisecom#user login tacacs-user
Checking results
Use the show tacacs-server command to show TACACS+ configurations.
Raisecom#show tacacs-server
Server Address: 192.168.1.1
Backup Server Address: --
Sever Shared Key: raisecom
Accounting server Address: --
Backup Accounting server Address: --
Total Packet Sent: 0
Total Packet Recv: 0
Num of Error Packets: 0
14 QoS
This chapter describes principles and configuration procedures of QoS, as well as related
configuration examples, including following sections:
Configuring ACL
Configuring priority trust and priority mapping
Configuring traffic classification and traffic policy
Configuring congestion avoidance and queue shaping
Configuring rate limiting
Configuring MPLS QoS
Configuring MPLS H-QoS
Configuration examples
Scenario
To filter data packets, the device needs to be configured with ACL to identify data packets to
be filtered. Devices allow/disallow related data packets to pass based on pre-configured
policies unless they identify specified data packets.
Prerequisite
N/A
Scenario
For packets from upstream devices, you can select to trust the priorities taken by these packets.
For packets whose priorities are not trusted, you can process them with traffic classification
and traffic policy. In addition, you can modify DSCP priorities by configure interface-based
DSCP priority remarking. After configuring priority trust, the RAX711-R can perform
different operations on packets with different priorities, providing related services.
Before performing queue scheduling, you need to assign a local priority for a packet. For
packets from the upstream device, you can map the outer priorities of these packets to various
local priorities. In addition, you can directly configure local priorities for these packets based
on interfaces. And then device will perform queue scheduling on these packets basing on local
priorities.
In general, for IP packets, you need to configure the mapping between DHCP priority and
local priority. For VLAN packets, you need to configure the mapping between CoS priority
and local priority. For MPLS packets, you need to configure the mapping between the Exp
field and the local priority.
Prerequisite
N/A
Scenario
Traffic classification is the basis of QoS. For packets from upstream devices, you can classify
them according to ACL rules. After traffic classification, the device can provide related
operations for different packets, providing differentiated services.
After configurations, the traffic classification cannot take effect until being bound to traffic
policy. The selection of traffic policy depends on the packet status and current network load
status. In general, when a packet is sent to the network, you need to limit the speed according
to Committed Information Rate (CIR) and remark the packet according to the service feature.
Prerequisite
N/A
The single bucket does not support the color-sensitive mode or commands with the yellow
key word.
Scenario
To prevent network congestion from occurring and to resolve TCP global synchronization,
you can configure congestion avoidance to adjust the network traffic and resolve network
overload. The RAX711-R supports WRED-based congestion avoidance.
When the interface speed of downstream devices is smaller than the one of upstream devices,
congestion avoidance may occur on interfaces of downstream devices. At this time, you can
configure queue and traffic shaping on the egress interface of upstream devices to shape
upstream traffic.
Prerequisite
N/A
Scenario
To avoid/remit network congestion, you can configure interface-based rate limiting. Rate
limiting is used to make packets transmitted at a relative average speed by controlling the
burst traffic on an interface.
Prerequisite
N/A
Scenario
The MPLS-TP QoS technology is used to ensure the instantaneity and integrity of services
when the MPLS network is overloaded or congested. In addition, it is used to ensure the
whole MPLS-TP network to run efficiently.
Prerequisite
Connect interfaces and configure physical parameters of interfaces. Make the physical layer
Up.
Scenario
H-QoS is generally used under the conditions which require distinguishing services, users,
and user groups. For example,
User services are divided into voice and Internet services. Users are divided into
department manager and employees. User groups are divided into president office and
property management department. All services are accessed to the upper network
through one interface.
Through H-QoS, all services in the president office can be prioritized, all services of the
manager in the president office can be prioritized, and all voice services of the manager
in the president office can be prioritized.
Prerequisite
MPLS QoS CAR and MPLS H-QoS conflict with each other. Make sure that the device is not
configured with MPLS QoS CAR before configuring H-QoS.
Networking requirements
As shown in Figure 14-1, to control users accessing the server, you can deploy ACL on iTN A
to disallow 192.168.1.1 to access 192.168.1.100.
Configuration steps
Step 1 Configure IP ACL.
Raisecom#config
Raisecom(config)#access-list 2001
Raisecom(config-acl-ipv4-advanced)#rule 1 deny ip 192.168.1.1
255.255.255.0 192.168.1.100 255.255.255.0
Checking results
Use the show access-list command to show IP ACL configurations.
Networking requirements
As shown in Figure 14-2, User A, User B, and User C are respectively connected to the
RAX711-R through Router A, Router B, and Router C.
User A transmits voice and video services; User B transmits voice, video, and data services;
User C transmits video and data services.
According to users' requirements, make following rules:
For User A, provide 25 Mbit/s bandwidth; set the burst traffic to 100B, and discard the
redundant traffic.
For User B, provide 35 Mbit/s bandwidth; set the burst traffic to 100 KB, and discard the
redundant traffic.
For User C, provide 30 Mbit/s bandwidth; set the burst traffic to 100 KB, and discard the
redundant traffic.
Configuration steps
Step 1 Create and configure traffic classification.
Raisecom#config
Raisecom(config)#access-list 1001
Raisecom(config-acl-ipv4-basic)#rule 1 permit 1.1.1.1 255.255.255.0
Raisecom(config-acl-ipv4-basic)#exit
Raisecom(config)#class-map usera
Raisecom(config-cmap)#match acl 1001
Raisecom(config-cmap)#exit
Raisecom(config)#access-list 1002
Raisecom(config-acl-ipv4-basic)#rule 2 permit 1.1.2.1 255.255.255.0
Raisecom(config-acl-ipv4-basic)#exit
Raisecom(config)#class-map userb
Raisecom(config-cmap)#match acl 1002
Raisecom(config-cmap)#exit
Raisecom(config)#access-list 1003
Raisecom(config-acl-ipv4-basic)#rule 3 permit 1.1.3.1 255.255.255.0
Raisecom(config-acl-ipv4-basic)#exit
Raisecom(config)#class-map userc
Raisecom(config-cmap)#match acl 1003
Raisecom(config-cmap)#exit
Step 2 Create traffic policing profiles and configure traffic policing rules.
Raisecom(config)#policy-map usera
Raisecom(config-pmap)#class-map usera
Raisecom(config-pmap-c)#police usera
Raisecom(config-pmap-c)#exit
Raisecom(config-pmap)#exit
Raisecom(config)#interface gigaethernet 1/2/1
Raisecom(config-port)#service-policy ingress usera
Raisecom(config-port)#exit
Raisecom(config)#policy-map userb
Raisecom(config-pmap)#class-map userb
Raisecom(config-pmap-c)# police userb
Raisecom(config-pmap-c)#exit
Raisecom(config-pmap)#exit
Raisecom(config)#interface gigaethernet 1/2/2
Raisecom(config-port)#service-policy ingress userb
Raisecom(config)#policy-map userc
Raisecom(config-pmap)#class-map userc
Raisecom(config-pmap-c)#police userc
Raisecom(config-pmap-c)#exit
Raisecom(config-pmap)#exit
Raisecom(config)#interface gigaethernet 1/2/3
Raisecom(config-port)#service-policy ingress userc
Checking results
Use the show class-map command to show traffic classification configurations.
Use the show mls qos policer-profile command to show traffic policing rule configurations.
red drop
Use the show policy-map command to show traffic policy configurations.
Networking requirements
As shown in Figure 14-3, User A transmits voice and video services; User B transmits voice,
video, and data services; User C transmits video and data services.
CoS priorities for voice, video and, data services are configured with 5, 4, and 2 respectively.
And these three CoS priorities are mapped to local priorities 6, 5, and 2 respectively.
Configuration steps
Step 1 Create a WRED profile.
Raisecom#config
Raisecom(config)#mls qos wred profile 1
Raisecom(wred)#wred start-drop-threshold 50 end-drop-threshold 90 max-
drop-probability 60
Raisecom(wred)#exit
Raisecom(config-port)#exit
Raisecom(config)#interface gigaethernet 1/2/2
Raisecom(config-port)#mls qos trust cos
Raisecom(config-port)#exit
Raisecom(config)#interface gigaethernet 1/2/3
Raisecom(config-port)#mls qos trust cos
Raisecom(config-port)#exit
Step 3 Configure the mapping between the CoS priority and local priority.
Checking results
Use the show mls qos mapping cos-to-local-priority command to show mapping
configurations on specified priorities.
Use the show mls qos command to show configurations of priority trust and queue
scheduling mode on specified interfaces.
gigaethernet1/2/1 cos 5 0 0
0 0
Use the show mls qos flow-queue command to show queue scheduling configurations.
Use the show mls qos wred profile command to show WRED profile configurations.
Networking requirements
As shown in Figure 14-4, User A, User B, and User C are connected to the RAX711-R
through Switch A, Switch B, and Switch C.
User A transmits voice and video services; User B transmits voice, video, and data services;
User C transmits video and data services.
According to users' requirements, make following rules:
For User A, provide 25 Mbit/s bandwidth; set the burst traffic to 100 KB; set the PIR to
50 Mbit/s, and set the PBS to 200 KB.
For User B, provide 35 Mbit/s bandwidth; set the burst traffic to 100 KB; set the PIR to
70 Mbit/s, and set the PBS to 200 KB.
For User A, provide 30 Mbit/s bandwidth; set the burst traffic to 100 KB; set the PIR to
60 Mbit/s, and set the PBS to 200 KB.
Configuration steps
Configure interface-based rate limiting.
Raisecom#config
Raisecom(config)#interface gigaethernet 1/2/1
Raisecom(config-port)#rate-limit ingress cir 25000 cbs 100 pir 50000 pbs
200
Raisecom(config)#interface gigaethernet 1/2/2
Raisecom(config-port)# rate-limit ingress cir 35000 cbs 100 pir 70000 pbs
200
Raisecom(config)#interface gigaethernet 1/2/3
Raisecom(config-port)# rate-limit ingress cir 30000 cbs 100 pir 60000 pbs
200
Checking results
Use the show rate-limit interface command to show interface-based rate limiting
configurations.
Raisecom Proprietary and Confidential
343
Copyright © Raisecom Technology Co., Ltd.
Raisecom
RAX711-R (B) Configuration Guide 14 QoS
Networking requirements
As shown in Figure 14-5, User B is connected to the iTN8800 through the RAX711-R. The
iTN8800 accesses voice, video, and data services of User B through its sub-interfaces
GE1/2/2.1, GE1/2/2.2, and GE1/2/2.3 (these sub-interfaces are configured with the IP address,
LSP, and so on).
User B has purchased the leased line services with a total bandwidth of 20 Mbit/s. According
to the service requirements, the following rules are formulated:
Voice service bandwidth: CIR 500 kbit/s; video service bandwidth: CIR 4.5 Mbit/s; data
service bandwidth: CIR 5 Mbit/s
The voice service is of the highest priority, followed by the video services, and the data
services.
The idle bandwidth is shared by the three services. Services which have exceeded PIR
will be discarded.
Configuration steps
Step 1 Configure the sub-interface to access different user services and configure the bandwidth limit
and priority for the services.
Configure the device to access the highest-priority voice services.
Raisecom#config
Raisecom(config)#interface gigaethernet 1/2/2.1
Raisecom(config-gigaethernet1/2/2.1)#mpls l2vc destination 1.1.4.1 tagged
vc-id 1 tunnel-interface 1 svlan 1
Raisecom(config-gigaethernet1/2/2.1)#mpls l2vpn pw bandwidth car cir 500
pir 10500
Raisecom(config-gigaethernet1/2/2.1)#mpls l2vpn pw diffserv-mode pipe 5
Raisecom#config
Raisecom(config)#interface gigaethernet 1/2/2.2
Raisecom(config-gigaethernet1/2/2.2)#mpls l2vc destination 1.1.4.1 tagged
vc-id 2 tunnel-interface 1 svlan 1
Raisecom(config-gigaethernet1/2/2.2)#mpls l2vpn pw bandwidth car cir 4500
pir 14500
Raisecom(config-gigaethernet1/2/2.2)#mpls l2vpn pw diffserv-mode pipe 3
Raisecom#config
Raisecom(config)#interface gigaethernet 1/2/2.3
Raisecom(config-gigaethernet1/2/2.3)#mpls l2vc destination 1.1.4.1 tagged
vc-id 3 tunnel-interface 1 svlan 1
Raisecom(config-gigaethernet1/2/2.3)#mpls l2vpn pw bandwidth car cir 5000
pir 15000
Raisecom(config-gigaethernet1/2/2.3)#mpls l2vpn pw diffserv-mode pipe 1
Step 2 Configure limit on the total bandwidth of User B, namely, Tunnel bandwidth limit.
Raisecom#config
Raisecom(config)#interface tunnel 1/2/2
Raisecom(config-tunnel1/2/2)#bandwidth car cir 10000 pir 20000
Checking results
Use the show mpls l2vpn pw traffic-statistics command to show PW statistics.
Use the show mpls te traffic-statistics tunnel command to show Tunnel statistics.
When sending 10 Mbit/s voice services, 10 Mbit/s video services, and 10 Mbit/s data services
during a test, the user obtained the practical bandwidth, as shown in Table 14-1.
Table 14-1 Bandwidth statistics in the case of MPLS QoS CAR configurations
Service type Voice service Video service Data service Total
Configured 500 kbit/s 4.5 Mbit/s 5 Mbit/s 10 M (PIR
bandwidth CIR is 20
Mbit/s)
Sent bandwidth 10 Mbit/s 10 Mbit/s 10 Mbit/s 30 Mbit/s
Actual bandwidth 10 Mbit/s 5 Mbit/s 5 Mbit/s 20 Mbit/s
The CIR bandwidth (10 Mbit/s in total) of the three services is met first. The amount
of bandwidth of the three services which has exceeded the CIR is 9.5 Mbit/s, 5.5
Mbit/s, and 5 Mbit/s. According to the service priority, 9.5 Mbit/s bandwidth will be
assigned to voice services first, and the left 0.5 Mbit/s will be assigned to video
services. There is no extra bandwidth for the data services. Therefore, the traffic
being transmitted is 10 Mbit/s for voice services, 5 Mbit/s for video services, and 5
Mbit/s for data services.
Networking requirements
As shown in Figure 14-6, User A, User B, and User C are connected to iTN8800 respectively
through the RAX711-R. The iTN8800 accesses different types of user services through the
sub-interfaces (all sub-interfaces are configured with the IP address, LSP, and so on).
User A requires voice and video services. User B requires voice, video, and data services.
User C requires video and data services. Services of User A, User B, and User C are
aggregated on the iTN8800 in the headquarter.
The headquarter has purchased the leased line services with 150 Mbit/s bandwidth. According
to the service requirements of different users, the following rules are formulated:
The total traffic of User A should not exceed 80 Mbit/s, among which the committed
bandwidth is 50 Mbit/s.
The total traffic of User B should not exceed 50 Mbit/s, among which the committed
bandwidth is 30 Mbit/s.
The total traffic of User C should not exceed 50 Mbit/s, among which the committed
bandwidth is 10 Mbit/s.
The total traffic of User A, User B, and User C together should not exceed 150 Mbit/s.
Once the total traffic of User A, User B, and User C is congested, it is required that the
ratio of the high priority service traffic among User A, User B, and User C should be
5:3:1.
The service priority of all service from high to low is voice, video, and data.
Figure 14-7 shows the priority scheduling of the configuration scheme according to the
above-mentioned networking requirements.
Configuration steps
Step 1 Configure the sub-interface to access different user services and configure the service priority
of the user (distinguish the priority of different services according to weight and traffic queue).
The following configurations are based on accessing User B services.
Access the highest-priority VoIP services.
Raisecom#config
Raisecom(config)#interface gigaethernet 1/2/2.1
Raisecom(config-gigaethernet1/2/2.1)#mpls l2vc destination 1.1.4.1 tagged
vc-id 1 tunnel-interface 1 svlan 1
Raisecom(config-gigaethernet1/2/2.1)#mpls l2vpn pw bandwidth hqos weight
5 flow-queue 5
Raisecom#config
Raisecom(config)#interface gigaethernet 1/2/2.2
Raisecom(config-gigaethernet1/2/2.2)#mpls l2vc destination 1.1.4.1 tagged
vc-id 2 tunnel-interface 1 svlan 1
Raisecom(config-gigaethernet1/2/2.2)#mpls l2vpn pw bandwidth hqos weight
3 flow-queue 12
Raisecom#config
Raisecom(config)#interface gigaethernet 1/2/2.3
Raisecom(config-gigaethernet1/2/2.3)#mpls l2vc destination 1.1.4.1 tagged
vc-id 3 tunnel-interface 1 svlan 1
Raisecom(config-gigaethernet1/2/2.3)#mpls l2vpn pw bandwidth hqos weight
1 flow-queue 21
Raisecom#config
Raisecom(config)#interface tunnel 1/2/1
Raisecom(config-tunnel1/2/1)#bandwidth hqos cir 50000 pir 80000 weight 5
Raisecom#config
Raisecom(config)#interface tunnel 1/2/2
Raisecom(config-tunnel1/2/2)#bandwidth hqos cir 30000 pir 50000 weight 3
Raisecom#config
Raisecom(config)#interface tunnel 1/2/3
Raisecom(config-tunnel1/2/3)#bandwidth hqos cir 30000 pir 50000 weight 1
Raisecom#config
Checking results
Use the show mpls l2vpn pw traffic-statistics command to show PW statistics.
Use the show mpls te traffic-statistics tunnel command to show Tunnel statistics.
Use the show rate-limit interface command to show whether the interface-based
bandwidth limit configurations are correct.
15 Appendix
This chapter lists terms and abbreviations involved in this document, including the following
sections
Terms
Abbreviations
15.1 Terms
A
A series of ordered rules composed of permit | deny sentences. These
Access
rules are based on the source MAC address, destination MAC address,
Control List
source IP address, destination IP address, interface ID, etc. The device
(ACL)
decides to receive or refuse the packets based on these rules.
C
A standard defined by IEEE. It defines protocols and practices for OAM
Connectivity
(Operations, Administration, and Maintenance) for paths through 802.1
Fault
bridges and local area networks (LANs). Used to diagnose fault for EVC
Management
(Ethernet Virtual Connection). Cost-effective by fault management
(CFM)
function and improve Ethernet maintenance.
E
Encapsulation A technology used by the layered protocol. When the lower protocol
receives packets from the upper layer, it will map packets to the data of
the lower protocol. The outer layer of the data is encapsulated with the
lower layer overhead to form a lower protocol packet structure. For
example, an IP packet from the IP protocol is mapped to the data of
802.1Q protocol. The outer layer is encapsulated by the 802.1Q frame
header to form a VLAN frame structure.
L
Link A computer networking term which describes using multiple network
Aggregation cables/ports in parallel to increase the link speed beyond the limits of any
one single cable or port, and to increase the redundancy for higher
availability.
P
In data communication field, packet is the data unit for switching and
transmitting information. In transmission, it will be continuously
encapsulated and decapsulated. The header is used to define the
Packet
destination address and source address. The trailer contains information
indicating the end of the packet. The payload data in between is the
actual packet.
In packet switching network, data is partitioned into multiple data
segments. The data segment is encapsulated by control information, such
as, destination address, to form the switching packet. The switching
Packet
packet is transmitted to the destination in the way of storage-forwarding
switching
in the network. Packet switching is developed based on the storage-
forwarding method and has merits of both circuit switching and packet
switching.
Q
QinQ QinQ is (also called Stacked VLAN or Double VLAN) extended from
802.1Q, defined by IEEE 802.1ad recommendation. Basic QinQ is a
simple layer-2 VPN tunnel technology, encapsulating outer VLAN Tag
for client private packets at carrier access end; the packets take double
VLAN Tag passing through trunk network (public network). In public
network, packets only transmit according to outer VLAN Tag, the private
VLAN Tag are transmitted as data in packets.
V
Virtual Local VLAN is a protocol proposed to solve broadcast and security issues for
Area Ethernet. It divides devices in a LAN into different segments logically
Network rather than physically, thus implementing multiple virtual work groups
(VLAN) which are based on Layer 2 isolation and do not affect each other.
VLAN mapping is mainly used to replace the private VLAN Tag of the
Ethernet service packet with the ISP's VLAN Tag, making the packet
transmitted according to ISP's VLAN forwarding rules. When the packet
VLAN
is sent to the peer private network from the ISP network, the VLAN Tag
mapping
is restored to the original private VLAN Tag according to the same
VLAN forwarding rules. Thus, the packet is sent to the destination
correctly.
15.2 Abbreviations
A
ACL Access Control List
APS Automatic Protection Switching
C
CE Customer Edge
CFM Connectivity Fault Management
CoS Class of Service
D
DHD Dual Home Device
DRR Deficit Round Robin
DSCP Differentiated Services Code Point
E
EFM Ethernet in the First Mile
F
FTP File Transfer Protocol
G
GPS Global Positioning System
GSM Global System for Mobile Communications
HA High Availability
I
ICCP Inter-Chassis Communication Protocol
IEEE Institute of Electrical and Electronics Engineers
IETF Internet Engineering Task Force
IP Internet Protocol
International Telecommunications Union - Telecommunication
ITU-T
Standardization Sector
L
LACP Link Aggregation Control Protocol
LBM LoopBack Message
LBR LoopBack Reply
LLDP Link Layer Discovery Protocol
LLDPDU Link Layer Discovery Protocol Data Unit
LTM LinkTrace Message
LTR LinkTrace Reply
M
MA Maintenance Association
MAC Medium Access Control
MD Maintenance Domain
MEG Maintenance Entity Group
MEP Maintenance associations End Point
MIB Management Information Base
MIP Maintenance association Intermediate Point
MTU Maximum Transfered Unit
N
NTP Network Time Protocol
P
PDU Protocol Data Unit
PE Provider Edge
PSN Packet Switched Network
PTN Packet Transport Network
PW Pseudo Wire
PWE3 Pseudo Wire Emulation Edge-to-Edge
Q
QoS Quality of Service
R
RMEP Remote Maintenance association End Point
RMON Remote Network Monitoring
S
SAToP Structure-Agnostic TDM over Packet
SFP Small Form-factor Pluggables
SLA Service Level Agreement
SNMP Simple Network Management Protocol
SNTP Simple Network Time Protocol
SP Strict-Priority
SSH Secure Shell
T
TCI Tag Control Information
TCP Transmission Control Protocol
TFTP Trivial File Transfer Protocol
TLV Type Length Value
ToS Type of Service
TPID Tag Protocol Identifier
V
VPN Virtual Private Network
VLAN Virtual Local Area Network
W
WRR Weight Round Robin