Professional Documents
Culture Documents
MPLS Segment Routing
MPLS Segment Routing
0 Labs
Only
Discovery 1: Investigate and Monitor Cisco 8000
Series Hardware
Introduction
In this lab exercise, you will investigate the installed software and hardware versions and monitor the state
of various hardware components of the Cisco 8000 Series router.
Activity Objective
After completing this activity, you will be able to meet these objectives:
• Verify software version on Cisco 8000 Series router.
• Verify the status of hardware modules on the Cisco 8000 Series router.
• Verify environmental and power management on Cisco 8000 Series router.
• Verify processor and memory utilization on Cisco 8000 Series router.
• Configure and verify interface in breakout mode.
Visual Objective
The following figure is the visual objective:
The following items have been preconfigured within the lab environment:
• The Cisco 8808 Series router has basic configuration enabled for host name (R0), username, lines, and
Mgmt interface.
• The Cisco 8808 Series router has a FourHundredGigE0/0/0/0 interface configured with an IPv4 address.
Topology
The Student pod is accessible through the Cisco Learning Services Lab Portal at https://htdlab.cisco.com.
Each pod has access to the following:
• A virtualized Linux management jump host to facilitate access to all routers.
• Emulated Cisco 8808 Series router with Cisco IOS XR Virtual software.
You can access the emulated Cisco 8808 Series router by using the Terminal on the jump host. Once you
are on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open
the SSH session to the router.
Job Aid
The following credentials will be required for this lab:
IP Addresses
R0 MgmtEth0 192.168.122.50/24
R0 FourHundredGigE0/0/0/0 10.1.1.1/24
Jumphost 192.168.122.1/24
You can access the emulated Cisco 8808 Series router by using the Terminal on the jump host. Once you
are on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open
the SSH session to the router.
Activity
Step 1 On the jump host, open the Terminal and type the r0 keyword, this will open the SSH session to
the R0 router.
On the R0 router, display the basic information about the router configuration.
Use the show version command, to display various system information, including the hardware
and software versions, router uptime, and active software.
RP/0/RP0/CPU0:R0# show version
Cisco IOS XR Software, Version 7.5.2.17I LNT
Copyright (c) 2013-2022 by Cisco Systems, Inc.
Build Information:
Built By : ingunawa
Built On : Wed Feb 09 09:58:46 UTC 2022
Build Host : iox-ucs-030
Workspace : /auto/iox-ucs-030-san2/prod/7.5.2.17I.SIT_IMAGE/8000/ws
Version : 7.5.2.17I
Label : 7.5.2.17I-test
Use the show install committed command, to display committed packages and package version.
RP/0/RP0/CPU0:R0# show install committed
Activity Verification
You have completed this task when you attain the following results:
• You have displayed software and hardware version.
• You have displayed installed committed and active software packages.
Activity
Step 1 Display the physical inventory information for the Cisco 8808 Series router hardware.
Use the show inventory command, to view the current hardware configuration of the router.
RP/0/RP0/CPU0:R0# show inventory
NAME: "0/0/CPU0", DESCR: "Cisco 8800 36x400GE QSFP56-DD Line Card with MACsec"
PID: 88-LC0-36FH-M , VID: V00, SN: FOC2238XGIH
On the R0 router, use the show platform command and note your findings.
RP/0/RP0/CPU0:R0# show platform
Node Type State Config state
--------------------------------------------------------------------------------
0/RP0/CPU0 8800-RP(Active) IOS XR RUN NSHUT
0/RP1/CPU0 8800-RP(Standby) IOS XR RUN NSHUT
0/0/CPU0 88-LC0-36FH-M IOS XR RUN NSHUT
0/FC0 8808-FC OPERATIONAL NSHUT
0/FC1 8808-FC OPERATIONAL NSHUT
0/FT0 8808-FAN OPERATIONAL NSHUT
0/FT1 8808-FAN OPERATIONAL NSHUT
0/FT2 8808-FAN OPERATIONAL NSHUT
0/FT3 8808-FAN OPERATIONAL NSHUT
0/PT0 8800-HV-TRAY OPERATIONAL NSHUT
0/PT1 8800-HV-TRAY OPERATIONAL NSHUT
0/PT2 8800-HV-TRAY OPERATIONAL NSHUT
Ensure that the fabric cards (FC), FANs, and power trays (PT) are operating and that the route
processors (RP) and the line card (LC) are in an IOS XR RUN state.
Step 3 On the R0 router, display the list of hardware and firmware modules detected on the router.
On the R0 router, use the show hw-module fpd command, to display the list of hardware and
firmware modules detected on the router.
RP/0/RP0/CPU0:R0# show hw-module fpd
Auto-upgrade:Disabled
Attribute codes: B golden, P protect, S secure
FPD Versions
==============
Location Card type HWver FPD device ATR Status Running Programd
Reload Loc
---------------------------------------------------------------------------------------
----------
0/0/CPU0 88-LC0-36FH-M 0.31 Bios NEED UPGD 7.01 7.01
0/0/CPU0
0/0/CPU0 88-LC0-36FH-M 0.31 BiosGolden B NEED UPGD 7.01
0/0/CPU0
0/0/CPU0 88-LC0-36FH-M 0.31 EthSwitch NEED UPGD 7.01 7.01
0/0
0/0/CPU0 88-LC0-36FH-M 0.31 EthSwitchGolden B NEED UPGD 7.01
0/0
0/0/CPU0 88-LC0-36FH-M 0.31 IoFpga NEED UPGD 7.01 7.01
0/0
0/0/CPU0 88-LC0-36FH-M 0.31 IoFpgaGolden B NEED UPGD 7.01
0/0
0/0/CPU0 88-LC0-36FH-M 0.31 SsdIntelS3520 NEED UPGD 7.01 7.01
0/0
0/0/CPU0 88-LC0-36FH-M 0.31 x86Fpga NEED UPGD 7.01 7.01
0/0
0/0/CPU0 88-LC0-36FH-M 0.31 x86FpgaGolden B NEED UPGD 7.01
0/0
0/0/CPU0 88-LC0-36FH-M 0.31 x86TamFw NEED UPGD 7.01 7.01
0/0
0/0/CPU0 88-LC0-36FH-M 0.31 x86TamFwGolden B NEED UPGD 7.01
0/0
0/RP0/CPU0 8800-RP 0.12 Bios NEED UPGD 7.01 7.01
0/RP0/CPU0
0/RP0/CPU0 8800-RP 0.12 BiosGolden B NEED UPGD 7.01
0/RP0/CPU0
0/RP0/CPU0 8800-RP 0.12 EthSwitch NEED UPGD 7.01 7.01
0/RP0
< output omitted >
Step 4 On the R0 router, display field-programmable device (FPD) compatibility for the 0/FT0 module.
On the R0 router, use the show hw-module location 0/FT0 fpd command, to display the current
version of FPD images on the FAN Tray 0.
RP/0/RP0/CPU0:R0# show hw-module location 0/FT0 fpd
Auto-upgrade:Disabled
Attribute codes: B golden, P protect, S secure
FPD Versions
==============
Location Card type HWver FPD device ATR Status Running Programd
Reload Loc
---------------------------------------------------------------------------------------
----------
0/FT0 8808-FAN 0.0 FtFpga NEED UPGD 7.01 7.01
NOT REQ
0/FT0 8808-FAN 0.0 FtFpgaGolden B NEED UPGD 7.01
NOT REQ
Use the show redundancy command, to display the redundancy status of the redundant power
supply. You should also see the boot and switchover history for the redundant power supply.
RP/0/RP0/CPU0:R0# show redundancy
Redundancy information for node 0/RP0/CPU0:
==========================================
Node 0/RP0/CPU0 is in ACTIVE role
Partner node (0/RP1/CPU0) is in STANDBY role
Standby node in 0/RP1/CPU0 is ready
Standby node in 0/RP1/CPU0 is NSR-ready
Step 6 Display details about the hardware and software on each node in a router.
Use the show diag command, to display diagnostics for all nodes installed in the router. Observe
the Cisco 8800 36x400GE QSFP56-DD line card with MACsec has PID number 88-LC0-36FH-
M and version identifier V00. These values may be different in your lab.
RP/0/RP0/CPU0:R0# show diag
Rack 0-Chassis IDPROM - Cisco 8808 8-slot Chassis
Info
Controller Family : 000a
Controller Type : 0602
PCB Serial Number : FLM2133LOET
PCA Number : 73-18706-02
UDI Description : Cisco 8808 8-slot Chassis
Capabilities : 00
PID : 8808
Version Identifier : V00
Top Assy. Part Number : 68-6198-01
Top Assy. Revision :
CLEI Code : S8SLOT
Chassis Serial Number : FOX224PYUUA
0/0/CPU0-MB IDPROM - Cisco 8800 36x400GE QSFP56-DD Line Card with MACsec
Info
Controller Family : 0047
Controller Type : 0638
PID : 88-LC0-36FH-M
Version Identifier : V00
UDI Description : Cisco 8800 36x400GE QSFP56-DD Line Card with MACsec
Top Assy. Part Number : 68-6687-03
Top Assy. Revision : 18
PCB Serial Number : FOC2238XGIH
PCA Revision : 09
CLEI Code : UNASSIGNED
< output omitted >
On the R0 router, use the show clock command, to display the current system time.
RP/0/RP0/CPU0:R0# show clock
Wed Apr 13 19:15:47.608 UTC
19:15:47.669 UTC Wed Apr 13 2022
Activity Verification
You have completed this task when you attain the following results:
• You have displayed hardware status and hardware modules.
• You have displayed the redundancy status of the redundant power supply.
• You have displayed diagnostics for all nodes installed in the router.
• You have displayed interface status.
Activity
Step 1 On the R0 router, display the environment information for the system.
On the R0 router, use the show environment command, to display hardware information for the
system, including fan speeds, LED indications, power supply voltage and current information,
and temperatures.
RP/0/RP0/CPU0:R0# show environment
Location TEMPERATURE Value Crit Major Minor Minor
Major Crit
Sensor (deg C) (Lo) (Lo) (Lo)
(Hi) (Hi) (Hi)
0/RP0/CPU0
Inlet_Temp 22 -10 -5 0 42
45 48
Pwr_Brick_Temp2 25 -10 -5 0 120
125 130
Mosfet_54v_Temp1 25 -10 -5 0 120
125 130
Mosfet_54v_Temp2 25 -10 -5 0 120
125 130
SSD_Temp 30 -10 -5 0 75
80 85
DIMM_TEMP1 30 -10 -5 0 105
120 135
DIMM_TEMP2 30 -10 -5 0 105
120 135
Outlet_Temp 25 -10 -5 0 80
85 90
Hot_Spot_1_Temp 25 -10 -5 0 120
125 130
Hot_Spot_2_Temp 25 -10 -5 0 120
125 130
TMP421_Temp 25 -10 -5 0 120
125 130
PEX8725_Temp 25 -10 -5 0 95
100 105
X86_PKG_TEMP 30 -10 -5 0 93
97 102
Pwr_Brick_Temp1 25 -10 -5 0 120
125 130
ALDRIN_TEMP_0 30 -5 0 5 95
100 110
< output omitted >
Step 3 Issue the show environment power command, to view the power consumption on the individual
locations.
Use the show environment power command, to display the status of the internal power
supplies.
RP/0/RP0/CPU0:R0# show environment power
CHASSIS LEVEL POWER INFO: 0
Total output power capacity (N + 1) : 50400W + 6300W
Total output power required : 5939W
Total power input : 10579W
Total power output : 6548W
Step 4 Display the temperature on the locations by issuing the show environment temperature
command.
Use the show environment temperature location 0/FT0 command, to view the temperature on
the specific location.
RP/0/RP0/CPU0:R0# show environment temperature location 0/FT0
Location TEMPERATURE Value Crit Major Minor Minor
Major Crit
Sensor (deg C) (Lo) (Lo) (Lo)
(Hi) (Hi) (Hi)
0/FT0
Hotswap_Temp 25 -10 -5 0 65
75 85
Low_vol_Temp 25 -10 -5 0 65
75 85
Use the show environment fan command, to display the fan status on all fan trays.
RP/0/RP0/CPU0:R0# show environment fan
Fan speed (rpm)
Location FRU Type FAN_0 FAN_1 FAN_2 FAN_3
Use the show led command, to view the status of the router LED.
RP/0/RP0/CPU0:R0# show led
Location LED Name Mode Color
0
Attention OPERATIONAL OFF
0/0/CPU0
Attention OPERATIONAL OFF
Status OPERATIONAL GREEN
0/FC0
Attention OPERATIONAL OFF
Status OPERATIONAL GREEN
0/FC1
Attention OPERATIONAL OFF
Status OPERATIONAL GREEN
< output omitted >
Activity Verification
You have completed this task when you attain the following results:
• You have displayed the environmental status.
• You have displayed the power management status.
Activity
On the R0 router, use the show processes cpu command, to display CPU and core processor
usage.
RP/0/RP0/CPU0:R0# show processes cpu
---- node0_RP0_CPU0 ----
CPU utilization for one minute: 6%; five minutes: 6%; fifteen minutes: 5%
To sort for high activity usage, use the show processes cpu sorted command.
RP/0/RP0/CPU0:R0# show processes cpu sorted 5min
---- node0_RP0_CPU0 ----
CPU utilization for one minute: 6%; five minutes: 6%; fifteen minutes: 5%
100
90
80
70
60
50
40
30
20
10 ************************************************************
.... ....1....1....2....2....3....3....4....4....5....5....6
0 5 0 5 0 5 0 5 0 5 0 5 0
CPU% per minute (last 60 minutes)
* = maximum CPU%
888888883888889888882888888888883888788911882788788898883889998888882998
2 5 6 00 8 0 7
100
90
80
70
60
50
40 *
30 * * * * * *
20 * * * * * *
10 ########################################################################
.... ....1....1....2....2....3....3....4....4....5....5....6....6....7..
0 5 0 5 0 5 0 5 0 5 0 5 0 5 0
CPU% per hour (last 72 hours)
* = maximum CPU% # = average CPU%
To find memory usage due to the subprocesses and tasks operating under a specific process, use
the show processes memory detailed command.
RP/0/RP0/CPU0:R0# show processes memory detail
JID Text Data Stack Dynamic Dyn-Limit Shm-Tot Phy-Tot
Process
=======================================================================================
=====================
260 572K 2207M 132K 1817M 22528M 240M 2371M
npu_drvr
116 328K 304M 132K 271M 300M 209M 230M spp
323 60K 134M 132K 69M 300M 21M 95M
fsdb_server
196 60K 141M 132K 68M 750M 21M 99M
fsdbagg
1152 1M 88M 132K 40M 8192M 40M 59M
ipv4_rib
411 68K 47M 132K 39M 300M 10M 51M
clustermgr
272 4K 105M 132K 37M 300M 27M 93M
envmon
225 60K 114M 132K 36M 300M 30M 96M
shelfmgr
1154 1M 68M 132K 33M 8192M 35M 55M
ipv6_rib
218 340K 103M 132K 28M 300M 24M 59M
ledmgr
67788 52K 28M 132K 24M 600M 8M 34M ds
207 300K 61M 132K 24M 2048M 37M 80M
parser_server
340 24K 98M 132K 23M 1024M 22M 52M
invmgr
288 276K 85M 132K 23M 300M 22M 76M esd
173 12K 81M 132K 22M 300M 24M 49M
fpd_client
1185 4M 45M 132K 19M 1861M 46M 59M
l2vpn_mgr
1190 72K 29M 132K 19M 300M 12M 38M
schema_server
1167 4M 39M 132K 19M 1024M 32M 53M
pim6
1166 4M 40M 132K 18M 1024M 33M 53M pim
< output omitted >
Activity Verification
You have completed this task when you attain the following results:
• You have displayed the CPU resource status.
• You have displayed the memory resource status.
Task 5: Configure and Verify Interface in Breakout
Mode
The Cisco 8000 router supports the transmission of traffic in breakout mode. The breakout mode enables a
400 Gb Ethernet port to be split into independent and logical ports. The purpose of this task is to familiarize
yourself with the Cisco 8808 Series router breakout mode configuration and verification.
Activity
On the R0 router, use the show ip interface brief command. Observe what interfaces are
operational and that the FourHundredGigE0/0/0/1 interface is not in use.
RP/0/RP0/CPU0:R0# show ip interface brief
On the R0 router, use the show running-config command. There is no configuration applied to
the FourHundredGigE0/0/0/1 interface and the interface is administratively shut down.
RP/0/RP0/CPU0:R0# show running-config interface FourHundredGigE0/0/0/1
interface FourHundredGigE0/0/0/1
shutdown
!
Step 3 On the R0 router, configure interface FourHundredGigE0/0/0/1 optical controller into 4x100
mode.
On the R0 router, use the following commands. You can also observe what breakout modes are
available.
RP/0/RP0/CPU0:R0# configure
RP/0/RP0/CPU0:R0(config)# controller optics 0/0/0/1
RP/0/RP0/CPU0:R0(config-Optics)# breakout ?
WORD 4x10 | 4x25 | 2x50 | 8x50 | 4x100 | 3x100 | 2x100 | 1x100
RP/0/RP0/CPU0:R0(config-Optics)# breakout 4x100
RP/0/RP0/CPU0:R0(config-Optics)# commit
RP/0/RP0/CPU0:R0(config-Optics)# end
RP/0/RP0/CPU0:R0#
On the R0 router, use the show ip interface brief command. Observe what interface
FourHundredGigE0/0/0/1 is not shown, but there are four new HundredGigE interfaces.
RP/0/RP0/CPU0:R0# show ip interface brief
Step 6 On the R0 router, configure IP address 10.2.2.2/24 on the first HundredGigE interface, and
display the interface in the running configuration.
Step 8 On the R0 router, examine different show controller command outputs for the
HundredGigE0/0/0/1/0 interface.
On the R0 router, use the show controllers HundredGigE0/0/0/1/0 command and type “?”, to
list all options.
RP/0/RP0/CPU0:R0# show controllers HundredGigE0/0/0/1/0 ?
all Show all the information
bert Show BERT status
control Show configuration and control information(cisco-support)
description Controllers description
internal Show internal information
mac Show mac information
phy Show phy information
priority-flow-control Show priority flow control information
regs Show registers information
stats Show stats information
xgxs Show xgxs information
| Output Modifiers
<cr>
Use the show controllers HundredGigE0/0/0/1/0 command and select control output. You
should see the interface management information.
RP/0/RP0/CPU0:R0# show controllers HundredGigE0/0/0/1/0 control
Management information for interface HundredGigE0/0/0/1/0:
Bay number: 96
Port number: 1
Interface handle: 0x300
Config:
Auto-negotiation: Not configured (Off)
Carrier delay (up): Not configured
Carrier delay (down): Not configured
Speed: Configuration not supported (100Gbps)
Duplex: Configuration not supported (Full Duplex)
Flow Control: Not configured (None)
Priority Flow Control: Not configured
Priority Flow Control Watchdog: Unknown
Forward Error Correction: Not configured
IPG: Configuration not supported (standard (12))
Loopback: Not configured (None)
MTU: Not configured
Bandwidth: Not configured
BER-SD Threshold: Configuration not supported
BER-SD Report: Configuration not supported
BER-SF Threshold: Configuration not supported
BER-SF Report: Configuration not supported
BER-SF Signal Remote Failure: Configuration not supported
BER-CRC Report: Configuration not supported
Rx Optical Power Degrade Threshold: Configuration not supported
Frame preemption: Configuration not supported
Fast Shutdown: Not configured (Not configured globally)
< output omitted >
Use the show controllers HundredGigE0/0/0/1/0 command and select the priority-flow-
control output. You should see the interface priority flow control information.
RP/0/RP0/CPU0:R0# show controllers HundredGigE0/0/0/1/0 priority-flow-control
Use the show controllers HundredGigE0/0/0/1/0 command and select the stats output. You
should see the interface statistics.
RP/0/RP0/CPU0:R0# show controllers HundredGigE0/0/0/1/0 stats
Statistics for interface HundredGigE0/0/0/1/0 (cached values):
Ingress:
Input total bytes = 0
Input good bytes = 0
You can use the all output, to list all controller information in one output.
Activity Verification
You have completed this task when you attain the following results:
• You have configured the breakout mode.
• You have verified the breakout mode.
1. Which show command displays the power used by card type 88-LC0-36FH-M that is attached to
0/0/CPU0 location?
A. The show environment power 0/0/CPU0 command
B. the show environment power location 0/0/CPU0 command
C. The show environment power location 88-LC0-36FH-M command
D. The show environment power type 0/0/CPU0 command
Discovery 2: Troubleshoot Traffic through the
Cisco 8000 Router
Introduction
In this lab exercise, you will investigate and monitor traffic through the Cisco 8000 Series router.
Activity Objective
After completing this activity, you will be able to meet these objectives:
• Verify packet flows in the system.
• Verify packet flows through line cards.
• Verify packet flows through the route processor.
• Verify packet flows through the switch fabric.
Visual Objective
The following are the preconfigured lab tasks:
• The Cisco 8808 router has basic configuration enabled for host name (R0), username, lines, and Mgmt
interface.
• The Cisco 8808 router has a FourHundredGigE0/0/0/0 interface configured with an IPv4 address.
Topology
The student pod is accessible through the Cisco Learning Services Lab Portal at https://htdlab.cisco.com.
Each pod has access to the following:
• A virtualized Linux management jump host to facilitate access to all routers.
• Emulated the Cisco 8808 router with Cisco IOS XR Virtual software.
You can access the emulated Cisco 8808 Series router by using the Terminal on the jump host. Once you
are on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open
the SSH session to the router.
Job Aid
The following credentials will be required for this lab:
IP Addresses
R0 MgmtEth0 192.168.122.50/24
R0 FourHundredGigE0/0/0/0 10.1.1.1/24
Jumphost 192.168.122.1/24
Task 1: Verify Packet Flows in the System
In this task, you display and observe the packet flows in the system.
You can access the emulated Cisco 8808 Series router by using the Terminal on the jump host. Once you
are on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open
the SSH session to the router.
Activity
Use the show controllers npu resources command with the “?” option, to examine available
outputs. Open Forwarding Abstraction (OFA) is the component that programs the hardware
objects of the Network Processing Unit (NPU). You should see the lpmtcam option available.
RP/0/RP0/CPU0:R0# show controllers npu resources ?
all all hardware resources
centralem central_em
counterbank counter_bank
dipindex dip_index
egressacltcam egress_acl_tcam
egressl3dlp egress_l3_dlp
egresslargeencap egress_large_encap
egresssmallencap egress_small_encap
ingressacltcam ingress_acl_tcam
ipv6compressedsips Multicast IPv6 Source Addresses
l2serviceport L2 Forwarding interface
l3acport L3 Forwarding interface
lpmtcam lpm_tcam
lptsmeters lpts_meters
mcemdb Multicast Replication and Route Statistics
myipv4tbl myipv4tbl
nativefecentry native_fec_entry
protectiongroup protection_group
sipidxtbl sipidxtbl
stage1lbgroup stage1_lb_group
stage1lbmember stage1_lb_member
stage2lbgroup stage2_lb_group
stage2lbmember stage2_lb_member
stage2protectionmonitor stage2_protection_monitor
tunneltermination tunnel_termination
tunneltermination1 tunnel_termination_1
v4lpts v4_lpts
v6lpts v6_lpts
Step 2 On the R0 router, display the usage of OFA hardware resources for the lpmtcam feature.
Use the show controllers npu resources lpmtcam location 0/0/CPU0 command, to examine
the usage of OFA hardware resources for the lpmtcam feature. You can see usage of the
hardware components.
There are nine IPv4 and two IPv6 entries in the routing table, as shown below.
RP/0/RP0/CPU0:R0# show controllers npu resources lpmtcam location 0/0/CPU0
HW Resource Information
Name : lpm_tcam
Asic Type : Q200
NPU-0
OOR Summary
Estimated Max Entries : 100
Red Threshold : 95 %
Yellow Threshold : 80 %
OOR State : Green
Name: v4_lpm
Total In-Use : 15
Name: v6_lpm
Total In-Use : 5
< output omitted >
Activity Verification
You have completed this task when you attain the following results:
• You have displayed the controller NPU available outputs.
• You have displayed the usage of OFA hardware resources.
Activity
Use the show controllers npu voq-usage interface all instance all location 0/0/CPU0
command, to view the NPU port mapping and VOQ usage. This output shows how interfaces are
connected internally to the NPU, Slice, and IFG. You can also observe VOQ related information.
RP/0/RP0/CPU0:R0# show controllers npu voq-usage interface all instance all location
0/0/CPU0
-------------------------------------------------------------------
Node ID: 0/0/CPU0
Intf Intf NPU Slice IFG Sys VOQ Flow VOQ Port
name handle # # # Port base base port speed
(hex) type
----------------------------------------------------------------------
FH0/0/0/0 130 0 2 1 4 832 0 local 400G
FH0/0/0/2 140 0 2 0 12 848 0 local 400G
FH0/0/0/3 148 0 2 0 16 856 0 local 400G
FH0/0/0/4 150 0 1 1 20 864 0 local 400G
FH0/0/0/5 158 0 1 1 24 872 0 local 400G
FH0/0/0/6 160 0 1 0 28 880 0 local 400G
FH0/0/0/7 168 0 1 0 32 888 0 local 400G
FH0/0/0/8 170 0 0 1 36 896 0 local 400G
FH0/0/0/9 178 0 0 1 40 904 0 local 400G
FH0/0/0/10 180 0 0 0 44 912 0 local 400G
< output omitted >
Activity Verification
You have completed this task when you attain the following results:
• You have displayed packet flows through line cards.
• You have displayed the control plane Ethernet VLAN information.
• You have displayed NPU port mapping and VOQ usage.
• You have displayed NPU trap statistics.
Task 3: Verify Packet Flows Through Route Processor
In this task, you display and observe the packet flows through the route processor.
Activity
Use the show lpts pifib hardware entry brief location 0/0/CPU0 command, to view the entries
in the LPTS pre-IFIB hardware table.
RP/0/RP0/CPU0:R0# show lpts pifib hardware entry brief location 0/0/CPU0
-----------------------------------------------------------------------
-------------------------------------------------------------
Node 0/0/CPU0:
-------------------------------------------------------------
FlowType Policer Type Cur. Rate Burst Accepted Dropped
npu
---------------------- ------- ------- --------- --------- ------------ ------------ --
-------
Fragment 2 np 531 1000 0 0 0
Fragment 2 np 531 1000 0 0 1
Fragment 2 np 531 1000 0 0 2
OSPF-mc-known 3 np 1576 1000 0 0 0
OSPF-mc-known 3 np 1576 1000 0 0 1
OSPF-mc-known 3 np 1576 1000 0 0 2
OSPF-mc-default 4 np 1062 1000 0 0 0
OSPF-mc-default 4 np 1062 1000 0 0 1
< output omitted >
Use the show spp node-counters location 0/0/CPU0 command, to view the SPP node counters.
RP/0/RP0/CPU0:R0# show spp node-counters location 0/0/CPU0
cfm_off_tx_node
Hostname updated: 2
-------------------------------
socket/rx
ether raw pkts: 93156
online diag que accept: 93156
sent to XR classify: 93156
-------------------------------
socket/tx
ce pkts: 93160
-------------------------------
device/classify
forwarded to spp clients: 93156
forwarded NPU packet to NetIO: 93156
Online Diag punt: 93156
-------------------------------
client/inject
pkts injected into spp: 93160
NetIO->NPU injected into spp: 4
Online Diag Inject: 93156
NetIO->NPU PROTO ARP: 4
-------------------------------
client/punt
punted to client: 93156
-------------------------------
Activity Verification
You have completed this task when you attain the following results:
• You have displayed packet flows through the route processor.
• You have displayed the entries in the LPTS pre-IFIB hardware table.
• You have displayed the LPTS policer configuration value set.
• You have displayed the SPP node counters.
Activity
Step 1 Display the switch fabric processes health and traffic drops on the fabric.
Use the show controllers fabric health command, to view switch fabric processes health and
traffic drops on the fabric.
RP/0/RP0/CPU0:R0# show controllers fabric health
Router Health:
-----------------
Rack Health:
-------------
Step 2 Display the NPU slice information, ASIC operation, and traffic drops on the switch fabric.
Use the show controllers npu slice info slice all location 0/0/CPU0 command, to view the
NPU slice information, ASIC operation, and traffic drops on the switch fabric.
RP/0/RP0/CPU0:R0# show controllers npu slice info slice all location 0/0/CPU0
==============================================
slice information, node: 0/0/CPU0
==============================================
phy slot number: 2
logical slot number: 0
card type: 0x0
board type: 0x470638
group id: 0x1
card state: Operational
oper state: Up
number of slices: 3
chipguard: not enforced
NPU IFG Ref-Clk BMP: 0x0000000000000000
-- Slice 0 --
obj_id : 0x1300000
hardware idx : 0
bus/dev/func : 0xb/0x0/0x0
phy address : 0x0
i2c dev id : 0
uio dev path : NA
HBM : not present
NPU Ver : A1
NPU Core Freq: 1.15GHz
oper state : On
power state : On
power_stable : On
reset : Off
MB IDPROM: 0.00
VP0P75_CORE_NPU0: 750.00
hw status svs 0: On
hw status svs 1: On
uniqueID name:
uniqueID :
verification : Pass
< output omitted >
Step 3 Display the NPU driver health, ASIC operation, and traffic drops on the switch fabric.
Use the show controllers npu driver location 0/0/CPU0 command, to view the NPU driver
health, ASIC operation, and traffic drops on the switch fabric.
RP/0/RP0/CPU0:R0# show controllers npu driver location 0/0/CPU0
==============================================
NPU Driver Information
==============================================
Driver Version: 1
SDK Version: 1.48.0_fixes_v3
Asics :
HP - HotPlug event, PON - Power On reset
HR - Hard Reset, WB - Warm Boot
+------------------------------------------------------------------------------+
| Asic inst. | fap|HP|Slice|Asic|Admin|Oper | Asic state | Last |PON|HR | FW |
| (R/S/A) | id | |state|type|state|state| | init |(#)|(#)| Rev |
+------------------------------------------------------------------------------+
| 0/0/0 | 0| 1| UP |npu | UP | UP |NRML |PON | 1| 0|0x0000|
| 0/0/1 | 1| 1| UP |npu | UP | UP |NRML |PON | 1| 0|0x0000|
| 0/0/2 | 2| 1| UP |npu | UP | UP |NRML |PON | 1| 0|0x0000|
+------------------------------------------------------------------------------+
SI Info :
+--------------------------------------------------------------------------------------
------+
| Card | Board | SI Board | SI Param | Retimer SI | Retimer SI | Front
Panel |
| | HW Version | Version | Version | Board Version | Param Version | PHY
|
+--------------------------------------------------------------------------------------
------+
| LC0 | 0.31 | 1 | 901 | NA | NA | DEFAULT
|
+--------------------------------------------------------------------------------------
------+
Step 4 Display the switch fabric plane status.
Use the show controllers fabric plane all command, to view switch fabric plane status.
RP/0/RP0/CPU0:R0# show controllers fabric plane all
Use the show controllers fabric fsdb-pla rack 0 command, to view the switch fabric plane
availability per destination.
RP/0/RP0/CPU0:R0# show controllers fabric fsdb-pla rack 0
Description:
planes : p0-p7
plane mask : Asic #0-3
Asic value 1: destination reachable via asic
.: destination unreachable via asic
x: asic not connected to LC (for S3)
-: plane not configured (for S2) or asic missing
Rack: 0, Stage: s123
=============================
Destination p0 p1 p2 p3 p4 p5 p6 p7 Reach-mask Oper
Up
Address mask mask mask mask mask mask mask mask links/asic
links/asic
Fapid(R/S/A) 0123 0123 0123 0123 0123 0123 0123 0123 Mn/Mx Total Mn/Mx
Total
---------------------------------------------------------------------------------------
-------
0(0/0/0) 11 11 -- -- -- -- -- -- 8/8 32 24/24
96
1(0/0/1) 11 11 -- -- -- -- -- -- 8/8 32 24/24
96
2(0/0/2) 11 11 -- -- -- -- -- -- 8/8 32 24/24
96
Step 6 Display the switch fabric link topology to receive links between 0 and 215.
Use the show controllers npu link-info rx 0 215 topo instance 0 location 0/0/CPU0 command,
to view the switch fabric link topology.
RP/0/RP0/CPU0:R0# show controllers npu link-info rx 0 215 topo instance 0 location
0/0/CPU0
Step 7 Display the switch fabric link problems, MAC state, BER, MIB counters, and histograms.
Use the show controllers npu proc-cmd "pd port_diag unit 0 port 0 porttype 1" location
0/0/CPU0 command, to view the switch fabric link problems, MAC state, BER, MIB counters,
and histograms.
RP/0/RP0/CPU0:R0# show controllers npu proc-cmd "pd port_diag unit 0 port 0 porttype 1"
location 0/0/CPU0
pd port_diag unit 0 port 0 porttype 1
NPU[0], FEC counters for Network Port 0, Speed:400G, FEC:RS_KP4, Slice:2, IFG:1,
start_lane:8, num_of_lanes:8, link_num:128
codeword[0-15] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,}
codeword_uncorrectable = 0
symbol_burst[2-6] = {0,0,0,0,0,}
extrapolated_ber = -1.000e+00, diag_computed_ber = -1.000e+00
Frame Loss Rate (SDK) = -1.000000e+00 (Accuracy 0.000000%)
lane_counters[lane=0] : 0,0,0,0
lane_counters[lane=1] : 0,0,0,0
lane_counters[lane=2] : 0,0,0,0
lane_counters[lane=3] : 0,0,0,0
FEC BER Lane = {-nan,-nan,-nan,-nan,-nan,-nan,-nan,-nan,}
PCS BER = 0
PCS Block Error = 0
Activity Verification
You have completed this task when you attain the following results:
• You have displayed packet flows through the switch fabric.
• You have displayed switch fabric processes health and traffic drops on the fabric.
• You have displayed NPU slice information, driver health, ASIC operation, and traffic drops on the
switch fabric.
• You have displayed switch fabric plane status, availability per destination, link topology, link problems,
MAC state, BER, MIB counters, and histograms.
• You have displayed ASIC errors.
1. Which show command displays the NPU slice information and ASIC operation on the 0/0/CPU0
location?
A. show controllers fabric plane all
B. show controllers npu driver location 0/0/CPU0
C. show controllers npu slice info slice all location 0/0/CPU0
D. show controllers slice plane all
Discovery 3: Cisco IOS XR Software Installation
Introduction
In this lab exercise, you will create and configure remote and local repository, install package SMU fix, and
install an optional package to provide extra functionality. At the end of the lab exercise, you will delete the
package SMU fix and delete the optional package.
Activity Objective
After completing this activity, you will be able to meet these objectives:
• Use remote repository to install package SMU fix.
• Create and configure local repository.
• Install a Cisco IOS XR software package.
• Remove a Cisco IOS XR software package.
Visual Objective
The following figure shows the visual objective:
The student pod is accessible through the Cisco Learning Services Lab Portal at https://htdlab.cisco.com.
Each pod has access to the following:
• A virtualized Linux management jump host to facilitate access to all routers.
• Emulated Cisco 8201 router with Cisco IOS XR Virtual software.
You can access the emulated Cisco 8201 Series router by using the Terminal on the jump host. Once you
are on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open
the SSH session to the router.
Job Aid
The following credentials will be required for this lab:
IP Addresses
The following table shows IP addresses used in the lab:
R0 MgmtEth0 192.168.122.50/24
Jumphost 192.168.122.1/24
You can access the emulated Cisco 8201 Series router by using the Terminal on the jump host. Once you
are on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open
the SSH session to the router.
Activity
Step 1 In the jump host, enter the container named repo with Docker EXEC command. Attach to the
terminal and create repo directory.
On the jump host, use the sudo docker exec Linux command, to enter the repo container.
student@student-vm:~$ sudo docker exec -it repo bash
[root@b565f05267a4 /]#
On the jump host, use the cd Linux command to navigate to the root directory and use the
mkdir Linux command to create repo folder.
[root@b565f05267a4 /]# cd
[root@b565f05267a4 ~]# mkdir repo
On the jump host, use the ls Linux command to verify repo folder content. The repo folder
should be empty.
[root@b565f05267a4 ~]# cd repo
[root@b565f05267a4 repo]# ls
[root@b565f05267a4 repo]#
Step 2 In the Jump host, open another Terminal tab and copy a hitless SMU to the container.
Note Most SMUs can be applied without impact to normal router operations and are classified as hitless SMUs.
Hitless SMUs are parallel process restart SMUs that can be activated without an effect on the operation of
the device.
On the jump host, use the cd Linux command to navigate to the XR7_Install_Files/7.3.2/SMUs/
folder and use the ll Linux command to verify folder content. You should see the 8000-
7.3.2.CSCvz57398.tar file, as shown below.
student@student-vm:~$ cd ~/XR7_Install_Files/7.3.2/SMUs/
student@student-vm:~/XR7_Install_Files/7.3.2/SMUs$ ll
total 542732
drwxr-xr-x 2 student student 4096 Mar 25 16:55 ./
drwxr-xr-x 4 student student 4096 Mar 25 16:55 ../
-rw-r--r-- 1 student student 262256640 Mar 25 16:45 8000-7.3.2.CSCvy39776.tar
-rw-r--r-- 1 student student 8488960 Mar 25 16:45 8000-7.3.2.CSCvy53516.tar
-rw-r--r-- 1 student student 4034560 Mar 25 16:45 8000-7.3.2.CSCvz57398.tar
-rw-r--r-- 1 student student 829440 Mar 25 16:45 8000-7.3.2.CSCvz73203.tar
-rw-r--r-- 1 student student 5396480 Mar 25 16:45 8000-7.3.2.CSCvz88310.tar
-rw-r--r-- 1 student student 37406720 Mar 25 16:45 8000-7.3.2.CSCvz89375.tar
-rw-r--r-- 1 student student 6871040 Mar 25 16:45 8000-7.3.2.CSCvz94897.tar
-rw-r--r-- 1 student student 7598080 Mar 25 16:45 8000-7.3.2.CSCvz98609.tar
-rw-r--r-- 1 student student 542720 Mar 25 16:45 8000-7.3.2.CSCvz98701.tar
-rw-r--r-- 1 student student 9195520 Mar 25 16:46 8000-7.3.2.CSCwa01013.tar
-rw-r--r-- 1 student student 192798720 Mar 25 16:44 8000-7.3.2.CSCwa04641.tar
-rw-r--r-- 1 student student 9195520 Mar 25 16:46 8000-7.3.2.CSCwa07758.tar
-rw-r--r-- 1 student student 11120640 Mar 25 16:44 8000-7.3.2.CSCwa43667.tar
On the jump host, use the sudo docker cp Linux command to copy the 8000-
7.3.2.CSCvz57398.tar file to the repo folder in the Docker container.
student@student-vm:~/XR7_Install_Files/7.3.2/SMUs$ sudo docker cp 8000-
7.3.2.CSCvz57398.tar repo:/root/repo/
student@student-vm:~/XR7_Install_Files/7.3.2/SMUs$
Step 3 In the jump host, navigate back to the first Terminal session and verify repo folder content.
If the first Terminal session is not opened, use the sudo docker exec Linux command to enter
the repo Docker EXEC terminal, and use the cd Linux command to navigate to the repo folder.
student@student-vm:~$ sudo docker exec -it repo bash
[root@ca02c438f0cd /]# cd ~/repo
[root@ca02c438f0cd repo]#
On the jump host, use the ls Linux command to verify repo folder content. The repo folder
should have 8000-7.3.2.CSCvz57398.tar file.
[[root@ca02c438f0cd repo]# ls
8000-7.3.2.CSCvz57398.tar
[root@ca02c438f0cd repo]#
All files are extracted into the 8000-x86_64-7.3.2-CSCvz57398 folder. You should see upgrade
OSPF packages extracted in the folder.
[root@ca02c438f0cd repo]# ls -l ./8000-x86_64-7.3.2-CSCvz57398
total 4120
-rw-r--r-- 1 241211 25 3322 Nov 2 2021 primary.xml.gz
-rw-r--r-- 1 241211 25 3956453 Nov 2 2021 xr-ospf-3692251fac396a2d-7.3.2v1.0.1-
1.x86_64.rpm
-rw-r--r-- 1 241211 25 5928 Nov 2 2021 xr-ospf-7.3.2v1.0.1-1.x86_64.rpm
-rw-r--r-- 1 241211 25 5912 Nov 2 2021 xr-ospf-8101-32h-7.3.2v1.0.1-1.x86_64.rpm
-rw-r--r-- 1 241211 25 5912 Nov 2 2021 xr-ospf-8102-64h-7.3.2v1.0.1-1.x86_64.rpm
-rw-r--r-- 1 241211 25 5916 Nov 2 2021 xr-ospf-8201-32fh-7.3.2v1.0.1-1.x86_64.rpm
-rw-r--r-- 1 241211 25 5888 Nov 2 2021 xr-ospf-8201-7.3.2v1.0.1-1.x86_64.rpm
-rw-r--r-- 1 241211 25 5888 Nov 2 2021 xr-ospf-8202-7.3.2v1.0.1-1.x86_64.rpm
-rw-r--r-- 1 241211 25 5912 Nov 2 2021 xr-ospf-8608-rp1-7.3.2v1.0.1-1.x86_64.rpm
-rw-r--r-- 1 241211 25 5908 Nov 2 2021 xr-ospf-88-lc0-34h14fh-7.3.2v1.0.1-
1.x86_64.rpm
-rw-r--r-- 1 241211 25 5888 Nov 2 2021 xr-ospf-88-lc0-36fh-7.3.2v1.0.1-
1.x86_64.rpm
-rw-r--r-- 1 241211 25 5900 Nov 2 2021 xr-ospf-88-lc0-36fh-m-7.3.2v1.0.1-
1.x86_64.rpm
-rw-r--r-- 1 241211 25 5896 Nov 2 2021 xr-ospf-8800-lc-36fh-7.3.2v1.0.1-
1.x86_64.rpm
-rw-r--r-- 1 241211 25 5888 Nov 2 2021 xr-ospf-8800-lc-48h-7.3.2v1.0.1-
1.x86_64.rpm
-rw-r--r-- 1 241211 25 5908 Nov 2 2021 xr-ospf-8800-rp-7.3.2v1.0.1-1.x86_64.rpm
-rw-r--r-- 1 241211 25 150442 Nov 2 2021 xr-ospf-d17f630e9aaec8a3-7.3.2v1.0.1-
1.x86_64.rpm
Step 5 On the jump host, create repodata storage from the /root/repo folder.
On the jump host, use the pwd Linux command, to make sure you are in the /root/repo folder.
Then use the createrepo --database Linux command, to create repodata storage.
[root@ca02c438f0cd repo]# pwd
/root/repo
[root@ca02c438f0cd repo]# createrepo --database /root/repo
Directory walk started
Directory walk done - 15 packages
Temporary output repo path: /root/repo/.repodata/
Preparing sqlite DBs
Pool started (with 5 workers)
Pool finished
[root@ca02c438f0cd repo]#
On the jump host, use the ls -l Linux command, to verify the repodata storage folder.
[root@ca02c438f0cd repo]# ls -l
total 7888
-rw-r--r-- 1 1000 1000 4034560 Mar 25 16:45 8000-7.3.2.CSCvz57398.tar
-r--r--r-- 1 241211 25 1280 Nov 22 2021 8000-7.3.2.CSCvz57398.txt
drwxr-xr-x 2 241211 25 4096 Nov 2 2021 8000-x86_64-7.3.2-CSCvz57398
-rw-r--r-- 1 241211 25 4029478 Nov 22 2021 8000-x86_64-7.3.2-CSCvz57398.tgz
drwxr-xr-x 2 root root 4096 Jun 15 11:35 repodata
Step 6 On the jump host, make SMU files available via HTTP.
On the jump host, use the pwd Linux command, to make sure you are in the /root/repo folder.
Then type the python3 -m http.server 80 Linux command, to start Simple HTTP Server. Do
not exit Simple HTTP Server until later in this lab exercise.
[root@ca02c438f0cd repo]# pwd
/root/repo
[root@ca02c438f0cd repo]# python3 -m http.server 80
Serving HTTP on 0.0.0.0 port 80 (http://0.0.0.0:80/) ...
Step 7 In the jump host, go back to the second Terminal session and login to the R0 router.
On the jump host, second Terminal session type the r0 keyword, this will open the SSH session
to the R0 router.
student@student-vm:~/XR7_Install_Files/7.3.2/SMUs$ r0
Last login: Tue May 31 20:36:17 2022 from 192.168.122.1
RP/0/RP0/CPU0:R0#
Step 8 On the R0 router, configure the remote_repo repository to use HTTP server available on the
jump host IP address.
Step 10 On the R0 router, install the xr-ospf-7.3.2v1.0.1-1 package SMU fix from the remote repository.
Use the install package upgrade command and observe the output. The package SMU fix
installation should be successful.
RP/0/RP0/CPU0:R0# install package upgrade xr-ospf-7.3.2v1.0.1-1 synchronous
Starting:
install package upgrade xr-ospf-7.3.2v1.0.1-1
Packaging operation 9.1.1
Press Ctrl-C to return to the exec prompt. This will not cancel the install operation
Step 11 On the jump host, navigate back to the first Terminal session and observe HTTP server output.
You should see many successful HTTP transactions.
[root@ca02c438f0cd repo]# python3 -m http.server 80
Serving HTTP on 0.0.0.0 port 80 (http://0.0.0.0:80/) ...
172.17.0.1 - - [15/Jun/2022 12:02:14] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:02:14] "GET
/repodata/d0282ad7a0a84ded53963c7f55d658086c707274c5a5c0c8ef8ee900fce9be7b-
primary.xml.gz HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:02:14] "GET
/repodata/07b229121de717344c77041e9fb52a2915ad816525844574d4ab8f7803b1ef54-
filelists.xml.gz HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:04:26] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:04:27] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:12:15] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:12:16] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:12:17] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:12:18] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:12:19] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:12:19] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:12:21] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:12:24] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:12:27] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:12:28] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:12:37] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:12:38] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:12:39] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:12:41] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:12:43] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:12:44] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:12:44] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:12:45] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:12:45] "GET /8000-x86_64-7.3.2-CSCvz57398/xr-ospf-
7.3.2v1.0.1-1.x86_64.rpm HTTP/1.1" 200 -
< output omitted >
On the jump host, enter the Ctrl+c keys, to stop the Simple HTTP Server.
< output omitted >
172.17.0.1 - - [16/Jun/2022 07:35:20] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [16/Jun/2022 07:35:34] "GET /repodata/repomd.xml HTTP/1.1" 200 -
^C
Keyboard interrupt received, exiting.
[root@185c10117f42 repo]#
On the jump host, enter the exit command, to exit from the repo container.
[root@185c10117f42 repo]# exit
exit
student@student-vm:~$
On the R0 router, use the show install fixes active command. You should see no active package
SMU fixes available.
RP/0/RP0/CPU0:R0# show install fixes active
There are currently no fixes active.
RP/0/RP0/CPU0:R0#
Step 13 On the R0 router, apply the package SMU fixes.
On the R0 router, use the install apply command, then respond with the yes keyword on the
continue question.
RP/0/RP0/CPU0:R0# install apply
Once the packaging dependencies have been determined, the install operation may have to
reload the system.
If you want more control of the operation, then explicitly use 'install apply restart'
or 'install apply reload' as reported by 'show install request'.
Continue? [yes/no]:[yes] yes
Install apply operation 9.1 has started
Install operation will continue in the background
On the R0 router, use the show install request command. You should see Success state for the
last operation.
RP/0/RP0/CPU0:R0# show install request
On the R0 router, use the show install fixes active command. You should the OSPF package
SMU fix.
RP/0/RP0/CPU0:R0# show install fixes active
On the R0 router, use the show install fixes committed command. There are no committed
package SMU fixes.
RP/0/RP0/CPU0:R0# show install fixes committed
There are currently no fixes committed.
Use the show install request command. You should see Success state for the last operation.
RP/0/RP0/CPU0:R0# show install request
On the R0 router, use the show install fixes committed command. You should see the OSPF
package SMU fix committed.
RP/0/RP0/CPU0:R0# show install fixes committed
On the R0 router, use the show install rollback list-ids command. Find the second from the last
rollback point and copy rollback point ID. The following output shows ID 0.
RP/0/RP0/CPU0:R0# show install rollback list-ids
It is possible to rollback to the following transaction IDs:
# Pkgs to rollback
Id Software Committed At: Add Mod Rem
---- ----------------------- ------- ------- -------
0 From Boot 0 1 0
1 2022-07-06 09:46:32 UTC 0 0 0
Step 19 On the R0 router, verify the changes of the second from the last installation rollback point.
On the R0 router, use the show install rollback id 0 changes command. You should use
rollback ID as learned from the previous step. The rollback ID may be different in your lab. You
should see what installation package was added and can be removed when rolling back to the
installation rollback ID.
RP/0/RP0/CPU0:R0# show install rollback id 0 changes
Rollback to transaction ID 0 will result in the following packages being added:
Step 20 On the R0 router, rollback to the installation rollback ID learned in the previous step.
On the R0 router, use the install rollback 0 commit synchronous command, then respond with
the yes keyword on the continue question. You should use rollback ID as learned from the
previous step. The rollback ID may be different in your lab.
RP/0/RP0/CPU0:R0# install rollback 0 commit synchronous
Once the packaging dependencies have been determined, the install operation may have to
reload the system.
If you want to control the timing of system reload, you must not continue, but use the
'install package rollback' command instead, followed by 'install apply'.
Continue? [yes/no]:[yes] yes
Starting:
install rollback 0 commit
Transaction 2
Press Ctrl-C to return to the exec prompt. This will not cancel the install operation
Use the show install request command. You should see Success state for the last operation.
RP/0/RP0/CPU0:R0# show install request
Activity Verification
You have completed this task when you attain the following results:
• You have created Docker repo directory.
• You have configured the remote_repo repository to use HTTP server.
• You have verified available package SMU fixes.
• You have installed the OSPF package SMU fix from the remote repository.
• You have verified active package SMU fixes.
• You have applied and committed the package SMU fixes.
• You have rollbacked the installation of the package SMU fixes.
You can access the router through the management Jumphost. IP addressing for management interfaces can
be located in the Job Aid.
Activity
Step 1 On the jump host, navigate to the folder with optional RPMs.
On the jump host, use the cd Linux command to navigate to the following folder
/XR7_Install_Files/7.3.2/RPMs.
student@student-vm:~$ cd ~/XR7_Install_Files/7.3.2/RPMs/
student@student-vm:~/XR7_Install_Files/7.3.2/RPMs$
You will use pwd Linux command to verify you are in the correct folder.
student@student-vm:~/XR7_Install_Files/7.3.2/RPMs$ pwd
/home/student/XR7_Install_Files/7.3.2/RPMs
You will use the ls -l Linux command to verify current folder content. You should see the 8000-
optional-rpms.7.3.2.tar file present.
student@student-vm:~/XR7_Install_Files/7.3.2/RPMs$ ls -l
total 2032
-rw-r--r-- 1 student student 1167360 Mar 25 16:48 8000-k9sec-rpms.7.3.2.tar
-rw-r--r-- 1 student student 911360 Mar 25 16:48 8000-optional-rpms.7.3.2.tar
student@student-vm:~/XR7_Install_Files/7.3.2/RPMs$
Step 2 On the jump host, use the secure copy protocol (SCP) to copy the 8000-optional-rpms.7.3.2.tar
file to the /harddisk: folder on the R0 router.
The R0 router is accessible on the management IP address 192.168.122.50, with the username
cisco. Use the scp Linux command.
student@student-vm:~/XR7_Install_Files/7.3.2/RPMs$ scp 8000-optional-rpms.7.3.2.tar
cisco@192.168.122.50:/harddisk:/8000-optional-rpms.7.3.2.tar
8000-optional-rpms.7.3.2.tar
100% 890KB 17.7MB/s 00:00
student@student-vm:~/XR7_Install_Files/7.3.2/RPMs$
Step 3 On the R0 router, access the shell of the router and navigate to the /harddisk: folder.
On the R0 router, access the shell of the router by using the run Linux command and use the cd
Linux command to navigate to the correct folder.
RP/0/RP0/CPU0:R0# run
[node0_RP0_CPU0:~]$ cd ..
[node0_RP0_CPU0:/]$ cd harddisk\:
[node0_RP0_CPU0:/harddisk:]$ pwd
/harddisk:
Use the ls -l Linux command to confirm that the 8000-optional-rpms.7.3.2.tar file is present.
[node0_RP0_CPU0:/harddisk:]$ ls -l
total 9156
-rw-r--r--. 1 root root 911360 May 4 10:22 8000-optional-rpms.7.3.2.tar
drwxrwxrwx. 5 root root 4096 May 4 10:01 cisco_support
-rw-rw-rw-. 1 root root 480 May 4 09:56 debug_shell_client.log
drwxrwxrwx. 2 root root 4096 Mar 25 16:16 dumper
-rw-rw-rw-. 1 root root 2 May 4 10:02 feature_list
drwx------. 3 root root 4096 May 4 09:57 ima
drwx------. 2 root root 16384 Oct 18 2021 lost+found
drwxrwxrwx. 3 root root 4096 Oct 18 2021 mirror
drwxrwxrwx. 2 root root 4096 May 4 09:55 npu_sdk_logs
-rw-rw-rw-. 1 root root 8388729 May 4 10:14 nvgen_bkup.log
drwxrwxrwx. 2 root root 4096 Oct 18 2021 nvram
drwxr-xr-x. 3 root root 4096 Mar 25 16:16 pam
drwxr-xr-x. 2 root root 4096 Mar 25 16:16 showtech
drwxrwxrwx. 5 root root 4096 May 4 09:54 shutdown
drwxrwxrwx. 3 root root 4096 Oct 18 2021 ztp
All files are extracted into the optional-rpms folder. Navigate to the optional-rpms folder and
examine the content.
[node0_RP0_CPU0:/harddisk:]$ ls
8000-optional-rpms.7.3.2.tar debug_shell_client.log feature_list lost+found
npu_sdk_logs nvram pam shutdown
cisco_support dumper ima mirror
nvgen_bkup.log optional-rpms showtech ztp
[node0_RP0_CPU0:/harddisk:]$ cd optional-rpms/
[node0_RP0_CPU0:/harddisk:/optional-rpms]$ ls
cdp healthcheck telnet
[node0_RP0_CPU0:/harddisk:/optional-rpms]$ cd telnet/
[node0_RP0_CPU0:/harddisk:/optional-rpms/telnet]$ ls
xr-telnet-3692251fac396a2d-7.3.2v1.0.0-1.x86_64.rpm xr-telnet-88-lc0-34h14fh-
7.3.2v1.0.0-1.x86_64.rpm
xr-telnet-7.3.2v1.0.0-1.x86_64.rpm xr-telnet-88-lc0-36fh-7.3.2v1.0.0-
1.x86_64.rpm
xr-telnet-8101-32h-7.3.2v1.0.0-1.x86_64.rpm xr-telnet-88-lc0-36fh-m-
7.3.2v1.0.0-1.x86_64.rpm
xr-telnet-8102-64h-7.3.2v1.0.0-1.x86_64.rpm xr-telnet-8800-lc-36fh-
7.3.2v1.0.0-1.x86_64.rpm
xr-telnet-8201-32fh-7.3.2v1.0.0-1.x86_64.rpm xr-telnet-8800-lc-48h-7.3.2v1.0.0-
1.x86_64.rpm
xr-telnet-8201-7.3.2v1.0.0-1.x86_64.rpm xr-telnet-8800-rp-7.3.2v1.0.0-
1.x86_64.rpm
xr-telnet-8202-7.3.2v1.0.0-1.x86_64.rpm xr-telnet-d17f630e9aaec8a3-
7.3.2v1.0.0-1.x86_64.rpm
xr-telnet-8608-rp1-7.3.2v1.0.0-1.x86_64.rpm
[node0_RP0_CPU0:/harddisk:/optional-rpms/telnet]$
RP/0/RP0/CPU0:R0#
On the R0 router, use the install repository command to map the local repository with the
/harddisk:/optional-rpms folder.
RP/0/RP0/CPU0:R0# configure
RP/0/RP0/CPU0:R0(config)# install repository local-repo url file:///harddisk:/optional-
rpms
RP/0/RP0/CPU0:R0(config)# commit
RP/0/RP0/CPU0:R0(config)# end
RP/0/RP0/CPU0:R0#
On the R0 router, use the show install available command. Make sure that you can see the xr-
telnet package.
RP/0/RP0/CPU0:R0# show install available
Trying to access repositories...
Package Architecture
Version Repository Cached
---------------------------------------------------- ---------------- -----------------
---------- ----------------------------------- ------
xr-cdp x86_64
7.3.2v1.0.0-1 local-repo
xr-healthcheck x86_64
7.3.2v1.0.0-1 local-repo
xr-telnet x86_64
7.3.2v1.0.0-1 local-repo
Activity Verification
You have completed this task when you attain the following results:
• You have navigated to the folder with optional RPMs.
• You have copied the tar file to the /harddisk:.
• You have accessed the shell of the router and extracted the tar file.
• You have configured the local repository.
• You have checked the contents of the repository.
Try to use the telnet command in the XR mode and configuration mode. You should observe
that the Telnet client or Telnet server is not available.
RP/0/RP0/CPU0:R0# telnet
^
% Invalid input detected at '^' marker.
RP/0/RP0/CPU0:R0# configure
RP/0/RP0/CPU0:R0(config)# telnet ?
^
% Invalid input detected at '^' marker.
RP/0/RP0/CPU0:R0(config)# end
RP/0/RP0/CPU0:R0#
Use the show install committed summary command. Observe that there is no xr-telnet package
listed in the optional packages.
RP/0/RP0/CPU0:R0# show install committed summary
Committed Packages: XR: 180 All: 1282
Label: 7.3.2
Software Hash: d7fb6b4adbb9704ce63a960b5c6af85a
Package Version
---------------------------------------------------- ---------------------------
xr-8000-af-ea 7.3.2v1.0.0-1
xr-8000-aib 7.3.2v1.0.0-1
xr-8000-bfd 7.3.2v1.0.0-1
< output omitted >
Use the show install committed | include telnet command to narrow down the output. There is
no xr-telnet package committed.
RP/0/RP0/CPU0:R0# show install committed | include telnet
RP/0/RP0/CPU0:R0#
Use the show install available command. Make sure that you can see the xr-telnet package.
RP/0/RP0/CPU0:R0# show install available
Trying to access repositories...
Package Architecture
Version Repository Cached
---------------------------------------------------- ---------------- -----------------
---------- ----------------------------------- ------
xr-cdp x86_64
7.3.2v1.0.0-1 local-repo
xr-healthcheck x86_64
7.3.2v1.0.0-1 local-repo
xr-telnet x86_64
7.3.2v1.0.0-1 local-repo
Step 5 On the R0 router, install the xr-telnet package from the local-repo repository.
Use the install source command and confirm installation with the yes keyword.
RP/0/RP0/CPU0:R0# install source local-repo xr-telnet
Once the packaging dependencies have been determined, the install operation may have to
reload the system.
If you want to control the timing of system reload, you must not continue, but use the
'install package add' command instead, followed by 'install apply'.
Continue? [yes/no]:[yes] yes
Install source operation 3.1 has started
Install operation will continue in the background
RP/0/RP0/CPU0:R0#
Use the show install request command. You should see the Success state for the last operation.
Note You may need to wait a couple of minutes for the Success state to show.
RP/0/RP0/CPU0:R0# show install request
Use the show install history last package command. You should see the package operation
started and success.
RP/0/RP0/CPU0:R0# show install history last package
2022-05-04 12:29:49 UTC Packaging operation 3.1.1 started
2022-05-04 12:29:49 UTC Add
2022-05-04 12:29:49 UTC xr-telnet
2022-05-04 12:31:12 UTC Packaging operation 3.1.1 success
Location 0/RP0/CPU0
Add xr-telnet-7.3.2v1.0.0-1.x86_64
Add xr-telnet-3692251fac396a2d-7.3.2v1.0.0-1.x86_64
Add xr-telnet-8201-7.3.2v1.0.0-1.x86_64
Add xr-telnet-d17f630e9aaec8a3-7.3.2v1.0.0-1.x86_64
Use the show install request command. You should see Success state for the last operation.
RP/0/RP0/CPU0:R0# show install request
Try to use the telnet command in the XR mode and configuration mode. You should observe
that the Telnet client and Telnet server are available now.
RP/0/RP0/CPU0:R0# telnet ?
A.B.C.D IPv4 address
WORD Hostname of the remote node
X:X::X IPv6 address
disconnect-char telnet client disconnect char
vrf vrf table for the route lookup
RP/0/RP0/CPU0:R0# configure
RP/0/RP0/CPU0:R0(config)# telnet ?
ipv4 IPv4 configuration
ipv6 IPv6 configuration
vrf VRF name for telnet server
RP/0/RP0/CPU0:R0(config)# end
RP/0/RP0/CPU0:R0#
If you want to configure the Telnet server and test the Telnet client, you can use the following
commands.
RP/0/RP0/CPU0:R0# configure
RP/0/RP0/CPU0:R0(config)# telnet ipv4 server max-servers 10
RP/0/RP0/CPU0:R0(config)# commit
RP/0/RP0/CPU0:R0(config)# end
RP/0/RP0/CPU0:R0# telnet 192.168.122.50
Trying 192.168.122.50...
Connected to 192.168.122.50.
Escape sequence is '^^q'.
Username: cisco
Password: cisco123
RP/0/RP0/CPU0:R0# exit
RP/0/RP0/CPU0:R0#
Step 11 On the R0 router, display the committed packages and narrow down the output, to list the Telnet
package only.
Use the show install committed | include telnet command, to narrow down the output. There is
an xr-telnet package committed.
RP/0/RP0/CPU0:R0# show install committed | include telnet
xr-telnet 7.3.2v1.0.0-1
Activity Verification
You have completed this task when you attain the following results:
• You have observed the Telnet client or Telnet server.
• You have displayed the summary of the committed packages.
• You have installed the xr-telnet package.
• You have observed the installation request and the installation history.
• You have committed the operation.
Activity
Use the show install request command. You should see the Success state for the last operation.
Note You may need to wait a couple of minutes for the Success state to show.
Use the show install history last package command. You should see the package operation
started and success.
RP/0/RP0/CPU0:R0# show install history last package
Wed May 4 13:12:32.593 UTC
2022-05-04 13:10:30 UTC Packaging operation 4.1.1 started
2022-05-04 13:10:30 UTC Remove
2022-05-04 13:10:30 UTC xr-telnet
2022-05-04 13:11:21 UTC Packaging operation 4.1.1 success
Location 0/RP0/CPU0
Remove xr-telnet-7.3.2v1.0.0-1.x86_64
Remove xr-telnet-3692251fac396a2d-7.3.2v1.0.0-1.x86_64
Remove xr-telnet-8201-7.3.2v1.0.0-1.x86_64
Remove xr-telnet-d17f630e9aaec8a3-7.3.2v1.0.0-1.x86_64
Step 4 On the R0 router, apply the changes to make the change active.
Use the install apply command and confirm the operation by using the yes keyword.
RP/0/RP0/CPU0:R0# install apply
Once the packaging dependencies have been determined, the install operation may have to
reload the system.
If you want more control of the operation, then explicitly use 'install apply restart'
or 'install apply reload' as reported by 'show install request'.
Continue? [yes/no]:[yes] yes
Install apply operation 4.1 has started
Install operation will continue in the background
Use the show install request command. You should see the Success state for the last operation.
Note Do not proceed to the next task until the state shows Success for the install apply request.
Use the show install request command. You should see the Success state for the last operation.
RP/0/RP0/CPU0:R0# show install request
Try to use the telnet command in the XR mode and configuration mode. You should observe
that the Telnet client or Telnet server is not available.
RP/0/RP0/CPU0:R0# telnet
^
% Invalid input detected at '^' marker.
RP/0/RP0/CPU0:R0# configure
RP/0/RP0/CPU0:R0(config)# telnet ?
^
% Invalid input detected at '^' marker.
RP/0/RP0/CPU0:R0(config)# end
RP/0/RP0/CPU0:R0#
Activity Verification
You have completed this task when you attain the following results:
• You have removed the xr-telnet package.
• You have observed the installation request and the installation history.
• You have applied the changes to make the change active.
• You have committed the operation.
Activity Objective
After completing this activity, you will be able to meet these objectives:
• Configure autoprovisioning by using a static configuration.
• Configure autoprovisioning by using a script.
Visual Objective
The following are the preconfigured lab tasks:
• All routers have IS-IS configured for full IP reachability.
• The link between CE2 and CE4 is disabled.
Topology
The student pod is accessible through the Cisco Learning Services Lab Portal at https://htdlab.cisco.com.
Each pod has access to the following:
• A virtualized Linux management jump host to facilitate access to all routers.
• Virtualized routers that are based on Cisco IOS XR and that consist of four PE routers, two P routers,
and four CE routers.
You can access the virtualized PE1 router by using Console access. Click the PE1 router icon in the Cisco
Learning Services Lab portal.
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the hostname (lowercase) of the router, this will open the
SSH session to the router.
Job Aid
The following credentials will be required for this lab:
You can access the virtualized PE1 router by using Console access. Click the PE1 router icon in the Cisco
Learning Services Lab portal.
Activity
In the Jumphost, use the Terminal and type the more /etc/dhcp/dhcpd.conf Linux command.
student@student-vm:~$ more /etc/dhcp/dhcpd.conf
# dhcpd.conf
option domain-name "cisco.com";
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
host PE1 {
hardware ethernet 00:0c:29:f4:41:0c;
fixed-address 172.16.1.103;
filename" http://172.16.1.100:8000/PE1.config";
#filename" http://172.16.1.100:8000/simpleZTPscript";
}
In the Jumphost, use the Terminal and type the sudo systemctl start isc-dhcp-server.service
Linux command.
student@student-vm:~$ sudo systemctl start isc-dhcp-server.service
student@student-vm:~$
In the Jumphost, use the Terminal and type the sudo systemctl status isc-dhcp-server.service
Linux command.
student@student-vm:/etc/dhcp$ sudo systemctl status isc-dhcp-server.service
â—Ź isc-dhcp-server.service - ISC DHCP IPv4 server
Loaded: loaded (/lib/systemd/system/isc-dhcp-server.service; enabled; vendor preset:
enabled)
Active: active (running) since Thu 2022-05-26 09:19:18 UTC; 26s ago
Docs: man:dhcpd(8)
Main PID: 21739 (dhcpd)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/isc-dhcp-server.service
└─21739 dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-
server/dhcpd.pid -cf /etc/dhcp/dhcpd.conf
May 26 09:19:18 student-vm dhcpd[21739]: you want, please write a subnet declaration
May 26 09:19:18 student-vm sh[21739]: you want, please write a subnet declaration
May 26 09:19:18 student-vm dhcpd[21739]: in your dhcpd.conf file for the network
segment
May 26 09:19:18 student-vm sh[21739]: in your dhcpd.conf file for the network
segment
May 26 09:19:18 student-vm dhcpd[21739]: to which interface ens160 is attached. **
May 26 09:19:18 student-vm sh[21739]: to which interface ens160 is attached. **
May 26 09:19:18 student-vm dhcpd[21739]:
May 26 09:19:18 student-vm dhcpd[21739]: Sending on Socket/fallback/fallback-net
May 26 09:19:18 student-vm sh[21739]: Sending on Socket/fallback/fallback-net
May 26 09:19:18 student-vm dhcpd[21739]: Server starting service.
Step 5 In the Jumphost, make the PE1.config file available through HTTP.
In the Jumphost, use the Terminal and navigate to the /home/student/Configs directory. The
PE1.config file is present in the /home/student/Configs folder.
Type the python -m http.server Linux command to start Simple HTTP Server. Do not exit
Simple HTTP Server until later in this lab exercise.
student@student-vm:~$ cd /home/student/Configs
student@student-vm:~/Configs$ python -m http.server
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...
Step 6 In the Jumphost, start Wireshark and filter for DHCP messages.
Step 7 On the PE1 router, reset the configuration to the factory defaults and reload the router.
Be sure to open console access to the PE1 router, use the cisco username and cisco123
password. Click the PE1 router icon in the Cisco Learning Services Lab portal. This step will not
work on the remote access.
On the PE1 router, use the following commands.
RP/0/RP0/CPU0:PE1# ztp clean
This would remove all ZTP temporary files.
Would you like to proceed? [no]: yes
All ZTP operation files have been removed.
ZTP logs are present in /var/log/ztp*.log for logrotate.
Please remove manually if needed.
If you now wish ZTP to run again from boot, do 'conf t/commit replace' followed by
reload.
RP/0/RP0/CPU0:PE1# configure
RP/0/RP0/CPU0:PE1(config)# commit replace
This commit will replace or remove the entire running configuration. This
operation can be service affecting.
Do you wish to proceed? [no]: yes
RP/0/RP0/CPU0:ios(config)# end
RP/0/RP0/CPU0:ios# reload
Standby card not present or not Ready for failover. Proceed? [confirm] <Enter>
< output omitted >
Proceed with reload? [confirm] <Enter>
Note If the commit replace command is executed before any configurations are made, the configurations are
replaced with a blank configuration.
Note After reloading is complete, you will need to wait for 5 to 10 minutes for all interfaces to come up.
In the Jumphost, use the Terminal and analyze the Simple HTTP Server output, to see if there
was a request for the PE1.config file.
student@student-vm:~/Configs$ python -m http.server
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...
172.16.1.103 - - [26/May/2022 10:40:06] "HEAD /PE1.config HTTP/1.1" 200 -
172.16.1.103 - - [26/May/2022 10:40:06] "GET /PE1.config HTTP/1.1" 200 -
Note It may take 5 to 10 minutes for the router to fully boot. Do not type anything in the router's console until the
process is complete.
In the Jumphost, use the Terminal and enter the Ctrl+C keys to stop the Simple HTTP Server.
student@student-vm:~/Configs$ python -m http.server
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...
172.16.1.103 - - [26/May/2022 10:40:06] "HEAD /PE1.config HTTP/1.1" 200 -
172.16.1.103 - - [26/May/2022 10:40:06] "GET /PE1.config HTTP/1.1" 200 -
^C
Keyboard interrupt received, exiting.
student@student-vm:~/Configs$
Activity Verification
You have completed this task when you attain the following results:
• You have configured the PE1 router to use autoprovisioning by using a static configuration.
Activity
Step 1 In the Jumphost, analyze the preconfigured simple ZTP script in the /home/student/scripts
directory.
In the Jumphost, use the Terminal and enter the more /home/student/scripts/simpleZTPscript
command. The script enables all GigabitEthernet interfaces and configures a load-interval of 30
seconds on all GigabitEthernet interfaces.
student@student-vm:~$ more /home/student/scripts/simpleZTPscript
#!/bin/bash
source /pkg/bin/ztp_helper.sh
config_file="/tmp/config.txt"
interfaces=$(xrcmd "show interfaces brief")
function activate_all_if(){
arInt=($(echo $interfaces | grep -oE '(Te|Fo|Hu|Gi)[0-9]*/[0-9]*/[0-9]*/[0-
9]*'))
for int in ${arInt[*]}; do
echo -ne "interface $int\n no shutdown\n load-interval 30\n" >>
$config_file
done
xrapply_with_reason "Initial ZTP configuration" $config_file
}
Step 2 In the Jumphost, modify the DHCP configuration so that the script file will be used during the
ZTP process.
In the Jumphost, use the Terminal and enter the sudo vi /etc/dhcp/dhcpd.conf Linux command
to modify the DHCP configuration.
Note You can use gedit Linux application as the text editor.
Save and close the file after making the appropriate changes.
student@student-vm:~$ sudo vi /etc/dhcp/dhcpd.conf
# dhcpd.conf
option domain-name "cisco.com";
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
host PE1 {
hardware ethernet 00:0c:29:f4:41:0c;
fixed-address 172.16.1.103;
filename" http://172.16.1.100:8000/PE1.config";
#filename" http://172.16.1.100:8000/simpleZTPscript";
}
To save and exit the vi editor, press the Esc key and type the :wq! command.
In the Jumphost, use the Terminal and enter the sudo systemctl restart isc-dhcp-
server.service Linux command.
student@student-vm:~$ sudo systemctl restart isc-dhcp-server.service
student@student-vm:~$
Step 4 In the Jumphost, make the simpleZTPscript script available through HTTP.
In the Jumphost, use the Terminal, navigate to the /home/student/scripts directory and enter
the python -m http.server Linux command. Leave the Terminal open.
If the simple HTTP server is still running in the /home/student/configs directory, stop the
service by entering the Ctrl+C keys or closing the Terminal window. Then enter the following
commands:
student@student-vm:~$ cd /home/student/scripts
student@student-vm:~/scripts$ python -m http.server
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...
Step 5 On the PE1 router, verify that all GigabitEthernet interfaces are present in the running
configuration.
On the PE1 router, use the show running-config command. If there are GigabitEthernet
interfaces shown as preconfigured, wait a couple of minutes before proceeding to the next step.
Note It may take up to 10 minutes after the system reboot for all interface modules to load and become available.
You can continue to the next step when the show running-config output is similar as shown.
RP/0/RP0/CPU0:PE1# show running-config
< output omitted >
interface GigabitEthernet0/0/0/0
description to P1 GigabitEthernet0/0/0/0
cdp
ipv4 address 10.1.3.3 255.255.255.0
ipv6 address 2001::99:1:3:3/112
< output omitted >
On the PE1 router, use the ztp initiate verbose command to invoke ZTP.
RP/0/RP0/CPU0:PE1# ztp initiate verbose
Inititaing ZTP may change your configuration.
Interfaces might be brought up if they are in shutdown state
Would you like to proceed? [no]: yes
ZTP will now run in the background.
Please use "show logging" or look at /var/log/ztp.log to check progress.
RP/0/RP0/CPU0:PE1#
In the Jumphost, use the Terminal and analyze the Simple HTTP Server output to see if there
was a request for the simpleZTPscript file.
student@student-vm:~/scripts$ python -m http.server
Serving HTTP on 0.0.0.0 port 8000 (http://0.0.0.0:8000/) ...
172.16.1.103 - - [26/May/2022 11:08:06] "HEAD / simpleZTPscript HTTP/1.1" 200 -
172.16.1.103 - - [26/May/2022 11:08:06] "GET / simpleZTPscript HTTP/1.1" 200 -
Activity Verification
You have completed this task when you attain the following results:
• You have configured the PE1 router to use autoprovisioning by using a script.
Activity Objective
After completing this activity, you will be able to meet these objectives:
• Configure and verify MPLS LDP
• Verify the MPLS operation
Visual Objective
The following figure shows the visual objective:
The student pod is accessible through the Cisco Learning Services Lab Portal at https://htdlab.cisco.com.
Each pod has access to the following:
• A virtualized Linux management jump host to facilitate access to all routers.
• Virtualized routers that are based on Cisco IOS XR and that consist of four PE routers, two P routers,
and four CE routers.
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Job Aid
The following credentials will be required for this lab:
Jumphost 172.16.1.100/24
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Activity
You can verify IS-IS configuration on other routers and make sure that IS-IS is configured, as
shown in the Visual Objective of the lab.
Step 2 On the PE1 router, verify that IS-IS adjacencies are established.
On the PE1 router, use the show isis adjacency command.
RP/0/RP0/CPU0:PE1# show isis adjacency
Fri Mar 25 08:54:08.491 UTC
On the PE1 router, you should see three IS-IS adjacencies established. You can repeat the same
command on other routers and make sure that IS-IS adjacencies are established, as shown in the
Visual Objective of the lab.
Step 3 On the PE1 router, verify the routing table for IS-IS routes.
On the PE1 router, you should see IS-IS routes. The highlighted routes in the output are for CE1
Loopback0 (10.7.7.7/32), CE2 Loopback0 (10.8.8.8/32), CE3 Loopback0 (10.9.9.9/32), and
CE4 Loopback0 (10.10.10.10/32).
Step 4 On the CE1 router, verify connectivity to the CE2 Loopback0 (10.8.8.8/32) and to the CE3
Loopback0 (10.9.9.9/32).
On the CE1 router, use the ping 10.8.8.8 command to test connectivity to the CE2 Loopback0.
Ping should be successful.
RP/0/RP0/CPU0:CE1# ping 10.8.8.8
Fri Mar 25 09:08:08.194 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 539/1289/1857 ms
On the CE1 router, use the ping 10.9.9.9 command to test connectivity to the CE3 Loopback0.
Ping should be successful.
RP/0/RP0/CPU0:CE1# ping 10.9.9.9
Fri Mar 25 09:11:34.462 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.9.9.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 812/1227/1663 ms
Activity Verification
You have completed this task when you attain the following results:
• You have verified IS-IS configuration.
• You have verified that all routers have full reachability.
Activity
Step 1 On the PE1 router, determine which interfaces face P1 and PE3 routers.
On the PE1 router, use the show interfaces description command to determine interfaces to
other MPLS enabled devices.
RP/0/RP0/CPU0:PE1# show interfaces description
Fri Mar 25 10:19:53.708 UTC
You will need this information when enabling MPLS on the core links.
Step 2 On the PE1 router, enable MPLS LDP for the interfaces facing the core, that is, facing P1 and
PE3 routers. Use the IP 10.3.3.3 as a LDP router ID.
Step 3 In a dual-stack setup, when LDP has the option to establish transport connection either by using
IPv4 endpoints or IPv6 endpoints, IPv6 connection is preferred over IPv4 connection. On the
PE1 router, override default IPv6 transport preference for dual-stack cases to use IPv4 transport.
On the PE1 router, use the dual-stack transport-connection prefer ipv4 command, to override
the default IPv6 transport preference for dual-stack cases.
RP/0/RP0/CPU0:PE1# config
RP/0/RP0/CPU0:PE1(config)# mpls ldp
RP/0/RP0/CPU0:PE1(config-ldp)# neighbor
RP/0/RP0/CPU0:PE1(config-ldp-nbr)# dual-stack transport-connection prefer ipv4
RP/0/RP0/CPU0:PE1(config-ldp-nbr)# commit
RP/0/RP0/CPU0:PE1(config-ldp-nbr)#end
RP/0/RP0/CPU0:PE1#
Step 4 On the PE1 router, verify that MPLS LDP is enabled on the core facing interfaces.
You should see MPLS LDP enabled on the GigabitEthernet0/0/0/0 and GigabitEthernet0/0/0/1
interfaces.
On the PE1 router, use the show mpls ldp interface brief command.
RP/0/RP0/CPU0:PE1# show mpls ldp interface brief
Fri Mar 25 10:47:18.987 UTC
Interface VRF Name Config Enabled IGP-Auto-Cfg TE-Mesh-Grp cfg
--------------- ------------------- ------ ------- ------------ ---------------
Gi0/0/0/0 default Y Y 0 N/A
Gi0/0/0/1 default Y Y 0 N/A
Step 6 On the PE1 router, verify that an LDP session is established to the P1 and PE3 routers.
On the PE1 router, use the show mpls ldp neighbor command.
RP/0/RP0/CPU0:PE1# show mpls ldp neighbor
Fri Mar 25 10:57:57.164 UTC
On the PE1 router, you should see the LDP session established to the P1 (10.1.1.1) and to the
PE3 (10.5.5.5) routers.
On the PE1 router, use the show mpls ldp neighbor brief command.
RP/0/RP0/CPU0:PE1# show mpls ldp neighbor brief
Fri Mar 25 11:00:38.616 UTC
Note how certain prefixes have labels assigned to them and others are Unlabeled. The unlabeled
prefixes are in the table because there are devices that are not running LDP, for example, CE
devices.
Note Label numbering is dynamic and the numerical label values may vary in your command outputs throughout
this exercise.
Activity Verification
You have completed this task when you attain the following result:
• Configure and verify MPLS LDP.
Activity
Step 1 On the CE1 router, verify a service path to the CE2 Loopback0 (10.8.8.8) interface.
On the CE1 router, use the traceroute 10.8.8.8 probe 1 command.
RP/0/RP0/CPU0:CE1# traceroute 10.8.8.8 probe 1
Fri Mar 25 12:20:58.577 UTC
The output shows that the packet path is through PE1 (10.3.7.3), P1 (10.1.3.1), and PE2
(10.1.4.4) routers. The PE1 router imposes a label 24016 and sends a packet to the P1 router.
The P1 router swaps a label 24016 with label 24016 and sends the packet to the PE2 router. The
PE2 router removes a label 24016 and sends the packet to the CE2 router.
Note Label numbering is dynamic and the numerical label values may vary in your command outputs throughout
this exercise.
Step 2 On the CE1 router, verify the service path to the CE4 Loopback0 (10.10.10.10) interface.
The output shows that the packet path is through PE1 (10.3.7.3), P1 (10.1.3.1), P2 (10.1.2.2),
and PE4 (10.2.6.6) routers. The label-switched path (LSP) from CE1 to CE4 Loopback0
contains the following labels: 24011 (P1), 24007 (P2), and 24012 (PE4).
Note Label numbering is dynamic and the numerical label values may vary in your command outputs throughout
this exercise.
Step 3 On the PE1 router, verify that the one of the outgoing labels for CE4 Loopback0
(10.10.10.10/32) is 24011. Note that your actual label value may vary. Compare the label value
to the first label that appears in the previous traceroute output.
On the PE1 router, use the show mpls ldp ipv4 bindings 10.10.10.10/32 command.
RP/0/RP0/CPU0:PE1# show mpls ldp ipv4 bindings 10.10.10.10/32
Fri Mar 25 12:28:40.824 UTC
10.10.10.10/32, rev 40
Local binding: label: 24012
Remote bindings: (2 peers)
Peer Label
----------------- ---------
10.1.1.1:0 24011
10.5.5.5:0 24012
The P1 router has assigned label 24011 for prefix 10.10.10.10/32 and has sent the label to the
PE1 router.
Step 4 On the PE1 router, verify the MPLS forwarding table for CE4 Loopback0 (10.10.10.10/32).
On the PE1 router, use the show mpls forwarding prefix 10.10.10.10/32 command.
RP/0/RP0/CPU0:PE1# show mpls forwarding prefix 10.10.10.10/32
Fri Mar 25 15:16:33.607 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
24012 24011 10.10.10.10/32 Gi0/0/0/0 10.1.3.1 2464
The PE1 router uses label 24011 received from P1 router (10.1.3.1) as an outgoing label to reach
prefix 10.10.10.10/32. Note that your actual label value may vary. Compare the label value to the
first label that appears in the traceroute output on the CE1 router to the CE4 Loopback0
(10.10.10.10).
Activity Verification
You have completed this task when you attain the following result:
• Verify the MPLS operation.
1. What show command displays local and all received MPLS LDP labels?
A. show mpls forwarding
B. show mpls ldp ipv4 bindings
C. show mpls ldp neighbor brief
D. show mpls ldp summary
Discovery 6: Configure and Verify Segment
Routing
Introduction
This lab explains how to configure and verify IGP segment routing and it familiarizes you with the use of
Cisco IOS XR software commands to explore the lab topology. This lab also verifies connectivity and
configures and verifies the IGP segment routing operation.
Activity Objective
After completing this activity, you will be able to meet these objectives:
• Verify IPv4 IS-IS routing and connectivity and familiarize yourself with the IS-IS topology used in the
lab.
• Verify MPLS and Cisco Express Forwarding tables within the lab topology.
• Configure IS-IS segment routing support on the P1 and CE1 routers.
• Configure the IS-IS segment routing prefix SID on the P1 and CE1 routers using an index value.
• Configure and verify the segment routing Prefer feature on the CE1 router.
• Configure OSPF segment routing on the PE2 and CE2 routers.
Visual Objective
The student pod is accessible through the Cisco Learning Services Lab Portal at https://htdlab.cisco.com.
Each pod has access to the following:
• A virtualized Linux management jump host to facilitate access to all routers.
• Virtualized routers that are based on Cisco IOS XR and that consist of four PE routers, two P routers,
and four CE routers.
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Job Aid
The following credentials will be required for this lab:
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Activity
Step 1 Log in to the P1 router and verify that the P1 router has formed IS-IS neighbor relationships
with the P2, PE1, and PE2 routers.
IS-IS 1 neighbors:
System Id Interface SNPA State Holdtime Type IETF-NSF
P2 Gi0/0/0/2 *PtoP* Up 28 L2 Capable
PE2 Gi0/0/0/1 *PtoP* Up 29 L2 Capable
PE1 Gi0/0/0/0 *PtoP* Up 22 L2 Capable
Use the show isis neighbors detail command. Verify that it has established the neighbor
relationships for both the IPv4 and IPv6 unicast address families.
RP/0/RP0/CPU0:P1# show isis neighbors detail
IS-IS 1 neighbors:
System Id Interface SNPA State Holdtime Type IETF-NSF
P2 Gi0/0/0/2 *PtoP* Up 27 L2 Capable
Area Address(es): 49.0001
IPv4 Address(es): 10.1.2.2*
IPv6 Address(es): fe80::20c:29ff:fe37:9994*
Topologies: 'IPv4 Unicast' 'IPv6 Unicast'
Uptime: 00:02:40
PE2 Gi0/0/0/1 *PtoP* Up 23 L2 Capable
Area Address(es): 49.0001
IPv4 Address(es): 10.1.4.4*
IPv6 Address(es): fe80::20c:29ff:fe16:c7ef*
Topologies: 'IPv4 Unicast' 'IPv6 Unicast'
Uptime: 4d08h
PE1 Gi0/0/0/0 *PtoP* Up 21 L2 Capable
Area Address(es): 49.0001
IPv4 Address(es): 10.1.3.3*
IPv6 Address(es): fe80::20c:29ff:fef4:412a*
Topologies: 'IPv4 Unicast' 'IPv6 Unicast'
Uptime: 4d08h
Step 2 Log in to the CE1 router and verify that the CE1 router has formed an IS-IS neighbor
relationship with the PE1 router.
IS-IS 1 neighbors:
System Id Interface SNPA State Holdtime Type IETF-NSF
PE1 Gi0/0/0/0 *PtoP* Up 29 L2 Capable
Use the show isis neighbors detail command. Verify that it has established the neighbor
relationships for both the IPv4 and IPv6 unicast address families.
RP/0/RP0/CPU0:CE1# show isis neighbors detail
IS-IS 1 neighbors:
System Id Interface SNPA State Holdtime Type IETF-NSF
PE1 Gi0/0/0/0 *PtoP* Up 28 L2 Capable
Area Address(es): 49.0001
IPv4 Address(es): 10.3.7.3*
IPv6 Address(es): fe80::20c:29ff:fef4:413e*
Topologies: 'IPv4 Unicast' 'IPv6 Unicast'
Uptime: 3d02h
Step 3 On the P1 router, verify the IPv4 routing table and make sure you have an IS-IS route to the
Loopback 0 addresses of all the nodes in the network.
Use the show route isis command.
RP/0/RP0/CPU0:P1# show route isis
Verify that there is a route to the Loopback 0 address of PE2 (10.4.4.4/32). Refer to the Job Aid
as reference for the loopback addresses.
Step 4 On the CE1 router, verify the IPv4 routing table and make sure you have an IS-IS route to the
Loopback 0 addresses of all the nodes in the network.
Use the show route isis command.
RP/0/RP0/CPU0:CE1# show route isis
Verify that there is a route to the Loopback 0 address of PE2 (10.4.4.4/32). Refer to the Job Aid
as a reference for the loopback addresses.
Activity Verification
You have completed this task when you attain the following results:
• You have verified that the IS-IS neighbor relationships have been established between routers within the
lab topology.
• You have verified that the IS-IS neighbor relationships are active for both IPv4 and IPv6 topologies.
• You have verified the IPv4 routing table has all Loopback 0 addresses within the lab topology.
Activity
Step 3 On the P1 router, display the Cisco Express Forwarding entry for the 10.10.10.10/32 prefix
received from P2 (10.1.2.2) and PE2 (10.1.4.4).
Use the show cef 10.10.10.10/32 command.
RP/0/RP0/CPU0:P1# show cef 10.10.10.10/32
10.10.10.10/32, version 79, internal 0x1000001 0x30 (ptr 0xe294b68) [1], 0x600
(0xe4492f0), 0xa28 (0xf764470)
Updated Mar 8 07:10:50.304
remote adjacency to GigabitEthernet0/0/0/2
Prefix Len 32, traffic index 0, precedence n/a, priority 3
gateway array (0xe2b1c28) reference count 9, flags 0x68, source lsd (5), 1 backups
[4 type 5 flags 0x8401 (0xea9eb88) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xe4492f0, sh-ldi=0xea9eb88]
gateway array update type-time 1 Mar 8 07:10:50.303
LDI Update time Mar 8 07:10:50.303
LW-LDI-TS Mar 8 07:10:50.303
via 10.1.2.2/32, GigabitEthernet0/0/0/2, 6 dependencies, weight 0, class 0 [flags
0x0]
path-idx 0 NHID 0x0 [0xd5ce190 0x0]
next hop 10.1.2.2/32
remote adjacency
local label 24032 labels imposed {24038}
via 10.1.4.4/32, GigabitEthernet0/0/0/1, 6 dependencies, weight 0, class 0 [flags
0x0]
path-idx 1 NHID 0x0 [0xd5cdf10 0x0]
next hop 10.1.4.4/32
remote adjacency
local label 24032 labels imposed {24036}
From the Cisco Express Forwarding entry, determine that the next hops to reach this prefix are
10.1.2.2 and 10.1.4.4. Determine that there will be one label imposed on packets sent to these
destinations.
Step 5 On the CE1 router, verify the Cisco Express Forwarding table.
Use the show cef command. There should be an entry for CE4 Loopback 0 (10.10.10.10/32).
RP/0/RP0/CPU0:CE1# show cef
Step 6 On the CE1 router, display the Cisco Express Forwarding entry for the 10.10.10.10/32 prefix
received from PE1 (10.3.7.3).
Use the show cef 10.10.10.10/32 command.
RP/0/RP0/CPU0:CE1# show cef 10.10.10.10/32
10.10.10.10/32, version 109, internal 0x1000001 0x30 (ptr 0xe1e0228) [1], 0x600
(0xe37d8d0), 0xa28 (0xea5bbe8)
Updated Mar 8 07:20:00.090
remote adjacency to GigabitEthernet0/0/0/0
Prefix Len 32, traffic index 0, precedence n/a, priority 3
gateway array (0xe1e6230) reference count 51, flags 0x68, source lsd (5), 1 backups
[18 type 5 flags 0x8401 (0xea9e408) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xe37d8d0, sh-ldi=0xea9e408]
gateway array update type-time 1 Mar 8 07:20:00.090
LDI Update time Mar 8 07:20:00.093
LW-LDI-TS Mar 8 07:20:00.093
via 10.3.7.3/32, GigabitEthernet0/0/0/0, 4 dependencies, weight 0, class 0 [flags
0x0]
path-idx 0 NHID 0x0 [0xd4c0fb0 0x0]
next hop 10.3.7.3/32
remote adjacency
local label 24037 labels imposed {24037}
From the Cisco Express Forwarding entry, determine that the next hop to reach this prefix is
10.3.7.3 and determine there will be one label imposed on packets sent to this destination.
Activity Verification
You have completed this task when you attain the following results:
• Verify that the MPLS forwarding table on both CE1 and P1 has the CE4 Loopback 0 entry.
• Verify that the Cisco Express Forwarding table on both CE1 and P1 has the CE4 Loopback 0 entry.
Activity
Step 2 On the P1 router, display the current MPLS label range information.
Use the show mpls label range command. You should see that there is a minimum value for
dynamic labels set to 24000.
RP/0/RP0/CPU0:P1# show mpls label range
Range for dynamic labels: Min/Max: 24000/1048575
Step 3 On the CE1 router, display the current label table information.
Use the show mpls label table command. You should see that there are currently no label
entries in the SRGB default range (16000-23999).
RP/0/RP0/CPU0:CE1# show mpls label table
Table Label Owner State Rewrite
----- ------- ------------------------------- ------ -------
0 0 LSD(A) InUse Yes
0 1 LSD(A) InUse Yes
0 2 LSD(A) InUse Yes
0 13 LSD(A) InUse Yes
0 24000 LDP(A) InUse Yes
0 24001 LDP(A) InUse Yes
0 24002 LDP(A) InUse Yes
< output omitted >
Step 4 On the CE1 router, display the current MPLS label range information.
Use the show mpls label range command. You should see that there is a minimum value for
dynamic labels set to 24000.
RP/0/RP0/CPU0:CE1# show mpls label range
Range for dynamic labels: Min/Max: 24000/1048575
Step 5 On the P1 and CE1 routers, enable IS-IS segment routing for the IPv4 unicast address family.
The following commands should be configured on the P1 router:
RP/0/RP0/CPU0:P1# configure terminal
RP/0/RP0/CPU0:P1(config)# router isis 1
RP/0/RP0/CPU0:P1(config-isis)# address-family ipv4 unicast
RP/0/RP0/CPU0:P1(config-isis-af)# segment-routing mpls
RP/0/RP0/CPU0:P1(config-isis-af)# commit
RP/0/RP0/CPU0:P1(config-isis-af)# end
RP/0/RP0/CPU0:P1#
Step 6 On the P1 router, display the detailed information of the MPLS label table.
Use the show mpls label table detail command. You should see that IS-IS is listed as the owner
for the label block starting at 16000. There are no entries for the SRGB range. The SRGB range
starts with the 16000 label and has the size 8000.
RP/0/RP0/CPU0:P1# show mpls label table detail
Table Label Owner State Rewrite
----- ------- ------------------------------- ------ -------
0 0 LSD(A) InUse Yes
0 1 LSD(A) InUse Yes
0 2 LSD(A) InUse Yes
0 13 LSD(A) InUse Yes
0 16000 ISIS(A):1 InUse No
(Lbl-blk SRGB, vers:0, (start_label=16000, size=8000)
0 24000 LDP(A) InUse Yes
(IPv4, vers:0, 'default':4U, 10.3.3.3/32)
0 24001 LDP(A) InUse Yes
(IPv4, vers:0, 'default':4U, 10.3.7.0/24)
0 24002 LDP(A) InUse Yes
(IPv4, vers:0, 'default':4U, 10.3.5.0/24)
0 24003 LDP(A) InUse Yes
(IPv6, vers:0, 'default':6U, 2001::3:3:3:3/128)
0 24004 LDP(A) InUse Yes
(IPv6, vers:0, 'default':6U, 2001::99:3:7:0/112)
< output omitted >
Step 7 On the P1 router, display the IS-IS database for P1 using the verbose option.
Use the show isis database verbose P1 command. You should see the SRGB specified as base
16000 and range 8000. Note which flags are set.
RP/0/RP0/CPU0:P1# show isis database verbose P1
Step 8 On the CE1 router, display the detailed information of the MPLS label table.
Use the show mpls label table detail command. You should see that IS-IS is listed as the owner
for the label block starting at 16000. There are no entries for the SRGB range. The SRGB range
starts with the 16000 label and has the size 8000.
RP/0/RP0/CPU0:CE1# show mpls label table detail
Table Label Owner State Rewrite
----- ------- ------------------------------- ------ -------
0 0 LSD(A) InUse Yes
0 1 LSD(A) InUse Yes
0 2 LSD(A) InUse Yes
0 13 LSD(A) InUse Yes
0 16000 ISIS(A):1 InUse No
(Lbl-blk SRGB, vers:0, (start_label=16000, size=8000)
0 24000 LDP(A) InUse Yes
(IPv4, vers:0, 'default':4U, 10.3.3.3/32)
0 24001 LDP(A) InUse Yes
(IPv4, vers:0, 'default':4U, 10.1.1.1/32)
0 24002 LDP(A) InUse Yes
(IPv4, vers:0, 'default':4U, 10.4.4.4/32)
0 24003 LDP(A) InUse Yes
< output omitted >
Step 9 On the CE1 router, display the IS-IS database for CE1 by using the verbose option.
Use the show isis database verbose CE1 command. You should see the SRGB specified as base
16000 and range 8000. Note which flags are set.
RP/0/RP0/CPU0:CE1# show isis database verbose CE1
Activity Verification
You have completed this task when you attain the following results:
• The P1 router has been enabled for IS-IS segment routing for the IPv4 address family.
• The CE1 router has been enabled for IS-IS segment routing for the IPv4 address family.
Step 1 On the P1 router, configure the loopback 0 interface with the following IS-IS segment routing
prefix SID index value: IPv4 Unicast Address-Family: 1.
Step 2 On the CE1 router, configure the loopback 0 interface with the following IS-IS segment routing
prefix SID index values: IPv4 Unicast Address-Family: 7.
Step 3 On the P1 router, display the IS-IS database for P1 using the verbose option again.
Use the show isis database verbose P1 command. You should see the prefix SID 1 is attached
to the Loopback0 with the IP address 10.1.1.1.
RP/0/RP0/CPU0:P1# show isis database verbose P1
IS-IS 1 (Level-2) Link State Database
LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
P1.00-00 * 0x0000000a 0x969a 1000 /* 0/0/0
Area Address: 49.0001
NLPID: 0xcc
NLPID: 0x8e
IP Address: 10.1.1.1
Metric: 10 IP-Extended 10.1.2.0/24
Prefix Attribute Flags: X:0 R:0 N:0 E:0 A:0
Metric: 10 IP-Extended 10.1.3.0/24
Prefix Attribute Flags: X:0 R:0 N:0 E:0 A:0
Metric: 10 IP-Extended 10.1.4.0/24
Prefix Attribute Flags: X:0 R:0 N:0 E:0 A:0
Metric: 0 IP-Extended 10.1.1.1/32
Prefix-SID Index: 1, Algorithm:0, R:0 N:1 P:0 E:0 V:0 L:0
Prefix Attribute Flags: X:0 R:0 N:1 E:0 A:0
Hostname: P1
IPv6 Address: 2001::1:1:1:1
< output omitted >
Step 4 On the P1 router, display the IS-IS database for CE1 using the verbose option.
Use the show isis database verbose CE1 command. You should see the prefix SID 7 is attached
to the Loopback0 with the IP address 10.7.7.7.
RP/0/RP0/CPU0:P1# show isis database verbose CE1
Activity Verification
You have completed this task when you attain the following results:
• The loopback 0 interface on the P1 router has been configured with the prefix SID index value for the
IPv4 address family.
• The loopback 0 interface on the CE1 router has been configured with the prefix SID index value for the
IPv4 address family.
Task 5: Configure and Verify the Segment Routing
Prefer
This task describes how to configure and verify the segment routing prefer feature on the CE1 router.
Activity
Step 1 On the CE1 router, verify the Cisco Express Forwarding table entry for CE4 Loopback0
(10.10.10.10/32).
Use the show cef 10.10.10.10/32 command. You should see that the MPLS LDP label (24037) is
imposed to forward the packet.
RP/0/RP0/CPU0:CE1# show cef 10.10.10.10/32
10.10.10.10/32, version 148, labeled SR, internal 0x1000001 0x8130 (ptr 0xe1e0228) [1],
0x600 (0xe37d8d0), 0xa28 (0xea5c7c8)
Updated Mar 8 07:51:35.531
remote adjacency to GigabitEthernet0/0/0/0
Prefix Len 32, traffic index 0, precedence n/a, priority 3
Extensions: context-label:16010
gateway array (0xe1e5920) reference count 24, flags 0x68, source lsd (5), 1 backups
[9 type 5 flags 0x8401 (0xea9e5e8) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xe37d8d0, sh-ldi=0xea9e5e8]
gateway array update type-time 1 Mar 8 07:51:35.088
LDI Update time Mar 8 07:51:35.093
LW-LDI-TS Mar 8 07:51:35.093
via 10.3.7.3/32, GigabitEthernet0/0/0/0, 14 dependencies, weight 0, class 0 [flags
0x0]
path-idx 0 NHID 0x0 [0xd4c0fb0 0x0]
next hop 10.3.7.3/32
remote adjacency
local label 24037 labels imposed {24037}
Step 2 On the CE1 router, verify the MPLS forwarding table entry for CE4 Loopback0
(10.10.10.10/32).
Use the show mpls forwarding prefix 10.10.10.10/32 command. You should see that the MPLS
LDP label (24037) is imposed to forward the packet.
RP/0/RP0/CPU0:CE1# show mpls forwarding prefix 10.10.10.10/32
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
24037 24037 10.10.10.10/32 Gi0/0/0/0 10.3.7.3 0
Step 3 On the CE1 router, configure the segment routing prefer feature in the IS-IS routing process.
To configure the segment routing prefer feature, use the following commands:
RP/0/RP0/CPU0:CE1# configure terminal
RP/0/RP0/CPU0:CE1(config)# router isis 1
RP/0/RP0/CPU0:CE1(config-isis)# address-family ipv4 unicast
RP/0/RP0/CPU0:CE1(config-isis-af)# segment-routing mpls sr-prefer
RP/0/RP0/CPU0:CE1(config-isis-af)# commit
RP/0/RP0/CPU0:CE1(config-isis-af)# end
RP/0/RP0/CPU0:CE1#
Step 4 On the CE1 router, verify the Cisco Express Forwarding table entry for CE4 Loopback0
(10.10.10.10/32) again.
Use the show cef 10.10.10.10/32 command. You should see the MPLS segment routing label
(16010) is imposed to forward a packet. MPLS segment routing is preferred over MPLS LDP.
RP/0/RP0/CPU0:CE1# show cef 10.10.10.10/32
10.10.10.10/32, version 165, labeled SR, internal 0x1000001 0x8310 (ptr 0xe1e0228) [1],
0x600 (0xe37e698), 0xa28 (0xea5b418)
Updated Mar 8 08:40:27.379
remote adjacency to GigabitEthernet0/0/0/0
Prefix Len 32, traffic index 0, precedence n/a, priority 1
gateway array (0xe1e64e8) reference count 24, flags 0x68, source rib (7), 1 backups
[9 type 5 flags 0x8401 (0xea9e8e8) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xe37e698, sh-ldi=0xea9e8e8]
gateway array update type-time 1 Mar 8 08:40:27.380
LDI Update time Mar 8 08:40:27.380
LW-LDI-TS Mar 8 08:40:27.380
via 10.3.7.3/32, GigabitEthernet0/0/0/0, 12 dependencies, weight 0, class 0 [flags
0x0]
path-idx 0 NHID 0x0 [0xd4c0fb0 0x0]
next hop 10.3.7.3/32
remote adjacency
local label 16010 labels imposed {16010}
Step 5 On the CE1 router, verify the MPLS forwarding table entry for CE4 Loopback0
(10.10.10.10/32) again.
Use the show mpls forwarding prefix 10.10.10.10/32 command. You should see the MPLS
segment routing label (16010) is imposed to forward a packet. The MPLS segment routing is
preferred over MPLS LDP.
RP/0/RP0/CPU0:CE1# show mpls forwarding prefix 10.10.10.10/32
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16010 16010 SR Pfx (idx 10) Gi0/0/0/0 10.3.7.3 0
Activity Verification
You have completed this task when you attain the following results:
• Verify that the MPLS LDP label is imposed to forward a packet by default.
• Verify that the CE1 router is configured with the segment routing prefer feature.
• After the segment routing Prefer feature is configured, verify that the MPLS segment routing label is
imposed to forward a packet.
Activity
Step 1 On the PE2 router, enable OSPF area 0 for IPv4 on the Gigabit Ethernet interfaces and
Loopback 0 interface.
Step 4 On the PE2 router, display the detailed information of the MPLS label table.
Use the show mpls label table detail command. You should see that IS-IS and OSPF are listed
as the owners for the label block starting at 16000. The SRGB range starts with the 16000 label
and has the size 8000.
RP/0/RP0/CPU0:PE2# show mpls label table detail
Table Label Owner State Rewrite
----- ------- ------------------------------- ------ -------
0 0 LSD(A) InUse Yes
0 1 LSD(A) InUse Yes
0 2 LSD(A) InUse Yes
0 13 LSD(A) InUse Yes
0 16000 ISIS(A):1 InUse No
OSPF(A):ospf-1 InUse No
(Lbl-blk SRGB, vers:0, (start_label=16000, size=8000)
0 24000 ISIS(A):1 InUse Yes
(SR Adj Segment IPv4, vers:0, index=1, type=0, intf=Gi0/0/0/0, nh=10.1.4.1)
0 24001 ISIS(A):1 InUse Yes
(SR Adj Segment IPv4, vers:0, index=3, type=0, intf=Gi0/0/0/0, nh=10.1.4.1)
0 24002 LDP(A) InUse Yes
(IPv4, vers:0, 'default':4U, 10.1.1.1/32)
< output omitted >
Step 5 On the PE2 router, display the OSPF database opaque type 4 entry.
Use the show ospf database opaque-area 4.0.0.0 self-originate command. You should see the
SRGB specified as base 16000 and range 8000.
RP/0/RP0/CPU0:PE2# show ospf database opaque-area 4.0.0.0 self-originate
LS age: 195
Options: (No TOS-capability, DC)
LS Type: Opaque Area Link
Link State ID: 4.0.0.0
Opaque Type: 4
Opaque ID: 0
Advertising Router: 10.4.4.4
LS Seq Number: 80000002
Checksum: 0x87da
Length: 68
Step 6 On the PE2 router, display the OSPF database opaque type 7 entry.
Use the show ospf database opaque-area 7.0.0.1 self-originate command. You should see
prefix SID index value 14 for prefix 10.4.4.4/32.
RP/0/RP0/CPU0:PE2# show ospf database opaque-area 7.0.0.1 self-originate
LS age: 435
Options: (No TOS-capability, DC)
LS Type: Opaque Area Link
Link State ID: 7.0.0.1
Opaque Type: 7
Opaque ID: 1
Advertising Router: 10.4.4.4
LS Seq Number: 80000001
Checksum: 0x81e3
Length: 44
Step 7 On the PE2 router, display the OSPF database opaque type 8 entry.
Use the show ospf database opaque-area 8.0.0.9 self-originate command. This output should
display adjacency SIDs, but the output is empty since there are no OSPF adjacencies.
RP/0/RP0/CPU0:PE2# show ospf database opaque-area 8.0.0.9 self-originate
In the next step, you will enable OSPF on the CE2 router. PE2 and CE2 routers will form OSPF
adjacency.
Step 8 On the CE2 router, enable OSPF area 0 for IPv4 on the Gigabit Ethernet 0/0/0/0 and Loopback 0
interfaces, enable OSPF segment routing support, and configure the Loopback 0 interface with
the following OSPF segment routing Prefix-SID absolute value: 16018.
The following commands should be configured on the CE2 router:
RP/0/RP0/CPU0:CE2# configure terminal
RP/0/RP0/CPU0:CE2(config)# router ospf 1
RP/0/RP0/CPU0:CE2(config-ospf)# address-family ipv4 unicast
RP/0/RP0/CPU0:CE2(config-ospf)# segment-routing mpls
RP/0/RP0/CPU0:CE2(config-ospf)# segment-routing forwarding mpls
RP/0/RP0/CPU0:CE2(config-ospf)# area 0
RP/0/RP0/CPU0:CE2(config-ospf-ar)# interface Loopback 0
RP/0/RP0/CPU0:CE2(config-ospf-ar-if)# prefix-sid absolute 16018
RP/0/RP0/CPU0:CE2(config-ospf-ar-if)# exit
RP/0/RP0/CPU0:CE2(config-ospf-ar)# interface GigabitEthernet 0/0/0/0
RP/0/RP0/CPU0:CE2(config-ospf-ar-if)# commit
RP/0/RP0/CPU0:CE2(config-ospf-ar-if)# end
You should see the established OSPF adjacency between CE2 and PE2 routers:
RP/0/RP0/CPU0:CE2# show ospf neighbor
Step 10 On the PE2 router, display the OSPF database opaque type 8 entry again.
Use the show ospf database opaque-area 8.0.0.9 self-originate command. This output displays
adjacency SID (24042) for neighbor CE2 (10.8.8.8) as advertised by the PE2 router.
RP/0/RP0/CPU0:PE2# show ospf database opaque-area 8.0.0.9 self-originate
LS age: 42
Options: (No TOS-capability, DC)
LS Type: Opaque Area Link
Link State ID: 8.0.0.9
Opaque Type: 8
Opaque ID: 9
Advertising Router: 10.4.4.4
LS Seq Number: 80000002
Checksum: 0x5ac2
Length: 116
RP/0/RP0/CPU0:PE2#
Activity Verification
You have completed this task when you attain the following results:
• The PE2 and CE2 routers have been enabled for OSPF segment routing for the IPv4 address family.
• The Loopback 0 interface on the PE2 and CE2 routers have been configured with the prefix SID
absolute value for the IPv4 address family.
1. Which one of the show commands displays the prefix SID index value?
A. The show ospf database opaque-area 4.0.0.0 self-originate command
B. The show ospf database opaque-area 7.0.0.1 self-originate command
C. The show ospf database opaque-area 9.0.0.8 self-originate command
D. The show ospf database opaque-area 8.0.0.9 self-originate command
Discovery 7: Configure and Verify SR TI-LFA
Using IS-IS
Introduction
In this lab exercise, you will configure and verify the operation of TI-LFA Fast Reroute using the IS-IS
routing protocol. You will verify TI-LFA FRR for zero-segment, single-segment, and double-segment
protection.
Activity Objective
After completing this activity, you will be able to meet these objectives:
• Verify Segment Routing configuration in the IS-IS routing protocol and examine Cisco Express
Forwarding and MPLS entries
• Configure TI-LFA to employ the zero-segment protection
• Configure TI-LFA to employ the single-segment protection
• Configure TI-LFA to employ the double-segment protection
Visual Objective
The following are the preconfigured lab tasks:
• All routers have IS-IS configured for full reachability.
• All routers have MPLS SR configured.
• There is no MPLS LDP configured.
The student pod is accessible through the Cisco Learning Services Lab Portal at https://htdlab.cisco.com.
Each pod has access to the following:
• A virtualized Linux management jump host to facilitate access to all routers.
• Virtualized routers that are based on Cisco IOS XR and that consist of four PE routers, two P routers,
and four CE routers.
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Job Aid
The following credentials will be required for this lab:
Jumphost 172.16.1.100/24
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Activity
Step 1 On the PE1 router, list MPLS labels to verify that Segment Routing is enabled in the IS-IS
routing protocol.
Use the show mpls label table command. You should see the Segment Routing Prefix-SID and
Adjacency-SID labels. Labels are distributed by IS-IS.
RP/0/RP0/CPU0:PE1# show mpls label table
Table Label Owner State Rewrite
----- ------- ------------------------------- ------ -------
0 0 LSD(A) InUse Yes
0 1 LSD(A) InUse Yes
0 2 LSD(A) InUse Yes
0 13 LSD(A) InUse Yes
0 16000 ISIS(A):1 InUse No
0 24000 ISIS(A):1 InUse Yes
0 24001 ISIS(A):1 InUse Yes
0 24002 ISIS(A):1 InUse Yes
0 24003 ISIS(A):1 InUse Yes
0 24004 ISIS(A):1 InUse Yes
0 24005 ISIS(A):1 InUse Yes
Step 3 On the PE1 router, verify the Cisco Express Forwarding table entry for CE3 loopback 0
(10.9.9.9/32).
Use the show cef 10.9.9.9/32 command. You should see that the MPLS SR label (16009) is
imposed to forward the packet to the PE3 (10.3.5.5) router.
RP/0/RP0/CPU0:PE1# show cef 10.9.9.9/32
10.9.9.9/32, version 192, labeled SR, internal 0x1000001 0x8110 (ptr 0xe3f76a8) [1],
0x600 (0xe594e28), 0xa28 (0xe95b5f8)
Updated Apr 1 07:28:51.578
remote adjacency to GigabitEthernet0/0/0/1
Prefix Len 32, traffic index 0, precedence n/a, priority 1
gateway array (0xe3fdee0) reference count 6, flags 0x68, source rib (7), 0 backups
[3 type 5 flags 0x8401 (0xe99e828) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xe594e28, sh-ldi=0xe99e828]
gateway array update type-time 1 Apr 1 07:28:14.063
LDI Update time Apr 1 07:28:14.064
LW-LDI-TS Apr 1 07:28:51.577
via 10.3.5.5/32, GigabitEthernet0/0/0/1, 6 dependencies, weight 0, class 0 [flags
0x0]
path-idx 0 NHID 0x0 [0xda100f0 0x0]
next hop 10.3.5.5/32
remote adjacency
local label 16009 labels imposed {16009}
Step 4 On the PE1 router, verify the MPLS forwarding table entry for CE3 loopback 0 (10.9.9.9/32).
Use the show mpls forwarding prefix 10.9.9.9/32 command. You should see that the MPLS SR
local label 16009 is swapped with the same MPLS SR outgoing label when the packet is sent to
the next-hop 10.3.5.5 (PE3).
RP/0/RP0/CPU0:PE1# show mpls forwarding prefix 10.9.9.9/32
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16009 16009 SR Pfx (idx 9) Gi0/0/0/1 10.3.5.5 0
Step 5 On the CE1 router, verify the connectivity from the CE1 loopback 0 to the CE3 loopback 0.
Use the ping 10.9.9.9 source Loopback 0 command. The ping between CE1 loopback 0 and
CE3 loopback 0 should be successful.
RP/0/RP0/CPU0:CE1# ping 10.9.9.9 source Loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.9.9.9, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 72/92/128 ms
Step 6 On the CE1 router, verify which path the packet takes when reaching CE3 loopback 0.
Use the traceroute 10.9.9.9 command. The packet between CE1 and CE3 loopback 0 will be
routed to PE1 (10.3.7.3), PE3 (10.3.5.5), and CE3 (10.5.9.9).
RP/0/RP0/CPU0:CE1# traceroute 10.9.9.9
Activity Verification
You have completed this task when you attain the following results:
• Verify that Segment Routing Prefix-SID and Adjacency-SID labels are distributed by IS-IS.
• Verify MPLS SR label swapping.
• Verify connectivity between CE1 loopback 0 and CE3 loopback 0.
• Verify packet path between CE1 and CE3 loopback 0.
Step 1 On the PE1 router, view the routing entry to the CE3 loopback 0 (10.9.9.9/32).
Use the show route 10.9.9.9/32 command. Observe that PE1 has a path to reach the CE3
loopback 0 through PE3 (10.3.5.5).
RP/0/RP0/CPU0:PE1# show route 10.9.9.9/32
Step 2 On the PE1 router, display the IS-IS FRR summary information to determine the current fast-
reroute state.
Use the show isis fast-reroute summary command. Observe that there is currently no
protection coverage.
RP/0/RP0/CPU0:PE1# show isis fast-reroute summary
Step 3 On the PE1 router, display the IS-IS FRR detailed information for the CE3 loopback 0 interface
network, 10.9.9.9/32.
Use the show isis fast-reroute 10.9.9.9/32 detail command. Observe that there is no FRR
backup for this network.
RP/0/RP0/CPU0:PE1# show isis fast-reroute 10.9.9.9/32 detail
Step 4 On the PE1 router, display the IS-IS adjacency database detailed information for the adjacency
to PE3.
Use the show isis adjacency systemid PE3 detail command. Observe that the adjacency SID is
not protected. A similar output can also be observed for the other adjacencies.
RP/0/RP0/CPU0:PE1# show isis adjacency systemid PE3 detail
Step 5 On the PE1 router within IS-IS IPv4 unicast address family, configure fast-reroute and enable it
to use the TI-LFA computation on all IS-IS interfaces connecting to other nodes.
Make sure that you have configured TI-LFA on the PE1 router and on the Gigabit Ethernet
0/0/0/0, Gigabit Ethernet 0/0/0/1, and Gigabit Ethernet 0/0/0/2 interfaces.
Step 6 On the PE1 router, display the IS-IS FRR summary information again to determine the FRR
state.
Use the show isis fast-reroute summary command. Observe the protection coverage state.
RP/0/RP0/CPU0:PE1# show isis fast-reroute summary
Step 7 On the PE1 router, display the IS-IS FRR detailed information for the CE3 loopback 0 interface
network, 10.9.9.9/32.
Use the show isis fast-reroute 10.9.9.9/32 detail command. Observe the FRR backup path.
RP/0/RP0/CPU0:PE1# show isis fast-reroute 10.9.9.9/32 detail
Step 8 On the PE1 router, display the IS-IS adjacency database detailed information for the adjacency
to PE3.
Use the show isis adjacency systemid PE3 detail command. Observe that the adjacency SID
protection and the backup label stack.
RP/0/RP0/CPU0:PE1# show isis adjacency systemid PE3 detail
Step 9 On the PE1 router, disable the interface toward PE3 (GigabitEthernet0/0/0/1) and trace packets
from CE1 to CE3 routers.
To disable the GigabitEthernet0/0/0/1 interface on the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1# configure terminal
RP/0/RP0/CPU0:PE1(config)# interface GigabitEthernet 0/0/0/1
RP/0/RP0/CPU0:PE1(config-if)# shutdown
RP/0/RP0/CPU0:PE1(config-if)# commit
RP/0/RP0/CPU0:PE1(config-if)# end
RP/0/RP0/CPU0:PE1#
Send the trace packets from CE1 to CE3 Loopback0 (10.9.9.9). The trace should show PE1
(10.3.7.3), P1 (10.1.3.1), P2 (10.1.2.2), and PE3 (10.2.5.5).
RP/0/RP0/CPU0:CE1# traceroute 10.9.9.9
1 10.3.7.3 [MPLS: Label 16009 Exp 0] 172 msec 193 msec 652 msec
2 10.1.3.1 [MPLS: Label 16009 Exp 0] 439 msec 201 msec 694 msec
3 10.1.2.2 [MPLS: Label 16009 Exp 0] 245 msec 180 msec 193 msec
4 10.2.5.5 [MPLS: Label 16009 Exp 0] 161 msec 195 msec 218 msec
5 10.5.9.9 373 msec 656 msec 247 msec
RP/0/RP0/CPU0:CE1#
Step 10 On the PE1 router, enable the interface toward PE3 (GigabitEthernet0/0/0/1).
To enable the GigabitEthernet0/0/0/1 interface on the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1# configure terminal
RP/0/RP0/CPU0:PE1(config)# interface GigabitEthernet 0/0/0/1
RP/0/RP0/CPU0:PE1(config-if)# no shutdown
RP/0/RP0/CPU0:PE1(config-if)# commit
RP/0/RP0/CPU0:PE1(config-if)# end
RP/0/RP0/CPU0:PE1#
Activity Verification
You have completed this task when you attain the following results:
• The path from PE1 to CE3 was observed to be unprotected by FRR.
• PE1 has been configured with FRR using TI-LFA in the IS-IS routing protocol computation on all
interfaces.
• The path from PE1 to CE3 has been verified to be protected using FRR TI-LFA in the IS-IS routing
protocol.
TI-LFA calculates backup paths for all destinations that are reached over that interface. TI-LFA
computation on PE1 for destination CE3 results in a zero-segment backup path. TI-LFA calculates that the
post-convergence path to CE3, for a failure of the link between PE1 and PE3, goes through P1. P1 provides
a loop-free path to destination CE3. P1 is a loop-free alternate for destination CE3. No extra labels must be
imposed on the packets steered on the backup path—PE1 simply forwards them to P1.
Activity
Step 1 On the PE1 router, display the IS-IS FRR detailed information for the CE3 loopback 0 network
10.9.9.9/32.
Use the show isis fast-reroute 10.9.9.9/32 detail command. Observe the backup path is through
P1 (10.1.3.1).
RP/0/RP0/CPU0:PE1# show isis fast-reroute 10.9.9.9/32 detail
Step 2 On the PE1 router, display the detailed route entry for the CE3 loopback 0 network 10.9.9.9/32.
Use the show route 10.9.9.9/32 detail command. Observe that the backup path requires no extra
labels to be imposed on the packets steered on the backup path—PE1 simply forwards them to
P1.
RP/0/RP0/CPU0:PE1# show route 10.9.9.9/32 detail
Step 3 On the PE1 router, display the Cisco Express Forwarding entry for the CE3 loopback 0 network
10.9.9.9/32.
Use the show cef 10.9.9.9/32 command. Observe the primary and backup paths.
RP/0/RP0/CPU0:PE1# show cef 10.9.9.9/32
10.9.9.9/32, version 255, labeled SR, internal 0x1000001 0x8110 (ptr 0xe3f76a8) [1],
0x600 (0xe594e28), 0xa28 (0xf547100)
Updated Apr 1 08:11:19.999
remote adjacency to GigabitEthernet0/0/0/1
Prefix Len 32, traffic index 0, precedence n/a, priority 1
gateway array (0xe3fccc0) reference count 6, flags 0x500068, source rib (7), 0
backups
[3 type 5 flags 0x8401 (0xe99e8e8) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xe594e28, sh-ldi=0xe99e8e8]
gateway array update type-time 1 Apr 1 08:11:19.999
LDI Update time Apr 1 08:11:19.999
LW-LDI-TS Apr 1 08:11:19.999
via 10.1.3.1/32, GigabitEthernet0/0/0/0, 8 dependencies, weight 0, class 0, backup
(Local-LFA) [flags 0x300]
path-idx 0 NHID 0x0 [0xda10050 0x0]
next hop 10.1.3.1/32
remote adjacency
local label 16009 labels imposed {16009}
via 10.3.5.5/32, GigabitEthernet0/0/0/1, 6 dependencies, weight 0, class 0,
protected [flags 0x400]
path-idx 1 bkup-idx 0 NHID 0x0 [0xda81190 0x0]
next hop 10.3.5.5/32
local label 16009 labels imposed {16009}
Step 4 On the PE1 router, display the detailed MPLS forwarding entry for the SR label for CE3, 16009.
Use the show mpls forwarding labels 16009 detail command. Observe the primary and backup
path for packets with the prefix-SID label of CE3, 16009.
RP/0/RP0/CPU0:PE1# show mpls forwarding labels 16009 detail
Activity Verification
You have completed this task when you attain the following results:
• Verify that PE1 has been enabled for FRR using TI-LFA.
• The zero-segment backup path entries from PE1 to CE3 have been verified.
Click the Objectives tab to view a visual diagram for this task.
The TI-LFA backup path for destination PE3 on PE1 goes through PQ-node PE2.
Activity
Step 1 On the P1 router, within the IS-IS IPv4 unicast address family, configure FRR and enable it to
use the TI-LFA computation on all IS-IS interfaces connecting to other nodes
Use the following commands:
RP/0/RP0/CPU0:P1# configure terminal
RP/0/RP0/CPU0:P1(config)# router isis 1
RP/0/RP0/CPU0:P1(config-isis)# interface GigabitEthernet 0/0/0/0
RP/0/RP0/CPU0:P1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:P1(config-isis-if-af)# fast-reroute per-prefix
RP/0/RP0/CPU0:P1(config-isis-if-af)# fast-reroute per-prefix ti-lfa
RP/0/RP0/CPU0:P1(config-isis-if-af)# exit
RP/0/RP0/CPU0:P1(config-isis-if)# exit
RP/0/RP0/CPU0:P1(config-isis)# interface GigabitEthernet 0/0/0/1
RP/0/RP0/CPU0:P1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:P1(config-isis-if-af)# fast-reroute per-prefix
RP/0/RP0/CPU0:P1(config-isis-if-af)# fast-reroute per-prefix ti-lfa
RP/0/RP0/CPU0:P1(config-isis-if-af)# exit
RP/0/RP0/CPU0:P1(config-isis-if)# exit
RP/0/RP0/CPU0:P1(config-isis)# interface GigabitEthernet 0/0/0/2
RP/0/RP0/CPU0:P1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:P1(config-isis-if-af)# fast-reroute per-prefix
RP/0/RP0/CPU0:P1(config-isis-if-af)# fast-reroute per-prefix ti-lfa
RP/0/RP0/CPU0:P1(config-isis-if-af)# commit
RP/0/RP0/CPU0:P1(config-isis-if-af)# end
RP/0/RP0/CPU0:P1#
Make sure that you have configured TI-LFA on the P1 router and on the Gigabit Ethernet
0/0/0/0, Gigabit Ethernet 0/0/0/1, and Gigabit Ethernet 0/0/0/2 interfaces.
Step 2 Modify the cost of the link within the IS-IS IPv4 unicast address family between the P1 and P2
routers.
Modify the P1 router interface Gi0/0/0/2 IS-IS IPv4 unicast address family cost to 1000.
RP/0/RP0/CPU0:P1# configure terminal
RP/0/RP0/CPU0:P1(config)# router isis 1
RP/0/RP0/CPU0:P1(config-isis)# interface GigabitEthernet 0/0/0/2
RP/0/RP0/CPU0:P1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:P1(config-isis-if-af)# metric 1000
RP/0/RP0/CPU0:P1(config-isis-if-af)# commit
RP/0/RP0/CPU0:P1(config-isis-if-af)# end
RP/0/RP0/CPU0:P1#
Modify the P2 router interface Gi0/0/0/2 IS-IS IPv4 unicast address family cost to 1000.
RP/0/RP0/CPU0:P2# configure terminal
RP/0/RP0/CPU0:P2(config)# router isis 1
RP/0/RP0/CPU0:P2(config-isis)# interface GigabitEthernet 0/0/0/2
RP/0/RP0/CPU0:P2(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:P2(config-isis-if-af)# metric 1000
RP/0/RP0/CPU0:P2(config-isis-if-af)# commit
RP/0/RP0/CPU0:P2(config-isis-if-af)# end
RP/0/RP0/CPU0:P2#
Step 3 On the PE1 router, display the detailed IS-IS FRR information of the CE3 loopback 0 network
10.9.9.9/32.
Use the show isis fast-reroute 10.9.9.9/32 detail command. Observe the backup path and the P
node.
RP/0/RP0/CPU0:PE1# show isis fast-reroute 10.9.9.9/32 detail
Step 4 On the PE1 router, display the detailed route entry for the CE3 loopback 0 network 10.9.9.9/32.
Use the show route 10.9.9.9/32 detail command. Observe the backup path entry and the labels
associated with the backup path.
RP/0/RP0/CPU0:PE1# show route 10.9.9.9/32 detail
Use the show cef 10.9.9.9/32 command. Observe the backup path and the labels imposed for the
backup path.
RP/0/RP0/CPU0:PE1# show cef 10.9.9.9/32
10.9.9.9/32, version 275, labeled SR, internal 0x1000001 0x8110 (ptr 0xe3f76a8) [1],
0x600 (0xe594e28), 0xa28 (0xf547418)
Updated Apr 1 08:20:38.789
remote adjacency to GigabitEthernet0/0/0/1
Prefix Len 32, traffic index 0, precedence n/a, priority 1
gateway array (0xe3fdfc8) reference count 3, flags 0x500068, source rib (7), 0
backups
[2 type 5 flags 0x8401 (0xe99e4c8) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xe594e28, sh-ldi=0xe99e4c8]
gateway array update type-time 1 Apr 1 08:20:38.789
LDI Update time Apr 1 08:20:38.794
LW-LDI-TS Apr 1 08:20:38.794
via 10.1.3.1/32, GigabitEthernet0/0/0/0, 10 dependencies, weight 0, class 0, backup
(TI-LFA) [flags 0xb00]
path-idx 0 NHID 0x0 [0xda10050 0x0]
next hop 10.1.3.1/32, Repair Node(s): 10.2.2.2
remote adjacency
local label 16009 labels imposed {16002 16009}
via 10.3.5.5/32, GigabitEthernet0/0/0/1, 8 dependencies, weight 0, class 0,
protected [flags 0x400]
path-idx 1 bkup-idx 0 NHID 0x0 [0xda81190 0x0]
next hop 10.3.5.5/32
local label 16009 labels imposed {16009}
Step 6 On the PE1 router, display the detailed MPLS forwarding entry for the SR label for CE3, 16009.
Use the show mpls forwarding labels 16009 detail command. Observe the primary and backup
path for packets with the prefix-SID label of CE3, 16009.
RP/0/RP0/CPU0:PE1# show mpls forwarding labels 16009 detail
Step 7 On the PE1 router, disable the interface toward PE3 (GigabitEthernet0/0/0/1) and trace packets
from CE1 to CE3 routers.
To disable the GigabitEthernet0/0/0/1 interface on the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1# configure terminal
RP/0/RP0/CPU0:PE1(config)# interface GigabitEthernet 0/0/0/1
RP/0/RP0/CPU0:PE1(config-if)# shutdown
RP/0/RP0/CPU0:PE1(config-if)# commit
RP/0/RP0/CPU0:PE1(config-if)# end
RP/0/RP0/CPU0:PE1#
Send the trace packets from CE1 to CE3 Loopback0 (10.9.9.9). The trace should show PE1
(10.3.7.3), P1 (10.1.3.1), PE2 (10.1.4.4), PE4 (10.4.6.6), P2 (10.2.6.2), and PE3 (10.2.5.5).
RP/0/RP0/CPU0:CE1# traceroute 10.9.9.9
To enable the GigabitEthernet0/0/0/1 interface on the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1# configure terminal
RP/0/RP0/CPU0:PE1(config)# interface GigabitEthernet 0/0/0/1
RP/0/RP0/CPU0:PE1(config-if)# no shutdown
RP/0/RP0/CPU0:PE1(config-if)# commit
RP/0/RP0/CPU0:PE1(config-if)# end
RP/0/RP0/CPU0:PE1#
Activity Verification
You have completed this task when you attain the following results:
• P1 has been configured with FRR TI-LFA in the IS-IS routing protocol.
• Single-segment protection operation has been observed at PE1 for the CE3 destination.
Click the Objectives tab to view a visual diagram for this task.
The post-convergence path is indicated in green in the figure. TI-LFA picks a P-node and Q-node that are
located on the post-convergence path. In this case, the P-node is PE2 and the Q-node is PE4. Because the P-
node PE2 is not adjacent, an extra label must be imposed to steer traffic to P-node PE2. PE1 needs to
impose two labels on the backup path: The prefix-SID label to go from PE1 to the P-node PE2 and an
adjacent-SID label to go from the P-node PE2 to the Q-node PE4.
Activity
Step 1 On the PE2 router, within the IS-IS IPv4 unicast address family, configure FRR and enable FRR
to use TI-LFA computation on all IS-IS interfaces connecting to other nodes.
Use the following commands:
RP/0/RP0/CPU0:PE2# configure terminal
RP/0/RP0/CPU0:PE2(config)# router isis 1
RP/0/RP0/CPU0:PE2(config-isis)# interface GigabitEthernet 0/0/0/0
RP/0/RP0/CPU0:PE2(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE2(config-isis-if-af)# fast-reroute per-prefix
RP/0/RP0/CPU0:PE2(config-isis-if-af)# fast-reroute per-prefix ti-lfa
RP/0/RP0/CPU0:PE2(config-isis-if-af)# exit
RP/0/RP0/CPU0:PE2(config-isis-if)# exit
RP/0/RP0/CPU0:PE2(config-isis)# interface GigabitEthernet 0/0/0/1
RP/0/RP0/CPU0:PE2(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE2(config-isis-if-af)# fast-reroute per-prefix
RP/0/RP0/CPU0:PE2(config-isis-if-af)# fast-reroute per-prefix ti-lfa
RP/0/RP0/CPU0:PE2(config-isis-if-af)# exit
RP/0/RP0/CPU0:PE2(config-isis-if)# exit
RP/0/RP0/CPU0:PE2(config-isis)# interface GigabitEthernet 0/0/0/2
RP/0/RP0/CPU0:PE2(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE2(config-isis-if-af)# fast-reroute per-prefix
RP/0/RP0/CPU0:PE2(config-isis-if-af)# fast-reroute per-prefix ti-lfa
RP/0/RP0/CPU0:PE2(config-isis-if-af)# commit
RP/0/RP0/CPU0:PE2(config-isis-if-af)# end
RP/0/RP0/CPU0:PE2#
Make sure that you have configured TI-LFA on the PE2 router and on the Gigabit Ethernet
0/0/0/0, Gigabit Ethernet 0/0/0/1, and Gigabit Ethernet 0/0/0/2 interfaces.
Step 2 Modify the cost of the link within the IS-IS IPv4 unicast address family between the PE2 and
PE4 routers.
Modify the PE2 router interface Gi0/0/0/1 IS-IS IPv4 unicast address family cost to 500.
RP/0/RP0/CPU0:PE2# configure terminal
RP/0/RP0/CPU0:PE2(config)# router isis 1
RP/0/RP0/CPU0:PE2(config-isis)# interface GigabitEthernet 0/0/0/1
RP/0/RP0/CPU0:PE2(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE2(config-isis-if-af)# metric 500
RP/0/RP0/CPU0:PE2(config-isis-if-af)# commit
RP/0/RP0/CPU0:PE2(config-isis-if-af)# end
RP/0/RP0/CPU0:PE2#
Modify the PE4 router interface Gi0/0/0/1 IS-IS IPv4 unicast address family cost to 500.
RP/0/RP0/CPU0:PE4# configure terminal
RP/0/RP0/CPU0:PE4(config)# router isis 1
RP/0/RP0/CPU0:PE4(config-isis)# interface GigabitEthernet 0/0/0/1
RP/0/RP0/CPU0:PE4(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE4(config-isis-if-af)# metric 500
RP/0/RP0/CPU0:PE4(config-isis-if-af)# commit
RP/0/RP0/CPU0:PE4(config-isis-if-af)# end
RP/0/RP0/CPU0:PE4#
Step 3 On the PE1 router, display the detailed IS-IS FRR information of the CE3 loopback 0 network
10.9.9.9/32.
Use the show isis fast-reroute 10.9.9.9/32 detail command. Observe the P node and Q node
values. Record the Q node label value (24005 in the following output) to use in the next step.
RP/0/RP0/CPU0:PE1# show isis fast-reroute 10.9.9.9/32 detail
Step 4 On the PE1 router, display the MPLS forwarding label information for the Q node label recorded
in the previous step.
Use the show isis database verbose PE2 detail command. You can verify adjacency SID by
using the following IS-IS verification command:
RP/0/RP0/CPU0:PE1# show isis database verbose PE2 detail
Step 5 On the PE1 router, display the detailed route entry for the CE3 loopback 0 network 10.9.9.9/32.
Use the show route 10.9.9.9/32 detail command. Observe the backup path entry and the labels
associated with the backup path.
RP/0/RP0/CPU0:PE1# show route 10.9.9.9/32 detail
Step 6 On the PE1 router, display the Cisco Express Forwarding entry for the CE3 loopback 0 network
10.9.9.9/32.
Use the show cef 10.9.9.9/32 command. Observe the backup path and the labels imposed for the
backup path.
RP/0/RP0/CPU0:PE1# show cef 10.9.9.9/32
10.9.9.9/32, version 145, labeled SR, internal 0x1000001 0x81 (ptr 0xdf1e910) [1], 0x0
(0xe0e2068), 0xa28 (0xf3b6138)
Updated Aug 10 10:28:48.878
remote adjacency to GigabitEthernet0/0/0/1
Prefix Len 32, traffic index 0, precedence n/a, priority 1
via 10.1.3.1/32, GigabitEthernet0/0/0/0, 9 dependencies, weight 0, class 0, backup
(TI-LFA) [flags 0xb00]
path-idx 0 NHID 0x0 [0xf203380 0x0]
next hop 10.1.3.1/32, Repair Node(s): 10.4.4.4, 10.6.6.6
remote adjacency
local label 16009 labels imposed {16004 24005 16009}
via 10.3.5.5/32, GigabitEthernet0/0/0/1, 6 dependencies, weight 0, class 0,
protected [flags 0x400]
path-idx 1 bkup-idx 0 NHID 0x0 [0xf46d510 0x0]
next hop 10.3.5.5/32
local label 16009 labels imposed {16009}
Step 7 On the PE1 router, disable the interface toward PE3 (GigabitEthernet0/0/0/1) and trace packets
from CE1 to CE3 routers.
To disable the GigabitEthernet0/0/0/1 interface on the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1# configure terminal
RP/0/RP0/CPU0:PE1(config)# interface GigabitEthernet 0/0/0/1
RP/0/RP0/CPU0:PE1(config-if)# shutdown
RP/0/RP0/CPU0:PE1(config-if)# commit
RP/0/RP0/CPU0:PE1(config-if)# end
RP/0/RP0/CPU0:PE1#
Send the trace packets from CE1 to CE3 Loopback0 (10.9.9.9). The trace should show PE1
(10.3.7.3), P1 (10.1.3.1), PE2 (10.1.4.4), PE4 (10.4.6.6), P2 (10.2.6.2), and PE3 (10.2.5.5).
RP/0/RP0/CPU0:CE1# traceroute 10.9.9.9
1 10.3.7.3 [MPLS: Label 16009 Exp 0] 522 msec 2061 msec 516 msec
2 10.1.3.1 [MPLS: Label 16009 Exp 0] 584 msec 1467 msec 795 msec
3 10.1.4.4 [MPLS: Label 16009 Exp 0] 457 msec 473 msec 1708 msec
4 10.4.6.6 [MPLS: Label 16009 Exp 0] 501 msec 520 msec 2179 msec
5 10.2.6.2 [MPLS: Label 16009 Exp 0] 484 msec 497 msec 1908 msec
6 10.2.5.5 [MPLS: Label 16009 Exp 0] 509 msec 472 msec 1351 msec
7 10.5.9.9 972 msec 436 msec 511 msec
Activity Verification
You have completed this task when you attain the following results:
• PE2 has been configured with FRR TI-LFA in the IS-IS routing protocol.
• Double-segment protection operation has been observed at PE1 for the CE3 destination.
Activity Objective
After completing this activity, you will be able to meet these objectives:
• Verify Segment Routing configuration in the OSPF routing protocol and examine Cisco Express
Forwarding and MPLS entries
• Configure TI-LFA with FRR in the OSPF routing protocol
• Configure TI-LFA to employ the zero-segment protection
• Configure TI-LFA to employ the single segment protection
• Configure TI-LFA to employ the double segment protection
Visual Objective
The following are the preconfigured lab tasks:
• All routers have OSPF configured for full reachability.
• All routers have MPLS SR configured.
• There is no MPLS LDP configured.
The student pod is accessible through the Cisco Learning Services Lab Portal at https://htdlab.cisco.com.
Each pod has access to the following:
• A virtualized Linux management jump host to facilitate access to all routers.
• Virtualized routers that are based on Cisco IOS XR and that consist of four PE routers, two P routers,
and four CE routers.
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Job Aid
The following credentials will be required for this lab:
Jumphost 172.16.1.100/24
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Activity
Step 1 On the PE1 router, list MPLS labels to verify that Segment Routing is enabled in the OSPF
routing protocol.
Use the show mpls label table command. You should see the Segment Routing Prefix-SID and
Adjacency-SID labels. Labels are distributed by OSPF.
RP/0/RP0/CPU0:PE1# show mpls label table
Step 3 On the PE1 router, verify the Cisco Express Forwarding table entry for CE3 loopback 0
(10.9.9.9/32).
Use the show cef 10.9.9.9/32 command. You should see that the MPLS SR label (16009) is
imposed to forward the packet to the PE3 (10.3.5.5) router.
RP/0/RP0/CPU0:PE1# show cef 10.9.9.9/32
10.9.9.9/32, version 751, labeled SR, internal 0x1000001 0x8110 (ptr 0xe3f6f10) [1],
0x600 (0xe594d08), 0xa28 (0xe95b828)
Updated Apr 1 12:32:49.136
remote adjacency to GigabitEthernet0/0/0/1
Prefix Len 32, traffic index 0, precedence n/a, priority 1
gateway array (0xe3fe620) reference count 6, flags 0x68, source rib (7), 0 backups
[3 type 5 flags 0x8401 (0xe99e408) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xe594d08, sh-ldi=0xe99e408]
gateway array update type-time 1 Apr 1 12:32:49.136
LDI Update time Apr 1 12:32:49.136
LW-LDI-TS Apr 1 12:32:49.136
via 10.3.5.5/32, GigabitEthernet0/0/0/1, 6 dependencies, weight 0, class 0 [flags
0x0]
path-idx 0 NHID 0x0 [0xda10190 0x0]
next hop 10.3.5.5/32
remote adjacency
local label 16009 labels imposed {16009}
Step 4 On the PE1 router, verify the MPLS forwarding table entry for CE3 loopback 0 (10.9.9.9/32).
Use the show mpls forwarding prefix 10.9.9.9/32 command. You should see that the MPLS SR
local label 16009 is swapped with the same MPLS SR outgoing label when the packet is sent to
the next-hop 10.3.5.5 (PE3).
RP/0/RP0/CPU0:PE1# show mpls forwarding prefix 10.9.9.9/32
Step 5 On the CE1 router, verify the connectivity from the CE1 loopback 0 to the CE3 loopback 0.
Use the ping 10.9.9.9 source Loopback 0 command. The ping between CE1 loopback 0 and
CE3 loopback 0 should be successful.
RP/0/RP0/CPU0:CE1# ping 10.9.9.9 source Loopback 0
Step 6 On the CE1 router, verify which path the packet takes when reaching CE3 loopback 0.
Use the traceroute 10.9.9.9 command. The packet between CE1 and CE3 loopback 0 will be
routed to PE1 (10.3.7.3), PE3 (10.3.5.5), and CE3 (10.5.9.9).
RP/0/RP0/CPU0:CE1# traceroute 10.9.9.9
Activity Verification
You have completed this task when you attain the following results:
• Verify that Segment Routing Prefix-SID and Adjacency-SID labels are distributed by OSPF.
• Verify MPLS SR label swapping.
• Verify connectivity between CE1 loopback 0 and CE3 loopback 0.
• Verify packet path between CE1 and CE3 loopback 0.
Step 1 On the PE1 router, view the routing entry to the CE3 loopback 0 (10.9.9.9/32).
Use the show route 10.9.9.9/32 command. Observe that PE1 has a path to reach the CE3
Loopback 0 through PE3 (10.3.5.5).
RP/0/RP0/CPU0:PE1# show route 10.9.9.9/32
Step 2 On the PE1 router, display the OSPF adjacency database detailed information for the adjacency
to PE3 (10.5.5.5).
Use the show ospf neighbor 10.5.5.5 detail command. Observe that the adjacency SID is not
protected. A similar output can also be observed for the other adjacencies.
RP/0/RP0/CPU0:PE1# show ospf neighbor 10.5.5.5 detail
Step 3 On the PE1 router, display the OSPF backup path for the CE3 Loopback0 (10.9.9.9/32).
Use the show ospf 1 routes 10.9.9.9/32 backup-path command. You should only see the
primary path and observe that there are no backup paths available for CE3 Loopback0
(10.9.9.9/32).
RP/0/RP0/CPU0:PE1# show ospf 1 routes 10.9.9.9/32 backup-path
O 10.9.9.9/32, metric 31
10.3.5.5, from 10.9.9.9, via GigabitEthernet0/0/0/1, path-id 1
RP/0/RP0/CPU0:PE1#
Step 4 On the PE1 router within OSPF Area 0, configure fast-reroute and enable it to use the TI-LFA
computation on all OSPF interfaces connecting to other nodes.
You can also configure TI-LFA on the OSPF interface level. If you will not configure TI-LFA
on the area level, you should configure TI-LFA for the PE1 router on the Gigabit Ethernet
0/0/0/0, Gigabit Ethernet 0/0/0/1, and Gigabit Ethernet 0/0/0/2 interfaces.
Step 5 On the PE1 router, display the OSPF backup path for the CE3 Loopback0 (10.9.9.9/32) again.
Use the show ospf 1 routes 10.9.9.9/32 backup-path command. You should see the primary
path and backup path for CE3 Loopback0 (10.9.9.9/32).
RP/0/RP0/CPU0:PE1# show ospf 1 routes 10.9.9.9/32 backup-path
O 10.9.9.9/32, metric 31
10.3.5.5, from 10.9.9.9, via GigabitEthernet0/0/0/1, path-id 1
Backup path:
10.1.3.1, from 10.9.9.9, via GigabitEthernet0/0/0/0, protected bitmap
0000000000000001
Attributes: Metric: 52, Interface Disjoint, SRLG Disjoint
Step 6 On the PE1 router, display the OSPF adjacency database detailed information for the adjacency
to PE3 (10.5.5.5).
Use the show ospf neighbor 10.5.5.5 detail command. Observe that the adjacency SID is
protected and the backup label stack is available.
RP/0/RP0/CPU0:PE1# show ospf neighbor 10.5.5.5 detail
Step 7 On the PE1 router, disable the interface toward PE3 (GigabitEthernet0/0/0/1) and trace packets
from CE1 to CE3 routers.
To disable the GigabitEthernet0/0/0/1 interface on the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1# configure terminal
RP/0/RP0/CPU0:PE1(config)# interface GigabitEthernet 0/0/0/1
RP/0/RP0/CPU0:PE1(config-if)# shutdown
RP/0/RP0/CPU0:PE1(config-if)# commit
RP/0/RP0/CPU0:PE1(config-if)# end
RP/0/RP0/CPU0:PE1#
Send the trace packets from CE1 to CE3 Loopback0 (10.9.9.9). The trace should show PE1
(10.3.7.3), P1 (10.1.3.1), P2 (10.1.2.2), PE3 (10.2.5.5), and CE3 (10.5.9.9).
RP/0/RP0/CPU0:CE1# traceroute 10.9.9.9
1 10.3.7.3 [MPLS: Label 16009 Exp 0] 172 msec 193 msec 652 msec
2 10.1.3.1 [MPLS: Label 16009 Exp 0] 439 msec 201 msec 694 msec
3 10.1.2.2 [MPLS: Label 16009 Exp 0] 245 msec 180 msec 193 msec
4 10.2.5.5 [MPLS: Label 16009 Exp 0] 161 msec 195 msec 218 msec
5 10.5.9.9 373 msec 656 msec 247 msec
RP/0/RP0/CPU0:CE1#
Step 8 On the PE1 router, enable the interface toward PE3 (GigabitEthernet0/0/0/1).
To enable the GigabitEthernet0/0/0/1 interface on the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1# configure terminal
RP/0/RP0/CPU0:PE1(config)# interface GigabitEthernet 0/0/0/1
RP/0/RP0/CPU0:PE1(config-if)# no shutdown
RP/0/RP0/CPU0:PE1(config-if)# commit
RP/0/RP0/CPU0:PE1(config-if)# end
RP/0/RP0/CPU0:PE1#
Activity Verification
You have completed this task when you attain the following results:
• The path from PE1 to CE3 was observed to be unprotected by FRR.
• PE1 has been configured with FRR using TI-LFA in the OSPF routing protocol computation on all
interfaces.
• The path from PE1 to CE3 has been verified to be protected using FRR TI-LFA in the OSPF routing
protocol.
TI-LFA calculates backup paths for all destinations that are reached over that interface. TI-LFA
computation on PE1 for destination CE3 results in a zero-segment backup path. TI-LFA calculates that the
post-convergence path to CE3, for a failure of the link between PE1 and PE3, goes through P1. P1 provides
a loop-free path to destination CE3. P1 is a loop-free alternate for destination CE3. No extra labels must be
imposed on the packets steered on the backup path—PE1 simply forwards them to P1.
Activity
Step 1 On the PE1 router, display the OSPF backup path for the CE3 Loopback0 (10.9.9.9/32).
Use the show ospf 1 routes 10.9.9.9/32 backup-path command. Observe the backup path is
through P1 (10.1.3.1).
RP/0/RP0/CPU0:PE1# show ospf 1 routes 10.9.9.9/32 backup-path
O 10.9.9.9/32, metric 31
10.3.5.5, from 10.9.9.9, via GigabitEthernet0/0/0/1, path-id 1
Backup path:
10.1.3.1, from 10.9.9.9, via GigabitEthernet0/0/0/0, protected bitmap
0000000000000001
Attributes: Metric: 52, Interface Disjoint, SRLG Disjoint
Step 2 On the PE1 router, display the detailed route entry for the CE3 loopback 0 network 10.9.9.9/32.
Use the show route 10.9.9.9/32 detail command. Observe that the backup path requires no extra
labels to be imposed on the packets steered on the backup path—PE1 simply forwards them to
P1.
RP/0/RP0/CPU0:PE1# show route 10.9.9.9/32 detail
Step 3 On the PE1 router, display the Cisco Express Forwarding entry for the CE3 loopback 0 network
10.9.9.9/32.
Use the show cef 10.9.9.9/32 command. Observe the primary and backup paths.
RP/0/RP0/CPU0:PE1# show cef 10.9.9.9/32
10.9.9.9/32, version 995, labeled SR, internal 0x1000001 0x8110 (ptr 0xe3f6f10) [1],
0x600 (0xe594f48), 0xa28 (0xf5bb4c8)
Updated Apr 11 09:42:05.399
remote adjacency to GigabitEthernet0/0/0/1
Prefix Len 32, traffic index 0, precedence n/a, priority 1
gateway array (0xe3fd400) reference count 6, flags 0x500068, source rib (7), 0
backups
[3 type 5 flags 0x8401 (0xe99e648) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xe594f48, sh-ldi=0xe99e648]
gateway array update type-time 1 Apr 11 09:42:05.397
LDI Update time Apr 11 09:42:05.399
LW-LDI-TS Apr 11 09:42:05.399
via 10.1.3.1/32, GigabitEthernet0/0/0/0, 8 dependencies, weight 0, class 0, backup
(Local-LFA) [flags 0x300]
path-idx 0 NHID 0x0 [0xda100f0 0x0]
next hop 10.1.3.1/32
remote adjacency
local label 16009 labels imposed {16009}
via 10.3.5.5/32, GigabitEthernet0/0/0/1, 6 dependencies, weight 0, class 0,
protected [flags 0x400]
path-idx 1 bkup-idx 0 NHID 0x0 [0xda81af0 0x0]
next hop 10.3.5.5/32
local label 16009 labels imposed {16009}
Step 4 On the PE1 router, display the detailed MPLS forwarding entry for the SR label for CE3, 16009.
Use the show mpls forwarding labels 16009 detail command. Observe the primary and backup
path for packets with the prefix-SID label of CE3 (16009).
RP/0/RP0/CPU0:PE1# show mpls forwarding labels 16009 detail
Activity Verification
You have completed this task when you attain the following results:
• Verify that PE1 has been enabled for FRR using TI-LFA.
• The zero-segment backup path entries from PE1 to CE3 have been verified.
Click the Objectives tab to view a visual diagram for this task.
The TI-LFA backup path for destination PE3 on PE1 goes through PQ-node PE2.
Activity
Step 1 On the P1 router within OSPF Area 0, configure fast-reroute and enable it to use the TI-LFA
computation on all OSPF interfaces connecting to other nodes.
To complete the configuration, use the following commands:
RP/0/RP0/CPU0:P1# configure
RP/0/RP0/CPU0:P1(config)# router ospf 1
RP/0/RP0/CPU0:P1(config-ospf)# area 0
RP/0/RP0/CPU0:P1(config-ospf-ar)# fast-reroute per-prefix
RP/0/RP0/CPU0:P1(config-ospf-ar)# fast-reroute per-prefix ti-lfa
RP/0/RP0/CPU0:P1(config-ospf-ar)# commit
RP/0/RP0/CPU0:P1(config-ospf-ar)# end
RP/0/RP0/CPU0:P1#
You can also configure TI-LFA on the OSPF interface level. If you will not configure TI-LFA
on the area level, you should configure TI-LFA for the P1 router on the Gigabit Ethernet 0/0/0/0,
Gigabit Ethernet 0/0/0/1, and GigabitEthernet 0/0/0/2 interfaces.
Step 2 Modify the cost of the link within the OSPF area 0 between the P1 and P2 routers.
Step 3 On the PE1 router, display the OSPF backup path for the CE3 Loopback0 (10.9.9.9/32).
Use the show ospf 1 routes 10.9.9.9/32 backup-path command. Observe the backup path and the
P node.
RP/0/RP0/CPU0:PE1# show ospf 1 routes 10.9.9.9/32 backup-path
O 10.9.9.9/32, metric 31
10.3.5.5, from 10.9.9.9, via GigabitEthernet0/0/0/1, path-id 1
Backup path: TI-LFA, Repair-List: P node: 10.2.2.2 Label: 16002
10.1.3.1, from 10.9.9.9, via GigabitEthernet0/0/0/0, protected bitmap
0000000000000001
Attributes: Metric: 53, Interface Disjoint, SRLG Disjoint
Step 4 On the PE1 router, display the detailed route entry for the CE3 loopback 0 network 10.9.9.9/32.
Use the show route 10.9.9.9/32 detail command. Observe the backup path entry and the labels
associated with the backup path.
RP/0/RP0/CPU0:PE1# show route 10.9.9.9/32 detail
Step 5 On the PE1 router, display the Cisco Express Forwarding entry for the CE3 loopback 0 network
10.9.9.9/32.
Use the show cef 10.9.9.9/32 command. Observe the backup path and the labels imposed for the
backup path.
RP/0/RP0/CPU0:PE1# show cef 10.9.9.9/32
10.9.9.9/32, version 1003, labeled SR, internal 0x1000001 0x8110 (ptr 0xe3f6f10) [1],
0x600 (0xe594f48), 0xa28 (0xf5bb310)
Updated Apr 11 10:02:16.074
remote adjacency to GigabitEthernet0/0/0/1
Prefix Len 32, traffic index 0, precedence n/a, priority 1
gateway array (0xe3fd5d0) reference count 3, flags 0x500068, source rib (7), 0
backups
[2 type 5 flags 0x8401 (0xe99e768) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xe594f48, sh-ldi=0xe99e768]
gateway array update type-time 1 Apr 11 10:02:16.073
LDI Update time Apr 11 10:02:16.073
LW-LDI-TS Apr 11 10:02:16.073
via 10.1.3.1/32, GigabitEthernet0/0/0/0, 10 dependencies, weight 0, class 0, backup
(TI-LFA) [flags 0xb00]
path-idx 0 NHID 0x0 [0xda100f0 0x0]
next hop 10.1.3.1/32, Repair Node(s): 10.2.2.2
remote adjacency
local label 16009 labels imposed {16002 16009}
via 10.3.5.5/32, GigabitEthernet0/0/0/1, 8 dependencies, weight 0, class 0,
protected [flags 0x400]
path-idx 1 bkup-idx 0 NHID 0x0 [0xda81af0 0x0]
next hop 10.3.5.5/32
local label 16009 labels imposed {16009}
Step 6 On the PE1 router, display the detailed MPLS forwarding entry for the SR label for CE3
(16009).
Use the show mpls forwarding labels 16009 detail command. Observe the primary and backup
path for packets with the prefix-SID label of CE3 (16009).
RP/0/RP0/CPU0:PE1# show mpls forwarding labels 16009 detail
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
16009 16009 SR Pfx (idx 9) Gi0/0/0/1 10.3.5.5 0
Updated: Apr 11 10:02:16.074
Path Flags: 0x400 [ BKUP-IDX:0 (0xda81af0) ]
Version: 1003, Priority: 1
Label Stack (Top -> Bottom): { 16009 }
NHID: 0x0, Encap-ID: N/A, Path idx: 1, Backup path idx: 0, Weight: 0
MAC/Encaps: 4/8, MTU: 1500
Outgoing Interface: GigabitEthernet0/0/0/1 (ifhandle 0x01000048)
Packets Switched: 0
Step 7 On the PE1 router, disable the interface toward PE3 (GigabitEthernet0/0/0/1) and trace packets
from CE1 to CE3 routers.
To disable the GigabitEthernet0/0/0/1 interface on the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1# configure terminal
RP/0/RP0/CPU0:PE1(config)# interface GigabitEthernet 0/0/0/1
RP/0/RP0/CPU0:PE1(config-if)# shutdown
RP/0/RP0/CPU0:PE1(config-if)# commit
RP/0/RP0/CPU0:PE1(config-if)# end
RP/0/RP0/CPU0:PE1#
Send the trace packets from CE1 to CE3 Loopback0 (10.9.9.9). The trace should show PE1
(10.3.7.3), P1 (10.1.3.1), PE2 (10.1.4.4), PE4 (10.4.6.6), P2 (10.2.6.2), PE3 (10.2.5.5), and CE3
(10.5.9.9).
RP/0/RP0/CPU0:CE1# traceroute 10.9.9.9
To enable the GigabitEthernet0/0/0/1 interface on the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1# configure terminal
RP/0/RP0/CPU0:PE1(config)# interface GigabitEthernet 0/0/0/1
RP/0/RP0/CPU0:PE1(config-if)# no shutdown
RP/0/RP0/CPU0:PE1(config-if)# commit
RP/0/RP0/CPU0:PE1(config-if)# end
RP/0/RP0/CPU0:PE1#
Activity Verification
You have completed this task when you attain the following results:
• P1 has been configured with FRR TI-LFA in the OSPF routing protocol.
• Single-segment protection operation has been observed at PE1 for the CE3 destination.
Click the Objectives tab to view a visual diagram for this task.
The post-convergence path is indicated in green in the figure. TI-LFA picks a P-node and Q-node that are
located on the post-convergence path. In this case, the P-node is PE2 and the Q-node is PE4. Because the P-
node PE2 is not adjacent, an extra label must be imposed to steer traffic to P-node PE2. PE1 needs to
impose two labels on the backup path: The prefix-SID label to go from PE1 to the P-node PE2 and an
adjacent-SID label to go from the P-node PE2 to the Q-node PE4.
Activity
Step 1 On the PE2 router within OSPF Area 0, configure fast-reroute and enable it to use the TI-LFA
computation on all OSPF interfaces connecting to other nodes.
You can also configure TI-LFA on the OSPF interface level. If you will not configure TI-LFA
on the area level, you should configure TI-LFA for the PE2 router on the Gigabit Ethernet
0/0/0/0, Gigabit Ethernet 0/0/0/1, and Gigabit Ethernet 0/0/0/2 interfaces.
Step 2 Modify the cost of the link within the OSPF area 0 between the PE2 and PE4 routers.
Modify the PE2 router interface Gi0/0/0/1 OSPF area 0 cost to 500.
RP/0/RP0/CPU0:PE2# config
RP/0/RP0/CPU0:PE2(config)# router ospf 1
RP/0/RP0/CPU0:PE2(config-ospf)# area 0
RP/0/RP0/CPU0:PE2(config-ospf-ar)# interface GigabitEthernet0/0/0/1
RP/0/RP0/CPU0:PE2(config-ospf-ar-if)# cost 500
RP/0/RP0/CPU0:PE2(config-ospf-ar-if)# commit
RP/0/RP0/CPU0:PE2(config-ospf-ar-if)# end
RP/0/RP0/CPU0:PE2#
Modify the PE4 router interface Gi0/0/0/1 OSPF area 0 cost to 500.
RP/0/RP0/CPU0:PE4# config
RP/0/RP0/CPU0:PE4(config)# router ospf 1
RP/0/RP0/CPU0:PE4(config-ospf)# area 0
RP/0/RP0/CPU0:PE4(config-ospf-ar)# interface GigabitEthernet0/0/0/1
RP/0/RP0/CPU0:PE4(config-ospf-ar-if)# cost 500
RP/0/RP0/CPU0:PE4(config-ospf-ar-if)# commit
RP/0/RP0/CPU0:PE4(config-ospf-ar-if)# end
RP/0/RP0/CPU0:PE4#
Step 3 On the PE1 router, display the OSPF backup path for the CE3 Loopback0 (10.9.9.9/32).
Use the show ospf 1 routes 10.9.9.9/32 backup-path command. Observe the P node and Q
node values. Record the Q node label value (24001 in the following output) to use in the next
step.
RP/0/RP0/CPU0:PE1# show ospf 1 routes 10.9.9.9/32 backup-path
O 10.9.9.9/32, metric 31
10.3.5.5, from 10.9.9.9, via GigabitEthernet0/0/0/1, path-id 1
Backup path: TI-LFA, Repair-List: P node: 10.4.4.4 Label: 16004
Q node: 10.6.6.6 Label: 24001
10.1.3.1, from 10.9.9.9, via GigabitEthernet0/0/0/0, protected bitmap
0000000000000001
Attributes: Metric: 543, Interface Disjoint, SRLG Disjoint
Step 4 On the PE1 router, display the MPLS forwarding label information for the Q node label recorded
in the previous step.
Use the show ospf database opaque-area 8.0.0.8 adv-router 10.4.4.4 command. Observe that
router PE2 (10.4.4.4) generates adjacency SID to the PE4 (10.6.6.6). You should see the same
label as observed in the previous step for Q node.
RP/0/RP0/CPU0:PE1# show ospf database opaque-area 8.0.0.8 adv-router 10.4.4.4
LS age: 407
Options: (No TOS-capability, DC)
LS Type: Opaque Area Link
Link State ID: 8.0.0.8
Opaque Type: 8
Opaque ID: 8
Advertising Router: 10.4.4.4
LS Seq Number: 800001af
Checksum: 0x5f5d
Length: 140
Step 5 On the PE1 router, display the detailed route entry for the CE3 loopback 0 network 10.9.9.9/32.
Use the show route 10.9.9.9/32 detail command. Observe the backup path entry and the labels
associated with the backup path.
RP/0/RP0/CPU0:PE1# show route 10.9.9.9/32 detail
Step 6 On the PE1 router, display the Cisco Express Forwarding entry for the CE3 loopback 0 network
10.9.9.9/32.
Use the show cef 10.9.9.9/32 command. Observe the backup path and the labels imposed for the
backup path.
RP/0/RP0/CPU0:PE1# show cef 10.9.9.9/32
10.9.9.9/32, version 1080, labeled SR, internal 0x1000001 0x8110 (ptr 0xe3f6f10) [1],
0x600 (0xe594f48), 0xa28 (0xf5bb578)
Updated Apr 11 10:33:43.276
remote adjacency to GigabitEthernet0/0/0/1
Prefix Len 32, traffic index 0, precedence n/a, priority 1
gateway array (0xe3fe538) reference count 12, flags 0x500068, source rib (7), 0
backups
[5 type 5 flags 0x8401 (0xe99ed68) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xe594f48, sh-ldi=0xe99ed68]
gateway array update type-time 1 Apr 11 10:33:43.271
LDI Update time Apr 11 10:33:43.274
LW-LDI-TS Apr 11 10:33:43.275
via 10.1.3.1/32, GigabitEthernet0/0/0/0, 9 dependencies, weight 0, class 0, backup
(TI-LFA) [flags 0xb00]
path-idx 0 NHID 0x0 [0xda100f0 0x0]
next hop 10.1.3.1/32, Repair Node(s): 10.4.4.4, 10.6.6.6
remote adjacency
local label 16009 labels imposed {16004 24001 16009}
via 10.3.5.5/32, GigabitEthernet0/0/0/1, 6 dependencies, weight 0, class 0,
protected [flags 0x400]
path-idx 1 bkup-idx 0 NHID 0x0 [0xda81820 0x0]
next hop 10.3.5.5/32
local label 16009 labels imposed {16009}
Step 7 On the PE1 router, disable the interface toward PE3 (GigabitEthernet0/0/0/1) and trace packets
from CE1 to CE3 routers.
To disable the GigabitEthernet0/0/0/1 interface on the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1# configure terminal
RP/0/RP0/CPU0:PE1(config)# interface GigabitEthernet 0/0/0/1
RP/0/RP0/CPU0:PE1(config-if)# shutdown
RP/0/RP0/CPU0:PE1(config-if)# commit
RP/0/RP0/CPU0:PE1(config-if)# end
RP/0/RP0/CPU0:PE1#
Send the trace packets from CE1 to CE3 Loopback0 (10.9.9.9). The trace should show PE1
(10.3.7.3), P1 (10.1.3.1), PE2 (10.1.4.4), PE4 (10.4.6.6), P2 (10.2.6.2), PE3 (10.2.5.5), and CE3
(10.5.9.9).
RP/0/RP0/CPU0:CE1# traceroute 10.9.9.9
1 10.3.7.3 [MPLS: Label 16009 Exp 0] 522 msec 2061 msec 516 msec
2 10.1.3.1 [MPLS: Label 16009 Exp 0] 584 msec 1467 msec 795 msec
3 10.1.4.4 [MPLS: Label 16009 Exp 0] 457 msec 473 msec 1708 msec
4 10.4.6.6 [MPLS: Label 16009 Exp 0] 501 msec 520 msec 2179 msec
5 10.2.6.2 [MPLS: Label 16009 Exp 0] 484 msec 497 msec 1908 msec
6 10.2.5.5 [MPLS: Label 16009 Exp 0] 509 msec 472 msec 1351 msec
7 10.5.9.9 972 msec 436 msec 511 msec
To enable the GigabitEthernet0/0/0/1 interface on the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1# configure terminal
RP/0/RP0/CPU0:PE1(config)# interface GigabitEthernet 0/0/0/1
RP/0/RP0/CPU0:PE1(config-if)# no shutdown
RP/0/RP0/CPU0:PE1(config-if)# commit
RP/0/RP0/CPU0:PE1(config-if)# end
RP/0/RP0/CPU0:PE1#
Activity Verification
You have completed this task when you attain the following results:
• PE2 has been configured with FRR TI-LFA in the OSPF routing protocol.
• Double-segment protection operation has been observed at PE1 for the CE3 destination.
1. What Cisco IOS XR command displays OSPF primary and TI-LFA calculated backup paths for
prefix 10.10.10.10/32?
A. show backup-path ospf 1 routes 10.10.10.10/32
B. show ospf 1 routes 10.10.10.10/32
C. show ospf 1 routes 10.10.10.10/32 all
D. show ospf 1 routes 10.10.10.10/32 backup-path
Discovery 9: Configure and Verify SR-TE Using
IS-IS
Introduction
In this lab exercise, you will implement SR-TE within the network topology. You will configure and verify
SR-TE policies instantiated by using both dynamic and explicit paths.
Activity Objective
After completing this activity, you will be able to meet these objectives:
• Configure and verify SR-TE policy instantiation on a locally configured policy using dynamic path
computation.
• Configure and verify SR-TE policy instantiation on a locally configured policy using explicit path
computation.
Visual Objective
The following are the preconfigured lab tasks:
• All routers have IS-IS configured for full reachability.
• All routers have MPLS SR configured.
• There is no MPLS LDP configured.
• Some links have a modified IGP metric.
Topology
The student pod is accessible through the Cisco Learning Services Lab Portal at https://htdlab.cisco.com.
Each pod has access to the following:
• A virtualized Linux management jump host to facilitate access to all routers.
• Virtualized routers that are based on Cisco IOS XR and that consist of four PE routers, two P routers,
and four CE routers.
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Job Aid
The following credentials will be required for this lab:
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Activity
Step 1 On the CE1 router, enable MPLS traffic engineering and configure IS-IS to feed the SR-TE
database with link state information.
On the CE1 router, use the following commands. This configuration is already configured on all
other routers.
RP/0/RP0/CPU0:CE1# configure terminal
RP/0/RP0/CPU0:CE1(config)# mpls traffic-eng
RP/0/RP0/CPU0:CE1(config-mpls-te)# exit
RP/0/RP0/CPU0:CE1(config)# router isis 1
RP/0/RP0/CPU0:CE1(config-isis)# distribute link-state
RP/0/RP0/CPU0:CE1(config-isis)# commit
RP/0/RP0/CPU0:CE1(config-isis)# end
RP/0/RP0/CPU0:CE1#
Step 2 On the CE1 router, examine the Segment Routing Traffic Engineering topology database with
the show segment-routing traffic-eng ipv4 topology command.
Notice that the information within the database includes the following:
• TE Router IDs
• IGP Metrics
• TE Metrics
• Adjacent SID values
RP/0/RP0/CPU0:CE1# show segment-routing traffic-eng ipv4 topology
Node 1
TE router ID: 10.1.1.1
Host name: P1
ISIS system ID: 0000.0000.0001 level-2
Prefix SID:
Prefix 10.1.1.1, label 16001 (regular)
Step 3 On the CE1 router, configure loopback 0 as a TE Router ID and enable MPLS TE support in
the IS-IS IPv4 address family.
A statically configured TE Router ID will make sure that the TE Topology Database is
consistent between reloads.
On the CE1 router, use the following commands. The TE Router ID is already configured on all
other routers.
RP/0/RP0/CPU0:CE1# configure terminal
RP/0/RP0/CPU0:CE1(config)# router isis 1
RP/0/RP0/CPU0:CE1(config-isis)# address-family ipv4 unicast
RP/0/RP0/CPU0:CE1(config-isis-af)# mpls traffic-eng router-id loopback 0
RP/0/RP0/CPU0:CE1(config-isis-af)# mpls traffic-eng level-2-only
RP/0/RP0/CPU0:CE1(config-isis-af)# commit
RP/0/RP0/CPU0:CE1(config-isis-af)# end
RP/0/RP0/CPU0:CE1#
Step 4 On the CE1 router, validate that the IS-IS routes from other routers are present.
The show route isis command output on the CE1 router should display loopback 0 routes from
other routers.
RP/0/RP0/CPU0:CE1# show route isis | include /32
i L2 10.1.1.1/32 [115/20] via 10.3.7.3, 1d04h, GigabitEthernet0/0/0/0
i L2 10.2.2.2/32 [115/40] via 10.3.7.3, 1d04h, GigabitEthernet0/0/0/0
i L2 10.3.3.3/32 [115/10] via 10.3.7.3, 1d04h, GigabitEthernet0/0/0/0
i L2 10.4.4.4/32 [115/30] via 10.3.7.3, 1d04h, GigabitEthernet0/0/0/0
i L2 10.5.5.5/32 [115/30] via 10.3.7.3, 1d04h, GigabitEthernet0/0/0/0
i L2 10.6.6.6/32 [115/50] via 10.3.7.3, 1d04h, GigabitEthernet0/0/0/0
i L2 10.8.8.8/32 [115/40] via 10.3.7.3, 1d04h, GigabitEthernet0/0/0/0
i L2 10.9.9.9/32 [115/40] via 10.3.7.3, 1d04h, GigabitEthernet0/0/0/0
i L2 10.10.10.10/32 [115/60] via 10.3.7.3, 1d04h, GigabitEthernet0/0/0/0
Activity Verification
You have completed this task when you attain the following results:
• Verify that CE1 has routes to loopbacks to other routers.
• CE1 has been configured to populate the SR-TE database, which can be seen and verified.
Activity
Step 1 On the CE1 router, create an SRTE policy named POLICY100 and configure it with the
following parameters:
• Color 100
• Endpoint 10.8.8.8 (CE2)
• Dynamic path
• Path Selection Metric: IGP
• Path Option Preference: 100
Use the following commands:
RP/0/RP0/CPU0:CE1# configure terminal
RP/0/RP0/CPU0:CE1(config)# segment-routing
RP/0/RP0/CPU0:CE1(config-sr)# traffic-eng
RP/0/RP0/CPU0:CE1(config-sr-te)# policy POLICY100
RP/0/RP0/CPU0:CE1(config-sr-te-policy)# color 100 end-point ipv4 10.8.8.8
RP/0/RP0/CPU0:CE1(config-sr-te-policy)# candidate-paths
RP/0/RP0/CPU0:CE1(config-sr-te-policy-path)# preference 100
RP/0/RP0/CPU0:CE1(config-sr-te-policy-path-pref)# dynamic
RP/0/RP0/CPU0:CE1(config-sr-te-pp-info)# metric
RP/0/RP0/CPU0:CE1(config-sr-te-path-metric)# type igp
RP/0/RP0/CPU0:CE1(config-sr-te-path-metric)# commit
RP/0/RP0/CPU0:CE1(config-sr-te-path-metric)# end
RP/0/RP0/CPU0:CE1#
Step 2 On the CE1 router, examine the resulting SRTE policy from the previous step.
Use the show segment-routing traffic-eng policy color 100 command to observe the Segment-
Routing Path information. The path is a dynamically computed Segment Routing TE Policy, the
IGP metric is optimized, and the resulting path uses one Prefix-SID {16008}, which steers the
traffic to CE2 through the IGP path.
RP/0/RP0/CPU0:CE1# show segment-routing traffic-eng policy color 100
Step 3 On the CE1 router, re-run the show segment-routing traffic-eng policy color 100 command
and record the dynamically allocated binding SID to use in the next step.
The Binding Segment is a segment that represents the following instruction: Steer packet on the
associated SRTE Policy. A Binding Segment ID is allocated by default for each SRTE Policy.
The Binding SID of an SRTE Policy can be found by looking at the output of the command in
the previous step.
RP/0/RP0/CPU0:CE1# show segment-routing traffic-eng policy color 100
Step 4 On the CE1 router, display the MPLS forwarding label information of the binding-SID value
determined in the previous step.
Use the show mpls forwarding labels 24003 command. An MPLS forwarding entry is installed
for the Binding-SID. A labeled packet with the Binding-SID label on top has the label popped
and the packet steered into the SRTE Policy tunnel-te interface.
RP/0/RP0/CPU0:CE1# show mpls forwarding labels 24003
Step 5 On the CE1 router, test policy color 100 connectivity sourced from the CE1 Loopback0
(10.7.7.7).
Use the ping sr-mpls nil-fec policy binding-sid 24003 source 10.7.7.7 command to test that the
policy color 100 is reachable from CE1 Loopback0. The ping test should be successful.
RP/0/RP0/CPU0:CE1# ping sr-mpls nil-fec policy binding-sid 24003 source 10.7.7.7
Sending 5, 100-byte MPLS Echos with Nil FEC with Binding SID Label [24003],
timeout is 2 seconds, send interval is 0 msec:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 79/89/117 ms
Step 6 On the CE1 router, trace to the policy color 100 with the binding label learned from the previous
steps.
Use the traceroute sr-mpls nil-fec policy binding-sid 24003 command to send the SR MPLS
trace packets from CE1 to label 240003. The SR MPLS trace should show CE1 (10.3.7.7), PE1
(10.3.7.3), P1 (10.1.3.1), PE2 (10.1.4.4), and CE2 (10.4.8.8).
RP/0/RP0/CPU0:CE1# traceroute sr-mpls nil-fec policy binding-sid 24003
Tracing MPLS Label Switched Path with Nil FEC with Binding SID Label [24003], timeout
is 2 seconds
Activity
Step 1 On the CE1 router, create an explicit path that will be used to reach CE2.
Use the following path entries for the path named PATH1:
• 10.3.3.3 (loopback 0 of PE1)
• 10.3.5.5 (adjacency between PE1 and PE3, PE3 side)
• 10.6.6.6 (loopback 0 of PE4)
• 10.4.6.4 (adjacency between PE4 and PE2, PE2 side)
RP/0/RP0/CPU0:CE1# configure terminal
RP/0/RP0/CPU0:CE1(config)# segment-routing
RP/0/RP0/CPU0:CE1(config-sr)# traffic-eng
RP/0/RP0/CPU0:CE1(config-sr-te)# segment-list PATH1
RP/0/RP0/CPU0:CE1(config-sr-te-sl)# index 10 address ipv4 10.3.3.3
RP/0/RP0/CPU0:CE1(config-sr-te-sl)# index 20 address ipv4 10.3.5.5
RP/0/RP0/CPU0:CE1(config-sr-te-sl)# index 30 address ipv4 10.6.6.6
RP/0/RP0/CPU0:CE1(config-sr-te-sl)# index 40 address ipv4 10.4.6.4
RP/0/RP0/CPU0:CE1(config-sr-te-sl)# commit
RP/0/RP0/CPU0:CE1(config-sr-te-sl)# end
RP/0/RP0/CPU0:CE1#
Note The virtual Cisco IOS XR, used in this lab, does not provide autocompletion functionality for the index
command. Type the complete index command, as show above.
Step 2 On the CE1 router, create an MPLS traffic engineering policy named POLICY200.
Configure the policy with the following parameters:
• Color 200
• Endpoint 10.8.8.8 (CE2)
• Explicit path name PATH1
• Path Option Preference: 100
RP/0/RP0/CPU0:CE1# configure terminal
RP/0/RP0/CPU0:CE1(config)# segment-routing
RP/0/RP0/CPU0:CE1(config-sr)# traffic-eng
RP/0/RP0/CPU0:CE1(config-sr-te)# policy POLICY200
RP/0/RP0/CPU0:CE1(config-sr-te-policy)# color 200 end-point ipv4 10.8.8.8
RP/0/RP0/CPU0:CE1(config-sr-te-policy)# candidate-paths
RP/0/RP0/CPU0:CE1(config-sr-te-policy-path)# preference 100
RP/0/RP0/CPU0:CE1(config-sr-te-policy-path-pref)# explicit segment-list PATH1
RP/0/RP0/CPU0:CE1(config-sr-te-pp-info)# commit
RP/0/RP0/CPU0:CE1(config-sr-te-pp-info)# end
RP/0/RP0/CPU0:CE1#
Step 3 On the CE1 router, examine the SRTE policy configured in the previous step.
Use the show segment-routing traffic-eng policy color 200 command to observe the Segment-
Routing Path Information.
The path is explicitly defined for this Segment Routing TE Policy and the resulting path uses the
following SIDs:
• Prefix-SID {16003} to PE1
• Adjacency-SID {24003} between PE1 and PE3
• Prefix-SID {16006} to PE4
• Adjacency-SID {24011} between PE4 and PE2
Record the dynamically allocated binding SID to use in the next step.
RP/0/RP0/CPU0:CE1# show segment-routing traffic-eng policy color 200
Step 4 On the CE1 router, display the MPLS forwarding label information of the binding-SID value
determined in the previous step.
An MPLS forwarding entry is installed for the Binding-SID. A labeled packet with the Binding-
SID label on top has the label popped and the packet steered into the SRTE Policy tunnel-te
interface.
RP/0/RP0/CPU0:CE1# show mpls forwarding labels 24006
Step 5 On the CE1 router, test the policy color 200 connectivity sourced from the CE1 Loopback0
(10.7.7.7).
Use the ping sr-mpls nil-fec policy binding-sid 24006 source 10.7.7.7 command to test that the
policy color 200 is reachable from CE1 Loopback0. The ping test should be successful.
RP/0/RP0/CPU0:CE1# ping sr-mpls nil-fec policy binding-sid 24006 source 10.7.7.7
Sending 5, 100-byte MPLS Echos with Nil FEC with Binding SID Label [24006],
timeout is 2 seconds, send interval is 0 msec:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 80/85/96 ms
Step 6 On the CE1 router, trace to the policy color 200 with the binding label learned from the previous
steps.
Use the traceroute sr-mpls nil-fec policy binding-sid 24006 command to send the SR MPLS
trace packets from CE1 to label 24006. The SR MPLS trace should show CE1 (10.3.7.7), PE1
(10.3.7.3), PE3 (10.3.5.5), P2 (10.2.5.2), PE4 (10.2.6.6), and PE2 (10.4.6.4).
RP/0/RP0/CPU0:CE1# traceroute sr-mpls nil-fec policy binding-sid 24006
Tracing MPLS Label Switched Path with Nil FEC with Binding SID Label [24006], timeout
is 2 seconds
1. Which command can test LSP connectivity of the SR policy with binding SID 24003?
A. ping policy binding-sid 24003
B. ping sr-mpls nil-fec policy binding-sid 24003
C. ping sr-policy nil-fec binding-sid 24003
D. ping sr-sid 24003 nil-fec policy
Discovery 10: Configure and Verify SR-TE Using
OSPF
Introduction
In this lab exercise, you will implement SR-TE within the network topology. You will configure and verify
SR-TE policies instantiated by using both dynamic and explicit paths.
Activity Objective
After completing this activity, you will be able to meet these objectives:
• Configure and verify SR-TE policy instantiation on a locally configured policy using dynamic path
computation.
• Configure and verify SR-TE policy instantiation on a locally configured policy using explicit path
computation.
Visual Objective
The following are the preconfigured lab tasks:
• All routers have OSPF configured for full reachability.
• All routers have MPLS SR configured.
• There is no MPLS LDP configured.
• Some links have a modified IGP metric.
Topology
The student pod is accessible through the Cisco Learning Services Lab Portal at https://htdlab.cisco.com.
Each pod has access to the following:
• A virtualized Linux management jump host to facilitate access to all routers.
• Virtualized routers that are based on Cisco IOS XR and that consist of four PE routers, two P routers,
and four CE routers.
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Job Aid
The following credentials will be required for this lab:
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Activity
Step 1 On the CE1 router, enable MPLS traffic engineering and configure OSPF to feed the SR-TE
database with link state information.
On the CE1 router, use the following commands. This configuration is already configured on all
other routers.
RP/0/RP0/CPU0:CE1# configure
RP/0/RP0/CPU0:CE1(config)# mpls traffic-eng
RP/0/RP0/CPU0:CE1(config-mpls-te)# router ospf 1
RP/0/RP0/CPU0:CE1(config-ospf)# distribute link-state
RP/0/RP0/CPU0:CE1(config-ospf)# commit
RP/0/RP0/CPU0:CE1(config-ospf)# end
RP/0/RP0/CPU0:CE1#
Step 2 On the CE1 router, examine the Segment Routing Traffic Engineering topology database with
the show segment-routing traffic-eng ipv4 topology command.
Notice that the information within the database includes the following:
• TE Router IDs
• IGP Metrics
• TE Metrics
• Adjacent SID values
RP/0/RP0/CPU0:CE1# show segment-routing traffic-eng ipv4 topology
Node 27
TE router ID: 10.1.1.1
Host name: P1
OSPF router ID: 10.1.1.1 area ID: 0
Prefix SID:
Prefix 10.1.1.1, label 16001 (regular), flags: X:0, R:0, N:1, P:0, E:0, V:0, L:0,
M:0
Step 3 On the CE1 router, configure loopback 0 as a TE Router ID and enable MPLS TE support in
the OSPF area 0.
On the CE1 router, configure loopback 0 as a TE Router ID and enable MPLS TE support in
the OSPF area 0. On the CE1 router, use the following commands. The TE Router ID is already
configured on all other routers.
RP/0/RP0/CPU0:CE1# configure
RP/0/RP0/CPU0:CE1(config)# router ospf 1
RP/0/RP0/CPU0:CE1(config-ospf)# mpls traffic-eng router-id Loopback 0
RP/0/RP0/CPU0:CE1(config-ospf)# area 0
RP/0/RP0/CPU0:CE1(config-ospf-ar)# mpls traffic-eng
RP/0/RP0/CPU0:CE1(config-ospf-ar)# commit
RP/0/RP0/CPU0:CE1(config-ospf-ar)# end
RP/0/RP0/CPU0:CE1#
Step 4 On the CE1 router, validate that the OSPF routes from other routers are present.
The show route ospf command output on the CE1 router should display loopback 0 routes from
other routers.
RP/0/RP0/CPU0:CE1# show route ospf | include /32
O 10.1.1.1/32 [110/12] via 10.3.7.3, 18:15:59, GigabitEthernet0/0/0/0
O 10.2.2.2/32 [110/32] via 10.3.7.3, 18:15:59, GigabitEthernet0/0/0/0
O 10.3.3.3/32 [110/2] via 10.3.7.3, 1w3d, GigabitEthernet0/0/0/0
O 10.4.4.4/32 [110/22] via 10.3.7.3, 18:15:59, GigabitEthernet0/0/0/0
O 10.5.5.5/32 [110/22] via 10.3.7.3, 18:15:59, GigabitEthernet0/0/0/0
O 10.6.6.6/32 [110/42] via 10.3.7.3, 18:13:38, GigabitEthernet0/0/0/0
O 10.8.8.8/32 [110/32] via 10.3.7.3, 18:15:59, GigabitEthernet0/0/0/0
O 10.9.9.9/32 [110/23] via 10.3.7.3, 18:15:59, GigabitEthernet0/0/0/0
O 10.10.10.10/32 [110/52] via 10.3.7.3, 18:13:38, GigabitEthernet0/0/0/0
Activity Verification
You have completed this task when you attain the following results:
• Verify that CE1 has routes to loopbacks to other routers.
• CE1 has been configured to populate the SR-TE database, which can be seen and verified.
Activity
Step 1 On the CE1 router, create an SRTE policy named POLICY100 and configure it with the
following parameters:
• Color 100
• Endpoint 10.8.8.8 (CE2)
• Dynamic path
• Path Selection Metric: IGP
• Path Option Preference: 100
Use the following commands:
RP/0/RP0/CPU0:CE1# configure terminal
RP/0/RP0/CPU0:CE1(config)# segment-routing
RP/0/RP0/CPU0:CE1(config-sr)# traffic-eng
RP/0/RP0/CPU0:CE1(config-sr-te)# policy POLICY100
RP/0/RP0/CPU0:CE1(config-sr-te-policy)# color 100 end-point ipv4 10.8.8.8
RP/0/RP0/CPU0:CE1(config-sr-te-policy)# candidate-paths
RP/0/RP0/CPU0:CE1(config-sr-te-policy-path)# preference 100
RP/0/RP0/CPU0:CE1(config-sr-te-policy-path-pref)# dynamic
RP/0/RP0/CPU0:CE1(config-sr-te-pp-info)# metric
RP/0/RP0/CPU0:CE1(config-sr-te-path-metric)# type igp
RP/0/RP0/CPU0:CE1(config-sr-te-path-metric)# commit
RP/0/RP0/CPU0:CE1(config-sr-te-path-metric)# end
RP/0/RP0/CPU0:CE1#
Step 2 On the CE1 router, examine the resulting SRTE policy from the previous step.
Use the show segment-routing traffic-eng policy color 100 command to observe the Segment-
Routing Path information. The path is a dynamically computed Segment Routing TE Policy, the
IGP metric is optimized, and the resulting path uses one Prefix-SID {16008}, which steers the
traffic to CE2 through the IGP path.
RP/0/RP0/CPU0:CE1# show segment-routing traffic-eng policy color 100
Step 3 On the CE1 router, re-run the show segment-routing traffic-eng policy color 100 command
and record the dynamically allocated binding SID to use in the next step.
The Binding Segment is a segment that represents the following instruction: Steer packet on the
associated SRTE Policy. A Binding Segment ID is allocated by default for each SRTE Policy.
RP/0/RP0/CPU0:CE1# show segment-routing traffic-eng policy color 100
Step 4 On the CE1 router, display the MPLS forwarding label information of the binding-SID value
determined in the previous step.
Use the show mpls forwarding labels 24003 command. An MPLS forwarding entry is installed
for the Binding-SID. A labeled packet with the Binding-SID label on top has the label popped
and the packet steered into the SRTE Policy tunnel-te interface.
RP/0/RP0/CPU0:CE1# show mpls forwarding labels 24003
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
24003 Pop No ID srte_c_100_e point2point 0
Step 5 On the CE1 router, test the policy color 100 connectivity sourced from the CE1 Loopback0
(10.7.7.7).
Use the ping sr-mpls nil-fec policy binding-sid 24003 source 10.7.7.7 command to test that the
policy color 100 is reachable from CE1 Loopback0. The ping test should be successful.
RP/0/RP0/CPU0:CE1# ping sr-mpls nil-fec policy binding-sid 24003 source 10.7.7.7
Sending 5, 100-byte MPLS Echos with Nil FEC with Binding SID Label [24003],
timeout is 2 seconds, send interval is 0 msec:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1074/1405/1649 ms
Step 6 On the CE1 router, trace to the policy color 100 with the binding label learned from the previous
steps.
Use the traceroute sr-mpls nil-fec policy binding-sid 24003 command, to send the SR MPLS
trace packets from CE1 to label 240003. The SR MPLS trace should show CE1 (10.3.7.7), PE1
(10.3.7.3), P1 (10.1.3.1), PE2 (10.1.4.4), and CE2 (10.4.8.8).
RP/0/RP0/CPU0:CE1# traceroute sr-mpls nil-fec policy binding-sid 24003
Tracing MPLS Label Switched Path with Nil FEC with Binding SID Label [24003], timeout
is 2 seconds
Activity
Step 1 On the CE1 router, create an explicit path that will be used to reach CE2.
Use the following path entries for the path named PATH1:
• 10.3.3.3 (loopback 0 of PE1)
• 10.3.5.5 (adjacency between PE1 and PE3, PE3 side)
• 10.6.6.6 (loopback 0 of PE4)
• 10.4.6.4 (adjacency between PE4 and PE2, PE2 side)
RP/0/RP0/CPU0:CE1# configure terminal
RP/0/RP0/CPU0:CE1(config)# segment-routing
RP/0/RP0/CPU0:CE1(config-sr)# traffic-eng
RP/0/RP0/CPU0:CE1(config-sr-te)# segment-list PATH1
RP/0/RP0/CPU0:CE1(config-sr-te-sl)# index 10 address ipv4 10.3.3.3
RP/0/RP0/CPU0:CE1(config-sr-te-sl)# index 20 address ipv4 10.3.5.5
RP/0/RP0/CPU0:CE1(config-sr-te-sl)# index 30 address ipv4 10.6.6.6
RP/0/RP0/CPU0:CE1(config-sr-te-sl)# index 40 address ipv4 10.4.6.4
RP/0/RP0/CPU0:CE1(config-sr-te-sl)# commit
RP/0/RP0/CPU0:CE1(config-sr-te-sl)# end
RP/0/RP0/CPU0:CE1#
Note The virtual Cisco IOS XR, used in this lab, does not provide autocompletion functionality for the index
command. Type complete index command, as show above.
Step 2 On the CE1 router, create an MPLS traffic engineering policy named POLICY200.
Configure the policy with the following parameters:
• Color 200
• Endpoint 10.8.8.8 (CE2)
• Explicit path name PATH1
• Path Option Preference: 100
RP/0/RP0/CPU0:CE1# configure terminal
RP/0/RP0/CPU0:CE1(config)# segment-routing
RP/0/RP0/CPU0:CE1(config-sr)# traffic-eng
RP/0/RP0/CPU0:CE1(config-sr-te)# policy POLICY200
RP/0/RP0/CPU0:CE1(config-sr-te-policy)# color 200 end-point ipv4 10.8.8.8
RP/0/RP0/CPU0:CE1(config-sr-te-policy)# candidate-paths
RP/0/RP0/CPU0:CE1(config-sr-te-policy-path)# preference 100
RP/0/RP0/CPU0:CE1(config-sr-te-policy-path-pref)# explicit segment-list PATH1
RP/0/RP0/CPU0:CE1(config-sr-te-pp-info)# commit
RP/0/RP0/CPU0:CE1(config-sr-te-pp-info)# end
RP/0/RP0/CPU0:CE1#
Step 3 On the CE1 router, examine the SRTE policy configured in the previous step.
Use the show segment-routing traffic-eng policy color 200 command to observe the Segment-
Routing Path Information.
The path is explicitly defined for this Segment Routing TE Policy and the resulting path uses the
following SIDs:
• Prefix-SID {16003} to PE1
• Adjacency-SID {24007} between PE1 and PE3
• Prefix-SID {16006} to PE4
• Adjacency-SID {24001} between PE4 and PE2
Record the dynamically allocated binding SID to use in the next step.
RP/0/RP0/CPU0:CE1# show segment-routing traffic-eng policy color 200
Step 4 On the CE1 router, display the MPLS forwarding label information of the binding-SID value
determined in the previous step.
An MPLS forwarding entry is installed for the Binding-SID. A labeled packet with the Binding-
SID label on top has the label popped and the packet steered into the SRTE Policy tunnel-te
interface.
RP/0/RP0/CPU0:CE1# show mpls forwarding labels 24006
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
24006 Pop No ID srte_c_200_e point2point 0
Step 5 On the CE1 router, test policy color 200 connectivity sourced from the CE1 Loopback0
(10.7.7.7).
Use the ping sr-mpls nil-fec policy binding-sid 24006 source 10.7.7.7 command to test that the
policy color 200 is reachable from CE1 Loopback0. The ping test should be successful.
RP/0/RP0/CPU0:CE1# ping sr-mpls nil-fec policy binding-sid 24006 source 10.7.7.7
Sending 5, 100-byte MPLS Echos with Nil FEC with Binding SID Label [24006],
timeout is 2 seconds, send interval is 0 msec:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 936/1765/2656 ms
Step 6 On the CE1 router, trace to the policy color 200 with the binding label learned from the previous
steps.
Use the traceroute sr-mpls nil-fec policy binding-sid 24006 command to send the SR MPLS
trace packets from CE1 to label 240006. The SR MPLS trace should show CE1 (10.3.7.7), PE1
(10.3.7.3), PE3 (10.3.5.5), P2 (10.2.5.2), PE4 (10.2.6.6), and PE2 (10.4.6.4).
RP/0/RP0/CPU0:CE1# traceroute sr-mpls nil-fec policy binding-sid 24006
Tracing MPLS Label Switched Path with Nil FEC with Binding SID Label [24006], timeout
is 2 seconds
1. Which command can test LSP connectivity of the SR policy with binding SID 24006?
A. ping policy binding-sid 24006
B. ping sr-mpls nil-fec policy binding-sid 24006
C. ping sr-policy nil-fec binding-sid 24006
D. ping sr-sid 24006 nil-fec policy
Discovery 11: Configure and Verify Basic EVPN
Introduction
In this lab exercise, you will configure and verify EVPN VPWS. You will also enable BGP to exchange
routes between PE routers. The P2 router is preconfigured as a BGP route reflector.
Activity Objective
After completing this activity, you will be able to meet these objectives:
• Configure BGP sessions between the route reflector and BGP route reflector clients.
• Configure and verify EVPN VPWS.
Visual Objective
The following are the preconfigured lab tasks:
• All P and PE routers have IS-IS configured. There is no routing protocol enabled on the CE routers.
• All P and PE routers have MPLS SR configured.
• There is no MPLS LDP configured.
• Some links have a modified IGP metric.
• The PE3, P2, and PE4 routers have BGP preconfigured. P2 is configured as the BGP route reflector.
Topology
The student pod is accessible through the Cisco Learning Services Lab Portal at https://htdlab.cisco.com.
Each pod has access to the following:
• A virtualized Linux management jump host to facilitate access to all routers.
• Virtualized routers that are based on Cisco IOS XR and that consist of four PE routers, two P routers,
and four CE routers.
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Job Aid
The following credentials will be required for this lab:
The PE3 and PE4 routers are already configured as BGP route reflector clients.
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Activity
Step 1 On the PE1 router, configure BGP with the following values:
Use the show bgp neighbor 10.3.3.3 | include BGP state command.
RP/0/RP0/CPU0:P2# show bgp neighbor 10.3.3.3 | include BGP state
Since P2 is preconfigured, you may also observe the P2 BGP route reflector configuration. Use
the show running-config router bgp command.
RP/0/RP0/CPU0:P2# show running-config router bgp
• AS: 65000
• Router ID: 10.4.4.4
• Neighbor: 10.2.2.2 (route reflector)
• Remote AS: 65000
• Update source: Loopback 0
• Address family: IPv4 unicast
Use the following commands:
RP/0/RP0/CPU0:PE2# configure
RP/0/RP0/CPU0:PE2(config)# router bgp 65000
RP/0/RP0/CPU0:PE2(config-bgp)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE2(config-bgp-af)# exit
RP/0/RP0/CPU0:PE2(config-bgp)# bgp router-id 10.4.4.4
RP/0/RP0/CPU0:PE2(config-bgp)# neighbor 10.2.2.2
RP/0/RP0/CPU0:PE2(config-bgp-nbr)# remote-as 65000
RP/0/RP0/CPU0:PE2(config-bgp-nbr)# update-source Loopback 0
RP/0/RP0/CPU0:PE2(config-bgp-nbr)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE2(config-bgp-nbr-af)# commit
RP/0/RP0/CPU0:PE2(config-bgp-nbr-af)# end
RP/0/RP0/CPU0:PE2#
Notice that there are four BGP sessions established from the P2 router. Use the show bgp
summary command.
RP/0/RP0/CPU0:P2# show bgp summary
BGP router identifier 10.2.2.2, local AS number 65000
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000000 RD version: 2
BGP main routing table version 2
BGP NSR Initial initsync version 2 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
Step 5 On the PE1 router, enable the L2VPN EVPN address family for the P2 (10.2.2.2) BGP neighbor.
You will need to enable the L2VPN EVPN address family in the BGP configuration mode. Use
the following commands:
RP/0/RP0/CPU0:PE1# configure
RP/0/RP0/CPU0:PE1(config)# router bgp 65000
RP/0/RP0/CPU0:PE1(config-bgp)# address-family l2vpn evpn
RP/0/RP0/CPU0:PE1(config-bgp-af)# exit
RP/0/RP0/CPU0:PE1(config-bgp)# neighbor 10.2.2.2
RP/0/RP0/CPU0:PE1(config-bgp-nbr)# address-family l2vpn evpn
RP/0/RP0/CPU0:PE1(config-bgp-nbr-af)# commit
RP/0/RP0/CPU0:PE1(config-bgp-nbr-af)# end
RP/0/RP0/CPU0:PE1#
Step 6 On the PE2 router, enable the L2VPN EVPN address family for the P2 (10.2.2.2) BGP
neighbor.
You will need to enable the L2VPN EVPN address family in the BGP configuration mode. Use
the following commands:
RP/0/RP0/CPU0:PE2# configure
RP/0/RP0/CPU0:PE2(config)# router bgp 65000
RP/0/RP0/CPU0:PE2(config-bgp)# address-family l2vpn evpn
RP/0/RP0/CPU0:PE2(config-bgp-af)# exit
RP/0/RP0/CPU0:PE2(config-bgp)# neighbor 10.2.2.2
RP/0/RP0/CPU0:PE2(config-bgp-nbr)# address-family l2vpn evpn
RP/0/RP0/CPU0:PE2(config-bgp-nbr-af)# commit
RP/0/RP0/CPU0:PE2(config-bgp-nbr-af)# end
RP/0/RP0/CPU0:PE2#
Activity Verification
You have completed this task when you attain the following results:
• Configure the PE1 and PE2 routers as BGP route reflector clients.
• Configure and verify the BGP IPv4 address family.
• Verify the BGP sessions between BGP route reflector and BGP route reflector clients are established.
• Configure and verify the BGP L2VPN EVPN address family.
Task 2: Configure and Verify EVPN VPWS
The purpose of this task is to configure and verify the EVPN VPWS single-homed network to provide
point-to-point Layer 2 services between CE1 and CE4. You will configure EVPN VPWS on the PE1 and
PE4 routers.
Activity
Step 1 On the PE1 and PE4 routers configure the GigabitEthernet0/0/0/2.200 subinterface with the
Layer 2 transport type in the VLAN 200.
Step 2 On the CE1 and CE4 routers configure the GigabitEthernet0/0/0/0.200 subinterface with the
VLAN 200 and IPv4 address in the IPv4 subnet 10.200.0.0/24.
Step 3 On the PE1 and PE4 routers, configure a L2VPN point-to-point cross-connect with the
following values:
Use the following commands to configure the L2VPN point-to-point cross-connect on the PE4
router:
RP/0/RP0/CPU0:PE4# configure
RP/0/RP0/CPU0:PE4(config)# l2vpn
RP/0/RP0/CPU0:PE4(config-l2vpn)# xconnect group evpn_vpws
RP/0/RP0/CPU0:PE4(config-l2vpn-xc)# p2p evpn
RP/0/RP0/CPU0:PE4(config-l2vpn-xc-p2p)# interface GigabitEthernet 0/0/0/2.200
RP/0/RP0/CPU0:PE4(config-l2vpn-xc-p2p)# neighbor evpn evi 200 target 14 source 41
RP/0/RP0/CPU0:PE4(config-l2vpn-xc-p2p-pw)# commit
RP/0/RP0/CPU0:PE4(config-l2vpn-xc-p2p-pw)# end
RP/0/RP0/CPU0:PE4#
Use the show bgp l2vpn evpn command. Notice that the PE1 receives routes with the next hop
to the PE4 (10.6.6.6).
RP/0/RP0/CPU0:PE1# show bgp l2vpn evpn
Use the show interfaces brief command. Notice that the GigabitEthernet0/0/0/2.200 interface is
up and running.
Note You can see that the EVPN VPWS control plane is operational, but the data plane will still not work. This is
due to restrictions in the lab environments.
RP/0/RP0/CPU0:PE1# show interfaces brief
Use the show evpn evi vpn-id 200 command to verify that the EVPN type is VPWS.
RP/0/RP0/CPU0:PE1# show evpn evi vpn-id 200
Step 8 On the PE1 router, verify the BGP L2VPN EVPN neighbor summary.
Use the show bgp l2vpn evpn summary command to verify the BGP L2VPN EVPN neighbor
summary. There should be a P2 (10.2.2.2) neighbor that sends one prefix.
RP/0/RP0/CPU0:PE1# show bgp l2vpn evpn summary
You may repeat the same command on the P2 router. You should see four BGP L2VPN EVPN
neighbors. The PE1 (10.3.3.3) and PE4 (10.6.6.6) routers have sent one L2VPN EVPN prefix to
the P2 router.
RP/0/RP0/CPU0:P2# show bgp l2vpn evpn summary
Activity Verification
You have completed this task when you attain the following results:
• Configure L2VPN point-to-point cross-connect on the PE1 and PE4 routers.
• Verify EVPN VPWS operations.
1. Which Cisco IOS XR command displays BGP L2VPN EVPN neighbor summary?
A. show bgp l2vpn evpn summary
B. show bgp summary evpn
C. show bgp vpnv4 evpn
D. show bgp vpnv4 evpn summary
Discovery 12: Configure and Verify Layer 3 VPN
Introduction
In this lab exercise, you will configure BGP to support the VPNv4 address family in the service provider
network and deploy BGP as the PE-CE routing protocol to enable Layer 3 VPN.
Activity Objective
After completing this activity, you will be able to meet these objectives:
• Enable BGP to support the VPNv4 address family.
• Establish VPN routing by using BGP as the PE-CE routing protocol.
Visual Objective
The following are the preconfigured lab tasks:
• All P and PE routers have IS-IS configured. There is no routing protocol enabled on the CE routers.
• All P and PE routers have MPLS SR configured.
• There is no MPLS LDP configured.
• Some links have a modified IGP metric.
• The PE3, P2, and PE4 routers have BGP preconfigured. P2 is configured as BGP route reflector.
Topology
The student pod is accessible through the Cisco Learning Services Lab Portal at https://htdlab.cisco.com.
Each pod has access to the following:
• A virtualized Linux management jump host to facilitate access to all routers.
• Virtualized routers that are based on Cisco IOS XR and that consist of four PE routers, two P routers,
and four CE routers.
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Job Aid
The following credentials will be required for this lab:
The PE2, PE3, and PE4 routers are preconfigured as BGP route reflector clients.
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Activity
Step 1 On the PE1 router, configure BGP with the following values:
Step 2 On the P2 router, verify that the BGP session to the PE1 router is established.
On the P2 router, enter the show bgp neighbor 10.3.3.3 | include BGP state command.
RP/0/RP0/CPU0:P2# show bgp neighbor 10.3.3.3 | include BGP state
Since P2 is preconfigured, you may also observe the P2 BGP route reflector configuration.
RP/0/RP0/CPU0:P2# show running-config router bgp
Step 6 On the P2 router, verify the BGP VPNv4 unicast neighbor summary.
Use the show bgp vpnv4 unicast summary command to verify the BGP VPNv4 unicast
neighbor summary. There should be four VPNv4 unicast BGP neighbors. Notice that the PE1
(10.3.3.3) did not send any prefixes.
RP/0/RP0/CPU0:P2# show bgp vpnv4 unicast summary
BGP router identifier 10.2.2.2, local AS number 65000
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 15
BGP NSR Initial initsync version 1 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
Activity Verification
You have completed this task when you attain the following results:
• Configure the PE1 router as a BGP route reflector client.
• Configure and verify BGP IPv4 and VPNv4 address families.
• Verify the BGP sessions between BGP route reflector and BGP route reflector clients are established.
In this lab, your tasks will focus on configuring PE-CE routing with BGP between PE1 and CE1. Other PE
and CE routers have been preconfigured, this includes VRF creation, VRF interface assignment, and BGP
VPNv4 address-family activation.
You will configure BGP between the PE1 and CE1 routers. You will advertise CE1 networks into BGP and
verify that CE1 can reach the CE2 advertised networks. You do not need to configure the CE2 and PE2
routers. They are preconfigured for BGP and use autonomous system 65012 to connect CE2 to PE2. The
CE3, PE3, PE4, and, CE4 are preconfigured for CustomerB. You will verify that CE3 learns networks
from CE4 but not from CE1 and CE2.
Activity
Step 1 On the PE1 and CE1 routers, verify that there is a PASS route policy preconfigured.
Use the PASS route policy to allow the exchange of all updates between PE1 and CE1. To
verify the PASS route policy on the PE1 router, use the following command:
RP/0/RP0/CPU0:PE1# show running-config route-policy PASS
route-policy PASS
pass
end-policy
To verify the PASS route policy on the CE1 router, use the following command:
RP/0/RP0/CPU0:CE1# show running-config route-policy PASS
route-policy PASS
pass
end-policy
Step 2 On the CE1 router, configure BGP in the IPv4 address family and configure PE-CE peering to
the PE1 router.
To enable VRF and add an interface to the VRF, use the following values on the PE1 router:
• VRF name: CustomerA
• VRF address family: IPv4
• Import and export route targets: 1:12
Note Before an interface is added into VRF, you will need to delete IP addresses. After the interface is added into
the VRF, you need to set the same IP addresses as before.
You may need to use the show running-config interface GigabitEthernet 0/0/0/2 command to
examine the interface IP addresses before deleting. To configure VRF on the PE1 router, use the
following commands:
RP/0/RP0/CPU0:PE1# configure
RP/0/RP0/CPU0:PE1(config)# vrf CustomerA
RP/0/RP0/CPU0:PE1(config-vrf)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE1(config-vrf-af)# import route-target
RP/0/RP0/CPU0:PE1(config-vrf-import-rt)# 1:12
RP/0/RP0/CPU0:PE1(config-vrf-import-rt)# exit
RP/0/RP0/CPU0:PE1(config-vrf-af)# export route-target
RP/0/RP0/CPU0:PE1(config-vrf-export-rt)# 1:12
RP/0/RP0/CPU0:PE1(config-vrf-export-rt)# root
RP/0/RP0/CPU0:PE1(config)# interface GigabitEthernet 0/0/0/2
RP/0/RP0/CPU0:PE1(config-if)# no ipv4 address
RP/0/RP0/CPU0:PE1(config-if)# no ipv6 address
RP/0/RP0/CPU0:PE1(config-if)# vrf CustomerA
RP/0/RP0/CPU0:PE1(config-if)# ipv4 address 10.3.7.3 255.255.255.0
RP/0/RP0/CPU0:PE1(config-if)# ipv6 address 2001::99:3:7:3/112
RP/0/RP0/CPU0:PE1(config-if)# commit
RP/0/RP0/CPU0:PE1(config-if)# end
RP/0/RP0/CPU0:PE1#
Step 4 On the PE1 router, configure BGP in the CustomerA VRF IPv4 address family and configure
PE-CE peering to the CE1 router.
Step 5 On the PE1 router, verify the BGP CustomerA VRF summary information.
Use the show bgp vrf CustomerA summary command to display BGP CustomerA VRF
summary information. The CE1 BGP peer has advertised one prefix to the PE1 router.
Note It may take a couple minutes for the BGP neighbor adjacency to form and exchange prefixes
Step 6 On the PE1 router, verify the BGP prefixes present in the CustomerA VRF.
Use the show bgp vrf CustomerA command to display the BGP CustomerA VRF prefixes:
• 10.3.7.0/24 (PE1 GE0/0/0/2 to CE1 GE0/0/0/0 subnet)
• 10.4.8.0/24 (PE2 GE0/0/0/2 to CE2 GE0/0/0/0 subnet)
• 10.7.7.7/32 (CE1 Loopback0)
• 10.8.8.8/32 (CE2 Loopback0)
RP/0/RP0/CPU0:PE1# show bgp vrf CustomerA
Step 7 On the PE1 router, verify the CustomerA VRF routing table.
Use the show route vrf CustomerA command to display the CustomerA VRF routes:
RP/0/RP0/CPU0:PE1# show route vrf CustomerA
< output omitted >
Gateway of last resort is not set
Step 9 On the PE1 router, configure the AS-override feature for the CE1 BGP neighbor. The AS-
override feature causes to replace the autonomous system number of the originating router with
the AS number of the sending BGP router.
Use the as-override command to enable the AS-override feature. This command should be
configured in the IPv4 address family for the CE1 neighbor.
RP/0/RP0/CPU0:PE1# configure
RP/0/RP0/CPU0:PE1(config)# router bgp 65000
RP/0/RP0/CPU0:PE1(config-bgp)# vrf CustomerA
RP/0/RP0/CPU0:PE1(config-bgp-vrf)# neighbor 10.3.7.7
RP/0/RP0/CPU0:PE1(config-bgp-vrf-nbr)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE1(config-bgp-vrf-nbr-af)# as-override
RP/0/RP0/CPU0:PE1(config-bgp-vrf-nbr-af)# commit
RP/0/RP0/CPU0:PE1(config-bgp-vrf-nbr-af)# end
RP/0/RP0/CPU0:PE1#
Step 11 On the CE1 router, verify connectivity between CE1 and CE2 Loopback 0 interfaces.
Step 12 On the CE3 router, verify the BGP prefixes. The CE3 and CE4 routers belong to CustomerB
VRF.
Use the show bgp command to display the following BGP prefixes:
• 10.5.9.0/24 (PE3 GE0/0/0/2 to CE3 GE0/0/0/0 subnet)
• 10.6.10.0/24 (PE4 GE0/0/0/2 to CE4 GE0/0/0/0 subnet)
• 10.9.9.9/32 (CE3 Loopback0)
• 10.10.10.10/32 (CE4 Loopback0)
There are no prefixes from the CustomerA VRF.
RP/0/RP0/CPU0:CE3# show bgp
BGP router identifier 10.9.9.9, local AS number 65034
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000000 RD version: 11
BGP main routing table version 11
BGP NSR Initial initsync version 5 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
Step 13 On the P2 router, verify all VPNv4 BGP prefixes. The P2 is BGP route reflector and should
have all customer routes.
Use the show bgp vpnv4 unicast command to display BGP VPNv4 prefixes. On the P2 router,
there are no VRFs configured, but you can differentiate customer routes based on the Route
Distinguisher (RD):
• Route Distinguisher: 1:12 belongs to CustomerA VRF
• Route Distinguisher: 1:34 belongs to CustomerB VRF
RP/0/RP0/CPU0:P2# show bgp vpnv4 unicast
BGP router identifier 10.2.2.2, local AS number 65000
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 17
BGP NSR Initial initsync version 1 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
Step 14 On the CE1 router, display the hop-by-hop path to reach the CE2 Loopback 0 interface IP
address 10.8.8.8.
The path between the CE1 and the CE2 Loopback 0 interface should be similar to the following:
RP/0/RP0/CPU0:CE1# traceroute 10.8.8.8
Step 15 On the PE1 router, display the MPLS forwarding table and the IS-IS database to examine the
outer MPLS label 16004.
The label 16004 (16000 + 4) is advertised by the IS-IS routing protocol. The IS-IS database
shows the prefix SID index four and the SRGB (16000) for the PE2 Loopback0 (10.4.4.4/32), as
shown below:
RP/0/RP0/CPU0:PE1# show isis database PE2 detail verbose
Step 16 On the PE1 router, display the BGP route for the CustomerA VRF 10.8.8.8/32 subnet and
examine the inner MPLS label 24005.
The label 24005 is VPNv4 label originated by PE2 (10.4.4.4/32) for the CustomerA VRF
10.8.8.8/32 subnet.
RP/0/RP0/CPU0:PE1# show bgp vrf CustomerA 10.8.8.8/32
Activity Verification
You have completed this task when you attain the following results:
• Configure the customer VRF and add an interface to the VRF.
• Configure and verify BGP as a PE-CE routing protocol.
• Configure and verify the AS-override feature.
• Verify the CE to CE connectivity.
• Verify the MPLS forwarding table.
1. Which Cisco IOS XR command displays all BGP prefixes with different RDs?
A. show bgp
B. show bgp vpnv4 unicast
C. show bgp vpnv4 unicast vrf <vrf_name>
D. show bgp vrf all
Discovery 13: Configure and Verify ODN and
Flexible Algorithm
Introduction
In this lab exercise, you will configure and verify SR-TE policies, ODN, and Flexible Algorithm.
Activity Objective
After completing this activity, you will be able to meet these objectives:
• Configure and verify SR-TE for high-bandwidth traffic
• Configure and verify SR-TE for low-latency traffic
• Configure and verify SR-TE for high-bandwidth and low-latency traffic, using ODN
• Configure and verify network slicing, using a Flexible Algorithm
Visual Objective
The following figure shows the objective for Tasks 1 and 2.
The student pod is accessible through the Cisco Learning Services Lab Portal at https://htdlab.cisco.com.
Each pod has access to the following:
• A virtualized Linux management jump host to facilitate access to all routers.
• Virtualized routers that are based on Cisco IOS XR and that consist of four PE routers, two P routers,
and four CE routers.
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Job Aid
The following credentials will be required for this lab:
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host and type the
host name (lowercase) of the router, this will open the SSH session to the router.
Activity
Step 1 On the PE2 router, configure a color 20 for the VRF HB (high bandwidth).
Step 2 On the PE1 router, verify that the VRF HB 10.44.44.44/32 prefix with the correct color attribute
is received from the PE2 router.
On the PE1 router, use the show bgp vpnv4 unicast vrf HB 10.44.44.44/32 command.
RP/0/RP0/CPU0:PE1# show bgp vpnv4 unicast vrf HB 10.44.44.44/32
The VRF HB 10.44.44.44/32 prefix is received from the PE2 router with the color 20.
Step 3 On the PE1 router, create an SR-TE policy named HB and configure it with the following
parameters:
• Color 20
• Endpoint 10.4.4.4 (PE2)
• Dynamic path
• Path Selection Metric: IGP
• Path Option Preference: 100
On the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1# configure
RP/0/RP0/CPU0:PE1(config)# segment-routing
RP/0/RP0/CPU0:PE1(config-sr)# traffic-eng
RP/0/RP0/CPU0:PE1(config-sr-te)# policy HB
RP/0/RP0/CPU0:PE1(config-sr-te-policy)# color 20 end-point ipv4 10.4.4.4
RP/0/RP0/CPU0:PE1(config-sr-te-policy)# candidate-paths
RP/0/RP0/CPU0:PE1(config-sr-te-policy-path)# preference 100
RP/0/RP0/CPU0:PE1(config-sr-te-policy-path-pref)# dynamic
RP/0/RP0/CPU0:PE1(config-sr-te-pp-info)# metric
RP/0/RP0/CPU0:PE1(config-sr-te-path-metric)# type igp
RP/0/RP0/CPU0:PE1(config-sr-te-path-metric)# commit
RP/0/RP0/CPU0:PE1(config-sr-te-path-metric)# end
RP/0/RP0/CPU0:PE1#
Step 4 On the PE1 router, examine the resulting SR-TE policy from the previous step.
Use the show segment-routing traffic-eng policy color 20 command to view the Segment
Routing Path information.
RP/0/RP0/CPU0:PE1# show segment-routing traffic-eng policy color 20
The policy color 20 path is a dynamically computed Segment Routing TE Policy, the IGP metric
is optimized, and the resulting path uses one Prefix-SID {16004}, which steers VRF HB traffic
to PE2 through the IGP path.
Step 5 On the PE1 router, verify the service path to PE2 VRF HB 10.44.44.44/32.
1 10.1.3.1 [MPLS: Labels 16004/24002 Exp 0] 1640 msec 900 msec 526 msec
2 10.1.4.4 2370 msec 616 msec 22 msec
The service path from the PE1 router to the PE2 router VRF HB should be through the P1
(10.1.3.1) router.
Activity Verification
You have completed this task when you attain the following result:
• You have configured SR-TE for traffic from PE1 that is destined to prefixes with the color 20 flow
through P1.
Task 2: Configure SR-TE for Low-Latency Traffic
The purpose of this task is to steer low-latency traffic through the path with the lowest latency (through
PE3, P2, and PE4), using SR-TE.
Activity
Step 1 On the PE2 router, configure the color 30 for the VRF LL (low latency).
Step 2 On the PE1 router, verify that the correct color attribute is received from the PE2 router for VRF
LL.
On the PE1 router, use the show bgp vpnv4 unicast vrf LL 10.144.144.144/32 command.
RP/0/RP0/CPU0:PE1# show bgp vpnv4 unicast vrf LL 10.144.144.144/32
Step 3 The performance measurement static configuration is preconfigured on the P and PE routers, as
shown in the Visual Objectives of this lab. On the PE1 router, verify the performance
measurement configuration.
On the PE1 router, use the show running-config performance-measurement commands.
RP/0/RP0/CPU0:PE1# show running-config performance-measurement
performance-measurement
interface GigabitEthernet0/0/0/0
delay-measurement
advertise-delay 5000
!
!
interface GigabitEthernet0/0/0/1
delay-measurement
advertise-delay 100
Notice that the PE1 router GigabitEthernet0/0/0/0 interface has advertised a delay of 5 ms (5000
us) and GigabitEthernet0/0/0/1 interface has advertised a delay of 100 us. Verify the
performance measurement configuration on other P and PE routers, to make sure that it matches
the Visual Objective of this lab.
Step 4 On the PE1 router, verify the IS-IS database and notice the advertised metric and delay.
On the PE1 router, use the show isis database verbose detail PE1 command.
RP/0/RP0/CPU0:PE1# show isis database verbose detail PE1
< output omitted >
Metric: 11 IS-Extended P1.00
Local Interface ID: 7, Remote Interface ID: 7
Interface IP Address: 10.1.3.3
Neighbor IP Address: 10.1.3.1
Affinity: 0x00000000
Physical BW: 1000000 kbits/sec
Reservable Global pool BW: 0 kbits/sec
Global Pool BW Unreserved:
[0]: 0 kbits/sec [1]: 0 kbits/sec
[2]: 0 kbits/sec [3]: 0 kbits/sec
[4]: 0 kbits/sec [5]: 0 kbits/sec
[6]: 0 kbits/sec [7]: 0 kbits/sec
Admin. Weight: 11
Ext Admin Group: Length: 32
0x00000000 0x00000000
0x00000000 0x00000000
0x00000000 0x00000000
0x00000000 0x00000000
Physical BW: 1000000 kbits/sec
Link Average Delay: 5000 us
Link Min/Max Delay: 5000/5000 us
Link Delay Variation: 0 us
ADJ-SID: F:0 B:0 V:1 L:1 S:0 P:0 weight:0 Adjacency-sid:24001
Metric: 20 IS-Extended PE3.00
Local Interface ID: 8, Remote Interface ID: 8
Interface IP Address: 10.3.5.3
Neighbor IP Address: 10.3.5.5
Affinity: 0x00000000
Physical BW: 1000000 kbits/sec
Reservable Global pool BW: 0 kbits/sec
Global Pool BW Unreserved:
[0]: 0 kbits/sec [1]: 0 kbits/sec
[2]: 0 kbits/sec [3]: 0 kbits/sec
[4]: 0 kbits/sec [5]: 0 kbits/sec
[6]: 0 kbits/sec [7]: 0 kbits/sec
Admin. Weight: 20
Ext Admin Group: Length: 32
0x00000000 0x00000000
0x00000000 0x00000000
0x00000000 0x00000000
0x00000000 0x00000000
Physical BW: 1000000 kbits/sec
Link Average Delay: 100 us
Link Min/Max Delay: 100/100 us
Link Delay Variation: 0 us
ADJ-SID: F:0 B:0 V:1 L:1 S:0 P:0 weight:0 Adjacency-sid:24025
Router Cap: 10.3.3.3 D:0 S:0
Segment Routing: I:1 V:0, SRGB Base: 16000 Range: 8000
SR Local Block: Base: 15000 Range: 1000
Node Maximum SID Depth:
Label Imposition: 10
SR Algorithm:
Algorithm: 0
Algorithm: 1
Total Level-2 LSP count: 1 Local Level-2 LSP count: 1
Step 5 On the PE1 router, create an SR-TE policy named LL and configure it with the following
parameters:
• Color 30
• Endpoint 10.4.4.4 (PE2)
• Dynamic path
• Path Selection Metric: latency
• Path Option Preference: 100
On the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1# configure
RP/0/RP0/CPU0:PE1(config)# segment-routing
RP/0/RP0/CPU0:PE1(config-sr)# traffic-eng
RP/0/RP0/CPU0:PE1(config-sr-te)# policy LL
RP/0/RP0/CPU0:PE1(config-sr-te-policy)# color 30 end-point ipv4 10.4.4.4
RP/0/RP0/CPU0:PE1(config-sr-te-policy)# candidate-paths
RP/0/RP0/CPU0:PE1(config-sr-te-policy-path)# preference 100
RP/0/RP0/CPU0:PE1(config-sr-te-policy-path-pref)# dynamic
RP/0/RP0/CPU0:PE1(config-sr-te-pp-info)# metric
RP/0/RP0/CPU0:PE1(config-sr-te-path-metric)# type latency
RP/0/RP0/CPU0:PE1(config-sr-te-path-metric)# commit
RP/0/RP0/CPU0:PE1(config-sr-te-path-metric)# end
RP/0/RP0/CPU0:PE1#
Step 6 On the PE1 router, examine the resulting SR-TE policy from the previous step.
Use the show segment-routing traffic-eng policy color 30 command to view the Segment
Routing Path information.
RP/0/RP0/CPU0:PE1# show segment-routing traffic-eng policy color 30
The policy color 30 path is a dynamically computed Segment Routing TE policy, the latency is
optimized, and the resulting path uses two Prefix-SIDs {16006 16004}, which steers VRF LL
traffic to PE2 through the low-latency path.
Step 7 On the PE1 router, verify the service path to PE2 VRF LL 10.144.144.144/32.
1 10.3.5.5 [MPLS: Labels 16006/16004/24003 Exp 0] 2347 msec 987 msec 119 msec
2 10.2.5.2 [MPLS: Labels 16006/16004/24003 Exp 0] 1087 msec 1049 msec 1536 msec
3 10.2.6.6 [MPLS: Labels 16004/24003 Exp 0] 260 msec 1816 msec 2218 msec
4 10.4.6.4 1457 msec 2414 msec 867 msec
The service path from the PE1 router to the PE2 router VRF LL should be through the PE3
(10.3.5.5), P2 (10.2.5.2), and PE4 (10.2.6.6) routers.
Step 8 On the PE1 router, change the delay measurement to a high value (999999 us) on the Gigabit
Ethernet 0/0/0/1 interface.
On the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1# configure
RP/0/RP0/CPU0:PE1(config)# performance-measurement
RP/0/RP0/CPU0:PE1(config-perf-meas)# interface GigabitEthernet0/0/0/1
RP/0/RP0/CPU0:PE1(config-pm-intf)# delay-measurement
RP/0/RP0/CPU0:PE1(config-pm-intf-dm)# advertise-delay 999999
RP/0/RP0/CPU0:PE1(config-pm-intf-dm)# commit
RP/0/RP0/CPU0:PE1(config-pm-intf-dm)# end
RP/0/RP0/CPU0:PE1#
Step 9 On the PE1 router, verify the path change for SR-TE policy 30.
Use the show segment-routing traffic-eng policy color 30 command to see that the
recalculated path uses one Prefix-SID {16004}.
RP/0/RP0/CPU0:PE1# show segment-routing traffic-eng policy color 30
Step 10 On the PE1 router, verify the service path to PE2 VRF LL 10.144.144.144/32 again.
1 10.1.3.1 [MPLS: Labels 16004/24003 Exp 0] 2421 msec 2044 msec 876 msec
2 10.1.4.4 1057 msec 1997 msec 688 msec
The service path from the PE1 router to the PE2 router VRF LL should be through the P1
(10.1.3.1) router.
Step 11 On the PE1 router, change the delay measurement back to a low value (100 us) on the Gigabit
Ethernet 0/0/0/1 interface.
Activity Verification
You have completed this task when you attain the following results:
• You have configured SR-TE such that traffic from PE1 that is destined to prefixes colored as 30 flow
through PE2, P2, and PE4, the low-latency path.
Following is the existing VRF VOICE_DATA configuration on the PE2 router. Two loopback interfaces
(480 and 490) are exported into VRF with different colors (480 and 490).
vrf VOICE_DATA
address-family ipv4 unicast
import route-target
1:244
!
export route-policy SET_COLOR_VOICE_DATA
export route-target
1:244
!
interface Loopback480
description Voice Data HighBandwidth
vrf VOICE_DATA
ipv4 address 172.16.80.80 255.255.255.0
!
interface Loopback490
description Voice Data LowLatency
vrf VOICE_DATA
ipv4 address 172.16.90.90 255.255.255.0
!
extcommunity-set opaque color480-igp
480
end-set
!
extcommunity-set opaque color490-latency
490
end-set
!
prefix-set LowLatency
172.16.90.0/24 eq 24
end-set
!
prefix-set HighBandwidth
172.16.80.0/24 eq 24
end-set
!
route-policy SET_COLOR_VOICE_DATA
if destination in HighBandwidth then
set extcommunity color color480-igp
else
if destination in LowLatency then
set extcommunity color color490-latency
endif
endif
end-policy
Activity
Step 1 On the PE1 router, verify the color of individual prefixes in VRF VOICE_DATA. Prefixes
received from the PE2 router are 172.16.80.0/24 and 172.16.90.0/24.
On the PE1 router, use the show bgp vpnv4 unicast vrf VOICE_DATA 172.16.80.0/24
command.
RP/0/RP0/CPU0:PE1# show bgp vpnv4 unicast vrf VOICE_DATA 172.16.80.0/24
The VRF VOICE_DATA prefix 172.16.80.0/24 that is received from the PE2 router has the
extended community color 480.
On the PE1 router, use the show bgp vpnv4 unicast vrf VOICE_DATA 172.16.90.0/24
command.
RP/0/RP0/CPU0:PE1# show bgp vpnv4 unicast vrf VOICE_DATA 172.16.90.0/24
The VRF VOICE_DATA prefix 172.16.90.0/24 received from the PE2 router has the extended
community color 490.
Step 2 On the PE1 router, configure an ODN policy for the color 480 with a metric type of IGP.
Step 3 On the PE1 router, verify the ODN policy for the color 480.
On the PE1 router, use the show segment-routing traffic-eng policy color 480 command.
RP/0/RP0/CPU0:PE1# show segment-routing traffic-eng policy color 480
You should see the policy with end-point 10.4.4.4 (PE2), this policy was created by ODN
request from the prefix with color 480 received from PE2 router.
Step 4 On the PE1 router, verify the service path to PE2 VRF VOICE_DATA 172.16.80.80.
On the PE1 router, use the traceroute vrf VOICE_DATA 172.16.80.80 command.
RP/0/RP0/CPU0:PE1# traceroute vrf VOICE_DATA 172.16.80.80
1 10.1.3.1 [MPLS: Labels 16004/24004 Exp 0] 1198 msec 716 msec 1414 msec
2 10.1.4.4 142 msec 3 msec 1084 msec
The service path from the PE1 router to the PE2 router VRF VOICE_DATA 172.16.80.0/24
prefix should be through the P1 (10.1.3.1) router.
Step 5 On the PE1 router, configure an ODN policy for color 490 with a metric type of latency.
On the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1# configure
RP/0/RP0/CPU0:PE1(config)# segment-routing traffic-eng
RP/0/RP0/CPU0:PE1(config-sr-te)# on-demand color 490
RP/0/RP0/CPU0:PE1(config-sr-te-color)# dynamic metric type latency
RP/0/RP0/CPU0:PE1(config-sr-te-color)# commit
RP/0/RP0/CPU0:PE1(config-sr-te-color)# end
RP/0/RP0/CPU0:PE1#
Step 6 On the PE1 router, verify the ODN policy for the color 490.
On the PE1 router, use the show segment-routing traffic-eng policy color 490 command.
RP/0/RP0/CPU0:PE1# show segment-routing traffic-eng policy color 490
You should see the policy with the endpoint 10.4.4.4 (PE2). This policy was created by the ODN
request from a prefix with the color 480, which was received from the PE2 router.
Step 7 On the PE1 router, verify the service path to PE2 VRF VOICE_DATA 172.16.90.90.
On the PE1 router, use the traceroute vrf VOICE_DATA 172.16.90.90 command.
RP/0/RP0/CPU0:PE1# traceroute vrf VOICE_DATA 172.16.90.90
1 10.3.5.5 [MPLS: Labels 16006/16004/24004 Exp 0] 1213 msec 1558 msec 1299 msec
2 10.2.5.2 [MPLS: Labels 16006/16004/24004 Exp 0] 1149 msec 1743 msec 1485 msec
3 10.2.6.6 [MPLS: Labels 16004/24004 Exp 0] 1228 msec 1625 msec 1585 msec
4 10.4.6.4 922 msec 1444 msec 1655 msec
The service path from the PE1 router to the PE2 router VRF VOICE_DATA 172.16.90.0/24
prefix should be through PE3 (10.3.5.5), P2 (10.2.5.2), and PE4 (10.2.6.6) routers.
Activity Verification
You have completed this task when you attain the following results:
• You have configured SR-TE such that traffic from PE1 that is destined to the prefixes colored as 480
flow through the P1 router.
• You have configured SR-TE such that traffic from PE1 that is destined to prefixes colored as 490 flow
through the PE3, P2, and PE4 routers, the low-latency path.
Activity
Step 1 On the PE1 router, configure Flexible Algorithm 128 for metric type delay. Other P and PE
routers are preconfigured with Flexible Algorithm 128.
Step 2 On the PE1 router, configure an ODN policy with the color 30 to use the Flexible Algorithm
128.
On the PE1 router, use these commands:
RP/0/RP0/CPU0:PE1# configure
RP/0/RP0/CPU0:PE1(config)# segment-routing traffic-eng
RP/0/RP0/CPU0:PE1(config-sr-te)# on-demand color 30
RP/0/RP0/CPU0:PE1(config-sr-te-color)# dynamic sid-algorithm 128
RP/0/RP0/CPU0:PE1(config-sr-te-color)# commit
RP/0/RP0/CPU0:PE1(config-sr-te-color)# end
RP/0/RP0/CPU0:PE1#
Step 3 On the PE1 router, verify the ODN policy for the color 30.
On the PE1 router, use the show segment-routing traffic-eng policy color 30 command.
RP/0/RP0/CPU0:PE1# show segment-routing traffic-eng policy color 30
You should see the policy with the endpoint 10.4.4.4 (PE2), using algorithm 128. This policy
was created by the ODN request from a prefix with the color 30, which was received from the
PE2 router.
Step 4 On the PE1 router, verify the service path to PE2 VRF LL 10.144.144.144.
On the PE1 router, use the traceroute vrf LL 10.144.144.144 command.
RP/0/RP0/CPU0:PE1# traceroute vrf LL 10.144.144.144
1 10.3.5.5 [MPLS: Labels 16104/24003 Exp 0] 632 msec 1234 msec 1614 msec
2 10.2.5.2 [MPLS: Labels 16104/24003 Exp 0] 1537 msec 883 msec 1436 msec
3 10.2.6.6 [MPLS: Labels 16104/24003 Exp 0] 298 msec 1123 msec 1457 msec
4 10.4.6.4 980 msec 1530 msec 1379 msec
RP/0/RP0/CPU0:PE1#
The service path from the PE1 router to the PE2 router VRF LL 10.144.144.144/32 prefix
should be through the PE3 (10.3.5.5), P2 (10.2.5.2), and PE4 (10.2.6.6) routers.
Activity Verification
You have completed this task when you attain the following results:
• You have configured the Flexible Algorithm on the PE1 router.
• You have configured SR-TE such that traffic from PE1 that is destined to prefixes colored as 30 flow
through PE3, P2, and PE4 routers, the low-latency path.
1. Which Cisco IOS XR command configures a Flexible Algorithm 130 value for SID 16110?
A. prefix-sid algorithm 130 absolute 16110
B. prefix-sid algorithm 130 index 110
C. prefix-sid algorithm 130 absolute 110
D. prefix-sid algorithm 130 index 16110
2. What are valid Flexible Algorithm values that can be defined by the user?
A. Values between 128 and 255
B. Values between 0 and 255
C. Values between 130 and 255
D. Values between 0 and 256
Discovery 14: Configure and Verify SRv6
Introduction
In this lab exercise, you will configure and verify SRv6. You will familiarize yourself with the use of Cisco
IOS XR Software commands to configure the flexible algorithm and configure VRF traffic to use the IGP
metric or latency metric.
Activity Objective
After completing this activity, you will be able to meet these objectives:
• Configure and verify IS-IS for IPv6 routing
• Configure and verify the SRv6 extension
• Configure and verify MP-BGP
• Configure and verify flexible algorithm
• Configure and verify VRF using latency metric
Visual Objective
The following figure shows the objective for tasks 1 through 4:
Topology
The student pod is accessible through the Cisco Learning Services Lab Portal at https://htdlab.cisco.com.
Each pod has access to the following:
• A virtualized Linux management jump host to facilitate access to all routers.
• Virtualized routers that are based on Cisco IOS XR and that consist of four PE routers, two P routers,
and four CE routers.
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Job Aid
The following credentials will be required for this lab:
IP Addresses
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Activity
Step 1 Log in to the P1 router and configure the IS-IS IPv6 address family.
Configure the IS-IS IPv6 address family on the following interfaces: Loopback0,
GigabitEthernet0/0/0/0, GigabitEthernet0/0/0/1, and GigabitEthernet0/0/0/2.
On the P1 router, use the following commands:
RP/0/RP0/CPU0:P1# configure
RP/0/RP0/CPU0:P1(config)# router isis 1
RP/0/RP0/CPU0:P1(config-isis)# address-family ipv6 unicast
RP/0/RP0/CPU0:P1(config-isis-af)# metric-style wide
RP/0/RP0/CPU0:P1(config-isis-af)# exit
RP/0/RP0/CPU0:P1(config-isis)# interface Loopback0
RP/0/RP0/CPU0:P1(config-isis-if)# address-family ipv6 unicast
RP/0/RP0/CPU0:P1(config-isis-if-af)# exit
RP/0/RP0/CPU0:P1(config-isis-if)# exit
RP/0/RP0/CPU0:P1(config-isis)# interface GigabitEthernet0/0/0/0
RP/0/RP0/CPU0:P1(config-isis-if)# address-family ipv6 unicast
RP/0/RP0/CPU0:P1(config-isis-if-af)# exit
RP/0/RP0/CPU0:P1(config-isis-if)# exit
RP/0/RP0/CPU0:P1(config-isis-if-af)# interface GigabitEthernet0/0/0/1
RP/0/RP0/CPU0:P1(config-isis-if)# address-family ipv6 unicast
RP/0/RP0/CPU0:P1(config-isis-if-af)# exit
RP/0/RP0/CPU0:P1(config-isis-if)# exit
RP/0/RP0/CPU0:P1(config-isis-if-af)# interface GigabitEthernet0/0/0/2
RP/0/RP0/CPU0:P1(config-isis-if)# address-family ipv6 unicast
RP/0/RP0/CPU0:P1(config-isis-if-af)# commit
RP/0/RP0/CPU0:P1(config-isis-if-af)# end
RP/0/RP0/CPU0:P1#
Step 2 Log in to the PE1 router and verify that the PE1 router has full IPv6 visibility on the entire
network.
On the PE1 router, use the show route ipv6 command. You should see P1 Loopback0
(2001::1:1:1:1/128) subnet.
RP/0/RP0/CPU0:PE1# show route ipv6
< output omitted >
i L2 2001::1:1:1:1/128
[115/10] via fe80::20c:29ff:fea9:c78d, 00:02:50, GigabitEthernet0/0/0/0
i L2 2001::2:2:2:2/128
[115/20] via fe80::20c:29ff:fea9:c78d, 00:02:48, GigabitEthernet0/0/0/0
[115/20] via fe80::20c:29ff:fea1:b2c3, 00:02:48, GigabitEthernet0/0/0/1
L 2001::3:3:3:3/128 is directly connected,
1w3d, Loopback0
i L2 2001::4:4:4:4/128
[115/20] via fe80::20c:29ff:fea9:c78d, 00:02:45, GigabitEthernet0/0/0/0
< output omitted >
Activity Verification
You have completed this task when you attain the following results:
• You have configured IS-IS IPv6 routing on the P1 router.
• You have verified that all routers have full IS-IS IPv6 reachability.
Step 1 On the P1 router, configure SRv6 extensions and SRv6 prefix fcbb:bb00:1::/48.
Step 2 On the P1 router, verify the SRv6 locator and SRv6 SIDs.
On the P1 router, use the show segment-routing srv6 locator command, to verify the SRv6
locator.
RP/0/RP0/CPU0:P1# show segment-routing srv6 locator
On the P1 router, use the show segment-routing srv6 sid all command, to verify the SRv6
SIDs.
RP/0/RP0/CPU0:P1# show segment-routing srv6 sid all
The uN function is already allocated for the device. It is essentially equal to the locator value.
Step 3 On the P1 router, verify that the End function for the SRv6 prefix fcbb:bb00:1:: is programmed
in the common event framework.
On the P1 router, use the show cef ipv6 fcbb:bb00:1:: command.
RP/0/RP0/CPU0:P1# show cef ipv6 fcbb:bb00:1::
fcbb:bb00:1::/64, version 627, SRv6 Endpoint uN (PSP/USD), internal 0x1000001 0x0 (ptr
0xe5ef458) [1], 0x400 (0xe789c78), 0x0 (0xf9620a8)
Updated Mar 14 22:10:31.939
Prefix Len 64, traffic index 0, precedence n/a, priority 0
QoS Group: 0, IP Precedence: 0
gateway array (0xe5f66b8) reference count 2, flags 0x0, source rib (7), 0 backups
[3 type 3 flags 0x8401 (0xe6a2b88) ext 0x0 (0x0)]
LW-LDI[type=3, refc=1, ptr=0xe789c78, sh-ldi=0xe6a2b88]
gateway array update type-time 1 Mar 14 22:10:31.939
LDI Update time Mar 14 22:10:32.238
LW-LDI-TS Mar 14 22:10:32.238
via ::/128, 0 dependencies, weight 0, class 0 [flags 0x0]
path-idx 0 NHID 0x0 [0xdda5120 0x0]
next hop ::/128
Step 4 On the P1 router, configure IS-IS to make sure it is aware of the SRv6 locator, and that the SRv6
locator is advertised in IGP.
Step 5 On the P1 router, verify that the IS-IS protocol is advertising all the SRv6 TLVs and that it is
allocating a few additional SIDs.
On the P1 router, use the show segment-routing srv6 sid all command, to verify SRv6 SIDs.
RP/0/RP0/CPU0:P1# show segment-routing srv6 sid all
The uA function was allocated for each interface enabled in the IS-IS routing.
Step 6 On the P1 router, verify that the End.X function for each interface is described in the IS-IS
advertisements.
All routers in the IS-IS domain should be able to see all locators in the routing table. You can
repeat the show isis database verbose P1 command on any other P or PE router in the lab
topology, to observe the same output as shown on the P1 router. Verify this is the case before
moving forward.
Activity Verification
You have completed this task when you attain the following results:
• Configure SRv6 Extension on the P1 router.
• Verify the SRv6 locator and SRv6 SIDs.
• Verify that the End function for the SRv6 prefix is programmed in the common event framework.
• Configure IS-IS to make sure it is aware of the SRv6 locator, and that the SRv6 locator is advertised in
IGP.
• Verify that the IS-IS protocol is advertising all the SRv6 TLVs and that it is allocating a few additional
SIDs.
Activity
Step 1 On the PE1 router, configure VRF 1 with route target 1:1. The PE2 router is preconfigured with
the same VRF.
Step 2 On the PE1 router, configure the interface towards the CE1 router to be a part of the VRF and
add IPv4 addressing. The PE2 router is preconfigured with the interface toward the CE2 router
to be part of the VRF.
On the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1# configure
RP/0/RP0/CPU0:PE1(config)# interface GigabitEthernet0/0/0/2
RP/0/RP0/CPU0:PE1(config-if)# no ipv4 address
RP/0/RP0/CPU0:PE1(config-if)# no ipv6 address
RP/0/RP0/CPU0:PE1(config-if)# vrf 1
RP/0/RP0/CPU0:PE1(config-if)# ipv4 address 10.3.7.3 255.255.255.0
RP/0/RP0/CPU0:PE1(config-if)# commit
RP/0/RP0/CPU0:PE1(config-if)# end
RP/0/RP0/CPU0:PE1#
Step 3 On the PE1 router, configure the BGP to support SRv6 and per-VRF SID allocation for VRF 1.
The PE2 router is preconfigured.
Step 4 On the PE1 router, configure the BGP to use the source address (2001::3:3:3:3) for SRv6. The
PE2 router is preconfigured, to use the source address (2001::4:4:4:4) for SRv6.
Step 5 On the PE1 router, verify that the connected route (10.3.7.0/24) is redistributed into BGP.
On the PE1 router, use the show bgp vrf 1 command:
RP/0/RP0/CPU0:PE1# show bgp vrf 1
< output omitted >
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf 1)
*> 10.3.7.0/24 0.0.0.0 0 32768 ?
Step 6 On the PE1 router, verify that the new SID was allocated by BGP.
On the PE1 router, use the show segment-routing srv6 sid all command.
RP/0/RP0/CPU0:PE1# show segment-routing srv6 sid all
The BGP always allocates one uDT function per VRF. This is used for all directly connected
prefixes and is the equivalent of the aggregate label in MPLS.
Step 7 On the PE1 and PE2 routers, configure the MP-BGP session between IPv6 Loopback0
interfaces, to support VPNv4 unicast prefixes.
On the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1# configure
RP/0/RP0/CPU0:PE1(config)# router bgp 65001
RP/0/RP0/CPU0:PE1(config-bgp)# bgp router-id 10.3.3.3
RP/0/RP0/CPU0:PE1(config-bgp)# address-family vpnv4 unicast
RP/0/RP0/CPU0:PE1(config-bgp-af)# exit
RP/0/RP0/CPU0:PE1(config-bgp-af)# neighbor 2001::4:4:4:4
RP/0/RP0/CPU0:PE1(config-bgp-nbr)# remote-as 65001
RP/0/RP0/CPU0:PE1(config-bgp-nbr)# update-source Loopback0
RP/0/RP0/CPU0:PE1(config-bgp-nbr)# address-family vpnv4 unicast
RP/0/RP0/CPU0:PE1(config-bgp-nbr-af)# commit
RP/0/RP0/CPU0:PE1(config-bgp-nbr-af)# end
RP/0/RP0/CPU0:PE1#
Step 8 On the PE1 router, verify that you see VRF prefixes from the PE2 router.
On the PE1 router, use the show route vrf 1 ipv4 command.
RP/0/RP0/CPU0:PE1# show route vrf 1 ipv4
< output omitted >
Gateway of last resort is not set
Step 9 On the PE1 router, verify common event framework entry for 10.4.8.0/24, to see how a packet
toward the remote prefix will be encapsulated.
On the PE1 router, use the show cef vrf 1 10.4.8.0/24 command.
RP/0/RP0/CPU0:PE1# show cef vrf 1 10.4.8.0/24
10.4.8.0/24, version 3, SRv6 Headend, internal 0x5000001 0x30 (ptr 0xe6984c8) [1],
0x400 (0xe839218), 0x0 (0xf8635b8)
Updated Mar 14 22:39:29.683
Prefix Len 24, traffic index 0, precedence n/a, priority 3
gateway array (0xf8a80a8) reference count 3, flags 0x10, source rib (7), 0 backups
[4 type 3 flags 0x8441 (0xe752188) ext 0x0 (0x0)]
LW-LDI[type=3, refc=1, ptr=0xe839218, sh-ldi=0xe752188]
gateway array update type-time 1 Mar 14 22:39:29.683
LDI Update time Mar 14 22:39:29.687
LW-LDI-TS Mar 14 22:39:29.687
Activity Verification
You have completed this task when you attain the following results:
• On the PE1 router configure VRF and configure the interface towards the CE1 router to be a part of the
VRF.
• Configure the MP-BGP to support SRv6 and per-VRF SID allocation.
• Configure the MP-BGP to use the source address for SRv6.
• Between PE1 and PE2 routers configure MP-BGP session, to support VPNv4 unicast prefixes.
Activity
Step 1 On the PE1 router, configure CE1 (10.3.7.7) as a BGP neighbor and allow all prefixes to be
exchanged. The CE1 uses BGP autonomous system number 65007.
On the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1# configure
RP/0/RP0/CPU0:PE1(config)# route-policy PASS
RP/0/RP0/CPU0:PE1(config-rpl)# pass
RP/0/RP0/CPU0:PE1(config-rpl)# end-policy
RP/0/RP0/CPU0:PE1(config)# router bgp 65001
RP/0/RP0/CPU0:PE1(config-bgp)# vrf 1
RP/0/RP0/CPU0:PE1(config-bgp-vrf)# neighbor 10.3.7.7
RP/0/RP0/CPU0:PE1(config-bgp-vrf-nbr)# remote-as 65007
RP/0/RP0/CPU0:PE1(config-bgp-vrf-nbr)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE1(config-bgp-vrf-nbr-af)# route-policy PASS in
RP/0/RP0/CPU0:PE1(config-bgp-vrf-nbr-af)# route-policy PASS out
RP/0/RP0/CPU0:PE1(config-bgp-vrf-nbr-af)# commit
RP/0/RP0/CPU0:PE1(config-bgp-vrf-nbr-af)# end
RP/0/RP0/CPU0:PE1#
Step 2 On the CE1 router, configure PE1 (10.3.7.3) as a BGP neighbor and allow all prefixes to be
exchanged. The CE1 uses BGP autonomous system number 65007.
Step 3 On the CE1 router, verify that the PE-CE BGP session is operational.
Step 4 On the CE1 router, verify connectivity to the CE2 Loopback 0 (10.8.8.8) interface.
On the CE1 router, use the ping 10.8.8.8 source Loopback 0 command:
RP/0/RP0/CPU0:CE1# ping 10.8.8.8 source Loopback 0
Step 5 On the PE1 router, verify the BGP advertisement for CE2 Loopback0 (10.8.8.8/32) prefix.
On the PE1 router, use the show bgp vrf 1 10.8.8.8/32 command:
RP/0/RP0/CPU0:PE1# show bgp vrf 1 10.8.8.8/32
The SID for VRF 1 prefix 10.8.8.8/32 is the PE2 locator (fcbb:bb00:4::) and the received label
(0xe0020). The received label may be different in your lab.
Step 6 On the PE1 router, verify the routing table for CE1 Loopback0 (10.8.8.8/32) prefix.
On the PE1 router, use the show route vrf 1 10.8.8.8/32 detail command:
RP/0/RP0/CPU0:PE1# show route vrf 1 10.8.8.8/32 detail
Step 7 On the PE2 router, verify that the packet comes encapsulated in IPv6 with the destination IPv6
address equal to the uDT function.
On the PE2 router, use the show route ipv6 fcbb:bb00:4:e002:: command. Label (:e002:) in the
SRv6 uDT4 address may be different in your lab.
RP/0/RP0/CPU0:PE2# show route ipv6 fcbb:bb00:4:e002::
Step 8 On the PE2 router, verify an IPv6 common event framework entry for VRF 1 SID
fcbb:bb00:4:e002::.
On the PE2 router, use the show cef ipv6 fcbb:bb00:4:e002:: command. Label (:e002:) in the
SRv6 uDT4 address may be different in your lab.
RP/0/RP0/CPU0:PE2# show cef ipv6 fcbb:bb00:4:e002::
fcbb:bb00:4:e002::/64, version 499, SRv6 Endpoint uDT4, internal 0x1000001 0x0 (ptr
0xe6f94d8) [1], 0x400 (0xe893ba0), 0x0 (0xf808330)
Updated Mar 14 21:42:56.933
Prefix Len 64, traffic index 0, precedence n/a, priority 0
gateway array (0xe6ffbd8) reference count 1, flags 0x0, source rib (7), 0 backups
[2 type 3 flags 0x8401 (0xe7ace28) ext 0x0 (0x0)]
LW-LDI[type=3, refc=1, ptr=0xe893ba0, sh-ldi=0xe7ace28]
gateway array update type-time 1 Mar 14 21:42:56.933
LDI Update time Mar 14 21:42:56.933
LW-LDI-TS Mar 14 21:42:56.933
via ::ffff:0.0.0.0/128, 0 dependencies, weight 0, class 0 [flags 0x0]
path-idx 0 NHID 0x0 [0xd66b558 0x0]
next hop VRF - '1', table - 0xe0000002
next hop ::ffff:0.0.0.0/128
Activity Verification
You have completed this task when you attain the following results:
• Configure and verify BGP between PE1 and CE1 routers.
• Verify CE1 to CE2 connectivity.
• Verify that the packet between PE1 and PE2 comes encapsulated in IPv6 with the destination IPv6
address equal to the uDT function.
• Verify an IPv6 common event framework entry for VRF 1 SID prefix.
Refer to the following figure, to observe preconfigured delay measurement between P and PE routers.
Activity
Step 1 On the P1 router, configure a new locator for algorithm 128, from uSID block fcbb:bb01::. Other
P and PE routers are preconfigured for algorithm 128.
Step 2 On the P1 router, configure IS-IS to advertise a new locator into IS-IS. Other P and PE routers
are preconfigured to advertise a new locator into IS-IS.
On the P1 router, use the following commands:
RP/0/RP0/CPU0:P1# configure
RP/0/RP0/CPU0:P1(config)# router isis 1
RP/0/RP0/CPU0:P1(config-isis)# flex-algo 128
RP/0/RP0/CPU0:P1(config-isis-flex-algo)# exit
RP/0/RP0/CPU0:P1(config-isis-flex-algo)# address-family ipv6 unicast
RP/0/RP0/CPU0:P1(config-isis-af)# segment-routing srv6
RP/0/RP0/CPU0:P1(config-isis-srv6)# locator LATENCY
RP/0/RP0/CPU0:P1(config-isis-srv6-loc)# commit
RP/0/RP0/CPU0:P1(config-isis-srv6-loc)# end
RP/0/RP0/CPU0:P1#
Step 3 One of the routers in the lab topology will have to advertise the definition of the new flexible
algorithm. For this lab topology, it will be a P1 router.
On the P1 router, configure IS-IS to advertise the definition of the new flexible algorithm:
RP/0/RP0/CPU0:P1# configure
RP/0/RP0/CPU0:P1(config)# router isis 1
RP/0/RP0/CPU0:P1(config-isis)# flex-algo 128
RP/0/RP0/CPU0:P1(config-isis-flex-algo)# metric-type delay
RP/0/RP0/CPU0:P1(config-isis-flex-algo)# advertise-definition
RP/0/RP0/CPU0:P1(config-isis-flex-algo)# commit
RP/0/RP0/CPU0:P1(config-isis-flex-algo)# end
RP/0/RP0/CPU0:P1#
Step 4 On the PE1 router, verify the IS-IS database for the P1 router.
On the PE1 router, use the show isis data verbose P1 command, to verify the IS-IS database for
the P1 router.
RP/0/RP0/CPU0:PE1# show isis data verbose P1
< output omitted >
SRv6 Locator: MT (IPv6 Unicast) fcbb:bb00:1::/48 D:0 Metric: 0 Algorithm: 0
Prefix Attribute Flags: X:0 R:0 N:0 E:0 A:0
END SID: fcbb:bb00:1:: uN (PSP/USD)
SID Structure:
Block Length: 32, Node-ID Length: 16, Func-Length: 0, Args-Length: 0
SRv6 Locator: MT (IPv6 Unicast) fcbb:bb01:1::/48 D:0 Metric: 0 Algorithm: 128
Prefix Attribute Flags: X:0 R:0 N:0 E:0 A:0
END SID: fcbb:bb01:1:: uN (PSP/USD)
SID Structure:
Block Length: 32, Node-ID Length: 16, Func-Length: 0, Args-Length: 0
< output omitted >
Metric: 10 MT (IPv6 Unicast) IS-Extended P2.00
Local Interface ID: 9, Remote Interface ID: 9
Interface IPv6 Address: 2001::99:1:2:1
Neighbor IPv6 Address: 2001::99:1:2:2
Physical BW: 1000000 kbits/sec
Link Average Delay: 2000 us
Link Min/Max Delay: 2000/2000 us
Link Delay Variation: 0 us
Application Specific Link Attributes:
L flag: 0, SA-Length: 1, UDA-Length: 1
Standard Applications: 0x10 FLEX-ALGO
User Defined Applications: 0x10
Link Min/Max Delay: 2000/2000 us
END.X SID: fcbb:bb00:1:e000:: B:0 S:0 P:0 uA (PSP/USD) Alg:0
SID Structure:
Block Length: 32, Node-ID Length: 16, Func-Length: 16, Args-Length: 0
END.X SID: fcbb:bb01:1:e000:: B:0 S:0 P:0 uA (PSP/USD) Alg:128
SID Structure:
Block Length: 32, Node-ID Length: 16, Func-Length: 16, Args-Length: 0
< output omitted >
Observe algorithms in the IS-IS database, including all locators and allocated functions.
Step 5 On the PE1 router, verify the locators in the routing table.
On the PE1 router, use the show route ipv6 command. You should see prefixes from
fcbb:bb00:: and fcbb:bb01:: IPv6 range.
RP/0/RP0/CPU0:PE1# show route ipv6
< output omitted >
i L2 fcbb:bb00:1::/48
[115/11] via fe80::20c:29ff:fea9:c78d, 00:56:52, GigabitEthernet0/0/0/0
i L2 fcbb:bb00:2::/48
[115/21] via fe80::20c:29ff:fea9:c78d, 01:12:05, GigabitEthernet0/0/0/0
[115/21] via fe80::20c:29ff:fea1:b2c3, 01:12:05, GigabitEthernet0/0/0/1
< output omitted >
i L2 fcbb:bb01:1::/48
[115/2200] via fe80::20c:29ff:fea1:b2c3, 00:04:32, GigabitEthernet0/0/0/1
i L2 fcbb:bb01:2::/48
[115/200] via fe80::20c:29ff:fea1:b2c3, 00:04:32, GigabitEthernet0/0/0/1
< output omitted >
Activity Verification
You have completed this task when you attain the following results:
• Configure a new locator for algorithm 128 and configure IS-IS to advertise the new locator.
• Configure IS-IS to advertise the definition of the flexible algorithm.
• Observe algorithms in the IS-IS database, including all locators and allocated functions.
• Verify the locators in the routing table.
Activity
Step 1 On the PE1 and PE2 routers, reconfigure VRF 1 to utilize the latency metric for all prefixes.
The uDT4 function is now used to describe VRF for locator LATENCY.
Step 3 On the PE1 router, verify VRF 1 common event framework entry for CE2 Loopback0
(10.8.8.8/32) prefix.
Since the latency metric is smaller through routers PE3, P2, and PE4, the common event
framework reflects the outgoing interface is toward PE3 (GigabitEthernet0/0/0/1).
On the PE1 router, use the show cef vrf 1 10.8.8.8/32 detail command:
RP/0/RP0/CPU0:PE1# show cef vrf 1 10.8.8.8/32 detail
10.8.8.8/32, version 15, SRv6 Headend, internal 0x5000001 0x30 (ptr 0xe69c160) [1],
0x400 (0xe839530), 0x0 (0xf863330)
Updated Mar 14 23:17:10.960
Prefix Len 32, traffic index 0, precedence n/a, priority 3
gateway array (0xf8a8190) reference count 2, flags 0x10, source rib (7), 0 backups
[3 type 3 flags 0x8441 (0xe7520c8) ext 0x0 (0x0)]
LW-LDI[type=3, refc=1, ptr=0xe839530, sh-ldi=0xe7520c8]
gateway array update type-time 1 Mar 14 23:17:10.959
LDI Update time Mar 14 23:17:10.960
LW-LDI-TS Mar 14 23:17:10.960
Activity Verification
You have completed this task when you attain the following results:
• Reconfigure VRF to utilize the latency metric for all prefixes.
• Verify VRF common event framework entry.
Activity Objective
After completing this activity, you will be able to meet these objectives:
• Configure and verify Model-Driven Telemetry
• Verify the streamed data on the Telemetry Collector Stack
Visual Objective
The following are the preconfigured lab tasks:
• All routers have IS-IS configured for full reachability.
• The Telemetry Collector Stack is preconfigured.
• The Telemetry Collector Stack is reachable through the management subnet.
Topology
The student pod is accessible through the Cisco Learning Services Lab Portal at https://htdlab.cisco.com.
Each pod has access to the following:
• A virtualized Linux management jump host to facilitate access to all routers.
• Virtualized routers that are based on Cisco IOS XR and that consist of four PE routers, two P routers,
and four CE routers.
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Job Aid
The following credentials will be required for this lab:
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Activity
Step 1 On the PE1 router, verify if the Telemetry Collector Stack is reachable.
On the PE1 router, use the ping command. The Telemetry Collector Stack should be reachable
on the IP address 172.16.1.50.
RP/0/RP0/CPU0:PE1# ping 172.16.1.50
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.1.50, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/11 ms
Step 2 Configure the PE1 router to synchronize the clock with the NTP server (172.16.1.50).
The PE1 router should synchronize time with the Telemetry Collector Stack. The NTP server
and the Telemetry Collector Stack are running on the same device with the IP address
172.16.1.50. On the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1# configure
RP/0/RP0/CPU0:PE1(config)# ntp
RP/0/RP0/CPU0:PE1(config-ntp)# server 172.16.1.50
RP/0/RP0/CPU0:PE1(config-ntp)# commit
RP/0/RP0/CPU0:PE1(config-ntp)# end
RP/0/RP0/CPU0:PE1#
On the PE1 router, configure the MDT destination group with the following values:
• The MDT destination group name DG1.
• The IP address 172.16.1.50 and port 57500.
• The encoding self-describing-gpb.
• The protocol grpc no-tls.
RP/0/RP0/CPU0:PE1# configure
RP/0/RP0/CPU0:PE1(config)# telemetry model-driven
RP/0/RP0/CPU0:PE1(config-model-driven)# destination-group DG1
RP/0/RP0/CPU0:PE1(config-model-driven-dest)# address-family ipv4 172.16.1.50 port 57500
RP/0/RP0/CPU0:PE1(config-model-driven-dest-addr)# encoding self-describing-gpb
RP/0/RP0/CPU0:PE1(config-model-driven-dest-addr)# protocol grpc no-tls
RP/0/RP0/CPU0:PE1(config-model-driven-dest-addr)# commit
RP/0/RP0/CPU0:PE1(config-model-driven-dest-addr)# end
RP/0/RP0/CPU0:PE1#
Activity Verification
You have completed this task when you attain the following results:
• You have verified the reachability between the PE1 router and the Telemetry Collector Stack.
• You have configured the NTP synchronization.
• You have configured the MDT destination group.
Activity
Step 1 On the PE1 router, configure the MDT sensor group for health telemetry.
On the PE1 router, use the following commands.
RP/0/RP0/CPU0:PE1# configure
RP/0/RP0/CPU0:PE1(config)# telemetry model-driven
RP/0/RP0/CPU0:PE1(config-model-driven)# sensor-group health
RP/0/RP0/CPU0:PE1(config-model-driven-snsr-grp)# sensor-path Cisco-IOS-XR-shellutil-
oper:system-time/uptime
RP/0/RP0/CPU0:PE1(config-model-driven-snsr-grp)# sensor-path Cisco-IOS-XR-wdsysmon-fd-
oper:system-monitoring/cpu-utilization
RP/0/RP0/CPU0:PE1(config-model-driven-snsr-grp)# sensor-path Cisco-IOS-XR-nto-misc-
oper:memory-summary/nodes/node/summary
RP/0/RP0/CPU0:PE1(config-model-driven-snsr-grp)# commit
RP/0/RP0/CPU0:PE1(config-model-driven-snsr-grp)# end
RP/0/RP0/CPU0:PE1#
Step 2 On the PE1 router, configure the MDT sensor group for interface statistics.
Step 3 On the PE1 router, configure the MDT sensor group for routing telemetry.
Activity Verification
You have completed this task when you attain the following results:
• You have configured and verified three MDT sensor groups.
Activity
On the PE1 router, use the show telemetry model-driven subscription command. You should
see the resolved state for all three MDT sensor groups and active for the MDT destination
groups.
RP/0/RP0/CPU0:PE1# show telemetry model-driven subscription
Subscription: Sub State: ACTIVE
-------------
Sensor groups:
Id Interval(ms) State
health 30000 Resolved
routing 3000 Resolved
interface_stats 3000 Resolved
Destination Groups:
Id Encoding Transport State Port Vrf
IP
DG1 self-describing-gpb grpc Active 57500
172.16.1.50
TLS : False
Note If the MDT destination group state is NA, wait 1 minute and display show telemetry model-driven
subscription command again.
Activity Verification
You have completed this task when you attain the following results:
• You have configured and verified the MDT subscription.
Task 4: Verify the Streamed Data on the Grafana
The purpose of this task is to verify the streamed data on the Grafana. You will access Grafana from the
jump host.
Activity
In the jump host, open Google Chrome and enter https://172.16.1.50:3000 in the URL bar.
You can also use the Grafana bookmark, as shown.
Log in to the Grafana web interface with the username admin and password admin and then
click the Log In button.
You should see CPU Utilization, Memory Use Percent, Uptime, and Device Traffic.
Step 4 In the Device_Health_Check_Demo dashboard, verify the number of the IS-IS prefixes.
In the Device_Health_Check_Demo dashboard, scroll down and open the ISIS Routing
Information section. You should see 16 active IPv4 routes.
Step 5 In the CE1 router, add three Loopbacks and advertise prefixes into the IS-IS routing protocol.
On the CE1 router, configure the following commands:
RP/0/RP0/CPU0:CE1# configure
RP/0/RP0/CPU0:CE1(config)# interface Loopback7
RP/0/RP0/CPU0:CE1(config-if)# ipv4 address 10.10.10.7 255.255.255.255
RP/0/RP0/CPU0:CE1(config-if)# exit
RP/0/RP0/CPU0:CE1(config)# interface Loopback8
RP/0/RP0/CPU0:CE1(config-if)# ipv4 address 10.10.10.8 255.255.255.255
RP/0/RP0/CPU0:CE1(config-if)# exit
RP/0/RP0/CPU0:CE1(config)# interface Loopback9
RP/0/RP0/CPU0:CE1(config-if)# ipv4 address 10.10.10.9 255.255.255.255
RP/0/RP0/CPU0:CE1(config-if)# exit
RP/0/RP0/CPU0:CE1(config)# router isis 1
RP/0/RP0/CPU0:CE1(config-isis)# interface Loopback7
RP/0/RP0/CPU0:CE1(config-isis-if)# passive
RP/0/RP0/CPU0:CE1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:CE1(config-isis-if-af)# exit
RP/0/RP0/CPU0:CE1(config-if)# exit
RP/0/RP0/CPU0:CE1(config-isis)# interface Loopback8
RP/0/RP0/CPU0:CE1(config-isis-if)# passive
RP/0/RP0/CPU0:CE1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:CE1(config-isis-if-af)# exit
RP/0/RP0/CPU0:CE1(config-if)# exit
RP/0/RP0/CPU0:CE1(config-isis)# interface Loopback9
RP/0/RP0/CPU0:CE1(config-isis-if)# passive
RP/0/RP0/CPU0:CE1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:CE1(config-isis-if-af)# commit
RP/0/RP0/CPU0:CE1(config-isis-if-af)# end
RP/0/RP0/CPU0:CE1#
Step 6 In the Device_Health_Check_Demo dashboard, verify the number of the IS-IS prefixes for the
PE1 router again.
In the Device_Health_Check_Demo dashboard, scroll down and open the ISIS Routing
Information section. The number of the IS-IS active IPv4 routes on the PE1 router should
change from 16 to 19.
1. Which Cisco IOS XR command displays the state of the MDT subscriptions?
A. show model-driven destination group
B. show snmp
C. show telemetry model-driven subscription
D. show telemetry subscription
Discovery 16: Configure and Verify Devices by
Using Model-Driven Programmability
Introduction
In this lab exercise, you will retrieve and edit device configuration by using model-driven programmability.
Activity Objective
After completing this activity, you will be able to meet these objectives:
• Configure NETCONF agent on a router
• Retrieve a complete running configuration by using model-driven programmability
• Retrieve partial configurations by using subtree filtering
• Edit device configurations by using model-driven programmability
• Configure and verify on-the-box automation
Visual Objective
The following are the preconfigured lab tasks:
• All routers have basic configuration enabled for host name, username, lines, and Mgmt interface.
Topology
The student pod is accessible through the Cisco Learning Services Lab Portal at https://htdlab.cisco.com.
Each pod has access to the following:
• A virtualized Linux management jump host to facilitate access to all routers.
• Virtualized routers that are based on Cisco IOS XR and that consist of one PE router and one P routers.
• Emulated Cisco 8201 router with Cisco IOS XR Virtual software.
You can access the virtualized Cisco IOS XR routers and emulated Cisco 8201 Series router by using the
Terminal on the jump host. Once you are on the jump host open the Terminal and type in the host name
(lowercase) of the router, this will open the SSH session to the router.
Job Aid
The following credentials will be required for this lab:
P1 MgmtEth0 172.16.1.101/32
R0 MgmtEth0 192.168.122.50
Jumphost 172.16.1.100/24
192.168.122.1/24
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
SSH session to the router.
Activity
On the PE1 router, use the show running-config commands. In later steps, you will configure
PE1 by using model-driven programmability.
RP/0/RP0/CPU0:PE1# show running-config
Building configuration...
!! IOS XR Configuration 7.5.1
!! Last configuration change at Mon May 16 08:30:42 2022 by cisco
!
hostname PE1
interface Loopback0
description Loopback
ipv4 address 10.3.3.3 255.255.255.255
ipv6 address 2001::3:3:3:3/128
!
interface MgmtEth0/RP0/CPU0/0
ipv4 address 172.16.1.103 255.255.255.0
!
interface GigabitEthernet0/0/0/0
description to P1 GigabitEthernet0/0/0/0
cdp
ipv4 address 10.1.3.3 255.255.255.0
ipv6 address 2001::99:1:3:3/112
!
interface GigabitEthernet0/0/0/1
description to PE3 GigabitEthernet0/0/0/1
cdp
ipv4 address 10.3.5.3 255.255.255.0
ipv6 address 2001::99:3:5:3/112
Use the crypto key generate rsa command. If crypto keys already exist, replace them by typing
the yes keyword and generate a 4096-bit RSA key for public-key cryptography.
RP/0/RP0/CPU0:PE1# crypto key generate rsa
The name for the keys will be: the_default
% You already have keys defined for the_default
Do you really want to replace them? [yes/no]: yes
Choose the size of the key modulus in the range of 512 to 4096 for your General
Purpose Keypair. Choosing a key modulus greater than 512 may take a few minutes.
The crypto key generation process may take some time. Wait before proceeding to the next step.
Step 3 On the PE1 router, enable SSH and the NETCONF YANG agent.
On the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1# configure
RP/0/RP0/CPU0:PE1(config)# ssh server v2
RP/0/RP0/CPU0:PE1(config)# ssh server netconf vrf default
RP/0/RP0/CPU0:PE1(config)# netconf-yang agent
RP/0/RP0/CPU0:PE1(config-ncy-agent)# ssh
RP/0/RP0/CPU0:PE1(config-ncy-agent)# commit
RP/0/RP0/CPU0:PE1(config-ncy-agent)# end
RP/0/RP0/CPU0:PE1#
Step 4 On the PE1 router, set the SSH server rate limit to 600 and SSH server capability to netconf-
xml.
Activity Verification
You have completed this task when you attain the following results:
• You enabled SSH.
• You configured the NETCONF YANG agent.
Activity
In the jump host, open Terminal and use the yangsuite Linux command. This will start the
Cisco YANG Suite.
Do not quit the Cisco YANG Suite server and leave the Terminal window opened.
student@student-vm:~$ yangsuite
/home/student/.local/lib/python3.6/site-packages/ysdevices/utilities.py:4:
CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core
team. Therefore, support for it is deprecated in cryptography and will be removed in a
future release.
from cryptography.fernet import Fernet
/home/student/.local/lib/python3.6/site-packages/paramiko/transport.py:236:
CryptographyDeprecationWarning: Blowfish has been deprecated
"class": algorithms.Blowfish,
No changes detected in app 'ysdevices'
No changes detected in app 'yangsuite'
No changes detected in app 'ysyangtree'
No changes detected in app 'ysnetconf'
No changes detected in app 'ysfilemanager'
Operations to perform:
Apply all migrations: admin, auth, contenttypes, django_registration, sessions
Running migrations:
No migrations to apply.
Step 2 In the jump host, open the Cisco YANG Suite in the Chrome browser.
You can use a Chrome bookmark (http://localhost:8480/) to open the Cisco YANG Suite page.
Log in by using the username student and password 1234QWer.
Note If Cisco YANG Suite did not start, you can start Cisco YANG Suite by entering the yangsuite Linux
command in the Terminal window and then connect to http://localhost:8480.
Step 3 In the Cisco YANG Suite, navigate to Setup and Device profiles.
In the Cisco YANG Suite, choose Setup and then Device profiles. The Manage device profiles
window will open.
In the Manage device profiles window, choose the PE1 router and click the Check selected
device’s reachability button. You should see connectivity check results as shown in the figure.
Step 5 In the Cisco YANG Suite, navigate to the Manage YANG module files and repository
window to create a new repository.
In the Cisco YANG Suite, choose Setup and then YANG files and repository. In the Manage
YANG module files and repository window, click the New repository button. Type the
repository name Cisco IOS XR 7.5.1 and click the Create repository button.
Step 6 In the Cisco YANG Suite, navigate to the Manage YANG module files and repository
window to add new YANG modules.
In the Cisco YANG Suite, choose Setup and then YANG files and repository. In the Manage
YANG module files and repository window, choose the Cisco IOS XR 7.5.1 YANG module
repository.
Step 7 In the Manage YANG module files and repository window, add NETCONF modules from the
PE1 router.
In the Manage YANG module files and repository window, choose the NETCONF tab, and
from the Select device profile dropdown menu, choose the PE1 device. Click the Get schema
list button, then Select all modules, and click the Download selected schemas button.
The Cisco YANG Suite will download YANG modules from the PE1 router. This will take few
minutes. Proceed to the next step when you can see downloaded modules in the left window as
shown in the figure.
Step 8 In the Cisco YANG Suite, create the XR 7.5.1–all YANG module set with the Cisco-IOS-XR-
cli-cfg module.
In the Cisco YANG Suite, navigate to Setup and then choose YANG module sets. The Manage
YANG module sets window will open. Click the New YANG set button, type the name XR
7.5.1–all, and click the Create YANG set button.
The new YANG set is created. Add the Cisco-IOS-XR-cli-cfg module from the right window to
the left window. You can use a filtering option, choose the module, and then click the Add
selected button.
In the right window, you will see the Missing dependencies message. Click the Locate and add
missing dependencies button and an extra module will be added. The module set is complete.
Step 9 In the Cisco YANG Suite, use the NETCONF protocol to examine the PE1 router configuration.
In the Cisco YANG Suite, navigate to Protocols and then choose NETCONF. The NETCONF
window will open. Choose the XR 7.5.1–all YANG Set and the Cisco-IOS-XR-cli-cfg module.
Click the Load Module(s) button to load the selected module.
Step 10 In the Cisco YANG Suite, build RPC to get the running configuration from the PE1 router.
In the NETCONF window, choose the get-config operation, then the PE1 device, expand the
Cisco-IOS-XR-cli-cfg tree, choose cli, and click next to the Value—Do not enter any value.
Click the </> Build RPC button to create RPC in the right window as shown in the figure.
Step 11 In the Cisco YANG Suite, run RPC to get CLI configuration from the PE1 router.
In the NETCONF window, make sure that RPC is similar as shown in the figure. Click the Run
RPC(s) button to send the RPC request to the device. A new browser tab will open.
In the new browser tab, scroll up and examine the request sent to the device.
In the new browser tab, scroll down and examine the received message from the host and CLI
configuration from the PE1 router.
Close the browser tab and click the Clear RPC(s) button to clear RPC from the right window.
Activity Verification
You have completed this task when you attain the following results:
• You have retrieved a complete running configuration by using model-driven programmability.
The Cisco YANG Suite has all YANG modules from the PE1 router.
Activity
Step 1 In the Cisco YANG Suite, create the XR 7.5.1–Interfaces YANG module set with the Cisco-
IOS-XR-ifmgr-cfg module.
In the Cisco YANG Suite, navigate to Setup and then choose YANG module sets. The
Manage YANG module sets window will open. Click the New YANG set button, type the
name XR 7.5.1–Interfaces, and click the Create YANG set button.
The new YANG set is created. Add the Cisco-IOS-XR-ifmgr-cfg module from the right
window to the left window. You can use the filtering option, choose the module, and then click
the Add selected button.
In the right window, you will see the Missing dependencies message. Click the Locate and add
missing dependencies button, and extra modules will be added. The module set is complete.
Step 2 In the Cisco YANG Suite, use the NETCONF protocol to examine the PE1 router interface
configuration.
In the Cisco YANG Suite, navigate to Protocols and then choose NETCONF. The NETCONF
window will open. Choose the XR 7.5.1–Interfaces YANG Set and the Cisco-IOS-XR-ifmgr-
cfg module. Click the Load Module(s) button to load the selected module.
Step 3 In the Cisco YANG Suite, build RPC to get the interface configuration from the PE1 router.
In the NETCONF window, choose the get-config operation, then PE1 device, expand the
Cisco-IOS-XR-ifmgr-cfg tree, expand and choose interface-configuration tree, and check the
check box in the Value column. Click the </> Build RPC button to create RPC in the right
window as shown in the figure.
Step 4 In the Cisco YANG Suite, run RPC to get the interface configuration from the PE1 router.
In the NETCONF window, make sure that RPC is similar as shown in the figure. Click the Run
RPC(s) button to send the RPC request to the device. A new browser tab will open.
In the new browser tab, scroll up and examine the request sent to the device.
In the new browser tab, scroll down and examine the received message from the host and
interface configuration from the PE1 router.
Close the browser tab and click the Clear RPC(s) button to clear RPC from the right window.
Step 5 In the Cisco YANG Suite, build RPC to get only the Loopback0 interface configuration from
the PE1 router.
In the NETCONF window, expand the interface-configuration tree, choose the interface-
name node, and type Loopback0 in the Value column. Click the </> Build RPC button to
create RPC in the right window as shown in the figure.
Step 6 In the Cisco YANG Suite, run RPC to get only the Loopback0 interface configuration from the
PE1 router.
In the NETCONF window, make sure that RPC is similar as shown in the figure. Click the Run
RPC(s) button to send the RPC request to the device. A new browser tab will open.
In the new browser tab, scroll up and examine the request sent to the device.
In the new browser tab, scroll down and examine the received message from the host and
Loopback0 interface configuration from the PE1 router.
Close the browser tab and click the Clear RPC(s) button to clear RPC from the right window.
Activity Verification
You have completed this task when you attain the following results:
• You have retrieved partial configurations by using subtree filtering.
The Cisco YANG Suite has all YANG modules from the PE1 router. You will use an already created XR
7.5.1–Interfaces YANG module set.
Activity
Step 1 In the Cisco YANG Suite, use the NETCONF protocol, choose the XR 7.5.1–Interfaces YANG
Set, and the Cisco-IOS-XR-ifmgr-cfg module.
In the Cisco YANG Suite, navigate to the Protocols and then choose NETCONF. The
NETCONF window will open. Choose the XR 7.5.1–Interfaces YANG Set and the Cisco-IOS-
XR-ifmgr-cfg module. Click the Load Module(s) button, to load the selected module.
Step 2 In the Cisco YANG Suite, build RPC to shutdown the Loopback0 interface on the PE1 router.
In the NETCONF window, choose the edit-config operation, then the PE1 device, expand the
Cisco-IOS-XR-ifmgr-cfg tree, expand the interface-configuration tree, and change the
following:
• Choose the active node and type act in the Value column.
• Choose the interface-name node and type Loopback0 in the Value column.
• Choose the shutdown node and check the check box in the Value column.
Do not build RPC now.
Step 3 In the Cisco YANG Suite, change the RPC option to add commit RPC after editing the
candidate configuration.
In the NETCONF window, click the RPC Options… button, check the check box, and click the
Continue button.
Click the </> Build RPC button to create RPC in the right window as shown in the figure.
Step 4 In the Cisco YANG Suite, run RPC to shutdown Loopback0 interface configuration from the
PE1 router.
In the NETCONF window, make sure that RPC is similar as shown in the figure. Click the Run
RPC(s) button, to send the RPC request to the device. A new browser tab will open.
In the new browser tab, scroll up and examine the request sent to the device.
In the new browser tab, scroll down and examine the received message from the host.
In the new browser tab, scroll further down and examine commit messages.
Close the browser tab and click the Clear RPC(s) button to clear RPC from the right window.
Step 5 On the PE1 router, verify the Loopback0 interface configuration.
Access the PE1 router console and use the show running-config interface Loopback 0
command. The Loopback0 interface should be shutdown.
RP/0/RP0/CPU0:PE1# show running-config interface Loopback 0
interface Loopback0
description Loopback
ipv4 address 10.3.3.3 255.255.255.255
ipv6 address 2001::3:3:3:3/128
shutdown
!
Activity Verification
You have completed this task when you attain the following results:
• You have edited device configurations by using model-driven programmability.
You will copy automation scripts from GitHub to the jump host and then to the R0 router. You will start
the script and test it.
The administrator has cloned the GitHub repository to the /iosxr-ops/ folder on the jump host. The
administrator has used the git clone Linux command on the jump host.
You can access the emulated Cisco 8201 Series router by using the Terminal on the jump host. Once you
are on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open
the SSH session to the router.
Activity
Step 1 In the jump host, copy the test_config.py file to the R0 router (192.168.122.50).
In the jump host, navigate to the iosxr-ops/config/ folder and use the ls Linux command to
verify that the test_config.py file is present.
student@student-vm:~$ cd iosxr-ops/config/
student@student-vm:~/iosxr-ops/config$ ls
template_config.py test_config.py
student@student-vm:~/iosxr-ops/config$
In the jump host, use the scp Linux command to copy the test_config.py file to the R0 router.
You should copy the file into the /harddisk:/mirror/script-mgmt/config folder on the R0
router.
student@student-vm:~/iosxr-ops/config$ scp test_config.py
cisco@192.168.122.50:/harddisk:/mirror/script-mgmt/config
test_config.py
100% 3209 468.3KB/s 00:00
Connection to 172.16.1.103 closed by remote host.
On the R0 router, use the run command to enter the Linux bash shell. Navigate to the
harddisk:/mirror/script-mgmt/config folder.
RP/0/RP0/CPU0:R0# run
[node0_RP0_CPU0:~]$ cd ..
[node0_RP0_CPU0:/]$ cd harddisk:/mirror/script-mgmt/config
[node0_RP0_CPU0:/harddisk:/mirror/script-mgmt/config]$ ls
test_config.py
On the R0 router, use the more Linux command to examine the test_config.py file content.
[node0_RP0_CPU0:/harddisk:/mirror/script-mgmt/config]$ more test_config.py
# Copyright (c) 2021 by Cisco Systems, Inc.
# All rights reserved.
"""
Validate user configuration on loopback interface.
It checks for IP address to be in a certain range else shows an error and checks for
netmask, if netmask does not match the validati
on the script changes it.
The loopback used in this script is Loopback 21041989 but you can change it by
modifying the global variable loopback.
To test script try configuration other than 100.0.0.0 network and mask other than 32:
interface Loopback21041989
ipv4 address 10.10.10.10 255.255.255.0
!!% ERROR: Invalid ip address, please add in range 100.0.0.0/8
!
end
"""
import cisco.config_validation as xr
import ipaddress
loopback = 'Loopback21041989'
network = "100.0.0.0/8"
mask = "255.255.255.255"
def check_loopback(root):
int_config = root.get_node("/ifmgr-cfg:interface-configurations/interface-
configuration[active='act',interface-name='%s']" %loop
back)
if int_config:
ip_address = int_config.get_node("ipv4-io-cfg:ipv4-
network/addresses/primary/address")
syslog.info("ipaddress is " + ip_address.value)
syslog.info(str(ipaddress.ip_address(ip_address.value) not in
ipaddress.ip_network(network)))
if ipaddress.ip_address(ip_address.value) not in ipaddress.ip_network(network):
xr.add_error(ip_address,"Invalid ip address, please add in range "+
network)
netmask = int_config.get_node("ipv4-io-cfg:ipv4-
network/addresses/primary/netmask")
syslog.info(netmask.value)
if netmask.value != mask:
netmask.set_node(None,mask)
xr.register_validate_callback(["/ifmgr-cfg:interface-configurations/interface-
configuration/ipv4-io-cfg:ipv4-network/addresses/prima
ry/*"],check_loopback)
Step 3 On the R0 router, copy the checksum value of the test_config.py file.
On the R0 router, use the sha256sum command to get the checksum of the test_config.py file.
Copy the checksum value for later use.
[node0_RP0_CPU0:/harddisk:/mirror/script-mgmt/config]$ sha256sum test_config.py
63a59a20a381439f679460cbfaf0018ce592ceb7487a0364545ae3bd3d48ee17 test_config.py
On the R0 router, use the exit command to exit from the Linux bash shell into IOS XR mode.
[xr-vm_node0_RP0_CPU0:/harddisk:/mirror/script-mgmt/config]$ exit
logout
RP/0/RP0/CPU0:PE1#
On the R0 router, use the script config command. Use the SHA256 checksum value copied
previously.
RP/0/RP0/CPU0:R0# configure
RP/0/RP0/CPU0:R0(config)# script config test_config.py checksum shA256
63a59a20a381439f679460cbfaf0018ce592ceb7487a0364545ae3bd3d48ee17
RP/0/RP0/CPU0:R0(config)# commit
RP/0/RP0/CPU0:R0(config)# end
RP/0/RP0/CPU0:R0#
Step 6 On the R0 router, test the configuration script by configuring the Loopback21041989 interface.
On the R0 router, use the show configuration failed if-committed command to examine the
reason of the failure.
RP/0/RP0/CPU0:R0(config-if)# show configuration failed if-committed
!! SEMANTIC ERRORS: This configuration was rejected by
!! the system due to semantic errors. The individual
!! errors with each failed configuration command can be
!! found below.
Step 8 On the R0 router, configure the Loopback21041989 interface in the correct range.
On the R0 router, configure the Loopback21041989 interface with an IP address in the range
100.0.0.0/8. You should see that commit is successful now.
RP/0/RP0/CPU0:R0(config-if)# ipv4 address 100.10.10.10 255.255.255.0
RP/0/RP0/CPU0:R0(config-if)# commit
RP/0/RP0/CPU0:R0(config-if)# end
RP/0/RP0/CPU0:R0#
Step 10 On the R0 router, check the syslog output for the count of errors, warnings, and modifications.
Activity Verification
You have completed this task when you attain the following results:
• You have configured and verified on-the-box automation.
1. Which Cisco IOS XR command enables netconf-yang for ssh transport?
A. netconf-yang agent ssh
B. netconf-yang ssh
C. ssh server netconf port 830
D. ssh server netconf vrf default
2. Which Cisco IOS XR command enables configuration script validation?
A. configuration validation scripts
B. validation scripts
C. validation scripts config
D. validation scripts configuration
Discovery 17: Configure and Verify Application
Hosting Within a Docker Container
Introduction
In this lab exercise, you will run iPerf3 in a Docker container and verify the application hosted in the
Docker container. At the end of the lab exercise, you will remove iPerf3 from a Docker container.
Activity Objective
After completing this activity, you will be able to meet these objectives:
• Run the iPerf3 in a Docker container
• Verify the application hosted in the Docker container
Visual Objective
The following are the preconfigured lab tasks:
• The Cisco 8201 router has basic configuration enabled for host name (R0), username, lines, and Mgmt
interface.
Topology
The student pod is accessible through the Cisco Learning Services Lab Portal at https://htdlab.cisco.com.
Each pod has access to the following:
• A virtualized Linux management jump host to facilitate access to all routers.
• Emulated Cisco 8201 router with Cisco IOS XR Virtual software.
You can access the emulated Cisco 8201 Series router by using the Terminal on the jump host. Once you
are on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open
the SSH session to the router.
Job Aid
The following credentials will be required for this lab:
IP Addresses
The following are IP addresses used in the lab:
R0 MgmtEth0 192.168.122.50/24
Jumphost 192.168.122.1/24
You can access the emulated Cisco 8201 Series router by using the Terminal on the jump host. Once you
are on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open
the SSH session to the router.
The administrator has downloaded the networkstatic/iperf3 Docker image from a public registry to the jump
host. The administrator has used the docker pull Linux command in the jump host.
Activity
Use the sudo docker images Linux command. You should see the networkstatic/iperf3 Docker
image, as shown.
student@student-vm:~$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
repo latest 41e0e0bf5113 12 hours ago 250MB
rockylinux latest c830f8e8f82b 3 months ago 205MB
networkstatic/iperf3 latest fabb5b6dba19 3 months ago 81.6MB
hello-world latest feb5d9fea6a5 8 months ago 13.3kB
Step 2 In the jump host, create a Docker image tar ball by using the networkstatic/iperf3 Docker
image.
Use the sudo docker save Linux command, to create iperf3.tar file.
student@student-vm:~$ sudo docker save networkstatic/iperf3 > iperf3.tar
student@student-vm:~$
Step 3 In the jump host, verify that the tar ball was created.
Use the ls -l Linux command. You should see the iperf3.tar file.
student@student-vm:~$ ls -l
total 83264
drwxrwxr-x 3 student student 4096 Mar 25 17:27 8K
drwxr-xr-x 2 student student 4096 Apr 24 2019 Desktop
drwxr-xr-x 2 student student 4096 Apr 24 2019 Documents
drwxr-xr-x 2 student student 4096 Jun 12 2019 Downloads
-rw-r--r-- 1 student student 8980 Mar 8 2019 examples.desktop
drwxr-xr-x 3 student student 4096 Mar 21 04:07 GNUstep
-rw-rw-r-- 1 student student 85185024 May 23 11:02 iperf3.tar
< output omitted >
Step 4 In the jump host, copy the iperf3.tar file to the R0 router (192.168.122.50).
In the jump host, use the scp Linux command to copy the iperf3.tar file to the R0 router. You
should copy the file into the /misc/scratch/ folder on the R0 router.
student@student-vm:~$ scp iperf3.tar cisco@192.168.122.50:/misc/scratch/iperf3.tar
iperf3.tar
100% 81MB 37.2MB/s 00:02
student@student-vm:~$
Step 5 On the R0 router, verify that the iperf3.tar file is copied correctly.
On the R0 router, use the run command to enter the Linux bash shell. Navigate to the
/misc/scratch/folder and use the ls Linux command. You should see the iperf3.tar file.
RP/0/RP0/CPU0:R0# run
[node0_RP0_CPU0:~]$ cd ..
[node0_RP0_CPU0:/]$ cd misc/scratch/
[node0_RP0_CPU0:/misc/scratch]$ ls
clihistory core envoke_log iperf3.tar npu_drvr_cfg pam status_file ztp
config crypto id_rsa.bin lost+found nvgen_traces shutdown syslog-hm
On the R0 router, use the docker images Linux command. Currently, there are no Docker
images.
[node0_RP0_CPU0:/misc/scratch]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[node0_RP0_CPU0:/misc/scratch]$
On the R0 router, use the docker ps Linux command. The Docker is running, but currently,
there are no Docker containers.
[node0_RP0_CPU0:/misc/scratch]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS
PORTS NAMES
[node0_RP0_CPU0:/misc/scratch]$
Step 9 On the R0 router, verify that the Docker image was loaded.
On the R0 router, use the docker images Linux command. The networkstatic/iperf3 Docker
images were loaded as shown.
[node0_RP0_CPU0:/misc/scratch]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
networkstatic/iperf3 latest fabb5b6dba19 2 months ago
81.6MB
[node0_RP0_CPU0:/misc/scratch]$
On the R0 router, use the exit command to exit from the Linux bash shell into IOS XR mode.
[node0_RP0_CPU0:/misc/scratch]$ exit
logout
RP/0/RP0/CPU0:R0#
Activity Verification
You have completed this task when you attain the following results:
• You have listed Docker images.
• You have created a Docker image tar ball.
• You have loaded the Docker image.
In this task, you will verify the iPerf3 application hosted in the Docker container. You will run the test,
where the R0 router will play the role of the server and jump host will play the role of and client.
To test bandwidth between jump host and R0 router, start a server (listener) on the R0 router, and start a
client (initiator) on the jump host.
Activity
Step 1 On the R0 router, configure Loopback0 interface with IP address 10.0.0.1/32. This IP address
will be used by the networkstatic/iperf3 Docker image.
Step 2 On the R0 router, enter the Linux bash shell and spin-up the networkstatic/iperf3 Docker
image.
On the R0 router, use the run command to enter the Linux bash shell. Use the docker run Linux
command and use the following values:
• Use the -it option interactively.
• Use the --rm option for automatic removal of the container on the exit.
• Use the -p option with the 5201:5201 value for publishing a container's port to the host.
• Use the networkstatic/iperf3 value for the image started.
• Use the --help option for the print of the usage.
[node0_RP0_CPU0:~]$ docker run -it --rm -p 5201:5201 networkstatic/iperf3 --help
Usage: iperf3 [-s|-c host] [options]
iperf3 [-h|--help] [-v|--version]
Server or Client:
-p, --port # server port to listen on/connect to
-f, --format [kmgtKMGT] format to report: Kbits, Mbits, Gbits, Tbits
-i, --interval # seconds between periodic throughput reports
Server specific:
-s, --server run in server mode
-D, --daemon run the server as a daemon
-I, --pidfile file write PID file
-1, --one-off handle one client connection then exit
< output omitted >
Client specific:
-c, --client <host> run in client mode, connecting to <host>
--sctp use SCTP rather than TCP
-X, --xbind <name> bind SCTP association to links
< output omitted >
Step 3 On the R0 router, start a listener service on IP address 10.0.0.1 and port 5201 and name the
container iperf3-server.
On the R0 router, use the docker run Linux command and use the following values:
• Use the -it option interactively.
• Use the --rm option for automatic removal of the container on the exit.
• Use the --name option with the iperf3-server value to name the Docker container.
• Use the -p option with the 10.0.0.1:5201:5201 value for publishing a container's IP address
and port to the host.
• Use the networkstatic/iperf3 value for the image started.
• Use the -s option to run iPerf in the server mode.
[node0_RP0_CPU0:~]$ docker run -it --rm --name=iperf3-server -p 10.0.0.1:5201:5201
networkstatic/iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
This command returns an iperf3 process bound to a socket waiting for new connections. Leave
the R0 router session opened.
Step 4 On the jump host, add static route to reach IP address 10.0.0.1 via the R0 router management
interface.
On the jump host, use the sudo ip route add Linux command.
student@student-vm:~$ sudo ip route add 10.0.0.1/32 via 192.168.122.50
Step 5 On the jump host, initiate an iPerf3 client connection to measure the bandwidth to the R0
router.
On the jump host, run the iPerf3 client pointing at the R0 router iPerf3 server IP address. Use
the sudo docker run Linux command and use the following values:
• Use the -it option interactively.
• Use the --rm option for automatic removal of the container on the exit.
• Use the networkstatic/iperf3 value for the image started.
• Use the -c option to run iPerf in client mode.
• Use the 10.0.0.1 value, to reach the iPerf3 server IP address on the R0 router.
student@student-vm:~$ sudo docker run -it --rm networkstatic/iperf3 -c 10.0.0.1
Connecting to host 10.0.0.1, port 5201
[ 4] local 192.168.122.1 port 56670 connected to 10.0.0.1 port 5201
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 4] 0.00-1.00 sec 77.3 MBytes 648 Mbits/sec 0 3.03 MBytes
[ 4] 1.00-2.00 sec 103 MBytes 867 Mbits/sec 0 3.03 MBytes
[ 4] 2.00-3.00 sec 103 MBytes 868 Mbits/sec 0 3.03 MBytes
[ 4] 3.00-4.00 sec 93.0 MBytes 780 Mbits/sec 0 3.03 MBytes
[ 4] 4.00-5.00 sec 78.9 MBytes 662 Mbits/sec 0 3.03 MBytes
[ 4] 5.00-6.00 sec 85.7 MBytes 719 Mbits/sec 0 3.03 MBytes
[ 4] 6.00-7.00 sec 100 MBytes 839 Mbits/sec 0 3.03 MBytes
[ 4] 7.00-8.00 sec 66.9 MBytes 561 Mbits/sec 0 3.03 MBytes
[ 4] 8.00-9.00 sec 76.2 MBytes 640 Mbits/sec 0 3.03 MBytes
[ 4] 9.00-10.00 sec 96.6 MBytes 810 Mbits/sec 0 3.03 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 881 MBytes 739 Mbits/sec 0 sender
[ 4] 0.00-10.00 sec 881 MBytes 739 Mbits/sec receiver
iperf Done.
Observe the iPerf3 client output. The iPerf client shows sender and receiver statistics. You
should see the measurement interval (Interval column), size of the transfer (Transfer column),
speed (Bitrate column), retransmitted TCP packets (Retr), and congestion window (Cwnd
column).
Step 7 On the R0 router, exit and shut the networkstatic/iperf3 Docker container.
In the R0 router, use the Ctrl-C keys. The iPerf3 server session is terminated.
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
^Ciperf3: interrupt - the server has terminated
[node0_RP0_CPU0:~]$
Step 8 On the R0 router, verify that the networkstatic/iperf3 Docker container is no longer running.
On the R0 router, use the docker ps command. The networkstatic/iperf3 Docker container is
no longer running.
[node0_RP0_CPU0:~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS
PORTS NAMES
[node0_RP0_CPU0:~]$
Step 9 Optionally, you can run Docker container on the R0 router with detach option. On the R0 router,
start a listener service on IP address 10.0.0.1 and port 5201 and name the container iperf3-
server.
On the R0 router, use the docker run Linux command and use the following values:
• Use the -d option detach, to run container in the background and print container ID.
• Other values are the same as before.
[node0_RP0_CPU0:~]$ docker run -d --rm --name=iperf3-server -p 10.0.0.1:5201:5201
networkstatic/iperf3 -s
93cf9cfb734d4ff3dc5bba8fe998a162f1aadb2391de8d8ab95b459bdbb6c240
On the R0 router, use the docker logs Linux command, to print iperf3-server logs.
[node0_RP0_CPU0:~]$ docker logs iperf3-server
< output omitted >
[ ID] Interval Transfer Bitrate
[ 5] 0.00-10.05 sec 1010 MBytes 844 Mbits/sec receiver
On the R0 router, use the docker stop Linux command, to stop iperf3-server container.
[node0_RP0_CPU0:~]$ docker stop iperf3-server
iperf3-server
Step 11 On the R0 router, verify that the networkstatic/iperf3 Docker image was removed.
On the R0 router, use the docker images command. There should be no networkstatic/iperf3
Docker images.
[node0_RP0_CPU0:~]$ docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
[node0_RP0_CPU0:~]$
Step 12 On the R0 router, delete the iperf3.tar file from the /misc/scratch directory.
On the R0 router, use the exit command to exit from the Linux bash shell into IOS XR mode.
[node0_RP0_CPU0:/misc/scratch]$ exit
logout
RP/0/RP0/CPU0:R0#
Activity Verification
You have completed this task when you attain the following results:
• You have spun-up the networkstatic/iperf3 Docker image.
• You have started the networkstatic/iperf3 listener service.
• You have listed the Docker running images.
• You have initiated a networkstatic/iperf3 client connection.
• You have exited and shut the networkstatic/iperf3 Docker container.
• You have removed the networkstatic/iperf3 Docker image.
1. Which Docker command flag destroys the container after the test has been completed?
A. The --rm flag
B. The -it flag
C. The -p flag
D. The -s flag
Answer Key
Discovery 1: Investigate and Monitor Cisco 8000 Series
Hardware
1. B