MPLS Segment Routing

Section 1: SP8KE v.1.
0 Labs
Only
Discovery 1: Investigate and Monitor Cisco 8000
Series Hardware
Introduction
In this lab exercise, you will investigate the installed software and hardware versions and monitor the state
of various hardware components of the Cisco 8000 Series router.
Activity Objective
After completing this activity, you will be able to meet these objectives:
• Verify software version on Cisco 8000 Series router.
• Verify the status of hardware modules on the Cisco 8000 Series router.
• Verify environmental and power management on Cisco 8000 Series router.
• Verify processor and memory utilization on Cisco 8000 Series router.
• Configure and verify interface in breakout mode.
Visual Objective
The following figure is the visual objective:
The following items have been preconfigured within the lab environment:
• The Cisco 8808 Series router has basic configuration enabled for host name (R0), username, lines, and
Mgmt interface.
• The Cisco 8808 Series router has a FourHundredGigE0/0/0/0 interface configured with an IPv4 address.
Topology
The Student pod is accessible through the Cisco Learning Services Lab Portal at https://htdlab.cisco.com.
Each pod has access to the following:
• A virtualized Linux management jump host to facilitate access to all routers.
• Emulated Cisco 8808 Series router with Cisco IOS XR Virtual software.
You can access the emulated Cisco 8808 Series router by using the Terminal on the jump host. Once you
are on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open
the SSH session to the router.
Job Aid
The following credentials will be required for this lab:
Device Username Password
Cisco 8808 Series router cisco cisco123

Jump host student 1234QWer
IP Addresses
The following table shows IP addresses used in the lab:
Device Interface IPv4 Address
R0 MgmtEth0 192.168.122.50/24
R0 FourHundredGigE0/0/0/0 10.1.1.1/24
Jumphost 192.168.122.1/24
Task 1: Verify Software Version on Cisco 8000 Series

Router
The purpose of this task is to familiarize yourself with the Cisco 8808 Series router software and hardware
version.
Activity
For this activity, complete the following steps:
Step 1 On the jump host, open the Terminal and type the r0 keyword, this will open the SSH session to
the R0 router.
On the R0 router, display the basic information about the router configuration.
Use the show version command, to display various system information, including the hardware
and software versions, router uptime, and active software.
RP/0/RP0/CPU0:R0# show version
Cisco IOS XR Software, Version 7.5.2.17I LNT
Copyright (c) 2013-2022 by Cisco Systems, Inc.
Build Information:
Built By : ingunawa
Built On : Wed Feb 09 09:58:46 UTC 2022
Build Host : iox-ucs-030
Workspace : /auto/iox-ucs-030-san2/prod/7.5.2.17I.SIT_IMAGE/8000/ws
Version : 7.5.2.17I
Label : 7.5.2.17I-test
cisco 8000 (VXR)

cisco 8808 (VXR) processor with 16GB of memory
R0 uptime is 2 weeks, 2 days, 13 hours, 55 minutes
Cisco 8808 8-slot Chassis
Step 2 Display the installed committed software packages.
Use the show install committed command, to display committed packages and package version.
RP/0/RP0/CPU0:R0# show install committed
Software Hash: 96e10cd837680f1c840993ce1f5492094ec755376c5c0b00b7c8a63937bdada9

Package Version
---------------------------------------------------- ---------------------------
xr-8000-af-ea 7.5.2.17Iv1.0.1-1
xr-8000-aib 7.5.2.17Iv1.0.0-1
xr-8000-bfd 7.5.2.17Iv1.0.0-1
xr-8000-buffhdr-ea 7.5.2.17Iv1.0.0-1
xr-8000-bundles 7.5.2.17Iv1.0.0-1
xr-8000-card-support 7.5.2.17Iv1.0.0-1
xr-8000-cdp-ea 7.5.2.17Iv1.0.0-1
xr-8000-cfm 7.5.2.17Iv1.0.0-1
xr-8000-core 7.5.2.17Iv1.0.2-1
xr-8000-cpa 7.5.2.17Iv1.0.0-1
xr-8000-cpa-npu 7.5.2.17Iv1.0.3-1
xr-8000-cpa-sb-data 7.5.2.17Iv1.0.0-1
xr-8000-dot1x 7.5.2.17Iv1.0.0-1
xr-8000-dsm 7.5.2.17Iv1.0.0-1
xr-8000-encap-id 7.5.2.17Iv1.0.2-1
xr-8000-ether-ea 7.5.2.17Iv1.0.1-1
xr-8000-fabric 7.5.2.17Iv1.0.0-1
xr-8000-feat-mgr 7.5.2.17Iv1.0.0-1
< output omitted >
Step 3 Display the installed active software packages.

Use the show install active command, to display active packages and package version.
RP/0/RP0/CPU0:R0# show install active
Software Hash: 96e10cd837680f1c840993ce1f5492094ec755376c5c0b00b7c8a63937bdada9

Package Version
---------------------------------------------------- ---------------------------
xr-8000-af-ea 7.5.2.17Iv1.0.1-1
xr-8000-aib 7.5.2.17Iv1.0.0-1
xr-8000-bfd 7.5.2.17Iv1.0.0-1
xr-8000-buffhdr-ea 7.5.2.17Iv1.0.0-1
xr-8000-bundles 7.5.2.17Iv1.0.0-1
xr-8000-card-support 7.5.2.17Iv1.0.0-1
xr-8000-cdp-ea 7.5.2.17Iv1.0.0-1
xr-8000-cfm 7.5.2.17Iv1.0.0-1
xr-8000-core 7.5.2.17Iv1.0.2-1
xr-8000-cpa 7.5.2.17Iv1.0.0-1
xr-8000-cpa-npu 7.5.2.17Iv1.0.3-1
xr-8000-cpa-sb-data 7.5.2.17Iv1.0.0-1
xr-8000-dot1x 7.5.2.17Iv1.0.0-1
xr-8000-dsm 7.5.2.17Iv1.0.0-1
xr-8000-encap-id 7.5.2.17Iv1.0.2-1
xr-8000-ether-ea 7.5.2.17Iv1.0.1-1
xr-8000-fabric 7.5.2.17Iv1.0.0-1
xr-8000-feat-mgr 7.5.2.17Iv1.0.0-1
< output omitted >
Activity Verification
You have completed this task when you attain the following results:
• You have displayed software and hardware version.
• You have displayed installed committed and active software packages.
Task 2: Verify Status of Hardware Modules on Cisco

8000 Series Router
The purpose of this task is to familiarize yourself with the Cisco 8808 Series router hardware status and
hardware modules.
Activity
Step 1 Display the physical inventory information for the Cisco 8808 Series router hardware.
Use the show inventory command, to view the current hardware configuration of the router.
RP/0/RP0/CPU0:R0# show inventory
NAME: "Rack 0", DESCR: "Cisco 8808 8-slot Chassis"

PID: 8808 , VID: V00, SN: FOX224PYUUA
NAME: "0/0/CPU0", DESCR: "Cisco 8800 36x400GE QSFP56-DD Line Card with MACsec"
PID: 88-LC0-36FH-M , VID: V00, SN: FOC2238XGIH
NAME: "0/RP0/CPU0", DESCR: "SF-D Route Processor"

PID: 8800-RP , VID: V00, SN: FOC2149HTIS
NAME: "0/RP1/CPU0", DESCR: "SF-D Route Processor"

PID: 8800-RP , VID: V00, SN: FOC2149COIX
NAME: "0/FC0", DESCR: "Cisco 8808 Fabric Card"

PID: 8808-FC , VID: V00, SN: FAC2201YU00
< output omitted >
Step 2 On the R0 router, display the hardware installed.
On the R0 router, use the show platform command and note your findings.
RP/0/RP0/CPU0:R0# show platform
Node Type State Config state
--------------------------------------------------------------------------------
0/RP0/CPU0 8800-RP(Active) IOS XR RUN NSHUT
0/RP1/CPU0 8800-RP(Standby) IOS XR RUN NSHUT
0/0/CPU0 88-LC0-36FH-M IOS XR RUN NSHUT
0/FC0 8808-FC OPERATIONAL NSHUT
0/FC1 8808-FC OPERATIONAL NSHUT
0/FT0 8808-FAN OPERATIONAL NSHUT
0/PT0 8800-HV-TRAY OPERATIONAL NSHUT
Ensure that the fabric cards (FC), FANs, and power trays (PT) are operating and that the route
processors (RP) and the line card (LC) are in an IOS XR RUN state.
Step 3 On the R0 router, display the list of hardware and firmware modules detected on the router.
On the R0 router, use the show hw-module fpd command, to display the list of hardware and
firmware modules detected on the router.
RP/0/RP0/CPU0:R0# show hw-module fpd
Auto-upgrade:Disabled
Attribute codes: B golden, P protect, S secure
FPD Versions
==============
Location Card type HWver FPD device ATR Status Running Programd
Reload Loc
---------------------------------------------------------------------------------------
----------
0/0/CPU0 88-LC0-36FH-M 0.31 Bios NEED UPGD 7.01 7.01
0/0/CPU0
0/0/CPU0 88-LC0-36FH-M 0.31 BiosGolden B NEED UPGD 7.01
0/0/CPU0
0/0/CPU0 88-LC0-36FH-M 0.31 EthSwitch NEED UPGD 7.01 7.01
0/0
0/0/CPU0 88-LC0-36FH-M 0.31 EthSwitchGolden B NEED UPGD 7.01
0/0
0/0/CPU0 88-LC0-36FH-M 0.31 IoFpga NEED UPGD 7.01 7.01
0/0
0/0/CPU0 88-LC0-36FH-M 0.31 IoFpgaGolden B NEED UPGD 7.01
0/0
0/0/CPU0 88-LC0-36FH-M 0.31 SsdIntelS3520 NEED UPGD 7.01 7.01
0/0
0/0/CPU0 88-LC0-36FH-M 0.31 x86Fpga NEED UPGD 7.01 7.01
0/0
0/0/CPU0 88-LC0-36FH-M 0.31 x86FpgaGolden B NEED UPGD 7.01
0/0
0/0/CPU0 88-LC0-36FH-M 0.31 x86TamFw NEED UPGD 7.01 7.01
0/0
0/0/CPU0 88-LC0-36FH-M 0.31 x86TamFwGolden B NEED UPGD 7.01
0/0
0/RP0/CPU0 8800-RP 0.12 Bios NEED UPGD 7.01 7.01
0/RP0/CPU0
0/RP0/CPU0 8800-RP 0.12 BiosGolden B NEED UPGD 7.01
0/RP0/CPU0
0/RP0/CPU0 8800-RP 0.12 EthSwitch NEED UPGD 7.01 7.01
0/RP0
< output omitted >
Step 4 On the R0 router, display field-programmable device (FPD) compatibility for the 0/FT0 module.
On the R0 router, use the show hw-module location 0/FT0 fpd command, to display the current
version of FPD images on the FAN Tray 0.
RP/0/RP0/CPU0:R0# show hw-module location 0/FT0 fpd
Auto-upgrade:Disabled
Attribute codes: B golden, P protect, S secure
FPD Versions
==============
Location Card type HWver FPD device ATR Status Running Programd
Reload Loc
---------------------------------------------------------------------------------------
----------
0/FT0 8808-FAN 0.0 FtFpga NEED UPGD 7.01 7.01
NOT REQ
0/FT0 8808-FAN 0.0 FtFpgaGolden B NEED UPGD 7.01
NOT REQ
You can repeat this command for other modules.
Step 5 Display the redundancy status of the redundant power supply.
Use the show redundancy command, to display the redundancy status of the redundant power
supply. You should also see the boot and switchover history for the redundant power supply.
RP/0/RP0/CPU0:R0# show redundancy
Redundancy information for node 0/RP0/CPU0:
==========================================
Node 0/RP0/CPU0 is in ACTIVE role
Partner node (0/RP1/CPU0) is in STANDBY role
Standby node in 0/RP1/CPU0 is ready
Standby node in 0/RP1/CPU0 is NSR-ready
Reload and boot info

----------------------
RP reloaded Mon Mar 28 20:50:28 2022: 2 weeks, 2 days, 13 hours, 44 minutes ago
Active node booted Mon Mar 28 20:50:28 2022: 2 weeks, 2 days, 13 hours, 44 minutes ago
Standby node boot Mon Mar 28 20:50:48 2022: 2 weeks, 2 days, 13 hours, 44 minutes ago
Standby node last went not ready Mon Mar 28 20:54:25 2022: 2 weeks, 2 days, 13 hours,
40 minutes ago
Standby node last went ready Mon Mar 28 20:56:10 2022: 2 weeks, 2 days, 13 hours, 39
minutes ago
Standby node last went not NSR-ready Mon Mar 28 20:51:18 2022: 2 weeks, 2 days, 13
hours, 43 minutes ago
Standby node last went NSR-ready Mon Mar 28 20:57:37 2022: 2 weeks, 2 days, 13 hours,
37 minutes ago
There have been 0 switch-overs since reload
Active node reload ""

Standby node reload ""
Step 6 Display details about the hardware and software on each node in a router.
Use the show diag command, to display diagnostics for all nodes installed in the router. Observe
the Cisco 8800 36x400GE QSFP56-DD line card with MACsec has PID number 88-LC0-36FH-
M and version identifier V00. These values may be different in your lab.
RP/0/RP0/CPU0:R0# show diag
Rack 0-Chassis IDPROM - Cisco 8808 8-slot Chassis
Info
Controller Family : 000a
Controller Type : 0602
PCB Serial Number : FLM2133LOET
PCA Number : 73-18706-02
UDI Description : Cisco 8808 8-slot Chassis
Capabilities : 00
PID : 8808
Version Identifier : V00
Top Assy. Part Number : 68-6198-01
Top Assy. Revision :
CLEI Code : S8SLOT
Chassis Serial Number : FOX224PYUUA
0/0/CPU0-MB IDPROM - Cisco 8800 36x400GE QSFP56-DD Line Card with MACsec
Info
Controller Family : 0047
Controller Type : 0638
PID : 88-LC0-36FH-M
Version Identifier : V00
UDI Description : Cisco 8800 36x400GE QSFP56-DD Line Card with MACsec
Top Assy. Part Number : 68-6687-03
Top Assy. Revision : 18
PCB Serial Number : FOC2238XGIH
PCA Revision : 09
CLEI Code : UNASSIGNED
< output omitted >
Step 7 On the R0 router, display the interfaces discovered by the system.

On the R0 router, use the show ipv4 interface brief command. After the router has booted, all
available interfaces must be discovered by the system. If interfaces are not discovered, it might
indicate a malfunction in the unit.
RP/0/RP0/CPU0:R0# show ipv4 interface brief
Interface IP-Address Status Protocol Vrf-Name

MgmtEth0/RP0/CPU0/0 192.168.122.50 Up Up default
FourHundredGigE0/0/0/0 10.1.1.1 Up Up default
FourHundredGigE0/0/0/1 unassigned Shutdown Down default
Step 8 On the R0 router, display the current system time.
On the R0 router, use the show clock command, to display the current system time.
RP/0/RP0/CPU0:R0# show clock
Wed Apr 13 19:15:47.608 UTC
19:15:47.669 UTC Wed Apr 13 2022
• You have displayed hardware status and hardware modules.
• You have displayed the redundancy status of the redundant power supply.
• You have displayed diagnostics for all nodes installed in the router.
• You have displayed interface status.
Task 3: Verify Environmental and Power Management

on Cisco 8000 Series Router
The Cisco 8000 Series routers are equipped with sensors in the router body for monitoring the environment
temperature and power management. The purpose of this task is to familiarize yourself with the Cisco 8808
Series router environmental and power management status.
Activity
Step 1 On the R0 router, display the environment information for the system.
On the R0 router, use the show environment command, to display hardware information for the
system, including fan speeds, LED indications, power supply voltage and current information,
and temperatures.
RP/0/RP0/CPU0:R0# show environment
Location TEMPERATURE Value Crit Major Minor Minor
Major Crit
Sensor (deg C) (Lo) (Lo) (Lo)
(Hi) (Hi) (Hi)
0/RP0/CPU0
Inlet_Temp 22 -10 -5 0 42
45 48
Pwr_Brick_Temp2 25 -10 -5 0 120
125 130
Mosfet_54v_Temp1 25 -10 -5 0 120
125 130
Mosfet_54v_Temp2 25 -10 -5 0 120
125 130
SSD_Temp 30 -10 -5 0 75
80 85
DIMM_TEMP1 30 -10 -5 0 105
120 135
DIMM_TEMP2 30 -10 -5 0 105
120 135
Outlet_Temp 25 -10 -5 0 80
85 90
Hot_Spot_1_Temp 25 -10 -5 0 120
125 130
Hot_Spot_2_Temp 25 -10 -5 0 120
125 130
TMP421_Temp 25 -10 -5 0 120
125 130
PEX8725_Temp 25 -10 -5 0 95
100 105
X86_PKG_TEMP 30 -10 -5 0 93
97 102
Pwr_Brick_Temp1 25 -10 -5 0 120
125 130
ALDRIN_TEMP_0 30 -5 0 5 95
100 110
< output omitted >
Step 2 Display the environmental parameters that can be selected.

Use the show environment command and press “?”, to see the variables you can select from.
RP/0/RP0/CPU0:R0# show environment ?
alarm-contact Alarm Port information
all All environmental monitor parameters
altitude Altitude information
current Current information
fan Chassis Fans information
humidity Humidity information
power Power information
temperature Temperature information
voltage Voltage information
| Output Modifiers
<cr>
Step 3 Issue the show environment power command, to view the power consumption on the individual
locations.
Use the show environment power command, to display the status of the internal power
supplies.
RP/0/RP0/CPU0:R0# show environment power
CHASSIS LEVEL POWER INFO: 0
Total output power capacity (N + 1) : 50400W + 6300W
Total output power required : 5939W
Total power input : 10579W
Total power output : 6548W
Power Supply -------Input-------- -----Output--- Status

Module Type Volts A/B Amps A/B Volts Amps
0/PT0-PM0 PSU6.3KW-HV 244.9/0.0 4.8/0.0 54.3 13.4 OK
0/PT0-PM1 PSU6.3KW-HV 244.9/0.0 4.8/0.0 54.3 13.4 OK
0/PT0-PM2 PSU6.3KW-HV 244.9/0.0 4.8/0.0 54.3 13.4 OK
0/PT1-PM0 PSU6.3KW-HV 244.9/0.0 4.8/0.0 54.3 13.4 OK
0/PT1-PM1 PSU6.3KW-HV 244.9/0.0 4.8/0.0 54.3 13.4 OK
0/PT1-PM2 PSU6.3KW-HV 244.9/0.0 4.8/0.0 54.3 13.4 OK
0/PT2-PM0 PSU6.3KW-HV 244.9/0.0 4.8/0.0 54.3 13.4 OK
0/PT2-PM1 PSU6.3KW-HV 244.9/0.0 4.8/0.0 54.3 13.4 OK
0/PT2-PM2 PSU6.3KW-HV 244.9/0.0 4.8/0.0 54.3 13.4 OK
Total of Power Modules: 10579W/43.2A 6548W/120.6A
Step 4 Display the temperature on the locations by issuing the show environment temperature
command.
Use the show environment temperature location 0/FT0 command, to view the temperature on
the specific location.
RP/0/RP0/CPU0:R0# show environment temperature location 0/FT0
Location TEMPERATURE Value Crit Major Minor Minor
Major Crit
Sensor (deg C) (Lo) (Lo) (Lo)
(Hi) (Hi) (Hi)
0/FT0
Hotswap_Temp 25 -10 -5 0 65
75 85
Low_vol_Temp 25 -10 -5 0 65
75 85
Step 5 Display the fan status on all fan trays.
Use the show environment fan command, to display the fan status on all fan trays.
RP/0/RP0/CPU0:R0# show environment fan
Fan speed (rpm)
Location FRU Type FAN_0 FAN_1 FAN_2 FAN_3
0/FT0 8808-FAN 11971 11973 11975 11941

0/FT1 8808-FAN 11971 11973 11975 11941
0/FT2 8808-FAN 11971 11973 11975 11941
0/FT3 8808-FAN 11971 11973 11975 11941
0/PT0-PM0 PSU6.3KW-HV 6150 6236
0/PT0-PM1 PSU6.3KW-HV 6150 6236
0/PT0-PM2 PSU6.3KW-HV 6150 6236
0/PT1-PM0 PSU6.3KW-HV 6150 6236
0/PT1-PM1 PSU6.3KW-HV 6150 6236
0/PT1-PM2 PSU6.3KW-HV 6150 6236
0/PT2-PM0 PSU6.3KW-HV 6150 6236
0/PT2-PM1 PSU6.3KW-HV 6150 6236
0/PT2-PM2 PSU6.3KW-HV 6150 6236
Step 6 Display the LED information for all router slots.
Use the show led command, to view the status of the router LED.
RP/0/RP0/CPU0:R0# show led
Location LED Name Mode Color
0
Attention OPERATIONAL OFF
0/0/CPU0
Status OPERATIONAL GREEN
0/FC0
0/FC1
< output omitted >
• You have displayed the environmental status.
• You have displayed the power management status.
Task 4: Verify Processor and Memory Utilization on

Cisco 8000 Series Router
Monitoring critical system resources is important to maintain the stability of the network. After you have
verified environmental resources, it is recommended to monitor the router CPU and memory resources
regularly. The purpose of this task is to familiarize yourself with the Cisco 8808 Series router CPU and
memory resources status.
Activity
Step 1 On the R0 router, display CPU and core processor usage.
On the R0 router, use the show processes cpu command, to display CPU and core processor
usage.
RP/0/RP0/CPU0:R0# show processes cpu
---- node0_RP0_CPU0 ----
CPU utilization for one minute: 6%; five minutes: 6%; fifteen minutes: 5%
PID 1Min 5Min 15Min Process

1 0% 0% 0% init
2 0% 0% 0% kthreadd
3 0% 0% 0% ksoftirqd/0
5 0% 0% 0% kworker/0:0H
7 0% 0% 0% rcu_sched
8 0% 0% 0% rcu_bh
9 0% 0% 0% migration/0
10 0% 0% 0% lru-add-drain
11 0% 0% 0% watchdog/0
12 0% 0% 0% cpuhp/0
13 0% 0% 0% cpuhp/1
14 0% 0% 0% watchdog/1
15 0% 0% 0% migration/1
16 0% 0% 0% ksoftirqd/1
18 0% 0% 0% kworker/1:0H
19 0% 0% 0% cpuhp/2
20 0% 0% 0% watchdog/2
< output omitted >
To sort for high activity usage, use the show processes cpu sorted command.
RP/0/RP0/CPU0:R0# show processes cpu sorted 5min
---- node0_RP0_CPU0 ----
CPU utilization for one minute: 6%; five minutes: 6%; fifteen minutes: 5%
PID 1Min 5Min 15Min Process

3317 2% 2% 2% envmon
4342 1% 1% 0% spp
4607 1% 1% 1% npu_drvr
1 0% 0% 0% init
2 0% 0% 0% kthreadd
3 0% 0% 0% ksoftirqd/0
5 0% 0% 0% kworker/0:0H
7 0% 0% 0% rcu_sched
8 0% 0% 0% rcu_bh
9 0% 0% 0% migration/0
10 0% 0% 0% lru-add-drain
11 0% 0% 0% watchdog/0
12 0% 0% 0% cpuhp/0
13 0% 0% 0% cpuhp/1
14 0% 0% 0% watchdog/1
15 0% 0% 0% migration/1
16 0% 0% 0% ksoftirqd/1
18 0% 0% 0% kworker/1:0H
19 0% 0% 0% cpuhp/2
20 0% 0% 0% watchdog/2
Step 2 On the R0 router, display a graph of sustained CPU utilization.

On the R0 router, use the show processes cpu history command. This graph helps to formulate
patterns. For example, if you observe a spike to 100 percent every 30 minutes, you can conclude
that something might be polling the router on a regular schedule. Examine your SNMP
configuration to help determine the cause.
RP/0/RP0/CPU0:R0# show processes cpu history
---- node0_RP0_CPU0 ----
666666666665666666656666666865556666656686566665666666566866
100
90
80
70
60
50
40
30
20
10 ************************************************************
.... ....1....1....2....2....3....3....4....4....5....5....6
0 5 0 5 0 5 0 5 0 5 0 5 0
CPU% per minute (last 60 minutes)
* = maximum CPU%
888888883888889888882888888888883888788911882788788898883889998888882998
2 5 6 00 8 0 7
100
90
80
70
60
50
40 *
30 * * * * * *
20 * * * * * *
10 ########################################################################
.... ....1....1....2....2....3....3....4....4....5....5....6....6....7..
0 5 0 5 0 5 0 5 0 5 0 5 0 5 0
CPU% per hour (last 72 hours)
* = maximum CPU% # = average CPU%
Step 3 On the R0 router, display the state of memory usage.

On the R0 router, use the show processes memory command, to display the state of memory
usage.
RP/0/RP0/CPU0:R0# show processes memory
JID Text(KB) Data(KB) Stack(KB) Dynamic(KB) Process
------ ---------- ---------- ---------- ----------- ------------------------------
260 572 2260480 132 1860812 npu_drvr
116 328 311996 132 278417 spp
323 60 137244 132 70820 fsdb_server
196 60 144416 132 70194 fsdbagg
1152 1056 90316 132 41667 ipv4_rib
411 68 48484 132 40477 clustermgr
272 4 107692 132 38600 envmon
225 60 117152 132 37265 shelfmgr
1154 1292 70052 132 33853 ipv6_rib
218 340 105856 132 29328 ledmgr
67788 52 29320 132 25556 ds
207 300 62620 132 24742 parser_server
340 24 100544 132 23795 invmgr
288 276 87436 132 23719 esd
173 12 83444 132 23079 fpd_client
1185 4432 46252 132 20409 l2vpn_mgr
1190 72 30708 132 19799 schema_server
1167 4172 40240 132 19784 pim6
1166 4160 41240 132 18831 pim
1149 4 25992 132 17099 statsd_manager_g
381 4 24424 132 16884 statsd_manager_l
< output omitted >
To find memory usage due to the subprocesses and tasks operating under a specific process, use
the show processes memory detailed command.
RP/0/RP0/CPU0:R0# show processes memory detail
JID Text Data Stack Dynamic Dyn-Limit Shm-Tot Phy-Tot
Process
=======================================================================================
=====================
260 572K 2207M 132K 1817M 22528M 240M 2371M
npu_drvr
116 328K 304M 132K 271M 300M 209M 230M spp
323 60K 134M 132K 69M 300M 21M 95M
fsdb_server
196 60K 141M 132K 68M 750M 21M 99M
fsdbagg
1152 1M 88M 132K 40M 8192M 40M 59M
ipv4_rib
411 68K 47M 132K 39M 300M 10M 51M
clustermgr
272 4K 105M 132K 37M 300M 27M 93M
envmon
225 60K 114M 132K 36M 300M 30M 96M
shelfmgr
1154 1M 68M 132K 33M 8192M 35M 55M
ipv6_rib
218 340K 103M 132K 28M 300M 24M 59M
ledmgr
67788 52K 28M 132K 24M 600M 8M 34M ds
207 300K 61M 132K 24M 2048M 37M 80M
parser_server
340 24K 98M 132K 23M 1024M 22M 52M
invmgr
288 276K 85M 132K 23M 300M 22M 76M esd
173 12K 81M 132K 22M 300M 24M 49M
fpd_client
1185 4M 45M 132K 19M 1861M 46M 59M
l2vpn_mgr
1190 72K 29M 132K 19M 300M 12M 38M
schema_server
1167 4M 39M 132K 19M 1024M 32M 53M
pim6
1166 4M 40M 132K 18M 1024M 33M 53M pim
< output omitted >
• You have displayed the CPU resource status.
• You have displayed the memory resource status.
Task 5: Configure and Verify Interface in Breakout
Mode
The Cisco 8000 router supports the transmission of traffic in breakout mode. The breakout mode enables a
400 Gb Ethernet port to be split into independent and logical ports. The purpose of this task is to familiarize
yourself with the Cisco 8808 Series router breakout mode configuration and verification.
Activity
Step 1 On the R0 router, display interface brief information.
On the R0 router, use the show ip interface brief command. Observe what interfaces are
operational and that the FourHundredGigE0/0/0/1 interface is not in use.
RP/0/RP0/CPU0:R0# show ip interface brief

< output omitted >
Step 2 On the R0 router, display interface FourHundredGigE0/0/0/1 configuration.
On the R0 router, use the show running-config command. There is no configuration applied to
the FourHundredGigE0/0/0/1 interface and the interface is administratively shut down.
RP/0/RP0/CPU0:R0# show running-config interface FourHundredGigE0/0/0/1
interface FourHundredGigE0/0/0/1
shutdown
!
Step 3 On the R0 router, configure interface FourHundredGigE0/0/0/1 optical controller into 4x100
mode.
On the R0 router, use the following commands. You can also observe what breakout modes are
available.
RP/0/RP0/CPU0:R0# configure
RP/0/RP0/CPU0:R0(config)# controller optics 0/0/0/1
RP/0/RP0/CPU0:R0(config-Optics)# breakout ?
WORD 4x10 | 4x25 | 2x50 | 8x50 | 4x100 | 3x100 | 2x100 | 1x100
RP/0/RP0/CPU0:R0(config-Optics)# breakout 4x100
RP/0/RP0/CPU0:R0(config-Optics)# commit
RP/0/RP0/CPU0:R0(config-Optics)# end
RP/0/RP0/CPU0:R0#
Note The commit process may take some time.

Step 4 On the R0 router, display interface FourHundredGigE0/0/0/1 configuration again.
On the R0 router, use the show running-config command. The interface

FourHundredGigE0/0/0/1 is not shown in the configuration anymore.
RP/0/RP0/CPU0:R0# show running-config interface FourHundredGigE0/0/0/1
% No such configuration item(s)
Step 5 On the R0 router, display interface brief information again.
On the R0 router, use the show ip interface brief command. Observe what interface
FourHundredGigE0/0/0/1 is not shown, but there are four new HundredGigE interfaces.
RP/0/RP0/CPU0:R0# show ip interface brief

< output omitted >
HundredGigE0/0/0/1/0 unassigned Up Up default
Step 6 On the R0 router, configure IP address 10.2.2.2/24 on the first HundredGigE interface, and
display the interface in the running configuration.
On the R0 router, use the following commands.

RP/0/RP0/CPU0:R0(config)# interface HundredGigE0/0/0/1/0
RP/0/RP0/CPU0:R0(config-if)# ip address 10.2.2.2 255.255.255.0
RP/0/RP0/CPU0:R0(config-if)# commit
RP/0/RP0/CPU0:R0(config-if)# end
RP/0/RP0/CPU0:R0#
On the R0 router, display the interface in the running configuration.

RP/0/RP0/CPU0:R0# show running-config interface HundredGigE 0/0/0/1/0
interface HundredGigE0/0/0/1/0
ipv4 address 10.2.2.2 255.255.255.0
!
Step 7 On the R0 router, display optics controller for interface HundredGigE0/0/0/1/0.

On the R0 router, use the show controllers optics 0/0/0/1/0 command. This output shows the
controller state down since the Cisco 8808 Series router is emulated and does not provide
physical interfaces.
RP/0/RP0/CPU0:R0# show controllers optics 0/0/0/1/0
Controller State: Down
Transport Admin State: In Service
Laser State: Off
Optics not present

Optics Type: Unavailable
DWDM Carrier Info: Unavailable, MSA ITU Channel= Unavailable, Frequency=
Unavailable , Wavelength= Unavailable
TX Power = Unavailable
RX Power = Unavailable
Step 8 On the R0 router, examine different show controller command outputs for the
HundredGigE0/0/0/1/0 interface.
On the R0 router, use the show controllers HundredGigE0/0/0/1/0 command and type “?”, to
list all options.
RP/0/RP0/CPU0:R0# show controllers HundredGigE0/0/0/1/0 ?
all Show all the information
bert Show BERT status
control Show configuration and control information(cisco-support)
description Controllers description
internal Show internal information
mac Show mac information
phy Show phy information
priority-flow-control Show priority flow control information
regs Show registers information
stats Show stats information
xgxs Show xgxs information
| Output Modifiers
<cr>
Use the show controllers HundredGigE0/0/0/1/0 command and select control output. You
should see the interface management information.
RP/0/RP0/CPU0:R0# show controllers HundredGigE0/0/0/1/0 control
Management information for interface HundredGigE0/0/0/1/0:
Bay number: 96
Port number: 1
Interface handle: 0x300
Config:
Auto-negotiation: Not configured (Off)
Carrier delay (up): Not configured
Carrier delay (down): Not configured
Speed: Configuration not supported (100Gbps)
Duplex: Configuration not supported (Full Duplex)
Flow Control: Not configured (None)
Priority Flow Control: Not configured
Priority Flow Control Watchdog: Unknown
Forward Error Correction: Not configured
IPG: Configuration not supported (standard (12))
Loopback: Not configured (None)
MTU: Not configured
Bandwidth: Not configured
BER-SD Threshold: Configuration not supported
BER-SD Report: Configuration not supported
BER-SF Threshold: Configuration not supported
BER-SF Report: Configuration not supported
BER-SF Signal Remote Failure: Configuration not supported
BER-CRC Report: Configuration not supported
Rx Optical Power Degrade Threshold: Configuration not supported
Frame preemption: Configuration not supported
Fast Shutdown: Not configured (Not configured globally)
< output omitted >
Use the show controllers HundredGigE0/0/0/1/0 command and select the priority-flow-
control output. You should see the interface priority flow control information.
RP/0/RP0/CPU0:R0# show controllers HundredGigE0/0/0/1/0 priority-flow-control
Priority flow control information for interface HundredGigE0/0/0/1/0:
Priority Flow Control:

Total Rx PFC Frames : 0
Total Tx PFC Frames : 0
Total Rx Dropped Data Frames: 0
CoS Status Rx PFC Frames
--- ------ -------------
0 off 0
1 off 0
2 off 0
3 off 0
4 off 0
5 off 0
6 off 0
7 off 0
Priority flow control watchdog configuration:

(D) : Default value
U : Unconfigured
--------------------------------------------------------------------------------
Configuration Item Global Interface Effective
--------------------------------------------------------------------------------
PFC watchdog state : U U Enabled(D)
Poll interval : U U 100(D)
Shutdown multiplier : U U 1(D)
Auto-restore multiplier : U U 10(D)
Priority flow control watchdog statistics:

SAR: Auto restore and shutdown
---------------------------------------------------------------------------------------
----------
Traffic Class : 0 1 2 3 4 5
6 7
---------------------------------------------------------------------------------------
----------
Watchdog Events : 0 0 0 0 0 0
0 0
Shutdown Events : 0 0 0 0 0 0
0 0
Auto Restore Events : 0 0 0 0 0 0
0 0
SAR Events : 0 0 0 0 0 0
0 0
< output omitted >
Use the show controllers HundredGigE0/0/0/1/0 command and select the stats output. You
should see the interface statistics.
RP/0/RP0/CPU0:R0# show controllers HundredGigE0/0/0/1/0 stats
Statistics for interface HundredGigE0/0/0/1/0 (cached values):
Ingress:
Input total bytes = 0
Input good bytes = 0
Input total packets = 0

Input 802.1Q frames = 0
Input pause frames = 0
Input pkts 64 bytes = 0
Input pkts 65-127 bytes = 0
Input pkts 1519-Max bytes = 0
Input good pkts = 0
Input unicast pkts = 0
Input multicast pkts = 0
Input broadcast pkts = 0
Input drop overrun = 0
Input drop abort = 0
Input drop invalid VLAN = 0
Input drop invalid DMAC = 0
Input drop invalid encap = 0
Input drop other = 0
< output omitted >
You can use the all output, to list all controller information in one output.
• You have configured the breakout mode.
• You have verified the breakout mode.
1. Which show command displays the power used by card type 88-LC0-36FH-M that is attached to
0/0/CPU0 location?
A. The show environment power 0/0/CPU0 command
B. the show environment power location 0/0/CPU0 command
C. The show environment power location 88-LC0-36FH-M command
D. The show environment power type 0/0/CPU0 command
Discovery 2: Troubleshoot Traffic through the
Cisco 8000 Router
Introduction
In this lab exercise, you will investigate and monitor traffic through the Cisco 8000 Series router.
Activity Objective
• Verify packet flows in the system.
• Verify packet flows through line cards.
• Verify packet flows through the route processor.
• Verify packet flows through the switch fabric.
Visual Objective
The following are the preconfigured lab tasks:
• The Cisco 8808 router has basic configuration enabled for host name (R0), username, lines, and Mgmt
interface.
• The Cisco 8808 router has a FourHundredGigE0/0/0/0 interface configured with an IPv4 address.
Topology
The student pod is accessible through the Cisco Learning Services Lab Portal at https://htdlab.cisco.com.
• Emulated the Cisco 8808 router with Cisco IOS XR Virtual software.
Job Aid
All routers cisco cisco123
IP Addresses
R0 MgmtEth0 192.168.122.50/24
R0 FourHundredGigE0/0/0/0 10.1.1.1/24
Jumphost 192.168.122.1/24
Task 1: Verify Packet Flows in the System
In this task, you display and observe the packet flows in the system.
Activity
Step 1 On the R0 router, examine the controller NPU available outputs.
Use the show controllers npu resources command with the “?” option, to examine available
outputs. Open Forwarding Abstraction (OFA) is the component that programs the hardware
objects of the Network Processing Unit (NPU). You should see the lpmtcam option available.
RP/0/RP0/CPU0:R0# show controllers npu resources ?
all all hardware resources
centralem central_em
counterbank counter_bank
dipindex dip_index
egressacltcam egress_acl_tcam
egressl3dlp egress_l3_dlp
egresslargeencap egress_large_encap
egresssmallencap egress_small_encap
ingressacltcam ingress_acl_tcam
ipv6compressedsips Multicast IPv6 Source Addresses
l2serviceport L2 Forwarding interface
l3acport L3 Forwarding interface
lpmtcam lpm_tcam
lptsmeters lpts_meters
mcemdb Multicast Replication and Route Statistics
myipv4tbl myipv4tbl
nativefecentry native_fec_entry
protectiongroup protection_group
sipidxtbl sipidxtbl
stage1lbgroup stage1_lb_group
stage1lbmember stage1_lb_member
stage2lbgroup stage2_lb_group
stage2lbmember stage2_lb_member
stage2protectionmonitor stage2_protection_monitor
tunneltermination tunnel_termination
tunneltermination1 tunnel_termination_1
v4lpts v4_lpts
v6lpts v6_lpts
Step 2 On the R0 router, display the usage of OFA hardware resources for the lpmtcam feature.
Use the show controllers npu resources lpmtcam location 0/0/CPU0 command, to examine
the usage of OFA hardware resources for the lpmtcam feature. You can see usage of the
hardware components.
There are nine IPv4 and two IPv6 entries in the routing table, as shown below.
RP/0/RP0/CPU0:R0# show controllers npu resources lpmtcam location 0/0/CPU0
HW Resource Information
Name : lpm_tcam
Asic Type : Q200
NPU-0
OOR Summary
Estimated Max Entries : 100
Red Threshold : 95 %
Yellow Threshold : 80 %
OOR State : Green
OFA Table Information

(May not match HW usage)
iprte : 9
ip6rte : 2
ip6mcrte : 0
ipmcrte : 0
Current Hardware Usage

Name: lpm_tcam
Estimated Max Entries : 100
Total In-Use : 0 (0 %)
OOR State : Green
Name: v4_lpm
Total In-Use : 15
Name: v6_lpm
Total In-Use : 5
< output omitted >
• You have displayed the controller NPU available outputs.
• You have displayed the usage of OFA hardware resources.
Task 2: Verify Packet Flows Through Line Cards

In this task, you display and observe the packet flows through line cards.
Activity
Step 1 Display the control plane Ethernet VLAN information.

Use the show controllers switch vlan information location 0/0/CPU0 command, to view the
control plane Ethernet VLAN information. You should see VLAN usage on the different
controllers.
Note At this stage of the lab there are no VLANs in use.
RP/0/RP0/CPU0:R0# show controllers switch vlan information location 0/0/CPU0
Rack Card Switch Rack Serial Number

-------------------------------------------
0
VLAN VLAN Use

--------------------------------------------
Step 2 Display the NPU port mapping and VOQ usage.
Use the show controllers npu voq-usage interface all instance all location 0/0/CPU0
command, to view the NPU port mapping and VOQ usage. This output shows how interfaces are
connected internally to the NPU, Slice, and IFG. You can also observe VOQ related information.
RP/0/RP0/CPU0:R0# show controllers npu voq-usage interface all instance all location
0/0/CPU0
-------------------------------------------------------------------
Node ID: 0/0/CPU0
Intf Intf NPU Slice IFG Sys VOQ Flow VOQ Port
name handle # # # Port base base port speed
(hex) type
----------------------------------------------------------------------
FH0/0/0/0 130 0 2 1 4 832 0 local 400G
FH0/0/0/2 140 0 2 0 12 848 0 local 400G
FH0/0/0/3 148 0 2 0 16 856 0 local 400G
FH0/0/0/4 150 0 1 1 20 864 0 local 400G
FH0/0/0/5 158 0 1 1 24 872 0 local 400G
FH0/0/0/6 160 0 1 0 28 880 0 local 400G
FH0/0/0/7 168 0 1 0 32 888 0 local 400G
FH0/0/0/8 170 0 0 1 36 896 0 local 400G
FH0/0/0/9 178 0 0 1 40 904 0 local 400G
FH0/0/0/10 180 0 0 0 44 912 0 local 400G
< output omitted >
Step 3 Display the NPU trap statistics.

Use the show controllers npu stats traps-all instance all location 0/0/CPU0 command, to
view the NPU trap statistics. For every trap type you should see NPU, Punt, Policer, and Packets
statistics.
RP/0/RP0/CPU0:R0# show controllers npu stats traps-all instance all location 0/0/CPU0
Traps marked (D*) are punted (post policing) to the local CPU internal VLAN 1586 for
debugging
They can be read using "show captured packets traps" CLI
Traps marked (D) are dropped in the NPU
Traps punted to internal VLAN 1538 are processed by the process "spp" on the "Punt
Dest" CPU
They can also be read using "show captured packets traps" CLI
"Configured Rate" is the rate configured by user (or default setting) in pps at the LC
level
"Hardware Rate" is the actual rate in effect after hardware adjustments
Policer Level:
NPU: Trap meter is setup per NPU in packets per second
IFG: Trap meter is setup at every IFG in bits per second
The per IFG meter is converted from the user configured/default rate (pps)
based on the "Avg-Pkt Size" into bps.
Due to hardware adjustments, the "Configured Rate" and
"Hardware Rate" differ in values.
Trap Type NPU

Punt Trap Punt Punt Punt
Configured Hardware Policer Avg-Pkt Packets Packets
ID ID Dest VoQ VLAN TC
Rate(pps) Rate(pps) Level Size Accepted Dropped
=======================================================================================
=============================================================================
DOT1X_LEARN 0 0 LC_CPU 239 1538 7 67
145 IFG 64 0 0
ETHERNET_DOT1X_DROP(D*) 0 1 LC_CPU 232 1586 0 67
145 IFG 64 0 0
ETHERNET_ACL_DROP(D) 0 2 NPU_DROP --- --- --- --
-------- ---------- --- N/A 0 0
ETHERNET_ACL_FORCE_PUNT(D*) 0 3 LC_CPU 232 1586 0 67
145 IFG 64 0 0
ETHERNET_ACCEPTABLE_FORMAT 0 4 LC_CPU 237 1538 5 67
145 IFG 64 0 0
UNKNOWN_VLAN_OR_BUNDLE_MEMBER(D*) 0 5 LC_CPU 232 1586 0 67
145 IFG 64 0
< output omitted >
• You have displayed packet flows through line cards.
• You have displayed the control plane Ethernet VLAN information.
• You have displayed NPU port mapping and VOQ usage.
• You have displayed NPU trap statistics.
Task 3: Verify Packet Flows Through Route Processor
In this task, you display and observe the packet flows through the route processor.
Activity
Step 1 Display the entries in the LPTS pre-IFIB hardware table.
Use the show lpts pifib hardware entry brief location 0/0/CPU0 command, to view the entries
in the LPTS pre-IFIB hardware table.
RP/0/RP0/CPU0:R0# show lpts pifib hardware entry brief location 0/0/CPU0
-----------------------------------------------------------------------
Type DestIP SrcIP Interface vrf L4 LPort/Type

RPort npu Flowtype DestNode PuntPrio Accept Drop
---- -------------------- -------------------- -------------- ----- --- ----------
-- ------ ---- ------------------ -------- ------------ ------ ------
IPv4 any any any 0 0 any
0 0 Fragment Local LC LOW 0 0
0 0 OSPF-mc-default Dlvr BothRP LOW 0 0
0 0 OSPF-uc-default Dlvr RP0 LOW 0 0
< output omitted >
Step 2 Display the LPTS policer configuration value set.

Use the show lpts pifib hardware police location 0/0/CPU0 command, to view the LPTS
policer configuration value set.
RP/0/RP0/CPU0:R0# show lpts pifib hardware police location 0/0/CPU0
-------------------------------------------------------------
Node 0/0/CPU0:
-------------------------------------------------------------
FlowType Policer Type Cur. Rate Burst Accepted Dropped
npu
---------------------- ------- ------- --------- --------- ------------ ------------ --
-------
Fragment 2 np 531 1000 0 0 0
Fragment 2 np 531 1000 0 0 1
Fragment 2 np 531 1000 0 0 2
OSPF-mc-known 3 np 1576 1000 0 0 0
OSPF-mc-known 3 np 1576 1000 0 0 1
OSPF-mc-known 3 np 1576 1000 0 0 2
OSPF-mc-default 4 np 1062 1000 0 0 0
OSPF-mc-default 4 np 1062 1000 0 0 1
< output omitted >
Step 3 Display the Software Packet Path (SPP) node counters.
Use the show spp node-counters location 0/0/CPU0 command, to view the SPP node counters.
RP/0/RP0/CPU0:R0# show spp node-counters location 0/0/CPU0
cfm_off_tx_node
Hostname updated: 2
-------------------------------
socket/rx
ether raw pkts: 93156
online diag que accept: 93156
sent to XR classify: 93156
-------------------------------
socket/tx
ce pkts: 93160
-------------------------------
device/classify
forwarded to spp clients: 93156
forwarded NPU packet to NetIO: 93156
Online Diag punt: 93156
-------------------------------
client/inject
pkts injected into spp: 93160
NetIO->NPU injected into spp: 4
Online Diag Inject: 93156
NetIO->NPU PROTO ARP: 4
-------------------------------
client/punt
punted to client: 93156
-------------------------------
• You have displayed packet flows through the route processor.
• You have displayed the entries in the LPTS pre-IFIB hardware table.
• You have displayed the LPTS policer configuration value set.
• You have displayed the SPP node counters.
Task 4: Verify Packet Flows Through Switch Fabric

In this task, you display and observe the packet flows through the switch fabric.
Activity
Step 1 Display the switch fabric processes health and traffic drops on the fabric.
Use the show controllers fabric health command, to view switch fabric processes health and
traffic drops on the fabric.
RP/0/RP0/CPU0:R0# show controllers fabric health
Fabric System Health

---------------------
Flags: T - Total, U - Up, A - Admin Down
L - LCC, M - Mcast Down, Y - Yes
F - FCC, D - Down, N - No or Not Ok
V - Valid,
Collaborator Process State:

------------------------------
FSDB Aggregator: OK
+-----------+--+
|Rack id | 0|
+-----------+--+
|FSDB status|Ok|
+-----------+--+
|SFE status |Ok|
+-----------+--+
Router Health:
-----------------
Rack Planes SFE Asics Fia Asics

T/L/F U/M/D/A T/U/D T/U/D
------------------------------------------------------
1/1/0 2/0/6/0 4/4/0 3/3/0
Plane Admin Plane Racks Data

id state state in issue drop/error
-----------------------------------------------------------
0 UP UP 0 No
1 UP UP 0 No
2 UP DN 1 No
3 UP DN 1 No
4 UP DN 1 No
5 UP DN 1 No
6 UP DN 1 No
7 UP DN 1 No
-----------------------------------------------------------
Rack Health:
-------------
Rack: 0, Type: LCC
SFE Asics FIA Asics Planes Valid

T/U/D T/U/D U/M/D fab ids
------------------------------------------------
4/4/0 3/3/0 2/0/6 3
Step 2 Display the NPU slice information, ASIC operation, and traffic drops on the switch fabric.
Use the show controllers npu slice info slice all location 0/0/CPU0 command, to view the
NPU slice information, ASIC operation, and traffic drops on the switch fabric.
RP/0/RP0/CPU0:R0# show controllers npu slice info slice all location 0/0/CPU0
==============================================
slice information, node: 0/0/CPU0
==============================================
phy slot number: 2
logical slot number: 0
card type: 0x0
board type: 0x470638
group id: 0x1
card state: Operational
oper state: Up
number of slices: 3
chipguard: not enforced
NPU IFG Ref-Clk BMP: 0x0000000000000000
-- Slice 0 --
obj_id : 0x1300000
hardware idx : 0
bus/dev/func : 0xb/0x0/0x0
phy address : 0x0
i2c dev id : 0
uio dev path : NA
HBM : not present
NPU Ver : A1
NPU Core Freq: 1.15GHz
oper state : On
power state : On
power_stable : On
reset : Off
MB IDPROM: 0.00
VP0P75_CORE_NPU0: 750.00
hw status svs 0: On
hw status svs 1: On
uniqueID name:
uniqueID :
verification : Pass
< output omitted >
Step 3 Display the NPU driver health, ASIC operation, and traffic drops on the switch fabric.
Use the show controllers npu driver location 0/0/CPU0 command, to view the NPU driver
health, ASIC operation, and traffic drops on the switch fabric.
RP/0/RP0/CPU0:R0# show controllers npu driver location 0/0/CPU0
==============================================
NPU Driver Information
==============================================
Driver Version: 1
SDK Version: 1.48.0_fixes_v3
Functional role: Active, Rack: 8808, Type: lcc, Node: 0/0/CPU0

Driver ready : Yes
NPU first started : Mon Mar 28 20:54:15 2022
Fabric Mode: FABRIC/8FC
NPU Power profile: Medium
Driver Scope: Node
Respawn count : 1
Availablity masks :
card: 0x1, asic: 0x7, exp asic: 0x7
Weight distribution:
Unicast: 80, Multicast: 20
+----------------------------------------------------------------+
| Process | Connection | Registration | Connection | DLL |
| /Lib | status | status | requests | registration|
+----------------------------------------------------------------+
| FSDB | Active | Active | 1| n/a |
| FGID | Inactive | Inactive | 0| n/a |
| AEL | n/a | n/a | n/a| Yes |
| SM | n/a | n/a | n/a| Yes |
+----------------------------------------------------------------+
Asics :
HP - HotPlug event, PON - Power On reset
HR - Hard Reset, WB - Warm Boot
+------------------------------------------------------------------------------+
| Asic inst. | fap|HP|Slice|Asic|Admin|Oper | Asic state | Last |PON|HR | FW |
| (R/S/A) | id | |state|type|state|state| | init |(#)|(#)| Rev |
+------------------------------------------------------------------------------+
| 0/0/0 | 0| 1| UP |npu | UP | UP |NRML |PON | 1| 0|0x0000|
+------------------------------------------------------------------------------+
SI Info :
+--------------------------------------------------------------------------------------
------+
| Card | Board | SI Board | SI Param | Retimer SI | Retimer SI | Front
Panel |
| | HW Version | Version | Version | Board Version | Param Version | PHY
|
+--------------------------------------------------------------------------------------
------+
| LC0 | 0.31 | 1 | 901 | NA | NA | DEFAULT
|
+--------------------------------------------------------------------------------------
------+
Step 4 Display the switch fabric plane status.
Use the show controllers fabric plane all command, to view switch fabric plane status.
RP/0/RP0/CPU0:R0# show controllers fabric plane all
Plane Admin Plane up->dn up->mcast

Id State State counter counter
--------------------------------------
0 UP UP 0 0
1 UP UP 0 0
2 UP DN 0 0
3 UP DN 0 0
4 UP DN 0 0
5 UP DN 0 0
6 UP DN 0 0
7 UP DN 0 0
Step 5 Display the switch fabric plane availability per destination.
Use the show controllers fabric fsdb-pla rack 0 command, to view the switch fabric plane
availability per destination.
RP/0/RP0/CPU0:R0# show controllers fabric fsdb-pla rack 0
Description:
planes : p0-p7
plane mask : Asic #0-3
Asic value 1: destination reachable via asic
.: destination unreachable via asic
x: asic not connected to LC (for S3)
-: plane not configured (for S2) or asic missing
Rack: 0, Stage: s123
=============================
Destination p0 p1 p2 p3 p4 p5 p6 p7 Reach-mask Oper
Up
Address mask mask mask mask mask mask mask mask links/asic
links/asic
Fapid(R/S/A) 0123 0123 0123 0123 0123 0123 0123 0123 Mn/Mx Total Mn/Mx
Total
---------------------------------------------------------------------------------------
-------
0(0/0/0) 11 11 -- -- -- -- -- -- 8/8 32 24/24
96
1(0/0/1) 11 11 -- -- -- -- -- -- 8/8 32 24/24
96
2(0/0/2) 11 11 -- -- -- -- -- -- 8/8 32 24/24
96
Step 6 Display the switch fabric link topology to receive links between 0 and 215.
Use the show controllers npu link-info rx 0 215 topo instance 0 location 0/0/CPU0 command,
to view the switch fabric link topology.
RP/0/RP0/CPU0:R0# show controllers npu link-info rx 0 215 topo instance 0 location
0/0/CPU0
Node ID: 0/0/CPU0

-----------------------------------------------------------------------------
Link ID Log Link Asic EN/ Far-End Far-End
Link Speed Stage Oper Link (FSDB) Link (HW)
(Gbps) Status
-----------------------------------------------------------------------------
0/0/0/128 131 50.00 FIA EN/NA ............ NC NC
0/0/0/129 130 50.00 FIA EN/NA ............ NC NC
0/0/0/130 128 50.00 FIA EN/NA ............ NC NC
< output omitted >
0/0/0/207 206 50.00 FIA EN/NA ............ NC NC
0/0/0/208 210 50.00 FIA EN/UP ............ 0/FC1/3/131 0/FC1/3/131
0/0/0/209 211 50.00 FIA EN/UP ............ 0/FC1/3/130 0/FC1/3/130
0/0/0/210 208 50.00 FIA EN/UP ............ 0/FC1/3/158 0/FC1/3/158
0/0/0/211 209 50.00 FIA EN/UP ............ 0/FC1/3/159 0/FC1/3/159
0/0/0/212 215 50.00 FIA EN/UP ............ 0/FC1/3/148 0/FC1/3/148
0/0/0/213 214 50.00 FIA EN/UP ............ 0/FC1/3/149 0/FC1/3/149
0/0/0/214 213 50.00 FIA EN/UP ............ 0/FC1/3/153 0/FC1/3/153
0/0/0/215 212 50.00 FIA EN/UP ............ 0/FC1/3/152 0/FC1/3/152
Step 7 Display the switch fabric link problems, MAC state, BER, MIB counters, and histograms.
Use the show controllers npu proc-cmd "pd port_diag unit 0 port 0 porttype 1" location
0/0/CPU0 command, to view the switch fabric link problems, MAC state, BER, MIB counters,
and histograms.
RP/0/RP0/CPU0:R0# show controllers npu proc-cmd "pd port_diag unit 0 port 0 porttype 1"
location 0/0/CPU0
pd port_diag unit 0 port 0 porttype 1
NPU[0], FEC counters for Network Port 0, Speed:400G, FEC:RS_KP4, Slice:2, IFG:1,
start_lane:8, num_of_lanes:8, link_num:128
codeword[0-15] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,}
codeword_uncorrectable = 0
symbol_burst[2-6] = {0,0,0,0,0,}
extrapolated_ber = -1.000e+00, diag_computed_ber = -1.000e+00
Frame Loss Rate (SDK) = -1.000000e+00 (Accuracy 0.000000%)
lane_counters[lane=0] : 0,0,0,0
FEC BER Lane = {-nan,-nan,-nan,-nan,-nan,-nan,-nan,-nan,}
PCS ERROR DETAILS
PCS BER = 0
PCS Block Error = 0
MAC PORT DETAILS
link_state: 1 pcs_status: 1 high_ber: 0

am_lock =
{T,T,T,T,T,T,T,T,T,T,T,T,T,T,T,T,F,F,F,F,F,F,F,F,F,F,F,F,F,F,F,F}
mac_pcs_lanes = {0,0,0,0,0,0,0,0}
Priority 1 Idprom refclk choice : NONE (idprom: 0x0, yaml_flag: 0)

Priority 2 ECID refclk choice : NONE (efuse: 0x0, yaml_flag: 0)
Priority 3 npu_rev refclk choice: NONE (npu_rev: 0x0, yaml_flag: 0)
refclk overridden : NO
refclk finalized : NONE
get_link_management_enabled = TRUE
get_serdes_continuous_tuning_enabled = TRUE
get_tune_status = TRUE
get_an_enabled = FALSE
get_loopback_mode = NONE
get_state = LINK_UP
< output omitted >
Step 8 Display the ASIC errors.

Use the show asic-errors npu 0 all location 0/0/CPU0 command, to view the ASIC errors.
RP/0/RP0/CPU0:R0# show asic-errors npu 0 all location 0/0/CPU0
************************************************************
* 0_0_CPU0 *
************************************************************
************************************************************
* Reset Errors *
************************************************************
************************************************************
* Single Bit Errors *
************************************************************
************************************************************
* Multiple Bit Errors *
************************************************************
************************************************************
* Parity Errors *
************************************************************
************************************************************
* Unexpected Errors *
************************************************************
************************************************************
* Link Errors *
************************************************************
************************************************************
* OOR Thresh *
************************************************************
************************************************************
* Config Errors *
************************************************************
************************************************************
* Indirect Errors *
************************************************************
************************************************************
* Generic Errors *
************************************************************
• You have displayed packet flows through the switch fabric.
• You have displayed switch fabric processes health and traffic drops on the fabric.
• You have displayed NPU slice information, driver health, ASIC operation, and traffic drops on the
switch fabric.
• You have displayed switch fabric plane status, availability per destination, link topology, link problems,
MAC state, BER, MIB counters, and histograms.
• You have displayed ASIC errors.
1. Which show command displays the NPU slice information and ASIC operation on the 0/0/CPU0
location?
A. show controllers fabric plane all
B. show controllers npu driver location 0/0/CPU0
C. show controllers npu slice info slice all location 0/0/CPU0
D. show controllers slice plane all
Discovery 3: Cisco IOS XR Software Installation
Introduction
In this lab exercise, you will create and configure remote and local repository, install package SMU fix, and
install an optional package to provide extra functionality. At the end of the lab exercise, you will delete the
package SMU fix and delete the optional package.
Activity Objective
• Use remote repository to install package SMU fix.
• Create and configure local repository.
• Install a Cisco IOS XR software package.
• Remove a Cisco IOS XR software package.
Visual Objective
The following figure shows the visual objective:

interface.
Topology
• Emulated Cisco 8201 router with Cisco IOS XR Virtual software.
Job Aid
Cisco 8201 router cisco cisco123
IP Addresses
R0 MgmtEth0 192.168.122.50/24
Jumphost 192.168.122.1/24
Task 1: Package Upgrade from a Remote Repository

In this task, you will use a remote repository on the jump host, to upgrade OSPF package on the Cisco IOS
XR Software. The jump host with Rocky Linux runs a Docker container with python3 and createrepo
dependencies. At the end of this task, you will rollback package fix.
Activity
Step 1 In the jump host, enter the container named repo with Docker EXEC command. Attach to the
terminal and create repo directory.
On the jump host, use the sudo docker exec Linux command, to enter the repo container.
student@student-vm:~$ sudo docker exec -it repo bash
[root@b565f05267a4 /]#
On the jump host, use the cd Linux command to navigate to the root directory and use the
mkdir Linux command to create repo folder.
[root@b565f05267a4 /]# cd
[root@b565f05267a4 ~]# mkdir repo
On the jump host, use the ls Linux command to verify repo folder content. The repo folder
should be empty.
[root@b565f05267a4 ~]# cd repo
[root@b565f05267a4 repo]# ls
[root@b565f05267a4 repo]#
Step 2 In the Jump host, open another Terminal tab and copy a hitless SMU to the container.
Note Most SMUs can be applied without impact to normal router operations and are classified as hitless SMUs.
Hitless SMUs are parallel process restart SMUs that can be activated without an effect on the operation of
the device.
On the jump host, use the cd Linux command to navigate to the XR7_Install_Files/7.3.2/SMUs/
folder and use the ll Linux command to verify folder content. You should see the 8000-
7.3.2.CSCvz57398.tar file, as shown below.
student@student-vm:~$ cd ~/XR7_Install_Files/7.3.2/SMUs/
student@student-vm:~/XR7_Install_Files/7.3.2/SMUs$ ll
total 542732
drwxr-xr-x 2 student student 4096 Mar 25 16:55 ./
drwxr-xr-x 4 student student 4096 Mar 25 16:55 ../
-rw-r--r-- 1 student student 262256640 Mar 25 16:45 8000-7.3.2.CSCvy39776.tar
-rw-r--r-- 1 student student 8488960 Mar 25 16:45 8000-7.3.2.CSCvy53516.tar
-rw-r--r-- 1 student student 4034560 Mar 25 16:45 8000-7.3.2.CSCvz57398.tar
-rw-r--r-- 1 student student 9195520 Mar 25 16:46 8000-7.3.2.CSCwa01013.tar
On the jump host, use the sudo docker cp Linux command to copy the 8000-
7.3.2.CSCvz57398.tar file to the repo folder in the Docker container.
student@student-vm:~/XR7_Install_Files/7.3.2/SMUs$ sudo docker cp 8000-
7.3.2.CSCvz57398.tar repo:/root/repo/
student@student-vm:~/XR7_Install_Files/7.3.2/SMUs$
Step 3 In the jump host, navigate back to the first Terminal session and verify repo folder content.
If the first Terminal session is not opened, use the sudo docker exec Linux command to enter
the repo Docker EXEC terminal, and use the cd Linux command to navigate to the repo folder.
student@student-vm:~$ sudo docker exec -it repo bash
[root@ca02c438f0cd /]# cd ~/repo
[root@ca02c438f0cd repo]#
On the jump host, use the ls Linux command to verify repo folder content. The repo folder
should have 8000-7.3.2.CSCvz57398.tar file.
[[root@ca02c438f0cd repo]# ls
8000-7.3.2.CSCvz57398.tar
Step 4 On the jump host, extract the 8000-7.3.2.CSCvz57398.tar file.

On the jump host, use the tar -xvf 8000-7.3.2.CSCvz57398.tar Linux command, to extract the
TAR file. Then use the tar -xvzf 8000-x86_64-7.3.2-CSCvz57398.tgz Linux command, to
extract the TGZ file. You should see a detailed path of the extracted files.
[root@ca02c438f0cd repo]# tar -xvf 8000-7.3.2.CSCvz57398.tar
8000-7.3.2.CSCvz57398.txt
8000-x86_64-7.3.2-CSCvz57398.tgz
[root@ca02c438f0cd repo]# tar -xvzf 8000-x86_64-7.3.2-CSCvz57398.tgz
8000-x86_64-7.3.2-CSCvz57398/
8000-x86_64-7.3.2-CSCvz57398/xr-ospf-88-lc0-36fh-m-7.3.2v1.0.1-1.x86_64.rpm
8000-x86_64-7.3.2-CSCvz57398/xr-ospf-8800-lc-36fh-7.3.2v1.0.1-1.x86_64.rpm
8000-x86_64-7.3.2-CSCvz57398/xr-ospf-8102-64h-7.3.2v1.0.1-1.x86_64.rpm
8000-x86_64-7.3.2-CSCvz57398/xr-ospf-8202-7.3.2v1.0.1-1.x86_64.rpm
8000-x86_64-7.3.2-CSCvz57398/xr-ospf-8201-32fh-7.3.2v1.0.1-1.x86_64.rpm
8000-x86_64-7.3.2-CSCvz57398/primary.xml.gz
8000-x86_64-7.3.2-CSCvz57398/xr-ospf-8608-rp1-7.3.2v1.0.1-1.x86_64.rpm
8000-x86_64-7.3.2-CSCvz57398/xr-ospf-8800-lc-48h-7.3.2v1.0.1-1.x86_64.rpm
8000-x86_64-7.3.2-CSCvz57398/xr-ospf-7.3.2v1.0.1-1.x86_64.rpm
8000-x86_64-7.3.2-CSCvz57398/xr-ospf-88-lc0-36fh-7.3.2v1.0.1-1.x86_64.rpm
8000-x86_64-7.3.2-CSCvz57398/xr-ospf-8101-32h-7.3.2v1.0.1-1.x86_64.rpm
8000-x86_64-7.3.2-CSCvz57398/xr-ospf-88-lc0-34h14fh-7.3.2v1.0.1-1.x86_64.rpm
8000-x86_64-7.3.2-CSCvz57398/xr-ospf-3692251fac396a2d-7.3.2v1.0.1-1.x86_64.rpm
8000-x86_64-7.3.2-CSCvz57398/xr-ospf-d17f630e9aaec8a3-7.3.2v1.0.1-1.x86_64.rpm
8000-x86_64-7.3.2-CSCvz57398/xr-ospf-8800-rp-7.3.2v1.0.1-1.x86_64.rpm
8000-x86_64-7.3.2-CSCvz57398/xr-ospf-8201-7.3.2v1.0.1-1.x86_64.rpm
All files are extracted into the 8000-x86_64-7.3.2-CSCvz57398 folder. You should see upgrade
OSPF packages extracted in the folder.
[root@ca02c438f0cd repo]# ls -l ./8000-x86_64-7.3.2-CSCvz57398
total 4120
-rw-r--r-- 1 241211 25 3322 Nov 2 2021 primary.xml.gz
-rw-r--r-- 1 241211 25 3956453 Nov 2 2021 xr-ospf-3692251fac396a2d-7.3.2v1.0.1-
1.x86_64.rpm
-rw-r--r-- 1 241211 25 5928 Nov 2 2021 xr-ospf-7.3.2v1.0.1-1.x86_64.rpm
-rw-r--r-- 1 241211 25 5912 Nov 2 2021 xr-ospf-8101-32h-7.3.2v1.0.1-1.x86_64.rpm
-rw-r--r-- 1 241211 25 5912 Nov 2 2021 xr-ospf-8102-64h-7.3.2v1.0.1-1.x86_64.rpm
-rw-r--r-- 1 241211 25 5916 Nov 2 2021 xr-ospf-8201-32fh-7.3.2v1.0.1-1.x86_64.rpm
-rw-r--r-- 1 241211 25 5888 Nov 2 2021 xr-ospf-8201-7.3.2v1.0.1-1.x86_64.rpm
-rw-r--r-- 1 241211 25 5888 Nov 2 2021 xr-ospf-8202-7.3.2v1.0.1-1.x86_64.rpm
-rw-r--r-- 1 241211 25 5912 Nov 2 2021 xr-ospf-8608-rp1-7.3.2v1.0.1-1.x86_64.rpm
-rw-r--r-- 1 241211 25 5908 Nov 2 2021 xr-ospf-88-lc0-34h14fh-7.3.2v1.0.1-
1.x86_64.rpm
-rw-r--r-- 1 241211 25 5888 Nov 2 2021 xr-ospf-88-lc0-36fh-7.3.2v1.0.1-
1.x86_64.rpm
-rw-r--r-- 1 241211 25 5900 Nov 2 2021 xr-ospf-88-lc0-36fh-m-7.3.2v1.0.1-
1.x86_64.rpm
-rw-r--r-- 1 241211 25 5896 Nov 2 2021 xr-ospf-8800-lc-36fh-7.3.2v1.0.1-
1.x86_64.rpm
-rw-r--r-- 1 241211 25 5888 Nov 2 2021 xr-ospf-8800-lc-48h-7.3.2v1.0.1-
1.x86_64.rpm
-rw-r--r-- 1 241211 25 5908 Nov 2 2021 xr-ospf-8800-rp-7.3.2v1.0.1-1.x86_64.rpm
-rw-r--r-- 1 241211 25 150442 Nov 2 2021 xr-ospf-d17f630e9aaec8a3-7.3.2v1.0.1-
1.x86_64.rpm
Step 5 On the jump host, create repodata storage from the /root/repo folder.
On the jump host, use the pwd Linux command, to make sure you are in the /root/repo folder.
Then use the createrepo --database Linux command, to create repodata storage.
[root@ca02c438f0cd repo]# pwd
/root/repo
[root@ca02c438f0cd repo]# createrepo --database /root/repo
Directory walk started
Directory walk done - 15 packages
Temporary output repo path: /root/repo/.repodata/
Preparing sqlite DBs
Pool started (with 5 workers)
Pool finished
On the jump host, use the ls -l Linux command, to verify the repodata storage folder.
[root@ca02c438f0cd repo]# ls -l
total 7888
-rw-r--r-- 1 1000 1000 4034560 Mar 25 16:45 8000-7.3.2.CSCvz57398.tar
-r--r--r-- 1 241211 25 1280 Nov 22 2021 8000-7.3.2.CSCvz57398.txt
drwxr-xr-x 2 241211 25 4096 Nov 2 2021 8000-x86_64-7.3.2-CSCvz57398
-rw-r--r-- 1 241211 25 4029478 Nov 22 2021 8000-x86_64-7.3.2-CSCvz57398.tgz
drwxr-xr-x 2 root root 4096 Jun 15 11:35 repodata
Step 6 On the jump host, make SMU files available via HTTP.
On the jump host, use the pwd Linux command, to make sure you are in the /root/repo folder.
Then type the python3 -m http.server 80 Linux command, to start Simple HTTP Server. Do
not exit Simple HTTP Server until later in this lab exercise.
[root@ca02c438f0cd repo]# pwd
/root/repo
[root@ca02c438f0cd repo]# python3 -m http.server 80
Serving HTTP on 0.0.0.0 port 80 (http://0.0.0.0:80/) ...
Step 7 In the jump host, go back to the second Terminal session and login to the R0 router.
On the jump host, second Terminal session type the r0 keyword, this will open the SSH session
to the R0 router.
student@student-vm:~/XR7_Install_Files/7.3.2/SMUs$ r0
Last login: Tue May 31 20:36:17 2022 from 192.168.122.1
RP/0/RP0/CPU0:R0#
Step 8 On the R0 router, configure the remote_repo repository to use HTTP server available on the
jump host IP address.
On the R0 router, use the following commands:

RP/0/RP0/CPU0:R0(config)# install repository remote_repo url http://192.168.122.1/
RP/0/RP0/CPU0:R0(config)# commit
RP/0/RP0/CPU0:R0(config)# end
RP/0/RP0/CPU0:R0#
Step 9 On the R0 router, verify the available package SMU fixes.

On the R0 router, use the show install fixes available command. The R0 router will access
remote repository available via HTTP protocol on the jump host. You should see OSPF package
SMU fix.
RP/0/RP0/CPU0:R0# show install fixes available
Trying to access repositories...
Available Fixes (count: 1):

Bug Id Packages Repository
Cached
----------- ----------------------------------------------------------- ---------------
------------------------- ------
CSCvz57398 xr-ospf-7.3.2v1.0.1-1 remote_repo
RP/0/RP0/CPU0:R0#
Step 10 On the R0 router, install the xr-ospf-7.3.2v1.0.1-1 package SMU fix from the remote repository.
Use the install package upgrade command and observe the output. The package SMU fix
installation should be successful.
RP/0/RP0/CPU0:R0# install package upgrade xr-ospf-7.3.2v1.0.1-1 synchronous
Starting:
install package upgrade xr-ospf-7.3.2v1.0.1-1
Packaging operation 9.1.1
Press Ctrl-C to return to the exec prompt. This will not cancel the install operation
Current activity: Initializing ..

Current activity: Veto check ...
Current activity: Package add or other package operation .
Packaging operation 9.1.1: 'install package upgrade xr-ospf-7.3.2v1.0.1-1' completed

without error
RP/0/RP0/CPU0:R0#
Step 11 On the jump host, navigate back to the first Terminal session and observe HTTP server output.
You should see many successful HTTP transactions.
[root@ca02c438f0cd repo]# python3 -m http.server 80
172.17.0.1 - - [15/Jun/2022 12:02:14] "GET /repodata/repomd.xml HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:02:14] "GET
/repodata/d0282ad7a0a84ded53963c7f55d658086c707274c5a5c0c8ef8ee900fce9be7b-
primary.xml.gz HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:02:14] "GET
/repodata/07b229121de717344c77041e9fb52a2915ad816525844574d4ab8f7803b1ef54-
filelists.xml.gz HTTP/1.1" 200 -
172.17.0.1 - - [15/Jun/2022 12:12:45] "GET /8000-x86_64-7.3.2-CSCvz57398/xr-ospf-
7.3.2v1.0.1-1.x86_64.rpm HTTP/1.1" 200 -
< output omitted >
On the jump host, enter the Ctrl+c keys, to stop the Simple HTTP Server.
< output omitted >
^C
Keyboard interrupt received, exiting.
[root@185c10117f42 repo]#
On the jump host, enter the exit command, to exit from the repo container.
[root@185c10117f42 repo]# exit
exit
student@student-vm:~$
Step 12 On the R0 router, verify active package SMU fixes.
On the R0 router, use the show install fixes active command. You should see no active package
SMU fixes available.
RP/0/RP0/CPU0:R0# show install fixes active
There are currently no fixes active.
RP/0/RP0/CPU0:R0#
Step 13 On the R0 router, apply the package SMU fixes.
On the R0 router, use the install apply command, then respond with the yes keyword on the
continue question.
RP/0/RP0/CPU0:R0# install apply
Once the packaging dependencies have been determined, the install operation may have to
reload the system.
If you want more control of the operation, then explicitly use 'install apply restart'
or 'install apply reload' as reported by 'show install request'.
Continue? [yes/no]:[yes] yes
Install apply operation 9.1 has started
Install operation will continue in the background
On the R0 router, use the show install request command. You should see Success state for the
last operation.
RP/0/RP0/CPU0:R0# show install request
User request: install apply restart

Operation ID: 9.1
State: Success since 2022-06-16 07:01:37 UTC
Current activity: Await user input

Time started: 2022-06-16 07:01:37
< output omitted >
On the R0 router, use the show install fixes active command. You should the OSPF package
SMU fix.
Active Fixes (count: 1):

Bug Id Packages
----------- -----------------------------------------------------------
CSCvz57398 xr-ospf-7.3.2v1.0.1-1
Step 15 On the R0 router, verify committed package SMU fixes.
On the R0 router, use the show install fixes committed command. There are no committed
package SMU fixes.
RP/0/RP0/CPU0:R0# show install fixes committed
There are currently no fixes committed.
Step 16 On the R0 router, commit the operation.

On the R0 router, use the install commit synchronous command.
RP/0/RP0/CPU0:R0# install commit synchronous
Starting:
install commit
Transaction 9
Current activity: Initializing

Current activity: Commit transaction .
Transaction 9: 'install commit' completed without error
Use the show install request command. You should see Success state for the last operation.
User request: install commit

Operation ID: 9
Current activity: No install operation in progress

< output omitted >
Step 17 On the R0 router, verify committed package SMU fixes.
On the R0 router, use the show install fixes committed command. You should see the OSPF
package SMU fix committed.
RP/0/RP0/CPU0:R0# show install fixes committed
Committed Fixes (count: 1):

Bug Id Packages
----------- -----------------------------------------------------------
CSCvz57398 xr-ospf-7.3.2v1.0.1-1
Step 18 On the R0 router, verify installation rollback points.
On the R0 router, use the show install rollback list-ids command. Find the second from the last
rollback point and copy rollback point ID. The following output shows ID 0.
RP/0/RP0/CPU0:R0# show install rollback list-ids
It is possible to rollback to the following transaction IDs:
# Pkgs to rollback
Id Software Committed At: Add Mod Rem
---- ----------------------- ------- ------- -------
0 From Boot 0 1 0
1 2022-07-06 09:46:32 UTC 0 0 0
The maximum number of rollback points retained on this system is 5

For additional information, use the command 'show install rollback id N [changes]'
Step 19 On the R0 router, verify the changes of the second from the last installation rollback point.
On the R0 router, use the show install rollback id 0 changes command. You should use
rollback ID as learned from the previous step. The rollback ID may be different in your lab. You
should see what installation package was added and can be removed when rolling back to the
installation rollback ID.
RP/0/RP0/CPU0:R0# show install rollback id 0 changes
Rollback to transaction ID 0 will result in the following packages being added:
Name Version Arch

------------------------------ -------------------- ----------
xr-ospf 7.3.2v1.0.0-1 x86_64
Rollback to transaction ID 0 will result in the following packages being removed:
Name Version Arch

------------------------------ -------------------- ----------
xr-ospf 7.3.2v1.0.1-1 x86_64
Step 20 On the R0 router, rollback to the installation rollback ID learned in the previous step.
On the R0 router, use the install rollback 0 commit synchronous command, then respond with
the yes keyword on the continue question. You should use rollback ID as learned from the
previous step. The rollback ID may be different in your lab.
RP/0/RP0/CPU0:R0# install rollback 0 commit synchronous
reload the system.
If you want to control the timing of system reload, you must not continue, but use the
'install package rollback' command instead, followed by 'install apply'.
Starting:
install rollback 0 commit
Transaction 2
Current activity: Initializing ..

Current activity: Veto check .............
Current activity: Package add or other package operation ..
Current activity: Apply by restarting processes .....
Current activity: Commit transaction
Transaction 10: 'install rollback 0 commit' completed without error
User request: install rollback 0 commit

Operation ID: 2

< output omitted >

On the R0 router, use the show install fixes active command. You should see no package SMU
fixes.
There are currently no fixes active.
• You have created Docker repo directory.
• You have configured the remote_repo repository to use HTTP server.
• You have verified available package SMU fixes.
• You have installed the OSPF package SMU fix from the remote repository.
• You have verified active package SMU fixes.
• You have applied and committed the package SMU fixes.
• You have rollbacked the installation of the package SMU fixes.
Task 2: Create and Configure a Local Repository

The router can serve as a repository to host the RPMs. Using a local repository removes the need to set up
an external server for software installation. The purpose of this task is to create and configure a local
repository on the Cisco 8201 Series router. You will upload RPMs with Cisco IOS XR optional features into
the local repository.
You can access the router through the management Jumphost. IP addressing for management interfaces can
be located in the Job Aid.
Activity
Step 1 On the jump host, navigate to the folder with optional RPMs.
On the jump host, use the cd Linux command to navigate to the following folder
/XR7_Install_Files/7.3.2/RPMs.
student@student-vm:~$ cd ~/XR7_Install_Files/7.3.2/RPMs/
student@student-vm:~/XR7_Install_Files/7.3.2/RPMs$
You will use pwd Linux command to verify you are in the correct folder.
student@student-vm:~/XR7_Install_Files/7.3.2/RPMs$ pwd
/home/student/XR7_Install_Files/7.3.2/RPMs
You will use the ls -l Linux command to verify current folder content. You should see the 8000-
optional-rpms.7.3.2.tar file present.
student@student-vm:~/XR7_Install_Files/7.3.2/RPMs$ ls -l
total 2032
-rw-r--r-- 1 student student 1167360 Mar 25 16:48 8000-k9sec-rpms.7.3.2.tar
-rw-r--r-- 1 student student 911360 Mar 25 16:48 8000-optional-rpms.7.3.2.tar
Step 2 On the jump host, use the secure copy protocol (SCP) to copy the 8000-optional-rpms.7.3.2.tar
file to the /harddisk: folder on the R0 router.
The R0 router is accessible on the management IP address 192.168.122.50, with the username
cisco. Use the scp Linux command.
student@student-vm:~/XR7_Install_Files/7.3.2/RPMs$ scp 8000-optional-rpms.7.3.2.tar
cisco@192.168.122.50:/harddisk:/8000-optional-rpms.7.3.2.tar
8000-optional-rpms.7.3.2.tar
100% 890KB 17.7MB/s 00:00
Step 3 On the R0 router, access the shell of the router and navigate to the /harddisk: folder.
On the R0 router, access the shell of the router by using the run Linux command and use the cd
Linux command to navigate to the correct folder.
RP/0/RP0/CPU0:R0# run
[node0_RP0_CPU0:~]$ cd ..
[node0_RP0_CPU0:/]$ cd harddisk\:
[node0_RP0_CPU0:/harddisk:]$ pwd
/harddisk:
Use the ls -l Linux command to confirm that the 8000-optional-rpms.7.3.2.tar file is present.
[node0_RP0_CPU0:/harddisk:]$ ls -l
total 9156
-rw-r--r--. 1 root root 911360 May 4 10:22 8000-optional-rpms.7.3.2.tar
drwxrwxrwx. 5 root root 4096 May 4 10:01 cisco_support
-rw-rw-rw-. 1 root root 480 May 4 09:56 debug_shell_client.log
drwxrwxrwx. 2 root root 4096 Mar 25 16:16 dumper
-rw-rw-rw-. 1 root root 2 May 4 10:02 feature_list
drwx------. 3 root root 4096 May 4 09:57 ima
drwx------. 2 root root 16384 Oct 18 2021 lost+found
drwxrwxrwx. 3 root root 4096 Oct 18 2021 mirror
drwxrwxrwx. 2 root root 4096 May 4 09:55 npu_sdk_logs
-rw-rw-rw-. 1 root root 8388729 May 4 10:14 nvgen_bkup.log
drwxrwxrwx. 2 root root 4096 Oct 18 2021 nvram
drwxr-xr-x. 3 root root 4096 Mar 25 16:16 pam
drwxr-xr-x. 2 root root 4096 Mar 25 16:16 showtech
drwxrwxrwx. 5 root root 4096 May 4 09:54 shutdown
drwxrwxrwx. 3 root root 4096 Oct 18 2021 ztp
Step 4 On the R0 router shell, extract the 8000-optional-rpms.7.3.2.tar file.

Use the tar -xvf 8000-optional-rpms.7.3.2.tar Linux command. You should see a detailed path
of the extracted files.
[node0_RP0_CPU0:/harddisk:]$ tar -xvf 8000-optional-rpms.7.3.2.tar
optional-rpms/cdp/
optional-rpms/cdp/xr-cdp-3692251fac396a2d-7.3.2v1.0.0-1.x86_64.rpm
< output omitted >
optional-rpms/telnet/
optional-rpms/telnet/xr-telnet-3692251fac396a2d-7.3.2v1.0.0-1.x86_64.rpm
optional-rpms/telnet/xr-telnet-7.3.2v1.0.0-1.x86_64.rpm
optional-rpms/telnet/xr-telnet-8101-32h-7.3.2v1.0.0-1.x86_64.rpm
optional-rpms/telnet/xr-telnet-8102-64h-7.3.2v1.0.0-1.x86_64.rpm
optional-rpms/telnet/xr-telnet-8201-32fh-7.3.2v1.0.0-1.x86_64.rpm
optional-rpms/telnet/xr-telnet-8201-7.3.2v1.0.0-1.x86_64.rpm
optional-rpms/telnet/xr-telnet-8202-7.3.2v1.0.0-1.x86_64.rpm
optional-rpms/telnet/xr-telnet-8608-rp1-7.3.2v1.0.0-1.x86_64.rpm
optional-rpms/telnet/xr-telnet-8800-lc-36fh-7.3.2v1.0.0-1.x86_64.rpm
optional-rpms/telnet/xr-telnet-8800-lc-48h-7.3.2v1.0.0-1.x86_64.rpm
optional-rpms/telnet/xr-telnet-8800-rp-7.3.2v1.0.0-1.x86_64.rpm
optional-rpms/telnet/xr-telnet-88-lc0-34h14fh-7.3.2v1.0.0-1.x86_64.rpm
optional-rpms/telnet/xr-telnet-88-lc0-36fh-7.3.2v1.0.0-1.x86_64.rpm
optional-rpms/telnet/xr-telnet-88-lc0-36fh-m-7.3.2v1.0.0-1.x86_64.rpm
optional-rpms/telnet/xr-telnet-d17f630e9aaec8a3-7.3.2v1.0.0-1.x86_64.rpm
All files are extracted into the optional-rpms folder. Navigate to the optional-rpms folder and
examine the content.
[node0_RP0_CPU0:/harddisk:]$ ls
8000-optional-rpms.7.3.2.tar debug_shell_client.log feature_list lost+found
npu_sdk_logs nvram pam shutdown
cisco_support dumper ima mirror
nvgen_bkup.log optional-rpms showtech ztp
[node0_RP0_CPU0:/harddisk:]$ cd optional-rpms/
[node0_RP0_CPU0:/harddisk:/optional-rpms]$ ls
cdp healthcheck telnet
[node0_RP0_CPU0:/harddisk:/optional-rpms]$ cd telnet/
[node0_RP0_CPU0:/harddisk:/optional-rpms/telnet]$ ls
xr-telnet-3692251fac396a2d-7.3.2v1.0.0-1.x86_64.rpm xr-telnet-88-lc0-34h14fh-
7.3.2v1.0.0-1.x86_64.rpm
xr-telnet-7.3.2v1.0.0-1.x86_64.rpm xr-telnet-88-lc0-36fh-7.3.2v1.0.0-
1.x86_64.rpm
xr-telnet-8101-32h-7.3.2v1.0.0-1.x86_64.rpm xr-telnet-88-lc0-36fh-m-
7.3.2v1.0.0-1.x86_64.rpm
xr-telnet-8102-64h-7.3.2v1.0.0-1.x86_64.rpm xr-telnet-8800-lc-36fh-
7.3.2v1.0.0-1.x86_64.rpm
xr-telnet-8201-32fh-7.3.2v1.0.0-1.x86_64.rpm xr-telnet-8800-lc-48h-7.3.2v1.0.0-
1.x86_64.rpm
xr-telnet-8201-7.3.2v1.0.0-1.x86_64.rpm xr-telnet-8800-rp-7.3.2v1.0.0-
1.x86_64.rpm
xr-telnet-8202-7.3.2v1.0.0-1.x86_64.rpm xr-telnet-d17f630e9aaec8a3-
7.3.2v1.0.0-1.x86_64.rpm
xr-telnet-8608-rp1-7.3.2v1.0.0-1.x86_64.rpm
[node0_RP0_CPU0:/harddisk:/optional-rpms/telnet]$
Step 5 Exit the R0 router shell.

Use the exit command. You should be back on the R0 router XR mode.
[node0_RP0_CPU0:/harddisk:/optional-rpms/telnet]$ exit
logout
RP/0/RP0/CPU0:R0#
Step 6 On the R0 router, configure the local repository named local-repo.
On the R0 router, use the install repository command to map the local repository with the
/harddisk:/optional-rpms folder.
RP/0/RP0/CPU0:R0(config)# install repository local-repo url file:///harddisk:/optional-
rpms
RP/0/RP0/CPU0:R0#
Step 7 On the R0 router, check the contents of the repository.
On the R0 router, use the show install available command. Make sure that you can see the xr-
telnet package.
RP/0/RP0/CPU0:R0# show install available
Package Architecture
Version Repository Cached
---------------------------------------------------- ---------------- -----------------
---------- ----------------------------------- ------
xr-cdp x86_64
7.3.2v1.0.0-1 local-repo
xr-healthcheck x86_64
xr-telnet x86_64
• You have navigated to the folder with optional RPMs.
• You have copied the tar file to the /harddisk:.
• You have accessed the shell of the router and extracted the tar file.
• You have configured the local repository.
• You have checked the contents of the repository.
Task 3: Install RPM with Optional Feature

The Cisco IOS XR software is composed of a base image (ISO) that provides the XR infrastructure. The
Telnet package is not part of the ISO image. In this task, you will install the Telnet optional package to use
Telnet for the client or server.
Activity
Step 1 On the R0 router, check if the telnet command is available.
Try to use the telnet command in the XR mode and configuration mode. You should observe
that the Telnet client or Telnet server is not available.
RP/0/RP0/CPU0:R0# telnet
^
% Invalid input detected at '^' marker.
RP/0/RP0/CPU0:R0(config)# telnet ?
^
RP/0/RP0/CPU0:R0#
Step 2 On the R0 router, display the summary of the committed packages.
Use the show install committed summary command. Observe that there is no xr-telnet package
listed in the optional packages.
RP/0/RP0/CPU0:R0# show install committed summary
Committed Packages: XR: 180 All: 1282
Label: 7.3.2
Software Hash: d7fb6b4adbb9704ce63a960b5c6af85a
Optional Packages Version

---------------------------------------------------- ---------------------------
xr-8000-mcast 7.3.2v1.0.0-1
xr-8000-netflow 7.3.2v1.0.0-1
xr-bgp 7.3.2v1.0.0-1
xr-ipsla 7.3.2v1.0.0-1
xr-is-is 7.3.2v1.0.0-1
xr-lldp 7.3.2v1.0.0-1
xr-mcast 7.3.2v1.0.0-1
xr-mpls-oam 7.3.2v1.0.0-1
xr-netflow 7.3.2v1.0.0-1
xr-ospf 7.3.2v1.0.0-1
xr-perfmgmt 7.3.2v1.0.0-1
xr-track 7.3.2v1.0.0-1
Step 3 On the R0 router, display all committed packages.
Use the show install committed command.

RP/0/RP0/CPU0:R0# show install committed
Package Version
---------------------------------------------------- ---------------------------
xr-8000-af-ea 7.3.2v1.0.0-1
xr-8000-aib 7.3.2v1.0.0-1
xr-8000-bfd 7.3.2v1.0.0-1
< output omitted >
Use the show install committed | include telnet command to narrow down the output. There is
no xr-telnet package committed.
RP/0/RP0/CPU0:R0# show install committed | include telnet
RP/0/RP0/CPU0:R0#
Step 4 On the R0 router, display the available packages.
Use the show install available command. Make sure that you can see the xr-telnet package.
RP/0/RP0/CPU0:R0# show install available
Package Architecture
Version Repository Cached
---------------------------------------------------- ---------------- -----------------
---------- ----------------------------------- ------
xr-cdp x86_64
xr-healthcheck x86_64
xr-telnet x86_64
Step 5 On the R0 router, install the xr-telnet package from the local-repo repository.
Use the install source command and confirm installation with the yes keyword.
RP/0/RP0/CPU0:R0# install source local-repo xr-telnet
reload the system.
If you want to control the timing of system reload, you must not continue, but use the
'install package add' command instead, followed by 'install apply'.
Install source operation 3.1 has started
RP/0/RP0/CPU0:R0#
Step 6 On the R0 router, observe the installation request.
Use the show install request command. You should see the Success state for the last operation.
Note You may need to wait a couple of minutes for the Success state to show.
User request: install source local-repo xr-telnet

Operation ID: 3.1

Time started: 2022-05-04 12:32:11
The following actions are available:

install package add
install package remove
install package upgrade
install package downgrade
install package replace
install package rollback
install replace
install rollback
install source
install commit
Step 7 On the R0 router, observe the installation history.
Use the show install history last package command. You should see the package operation
started and success.
RP/0/RP0/CPU0:R0# show install history last package
2022-05-04 12:29:49 UTC Packaging operation 3.1.1 started
2022-05-04 12:29:49 UTC Add
2022-05-04 12:29:49 UTC xr-telnet
2022-05-04 12:31:12 UTC Packaging operation 3.1.1 success
Location 0/RP0/CPU0
Add xr-telnet-7.3.2v1.0.0-1.x86_64
Add xr-telnet-3692251fac396a2d-7.3.2v1.0.0-1.x86_64
Add xr-telnet-8201-7.3.2v1.0.0-1.x86_64
Add xr-telnet-d17f630e9aaec8a3-7.3.2v1.0.0-1.x86_64
Use the install commit command.

RP/0/RP0/CPU0:R0# install commit
Install commit operation 3 has started
RP/0/RP0/CPU0:R0#

Operation ID: 3

< output omitted >
that the Telnet client and Telnet server are available now.
RP/0/RP0/CPU0:R0# telnet ?
A.B.C.D IPv4 address
WORD Hostname of the remote node
X:X::X IPv6 address
disconnect-char telnet client disconnect char
vrf vrf table for the route lookup
ipv4 IPv4 configuration
ipv6 IPv6 configuration
vrf VRF name for telnet server
RP/0/RP0/CPU0:R0#
If you want to configure the Telnet server and test the Telnet client, you can use the following
commands.
RP/0/RP0/CPU0:R0(config)# telnet ipv4 server max-servers 10
RP/0/RP0/CPU0:R0# telnet 192.168.122.50
Trying 192.168.122.50...
Connected to 192.168.122.50.
Escape sequence is '^^q'.
User Access Verification
Username: cisco
Password: cisco123
RP/0/RP0/CPU0:R0# exit
RP/0/RP0/CPU0:R0#

Use the show install committed summary command. There is an xr-telnet package committed.
Label: 7.3.2
Software Hash: bfe1bf8477ebb422e0eaf5c23358fcb1

---------------------------------------------------- ---------------------------
xr-8000-mcast 7.3.2v1.0.0-1
xr-8000-netflow 7.3.2v1.0.0-1
xr-bgp 7.3.2v1.0.0-1
xr-ipsla 7.3.2v1.0.0-1
xr-is-is 7.3.2v1.0.0-1
xr-lldp 7.3.2v1.0.0-1
xr-mcast 7.3.2v1.0.0-1
xr-ospf 7.3.2v1.0.0-1
xr-telnet 7.3.2v1.0.0-1
xr-track 7.3.2v1.0.0-1
Step 11 On the R0 router, display the committed packages and narrow down the output, to list the Telnet
package only.
Use the show install committed | include telnet command, to narrow down the output. There is
an xr-telnet package committed.
RP/0/RP0/CPU0:R0# show install committed | include telnet
xr-telnet 7.3.2v1.0.0-1
• You have observed the Telnet client or Telnet server.
• You have displayed the summary of the committed packages.
• You have installed the xr-telnet package.
• You have observed the installation request and the installation history.
• You have committed the operation.
Task 4: Remove RPM with Optional Feature

You can remove optional packages that you no longer require. In this task, you will remove the Telnet
package.
Activity
Step 1 On the R0 router, remove the xr-telnet package.

Use the install package remove command.
RP/0/RP0/CPU0:R0# install package remove xr-telnet
Install remove operation 4.1.1 has started
Step 2 On the R0 router, observe the installation request.
Note You may need to wait a couple of minutes for the Success state to show.
User request: install package remove xr-telnet

Operation ID: 4.1.1

Time started: 2022-05-04 13:11:22
< output omitted >
Step 3 On the R0 router, observe the installation history.
Use the show install history last package command. You should see the package operation
started and success.
RP/0/RP0/CPU0:R0# show install history last package
Wed May 4 13:12:32.593 UTC
2022-05-04 13:10:30 UTC Packaging operation 4.1.1 started
2022-05-04 13:10:30 UTC Remove
2022-05-04 13:10:30 UTC xr-telnet
2022-05-04 13:11:21 UTC Packaging operation 4.1.1 success
Location 0/RP0/CPU0
Remove xr-telnet-7.3.2v1.0.0-1.x86_64
Remove xr-telnet-3692251fac396a2d-7.3.2v1.0.0-1.x86_64
Remove xr-telnet-8201-7.3.2v1.0.0-1.x86_64
Remove xr-telnet-d17f630e9aaec8a3-7.3.2v1.0.0-1.x86_64
Step 4 On the R0 router, apply the changes to make the change active.
Use the install apply command and confirm the operation by using the yes keyword.
RP/0/RP0/CPU0:R0# install apply
reload the system.
If you want more control of the operation, then explicitly use 'install apply restart'
or 'install apply reload' as reported by 'show install request'.
Install apply operation 4.1 has started
Note Do not proceed to the next task until the state shows Success for the install apply request.
User request: install apply restart

Operation ID: 6.1

Time started: 2022-05-05 07:29:09
< output omitted >
Use the install commit command.

RP/0/RP0/CPU0:R0# install commit
Install commit operation 4 has started

Operation ID: 4

< output omitted >
that the Telnet client or Telnet server is not available.
RP/0/RP0/CPU0:R0# telnet
^
^
RP/0/RP0/CPU0:R0#

Use the show install committed summary command. There is no xr-telnet package committed.
Label: 7.3.2
Software Hash: d7fb6b4adbb9704ce63a960b5c6af85a

---------------------------------------------------- ---------------------------
xr-8000-mcast 7.3.2v1.0.0-1
xr-8000-netflow 7.3.2v1.0.0-1
xr-bgp 7.3.2v1.0.0-1
xr-ipsla 7.3.2v1.0.0-1
xr-is-is 7.3.2v1.0.0-1
xr-lldp 7.3.2v1.0.0-1
xr-mcast 7.3.2v1.0.0-1
xr-ospf 7.3.2v1.0.0-1
xr-track 7.3.2v1.0.0-
• You have removed the xr-telnet package.
• You have observed the installation request and the installation history.
• You have applied the changes to make the change active.
• You have committed the operation.
1. Which two Cisco IOS XR packages are optional? (Choose two.)

A. xr-ipsla
B. xr-mpls-oam
C. xr-routing
D. xr-snmp
E. xr-ztp
Discovery 4: Configure and Verify ZTP
Introduction
In this lab exercise, you will configure and verify ZTP.
Activity Objective
• Configure autoprovisioning by using a static configuration.
• Configure autoprovisioning by using a script.
Visual Objective
• All routers have IS-IS configured for full IP reachability.
• The link between CE2 and CE4 is disabled.
Topology
• Virtualized routers that are based on Cisco IOS XR and that consist of four PE routers, two P routers,
and four CE routers.
You can access the virtualized PE1 router by using Console access. Click the PE1 router icon in the Cisco
Learning Services Lab portal.
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host. Once you are
on the jump host open the Terminal and type in the hostname (lowercase) of the router, this will open the
SSH session to the router.
Job Aid

IP Addresses
Device Interface IPv4 and IPv6 Address
Node X (P, PE, MgmtEth0 172.16.1.10X/32

CE)
Jump host student 172.16.1.100/24
Node X (P, PE, Loopback0 10.X.X.X/32 and 2001::X:X:X:X/128

CE)
P1 (Node 1) GigabitEthernet0/0/0/0 (to PE1) 10.1.3.1/24 and 2001::99:1:3:1/112

GigabitEthernet0/0/0/1 (to PE2) 10.1.4.1/24 and 2001::99:1:4:1/112
GigabitEthernet0/0/0/2 (to P2) 10.1.2.1/24 and 2001::99:1:2:1/112

PE1 (Node 3) GigabitEthernet0/0/0/0 (to P1) 10.1.3.3/24 and 2001::99:1:3:3/112

GigabitEthernet0/0/0/2 (to CE1) 10.3.7.3/24 and 2001::99:3:7:3/112



CE1 (Node 7) GigabitEthernet0/0/0/0 (to PE1) 10.3.7.7/24 and 2001::99:3:7:7/112
Task 1: Configure Autoprovisioning by Using a Static

Configuration
The purpose of this task is to configure autoprovisioning by using a static configuration.
You can access the virtualized PE1 router by using Console access. Click the PE1 router icon in the Cisco
Learning Services Lab portal.
Activity
Step 1 In the Jumphost, view the DHCP server configuration.
In the Jumphost, use the Terminal and type the more /etc/dhcp/dhcpd.conf Linux command.
student@student-vm:~$ more /etc/dhcp/dhcpd.conf
# dhcpd.conf
option domain-name "cisco.com";
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
subnet 172.16.1.0 netmask 255.255.255.0 {

range 172.16.1.1 172.16.1.253;
option routers 172.16.1.100;
option subnet-mask 255.255.255.0;
}
host PE1 {
hardware ethernet 00:0c:29:f4:41:0c;
fixed-address 172.16.1.103;
filename" http://172.16.1.100:8000/PE1.config";
#filename" http://172.16.1.100:8000/simpleZTPscript";
}
Step 2 In the Jumphost, view the PE1.config configuration file.

In the Jumphost, use the Terminal and type the more /home/student/Configs/PE1.config
Linux command.
student@student-vm:~$ more /home/student/Configs/PE1.config
!! IOS XR
hostname PE1
service timestamps log datetime msec
service timestamps debug datetime msec
domain lookup disable
username cisco
group root-lr
group cisco-support
secret 5 $1$bTpz$UVZAnDb/fNFphiph8imq0/
!
cdp
line template vty
timestamp
exec-timeout 720 0
!
line console
timestamp disable
exec-timeout 0 0
!
line default
exec-timeout 720 0
!
vty-pool default 0 50
icmp ipv4 rate-limit unreachable disable
call-home
service active
contact smart-licensing
profile CiscoTAC-1
active
destination transport-method email disable
destination transport-method http
!
!
interface Loopback0
description Loopback
ipv4 address 10.3.3.3 255.255.255.255
ipv6 address 2001::3:3:3:3/128
!
interface MgmtEth0/RP0/CPU0/0
ipv4 address 172.16.1.103 255.255.255.0
!
interface GigabitEthernet0/0/0/0
description to P1 GigabitEthernet0/0/0/0
cdp
ipv4 address 10.1.3.3 255.255.255.0
ipv6 address 2001::99:1:3:3/112
!
description to PE3 GigabitEthernet0/0/0/1
cdp
ipv4 address 10.3.5.3 255.255.255.0
ipv6 address 2001::99:3:5:3/112
!
description to CE1 GigabitEthernet0/0/0/0
cdp
ipv4 address 10.3.7.3 255.255.255.0
ipv6 address 2001::99:3:7:3/112
!
shutdown
!
shutdown
!
shutdown
!
shutdown
!
router isis 1
is-type level-2-only
net 49.0001.0000.0000.0003.00
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
metric-style wide
!
interface Loopback0
passive
prefix-sid index 3
!
!
!
point-to-point
metric 11
!
!
!
point-to-point
metric 29
!
!
!
point-to-point
!
!
!
!
mpls oam
!
telnet vrf default ipv4 server max-servers 10
ssh server v2
end
Step 3 In the Jumphost, turn on the dhcpd service.
In the Jumphost, use the Terminal and type the sudo systemctl start isc-dhcp-server.service
Linux command.
student@student-vm:~$ sudo systemctl start isc-dhcp-server.service
Step 4 In the Jumphost, verify that the DHCP service is running.
In the Jumphost, use the Terminal and type the sudo systemctl status isc-dhcp-server.service
Linux command.
student@student-vm:/etc/dhcp$ sudo systemctl status isc-dhcp-server.service
â—Ź isc-dhcp-server.service - ISC DHCP IPv4 server
Loaded: loaded (/lib/systemd/system/isc-dhcp-server.service; enabled; vendor preset:
enabled)
Active: active (running) since Thu 2022-05-26 09:19:18 UTC; 26s ago
Docs: man:dhcpd(8)
Main PID: 21739 (dhcpd)
Tasks: 1 (limit: 4915)
CGroup: /system.slice/isc-dhcp-server.service
â””â”€21739 dhcpd -user dhcpd -group dhcpd -f -4 -pf /run/dhcp-
server/dhcpd.pid -cf /etc/dhcp/dhcpd.conf
May 26 09:19:18 student-vm dhcpd[21739]: you want, please write a subnet declaration
May 26 09:19:18 student-vm sh[21739]: you want, please write a subnet declaration
May 26 09:19:18 student-vm dhcpd[21739]: in your dhcpd.conf file for the network
segment
May 26 09:19:18 student-vm sh[21739]: in your dhcpd.conf file for the network
segment
May 26 09:19:18 student-vm dhcpd[21739]: to which interface ens160 is attached. **
May 26 09:19:18 student-vm sh[21739]: to which interface ens160 is attached. **
May 26 09:19:18 student-vm dhcpd[21739]:
May 26 09:19:18 student-vm dhcpd[21739]: Sending on Socket/fallback/fallback-net
May 26 09:19:18 student-vm sh[21739]: Sending on Socket/fallback/fallback-net
May 26 09:19:18 student-vm dhcpd[21739]: Server starting service.
Step 5 In the Jumphost, make the PE1.config file available through HTTP.
In the Jumphost, use the Terminal and navigate to the /home/student/Configs directory. The
PE1.config file is present in the /home/student/Configs folder.
Type the python -m http.server Linux command to start Simple HTTP Server. Do not exit
Simple HTTP Server until later in this lab exercise.
student@student-vm:~$ cd /home/student/Configs
student@student-vm:~/Configs$ python -m http.server
Step 6 In the Jumphost, start Wireshark and filter for DHCP messages.
In the Jumphost, complete the following steps:

1. Open the Wireshark application.
2. Choose interface ens192.
3. Type filter bootp.option.type==53.
4. Click the Apply this filter string to the display button.
5. Click the Start capturing packets button.
Step 7 On the PE1 router, reset the configuration to the factory defaults and reload the router.
Be sure to open console access to the PE1 router, use the cisco username and cisco123
password. Click the PE1 router icon in the Cisco Learning Services Lab portal. This step will not
work on the remote access.
On the PE1 router, use the following commands.
RP/0/RP0/CPU0:PE1# ztp clean
This would remove all ZTP temporary files.
Would you like to proceed? [no]: yes
All ZTP operation files have been removed.
ZTP logs are present in /var/log/ztp*.log for logrotate.
Please remove manually if needed.
If you now wish ZTP to run again from boot, do 'conf t/commit replace' followed by
reload.
RP/0/RP0/CPU0:PE1# configure
RP/0/RP0/CPU0:PE1(config)# commit replace
This commit will replace or remove the entire running configuration. This
operation can be service affecting.
Do you wish to proceed? [no]: yes
RP/0/RP0/CPU0:ios(config)# end
RP/0/RP0/CPU0:ios# reload
!!!!!!!!!! WARNING !!!!!!!!!!

Standby RP not present or not ready yet. Reload command will only reload
RP XR VM, LC kernel dump will be generated due to Headless sdr, this could lead to
unexpected behavior. Use 'reload location all' to reload the XR router properly.
Standby card not present or not Ready for failover. Proceed? [confirm] <Enter>
< output omitted >
Proceed with reload? [confirm] <Enter>
Note If the commit replace command is executed before any configurations are made, the configurations are
replaced with a blank configuration.
Note After reloading is complete, you will need to wait for 5 to 10 minutes for all interfaces to come up.
Step 8 In the Jumphost, analyze the ZTP process.

In the Jumphost, use the Wireshark and analyze the captured frames.
In the Jumphost, use the Terminal and analyze the Simple HTTP Server output, to see if there
was a request for the PE1.config file.
172.16.1.103 - - [26/May/2022 10:40:06] "HEAD /PE1.config HTTP/1.1" 200 -
172.16.1.103 - - [26/May/2022 10:40:06] "GET /PE1.config HTTP/1.1" 200 -
Note It may take 5 to 10 minutes for the router to fully boot. Do not type anything in the router's console until the
process is complete.
Step 9 On the PE1 router, verify the configuration.

On the PE1 router, use the show running-config command. You should see that ZTP changed
the configuration, as shown.
RP/0/RP0/CPU0:PE1# show running-config
Building configuration...
!! IOS XR Configuration 7.5.1
!! Last configuration change at Thu May 26 10:39:30 2022 by ZTP
!
hostname PE1
service timestamps log datetime msec
service timestamps debug datetime msec
domain lookup disable
username cisco
group root-lr
group cisco-support
secret 5 $1$bTpz$UVZAnDb/fNFphiph8imq0/
!
cdp
line template vty
timestamp
exec-timeout 720 0
!
line console
timestamp disable
exec-timeout 0 0
!
line default
exec-timeout 720 0
!
vty-pool default 0 50
icmp ipv4 rate-limit unreachable disable
call-home
service active
contact smart-licensing
profile CiscoTAC-1
active
destination transport-method email disable
destination transport-method http
!
!
interface Loopback0
ipv4 address 10.3.3.3 255.255.255.255
ipv6 address 2001::3:3:3:3/128
!
ipv4 address 172.16.1.103 255.255.255.0
!
cdp
ipv4 address 10.1.3.3 255.255.255.0
ipv6 address 2001::99:1:3:3/112
!
cdp
ipv4 address 10.3.5.3 255.255.255.0
ipv6 address 2001::99:3:5:3/112
!
cdp
ipv4 address 10.3.7.3 255.255.255.0
ipv6 address 2001::99:3:7:3/112
< output omitted >
Step 10 In the Jumphost, stop the Simple HTTP Server.
In the Jumphost, use the Terminal and enter the Ctrl+C keys to stop the Simple HTTP Server.
172.16.1.103 - - [26/May/2022 10:40:06] "HEAD /PE1.config HTTP/1.1" 200 -
172.16.1.103 - - [26/May/2022 10:40:06] "GET /PE1.config HTTP/1.1" 200 -
^C
Keyboard interrupt received, exiting.
student@student-vm:~/Configs$
• You have configured the PE1 router to use autoprovisioning by using a static configuration.
Task 2: Configure Autoprovisioning by Using a Script

The purpose of this task is to configure the required elements to allow for the autoprovisioning of a router
that uses a script during the ZTP process.
Activity
Step 1 In the Jumphost, analyze the preconfigured simple ZTP script in the /home/student/scripts
directory.
In the Jumphost, use the Terminal and enter the more /home/student/scripts/simpleZTPscript
command. The script enables all GigabitEthernet interfaces and configures a load-interval of 30
seconds on all GigabitEthernet interfaces.
student@student-vm:~$ more /home/student/scripts/simpleZTPscript
#!/bin/bash
source /pkg/bin/ztp_helper.sh
config_file="/tmp/config.txt"
interfaces=$(xrcmd "show interfaces brief")
function activate_all_if(){
arInt=($(echo $interfaces | grep -oE '(Te|Fo|Hu|Gi)[0-9]*/[0-9]*/[0-9]*/[0-
9]*'))
for int in ${arInt[*]}; do
echo -ne "interface $int\n no shutdown\n load-interval 30\n" >>
$config_file
done
xrapply_with_reason "Initial ZTP configuration" $config_file
}
### Script entry point

if [ -f $config_file ]; then
/bin/rm -f $config_file
else
/bin/touch $config_file
fi
activate_all_if
exit 0
Step 2 In the Jumphost, modify the DHCP configuration so that the script file will be used during the
ZTP process.
In the Jumphost, use the Terminal and enter the sudo vi /etc/dhcp/dhcpd.conf Linux command
to modify the DHCP configuration.
Note You can use gedit Linux application as the text editor.
Save and close the file after making the appropriate changes.
student@student-vm:~$ sudo vi /etc/dhcp/dhcpd.conf
# dhcpd.conf
option domain-name "cisco.com";
default-lease-time 600;
max-lease-time 7200;
ddns-update-style none;
subnet 172.16.1.0 netmask 255.255.255.0 {

range 172.16.1.1 172.16.1.253;
option routers 172.16.1.100;
option subnet-mask 255.255.255.0;
}
host PE1 {
hardware ethernet 00:0c:29:f4:41:0c;
fixed-address 172.16.1.103;
filename" http://172.16.1.100:8000/PE1.config";
#filename" http://172.16.1.100:8000/simpleZTPscript";
}
Start file modification by pressing the i key.

Comment out (#) the line:
# filename "http://172.16.1.100:8000/PE1.config";
Uncomment the line:

filename "http://172.16.1.100:8000/simpleZTPscript";
To save and exit the vi editor, press the Esc key and type the :wq! command.
Step 3 In the Jumphost, restart the dhcpd service.
In the Jumphost, use the Terminal and enter the sudo systemctl restart isc-dhcp-
server.service Linux command.
student@student-vm:~$ sudo systemctl restart isc-dhcp-server.service
Step 4 In the Jumphost, make the simpleZTPscript script available through HTTP.
In the Jumphost, use the Terminal, navigate to the /home/student/scripts directory and enter
the python -m http.server Linux command. Leave the Terminal open.
If the simple HTTP server is still running in the /home/student/configs directory, stop the
service by entering the Ctrl+C keys or closing the Terminal window. Then enter the following
commands:
student@student-vm:~$ cd /home/student/scripts
student@student-vm:~/scripts$ python -m http.server
Step 5 On the PE1 router, verify that all GigabitEthernet interfaces are present in the running
configuration.
On the PE1 router, use the show running-config command. If there are GigabitEthernet
interfaces shown as preconfigured, wait a couple of minutes before proceeding to the next step.
Note It may take up to 10 minutes after the system reboot for all interface modules to load and become available.

< output omitted >
interface preconfigure GigabitEthernet0/0/0/0
cdp
ipv4 address 10.1.3.3 255.255.255.0
ipv6 address 2001::99:1:3:3/112
< output omitted >
You can continue to the next step when the show running-config output is similar as shown.
< output omitted >
cdp
ipv4 address 10.1.3.3 255.255.255.0
ipv6 address 2001::99:1:3:3/112
< output omitted >
Step 6 On the PE1 router, invoke the ZTP.
On the PE1 router, use the ztp initiate verbose command to invoke ZTP.
RP/0/RP0/CPU0:PE1# ztp initiate verbose
Inititaing ZTP may change your configuration.
Interfaces might be brought up if they are in shutdown state
Would you like to proceed? [no]: yes
ZTP will now run in the background.
Please use "show logging" or look at /var/log/ztp.log to check progress.
RP/0/RP0/CPU0:PE1#
Step 7 In the Jumphost, analyze the ZTP process.

In the Jumphost, use the Wireshark and analyze the captured frames.
In the Jumphost, use the Terminal and analyze the Simple HTTP Server output to see if there
was a request for the simpleZTPscript file.
student@student-vm:~/scripts$ python -m http.server
172.16.1.103 - - [26/May/2022 11:08:06] "HEAD / simpleZTPscript HTTP/1.1" 200 -
172.16.1.103 - - [26/May/2022 11:08:06] "GET / simpleZTPscript HTTP/1.1" 200 -
Step 8 On the PE1 router, verify the configuration.

On the PE1 router, use the show running-config command. All GigabitEthernet interfaces
should be operating and have a load interval of 30 seconds configured on them.
< output omitted >
cdp
ipv4 address 10.1.3.3 255.255.255.0
ipv6 address 2001::99:1:3:3/112
load-interval 30
!
cdp
ipv4 address 10.3.5.3 255.255.255.0
ipv6 address 2001::99:3:5:3/112
load-interval 30
!
cdp
ipv4 address 10.3.7.3 255.255.255.0
ipv6 address 2001::99:3:7:3/112
load-interval 30
!
load-interval 30
!
load-interval 30
!
load-interval 30
!
load-interval 30
!
< output omitted >
• You have configured the PE1 router to use autoprovisioning by using a script.
1. Which Cisco IOS XR command invokes the ZTP?

A. initiate ztp
B. ztp detail initiate
C. ztp initiate
D. ztp verbose initiate
Discovery 5: Configure and Verify Multiprotocol
Label Switching
Introduction
In this lab exercise, you will configure and verify basic MPLS operation on the lab devices. First, verify the
IS-IS routing protocol and basic connectivity inside the lab environment. An IS-IS adjacency should be
established as Level 2 only between all CE, PE, and P routers. Then you will proceed to configure basic
MPLS in the core of your network.
Activity Objective
• Configure and verify MPLS LDP
• Verify the MPLS operation
Visual Objective
The following figure shows the visual objective:

• All routers have IS-IS configured for full reachability.
• All P and PE routers except PE1 have MPLS LDP configured.
• Links between PE routers have modified metrics.
Topology
on the jump host open the Terminal and type in the host name (lowercase) of the router, this will open the
Job Aid

IP Addresses
Node X (P, PE, CE) MgmtEth0 172.16.1.10X/32
Jumphost 172.16.1.100/24
Node X (P, PE, CE) Loopback0 10.X.X.X/32 and 2001::X:X:X:X/128







Task 1: Verify the IS-IS Routing

The purpose of this task is to verify IS-IS routing. All routers have IS-IS routing preconfigured.
Activity
Step 1 On the PE1 router, verify the IS-IS configuration.

On the PE1 router, use the show running-config router isis command. You should see that IS-
IS is configured with level 2 only and address families IPv4 and IPv6 are configured on the
Loopback0, GigabitEthernet0/0/0/0, GigabitEthernet0/0/0/1, and GigabitEthernet0/0/0/2
interfaces.
RP/0/RP0/CPU0:PE1# show running-config router isis
Fri Mar 25 10:02:34.341 UTC
router isis 1
is-type level-2-only
net 49.0001.0000.0000.0003.00
metric-style wide
!
metric-style wide
!
interface Loopback0
passive
!
!
!
point-to-point
!
!
!
point-to-point
!
!
!
point-to-point
!
You can verify IS-IS configuration on other routers and make sure that IS-IS is configured, as
shown in the Visual Objective of the lab.
Step 2 On the PE1 router, verify that IS-IS adjacencies are established.
On the PE1 router, use the show isis adjacency command.
RP/0/RP0/CPU0:PE1# show isis adjacency
Fri Mar 25 08:54:08.491 UTC
IS-IS 1 Level-2 adjacencies:

System Id Interface SNPA State Hold Changed NSF IPv4
IPv6
BFD BFD
P1 Gi0/0/0/0 *PtoP* Up 28 23:40:06 Yes None
None
PE3 Gi0/0/0/1 *PtoP* Up 27 23:40:08 Yes None
None
CE1 Gi0/0/0/2 *PtoP* Up 29 23:40:06 Yes None
None
Total adjacency count: 3
On the PE1 router, you should see three IS-IS adjacencies established. You can repeat the same
command on other routers and make sure that IS-IS adjacencies are established, as shown in the
Visual Objective of the lab.
Step 3 On the PE1 router, verify the routing table for IS-IS routes.
On the PE1 router, use the show route isis command.

RP/0/RP0/CPU0:PE1# show route isis
Fri Mar 25 08:59:44.070 UTC
i L2 10.1.1.1/32 [115/10] via 10.1.3.1, 23:41:51, GigabitEthernet0/0/0/0

[115/20] via 10.1.3.1, 23:30:10, GigabitEthernet0/0/0/0
On the PE1 router, you should see IS-IS routes. The highlighted routes in the output are for CE1
Loopback0 (10.7.7.7/32), CE2 Loopback0 (10.8.8.8/32), CE3 Loopback0 (10.9.9.9/32), and
CE4 Loopback0 (10.10.10.10/32).
Step 4 On the CE1 router, verify connectivity to the CE2 Loopback0 (10.8.8.8/32) and to the CE3
Loopback0 (10.9.9.9/32).
On the CE1 router, use the ping 10.8.8.8 command to test connectivity to the CE2 Loopback0.
Ping should be successful.
RP/0/RP0/CPU0:CE1# ping 10.8.8.8
Fri Mar 25 09:08:08.194 UTC
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 539/1289/1857 ms
On the CE1 router, use the ping 10.9.9.9 command to test connectivity to the CE3 Loopback0.
Ping should be successful.
RP/0/RP0/CPU0:CE1# ping 10.9.9.9
Fri Mar 25 09:11:34.462 UTC
!!!!!
• You have verified IS-IS configuration.
• You have verified that all routers have full reachability.
Task 2: Configure and Verify MPLS

The purpose of this task is to configure and verify MPLS. You will enable MPLS and specify the LDP
router ID on the PE1 router. Other P and PE routers have MPLS already configured, so no configuration
will be performed on them. The CE routers should not have MPLS configured.
Activity
Step 1 On the PE1 router, determine which interfaces face P1 and PE3 routers.
On the PE1 router, use the show interfaces description command to determine interfaces to
other MPLS enabled devices.
RP/0/RP0/CPU0:PE1# show interfaces description
Fri Mar 25 10:19:53.708 UTC
Interface Status Protocol Description

--------------------------------------------------------------------------------
Lo0 up up Loopback
Nu0 up up
Mg0/RP0/CPU0/0 up up
Gi0/0/0/0 up up to P1 GigabitEthernet0/0/0/0
Gi0/0/0/1 up up to PE3 GigabitEthernet0/0/0/1
Gi0/0/0/2 up up to CE1 GigabitEthernet0/0/0/0
Gi0/0/0/3 admin-down admin-down
You will need this information when enabling MPLS on the core links.
Step 2 On the PE1 router, enable MPLS LDP for the interfaces facing the core, that is, facing P1 and
PE3 routers. Use the IP 10.3.3.3 as a LDP router ID.
On the PE1 router, use the following commands:

RP/0/RP0/CPU0:PE1# config
RP/0/RP0/CPU0:PE1(config)# mpls ldp
RP/0/RP0/CPU0:PE1(config-ldp)# router-id 10.3.3.3
RP/0/RP0/CPU0:PE1(config-ldp)# address-family ipv4
RP/0/RP0/CPU0:PE1(config-ldp-af)# exit
RP/0/RP0/CPU0:PE1(config-ldp)# address-family ipv6
RP/0/RP0/CPU0:PE1(config-ldp-af)# exit
RP/0/RP0/CPU0:PE1(config-ldp)# interface GigabitEthernet0/0/0/0
RP/0/RP0/CPU0:PE1(config-ldp-if)# address-family ipv4
RP/0/RP0/CPU0:PE1(config-ldp-if-af)# exit
RP/0/RP0/CPU0:PE1(config-ldp-if)# exit
RP/0/RP0/CPU0:PE1(config-ldp)# interface GigabitEthernet0/0/0/1
RP/0/RP0/CPU0:PE1(config-ldp-if-af)# commit
RP/0/RP0/CPU0:PE1(config-ldp-if-af)# end
Step 3 In a dual-stack setup, when LDP has the option to establish transport connection either by using
IPv4 endpoints or IPv6 endpoints, IPv6 connection is preferred over IPv4 connection. On the
PE1 router, override default IPv6 transport preference for dual-stack cases to use IPv4 transport.
On the PE1 router, use the dual-stack transport-connection prefer ipv4 command, to override
the default IPv6 transport preference for dual-stack cases.
RP/0/RP0/CPU0:PE1(config)# mpls ldp
RP/0/RP0/CPU0:PE1(config-ldp)# neighbor
RP/0/RP0/CPU0:PE1(config-ldp-nbr)# dual-stack transport-connection prefer ipv4
RP/0/RP0/CPU0:PE1(config-ldp-nbr)# commit
RP/0/RP0/CPU0:PE1(config-ldp-nbr)#end
RP/0/RP0/CPU0:PE1#
Step 4 On the PE1 router, verify that MPLS LDP is enabled on the core facing interfaces.
On the PE1 router, use the show mpls interfaces command.

RP/0/RP0/CPU0:PE1# show mpls interfaces
Fri Mar 25 10:44:05.343 UTC
Interface LDP Tunnel Static Enabled
-------------------------- -------- -------- -------- --------
GigabitEthernet0/0/0/0 Yes No No Yes
GigabitEthernet0/0/0/1 Yes No No Yes
You should see MPLS LDP enabled on the GigabitEthernet0/0/0/0 and GigabitEthernet0/0/0/1
interfaces.
Step 5 On the PE1 router, verify MPLS LDP interfaces.
On the PE1 router, use the show mpls ldp interface brief command.
RP/0/RP0/CPU0:PE1# show mpls ldp interface brief
Fri Mar 25 10:47:18.987 UTC
Interface VRF Name Config Enabled IGP-Auto-Cfg TE-Mesh-Grp cfg
--------------- ------------------- ------ ------- ------------ ---------------
Gi0/0/0/0 default Y Y 0 N/A
Gi0/0/0/1 default Y Y 0 N/A
Step 6 On the PE1 router, verify that an LDP session is established to the P1 and PE3 routers.
On the PE1 router, use the show mpls ldp neighbor command.
RP/0/RP0/CPU0:PE1# show mpls ldp neighbor
Fri Mar 25 10:57:57.164 UTC
Peer LDP Identifier: 10.5.5.5:0

TCP connection: 10.5.5.5:22376 - 10.3.3.3:646
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 47/47; Downstream-Unsolicited
Up time: 00:00:26
LDP Discovery Sources:
IPv4: (1)
GigabitEthernet0/0/0/1
IPv6: (1)
Addresses bound to this peer:
IPv4: (5)
10.2.5.5 10.3.5.5 10.5.5.5 10.5.9.5
172.16.1.105
IPv6: (4)
2001::5:5:5:5 2001::99:2:5:5 2001::99:3:5:5 2001::99:5:9:5
Peer LDP Identifier: 10.1.1.1:0

TCP connection: 10.1.1.1:646 - 10.3.3.3:43355
Graceful Restart: No
Session Holdtime: 180 sec
State: Oper; Msgs sent/rcvd: 47/47; Downstream-Unsolicited
Up time: 00:00:25
LDP Discovery Sources:
IPv4: (1)
IPv6: (1)
Addresses bound to this peer:
IPv4: (5)
10.1.1.1 10.1.2.1 10.1.3.1 10.1.4.1
172.16.1.101
IPv6: (4)
2001::1:1:1:1 2001::99:1:2:1 2001::99:1:3:1 2001::99:1:4:1
On the PE1 router, you should see the LDP session established to the P1 (10.1.1.1) and to the
PE3 (10.5.5.5) routers.
Step 7 On the PE1 router, verify brief LDP neighbor information.
On the PE1 router, use the show mpls ldp neighbor brief command.
RP/0/RP0/CPU0:PE1# show mpls ldp neighbor brief
Fri Mar 25 11:00:38.616 UTC
Peer GR NSR Up Time Discovery Addresses Labels

ipv4 ipv6 ipv4 ipv6 ipv4 ipv6
----------------- -- --- ---------- ---------- ---------- ------------
10.5.5.5:0 N N 00:03:07 1 1 5 4 22 21
10.1.1.1:0 N N 00:03:06 1 1 5 4 22 21
On the PE1 router, you should see LDP neighbors: P1 (10.1.1.1) and PE3 (10.5.5.5) routers.
There are already some labels received from these neighbors.
Step 8 On the PE1 router, display the MPLS forwarding table.
On the PE1 router, use the show mpls forwarding command.

RP/0/RP0/CPU0:PE1# show mpls forwarding
Fri Mar 25 11:07:05.662 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
24000 Pop 10.1.1.1/32 Gi0/0/0/0 10.1.3.1 1020
24001 Unlabelled 10.7.7.7/32 Gi0/0/0/2 10.3.7.7 0
24002 Pop 10.1.4.0/24 Gi0/0/0/0 10.1.3.1 1722
24003 Pop 10.5.9.0/24 Gi0/0/0/1 10.3.5.5 0
24004 Pop 10.2.5.0/24 Gi0/0/0/1 10.3.5.5 1833
24005 24000 10.4.8.0/24 Gi0/0/0/0 10.1.3.1 0
24006 24001 10.4.6.0/24 Gi0/0/0/0 10.1.3.1 0
24007 24015 10.6.10.0/24 Gi0/0/0/0 10.1.3.1 0
24006 10.6.10.0/24 Gi0/0/0/1 10.3.5.5 0
24008 24006 10.4.4.4/32 Gi0/0/0/0 10.1.3.1 0
< output omitted >
Note how certain prefixes have labels assigned to them and others are Unlabeled. The unlabeled
prefixes are in the table because there are devices that are not running LDP, for example, CE
devices.
Note Label numbering is dynamic and the numerical label values may vary in your command outputs throughout
this exercise.
You have completed this task when you attain the following result:
• Configure and verify MPLS LDP.
Task 3: Verify MPLS Operation

The purpose of this task is to verify MPLS operation. You will verify a service path between CE routers.
Activity
Step 1 On the CE1 router, verify a service path to the CE2 Loopback0 (10.8.8.8) interface.
On the CE1 router, use the traceroute 10.8.8.8 probe 1 command.
RP/0/RP0/CPU0:CE1# traceroute 10.8.8.8 probe 1
Fri Mar 25 12:20:58.577 UTC

Tracing the route to 10.8.8.8
1 10.3.7.3 1405 msec

2 10.1.3.1 [MPLS: Label 24016 Exp 0] 1111 msec
4 10.4.8.8 669 msec
The output shows that the packet path is through PE1 (10.3.7.3), P1 (10.1.3.1), and PE2
(10.1.4.4) routers. The PE1 router imposes a label 24016 and sends a packet to the P1 router.
The P1 router swaps a label 24016 with label 24016 and sends the packet to the PE2 router. The
PE2 router removes a label 24016 and sends the packet to the CE2 router.
this exercise.
Step 2 On the CE1 router, verify the service path to the CE4 Loopback0 (10.10.10.10) interface.
On the CE1 router, use the traceroute 10.10.10.10 probe 1 command.

RP/0/RP0/CPU0:CE1# traceroute 10.10.10.10 probe 1
Fri Mar 25 15:10:40.056 UTC

1 10.3.7.3 319 msec

5 10.6.10.10 2801 msec
The output shows that the packet path is through PE1 (10.3.7.3), P1 (10.1.3.1), P2 (10.1.2.2),
and PE4 (10.2.6.6) routers. The label-switched path (LSP) from CE1 to CE4 Loopback0
contains the following labels: 24011 (P1), 24007 (P2), and 24012 (PE4).
this exercise.
Step 3 On the PE1 router, verify that the one of the outgoing labels for CE4 Loopback0
(10.10.10.10/32) is 24011. Note that your actual label value may vary. Compare the label value
to the first label that appears in the previous traceroute output.
On the PE1 router, use the show mpls ldp ipv4 bindings 10.10.10.10/32 command.
RP/0/RP0/CPU0:PE1# show mpls ldp ipv4 bindings 10.10.10.10/32
Fri Mar 25 12:28:40.824 UTC
10.10.10.10/32, rev 40
Local binding: label: 24012
Remote bindings: (2 peers)
Peer Label
----------------- ---------
10.1.1.1:0 24011
10.5.5.5:0 24012
The P1 router has assigned label 24011 for prefix 10.10.10.10/32 and has sent the label to the
PE1 router.
Step 4 On the PE1 router, verify the MPLS forwarding table for CE4 Loopback0 (10.10.10.10/32).
On the PE1 router, use the show mpls forwarding prefix 10.10.10.10/32 command.
RP/0/RP0/CPU0:PE1# show mpls forwarding prefix 10.10.10.10/32
Fri Mar 25 15:16:33.607 UTC
------ ----------- ------------------ ------------ --------------- ------------
24012 24011 10.10.10.10/32 Gi0/0/0/0 10.1.3.1 2464
The PE1 router uses label 24011 received from P1 router (10.1.3.1) as an outgoing label to reach
prefix 10.10.10.10/32. Note that your actual label value may vary. Compare the label value to the
first label that appears in the traceroute output on the CE1 router to the CE4 Loopback0
(10.10.10.10).
• Verify the MPLS operation.
1. What show command displays local and all received MPLS LDP labels?
A. show mpls forwarding
B. show mpls ldp ipv4 bindings
C. show mpls ldp neighbor brief
D. show mpls ldp summary
Discovery 6: Configure and Verify Segment
Routing
Introduction
This lab explains how to configure and verify IGP segment routing and it familiarizes you with the use of
Cisco IOS XR software commands to explore the lab topology. This lab also verifies connectivity and
configures and verifies the IGP segment routing operation.
Activity Objective
• Verify IPv4 IS-IS routing and connectivity and familiarize yourself with the IS-IS topology used in the
lab.
• Verify MPLS and Cisco Express Forwarding tables within the lab topology.
• Configure IS-IS segment routing support on the P1 and CE1 routers.
• Configure the IS-IS segment routing prefix SID on the P1 and CE1 routers using an index value.
• Configure and verify the segment routing Prefer feature on the CE1 router.
• Configure OSPF segment routing on the PE2 and CE2 routers.
Visual Objective

• All routers have MPLS LDP configured.
• MPLS segment routing is configured on all routers except on P1 and CE1.
Topology
Job Aid

IP Addresses

CE)

CE)






Task 1: Verify Lab Connectivity

The purpose of this task is to verify IPv4 IS-IS routing and connectivity and familiarize yourself with the
IS-IS topology used in the lab.
Activity
Step 1 Log in to the P1 router and verify that the P1 router has formed IS-IS neighbor relationships
with the P2, PE1, and PE2 routers.
Use the show isis neighbors command.

RP/0/RP0/CPU0:P1# show isis neighbors
IS-IS 1 neighbors:
System Id Interface SNPA State Holdtime Type IETF-NSF
P2 Gi0/0/0/2 *PtoP* Up 28 L2 Capable
PE2 Gi0/0/0/1 *PtoP* Up 29 L2 Capable
Total neighbor count: 3
Use the show isis neighbors detail command. Verify that it has established the neighbor
relationships for both the IPv4 and IPv6 unicast address families.
RP/0/RP0/CPU0:P1# show isis neighbors detail
IS-IS 1 neighbors:
P2 Gi0/0/0/2 *PtoP* Up 27 L2 Capable
Area Address(es): 49.0001
IPv4 Address(es): 10.1.2.2*
IPv6 Address(es): fe80::20c:29ff:fe37:9994*
Topologies: 'IPv4 Unicast' 'IPv6 Unicast'
Uptime: 00:02:40
IPv6 Address(es): fe80::20c:29ff:fe16:c7ef*
Uptime: 4d08h
IPv6 Address(es): fe80::20c:29ff:fef4:412a*
Uptime: 4d08h
Step 2 Log in to the CE1 router and verify that the CE1 router has formed an IS-IS neighbor
relationship with the PE1 router.
Use the show isis neighbors command.

RP/0/RP0/CPU0:CE1# show isis neighbors
IS-IS 1 neighbors:
Use the show isis neighbors detail command. Verify that it has established the neighbor
relationships for both the IPv4 and IPv6 unicast address families.
RP/0/RP0/CPU0:CE1# show isis neighbors detail
IS-IS 1 neighbors:
IPv6 Address(es): fe80::20c:29ff:fef4:413e*
Uptime: 3d02h
Step 3 On the P1 router, verify the IPv4 routing table and make sure you have an IS-IS route to the
Loopback 0 addresses of all the nodes in the network.
Use the show route isis command.
RP/0/RP0/CPU0:P1# show route isis

i L2 10.3.3.3/32 [115/10] via 10.1.3.3, 4d08h, GigabitEthernet0/0/0/0
Verify that there is a route to the Loopback 0 address of PE2 (10.4.4.4/32). Refer to the Job Aid
as reference for the loopback addresses.
Step 4 On the CE1 router, verify the IPv4 routing table and make sure you have an IS-IS route to the
Loopback 0 addresses of all the nodes in the network.
Use the show route isis command.
RP/0/RP0/CPU0:CE1# show route isis

Verify that there is a route to the Loopback 0 address of PE2 (10.4.4.4/32). Refer to the Job Aid
as a reference for the loopback addresses.
• You have verified that the IS-IS neighbor relationships have been established between routers within the
lab topology.
• You have verified that the IS-IS neighbor relationships are active for both IPv4 and IPv6 topologies.
• You have verified the IPv4 routing table has all Loopback 0 addresses within the lab topology.
Task 2: Verify the Existing LDP Environment

The purpose of this task is to verify MPLS and Cisco Express Forwarding tables within the lab topology.
Activity
Step 1 On the P1 router, verify the MPLS forwarding table.

Use the show mpls ldp forwarding command. There should be an entry for CE4 Loopback 0
(10.10.10.10/32).
RP/0/RP0/CPU0:P1# show mpls ldp forwarding
< output omitted >
Prefix Label Label(s) Outgoing Next Hop Flags
In Out Interface G S R E
--------------- ------- -------------- ------------ ------------------- -------
10.2.2.2/32 24018 ImpNull Gi0/0/0/2 10.1.2.2
10.2.5.0/24 24019 ImpNull Gi0/0/0/2 10.1.2.2
10.2.6.0/24 24014 ImpNull Gi0/0/0/2 10.1.2.2
10.3.3.3/32 24000 ImpNull Gi0/0/0/0 10.1.3.3
10.3.5.0/24 24002 ImpNull Gi0/0/0/0 10.1.3.3
10.3.7.0/24 24001 ImpNull Gi0/0/0/0 10.1.3.3
10.4.4.4/32 24006 ImpNull Gi0/0/0/1 10.1.4.4
10.4.6.0/24 24008 ImpNull Gi0/0/0/1 10.1.4.4
10.4.8.0/24 24007 ImpNull Gi0/0/0/1 10.1.4.4
10.5.5.5/32 24028 24028 Gi0/0/0/0 10.1.3.3
24028 Gi0/0/0/2 10.1.2.2
10.5.9.0/24 24029 24030 Gi0/0/0/0 10.1.3.3
24031 Gi0/0/0/2 10.1.2.2
10.6.6.6/32 24012 24002 Gi0/0/0/2 10.1.2.2
24014 Gi0/0/0/1 10.1.4.4
10.6.10.0/24 24013 24006 Gi0/0/0/2 10.1.2.2
24015 Gi0/0/0/1 10.1.4.4
10.7.7.7/32 24022 24026 Gi0/0/0/0 10.1.3.3
10.8.8.8/32 24023 24026 Gi0/0/0/1 10.1.4.4
10.8.10.0/24 24024 24028 Gi0/0/0/1 10.1.4.4
10.9.9.9/32 24034 24038 Gi0/0/0/0 10.1.3.3
24037 Gi0/0/0/2 10.1.2.2
10.10.10.10/32 24032 24038 Gi0/0/0/2 10.1.2.2
24036 Gi0/0/0/1 10.1.4.4
Step 2 On the P1 router, verify the Cisco Express Forwarding table.

Use the show cef command. There should be an entry for CE4 Loopback 0 (10.10.10.10/32).
RP/0/RP0/CPU0:P1# show cef
Prefix Next Hop Interface

------------------- ------------------- ------------------
0.0.0.0/0 drop default handler
0.0.0.0/32 broadcast
10.1.1.1/32 receive Loopback0
10.1.2.0/24 attached GigabitEthernet0/0/0/2
10.1.2.0/32 broadcast GigabitEthernet0/0/0/2
10.1.2.1/32 receive GigabitEthernet0/0/0/2
10.2.2.2/32 10.1.2.2/32 GigabitEthernet0/0/0/2
10.1.2.2/32 GigabitEthernet0/0/0/2
< output omitted >
Step 3 On the P1 router, display the Cisco Express Forwarding entry for the 10.10.10.10/32 prefix
received from P2 (10.1.2.2) and PE2 (10.1.4.4).
Use the show cef 10.10.10.10/32 command.
RP/0/RP0/CPU0:P1# show cef 10.10.10.10/32
10.10.10.10/32, version 79, internal 0x1000001 0x30 (ptr 0xe294b68) [1], 0x600
(0xe4492f0), 0xa28 (0xf764470)
Updated Mar 8 07:10:50.304
remote adjacency to GigabitEthernet0/0/0/2
Prefix Len 32, traffic index 0, precedence n/a, priority 3
gateway array (0xe2b1c28) reference count 9, flags 0x68, source lsd (5), 1 backups
[4 type 5 flags 0x8401 (0xea9eb88) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xe4492f0, sh-ldi=0xea9eb88]
gateway array update type-time 1 Mar 8 07:10:50.303
LDI Update time Mar 8 07:10:50.303
LW-LDI-TS Mar 8 07:10:50.303
via 10.1.2.2/32, GigabitEthernet0/0/0/2, 6 dependencies, weight 0, class 0 [flags
0x0]
path-idx 0 NHID 0x0 [0xd5ce190 0x0]
next hop 10.1.2.2/32
remote adjacency
local label 24032 labels imposed {24038}
0x0]
path-idx 1 NHID 0x0 [0xd5cdf10 0x0]
next hop 10.1.4.4/32
remote adjacency
Load distribution: 0 1 (refcount 4)
Hash OK Interface Address

0 Y GigabitEthernet0/0/0/2 remote
From the Cisco Express Forwarding entry, determine that the next hops to reach this prefix are
10.1.2.2 and 10.1.4.4. Determine that there will be one label imposed on packets sent to these
destinations.
Step 4 On the CE1 router, verify the MPLS forwarding table.

Use the show mpls ldp forwarding command. There should be an entry for CE4 Loopback 0
(10.10.10.10/32).
RP/0/RP0/CPU0:CE1# show mpls ldp forwarding
< output omitted >
Prefix Label Label(s) Outgoing Next Hop Flags
In Out Interface G S R E
--------------- ------- -------------- ------------ ------------------- -------
10.1.1.1/32 24001 24002 Gi0/0/0/0 10.3.7.3
10.1.2.0/24 24038 24040 Gi0/0/0/0 10.3.7.3
10.1.3.0/24 24006 ImpNull Gi0/0/0/0 10.3.7.3
10.1.4.0/24 24008 24003 Gi0/0/0/0 10.3.7.3
10.2.2.2/32 24004 24020 Gi0/0/0/0 10.3.7.3
10.2.5.0/24 24012 24021 Gi0/0/0/0 10.3.7.3
10.2.6.0/24 24011 24014 Gi0/0/0/0 10.3.7.3
10.3.3.3/32 24000 ImpNull Gi0/0/0/0 10.3.7.3
10.3.5.0/24 24005 ImpNull Gi0/0/0/0 10.3.7.3
10.4.4.4/32 24002 24009 Gi0/0/0/0 10.3.7.3
10.4.6.0/24 24010 24011 Gi0/0/0/0 10.3.7.3
10.4.8.0/24 24007 24010 Gi0/0/0/0 10.3.7.3
10.5.5.5/32 24026 24028 Gi0/0/0/0 10.3.7.3
10.5.9.0/24 24028 24030 Gi0/0/0/0 10.3.7.3
10.6.6.6/32 24003 24012 Gi0/0/0/0 10.3.7.3
10.6.10.0/24 24009 24013 Gi0/0/0/0 10.3.7.3
10.8.8.8/32 24027 24029 Gi0/0/0/0 10.3.7.3
10.8.10.0/24 24029 24031 Gi0/0/0/0 10.3.7.3
10.9.9.9/32 24036 24038 Gi0/0/0/0 10.3.7.3
10.10.10.10/32 24037 24037 Gi0/0/0/0 10.3.7.3
Step 5 On the CE1 router, verify the Cisco Express Forwarding table.
Use the show cef command. There should be an entry for CE4 Loopback 0 (10.10.10.10/32).
RP/0/RP0/CPU0:CE1# show cef
Prefix Next Hop Interface

------------------- ------------------- ------------------
0.0.0.0/0 drop default handler
0.0.0.0/32 broadcast
10.7.7.7/32 receive Loopback0
< output omitted >
Step 6 On the CE1 router, display the Cisco Express Forwarding entry for the 10.10.10.10/32 prefix
received from PE1 (10.3.7.3).
Use the show cef 10.10.10.10/32 command.
RP/0/RP0/CPU0:CE1# show cef 10.10.10.10/32
10.10.10.10/32, version 109, internal 0x1000001 0x30 (ptr 0xe1e0228) [1], 0x600
(0xe37d8d0), 0xa28 (0xea5bbe8)
Updated Mar 8 07:20:00.090
gateway array (0xe1e6230) reference count 51, flags 0x68, source lsd (5), 1 backups
[18 type 5 flags 0x8401 (0xea9e408) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xe37d8d0, sh-ldi=0xea9e408]
LW-LDI-TS Mar 8 07:20:00.093
0x0]
path-idx 0 NHID 0x0 [0xd4c0fb0 0x0]
next hop 10.3.7.3/32
remote adjacency
Load distribution: 0 (refcount 18)

From the Cisco Express Forwarding entry, determine that the next hop to reach this prefix is
10.3.7.3 and determine there will be one label imposed on packets sent to this destination.
• Verify that the MPLS forwarding table on both CE1 and P1 has the CE4 Loopback 0 entry.
• Verify that the Cisco Express Forwarding table on both CE1 and P1 has the CE4 Loopback 0 entry.
Task 3: Configure Segment Routing Support

This task describes how to configure segment routing support on the P1 and CE1 routers. All other nodes
within the network have already been enabled for IS-IS segment routing.
Activity
Step 1 On the P1 router, display the current label table information.

Use the show mpls label table command. You should see that there are currently no label
entries in the SRGB default range (16000-23999).
RP/0/RP0/CPU0:P1# show mpls label table
Table Label Owner State Rewrite
----- ------- ------------------------------- ------ -------
0 0 LSD(A) InUse Yes
0 24000 LDP(A) InUse Yes
< output omitted >
Step 2 On the P1 router, display the current MPLS label range information.
Use the show mpls label range command. You should see that there is a minimum value for
dynamic labels set to 24000.
RP/0/RP0/CPU0:P1# show mpls label range
Range for dynamic labels: Min/Max: 24000/1048575
Step 3 On the CE1 router, display the current label table information.
Use the show mpls label table command. You should see that there are currently no label
entries in the SRGB default range (16000-23999).
RP/0/RP0/CPU0:CE1# show mpls label table
----- ------- ------------------------------- ------ -------
< output omitted >
Step 4 On the CE1 router, display the current MPLS label range information.
Use the show mpls label range command. You should see that there is a minimum value for
dynamic labels set to 24000.
RP/0/RP0/CPU0:CE1# show mpls label range
Range for dynamic labels: Min/Max: 24000/1048575
Step 5 On the P1 and CE1 routers, enable IS-IS segment routing for the IPv4 unicast address family.
The following commands should be configured on the P1 router:
RP/0/RP0/CPU0:P1# configure terminal
RP/0/RP0/CPU0:P1(config)# router isis 1
RP/0/RP0/CPU0:P1(config-isis)# address-family ipv4 unicast
RP/0/RP0/CPU0:P1(config-isis-af)# segment-routing mpls
RP/0/RP0/CPU0:P1(config-isis-af)# commit
RP/0/RP0/CPU0:P1(config-isis-af)# end
RP/0/RP0/CPU0:P1#
The following commands should be configured on the CE1 router:

RP/0/RP0/CPU0:CE1# configure terminal
RP/0/RP0/CPU0:CE1(config)# router isis 1
RP/0/RP0/CPU0:CE1(config-isis)# address-family ipv4 unicast
RP/0/RP0/CPU0:CE1(config-isis-af)# segment-routing mpls
RP/0/RP0/CPU0:CE1(config-isis-af)# commit
RP/0/RP0/CPU0:CE1(config-isis-af)# end
RP/0/RP0/CPU0:CE1#
Commit the changes and exit the configuration mode.
Step 6 On the P1 router, display the detailed information of the MPLS label table.
Use the show mpls label table detail command. You should see that IS-IS is listed as the owner
for the label block starting at 16000. There are no entries for the SRGB range. The SRGB range
starts with the 16000 label and has the size 8000.
RP/0/RP0/CPU0:P1# show mpls label table detail
----- ------- ------------------------------- ------ -------
0 16000 ISIS(A):1 InUse No
(Lbl-blk SRGB, vers:0, (start_label=16000, size=8000)
(IPv4, vers:0, 'default':4U, 10.3.3.3/32)
(IPv6, vers:0, 'default':6U, 2001::3:3:3:3/128)
(IPv6, vers:0, 'default':6U, 2001::99:3:7:0/112)
< output omitted >
Step 7 On the P1 router, display the IS-IS database for P1 using the verbose option.
Use the show isis database verbose P1 command. You should see the SRGB specified as base
16000 and range 8000. Note which flags are set.
RP/0/RP0/CPU0:P1# show isis database verbose P1
IS-IS 1 (Level-2) Link State Database

LSPID LSP Seq Num LSP Checksum LSP Holdtime/Rcvd ATT/P/OL
P1.00-00 * 0x000001eb 0x7b2d 946 /* 0/0/0
Area Address: 49.0001
NLPID: 0xcc
NLPID: 0x8e
Hostname: P1
MT: Standard (IPv4 Unicast)
MT: IPv6 Unicast 0/0/0
IP Address: 10.1.1.1
Metric: 0 IP-Extended 10.1.1.1/32
Prefix Attribute Flags: X:0 R:0 N:1 E:0 A:0
IPv6 Address: 2001::1:1:1:1
Metric: 0 MT (IPv6 Unicast) IPv6 2001::1:1:1:1/128
Metric: 10 MT (IPv6 Unicast) IS-Extended P2.00
Physical BW: 1000000 kbits/sec
Metric: 10 MT (IPv6 Unicast) IS-Extended PE1.00
Metric: 10 IS-Extended P2.00
Local Interface ID: 9, Remote Interface ID: 9
Interface IP Address: 10.1.2.1
Neighbor IP Address: 10.1.2.2
ADJ-SID: F:0 B:0 V:1 L:1 S:0 P:0 weight:0 Adjacency-sid:24037
Metric: 10 IS-Extended PE1.00
Router Cap: 10.1.1.1 D:0 S:0
Segment Routing: I:1 V:0, SRGB Base: 16000 Range: 8000
Node Maximum SID Depth:
Label Imposition: 10
SR Algorithm:
Algorithm: 0
Algorithm: 1
Total Level-2 LSP count: 1 Local Level-2 LSP count: 1
Step 8 On the CE1 router, display the detailed information of the MPLS label table.
Use the show mpls label table detail command. You should see that IS-IS is listed as the owner
for the label block starting at 16000. There are no entries for the SRGB range. The SRGB range
starts with the 16000 label and has the size 8000.
RP/0/RP0/CPU0:CE1# show mpls label table detail
----- ------- ------------------------------- ------ -------
< output omitted >
Step 9 On the CE1 router, display the IS-IS database for CE1 by using the verbose option.
Use the show isis database verbose CE1 command. You should see the SRGB specified as base
16000 and range 8000. Note which flags are set.
RP/0/RP0/CPU0:CE1# show isis database verbose CE1

CE1.00-00 * 0x000001ed 0x8f9e 696 /* 0/0/0
NLPID: 0xcc
NLPID: 0x8e
Hostname: CE1
IPv6 Address: 2001::7:7:7:7
MT: Standard (IPv4 Unicast)
MT: IPv6 Unicast 0/0/0
Router Cap: 10.7.7.7 D:0 S:0
SR Algorithm:
Algorithm: 0
Algorithm: 1
• The P1 router has been enabled for IS-IS segment routing for the IPv4 address family.
• The CE1 router has been enabled for IS-IS segment routing for the IPv4 address family.
Task 4: Configure the Segment Routing Prefix SID

This task describes how to configure the segment routing prefix SID on the P1 and CE1 routers. Both P1
and CE1 will be configured using an index value. All other nodes within the network have already been
configured with the segment routing prefix SID.
Activity
Step 1 On the P1 router, configure the loopback 0 interface with the following IS-IS segment routing
prefix SID index value: IPv4 Unicast Address-Family: 1.
Configure the loopback 0 interface, by using the following commands:

RP/0/RP0/CPU0:P1(config-isis)# interface loopback 0
RP/0/RP0/CPU0:P1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:P1(config-isis-if-af)# prefix-sid index 1
RP/0/RP0/CPU0:P1(config-isis-if-af)# commit
RP/0/RP0/CPU0:P1(config-isis-if-af)# end
RP/0/RP0/CPU0:P1#
Commit all changes and exit the configuration mode.
Step 2 On the CE1 router, configure the loopback 0 interface with the following IS-IS segment routing
prefix SID index values: IPv4 Unicast Address-Family: 7.
Configure the loopback 0 interface, by using the following commands:

RP/0/RP0/CPU0:CE1(config-isis)# interface loopback 0
RP/0/RP0/CPU0:CE1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:CE1(config-isis-if-af)# prefix-sid index 7
RP/0/RP0/CPU0:CE1(config-isis-if-af)# commit
RP/0/RP0/CPU0:CE1(config-isis-if-af)# end
RP/0/RP0/CPU0:CE1#
Step 3 On the P1 router, display the IS-IS database for P1 using the verbose option again.
Use the show isis database verbose P1 command. You should see the prefix SID 1 is attached
to the Loopback0 with the IP address 10.1.1.1.
P1.00-00 * 0x0000000a 0x969a 1000 /* 0/0/0
NLPID: 0xcc
NLPID: 0x8e
Prefix-SID Index: 1, Algorithm:0, R:0 N:1 P:0 E:0 V:0 L:0
Hostname: P1
IPv6 Address: 2001::1:1:1:1
< output omitted >
Step 4 On the P1 router, display the IS-IS database for CE1 using the verbose option.
Use the show isis database verbose CE1 command. You should see the prefix SID 7 is attached
to the Loopback0 with the IP address 10.7.7.7.
RP/0/RP0/CPU0:P1# show isis database verbose CE1

CE1.00-00 0x00000007 0x1a9b 707 /1200 0/0/0
NLPID: 0xcc
NLPID: 0x8e
Hostname: CE1
IPv6 Address: 2001::7:7:7:7
< output omitted >
• The loopback 0 interface on the P1 router has been configured with the prefix SID index value for the
IPv4 address family.
• The loopback 0 interface on the CE1 router has been configured with the prefix SID index value for the
IPv4 address family.
Task 5: Configure and Verify the Segment Routing
Prefer
This task describes how to configure and verify the segment routing prefer feature on the CE1 router.
Activity
Step 1 On the CE1 router, verify the Cisco Express Forwarding table entry for CE4 Loopback0
(10.10.10.10/32).
Use the show cef 10.10.10.10/32 command. You should see that the MPLS LDP label (24037) is
imposed to forward the packet.
10.10.10.10/32, version 148, labeled SR, internal 0x1000001 0x8130 (ptr 0xe1e0228) [1],
0x600 (0xe37d8d0), 0xa28 (0xea5c7c8)
Updated Mar 8 07:51:35.531
Extensions: context-label:16010
gateway array (0xe1e5920) reference count 24, flags 0x68, source lsd (5), 1 backups
[9 type 5 flags 0x8401 (0xea9e5e8) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xe37d8d0, sh-ldi=0xea9e5e8]
LW-LDI-TS Mar 8 07:51:35.093
0x0]
next hop 10.3.7.3/32
remote adjacency

Step 2 On the CE1 router, verify the MPLS forwarding table entry for CE4 Loopback0
(10.10.10.10/32).
Use the show mpls forwarding prefix 10.10.10.10/32 command. You should see that the MPLS
LDP label (24037) is imposed to forward the packet.
RP/0/RP0/CPU0:CE1# show mpls forwarding prefix 10.10.10.10/32
------ ----------- ------------------ ------------ --------------- ------------
24037 24037 10.10.10.10/32 Gi0/0/0/0 10.3.7.3 0
Step 3 On the CE1 router, configure the segment routing prefer feature in the IS-IS routing process.
To configure the segment routing prefer feature, use the following commands:
RP/0/RP0/CPU0:CE1(config-isis-af)# segment-routing mpls sr-prefer
RP/0/RP0/CPU0:CE1#
Commit all changes made and exit the configuration mode.
Step 4 On the CE1 router, verify the Cisco Express Forwarding table entry for CE4 Loopback0
(10.10.10.10/32) again.
Use the show cef 10.10.10.10/32 command. You should see the MPLS segment routing label
(16010) is imposed to forward a packet. MPLS segment routing is preferred over MPLS LDP.
10.10.10.10/32, version 165, labeled SR, internal 0x1000001 0x8310 (ptr 0xe1e0228) [1],
0x600 (0xe37e698), 0xa28 (0xea5b418)
Updated Mar 8 08:40:27.379
gateway array (0xe1e64e8) reference count 24, flags 0x68, source rib (7), 1 backups
[9 type 5 flags 0x8401 (0xea9e8e8) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xe37e698, sh-ldi=0xea9e8e8]
LW-LDI-TS Mar 8 08:40:27.380
0x0]
next hop 10.3.7.3/32
remote adjacency

Step 5 On the CE1 router, verify the MPLS forwarding table entry for CE4 Loopback0
(10.10.10.10/32) again.
Use the show mpls forwarding prefix 10.10.10.10/32 command. You should see the MPLS
segment routing label (16010) is imposed to forward a packet. The MPLS segment routing is
preferred over MPLS LDP.
RP/0/RP0/CPU0:CE1# show mpls forwarding prefix 10.10.10.10/32
------ ----------- ------------------ ------------ --------------- ------------
16010 16010 SR Pfx (idx 10) Gi0/0/0/0 10.3.7.3 0
• Verify that the MPLS LDP label is imposed to forward a packet by default.
• Verify that the CE1 router is configured with the segment routing prefer feature.
• After the segment routing Prefer feature is configured, verify that the MPLS segment routing label is
imposed to forward a packet.
Task 6: Configure Segment Routing with OSPF

This task demonstrates the OSPF segment routing configuration. The purpose of this task is to configure
segment routing support with OSPF and configure the segment routing prefix SID on PE2 and CE2 routers.
Initially, no lab devices have OSPF enabled.
Activity
Step 1 On the PE2 router, enable OSPF area 0 for IPv4 on the Gigabit Ethernet interfaces and
Loopback 0 interface.
The following commands should be configured on the PE2 router:

RP/0/RP0/CPU0:PE2# configure terminal
RP/0/RP0/CPU0:PE2(config)# router ospf 1
RP/0/RP0/CPU0:PE2(config-ospf)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE2(config-ospf)# area 0
RP/0/RP0/CPU0:PE2(config-ospf-ar)# interface Loopback 0
RP/0/RP0/CPU0:PE2(config-ospf-ar-if)# exit
RP/0/RP0/CPU0:PE2(config-ospf-ar)# interface GigabitEthernet 0/0/0/0
RP/0/RP0/CPU0:PE2(config-ospf-ar-if)# commit
RP/0/RP0/CPU0:PE2(config-ospf-ar-if)# end
Step 2 On the PE2 router, enable OSPF segment routing support.
The following commands should be configured on the PE2 router:

RP/0/RP0/CPU0:PE2(config-ospf)# segment-routing mpls
RP/0/RP0/CPU0:PE2(config-ospf)# segment-routing forwarding mpls
RP/0/RP0/CPU0:PE2(config-ospf)# commit
RP/0/RP0/CPU0:PE2(config-ospf)# end

Step 3 On the PE2 router, configure the loopback 0 interface with the following OSPF segment routing
prefix SID absolute value: 16014.
To configure the loopback 0 interface, use the following commands:

RP/0/RP0/CPU0:PE2(config-ospf-ar)# interface loopback 0
RP/0/RP0/CPU0:PE2(config-ospf-ar-if)# prefix-sid absolute 16014
Step 4 On the PE2 router, display the detailed information of the MPLS label table.
Use the show mpls label table detail command. You should see that IS-IS and OSPF are listed
as the owners for the label block starting at 16000. The SRGB range starts with the 16000 label
and has the size 8000.
RP/0/RP0/CPU0:PE2# show mpls label table detail
----- ------- ------------------------------- ------ -------
OSPF(A):ospf-1 InUse No
0 24000 ISIS(A):1 InUse Yes
(SR Adj Segment IPv4, vers:0, index=1, type=0, intf=Gi0/0/0/0, nh=10.1.4.1)
(SR Adj Segment IPv4, vers:0, index=3, type=0, intf=Gi0/0/0/0, nh=10.1.4.1)
< output omitted >
Step 5 On the PE2 router, display the OSPF database opaque type 4 entry.
Use the show ospf database opaque-area 4.0.0.0 self-originate command. You should see the
SRGB specified as base 16000 and range 8000.
RP/0/RP0/CPU0:PE2# show ospf database opaque-area 4.0.0.0 self-originate
OSPF Router with ID (10.4.4.4) (Process ID 1)
Type-10 Opaque Link Area Link States (Area 0)
LS age: 195
Options: (No TOS-capability, DC)
LS Type: Opaque Area Link
Link State ID: 4.0.0.0
Opaque Type: 4
Opaque ID: 0
Advertising Router: 10.4.4.4
LS Seq Number: 80000002
Checksum: 0x87da
Length: 68
Router Information TLV: Length: 4

Capabilities:
Graceful Restart Helper Capable
Stub Router Capable
All capability bits: 0x60000000
Segment Routing Algorithm TLV: Length: 2

Algorithm: 0
Algorithm: 1
Segment Routing Range TLV: Length: 12

Range Size: 8000
SID sub-TLV: Length 3

Label: 16000
Node MSD TLV: Length: 2

Type: 1, Value 10
Dynamic Hostname TLV: Length: 3

Hostname: PE2
Use the show ospf database opaque-area 7.0.0.1 self-originate command. You should see
prefix SID index value 14 for prefix 10.4.4.4/32.
LS age: 435
Opaque Type: 7
Opaque ID: 1
Checksum: 0x81e3
Length: 44
Extended Prefix TLV: Length: 20

Route-type: 1
AF : 0
Flags : 0x40
Prefix : 10.4.4.4/32
SID sub-TLV: Length: 8

Flags : 0x0
MTID : 0
Algo : 0
SID Index : 14
Use the show ospf database opaque-area 8.0.0.9 self-originate command. This output should
display adjacency SIDs, but the output is empty since there are no OSPF adjacencies.

RP/0/RP0/CPU0:PE2#
In the next step, you will enable OSPF on the CE2 router. PE2 and CE2 routers will form OSPF
adjacency.
Step 8 On the CE2 router, enable OSPF area 0 for IPv4 on the Gigabit Ethernet 0/0/0/0 and Loopback 0
interfaces, enable OSPF segment routing support, and configure the Loopback 0 interface with
the following OSPF segment routing Prefix-SID absolute value: 16018.
The following commands should be configured on the CE2 router:
RP/0/RP0/CPU0:CE2(config)# router ospf 1
RP/0/RP0/CPU0:CE2(config-ospf)# address-family ipv4 unicast
RP/0/RP0/CPU0:CE2(config-ospf)# segment-routing mpls
RP/0/RP0/CPU0:CE2(config-ospf)# segment-routing forwarding mpls
RP/0/RP0/CPU0:CE2(config-ospf)# area 0
RP/0/RP0/CPU0:CE2(config-ospf-ar)# interface Loopback 0
RP/0/RP0/CPU0:CE2(config-ospf-ar-if)# prefix-sid absolute 16018
RP/0/RP0/CPU0:CE2(config-ospf-ar-if)# exit
RP/0/RP0/CPU0:CE2(config-ospf-ar)# interface GigabitEthernet 0/0/0/0
RP/0/RP0/CPU0:CE2(config-ospf-ar-if)# commit
RP/0/RP0/CPU0:CE2(config-ospf-ar-if)# end
Step 9 On the CE2 router, verify OSPF adjacency is established.
You should see the established OSPF adjacency between CE2 and PE2 routers:
RP/0/RP0/CPU0:CE2# show ospf neighbor
* Indicates MADJ interface

# Indicates Neighbor awaiting BFD session up
Neighbors for OSPF 1
Neighbor ID Pri State Dead Time Address Interface

10.4.4.4 1 FULL/DR 00:00:34 10.4.8.4
Neighbor is up for 00:03:36
Step 10 On the PE2 router, display the OSPF database opaque type 8 entry again.
Use the show ospf database opaque-area 8.0.0.9 self-originate command. This output displays
adjacency SID (24042) for neighbor CE2 (10.8.8.8) as advertised by the PE2 router.
LS age: 42
Opaque Type: 8
Opaque ID: 9
Checksum: 0x5ac2
Length: 116
Extended Link TLV: Length: 92

Link-type : 2
Link ID : 10.4.8.4
Link Data : 10.4.8.4
LAN Adj sub-TLV: Length: 11

Flags : 0x60
MTID : 0
Weight : 0
Neighbor ID: 10.8.8.8
Label : 24042
Local-ID Remote-ID sub-TLV: Length: 8

Local Interface ID: 9
Remote Interface ID: 0
Link MSD sub-TLV: Length: 2

Type: 1, Value 10
Link MAX BW sub-TLV: Length: 4

Maximum bandwidth : 125000000
ASLA sub-TLV: Length: 16

SABM Len: 4
UDABM Len: 0
SABM Val: 0x40000000
TE Metric : 1
RP/0/RP0/CPU0:PE2#
Step 11 On the PE2 router, display the OSPF neighbor details.

Use the show ospf neighbor detail command to display OSPF adjacency details. This output
also displays adjacency SID (24042) for neighbor CE2 (10.8.8.8).
RP/0/RP0/CPU0:PE2# show ospf neighbor detail

Neighbor 10.8.8.8, interface address 10.4.8.8

In the area 0 via interface GigabitEthernet0/0/0/2
Neighbor priority is 1, State is FULL, 6 state changes
DR is 10.4.8.4 BDR is 10.4.8.8
Options is 0x52
LLS Options is 0x1 (LR)
Dead timer due in 00:00:31
Number of DBD retrans during last exchange 0
Index 1/1, retransmission queue length 0, number of retransmission 1
First 0(0)/0(0) Next 0(0)/0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
LS Ack list: NSR-sync pending 0, high water mark 0
Adjacency SIDs:
Label: 24042, Dynamic, Unprotected
Neighbor Interface ID: 7

RP/0/RP0/CPU0:PE2#
• The PE2 and CE2 routers have been enabled for OSPF segment routing for the IPv4 address family.
• The Loopback 0 interface on the PE2 and CE2 routers have been configured with the prefix SID
absolute value for the IPv4 address family.
1. Which one of the show commands displays the prefix SID index value?
A. The show ospf database opaque-area 4.0.0.0 self-originate command
B. The show ospf database opaque-area 7.0.0.1 self-originate command
C. The show ospf database opaque-area 9.0.0.8 self-originate command
D. The show ospf database opaque-area 8.0.0.9 self-originate command
Discovery 7: Configure and Verify SR TI-LFA
Using IS-IS
Introduction
In this lab exercise, you will configure and verify the operation of TI-LFA Fast Reroute using the IS-IS
routing protocol. You will verify TI-LFA FRR for zero-segment, single-segment, and double-segment
protection.
Activity Objective
• Verify Segment Routing configuration in the IS-IS routing protocol and examine Cisco Express
Forwarding and MPLS entries
• Configure TI-LFA to employ the zero-segment protection
• Configure TI-LFA to employ the single-segment protection
• Configure TI-LFA to employ the double-segment protection
Visual Objective
• All routers have MPLS SR configured.
• There is no MPLS LDP configured.
This visual objective represents Tasks 1 through 3:
This visual objective represents task 4:

This visual objective represents Task 5:
Topology
Job Aid

IP Addresses
Jumphost 172.16.1.100/24







Task 1: Verify Segment Routing Environment and

Forwarding
The purpose of this task is to verify the Segment Routing configuration in the IS-IS routing protocol and
examine Cisco Express Forwarding and MPLS entry for CE3. You will also examine traffic flow from the
CE1 to the CE3 router.
Activity
Step 1 On the PE1 router, list MPLS labels to verify that Segment Routing is enabled in the IS-IS
routing protocol.
Use the show mpls label table command. You should see the Segment Routing Prefix-SID and
Adjacency-SID labels. Labels are distributed by IS-IS.
RP/0/RP0/CPU0:PE1# show mpls label table
----- ------- ------------------------------- ------ -------
Step 2 On the PE1 router, verify the MPLS forwarding table.

Use the show mpls forwarding command. You should see the Segment Routing Prefix-SID (SR
Pfx) and Adjacency-SID (SR Adj) labels.
------ ----------- ------------------ ------------ --------------- ------------
16001 Pop SR Pfx (idx 1) Gi0/0/0/0 10.1.3.1 0
16002 16002 SR Pfx (idx 2) Gi0/0/0/1 10.3.5.5 0
16004 16004 SR Pfx (idx 4) Gi0/0/0/0 10.1.3.1 0
16005 Pop SR Pfx (idx 5) Gi0/0/0/1 10.3.5.5 0
16006 16006 SR Pfx (idx 6) Gi0/0/0/0 10.1.3.1 0
16007 Pop SR Pfx (idx 7) Gi0/0/0/2 10.3.7.7 0
16008 16008 SR Pfx (idx 8) Gi0/0/0/0 10.1.3.1 0
16009 16009 SR Pfx (idx 9) Gi0/0/0/1 10.3.5.5 0
16010 16010 SR Pfx (idx 10) Gi0/0/0/0 10.1.3.1 0
24000 Pop SR Adj (idx 1) Gi0/0/0/0 10.1.3.1 0
24001 Pop SR Adj (idx 3) Gi0/0/0/0 10.1.3.1 0
24002 Pop SR Adj (idx 1) Gi0/0/0/2 10.3.7.7 0
24003 Pop SR Adj (idx 3) Gi0/0/0/2 10.3.7.7 0
24004 Pop SR Adj (idx 1) Gi0/0/0/1 10.3.5.5 0
24005 Pop SR Adj (idx 3) Gi0/0/0/1 10.3.5.5 0
Step 3 On the PE1 router, verify the Cisco Express Forwarding table entry for CE3 loopback 0
(10.9.9.9/32).
Use the show cef 10.9.9.9/32 command. You should see that the MPLS SR label (16009) is
imposed to forward the packet to the PE3 (10.3.5.5) router.
RP/0/RP0/CPU0:PE1# show cef 10.9.9.9/32
10.9.9.9/32, version 192, labeled SR, internal 0x1000001 0x8110 (ptr 0xe3f76a8) [1],
0x600 (0xe594e28), 0xa28 (0xe95b5f8)
Updated Apr 1 07:28:51.578
gateway array (0xe3fdee0) reference count 6, flags 0x68, source rib (7), 0 backups
[3 type 5 flags 0x8401 (0xe99e828) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xe594e28, sh-ldi=0xe99e828]
gateway array update type-time 1 Apr 1 07:28:14.063
LDI Update time Apr 1 07:28:14.064
LW-LDI-TS Apr 1 07:28:51.577
0x0]
path-idx 0 NHID 0x0 [0xda100f0 0x0]
next hop 10.3.5.5/32
remote adjacency

Step 4 On the PE1 router, verify the MPLS forwarding table entry for CE3 loopback 0 (10.9.9.9/32).
Use the show mpls forwarding prefix 10.9.9.9/32 command. You should see that the MPLS SR
local label 16009 is swapped with the same MPLS SR outgoing label when the packet is sent to
the next-hop 10.3.5.5 (PE3).
------ ----------- ------------------ ------------ --------------- ------------
16009 16009 SR Pfx (idx 9) Gi0/0/0/1 10.3.5.5 0
Step 5 On the CE1 router, verify the connectivity from the CE1 loopback 0 to the CE3 loopback 0.
Use the ping 10.9.9.9 source Loopback 0 command. The ping between CE1 loopback 0 and
CE3 loopback 0 should be successful.
RP/0/RP0/CPU0:CE1# ping 10.9.9.9 source Loopback 0
!!!!!
Step 6 On the CE1 router, verify which path the packet takes when reaching CE3 loopback 0.
Use the traceroute 10.9.9.9 command. The packet between CE1 and CE3 loopback 0 will be
routed to PE1 (10.3.7.3), PE3 (10.3.5.5), and CE3 (10.5.9.9).
RP/0/RP0/CPU0:CE1# traceroute 10.9.9.9

1 10.3.7.3 [MPLS: Label 16009 Exp 0] 122 msec 91 msec 97 msec

3 10.5.9.9 104 msec 103 msec 114 msec
• Verify that Segment Routing Prefix-SID and Adjacency-SID labels are distributed by IS-IS.
• Verify MPLS SR label swapping.
• Verify connectivity between CE1 loopback 0 and CE3 loopback 0.
• Verify packet path between CE1 and CE3 loopback 0.
Task 2: Configure TI-LFA

The purpose of this task is to examine the effects of TI-LFA on provider router IS-IS interfaces. You will
observe the PE1 path to reach CE3. Implement TI-LFA on PE1 to provide protection and backup paths.
Activity
Step 1 On the PE1 router, view the routing entry to the CE3 loopback 0 (10.9.9.9/32).
Use the show route 10.9.9.9/32 command. Observe that PE1 has a path to reach the CE3
loopback 0 through PE3 (10.3.5.5).
RP/0/RP0/CPU0:PE1# show route 10.9.9.9/32
Routing entry for 10.9.9.9/32

Known via "isis 1", distance 115, metric 39, labeled SR, type level-2
Installed Aug 9 08:09:05.710 for 1d01h
Routing Descriptor Blocks
10.3.5.5, from 10.9.9.9, via GigabitEthernet0/0/0/1
Route metric is 39
No advertising protos.
Step 2 On the PE1 router, display the IS-IS FRR summary information to determine the current fast-
reroute state.
Use the show isis fast-reroute summary command. Observe that there is currently no
protection coverage.
RP/0/RP0/CPU0:PE1# show isis fast-reroute summary
IS-IS 1 IPv4 Unicast FRR summary
Critical High Medium Low Total

Priority Priority Priority Priority
Prefixes reachable in L2
All paths protected 0 0 0 0 0
Some paths protected 0 0 0 0 0
Unprotected 0 0 9 8 17
Protection coverage 0.00% 0.00% 0.00% 0.00% 0.00%
Step 3 On the PE1 router, display the IS-IS FRR detailed information for the CE3 loopback 0 interface
network, 10.9.9.9/32.
Use the show isis fast-reroute 10.9.9.9/32 detail command. Observe that there is no FRR
backup for this network.
RP/0/RP0/CPU0:PE1# show isis fast-reroute 10.9.9.9/32 detail
L2 10.9.9.9/32 [39/115] Label: 16009, medium priority

via 10.3.5.5, GigabitEthernet0/0/0/1, Label: 16009, PE3, SRGB Base: 16000, Weight:
0
No FRR backup
src CE3.00-00, 10.9.9.9, prefix-SID index 9, R:0 N:1 P:0 E:0 V:0 L:0, Alg:0
Step 4 On the PE1 router, display the IS-IS adjacency database detailed information for the adjacency
to PE3.
Use the show isis adjacency systemid PE3 detail command. Observe that the adjacency SID is
not protected. A similar output can also be observed for the other adjacencies.
RP/0/RP0/CPU0:PE1# show isis adjacency systemid PE3 detail

IPv6
BFD BFD
PE3 Gi0/0/0/1 *PtoP* Up 26 1d01h Yes None
None
Neighbor IPv4 Address: 10.3.5.5*
Adjacency SID: 24004
Non-FRR Adjacency SID: 24005
Neighbor IPv6 Address: fe80::20c:29ff:fea1:b2c3*
Topology: IPv4 Unicast
BFD Status: BFD Not Required, Neighbor Useable
Step 5 On the PE1 router within IS-IS IPv4 unicast address family, configure fast-reroute and enable it
to use the TI-LFA computation on all IS-IS interfaces connecting to other nodes.
To complete the configuration, use the following commands:

RP/0/RP0/CPU0:PE1(config)# router isis 1

RP/0/RP0/CPU0:PE1(config-isis)# interface GigabitEthernet 0/0/0/0
RP/0/RP0/CPU0:PE1(config-isis-if)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE1(config-isis-if-af)# fast-reroute per-prefix
RP/0/RP0/CPU0:PE1(config-isis-if-af)# fast-reroute per-prefix ti-lfa
RP/0/RP0/CPU0:PE1(config-isis-if-af)# exit
RP/0/RP0/CPU0:PE1(config-isis-if)# exit
RP/0/RP0/CPU0:PE1(config-isis-if-af)# commit
RP/0/RP0/CPU0:PE1(config-isis-if-af)# end
RP/0/RP0/CPU0:PE1#
Make sure that you have configured TI-LFA on the PE1 router and on the Gigabit Ethernet
0/0/0/0, Gigabit Ethernet 0/0/0/1, and Gigabit Ethernet 0/0/0/2 interfaces.
Step 6 On the PE1 router, display the IS-IS FRR summary information again to determine the FRR
state.
Use the show isis fast-reroute summary command. Observe the protection coverage state.
RP/0/RP0/CPU0:PE1# show isis fast-reroute summary
IS-IS 1 IPv4 Unicast FRR summary
Critical High Medium Low Total

Priority Priority Priority Priority
Prefixes reachable in L2
All paths protected 0 0 8 8 16
Some paths protected 0 0 0 0 0
Unprotected 0 0 1 0 1
Protection coverage 0.00% 0.00% 88.89% 100.00% 94.12%
Step 7 On the PE1 router, display the IS-IS FRR detailed information for the CE3 loopback 0 interface
network, 10.9.9.9/32.
Use the show isis fast-reroute 10.9.9.9/32 detail command. Observe the FRR backup path.

Installed Apr 01 07:57:02.671 for 00:01:09
0
Backup path: LFA, via 10.1.3.1, GigabitEthernet0/0/0/0, Label: 16009, P1, SRGB
Base: 16000, Weight: 0, Metric: 60
P: No, TM: 60, LC: No, NP: No, D: No, SRLG: Yes
Step 8 On the PE1 router, display the IS-IS adjacency database detailed information for the adjacency
to PE3.
Use the show isis adjacency systemid PE3 detail command. Observe that the adjacency SID
protection and the backup label stack.
RP/0/RP0/CPU0:PE1# show isis adjacency systemid PE3 detail

IPv6
BFD BFD
PE3 Gi0/0/0/1 *PtoP* Up 23 1d01h Yes None
None
Neighbor IPv4 Address: 10.3.5.5*
Adjacency SID: 24004 (protected)
Backup label stack: [16005]
Backup stack size: 1
Backup interface: Gi0/0/0/0
Backup nexthop: 10.1.3.1
Backup node address: 10.5.5.5
Non-FRR Adjacency SID: 24005
Neighbor IPv6 Address: fe80::20c:29ff:fea1:b2c3*
BFD Status: BFD Not Required, Neighbor Useable
Step 9 On the PE1 router, disable the interface toward PE3 (GigabitEthernet0/0/0/1) and trace packets
from CE1 to CE3 routers.
To disable the GigabitEthernet0/0/0/1 interface on the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1(config)# interface GigabitEthernet 0/0/0/1
RP/0/RP0/CPU0:PE1(config-if)# shutdown
RP/0/RP0/CPU0:PE1(config-if)# commit
RP/0/RP0/CPU0:PE1(config-if)# end
RP/0/RP0/CPU0:PE1#
Send the trace packets from CE1 to CE3 Loopback0 (10.9.9.9). The trace should show PE1
(10.3.7.3), P1 (10.1.3.1), P2 (10.1.2.2), and PE3 (10.2.5.5).

5 10.5.9.9 373 msec 656 msec 247 msec
RP/0/RP0/CPU0:CE1#
Step 10 On the PE1 router, enable the interface toward PE3 (GigabitEthernet0/0/0/1).
To enable the GigabitEthernet0/0/0/1 interface on the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1(config-if)# no shutdown
RP/0/RP0/CPU0:PE1#
• The path from PE1 to CE3 was observed to be unprotected by FRR.
• PE1 has been configured with FRR using TI-LFA in the IS-IS routing protocol computation on all
interfaces.
• The path from PE1 to CE3 has been verified to be protected using FRR TI-LFA in the IS-IS routing
protocol.
Task 3: Zero-Segment Protection

The purpose of this task is to examine a zero-segment protection scenario. The path from PE1 to PE3 will
be examined. Due to the higher metric link between P1 and P2, the traffic follows the direct path between
PE1 and PE3. Click the Objectives tab to view a visual diagram for this task.
TI-LFA calculates backup paths for all destinations that are reached over that interface. TI-LFA
computation on PE1 for destination CE3 results in a zero-segment backup path. TI-LFA calculates that the
post-convergence path to CE3, for a failure of the link between PE1 and PE3, goes through P1. P1 provides
a loop-free path to destination CE3. P1 is a loop-free alternate for destination CE3. No extra labels must be
imposed on the packets steered on the backup path—PE1 simply forwards them to P1.
Activity
Step 1 On the PE1 router, display the IS-IS FRR detailed information for the CE3 loopback 0 network
10.9.9.9/32.
Use the show isis fast-reroute 10.9.9.9/32 detail command. Observe the backup path is through
P1 (10.1.3.1).

0
Backup path: LFA, via 10.1.3.1, GigabitEthernet0/0/0/0, Label: 16009, P1, SRGB
Base: 16000, Weight: 0, Metric: 60
Step 2 On the PE1 router, display the detailed route entry for the CE3 loopback 0 network 10.9.9.9/32.
Use the show route 10.9.9.9/32 detail command. Observe that the backup path requires no extra
labels to be imposed on the packets steered on the backup path—PE1 simply forwards them to
P1.
RP/0/RP0/CPU0:PE1# show route 10.9.9.9/32 detail

Installed Aug 10 09:57:50.032 for 00:07:14
10.1.3.1, from 10.9.9.9, via GigabitEthernet0/0/0/0, Backup (Local-LFA)
Route metric is 60
Label: 0x3e89 (16009)
Tunnel ID: None
Binding Label: None
Extended communities count: 0
Path id:65 Path ref count:1
NHID:0x2(Ref:17)
10.3.5.5, from 10.9.9.9, via GigabitEthernet0/0/0/1, Protected
Route metric is 39
Label: 0x3e89 (16009)
Tunnel ID: None
Binding Label: None
NHID:0x3(Ref:17)
Backup path id:65
Route version is 0x4 (4)
Local Label: 0x3e89 (16009)
IP Precedence: Not Set
QoS Group ID: Not Set
Flow-tag: Not Set
Fwd-class: Not Set
Route Priority: RIB_PRIORITY_NON_RECURSIVE_MEDIUM (7) SVD Type RIB_SVD_TYPE_LOCAL
Download Priority 1, Download Version 74
Step 3 On the PE1 router, display the Cisco Express Forwarding entry for the CE3 loopback 0 network
10.9.9.9/32.
Use the show cef 10.9.9.9/32 command. Observe the primary and backup paths.
0x600 (0xe594e28), 0xa28 (0xf547100)
Updated Apr 1 08:11:19.999
gateway array (0xe3fccc0) reference count 6, flags 0x500068, source rib (7), 0
backups
[3 type 5 flags 0x8401 (0xe99e8e8) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xe594e28, sh-ldi=0xe99e8e8]
LW-LDI-TS Apr 1 08:11:19.999
via 10.1.3.1/32, GigabitEthernet0/0/0/0, 8 dependencies, weight 0, class 0, backup
(Local-LFA) [flags 0x300]
path-idx 0 NHID 0x0 [0xda10050 0x0]
next hop 10.1.3.1/32
remote adjacency
via 10.3.5.5/32, GigabitEthernet0/0/0/1, 6 dependencies, weight 0, class 0,
protected [flags 0x400]
path-idx 1 bkup-idx 0 NHID 0x0 [0xda81190 0x0]
next hop 10.3.5.5/32

Step 4 On the PE1 router, display the detailed MPLS forwarding entry for the SR label for CE3, 16009.
Use the show mpls forwarding labels 16009 detail command. Observe the primary and backup
path for packets with the prefix-SID label of CE3, 16009.
RP/0/RP0/CPU0:PE1# show mpls forwarding labels 16009 detail

------ ----------- ------------------ ------------ --------------- ------------
16009 16009 SR Pfx (idx 9) Gi0/0/0/1 10.3.5.5 0
Updated: Aug 10 09:57:50.055
Path Flags: 0x400 [ BKUP-IDX:0 (0xf46d510) ]
Version: 74, Priority: 1
Label Stack (Top -> Bottom): { 16009 }
NHID: 0x0, Encap-ID: N/A, Path idx: 1, Backup path idx: 0, Weight: 0
MAC/Encaps: 4/8, MTU: 1500
Outgoing Interface: GigabitEthernet0/0/0/1 (ifhandle 0x01000048)
Packets Switched: 0
16009 SR Pfx (idx 9) Gi0/0/0/0 10.1.3.1 0 (!)

Updated: Aug 10 09:57:50.055
Path Flags: 0x300 [ IDX:0 BKUP, NoFwd ]
Packets Switched: 0
(!): FRR pure backup
Traffic-Matrix Packets/Bytes Switched: 0/0
• Verify that PE1 has been enabled for FRR using TI-LFA.
• The zero-segment backup path entries from PE1 to CE3 have been verified.
Task 4: Single-Segment Protection

The purpose of this task is to configure FRR TI-LFA on the PE1 node and observe the operation of single-
segment protection.
Click the Objectives tab to view a visual diagram for this task.
The TI-LFA backup path for destination PE3 on PE1 goes through PQ-node PE2.
Activity
Step 1 On the P1 router, within the IS-IS IPv4 unicast address family, configure FRR and enable it to
use the TI-LFA computation on all IS-IS interfaces connecting to other nodes
Use the following commands:
RP/0/RP0/CPU0:P1(config-isis)# interface GigabitEthernet 0/0/0/0
RP/0/RP0/CPU0:P1(config-isis-if-af)# fast-reroute per-prefix
RP/0/RP0/CPU0:P1(config-isis-if-af)# fast-reroute per-prefix ti-lfa
RP/0/RP0/CPU0:P1(config-isis-if-af)# exit
RP/0/RP0/CPU0:P1(config-isis-if)# exit
RP/0/RP0/CPU0:P1#
Make sure that you have configured TI-LFA on the P1 router and on the Gigabit Ethernet
Step 2 Modify the cost of the link within the IS-IS IPv4 unicast address family between the P1 and P2
routers.
Modify the P1 router interface Gi0/0/0/2 IS-IS IPv4 unicast address family cost to 1000.
RP/0/RP0/CPU0:P1(config-isis-if-af)# metric 1000
RP/0/RP0/CPU0:P1#
Modify the P2 router interface Gi0/0/0/2 IS-IS IPv4 unicast address family cost to 1000.
RP/0/RP0/CPU0:P2(config-isis-if-af)# metric 1000
RP/0/RP0/CPU0:P2#
Step 3 On the PE1 router, display the detailed IS-IS FRR information of the CE3 loopback 0 network
10.9.9.9/32.
Use the show isis fast-reroute 10.9.9.9/32 detail command. Observe the backup path and the P
node.

0
Backup path: TI-LFA (link), via 10.1.3.1, GigabitEthernet0/0/0/0 P1, SRGB Base:
16000, Weight: 0, Metric: 61
P node: P2.00 [10.2.2.2], Label: 16002
Prefix label: 16009
Backup-src: CE3.00
Use the show route 10.9.9.9/32 detail command. Observe the backup path entry and the labels
associated with the backup path.

10.1.3.1, from 10.9.9.9, via GigabitEthernet0/0/0/0, Backup (TI-LFA)
Repair Node(s): 10.2.2.2
Route metric is 61
Labels: 0x3e82 0x3e89 (16002 16009)
Tunnel ID: None
Binding Label: None
NHID:0x2(Ref:17)
Route metric is 39
Label: 0x3e89 (16009)
Tunnel ID: None
Binding Label: None
NHID:0x3(Ref:17)
Backup path id:65
Flow-tag: Not Set
Fwd-class: Not Set
10.9.9.9/32.
Use the show cef 10.9.9.9/32 command. Observe the backup path and the labels imposed for the
backup path.
0x600 (0xe594e28), 0xa28 (0xf547418)
Updated Apr 1 08:20:38.789
gateway array (0xe3fdfc8) reference count 3, flags 0x500068, source rib (7), 0
backups
[2 type 5 flags 0x8401 (0xe99e4c8) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xe594e28, sh-ldi=0xe99e4c8]
LW-LDI-TS Apr 1 08:20:38.794
(TI-LFA) [flags 0xb00]
next hop 10.1.3.1/32, Repair Node(s): 10.2.2.2
remote adjacency
local label 16009 labels imposed {16002 16009}
next hop 10.3.5.5/32

path for packets with the prefix-SID label of CE3, 16009.

------ ----------- ------------------ ------------ --------------- ------------
16009 16009 SR Pfx (idx 9) Gi0/0/0/1 10.3.5.5 0
Updated: Aug 10 10:14:58.722
Path Flags: 0x400 [ BKUP-IDX:0 (0xf46d510) ]
Packets Switched: 0
16002 SR Pfx (idx 9) Gi0/0/0/0 10.1.3.1 0 (!)

Updated: Aug 10 10:14:58.722
Path Flags: 0xb00 [ IDX:0 BKUP, NoFwd ]
Label Stack (Top -> Bottom): { 16002 16009 }
Packets Switched: 0
RP/0/RP0/CPU0:PE1#
(10.3.7.3), P1 (10.1.3.1), PE2 (10.1.4.4), PE4 (10.4.6.6), P2 (10.2.6.2), and PE3 (10.2.5.5).


7 10.5.9.9 99 msec 99 msec 94 msec
Step 8 On the PE1 router, enable interface toward PE3 (GigabitEthernet0/0/0/1).
RP/0/RP0/CPU0:PE1#
• P1 has been configured with FRR TI-LFA in the IS-IS routing protocol.
• Single-segment protection operation has been observed at PE1 for the CE3 destination.
Task 5: Double-Segment Protection

The purpose of this task is to verify double-segment protection. The backup path between PE1 and PE3 will
be examined.
The post-convergence path is indicated in green in the figure. TI-LFA picks a P-node and Q-node that are
located on the post-convergence path. In this case, the P-node is PE2 and the Q-node is PE4. Because the P-
node PE2 is not adjacent, an extra label must be imposed to steer traffic to P-node PE2. PE1 needs to
impose two labels on the backup path: The prefix-SID label to go from PE1 to the P-node PE2 and an
adjacent-SID label to go from the P-node PE2 to the Q-node PE4.
Activity
Step 1 On the PE2 router, within the IS-IS IPv4 unicast address family, configure FRR and enable FRR
to use TI-LFA computation on all IS-IS interfaces connecting to other nodes.
RP/0/RP0/CPU0:PE2#
Make sure that you have configured TI-LFA on the PE2 router and on the Gigabit Ethernet
Step 2 Modify the cost of the link within the IS-IS IPv4 unicast address family between the PE2 and
PE4 routers.
Modify the PE2 router interface Gi0/0/0/1 IS-IS IPv4 unicast address family cost to 500.
RP/0/RP0/CPU0:PE2(config-isis-if-af)# metric 500
RP/0/RP0/CPU0:PE2#
Modify the PE4 router interface Gi0/0/0/1 IS-IS IPv4 unicast address family cost to 500.
RP/0/RP0/CPU0:PE4(config-isis-if-af)# metric 500
RP/0/RP0/CPU0:PE4#
Step 3 On the PE1 router, display the detailed IS-IS FRR information of the CE3 loopback 0 network
10.9.9.9/32.
Use the show isis fast-reroute 10.9.9.9/32 detail command. Observe the P node and Q node
values. Record the Q node label value (24005 in the following output) to use in the next step.

0
Backup path: TI-LFA (link), via 10.1.3.1, GigabitEthernet0/0/0/0 P1, SRGB Base:
16000, Weight: 0, Metric: 551
P node: PE2.00 [10.4.4.4], Label: 16004
Q node: PE4.00 [10.6.6.6], Label: 24005
Prefix label: 16009
Backup-src: CE3.00
Step 4 On the PE1 router, display the MPLS forwarding label information for the Q node label recorded
in the previous step.
Use the show isis database verbose PE2 detail command. You can verify adjacency SID by
using the following IS-IS verification command:
RP/0/RP0/CPU0:PE1# show isis database verbose PE2 detail

PE2.00-00 0x000000d8 0x1740 831 /1200 0/0/0
< output omitted >

Repair Node(s): 10.4.4.4, 10.6.6.6
Route metric is 551
Labels: 0x3e84 0x5dc5 0x3e89 (16004 24005 16009)
Tunnel ID: None
Binding Label: None
NHID:0x2(Ref:17)
Route metric is 39
Label: 0x3e89 (16009)
Tunnel ID: None
Binding Label: None
NHID:0x3(Ref:17)
Backup path id:65
Route version is 0xa (10)
Flow-tag: Not Set
Fwd-class: Not Set
10.9.9.9/32.
backup path.
10.9.9.9/32, version 145, labeled SR, internal 0x1000001 0x81 (ptr 0xdf1e910) [1], 0x0
(0xe0e2068), 0xa28 (0xf3b6138)
Updated Aug 10 10:28:48.878
path-idx 0 NHID 0x0 [0xf203380 0x0]
next hop 10.1.3.1/32, Repair Node(s): 10.4.4.4, 10.6.6.6
remote adjacency
local label 16009 labels imposed {16004 24005 16009}
path-idx 1 bkup-idx 0 NHID 0x0 [0xf46d510 0x0]
next hop 10.3.5.5/32
RP/0/RP0/CPU0:PE1#
(10.3.7.3), P1 (10.1.3.1), PE2 (10.1.4.4), PE4 (10.4.6.6), P2 (10.2.6.2), and PE3 (10.2.5.5).

7 10.5.9.9 972 msec 436 msec 511 msec

RP/0/RP0/CPU0:PE1#
• PE2 has been configured with FRR TI-LFA in the IS-IS routing protocol.
• Double-segment protection operation has been observed at PE1 for the CE3 destination.
1. How is the Q space defined?

A. A set of nodes reachable from node S (point of local repair) without using the protected link L.
B. A set of nodes that a post-convergence path must traverse to reach the destination.
C. A set of nodes that an LSP uses to reach a destination before failure occurs.
D. A set of nodes that can reach destination D without using the protected link L.
Discovery 8: Configure and Verify SR TI-LFA
Using OSPF
Introduction
In this lab exercise, you will configure and verify the operation of TI-LFA Fast Reroute using the OSPF
routing protocol. You will verify TI-LFA FRR for zero-segment, single-segment, and double-segment
protection.
Activity Objective
• Verify Segment Routing configuration in the OSPF routing protocol and examine Cisco Express
Forwarding and MPLS entries
• Configure TI-LFA with FRR in the OSPF routing protocol
• Configure TI-LFA to employ the zero-segment protection
• Configure TI-LFA to employ the single segment protection
• Configure TI-LFA to employ the double segment protection
Visual Objective
• All routers have OSPF configured for full reachability.
This visual objective represents Tasks 1 through 3:
This visual objective represents task 4:

This visual objective represents Task 5:
Topology
Job Aid

IP Addresses
Jumphost 172.16.1.100/24







Task 1: Verify Segment Routing Environment and

Forwarding
The purpose of this task is to verify the Segment Routing configuration in the OSPF routing protocol and
examine Cisco Express Forwarding and MPLS entry for CE3 Loopback0. You will also examine traffic
flow from the CE1 router to the CE3 router.
Activity
Step 1 On the PE1 router, list MPLS labels to verify that Segment Routing is enabled in the OSPF
routing protocol.
Use the show mpls label table command. You should see the Segment Routing Prefix-SID and
Adjacency-SID labels. Labels are distributed by OSPF.
RP/0/RP0/CPU0:PE1# show mpls label table

----- ------- ------------------------------- ------ -------
0 16000 OSPF(A):ospf-1 InUse No
0 24006 OSPF(A):ospf-1 InUse Yes
Step 2 On the PE1 router, verify the MPLS forwarding table.

Use the show mpls forwarding command. You should see the Segment Routing Prefix-SID (SR
Pfx) and Adjacency-SID (SR Adj) labels.

------ ----------- ------------------ ------------ --------------- ------------
16001 Pop SR Pfx (idx 1) Gi0/0/0/0 10.1.3.1 0
16002 16002 SR Pfx (idx 2) Gi0/0/0/1 10.3.5.5 0
16004 16004 SR Pfx (idx 4) Gi0/0/0/0 10.1.3.1 0
16005 Pop SR Pfx (idx 5) Gi0/0/0/1 10.3.5.5 0
16006 16006 SR Pfx (idx 6) Gi0/0/0/0 10.1.3.1 0
16007 Pop SR Pfx (idx 7) Gi0/0/0/2 10.3.7.7 0
16008 16008 SR Pfx (idx 8) Gi0/0/0/0 10.1.3.1 0
16009 16009 SR Pfx (idx 9) Gi0/0/0/1 10.3.5.5 0
16010 16010 SR Pfx (idx 10) Gi0/0/0/0 10.1.3.1 0
24006 Pop SR Adj (idx 0) Gi0/0/0/0 10.1.3.1 0
24007 Pop SR Adj (idx 0) Gi0/0/0/1 10.3.5.5 0
24008 Pop SR Adj (idx 0) Gi0/0/0/2 10.3.7.7 0
Step 3 On the PE1 router, verify the Cisco Express Forwarding table entry for CE3 loopback 0
(10.9.9.9/32).
Use the show cef 10.9.9.9/32 command. You should see that the MPLS SR label (16009) is
imposed to forward the packet to the PE3 (10.3.5.5) router.
10.9.9.9/32, version 751, labeled SR, internal 0x1000001 0x8110 (ptr 0xe3f6f10) [1],
0x600 (0xe594d08), 0xa28 (0xe95b828)
Updated Apr 1 12:32:49.136
gateway array (0xe3fe620) reference count 6, flags 0x68, source rib (7), 0 backups
LW-LDI[type=5, refc=3, ptr=0xe594d08, sh-ldi=0xe99e408]
LW-LDI-TS Apr 1 12:32:49.136
0x0]
next hop 10.3.5.5/32
remote adjacency

Step 4 On the PE1 router, verify the MPLS forwarding table entry for CE3 loopback 0 (10.9.9.9/32).
Use the show mpls forwarding prefix 10.9.9.9/32 command. You should see that the MPLS SR
local label 16009 is swapped with the same MPLS SR outgoing label when the packet is sent to
the next-hop 10.3.5.5 (PE3).

------ ----------- ------------------ ------------ --------------- ------------
16009 16009 SR Pfx (idx 9) Gi0/0/0/1 10.3.5.5 0
Step 5 On the CE1 router, verify the connectivity from the CE1 loopback 0 to the CE3 loopback 0.
Use the ping 10.9.9.9 source Loopback 0 command. The ping between CE1 loopback 0 and
CE3 loopback 0 should be successful.

!!!!!
Step 6 On the CE1 router, verify which path the packet takes when reaching CE3 loopback 0.
Use the traceroute 10.9.9.9 command. The packet between CE1 and CE3 loopback 0 will be
routed to PE1 (10.3.7.3), PE3 (10.3.5.5), and CE3 (10.5.9.9).


3 10.5.9.9 104 msec 103 msec 114 msec
• Verify that Segment Routing Prefix-SID and Adjacency-SID labels are distributed by OSPF.
• Verify MPLS SR label swapping.
• Verify connectivity between CE1 loopback 0 and CE3 loopback 0.
• Verify packet path between CE1 and CE3 loopback 0.
Task 2: Configure TI-LFA

The purpose of this task is to examine the effects of TI-LFA on provider router OSPF interfaces. You will
observe the PE1 path to reach CE3. Implement TI-LFA on PE1 to provide protection and backup paths.
Activity
Step 1 On the PE1 router, view the routing entry to the CE3 loopback 0 (10.9.9.9/32).
Use the show route 10.9.9.9/32 command. Observe that PE1 has a path to reach the CE3
Loopback 0 through PE3 (10.3.5.5).
RP/0/RP0/CPU0:PE1# show route 10.9.9.9/32

Known via "ospf 1", distance 110, metric 31, labeled SR, type intra area
10.3.5.5, from 10.9.9.9, via GigabitEthernet0/0/0/1
Route metric is 31
RP/0/RP0/CPU0:PE1#
Step 2 On the PE1 router, display the OSPF adjacency database detailed information for the adjacency
to PE3 (10.5.5.5).
Use the show ospf neighbor 10.5.5.5 detail command. Observe that the adjacency SID is not
protected. A similar output can also be observed for the other adjacencies.
RP/0/RP0/CPU0:PE1# show ospf neighbor 10.5.5.5 detail


DR is 0.0.0.0 BDR is 0.0.0.0
Options is 0x52
First 0(0)/0(0) Next 0(0)/0(0)
Adjacency SIDs:
Step 3 On the PE1 router, display the OSPF backup path for the CE3 Loopback0 (10.9.9.9/32).
Use the show ospf 1 routes 10.9.9.9/32 backup-path command. You should only see the
primary path and observe that there are no backup paths available for CE3 Loopback0
(10.9.9.9/32).
RP/0/RP0/CPU0:PE1# show ospf 1 routes 10.9.9.9/32 backup-path
Topology Table for ospf 1 with ID 10.3.3.3
Codes: O - Intra area, O IA - Inter area

O E1 - External type 1, O E2 - External type 2
O N1 - NSSA external type 1, O N2 - NSSA external type 2
O 10.9.9.9/32, metric 31
10.3.5.5, from 10.9.9.9, via GigabitEthernet0/0/0/1, path-id 1
RP/0/RP0/CPU0:PE1#
Step 4 On the PE1 router within OSPF Area 0, configure fast-reroute and enable it to use the TI-LFA
computation on all OSPF interfaces connecting to other nodes.

RP/0/RP0/CPU0:PE1(config-ospf-ar)# fast-reroute per-prefix
RP/0/RP0/CPU0:PE1(config-ospf-ar)# fast-reroute per-prefix ti-lfa
RP/0/RP0/CPU0:PE1(config-ospf-ar)# commit
RP/0/RP0/CPU0:PE1(config-ospf-ar)# end
RP/0/RP0/CPU0:PE1#
You can also configure TI-LFA on the OSPF interface level. If you will not configure TI-LFA
on the area level, you should configure TI-LFA for the PE1 router on the Gigabit Ethernet
Step 5 On the PE1 router, display the OSPF backup path for the CE3 Loopback0 (10.9.9.9/32) again.
Use the show ospf 1 routes 10.9.9.9/32 backup-path command. You should see the primary
path and backup path for CE3 Loopback0 (10.9.9.9/32).

O 10.9.9.9/32, metric 31
Backup path:
10.1.3.1, from 10.9.9.9, via GigabitEthernet0/0/0/0, protected bitmap
0000000000000001
Attributes: Metric: 52, Interface Disjoint, SRLG Disjoint
Step 6 On the PE1 router, display the OSPF adjacency database detailed information for the adjacency
to PE3 (10.5.5.5).
Use the show ospf neighbor 10.5.5.5 detail command. Observe that the adjacency SID is
protected and the backup label stack is available.
RP/0/RP0/CPU0:PE1# show ospf neighbor 10.5.5.5 detail


DR is 0.0.0.0 BDR is 0.0.0.0
Options is 0x52
First 0(0)/0(0) Next 0(0)/0(0)
Adjacency SIDs:
Label: 24001, Dynamic, Protected (Has backup)

RP/0/RP0/CPU0:PE1#
RP/0/RP0/CPU0:PE1#
(10.3.7.3), P1 (10.1.3.1), P2 (10.1.2.2), PE3 (10.2.5.5), and CE3 (10.5.9.9).

5 10.5.9.9 373 msec 656 msec 247 msec
RP/0/RP0/CPU0:CE1#
Step 8 On the PE1 router, enable the interface toward PE3 (GigabitEthernet0/0/0/1).
RP/0/RP0/CPU0:PE1#
• The path from PE1 to CE3 was observed to be unprotected by FRR.
• PE1 has been configured with FRR using TI-LFA in the OSPF routing protocol computation on all
interfaces.
• The path from PE1 to CE3 has been verified to be protected using FRR TI-LFA in the OSPF routing
protocol.
Task 3: Zero-Segment Protection

The purpose of this task is to examine a zero-segment protection scenario. The path from PE1 to PE3 will
be examined. Due to the higher metric link between P1 and P2, the traffic follows the direct path between
PE1 and PE3. Click the Objectives tab to view a visual diagram for this task.
TI-LFA calculates backup paths for all destinations that are reached over that interface. TI-LFA
computation on PE1 for destination CE3 results in a zero-segment backup path. TI-LFA calculates that the
post-convergence path to CE3, for a failure of the link between PE1 and PE3, goes through P1. P1 provides
a loop-free path to destination CE3. P1 is a loop-free alternate for destination CE3. No extra labels must be
imposed on the packets steered on the backup path—PE1 simply forwards them to P1.
Activity
Use the show ospf 1 routes 10.9.9.9/32 backup-path command. Observe the backup path is
through P1 (10.1.3.1).
Codes: O – Intra area, O IA – Inter area

O E1 – External type 1, O E2 – External type 2
O N1 – NSSA external type 1, O N2 – NSSA external type 2
O 10.9.9.9/32, metric 31
Backup path:
0000000000000001
Use the show route 10.9.9.9/32 detail command. Observe that the backup path requires no extra
labels to be imposed on the packets steered on the backup path—PE1 simply forwards them to
P1.

Known via “ospf 1”, distance 110, metric 31, labeled SR, type intra area
10.1.3.1, from 10.9.9.9, via GigabitEthernet0/0/0/0, Backup (Local-LFA)
Route metric is 52
Label: 0x3e89 (16009)
Tunnel ID: None
Binding Label: None
NHID:0x6(Ref:16)
OSPF area:
Route metric is 31
Label: 0x3e89 (16009)
Tunnel ID: None
Binding Label: None
NHID:0xb(Ref:16)
Backup path id:65
OSPF area: 0
Route version is 0xe (14)
Flow-tag: Not Set
Fwd-class: Not Set
10.9.9.9/32.
Use the show cef 10.9.9.9/32 command. Observe the primary and backup paths.
0x600 (0xe594f48), 0xa28 (0xf5bb4c8)
Updated Apr 11 09:42:05.399
gateway array (0xe3fd400) reference count 6, flags 0x500068, source rib (7), 0
backups
LW-LDI[type=5, refc=3, ptr=0xe594f48, sh-ldi=0xe99e648]
LW-LDI-TS Apr 11 09:42:05.399
(Local-LFA) [flags 0x300]
next hop 10.1.3.1/32
remote adjacency
path-idx 1 bkup-idx 0 NHID 0x0 [0xda81af0 0x0]
next hop 10.3.5.5/32

path for packets with the prefix-SID label of CE3 (16009).

------ ----------- ------------------ ------------ --------------- ------------
16009 16009 SR Pfx (idx 9) Gi0/0/0/1 10.3.5.5 756
Updated: Apr 11 09:42:05.399
Path Flags: 0x400 [ BKUP-IDX:0 (0xda81af0) ]
Packets Switched: 9
16009 SR Pfx (idx 9) Gi0/0/0/0 10.1.3.1 0 (!)

Updated: Apr 11 09:42:05.399
Path Flags: 0x300 [ IDX:0 BKUP, NoFwd ]
Packets Switched: 0
• Verify that PE1 has been enabled for FRR using TI-LFA.
• The zero-segment backup path entries from PE1 to CE3 have been verified.
Task 4: Single-Segment Protection

The purpose of this task is to configure FRR TI-LFA on the PE1 node and observe the operation of single-
segment protection.
The TI-LFA backup path for destination PE3 on PE1 goes through PQ-node PE2.
Activity
Step 1 On the P1 router within OSPF Area 0, configure fast-reroute and enable it to use the TI-LFA
RP/0/RP0/CPU0:P1# configure
RP/0/RP0/CPU0:P1(config)# router ospf 1
RP/0/RP0/CPU0:P1(config-ospf)# area 0
RP/0/RP0/CPU0:P1(config-ospf-ar)# fast-reroute per-prefix
RP/0/RP0/CPU0:P1(config-ospf-ar)# fast-reroute per-prefix ti-lfa
RP/0/RP0/CPU0:P1(config-ospf-ar)# commit
RP/0/RP0/CPU0:P1(config-ospf-ar)# end
RP/0/RP0/CPU0:P1#
on the area level, you should configure TI-LFA for the P1 router on the Gigabit Ethernet 0/0/0/0,
Gigabit Ethernet 0/0/0/1, and GigabitEthernet 0/0/0/2 interfaces.
Step 2 Modify the cost of the link within the OSPF area 0 between the P1 and P2 routers.
Modify the P1 router interface Gi0/0/0/2 OSPF area 0 cost to 1000.

RP/0/RP0/CPU0:P1# config
RP/0/RP0/CPU0:P1(config-ospf-ar)# interface GigabitEthernet0/0/0/2
RP/0/RP0/CPU0:P1(config-ospf-ar-if)# cost 1000
RP/0/RP0/CPU0:P1(config-ospf-ar-if)# commit
RP/0/RP0/CPU0:P1(config-ospf-ar-if)# end
RP/0/RP0/CPU0:P1#
Modify the P2 router interface Gi0/0/0/2 OSPF area 0 cost to 1000.

RP/0/RP0/CPU0:P2# config
RP/0/RP0/CPU0:P2(config-ospf-ar)# interface GigabitEthernet0/0/0/2
RP/0/RP0/CPU0:P2(config-ospf-ar-if)# cost 1000
RP/0/RP0/CPU0:P2(config-ospf-ar-if)# commit
RP/0/RP0/CPU0:P2(config-ospf-ar-if)# end
RP/0/RP0/CPU0:P2#
Use the show ospf 1 routes 10.9.9.9/32 backup-path command. Observe the backup path and the
P node.
Codes: O – Intra area, O IA – Inter area

O E1 – External type 1, O E2 – External type 2
O N1 – NSSA external type 1, O N2 – NSSA external type 2
O 10.9.9.9/32, metric 31
Backup path: TI-LFA, Repair-List: P node: 10.2.2.2 Label: 16002
0000000000000001

Known via “ospf 1”, distance 110, metric 31, labeled SR, type intra area
Repair Node(s): 10.2.2.2
Route metric is 53
Labels: 0x3e82 0x3e89 (16002 16009)
Tunnel ID: None
Binding Label: None
NHID:0x6(Ref:16)
OSPF area:
Route metric is 31
Label: 0x3e89 (16009)
Tunnel ID: None
Binding Label: None
NHID:0xb(Ref:16)
Backup path id:66
OSPF area: 0
Route version is 0xf (15)
Flow-tag: Not Set
Fwd-class: Not Set
10.9.9.9/32.
backup path.
0x600 (0xe594f48), 0xa28 (0xf5bb310)
Updated Apr 11 10:02:16.074
gateway array (0xe3fd5d0) reference count 3, flags 0x500068, source rib (7), 0
backups
LW-LDI[type=5, refc=3, ptr=0xe594f48, sh-ldi=0xe99e768]
LW-LDI-TS Apr 11 10:02:16.073
next hop 10.1.3.1/32, Repair Node(s): 10.2.2.2
remote adjacency
local label 16009 labels imposed {16002 16009}
path-idx 1 bkup-idx 0 NHID 0x0 [0xda81af0 0x0]
next hop 10.3.5.5/32

Step 6 On the PE1 router, display the detailed MPLS forwarding entry for the SR label for CE3
(16009).
path for packets with the prefix-SID label of CE3 (16009).
------ ----------- ------------------ ------------ --------------- ------------
16009 16009 SR Pfx (idx 9) Gi0/0/0/1 10.3.5.5 0
Updated: Apr 11 10:02:16.074
Path Flags: 0x400 [ BKUP-IDX:0 (0xda81af0) ]
Packets Switched: 0
16002 SR Pfx (idx 9) Gi0/0/0/0 10.1.3.1 0 (!)

Updated: Apr 11 10:02:16.074
Path Flags: 0xb00 [ IDX:0 BKUP, NoFwd ]
Label Stack (Top -> Bottom): { 16002 16009 }
Packets Switched: 0
RP/0/RP0/CPU0:PE1#
(10.3.7.3), P1 (10.1.3.1), PE2 (10.1.4.4), PE4 (10.4.6.6), P2 (10.2.6.2), PE3 (10.2.5.5), and CE3
(10.5.9.9).


7 10.5.9.9 99 msec 99 msec 94 msec
RP/0/RP0/CPU0:PE1#
• P1 has been configured with FRR TI-LFA in the OSPF routing protocol.
• Single-segment protection operation has been observed at PE1 for the CE3 destination.
Task 5: Double-Segment Protection

The purpose of this task is to verify double-segment protection. The backup path between PE1 and PE3 will
be examined.
The post-convergence path is indicated in green in the figure. TI-LFA picks a P-node and Q-node that are
located on the post-convergence path. In this case, the P-node is PE2 and the Q-node is PE4. Because the P-
node PE2 is not adjacent, an extra label must be imposed to steer traffic to P-node PE2. PE1 needs to
impose two labels on the backup path: The prefix-SID label to go from PE1 to the P-node PE2 and an
adjacent-SID label to go from the P-node PE2 to the Q-node PE4.
Activity
Step 1 On the PE2 router within OSPF Area 0, configure fast-reroute and enable it to use the TI-LFA

RP/0/RP0/CPU0:PE2(config-ospf-ar)# fast-reroute per-prefix
RP/0/RP0/CPU0:PE2(config-ospf-ar)# fast-reroute per-prefix ti-lfa
RP/0/RP0/CPU0:PE2(config-ospf-ar)# commit
RP/0/RP0/CPU0:PE2(config-ospf-ar)# end
RP/0/RP0/CPU0:PE2#
on the area level, you should configure TI-LFA for the PE2 router on the Gigabit Ethernet
Step 2 Modify the cost of the link within the OSPF area 0 between the PE2 and PE4 routers.
Modify the PE2 router interface Gi0/0/0/1 OSPF area 0 cost to 500.
RP/0/RP0/CPU0:PE2(config-ospf-ar)# interface GigabitEthernet0/0/0/1
RP/0/RP0/CPU0:PE2(config-ospf-ar-if)# cost 500
RP/0/RP0/CPU0:PE2#
Modify the PE4 router interface Gi0/0/0/1 OSPF area 0 cost to 500.
RP/0/RP0/CPU0:PE4(config-ospf-ar)# interface GigabitEthernet0/0/0/1
RP/0/RP0/CPU0:PE4(config-ospf-ar-if)# cost 500
RP/0/RP0/CPU0:PE4#
Use the show ospf 1 routes 10.9.9.9/32 backup-path command. Observe the P node and Q
node values. Record the Q node label value (24001 in the following output) to use in the next
step.

O 10.9.9.9/32, metric 31
Backup path: TI-LFA, Repair-List: P node: 10.4.4.4 Label: 16004
Q node: 10.6.6.6 Label: 24001
0000000000000001
Step 4 On the PE1 router, display the MPLS forwarding label information for the Q node label recorded
in the previous step.
Use the show ospf database opaque-area 8.0.0.8 adv-router 10.4.4.4 command. Observe that
router PE2 (10.4.4.4) generates adjacency SID to the PE4 (10.6.6.6). You should see the same
label as observed in the previous step for Q node.
RP/0/RP0/CPU0:PE1# show ospf database opaque-area 8.0.0.8 adv-router 10.4.4.4
LS age: 407
Opaque Type: 8
Opaque ID: 8
LS Seq Number: 800001af
Checksum: 0x5f5d
Length: 140
Extended Link TLV: Length: 116

Link-type : 1
Link ID : 10.6.6.6
Link Data : 10.4.6.4
Adj sub-TLV: Length: 7

Flags : 0x60
MTID : 0
Weight : 0
Label : 24001
< output omitted >

Known via "ospf 1", distance 110, metric 31, labeled SR, type intra area
Repair Node(s): 10.4.4.4, 10.6.6.6
Route metric is 543
Labels: 0x3e84 0x5dc1 0x3e89 (16004 24001 16009)
Tunnel ID: None
Binding Label: None
NHID:0x6(Ref:16)
OSPF area:
Route metric is 31
Label: 0x3e89 (16009)
Tunnel ID: None
Binding Label: None
NHID:0xc(Ref:16)
Backup path id:66
OSPF area: 0
Flow-tag: Not Set
Fwd-class: Not Set
10.9.9.9/32.
backup path.
0x600 (0xe594f48), 0xa28 (0xf5bb578)
Updated Apr 11 10:33:43.276
gateway array (0xe3fe538) reference count 12, flags 0x500068, source rib (7), 0
backups
[5 type 5 flags 0x8401 (0xe99ed68) ext 0x0 (0x0)]
LW-LDI[type=5, refc=3, ptr=0xe594f48, sh-ldi=0xe99ed68]
LW-LDI-TS Apr 11 10:33:43.275
next hop 10.1.3.1/32, Repair Node(s): 10.4.4.4, 10.6.6.6
remote adjacency
local label 16009 labels imposed {16004 24001 16009}
next hop 10.3.5.5/32

RP/0/RP0/CPU0:PE1#
(10.3.7.3), P1 (10.1.3.1), PE2 (10.1.4.4), PE4 (10.4.6.6), P2 (10.2.6.2), PE3 (10.2.5.5), and CE3
(10.5.9.9).

7 10.5.9.9 972 msec 436 msec 511 msec
RP/0/RP0/CPU0:PE1#
• PE2 has been configured with FRR TI-LFA in the OSPF routing protocol.
• Double-segment protection operation has been observed at PE1 for the CE3 destination.
1. What Cisco IOS XR command displays OSPF primary and TI-LFA calculated backup paths for
prefix 10.10.10.10/32?
A. show backup-path ospf 1 routes 10.10.10.10/32
B. show ospf 1 routes 10.10.10.10/32
C. show ospf 1 routes 10.10.10.10/32 all
D. show ospf 1 routes 10.10.10.10/32 backup-path
Discovery 9: Configure and Verify SR-TE Using
IS-IS
Introduction
In this lab exercise, you will implement SR-TE within the network topology. You will configure and verify
SR-TE policies instantiated by using both dynamic and explicit paths.
Activity Objective
• Configure and verify SR-TE policy instantiation on a locally configured policy using dynamic path
computation.
• Configure and verify SR-TE policy instantiation on a locally configured policy using explicit path
computation.
Visual Objective
• Some links have a modified IGP metric.
Topology
Job Aid

IP Addresses

CE)

CE)






Task 1: Verify Network Topology

The purpose of this task is to verify the IS-IS configuration and examine the TE database to observe the TE
link attributes distributed by IS-IS.
Activity
Step 1 On the CE1 router, enable MPLS traffic engineering and configure IS-IS to feed the SR-TE
database with link state information.
On the CE1 router, use the following commands. This configuration is already configured on all
other routers.
RP/0/RP0/CPU0:CE1(config)# mpls traffic-eng
RP/0/RP0/CPU0:CE1(config-mpls-te)# exit
RP/0/RP0/CPU0:CE1(config-isis)# distribute link-state
RP/0/RP0/CPU0:CE1(config-isis)# commit
RP/0/RP0/CPU0:CE1(config-isis)# end
RP/0/RP0/CPU0:CE1#
Step 2 On the CE1 router, examine the Segment Routing Traffic Engineering topology database with
the show segment-routing traffic-eng ipv4 topology command.
Notice that the information within the database includes the following:
• TE Router IDs
• IGP Metrics
• TE Metrics
• Adjacent SID values
RP/0/RP0/CPU0:CE1# show segment-routing traffic-eng ipv4 topology
SR-TE topology database

-----------------------
Node 1
TE router ID: 10.1.1.1
Host name: P1
ISIS system ID: 0000.0000.0001 level-2
Prefix SID:
Prefix 10.1.1.1, label 16001 (regular)
Link[0]: local address 10.1.2.1, remote address 10.1.2.2

Local node:
Remote node:
Host name: P2
Metric: IGP 20, TE 20, Latency 20 microseconds
Bandwidth: Total link 125000000, Reservable 0
Admin-groups: 0x00000000
Admin-groups-detail:
Adj SID: 24001 (unprotected)

Local node:
Remote node:
Host name: PE1

Local node:
Remote node:
Host name: PE2
< output omitted >
Step 3 On the CE1 router, configure loopback 0 as a TE Router ID and enable MPLS TE support in
the IS-IS IPv4 address family.
A statically configured TE Router ID will make sure that the TE Topology Database is
consistent between reloads.
On the CE1 router, use the following commands. The TE Router ID is already configured on all
other routers.
RP/0/RP0/CPU0:CE1(config-isis-af)# mpls traffic-eng router-id loopback 0
RP/0/RP0/CPU0:CE1(config-isis-af)# mpls traffic-eng level-2-only
RP/0/RP0/CPU0:CE1#
Step 4 On the CE1 router, validate that the IS-IS routes from other routers are present.
The show route isis command output on the CE1 router should display loopback 0 routes from
other routers.
RP/0/RP0/CPU0:CE1# show route isis | include /32
• Verify that CE1 has routes to loopbacks to other routers.
• CE1 has been configured to populate the SR-TE database, which can be seen and verified.
Task 2: Create Segment Routing Policy Using Dynamic

Path
The purpose of this task is to configure an SRTE Policy that uses a dynamically calculated path. The policy
will use the IGP metric for the dynamic calculation.
Activity
Step 1 On the CE1 router, create an SRTE policy named POLICY100 and configure it with the
following parameters:
• Color 100
• Endpoint 10.8.8.8 (CE2)
• Dynamic path
• Path Selection Metric: IGP
• Path Option Preference: 100
RP/0/RP0/CPU0:CE1(config)# segment-routing
RP/0/RP0/CPU0:CE1(config-sr)# traffic-eng
RP/0/RP0/CPU0:CE1(config-sr-te)# policy POLICY100
RP/0/RP0/CPU0:CE1(config-sr-te-policy)# color 100 end-point ipv4 10.8.8.8
RP/0/RP0/CPU0:CE1(config-sr-te-policy)# candidate-paths
RP/0/RP0/CPU0:CE1(config-sr-te-policy-path)# preference 100
RP/0/RP0/CPU0:CE1(config-sr-te-policy-path-pref)# dynamic
RP/0/RP0/CPU0:CE1(config-sr-te-pp-info)# metric
RP/0/RP0/CPU0:CE1(config-sr-te-path-metric)# type igp
RP/0/RP0/CPU0:CE1(config-sr-te-path-metric)# commit
RP/0/RP0/CPU0:CE1(config-sr-te-path-metric)# end
RP/0/RP0/CPU0:CE1#
Step 2 On the CE1 router, examine the resulting SRTE policy from the previous step.
Use the show segment-routing traffic-eng policy color 100 command to observe the Segment-
Routing Path information. The path is a dynamically computed Segment Routing TE Policy, the
IGP metric is optimized, and the resulting path uses one Prefix-SID {16008}, which steers the
traffic to CE2 through the IGP path.
RP/0/RP0/CPU0:CE1# show segment-routing traffic-eng policy color 100
SR-TE policy database

---------------------
Color: 100, End-point: 10.8.8.8

Name: srte_c_100_ep_10.8.8.8
Status:
Admin: up Operational: up for 00:00:31 (since Aug 10 12:44:53.491)
Candidate-paths:
Preference: 100 (configuration) (active)
Name: POLICY100
Requested BSID: dynamic
Dynamic (valid)
Metric Type: IGP, Path Accumulated Metric: 40
16008 [Prefix-SID, 10.8.8.8]
Attributes:
Binding SID: 24003
Forward Class: Not Configured
Steering BGP disabled: no
IPv6 caps enable: yes
Invalidation drop enabled: no
Step 3 On the CE1 router, re-run the show segment-routing traffic-eng policy color 100 command
and record the dynamically allocated binding SID to use in the next step.
The Binding Segment is a segment that represents the following instruction: Steer packet on the
associated SRTE Policy. A Binding Segment ID is allocated by default for each SRTE Policy.
The Binding SID of an SRTE Policy can be found by looking at the output of the command in
the previous step.

---------------------

Name: srte_c_100_ep_10.8.8.8
Status:
Candidate-paths:
Name: POLICY100
Protection Type: protected-preferred
Maximum SID Depth: 10
Dynamic (valid)
16008 [Prefix-SID, 10.8.8.8]
Attributes:
Binding SID: 24003
Step 4 On the CE1 router, display the MPLS forwarding label information of the binding-SID value
determined in the previous step.
Use the show mpls forwarding labels 24003 command. An MPLS forwarding entry is installed
for the Binding-SID. A labeled packet with the Binding-SID label on top has the label popped
and the packet steered into the SRTE Policy tunnel-te interface.
RP/0/RP0/CPU0:CE1# show mpls forwarding labels 24003

------ ----------- ------------------ ------------ --------------- ------------
24003 Pop No ID srte_c_100_e point2point 0
Step 5 On the CE1 router, test policy color 100 connectivity sourced from the CE1 Loopback0
(10.7.7.7).
Use the ping sr-mpls nil-fec policy binding-sid 24003 source 10.7.7.7 command to test that the
policy color 100 is reachable from CE1 Loopback0. The ping test should be successful.
RP/0/RP0/CPU0:CE1# ping sr-mpls nil-fec policy binding-sid 24003 source 10.7.7.7
Sending 5, 100-byte MPLS Echos with Nil FEC with Binding SID Label [24003],
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,

'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no rx label,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
!!!!!
Step 6 On the CE1 router, trace to the policy color 100 with the binding label learned from the previous
steps.
Use the traceroute sr-mpls nil-fec policy binding-sid 24003 command to send the SR MPLS
trace packets from CE1 to label 240003. The SR MPLS trace should show CE1 (10.3.7.7), PE1
(10.3.7.3), P1 (10.1.3.1), PE2 (10.1.4.4), and CE2 (10.4.8.8).
RP/0/RP0/CPU0:CE1# traceroute sr-mpls nil-fec policy binding-sid 24003
Tracing MPLS Label Switched Path with Nil FEC with Binding SID Label [24003], timeout
is 2 seconds

0 10.3.7.7 MRU 1500 [Labels: 16008/explicit-null Exp: 0/0]

L 1 10.3.7.3 MRU 1500 [Labels: 16008/explicit-null Exp: 0/0] 94 ms
L 3 10.1.4.4 MRU 1500 [Labels: implicit-null/explicit-null Exp: 0/0] 344 ms
! 4 10.4.8.8 456 ms
• An SRTE policy has been created and configured for dynamic path calculation.
• The SRTE policy has been verified.
• The Binding-SID associated with the SRTE policy has been identified.
Task 3: Create Segment Routing Policy Using Explicit

Path
The purpose of this task is to instantiate an SRTE policy using an explicit path. Configure an explicit path
and an SRTE Policy using the path, which can be specified by using prefixes or label values.
Activity
Step 1 On the CE1 router, create an explicit path that will be used to reach CE2.
Use the following path entries for the path named PATH1:
• 10.3.3.3 (loopback 0 of PE1)
• 10.3.5.5 (adjacency between PE1 and PE3, PE3 side)
RP/0/RP0/CPU0:CE1(config-sr-te)# segment-list PATH1
RP/0/RP0/CPU0:CE1(config-sr-te-sl)# index 10 address ipv4 10.3.3.3
RP/0/RP0/CPU0:CE1(config-sr-te-sl)# commit
RP/0/RP0/CPU0:CE1(config-sr-te-sl)# end
RP/0/RP0/CPU0:CE1#
Note The virtual Cisco IOS XR, used in this lab, does not provide autocompletion functionality for the index
command. Type the complete index command, as show above.
Step 2 On the CE1 router, create an MPLS traffic engineering policy named POLICY200.
Configure the policy with the following parameters:
• Color 200
• Explicit path name PATH1
RP/0/RP0/CPU0:CE1(config-sr-te-policy-path-pref)# explicit segment-list PATH1
RP/0/RP0/CPU0:CE1(config-sr-te-pp-info)# commit
RP/0/RP0/CPU0:CE1(config-sr-te-pp-info)# end
RP/0/RP0/CPU0:CE1#
Step 3 On the CE1 router, examine the SRTE policy configured in the previous step.
Routing Path Information.
The path is explicitly defined for this Segment Routing TE Policy and the resulting path uses the
following SIDs:
• Prefix-SID {16003} to PE1
• Adjacency-SID {24003} between PE1 and PE3
Record the dynamically allocated binding SID to use in the next step.

---------------------

Name: srte_c_200_ep_10.8.8.8
Status:
Candidate-paths:
Name: POLICY200
Explicit: segment-list PATH1 (valid)
Weight: 1, Metric Type: TE
16003 [Prefix-SID, 10.3.3.3]
24003 [Adjacency-SID, 10.3.5.3 - 10.3.5.5]
16006 [Prefix-SID, 10.6.6.6]
24011 [Adjacency-SID, 10.4.6.6 - 10.4.6.4]
Attributes:
Binding SID: 24006
An MPLS forwarding entry is installed for the Binding-SID. A labeled packet with the Binding-
SID label on top has the label popped and the packet steered into the SRTE Policy tunnel-te
interface.

------ ----------- ------------------ ------------ --------------- ------------
Step 5 On the CE1 router, test the policy color 200 connectivity sourced from the CE1 Loopback0
(10.7.7.7).

!!!!!
steps.
(10.3.7.3), PE3 (10.3.5.5), P2 (10.2.5.2), PE4 (10.2.6.6), and PE2 (10.4.6.4).
is 2 seconds

0 10.3.7.7 MRU 1500 [Labels: 24001/16006/24006/explicit-null Exp: 0/0/0/0]

L 1 10.3.7.3 MRU 1500 [Labels: implicit-null/16006/24006/explicit-null Exp: 0/0/0/0] 90
ms
L 2 10.3.5.5 MRU 1500 [Labels: 16006/24006/explicit-null Exp: 0/0/0] 169 ms
L 3 10.2.5.2 MRU 1500 [Labels: implicit-null/24006/explicit-null Exp: 0/0/0] 223 ms
! 5 10.4.6.4 136 ms
• An explicit path has been defined for use in an SRTE policy.
• An SRTE policy has been created and configured to use the explicit path.
1. Which command can test LSP connectivity of the SR policy with binding SID 24003?
A. ping policy binding-sid 24003
B. ping sr-mpls nil-fec policy binding-sid 24003
C. ping sr-policy nil-fec binding-sid 24003
D. ping sr-sid 24003 nil-fec policy
Discovery 10: Configure and Verify SR-TE Using
OSPF
Introduction
In this lab exercise, you will implement SR-TE within the network topology. You will configure and verify
SR-TE policies instantiated by using both dynamic and explicit paths.
Activity Objective
• Configure and verify SR-TE policy instantiation on a locally configured policy using dynamic path
computation.
• Configure and verify SR-TE policy instantiation on a locally configured policy using explicit path
computation.
Visual Objective
• All routers have OSPF configured for full reachability.
Topology
Job Aid

IP Addresses

CE)

CE)






Task 1: Verify Network Topology

The purpose of this task is to verify the OSPF configuration and examine the TE database to observe the TE
link attributes distributed by OSPF.
Activity
Step 1 On the CE1 router, enable MPLS traffic engineering and configure OSPF to feed the SR-TE
database with link state information.
On the CE1 router, use the following commands. This configuration is already configured on all
other routers.
RP/0/RP0/CPU0:CE1# configure
RP/0/RP0/CPU0:CE1(config)# mpls traffic-eng
RP/0/RP0/CPU0:CE1(config-mpls-te)# router ospf 1
RP/0/RP0/CPU0:CE1(config-ospf)# distribute link-state
RP/0/RP0/CPU0:CE1(config-ospf)# commit
RP/0/RP0/CPU0:CE1(config-ospf)# end
RP/0/RP0/CPU0:CE1#
Step 2 On the CE1 router, examine the Segment Routing Traffic Engineering topology database with
the show segment-routing traffic-eng ipv4 topology command.
Notice that the information within the database includes the following:
• TE Router IDs
• IGP Metrics
• TE Metrics
• Adjacent SID values
RP/0/RP0/CPU0:CE1# show segment-routing traffic-eng ipv4 topology
SR-TE topology database

-----------------------
Node 27
Host name: P1
OSPF router ID: 10.1.1.1 area ID: 0
Prefix SID:
Prefix 10.1.1.1, label 16001 (regular), flags: X:0, R:0, N:1, P:0, E:0, V:0, L:0,
M:0

Local node:
Remote node:
Host name: P2

Local node:
Remote node:
Host name: PE1
< output omitted >
Step 3 On the CE1 router, configure loopback 0 as a TE Router ID and enable MPLS TE support in
the OSPF area 0.
On the CE1 router, configure loopback 0 as a TE Router ID and enable MPLS TE support in
the OSPF area 0. On the CE1 router, use the following commands. The TE Router ID is already
configured on all other routers.
RP/0/RP0/CPU0:CE1(config)# router ospf 1
RP/0/RP0/CPU0:CE1(config-ospf)# mpls traffic-eng router-id Loopback 0
RP/0/RP0/CPU0:CE1(config-ospf)# area 0
RP/0/RP0/CPU0:CE1(config-ospf-ar)# mpls traffic-eng
RP/0/RP0/CPU0:CE1(config-ospf-ar)# commit
RP/0/RP0/CPU0:CE1(config-ospf-ar)# end
RP/0/RP0/CPU0:CE1#
Step 4 On the CE1 router, validate that the OSPF routes from other routers are present.
The show route ospf command output on the CE1 router should display loopback 0 routes from
other routers.
RP/0/RP0/CPU0:CE1# show route ospf | include /32
O 10.1.1.1/32 [110/12] via 10.3.7.3, 18:15:59, GigabitEthernet0/0/0/0
O 10.3.3.3/32 [110/2] via 10.3.7.3, 1w3d, GigabitEthernet0/0/0/0
• Verify that CE1 has routes to loopbacks to other routers.
• CE1 has been configured to populate the SR-TE database, which can be seen and verified.
Task 2: Create Segment Routing Policy Using Dynamic

Path
The purpose of this task is to configure an SRTE Policy that uses a dynamically calculated path. The policy
will use the IGP metric for the dynamic calculation.
Activity
Step 1 On the CE1 router, create an SRTE policy named POLICY100 and configure it with the
following parameters:
• Color 100
• Dynamic path
RP/0/RP0/CPU0:CE1(config-sr-te-policy-path-pref)# dynamic
RP/0/RP0/CPU0:CE1(config-sr-te-pp-info)# metric
RP/0/RP0/CPU0:CE1(config-sr-te-path-metric)# type igp
RP/0/RP0/CPU0:CE1(config-sr-te-path-metric)# commit
RP/0/RP0/CPU0:CE1(config-sr-te-path-metric)# end
RP/0/RP0/CPU0:CE1#
Step 2 On the CE1 router, examine the resulting SRTE policy from the previous step.
Routing Path information. The path is a dynamically computed Segment Routing TE Policy, the
IGP metric is optimized, and the resulting path uses one Prefix-SID {16008}, which steers the
traffic to CE2 through the IGP path.

---------------------

Name: srte_c_100_ep_10.8.8.8
Status:
Admin: up Operational: up for 00:00:24 (since Apr 12 07:32:59.202)
Candidate-paths:
Name: POLICY100
Dynamic (valid)
16008 [Prefix-SID, 10.8.8.8]
Attributes:
Binding SID: 24003
Steering labeled-services disabled: no
Step 3 On the CE1 router, re-run the show segment-routing traffic-eng policy color 100 command
and record the dynamically allocated binding SID to use in the next step.
The Binding Segment is a segment that represents the following instruction: Steer packet on the
associated SRTE Policy. A Binding Segment ID is allocated by default for each SRTE Policy.

---------------------

Name: srte_c_100_ep_10.8.8.8
Status:
Candidate-paths:
Name: POLICY100
Dynamic (valid)
16008 [Prefix-SID, 10.8.8.8]
Attributes:
Binding SID: 24003
Use the show mpls forwarding labels 24003 command. An MPLS forwarding entry is installed
for the Binding-SID. A labeled packet with the Binding-SID label on top has the label popped
and the packet steered into the SRTE Policy tunnel-te interface.
------ ----------- ------------------ ------------ --------------- ------------
Step 5 On the CE1 router, test the policy color 100 connectivity sourced from the CE1 Loopback0
(10.7.7.7).

!!!!!
steps.
Use the traceroute sr-mpls nil-fec policy binding-sid 24003 command, to send the SR MPLS
(10.3.7.3), P1 (10.1.3.1), PE2 (10.1.4.4), and CE2 (10.4.8.8).
is 2 seconds

0 10.3.7.7 MRU 1500 [Labels: 16008/explicit-null Exp: 0/0]

! 4 10.4.8.8 843 ms
• An SRTE policy has been created and configured for dynamic path calculation.
• The Binding-SID associated with the SRTE policy has been identified.
Task 3: Create Segment Routing Policy Using Explicit

Path
The purpose of this task is to instantiate an SRTE policy using an explicit path. Configure an explicit path
and an SRTE Policy using the path which can be specified by using prefixes or label values.
Activity
Step 1 On the CE1 router, create an explicit path that will be used to reach CE2.
Use the following path entries for the path named PATH1:
RP/0/RP0/CPU0:CE1(config-sr-te)# segment-list PATH1
RP/0/RP0/CPU0:CE1(config-sr-te-sl)# commit
RP/0/RP0/CPU0:CE1(config-sr-te-sl)# end
RP/0/RP0/CPU0:CE1#
Note The virtual Cisco IOS XR, used in this lab, does not provide autocompletion functionality for the index
command. Type complete index command, as show above.
Step 2 On the CE1 router, create an MPLS traffic engineering policy named POLICY200.
Configure the policy with the following parameters:
• Color 200
• Explicit path name PATH1
RP/0/RP0/CPU0:CE1(config-sr-te-policy-path-pref)# explicit segment-list PATH1
RP/0/RP0/CPU0:CE1(config-sr-te-pp-info)# commit
RP/0/RP0/CPU0:CE1(config-sr-te-pp-info)# end
RP/0/RP0/CPU0:CE1#
Step 3 On the CE1 router, examine the SRTE policy configured in the previous step.
Routing Path Information.
The path is explicitly defined for this Segment Routing TE Policy and the resulting path uses the
following SIDs:
Record the dynamically allocated binding SID to use in the next step.

---------------------

Name: srte_c_200_ep_10.8.8.8
Status:
Candidate-paths:
Name: POLICY200
Explicit: segment-list PATH1 (valid)
Weight: 1, Metric Type: TE
16003 [Prefix-SID, 10.3.3.3]
24007 [Adjacency-SID, 10.3.5.3 - 10.3.5.5]
16006 [Prefix-SID, 10.6.6.6]
24001 [Adjacency-SID, 10.4.6.6 - 10.4.6.4]
Attributes:
Binding SID: 24006
An MPLS forwarding entry is installed for the Binding-SID. A labeled packet with the Binding-
SID label on top has the label popped and the packet steered into the SRTE Policy tunnel-te
interface.
------ ----------- ------------------ ------------ --------------- ------------
Step 5 On the CE1 router, test policy color 200 connectivity sourced from the CE1 Loopback0
(10.7.7.7).

!!!!!
steps.
(10.3.7.3), PE3 (10.3.5.5), P2 (10.2.5.2), PE4 (10.2.6.6), and PE2 (10.4.6.4).
is 2 seconds

0 10.3.7.7 MRU 1500 [Labels: 24007/16006/24001/explicit-null Exp: 0/0/0/0]

L 1 10.3.7.3 MRU 1500 [Labels: implicit-null/16006/24001/explicit-null Exp: 0/0/0/0]
1413 ms
L 2 10.3.5.5 MRU 1500 [Labels: 16006/24001/explicit-null Exp: 0/0/0] 1404 ms
L 3 10.2.5.2 MRU 1500 [Labels: implicit-null/24001/explicit-null Exp: 0/0/0] 1623 ms
! 5 10.4.6.4 1622 ms
• An explicit path has been defined for use in an SRTE policy.
• An SRTE policy has been created and configured to use the explicit path.
1. Which command can test LSP connectivity of the SR policy with binding SID 24006?
A. ping policy binding-sid 24006
B. ping sr-mpls nil-fec policy binding-sid 24006
C. ping sr-policy nil-fec binding-sid 24006
D. ping sr-sid 24006 nil-fec policy
Discovery 11: Configure and Verify Basic EVPN
Introduction
In this lab exercise, you will configure and verify EVPN VPWS. You will also enable BGP to exchange
routes between PE routers. The P2 router is preconfigured as a BGP route reflector.
Activity Objective
• Configure BGP sessions between the route reflector and BGP route reflector clients.
• Configure and verify EVPN VPWS.
Visual Objective
• All P and PE routers have IS-IS configured. There is no routing protocol enabled on the CE routers.
• All P and PE routers have MPLS SR configured.
• The PE3, P2, and PE4 routers have BGP preconfigured. P2 is configured as the BGP route reflector.
Topology
Job Aid

IP Addresses

CE)

CE)






Task 1: Configure BGP Route Reflector

The purpose of this task is to configure a BGP session between the route reflector and BGP route reflector
clients. The BGP route reflector is a P2 router and you will configure PE1 and PE2 as BGP route reflector
clients. You will also enable the BGP L2VPN EVPN address family for BGP neighbors.
The PE3 and PE4 routers are already configured as BGP route reflector clients.
Activity
Step 1 On the PE1 router, configure BGP with the following values:
• Autonomous system: 65000

• Router ID: 10.3.3.3
• Neighbor: 10.2.2.2 (route reflector)
• Remote autonomous system: 65000
• Update source: Loopback 0
• Address family: IPv4 unicast
RP/0/RP0/CPU0:PE1(config)# router bgp 65000
RP/0/RP0/CPU0:PE1(config-bgp)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE1(config-bgp-af)# exit
RP/0/RP0/CPU0:PE1(config-bgp)# bgp router-id 10.3.3.3
RP/0/RP0/CPU0:PE1(config-bgp)# neighbor 10.2.2.2
RP/0/RP0/CPU0:PE1(config-bgp-nbr)# remote-as 65000
RP/0/RP0/CPU0:PE1(config-bgp-nbr)# update-source Loopback 0
RP/0/RP0/CPU0:PE1(config-bgp-nbr)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE1(config-bgp-nbr-af)# commit
RP/0/RP0/CPU0:PE1(config-bgp-nbr-af)# end
RP/0/RP0/CPU0:PE1#
Step 2 On the P2 router, verify that the BGP session to the PE1 router is established.
Use the show bgp neighbor 10.3.3.3 | include BGP state command.
RP/0/RP0/CPU0:P2# show bgp neighbor 10.3.3.3 | include BGP state
BGP state = Established, up for 00:04:48
Since P2 is preconfigured, you may also observe the P2 BGP route reflector configuration. Use
the show running-config router bgp command.
RP/0/RP0/CPU0:P2# show running-config router bgp
router bgp 65000

bgp router-id 10.2.2.2
!
address-family l2vpn evpn
!
neighbor 10.3.3.3
remote-as 65000
update-source Loopback0
route-reflector-client
!
!
!
neighbor 10.4.4.4
remote-as 65000
!
!
!
neighbor 10.5.5.5
remote-as 65000
!
!
!
neighbor 10.6.6.6
remote-as 65000
!
• AS: 65000
• Router ID: 10.4.4.4
• Remote AS: 65000
• Update source: Loopback 0
• Address family: IPv4 unicast
RP/0/RP0/CPU0:PE2#
Step 4 On the P2 router, verify the BGP sessions.
Notice that there are four BGP sessions established from the P2 router. Use the show bgp
summary command.
RP/0/RP0/CPU0:P2# show bgp summary
BGP router identifier 10.2.2.2, local AS number 65000
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000000 RD version: 2
BGP main routing table version 2
BGP NSR Initial initsync version 2 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer

Speaker 2 2 2 2 2 0
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd

10.3.3.3 0 65000 7 6 2 0 0 00:03:54 0
10.4.4.4 0 65000 3 3 2 0 0 00:00:28 0
10.5.5.5 0 65000 24 25 2 0 0 00:22:20 0
10.6.6.6 0 65000 24 24 2 0 0 00:21:52 0
Step 5 On the PE1 router, enable the L2VPN EVPN address family for the P2 (10.2.2.2) BGP neighbor.
You will need to enable the L2VPN EVPN address family in the BGP configuration mode. Use
the following commands:
RP/0/RP0/CPU0:PE1(config-bgp)# address-family l2vpn evpn
RP/0/RP0/CPU0:PE1(config-bgp-nbr)# address-family l2vpn evpn
RP/0/RP0/CPU0:PE1#
Step 6 On the PE2 router, enable the L2VPN EVPN address family for the P2 (10.2.2.2) BGP
neighbor.
You will need to enable the L2VPN EVPN address family in the BGP configuration mode. Use
the following commands:
RP/0/RP0/CPU0:PE2(config-bgp)# address-family l2vpn evpn
RP/0/RP0/CPU0:PE2(config-bgp-nbr)# address-family l2vpn evpn
RP/0/RP0/CPU0:PE2#
Step 7 On the P2 router, verify the BGP neighbor PE1 (10.3.3.3).

Notice that there are two BGP address families advertised and received: IPv4 Unicast and
L2VPN EVPN. Use the show bgp neighbor 10.3.3.3 command.
RP/0/RP0/CPU0:P2# show bgp neighbor 10.3.3.3
BGP neighbor is 10.3.3.3

Remote AS 65000, local AS 65000, internal link
Remote router ID 10.3.3.3
Cluster ID 10.2.2.2
NSR State: None
Last read 00:00:26, Last read before reset 00:02:17
Hold time is 180, keepalive interval is 60 seconds
Configured hold time: 180, keepalive: 60, min acceptable hold time: 3
Last write 00:00:28, attempted 29, written 29
Second last write 00:00:28, attempted 23, written 23
Last write before reset 00:02:19, attempted 19, written 19
Second last write before reset 00:03:19, attempted 19, written 19
Last write pulse rcvd Apr 12 12:22:33.140 last full not set pulse count 31
Last write pulse rcvd before reset 00:02:17
Socket not armed for io, armed for read, armed for write
Last write thread event before reset 00:01:47, second last 00:01:51
Last KA expiry before reset 00:02:19, second last 00:03:19
Last KA error before reset 00:00:00, KA not sent 00:00:00
Last KA start before reset 00:02:19, second last 00:03:19
Precedence: internet
Multi-protocol capability received
Neighbor capabilities:
Route refresh: advertised (old + new) and received (old + new)
4-byte AS: advertised and received
Address family IPv4 Unicast: advertised and received
Address family L2VPN EVPN: advertised and received
Received 16 messages, 0 notifications, 0 in queue
Sent 16 messages, 0 notifications, 0 in queue
Minimum time between advertisement runs is 0 secs
Inbound message logging enabled, 3 messages buffered
Outbound message logging enabled, 3 messages buffered
< output omitted >

Observe there are two BGP address families advertised and received: IPv4 Unicast and L2VPN
EVPN.

Cluster ID 10.2.2.2
NSR State: None
Last write pulse rcvd Apr 12 12:26:58.744 last full not set pulse count 32
Address family L2VPN EVPN: advertised and received
< output omitted >
• Configure the PE1 and PE2 routers as BGP route reflector clients.
• Configure and verify the BGP IPv4 address family.
• Verify the BGP sessions between BGP route reflector and BGP route reflector clients are established.
• Configure and verify the BGP L2VPN EVPN address family.
Task 2: Configure and Verify EVPN VPWS
The purpose of this task is to configure and verify the EVPN VPWS single-homed network to provide
point-to-point Layer 2 services between CE1 and CE4. You will configure EVPN VPWS on the PE1 and
PE4 routers.
Activity
Step 1 On the PE1 and PE4 routers configure the GigabitEthernet0/0/0/2.200 subinterface with the
Layer 2 transport type in the VLAN 200.
On the PE1 router, GigabitEthernet0/0/0/2 interface connects to the CE1 router

GigabitEthernet0/0/0/0 interface. On the PE1 router, configure the following commands:
RP/0/RP0/CPU0:PE1(config)# interface GigabitEthernet0/0/0/2.200 l2transport
RP/0/RP0/CPU0:PE1(config-subif)# description to EVPN VPWS
RP/0/RP0/CPU0:PE1(config-subif)# encapsulation dot1q 200
RP/0/RP0/CPU0:PE1(config-subif)# commit
RP/0/RP0/CPU0:PE1(config-subif)# end
RP/0/RP0/CPU0:PE1#
On the PE4 router, GigabitEthernet0/0/0/2 interface connects to the CE4 router

GigabitEthernet0/0/0/0 interface. On the PE4 router, configure the following commands:
RP/0/RP0/CPU0:PE4(config)# interface GigabitEthernet0/0/0/2.200 l2transport
RP/0/RP0/CPU0:PE4(config-subif)# description to EVPN VPWS
RP/0/RP0/CPU0:PE4(config-subif)# encapsulation dot1q 200
RP/0/RP0/CPU0:PE4(config-subif)# commit
RP/0/RP0/CPU0:PE4(config-subif)# end
RP/0/RP0/CPU0:PE4#
Step 2 On the CE1 and CE4 routers configure the GigabitEthernet0/0/0/0.200 subinterface with the
VLAN 200 and IPv4 address in the IPv4 subnet 10.200.0.0/24.
On the CE1 router, GigabitEthernet0/0/0/0 interface connects to the PE1 router

GigabitEthernet0/0/0/2 interface. On the CE1 router, configure the following commands:
RP/0/RP0/CPU0:CE1(config)# interface GigabitEthernet0/0/0/0.200
RP/0/RP0/CPU0:CE1(config-subif)# description to CE4 EVPN VPWS
RP/0/RP0/CPU0:CE1(config-subif)# ipv4 address 10.200.0.1 255.255.255.0
RP/0/RP0/CPU0:CE1(config-subif)# encapsulation dot1q 200
RP/0/RP0/CPU0:CE1(config-subif)# commit
RP/0/RP0/CPU0:CE1(config-subif)# end
RP/0/RP0/CPU0:CE1#
On the CE4 router, GigabitEthernet0/0/0/0 interface connects to the PE4 router

GigabitEthernet0/0/0/2 interface. On the CE4 router, configure the following commands:
RP/0/RP0/CPU0:CE4(config)# interface GigabitEthernet0/0/0/0.200
RP/0/RP0/CPU0:CE4(config-subif)# description to CE1 EVPN VPWS
RP/0/RP0/CPU0:CE4(config-subif)# ipv4 address 10.200.0.4 255.255.255.0
RP/0/RP0/CPU0:CE4(config-subif)# encapsulation dot1q 200
RP/0/RP0/CPU0:CE4(config-subif)# commit
RP/0/RP0/CPU0:CE4(config-subif)# end
RP/0/RP0/CPU0:CE4#
Step 3 On the PE1 and PE4 routers, configure a L2VPN point-to-point cross-connect with the
following values:
• Xconnect group: evpn_vpws

• Xconnect name: evpn
• Interface: GigabitEthernet0/0/0/2.200
• EVI: 200
• On the PE1: Local AC 14, Remote AC 41
• On the PE4: Local AC 41, Remote AC 14
Use the following commands to configure the L2VPN point-to-point cross-connect on the PE1
router:
RP/0/RP0/CPU0:PE1(config)# l2vpn
RP/0/RP0/CPU0:PE1(config-l2vpn)# xconnect group evpn_vpws
RP/0/RP0/CPU0:PE1(config-l2vpn-xc)# p2p evpn
RP/0/RP0/CPU0:PE1(config-l2vpn-xc-p2p)# interface GigabitEthernet 0/0/0/2.200
RP/0/RP0/CPU0:PE1(config-l2vpn-xc-p2p)# neighbor evpn evi 200 target 41 source 14
RP/0/RP0/CPU0:PE1(config-l2vpn-xc-p2p-pw)# commit
RP/0/RP0/CPU0:PE1(config-l2vpn-xc-p2p-pw)# end
RP/0/RP0/CPU0:PE1#
Use the following commands to configure the L2VPN point-to-point cross-connect on the PE4
router:
RP/0/RP0/CPU0:PE4(config)# l2vpn
RP/0/RP0/CPU0:PE4(config-l2vpn)# xconnect group evpn_vpws
RP/0/RP0/CPU0:PE4(config-l2vpn-xc)# p2p evpn
RP/0/RP0/CPU0:PE4(config-l2vpn-xc-p2p)# interface GigabitEthernet 0/0/0/2.200
RP/0/RP0/CPU0:PE4(config-l2vpn-xc-p2p)# neighbor evpn evi 200 target 14 source 41
RP/0/RP0/CPU0:PE4(config-l2vpn-xc-p2p-pw)# commit
RP/0/RP0/CPU0:PE4(config-l2vpn-xc-p2p-pw)# end
RP/0/RP0/CPU0:PE4#
Step 4 On the PE1 router, verify the state of EVPN VPWS.

Use the show l2vpn xconnect command to verify that the state of EVPN VPWS is UP.
RP/0/RP0/CPU0:PE1# show l2vpn xconnect
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,

SB = Standby, SR = Standby Ready, (PP) = Partially Programmed
XConnect Segment 1 Segment 2

Group Name ST Description ST Description ST
------------------------ ----------------------------- ----------------------------
-
evpn_vpws evpn UP Gi0/0/0/2.200 UP EVPN 200,41,6.6.6.6 UP
---------------------------------------------------------------------------------------
-
Step 5 On the PE1 router, verify the L2VPN BGP routes.
Use the show bgp l2vpn evpn command. Notice that the PE1 receives routes with the next hop
to the PE4 (10.6.6.6).
RP/0/RP0/CPU0:PE1# show bgp l2vpn evpn

Table ID: 0x0 RD version: 0
Status codes: s suppressed, d damped, h history, * valid, > best

i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.3.3.3:200 (default for vrf VPWS:200)
*> [1][0000.0000.0000.0000.0000][14]/120
0.0.0.0 0 i
*>i[1][0000.0000.0000.0000.0000][41]/120
10.6.6.6 100 0 i
Route Distinguisher: 10.6.6.6:200
*>i[1][0000.0000.0000.0000.0000][41]/120
10.6.6.6 100 0 i
Processed 3 prefixes, 3 paths
Step 6 On the PE1 router, verify the GigabitEthernet0/0/0/2.200 interface state.
Use the show interfaces brief command. Notice that the GigabitEthernet0/0/0/2.200 interface is
up and running.
Note You can see that the EVPN VPWS control plane is operational, but the data plane will still not work. This is
due to restrictions in the lab environments.
RP/0/RP0/CPU0:PE1# show interfaces brief
Intf Intf LineP Encap MTU BW

Name State State Type (byte) (Kbps)
--------------------------------------------------------------------------------
Lo0 up up Loopback 1500 0
Nu0 up up Null 1500 0
Mg0/RP0/CPU0/0 up up ARPA 1514 1000000
Gi0/0/0/0 up up ARPA 1514 1000000
Gi0/0/0/1 up up ARPA 1514 1000000
Gi0/0/0/2 up up ARPA 1514 1000000
Gi0/0/0/2.200 up up 802.1Q 1518 1000000
Gi0/0/0/3 admin-down admin-down ARPA 1514 1000000
Step 7 On the PE1 router, verify the EVPN type.
Use the show evpn evi vpn-id 200 command to verify that the EVPN type is VPWS.
RP/0/RP0/CPU0:PE1# show evpn evi vpn-id 200
VPN-ID Encap Bridge Domain Type

---------- ------ ---------------------------- -------------------
200 MPLS VPWS:200 VPWS (vlan-unaware)
Step 8 On the PE1 router, verify the BGP L2VPN EVPN neighbor summary.
Use the show bgp l2vpn evpn summary command to verify the BGP L2VPN EVPN neighbor
summary. There should be a P2 (10.2.2.2) neighbor that sends one prefix.
RP/0/RP0/CPU0:PE1# show bgp l2vpn evpn summary


Speaker 4 4 4 4 4 0

10.2.2.2 0 65000 39 40 4 0 0 00:19:55 1
You may repeat the same command on the P2 router. You should see four BGP L2VPN EVPN
neighbors. The PE1 (10.3.3.3) and PE4 (10.6.6.6) routers have sent one L2VPN EVPN prefix to
the P2 router.
RP/0/RP0/CPU0:P2# show bgp l2vpn evpn summary


Speaker 3 3 3 3 3 0

10.3.3.3 0 65000 40 40 3 0 0 00:21:13 1
10.4.4.4 0 65000 30 32 3 0 0 00:19:40 0
10.5.5.5 0 65000 2983 2990 3 0 0 2d01h 0
10.6.6.6 0 65000 2983 2987 3 0 0 2d01h 1
• Configure L2VPN point-to-point cross-connect on the PE1 and PE4 routers.
• Verify EVPN VPWS operations.
1. Which Cisco IOS XR command displays BGP L2VPN EVPN neighbor summary?
A. show bgp l2vpn evpn summary
B. show bgp summary evpn
C. show bgp vpnv4 evpn
D. show bgp vpnv4 evpn summary
Discovery 12: Configure and Verify Layer 3 VPN
Introduction
In this lab exercise, you will configure BGP to support the VPNv4 address family in the service provider
network and deploy BGP as the PE-CE routing protocol to enable Layer 3 VPN.
Activity Objective
• Enable BGP to support the VPNv4 address family.
• Establish VPN routing by using BGP as the PE-CE routing protocol.
Visual Objective
• All P and PE routers have IS-IS configured. There is no routing protocol enabled on the CE routers.
• All P and PE routers have MPLS SR configured.
• The PE3, P2, and PE4 routers have BGP preconfigured. P2 is configured as BGP route reflector.
Topology
Job Aid

IP Addresses

CE)

CE)






Task 1: Configure and Verify BGP to Support VPNv4

Address Family
The purpose of this task is to configure a BGP session between the route reflector and the BGP route
reflector client. The P2 router is preconfigured as BGP route reflector and you will configure PE1 as a BGP
route reflector client. You will also enable the BGP VPNv4 address family for a BGP neighbor.
The PE2, PE3, and PE4 routers are preconfigured as BGP route reflector clients.
Activity
• Autonomous system: 65000

• Router ID: 10.3.3.3
• Remote autonomous system: 65000
• Update source: Loopback0
• Address families: IPv4 unicast and VPNv4 unicast
RP/0/RP0/CPU0:PE1(config-bgp)# address-family vpnv4 unicast
RP/0/RP0/CPU0:PE1(config-bgp-nbr-af)# exit
RP/0/RP0/CPU0:PE1(config-bgp-nbr)# address-family vpnv4 unicast
RP/0/RP0/CPU0:PE1#
Step 2 On the P2 router, verify that the BGP session to the PE1 router is established.
On the P2 router, enter the show bgp neighbor 10.3.3.3 | include BGP state command.
RP/0/RP0/CPU0:P2# show bgp neighbor 10.3.3.3 | include BGP state
Since P2 is preconfigured, you may also observe the P2 BGP route reflector configuration.
RP/0/RP0/CPU0:P2# show running-config router bgp
router bgp 65000

bgp router-id 10.2.2.2
!
address-family vpnv4 unicast
!
neighbor 10.3.3.3
remote-as 65000
!
!
!
neighbor 10.4.4.4
remote-as 65000
!
!
!
neighbor 10.5.5.5
remote-as 65000
!
!
!
neighbor 10.6.6.6
remote-as 65000
!
Step 3 On the P2 router, verify the BGP sessions.

Notice that there are four BGP sessions established.
RP/0/RP0/CPU0:P2# show bgp summary


Speaker 7 7 7 7 7 0

10.3.3.3 0 65000 6 13 7 0 0 00:02:50 0
10.4.4.4 0 65000 4343 4358 7 0 0 3d00h 0
10.5.5.5 0 65000 4344 4356 7 0 0 3d00h 0
10.6.6.6 0 65000 4342 4354 7 0 0 3d00h 0

VPNv4 Unicast.

Cluster ID 10.2.2.2
NSR State: None
Last write pulse rcvd Aug 12 10:23:26.531 last full not set pulse count 13
Address family VPNv4 Unicast: advertised and received
< output omitted >

VPNv4 Unicast.

Cluster ID 10.2.2.2
BGP state = Established, up for 3d00h
NSR State: None
Last read 00:00:39, Last read before reset 3d00h
Last write before reset 3d00h, attempted 236, written 236
Second last write before reset 3d00h, attempted 23, written 23
Last write pulse rcvd Aug 12 10:25:07.114 last full not set pulse count 8688
Last write pulse rcvd before reset 3d00h
Last write thread event before reset 3d00h, second last 3d00h
Last KA expiry before reset 3d00h, second last 3d00h
Last KA start before reset 3d00h, second last 3d00h
Address family VPNv4 Unicast: advertised and received
< output omitted >
Step 6 On the P2 router, verify the BGP VPNv4 unicast neighbor summary.
Use the show bgp vpnv4 unicast summary command to verify the BGP VPNv4 unicast
neighbor summary. There should be four VPNv4 unicast BGP neighbors. Notice that the PE1
(10.3.3.3) did not send any prefixes.
RP/0/RP0/CPU0:P2# show bgp vpnv4 unicast summary

Speaker 15 15 15 15 15 0

10.3.3.3 0 65000 12 19 15 0 0 00:08:18 0
10.4.4.4 0 65000 4348 4363 15 0 0 3d00h 2
10.5.5.5 0 65000 4349 4361 15 0 0 3d00h 2
10.6.6.6 0 65000 4347 4359 15 0 0 3d00h 2
• Configure the PE1 router as a BGP route reflector client.
• Configure and verify BGP IPv4 and VPNv4 address families.
• Verify the BGP sessions between BGP route reflector and BGP route reflector clients are established.
Task 2: Configure BGP as PE-CE Routing Protocol

In this task, you will use BGP as the PE-CE routing protocol. The service provider will enable a VPN to
interconnect two locations for CustomerA, Site 1 (CE1) and Site 2 (CE2), and two locations for
CustomerB, Site 1 (CE3) and Site 2 (CE4). The CE1 and CE2 will use the same autonomous system
number, autonomous system 65012, while the CE3 and CE4 are preconfigured to use a different number,
autonomous system 65034.
In this lab, your tasks will focus on configuring PE-CE routing with BGP between PE1 and CE1. Other PE
and CE routers have been preconfigured, this includes VRF creation, VRF interface assignment, and BGP
VPNv4 address-family activation.
You will configure BGP between the PE1 and CE1 routers. You will advertise CE1 networks into BGP and
verify that CE1 can reach the CE2 advertised networks. You do not need to configure the CE2 and PE2
routers. They are preconfigured for BGP and use autonomous system 65012 to connect CE2 to PE2. The
CE3, PE3, PE4, and, CE4 are preconfigured for CustomerB. You will verify that CE3 learns networks
from CE4 but not from CE1 and CE2.
Activity
Step 1 On the PE1 and CE1 routers, verify that there is a PASS route policy preconfigured.
Use the PASS route policy to allow the exchange of all updates between PE1 and CE1. To
verify the PASS route policy on the PE1 router, use the following command:
RP/0/RP0/CPU0:PE1# show running-config route-policy PASS
route-policy PASS
pass
end-policy
To verify the PASS route policy on the CE1 router, use the following command:
RP/0/RP0/CPU0:CE1# show running-config route-policy PASS
route-policy PASS
pass
end-policy
Step 2 On the CE1 router, configure BGP in the IPv4 address family and configure PE-CE peering to
the PE1 router.
To enable BGP on the CE1 router, use the following values:

• BGP autonomous system: 65012
• BGP router ID: 10.7.7.7
• Address family: IPv4
• IPv4 address family network: 10.7.7.7/32 (Loopback0)
• Neighbor: 10.3.7.3 (PE1 GigabitEthernet0/0/0/2)
• Neighbor autonomous system number: 65000
• Neighbor in route policy: PASS (preconfigured)
• Neighbor out route policy: PASS (preconfigured)
To configure BGP on the CE1 router, use the following commands:
RP/0/RP0/CPU0:CE1(config)# router bgp 65012
RP/0/RP0/CPU0:CE1(config-bgp)# bgp router-id 10.7.7.7
RP/0/RP0/CPU0:CE1(config-bgp)# address-family ipv4 unicast
RP/0/RP0/CPU0:CE1(config-bgp-af)# network 10.7.7.7 255.255.255.255
RP/0/RP0/CPU0:CE1(config-bgp-af)# exit
RP/0/RP0/CPU0:CE1(config-bgp)# neighbor 10.3.7.3
RP/0/RP0/CPU0:CE1(config-bgp-nbr)# remote-as 65000
RP/0/RP0/CPU0:CE1(config-bgp-nbr)# address-family ipv4 unicast
RP/0/RP0/CPU0:CE1(config-bgp-nbr-af)# route-policy PASS in
RP/0/RP0/CPU0:CE1(config-bgp-nbr-af)# route-policy PASS out
RP/0/RP0/CPU0:CE1(config-bgp-nbr-af)# commit
RP/0/RP0/CPU0:CE1(config-bgp-nbr-af)# end
RP/0/RP0/CPU0:CE1#
Step 3 On the PE1 router, configure CustomerA VRF and add a customer-facing interface (GE0/0/0/2)
into the VRF.
To enable VRF and add an interface to the VRF, use the following values on the PE1 router:
• VRF name: CustomerA
• VRF address family: IPv4
• Import and export route targets: 1:12
Note Before an interface is added into VRF, you will need to delete IP addresses. After the interface is added into
the VRF, you need to set the same IP addresses as before.
You may need to use the show running-config interface GigabitEthernet 0/0/0/2 command to
examine the interface IP addresses before deleting. To configure VRF on the PE1 router, use the
following commands:
RP/0/RP0/CPU0:PE1(config)# vrf CustomerA
RP/0/RP0/CPU0:PE1(config-vrf)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE1(config-vrf-af)# import route-target
RP/0/RP0/CPU0:PE1(config-vrf-import-rt)# 1:12
RP/0/RP0/CPU0:PE1(config-vrf-import-rt)# exit
RP/0/RP0/CPU0:PE1(config-vrf-af)# export route-target
RP/0/RP0/CPU0:PE1(config-vrf-export-rt)# 1:12
RP/0/RP0/CPU0:PE1(config-vrf-export-rt)# root
RP/0/RP0/CPU0:PE1(config-if)# no ipv4 address
RP/0/RP0/CPU0:PE1(config-if)# vrf CustomerA
RP/0/RP0/CPU0:PE1(config-if)# ipv4 address 10.3.7.3 255.255.255.0
RP/0/RP0/CPU0:PE1(config-if)# ipv6 address 2001::99:3:7:3/112
RP/0/RP0/CPU0:PE1#
Step 4 On the PE1 router, configure BGP in the CustomerA VRF IPv4 address family and configure
PE-CE peering to the CE1 router.
To enable BGP on the PE1 router, use the following values:

• CustomerA VRF Route Distinguisher: 1:12
• CustomerA VRF address family: IPv4
• CustomerA VRF redistribute: connected
• Neighbor: 10.3.7.7 (CE1 GigabitEthernet0/0/0/0)
• Neighbor autonomous system number: 65012
• Neighbor in route policy: PASS (preconfigured)
• Neighbor out route policy: PASS (preconfigured)
To configure BGP on the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1(config-bgp)# vrf CustomerA
RP/0/RP0/CPU0:PE1(config-bgp-vrf)# rd 1:12
RP/0/RP0/CPU0:PE1(config-bgp-vrf)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE1(config-bgp-vrf-af)# redistribute connected
RP/0/RP0/CPU0:PE1(config-bgp-vrf-af)# exit
RP/0/RP0/CPU0:PE1(config-bgp-vrf)# neighbor 10.3.7.7
RP/0/RP0/CPU0:PE1(config-bgp-vrf-nbr)# remote-as 65012
RP/0/RP0/CPU0:PE1(config-bgp-vrf-nbr)# address-family ipv4 unicast
RP/0/RP0/CPU0:PE1(config-bgp-vrf-nbr-af)# route-policy PASS in
RP/0/RP0/CPU0:PE1(config-bgp-vrf-nbr-af)# route-policy PASS out
RP/0/RP0/CPU0:PE1(config-bgp-vrf-nbr-af)# commit
RP/0/RP0/CPU0:PE1(config-bgp-vrf-nbr-af)# end
RP/0/RP0/CPU0:PE1#
Step 5 On the PE1 router, verify the BGP CustomerA VRF summary information.
Use the show bgp vrf CustomerA summary command to display BGP CustomerA VRF
summary information. The CE1 BGP peer has advertised one prefix to the PE1 router.
Note It may take a couple minutes for the BGP neighbor adjacency to form and exchange prefixes
RP/0/RP0/CPU0:PE1# show bgp vrf CustomerA summary

BGP VRF CustomerA, state: Active
BGP Route Distinguisher: 1:12
VRF ID: 0x60000001

Speaker 10 10 10 10 10 0

10.3.7.7 0 65012 4 5 10 0 0 00:00:25 1
Step 6 On the PE1 router, verify the BGP prefixes present in the CustomerA VRF.
Use the show bgp vrf CustomerA command to display the BGP CustomerA VRF prefixes:
• 10.3.7.0/24 (PE1 GE0/0/0/2 to CE1 GE0/0/0/0 subnet)
• 10.7.7.7/32 (CE1 Loopback0)
• 10.8.8.8/32 (CE2 Loopback0)
RP/0/RP0/CPU0:PE1# show bgp vrf CustomerA
BGP VRF CustomerA, state: Active

BGP Route Distinguisher: 1:12
VRF ID: 0x60000001

Route Distinguisher: 1:12 (default for vrf CustomerA)
*> 10.3.7.0/24 0.0.0.0 0 32768 ?
*>i10.4.8.0/24 10.4.4.4 0 100 0 ?
*> 10.7.7.7/32 10.3.7.7 0 0 65012 i
*>i10.8.8.8/32 10.4.4.4 0 100 0 65012 i
Step 7 On the PE1 router, verify the CustomerA VRF routing table.
Use the show route vrf CustomerA command to display the CustomerA VRF routes:
RP/0/RP0/CPU0:PE1# show route vrf CustomerA
< output omitted >
Gateway of last resort is not set
C 10.3.7.0/24 is directly connected, 00:27:13, GigabitEthernet0/0/0/2

L 10.3.7.3/32 is directly connected, 00:27:13, GigabitEthernet0/0/0/2
B 10.4.8.0/24 [200/0] via 10.4.4.4 (nexthop in vrf default), 00:04:29
B 10.7.7.7/32 [20/0] via 10.3.7.7, 00:03:55
B 10.8.8.8/32 [200/0] via 10.4.4.4 (nexthop in vrf default), 00:04:29
Step 8 On the CE1 router, verify the BGP prefixes.

Use the show bgp command to display BGP prefixes. You can notice that CE2 Loopback
(10.8.8.8/32) prefix is missing. The prefix is missing because CE1 has a loop prevention
mechanism based on the AS-Path.
RP/0/RP0/CPU0:CE1# show bgp

*> 10.3.7.0/24 10.3.7.3 0 0 65000 ?
*> 10.4.8.0/24 10.3.7.3 0 65000 ?
*> 10.7.7.7/32 0.0.0.0 0 32768 i
Step 9 On the PE1 router, configure the AS-override feature for the CE1 BGP neighbor. The AS-
override feature causes to replace the autonomous system number of the originating router with
the AS number of the sending BGP router.
Use the as-override command to enable the AS-override feature. This command should be
configured in the IPv4 address family for the CE1 neighbor.
RP/0/RP0/CPU0:PE1(config-bgp)# vrf CustomerA
RP/0/RP0/CPU0:PE1(config-bgp-vrf-nbr-af)# as-override
RP/0/RP0/CPU0:PE1#
Step 10 On the CE1 router, verify the BGP prefixes again.

Notice that the CE2 Loopback (10.8.8.8/32) prefix is present with the modified AS-path. The
AS-path shows AS1 twice since the AS-override feature changed the originating autonomous
system number 65012 into PE1’s own autonomous system number 65000.

*> 10.3.7.0/24 10.3.7.3 0 0 65000 ?
*> 10.4.8.0/24 10.3.7.3 0 65000 ?
*> 10.7.7.7/32 0.0.0.0 0 32768 i
*> 10.8.8.8/32 10.3.7.3 0 65000 65000 i
Step 11 On the CE1 router, verify connectivity between CE1 and CE2 Loopback 0 interfaces.
The ping should be successful.


!!!!!
Step 12 On the CE3 router, verify the BGP prefixes. The CE3 and CE4 routers belong to CustomerB
VRF.
Use the show bgp command to display the following BGP prefixes:
• 10.9.9.9/32 (CE3 Loopback0)
• 10.10.10.10/32 (CE4 Loopback0)
There are no prefixes from the CustomerA VRF.

*> 10.5.9.0/24 10.5.9.5 0 0 65000 ?
*> 10.6.10.0/24 10.5.9.5 0 65000 ?
*> 10.9.9.9/32 0.0.0.0 0 32768 i
*> 10.10.10.10/32 10.5.9.5 0 65000 65000 i
Step 13 On the P2 router, verify all VPNv4 BGP prefixes. The P2 is BGP route reflector and should
have all customer routes.
Use the show bgp vpnv4 unicast command to display BGP VPNv4 prefixes. On the P2 router,
there are no VRFs configured, but you can differentiate customer routes based on the Route
Distinguisher (RD):
• Route Distinguisher: 1:12 belongs to CustomerA VRF
• Route Distinguisher: 1:34 belongs to CustomerB VRF
RP/0/RP0/CPU0:P2# show bgp vpnv4 unicast

Route Distinguisher: 1:12
*>i10.3.7.0/24 10.3.3.3 0 100 0 ?
*>i10.4.8.0/24 10.4.4.4 0 100 0 ?
*>i10.7.7.7/32 10.3.3.3 0 100 0 65012 i
*>i10.8.8.8/32 10.4.4.4 0 100 0 65012 i
Route Distinguisher: 1:34
*>i10.5.9.0/24 10.5.5.5 0 100 0 ?
*>i10.6.10.0/24 10.6.6.6 0 100 0 ?
*>i10.9.9.9/32 10.5.5.5 0 100 0 65034 i
*>i10.10.10.10/32 10.6.6.6 0 100 0 65034 i
Step 14 On the CE1 router, display the hop-by-hop path to reach the CE2 Loopback 0 interface IP
address 10.8.8.8.
The path between the CE1 and the CE2 Loopback 0 interface should be similar to the following:

1 10.3.7.3 86 msec 66 msec 74 msec

2 10.1.3.1 [MPLS: Labels 16004/24005 Exp 0] 233 msec 242 msec 237 msec
4 10.4.8.8 218 msec 211 msec 234 msec
Observe the MPLS labels used in the packet sent from the CE1 to the CE2 Loopback 0
interface.
• The label 16004 is the SR Prefix SID for the PE2 Loopback 0 interface and represents the
outer label in the packet. This label is advertised by IS-IS.
• The label 24005 is the VPNv4 label for the CE2 Loopback0 subnet and represents the inner
label in the packet. This label is advertised by BGP. The VPNv4 label may be different in
your lab.
Step 15 On the PE1 router, display the MPLS forwarding table and the IS-IS database to examine the
outer MPLS label 16004.
Observe the label 16004 is SR Prefix SID.

------ ----------- ------------------ ------------ --------------- ------------
16001 Pop SR Pfx (idx 1) Gi0/0/0/0 10.1.3.1 0
16002 16002 SR Pfx (idx 2) Gi0/0/0/1 10.3.5.5 671505
16004 16004 SR Pfx (idx 4) Gi0/0/0/0 10.1.3.1 904
16005 Pop SR Pfx (idx 5) Gi0/0/0/1 10.3.5.5 0
16006 16006 SR Pfx (idx 6) Gi0/0/0/1 10.3.5.5 0
24000 Pop SR Adj (idx 1) Gi0/0/0/1 10.3.5.5 0
24001 Pop SR Adj (idx 3) Gi0/0/0/1 10.3.5.5 0
24002 Pop SR Adj (idx 1) Gi0/0/0/0 10.1.3.1 0
24003 Pop SR Adj (idx 3) Gi0/0/0/0 10.1.3.1 0
24004 Aggregate CustomerA: Per-VRF Aggr[V] \
CustomerA 1308
24005 Unlabelled 10.7.7.7/32[V] Gi0/0/0/2 10.3.7.7 0
The label 16004 (16000 + 4) is advertised by the IS-IS routing protocol. The IS-IS database
shows the prefix SID index four and the SRGB (16000) for the PE2 Loopback0 (10.4.4.4/32), as
shown below:
RP/0/RP0/CPU0:PE1# show isis database PE2 detail verbose

PE2.00-00 0x000002fd 0xc0eb 1164 /1200 0/0/0
NLPID: 0xcc
NLPID: 0x8e
Router ID: 10.4.4.4
Prefix Attribute Flags: X:0 R:0 N:0
Source Router ID: 10.4.4.4
Hostname: PE2
IPv6 Address: 2001::4:4:4:4
Router Cap: 10.4.4.4 D:0 S:0
< output omitted >
Step 16 On the PE1 router, display the BGP route for the CustomerA VRF 10.8.8.8/32 subnet and
examine the inner MPLS label 24005.
The label 24005 is VPNv4 label originated by PE2 (10.4.4.4/32) for the CustomerA VRF
10.8.8.8/32 subnet.
RP/0/RP0/CPU0:PE1# show bgp vrf CustomerA 10.8.8.8/32
BGP routing table entry for 10.8.8.8/32, Route Distinguisher: 1:12

Versions:
Process bRIB/RIB SendTblVer
Speaker 8 8
Last Modified: Aug 12 10:47:26.423 for 00:22:07
Paths: (1 available, best #1)
Advertised to CE peers (in unique update groups):
10.3.7.7
Path #1: Received by speaker 0
10.3.7.7
65012
10.4.4.4 (metric 21) from 10.2.2.2 (10.4.4.4)
Received Label 24005
Origin IGP, metric 0, localpref 100, valid, internal, best, group-best, import-
candidate, imported
Received Path ID 0, Local Path ID 1, version 8
Extended community: RT:1:12
Originator: 10.4.4.4, Cluster list: 10.2.2.2
Source AFI: VPNv4 Unicast, Source VRF: CustomerA, Source Route Distinguisher:
1:12
• Configure the customer VRF and add an interface to the VRF.
• Configure and verify BGP as a PE-CE routing protocol.
• Configure and verify the AS-override feature.
• Verify the CE to CE connectivity.
• Verify the MPLS forwarding table.
1. Which Cisco IOS XR command displays all BGP prefixes with different RDs?
A. show bgp
B. show bgp vpnv4 unicast
C. show bgp vpnv4 unicast vrf <vrf_name>
D. show bgp vrf all
Discovery 13: Configure and Verify ODN and
Flexible Algorithm
Introduction
In this lab exercise, you will configure and verify SR-TE policies, ODN, and Flexible Algorithm.
Activity Objective
• Configure and verify SR-TE for high-bandwidth traffic
• Configure and verify SR-TE for low-latency traffic
• Configure and verify SR-TE for high-bandwidth and low-latency traffic, using ODN
• Configure and verify network slicing, using a Flexible Algorithm
Visual Objective
The following figure shows the objective for Tasks 1 and 2.
The following figure shows the objective for Tasks 3 and 4.

• All P and PE routers have IS-IS configured for full reachability.
• Link between CE2 and CE4 is disabled.
• Links between P and PE routers have a performance measurement delay preconfigured.
• The MP-BGP is configured between the PE1 and PE2 routers.
• PE1 Loopback33 (10.33.33.33/32) and PE2 Loopback44 (10.44.44.44/32) are configured in the VRF
HB (HighBandwidth).
• PE1 Loopback133 (10.133.133.133/32) and PE2 Loopback144 (10.144.144.144/32) are configured in
the VRF LL (LowLatency).
• PE1 Loopback470 (172.16.70.70/24), PE2 Loopback480 (172.16.80.80/24), and PE2 Loopback490
(172.16.90.90/24) are configured in the VRF VOICE_DATA.
• The PE2 Loopback480 (172.16.80.80/24) prefix is advertised into BGP VRF VOICE_DATA with the
color 480.
• The PE2 Loopback490 (172.16.90.90/24) prefix is advertised into BGP VRF VOICE_DATA with the
color 490.
Topology
Job Aid

IP Addresses

CE)

CE)






Task 1: Configure SR-TE for High-Bandwidth Traffic

The purpose of this task is to steer high-bandwidth traffic through the non–low-latency path (through P1),
using SR-TE.
You can access the virtualized Cisco IOS XR routers by using the Terminal on the jump host and type the
host name (lowercase) of the router, this will open the SSH session to the router.
Activity
Step 1 On the PE2 router, configure a color 20 for the VRF HB (high bandwidth).

RP/0/RP0/CPU0:PE2(config)# extcommunity-set opaque color20-igp
RP/0/RP0/CPU0:PE2(config-ext)# 20
RP/0/RP0/CPU0:PE2(config-ext)# end-set
RP/0/RP0/CPU0:PE2(config)# vrf HB
RP/0/RP0/CPU0:PE2(config-vrf-af)# export route-policy SET_COLOR_HI_BW
RP/0/RP0/CPU0:PE2(config-vrf-af)# root
RP/0/RP0/CPU0:PE2(config-vrf-af)# route-policy SET_COLOR_HI_BW
RP/0/RP0/CPU0:PE2(config-rpl)# set extcommunity color color20-igp
RP/0/RP0/CPU0:PE2(config-rpl)# end-policy
RP/0/RP0/CPU0:PE2(config)# commit
RP/0/RP0/CPU0:PE2(config)# end
RP/0/RP0/CPU0:PE2#
Step 2 On the PE1 router, verify that the VRF HB 10.44.44.44/32 prefix with the correct color attribute
is received from the PE2 router.
On the PE1 router, use the show bgp vpnv4 unicast vrf HB 10.44.44.44/32 command.
RP/0/RP0/CPU0:PE1# show bgp vpnv4 unicast vrf HB 10.44.44.44/32

Versions:
Speaker 12 12
Last Modified: Mar 17 11:50:25.672 for 00:03:25
Not advertised to any peer
Local
10.4.4.4 (metric 21) from 10.4.4.4 (10.4.4.4)
Origin incomplete, metric 0, localpref 100, valid, internal, best, group-best,
import-candidate, imported
Extended community: Color:20 RT:1:44
Source AFI: VPNv4 Unicast, Source VRF: HB, Source Route Distinguisher: 1:44
The VRF HB 10.44.44.44/32 prefix is received from the PE2 router with the color 20.
Step 3 On the PE1 router, create an SR-TE policy named HB and configure it with the following
parameters:
• Color 20
• Endpoint 10.4.4.4 (PE2)
• Dynamic path
RP/0/RP0/CPU0:PE1(config)# segment-routing
RP/0/RP0/CPU0:PE1(config-sr)# traffic-eng
RP/0/RP0/CPU0:PE1(config-sr-te)# policy HB
RP/0/RP0/CPU0:PE1(config-sr-te-policy)# color 20 end-point ipv4 10.4.4.4
RP/0/RP0/CPU0:PE1(config-sr-te-policy)# candidate-paths
RP/0/RP0/CPU0:PE1(config-sr-te-policy-path)# preference 100
RP/0/RP0/CPU0:PE1(config-sr-te-policy-path-pref)# dynamic
RP/0/RP0/CPU0:PE1(config-sr-te-pp-info)# metric
RP/0/RP0/CPU0:PE1(config-sr-te-path-metric)# type igp
RP/0/RP0/CPU0:PE1(config-sr-te-path-metric)# commit
RP/0/RP0/CPU0:PE1(config-sr-te-path-metric)# end
RP/0/RP0/CPU0:PE1#
Step 4 On the PE1 router, examine the resulting SR-TE policy from the previous step.
Use the show segment-routing traffic-eng policy color 20 command to view the Segment
Routing Path information.
RP/0/RP0/CPU0:PE1# show segment-routing traffic-eng policy color 20

---------------------

Name: srte_c_20_ep_10.4.4.4
Status:
Admin: up Operational: up for 00:03:23 (since Mar 17 11:58:25.342)
Candidate-paths:
Name: HB
Dynamic (valid)
16004 [Prefix-SID, 10.4.4.4]
Attributes:
Binding SID: 24004
The policy color 20 path is a dynamically computed Segment Routing TE Policy, the IGP metric
is optimized, and the resulting path uses one Prefix-SID {16004}, which steers VRF HB traffic
to PE2 through the IGP path.
Step 5 On the PE1 router, verify the service path to PE2 VRF HB 10.44.44.44/32.
On the PE1 router, use the traceroute vrf HB 10.44.44.44 command.

RP/0/RP0/CPU0:PE1# traceroute vrf HB 10.44.44.44

2 10.1.4.4 2370 msec 616 msec 22 msec
The service path from the PE1 router to the PE2 router VRF HB should be through the P1
(10.1.3.1) router.
• You have configured SR-TE for traffic from PE1 that is destined to prefixes with the color 20 flow
through P1.
Task 2: Configure SR-TE for Low-Latency Traffic
The purpose of this task is to steer low-latency traffic through the path with the lowest latency (through
PE3, P2, and PE4), using SR-TE.
Activity
Step 1 On the PE2 router, configure the color 30 for the VRF LL (low latency).

RP/0/RP0/CPU0:PE2(config)# extcommunity-set opaque color30-delay
RP/0/RP0/CPU0:PE2(config-ext)# 30
RP/0/RP0/CPU0:PE2(config-ext)# end-set
RP/0/RP0/CPU0:PE2(config)# vrf LL
RP/0/RP0/CPU0:PE2(config-vrf-af)# export route-policy SET_COLOR_LL
RP/0/RP0/CPU0:PE2(config-vrf-af)# root
RP/0/RP0/CPU0:PE2(config-vrf-af)# route-policy SET_COLOR_LL
RP/0/RP0/CPU0:PE2(config-rpl)# set extcommunity color color30-delay
RP/0/RP0/CPU0:PE2(config)# commit
RP/0/RP0/CPU0:PE2(config)# end
Step 2 On the PE1 router, verify that the correct color attribute is received from the PE2 router for VRF
LL.
On the PE1 router, use the show bgp vpnv4 unicast vrf LL 10.144.144.144/32 command.
RP/0/RP0/CPU0:PE1# show bgp vpnv4 unicast vrf LL 10.144.144.144/32

Versions:
Speaker 17 17
Local
10.4.4.4 (metric 21) from 10.4.4.4 (10.4.4.4)
Source AFI: VPNv4 Unicast, Source VRF: LL, Source Route Distinguisher: 1:144
Step 3 The performance measurement static configuration is preconfigured on the P and PE routers, as
shown in the Visual Objectives of this lab. On the PE1 router, verify the performance
measurement configuration.
On the PE1 router, use the show running-config performance-measurement commands.
RP/0/RP0/CPU0:PE1# show running-config performance-measurement
performance-measurement
delay-measurement
advertise-delay 5000
!
!
delay-measurement
advertise-delay 100
Notice that the PE1 router GigabitEthernet0/0/0/0 interface has advertised a delay of 5 ms (5000
us) and GigabitEthernet0/0/0/1 interface has advertised a delay of 100 us. Verify the
performance measurement configuration on other P and PE routers, to make sure that it matches
the Visual Objective of this lab.
Step 4 On the PE1 router, verify the IS-IS database and notice the advertised metric and delay.
On the PE1 router, use the show isis database verbose detail PE1 command.
RP/0/RP0/CPU0:PE1# show isis database verbose detail PE1
< output omitted >
Metric: 11 IS-Extended P1.00
Affinity: 0x00000000
Reservable Global pool BW: 0 kbits/sec
Global Pool BW Unreserved:
[0]: 0 kbits/sec [1]: 0 kbits/sec
Admin. Weight: 11
Ext Admin Group: Length: 32
0x00000000 0x00000000
0x00000000 0x00000000
0x00000000 0x00000000
0x00000000 0x00000000
Link Average Delay: 5000 us
Link Min/Max Delay: 5000/5000 us
Link Delay Variation: 0 us
Affinity: 0x00000000
Reservable Global pool BW: 0 kbits/sec
Global Pool BW Unreserved:
Admin. Weight: 20
Ext Admin Group: Length: 32
0x00000000 0x00000000
0x00000000 0x00000000
0x00000000 0x00000000
0x00000000 0x00000000
Router Cap: 10.3.3.3 D:0 S:0
SR Local Block: Base: 15000 Range: 1000
SR Algorithm:
Algorithm: 0
Algorithm: 1
Verify the IS-IS database on other P and PE routers.
Step 5 On the PE1 router, create an SR-TE policy named LL and configure it with the following
parameters:
• Color 30
• Endpoint 10.4.4.4 (PE2)
• Dynamic path
• Path Selection Metric: latency
RP/0/RP0/CPU0:PE1(config-sr)# traffic-eng
RP/0/RP0/CPU0:PE1(config-sr-te)# policy LL
RP/0/RP0/CPU0:PE1(config-sr-te-policy)# color 30 end-point ipv4 10.4.4.4
RP/0/RP0/CPU0:PE1(config-sr-te-policy)# candidate-paths
RP/0/RP0/CPU0:PE1(config-sr-te-policy-path)# preference 100
RP/0/RP0/CPU0:PE1(config-sr-te-policy-path-pref)# dynamic
RP/0/RP0/CPU0:PE1(config-sr-te-pp-info)# metric
RP/0/RP0/CPU0:PE1(config-sr-te-path-metric)# type latency
RP/0/RP0/CPU0:PE1(config-sr-te-path-metric)# commit
RP/0/RP0/CPU0:PE1(config-sr-te-path-metric)# end
RP/0/RP0/CPU0:PE1#
Step 6 On the PE1 router, examine the resulting SR-TE policy from the previous step.
Use the show segment-routing traffic-eng policy color 30 command to view the Segment
Routing Path information.

---------------------

Status:
Candidate-paths:
Name: LL
Dynamic (valid)
Metric Type: LATENCY, Path Accumulated Metric: 400
16006 [Prefix-SID, 10.6.6.6]
16004 [Prefix-SID, 10.4.4.4]
Attributes:
Binding SID: 24009
The policy color 30 path is a dynamically computed Segment Routing TE policy, the latency is
optimized, and the resulting path uses two Prefix-SIDs {16006 16004}, which steers VRF LL
traffic to PE2 through the low-latency path.
Step 7 On the PE1 router, verify the service path to PE2 VRF LL 10.144.144.144/32.
On the PE1 router, use the traceroute vrf LL 10.144.144.144 command.

RP/0/RP0/CPU0:PE1# traceroute vrf LL 10.144.144.144

1 10.3.5.5 [MPLS: Labels 16006/16004/24003 Exp 0] 2347 msec 987 msec 119 msec
4 10.4.6.4 1457 msec 2414 msec 867 msec
The service path from the PE1 router to the PE2 router VRF LL should be through the PE3
(10.3.5.5), P2 (10.2.5.2), and PE4 (10.2.6.6) routers.
Step 8 On the PE1 router, change the delay measurement to a high value (999999 us) on the Gigabit
Ethernet 0/0/0/1 interface.
RP/0/RP0/CPU0:PE1(config)# performance-measurement
RP/0/RP0/CPU0:PE1(config-perf-meas)# interface GigabitEthernet0/0/0/1
RP/0/RP0/CPU0:PE1(config-pm-intf)# delay-measurement
RP/0/RP0/CPU0:PE1(config-pm-intf-dm)# advertise-delay 999999
RP/0/RP0/CPU0:PE1(config-pm-intf-dm)# commit
RP/0/RP0/CPU0:PE1(config-pm-intf-dm)# end
RP/0/RP0/CPU0:PE1#
Step 9 On the PE1 router, verify the path change for SR-TE policy 30.
Use the show segment-routing traffic-eng policy color 30 command to see that the
recalculated path uses one Prefix-SID {16004}.

---------------------

Status:
Candidate-paths:
Name: LL
Dynamic (valid)
16004 [Prefix-SID, 10.4.4.4]
Attributes:
Binding SID: 24009
Step 10 On the PE1 router, verify the service path to PE2 VRF LL 10.144.144.144/32 again.


2 10.1.4.4 1057 msec 1997 msec 688 msec
The service path from the PE1 router to the PE2 router VRF LL should be through the P1
(10.1.3.1) router.
Step 11 On the PE1 router, change the delay measurement back to a low value (100 us) on the Gigabit
Ethernet 0/0/0/1 interface.

RP/0/RP0/CPU0:PE1(config)# performance-measurement
RP/0/RP0/CPU0:PE1(config-perf-meas)# interface GigabitEthernet0/0/0/1
RP/0/RP0/CPU0:PE1(config-pm-intf)# delay-measurement
RP/0/RP0/CPU0:PE1(config-pm-intf-dm)# advertise-delay 100
RP/0/RP0/CPU0:PE1(config-pm-intf-dm)# commit
RP/0/RP0/CPU0:PE1(config-pm-intf-dm)# end
RP/0/RP0/CPU0:PE1#
• You have configured SR-TE such that traffic from PE1 that is destined to prefixes colored as 30 flow
through PE2, P2, and PE4, the low-latency path.
Task 3: Configure SR-TE for High-Bandwidth and Low-

Latency Traffic by Using ODN
The purpose of this task is to configure ODN policies on PE1 for VRF VOICE_DATA. The policies will
steer the prefixes of a single VRF through a path based on the IGP metric or latency. Prefix 172.16.80.0/24
that is consuming high data will be steered through a policy by using the IGP metric, while the prefix
172.16.90.0/24 that requires low latency or high SLA will be steered through a low-latency path.
Following is the existing VRF VOICE_DATA configuration on the PE2 router. Two loopback interfaces
(480 and 490) are exported into VRF with different colors (480 and 490).
vrf VOICE_DATA
import route-target
1:244
!
export route-policy SET_COLOR_VOICE_DATA
export route-target
1:244
!
interface Loopback480
description Voice Data HighBandwidth
vrf VOICE_DATA
ipv4 address 172.16.80.80 255.255.255.0
!
description Voice Data LowLatency
vrf VOICE_DATA
ipv4 address 172.16.90.90 255.255.255.0
!
extcommunity-set opaque color480-igp
480
end-set
!
extcommunity-set opaque color490-latency
490
end-set
!
prefix-set LowLatency
172.16.90.0/24 eq 24
end-set
!
prefix-set HighBandwidth
172.16.80.0/24 eq 24
end-set
!
route-policy SET_COLOR_VOICE_DATA
if destination in HighBandwidth then
set extcommunity color color480-igp
else
if destination in LowLatency then
set extcommunity color color490-latency
endif
endif
end-policy
Activity
Step 1 On the PE1 router, verify the color of individual prefixes in VRF VOICE_DATA. Prefixes
received from the PE2 router are 172.16.80.0/24 and 172.16.90.0/24.
On the PE1 router, use the show bgp vpnv4 unicast vrf VOICE_DATA 172.16.80.0/24
command.
RP/0/RP0/CPU0:PE1# show bgp vpnv4 unicast vrf VOICE_DATA 172.16.80.0/24

Versions:
Speaker 78 78
Local
10.4.4.4 (metric 21) from 10.4.4.4 (10.4.4.4)
Source AFI: VPNv4 Unicast, Source VRF: VOICE_DATA, Source Route Distinguisher:
1:244
The VRF VOICE_DATA prefix 172.16.80.0/24 that is received from the PE2 router has the
extended community color 480.
On the PE1 router, use the show bgp vpnv4 unicast vrf VOICE_DATA 172.16.90.0/24
command.
RP/0/RP0/CPU0:PE1# show bgp vpnv4 unicast vrf VOICE_DATA 172.16.90.0/24

Versions:
Speaker 80 80
Local
10.4.4.4 (metric 21) from 10.4.4.4 (10.4.4.4)
Source AFI: VPNv4 Unicast, Source VRF: VOICE_DATA, Source Route Distinguisher:
1:244
The VRF VOICE_DATA prefix 172.16.90.0/24 received from the PE2 router has the extended
community color 490.
Step 2 On the PE1 router, configure an ODN policy for the color 480 with a metric type of IGP.

RP/0/RP0/CPU0:PE1(config)# segment-routing traffic-eng
RP/0/RP0/CPU0:PE1(config-sr-te)# on-demand color 480
RP/0/RP0/CPU0:PE1(config-sr-te-color)# dynamic metric type igp
RP/0/RP0/CPU0:PE1(config-sr-te-color)# commit
RP/0/RP0/CPU0:PE1(config-sr-te-color)# end
RP/0/RP0/CPU0:PE1#
Step 3 On the PE1 router, verify the ODN policy for the color 480.
On the PE1 router, use the show segment-routing traffic-eng policy color 480 command.

---------------------

Name: srte_c_480_ep_10.4.4.4
Status:
Candidate-paths:
Preference: 200 (BGP ODN) (active)
Dynamic (valid)
16004 [Prefix-SID, 10.4.4.4]
Preference: 100 (BGP ODN) (inactive)
PCC info:
Symbolic name: bgp_c_480_ep_10.4.4.4_discr_100
PLSP-ID: 1
Dynamic (pce) (inactive)
Metric Type: NONE, Path Accumulated Metric: 0
Attributes:
Binding SID: 24012
You should see the policy with end-point 10.4.4.4 (PE2), this policy was created by ODN
request from the prefix with color 480 received from PE2 router.
Step 4 On the PE1 router, verify the service path to PE2 VRF VOICE_DATA 172.16.80.80.
On the PE1 router, use the traceroute vrf VOICE_DATA 172.16.80.80 command.
RP/0/RP0/CPU0:PE1# traceroute vrf VOICE_DATA 172.16.80.80

2 10.1.4.4 142 msec 3 msec 1084 msec
The service path from the PE1 router to the PE2 router VRF VOICE_DATA 172.16.80.0/24
prefix should be through the P1 (10.1.3.1) router.
Step 5 On the PE1 router, configure an ODN policy for color 490 with a metric type of latency.
RP/0/RP0/CPU0:PE1(config-sr-te-color)# dynamic metric type latency
RP/0/RP0/CPU0:PE1#

---------------------

Name: srte_c_490_ep_10.4.4.4
Status:
Candidate-paths:
Dynamic (valid)
16006 [Prefix-SID, 10.6.6.6]
16004 [Prefix-SID, 10.4.4.4]
PCC info:
PLSP-ID: 2
Attributes:
Binding SID: 24014
You should see the policy with the endpoint 10.4.4.4 (PE2). This policy was created by the ODN
request from a prefix with the color 480, which was received from the PE2 router.
Step 7 On the PE1 router, verify the service path to PE2 VRF VOICE_DATA 172.16.90.90.
On the PE1 router, use the traceroute vrf VOICE_DATA 172.16.90.90 command.
RP/0/RP0/CPU0:PE1# traceroute vrf VOICE_DATA 172.16.90.90

4 10.4.6.4 922 msec 1444 msec 1655 msec
The service path from the PE1 router to the PE2 router VRF VOICE_DATA 172.16.90.0/24
prefix should be through PE3 (10.3.5.5), P2 (10.2.5.2), and PE4 (10.2.6.6) routers.
• You have configured SR-TE such that traffic from PE1 that is destined to the prefixes colored as 480
flow through the P1 router.
through the PE3, P2, and PE4 routers, the low-latency path.
Task 4: Configure and Verify Network Slicing by Using

the Flexible Algorithm
The purpose of this task is to steer low-latency traffic through the low-latency path, using the Flexible
Algorithm and SR-TE.
Activity
Step 1 On the PE1 router, configure Flexible Algorithm 128 for metric type delay. Other P and PE
routers are preconfigured with Flexible Algorithm 128.

RP/0/RP0/CPU0:PE1(config-isis)# flex-algo 128
RP/0/RP0/CPU0:PE1(config-isis-flex-algo)# metric-type delay
RP/0/RP0/CPU0:PE1(config-isis-flex-algo)# advertise-definition
RP/0/RP0/CPU0:PE1(config-isis-flex-algo)# interface Loopback0
RP/0/RP0/CPU0:PE1(config-isis-if-af)# prefix-sid algorithm 128 absolute 16103
RP/0/RP0/CPU0:PE1#
Step 2 On the PE1 router, configure an ODN policy with the color 30 to use the Flexible Algorithm
128.
On the PE1 router, use these commands:
RP/0/RP0/CPU0:PE1(config-sr-te-color)# dynamic sid-algorithm 128
RP/0/RP0/CPU0:PE1#

---------------------

Status:
Candidate-paths:
Constraints:
Prefix-SID Algorithm: 128
Dynamic (valid)
Metric Type: TE, Path Accumulated Metric: 400
16104 [Prefix-SID: 10.4.4.4, Algorithm: 128]
Preference: 100 (configuration) (inactive)
Name: LL
Dynamic (inactive)
PCC info:
PLSP-ID: 3
Constraints:
Prefix-SID Algorithm: 128
Attributes:
Binding SID: 24009
You should see the policy with the endpoint 10.4.4.4 (PE2), using algorithm 128. This policy
was created by the ODN request from a prefix with the color 30, which was received from the
PE2 router.
Step 4 On the PE1 router, verify the service path to PE2 VRF LL 10.144.144.144.

4 10.4.6.4 980 msec 1530 msec 1379 msec
RP/0/RP0/CPU0:PE1#
The service path from the PE1 router to the PE2 router VRF LL 10.144.144.144/32 prefix
should be through the PE3 (10.3.5.5), P2 (10.2.5.2), and PE4 (10.2.6.6) routers.
• You have configured the Flexible Algorithm on the PE1 router.
through PE3, P2, and PE4 routers, the low-latency path.
1. Which Cisco IOS XR command configures a Flexible Algorithm 130 value for SID 16110?
A. prefix-sid algorithm 130 absolute 16110
B. prefix-sid algorithm 130 index 110
C. prefix-sid algorithm 130 absolute 110
D. prefix-sid algorithm 130 index 16110
2. What are valid Flexible Algorithm values that can be defined by the user?
A. Values between 128 and 255
B. Values between 0 and 255
C. Values between 130 and 255
D. Values between 0 and 256
Discovery 14: Configure and Verify SRv6
Introduction
In this lab exercise, you will configure and verify SRv6. You will familiarize yourself with the use of Cisco
IOS XR Software commands to configure the flexible algorithm and configure VRF traffic to use the IGP
metric or latency metric.
Activity Objective
• Configure and verify IS-IS for IPv6 routing
• Configure and verify the SRv6 extension
• Configure and verify MP-BGP
• Configure and verify flexible algorithm
• Configure and verify VRF using latency metric
Visual Objective
The following figure shows the objective for tasks 1 through 4:
The following figure shows the objective for tasks 5 through 6:

• All routers except P1 have IS-IS configured for full IPv6 reachability.
• All routers except P1 have the SRv6 extension configured.
• PE-CE routing is preconfigured between PE2 and CE2 routers.
• Links between P and PE routers have the delay preconfigured.
Topology
Job Aid
IP Addresses

CE)
Jump host 172.16.1.100/24

CE)






Task 1: Configure and Verify IS-IS for IPv6

The purpose of this task is to configure and verify IS-IS for IPv6 routing. You will configure IS-IS IPv6
routing on the P1 router. Other P and PE routers have IS-IS IPv6 routing preconfigured.
Activity
Step 1 Log in to the P1 router and configure the IS-IS IPv6 address family.
Configure the IS-IS IPv6 address family on the following interfaces: Loopback0,
GigabitEthernet0/0/0/0, GigabitEthernet0/0/0/1, and GigabitEthernet0/0/0/2.
On the P1 router, use the following commands:
RP/0/RP0/CPU0:P1(config-isis-af)# metric-style wide
RP/0/RP0/CPU0:P1(config-isis-af)# exit
RP/0/RP0/CPU0:P1(config-isis)# interface Loopback0
RP/0/RP0/CPU0:P1(config-isis)# interface GigabitEthernet0/0/0/0
RP/0/RP0/CPU0:P1(config-isis-if-af)# interface GigabitEthernet0/0/0/1
RP/0/RP0/CPU0:P1(config-isis-if-af)# interface GigabitEthernet0/0/0/2
RP/0/RP0/CPU0:P1#
Step 2 Log in to the PE1 router and verify that the PE1 router has full IPv6 visibility on the entire
network.
On the PE1 router, use the show route ipv6 command. You should see P1 Loopback0
(2001::1:1:1:1/128) subnet.
RP/0/RP0/CPU0:PE1# show route ipv6
< output omitted >
i L2 2001::1:1:1:1/128
[115/10] via fe80::20c:29ff:fea9:c78d, 00:02:50, GigabitEthernet0/0/0/0
i L2 2001::2:2:2:2/128
[115/20] via fe80::20c:29ff:fea1:b2c3, 00:02:48, GigabitEthernet0/0/0/1
L 2001::3:3:3:3/128 is directly connected,
1w3d, Loopback0
i L2 2001::4:4:4:4/128
< output omitted >
• You have configured IS-IS IPv6 routing on the P1 router.
• You have verified that all routers have full IS-IS IPv6 reachability.
Task 2: Configure and Verify SRv6 Extension

The purpose of this task is to configure and verify the SRv6 extension on the P1 router. The SRv6 prefix in
the lab is fcbb:bb00:x::/48, where x is the node number. Other P and PE routers have the SRv6 extension
preconfigured.
Activity
Step 1 On the P1 router, configure SRv6 extensions and SRv6 prefix fcbb:bb00:1::/48.

RP/0/RP0/CPU0:P1(config)# segment-routing
RP/0/RP0/CPU0:P1(config-sr)# srv6
RP/0/RP0/CPU0:P1(config-srv6)# locators
RP/0/RP0/CPU0:P1(config-srv6-locators)# locator MAIN
RP/0/RP0/CPU0:P1(config-srv6-locator)# micro-segment behavior unode psp-usd
RP/0/RP0/CPU0:P1(config-srv6-locator)# prefix fcbb:bb00:1::/48
RP/0/RP0/CPU0:P1(config-srv6-locator)# commit
RP/0/RP0/CPU0:P1(config-srv6-locator)# end
RP/0/RP0/CPU0:P1#
Step 2 On the P1 router, verify the SRv6 locator and SRv6 SIDs.
On the P1 router, use the show segment-routing srv6 locator command, to verify the SRv6
locator.
RP/0/RP0/CPU0:P1# show segment-routing srv6 locator
Name ID Algo Prefix Status Flags

-------------------- ------- ---- ------------------------ ------- --------
MAIN 3 0 fcbb:bb00:1::/48 Up U
On the P1 router, use the show segment-routing srv6 sid all command, to verify the SRv6
SIDs.
RP/0/RP0/CPU0:P1# show segment-routing srv6 sid all
*** Locator: 'MAIN' ***
SID Behavior Context Owner

State RW
-------------------------- ---------------- ------------------------------ -------
----------- ----- --
fcbb:bb00:1:: uN (PSP/USD) 'default':1 sidmgr
InUse Y
The uN function is already allocated for the device. It is essentially equal to the locator value.
Step 3 On the P1 router, verify that the End function for the SRv6 prefix fcbb:bb00:1:: is programmed
in the common event framework.
On the P1 router, use the show cef ipv6 fcbb:bb00:1:: command.
RP/0/RP0/CPU0:P1# show cef ipv6 fcbb:bb00:1::
fcbb:bb00:1::/64, version 627, SRv6 Endpoint uN (PSP/USD), internal 0x1000001 0x0 (ptr
0xe5ef458) [1], 0x400 (0xe789c78), 0x0 (0xf9620a8)
Updated Mar 14 22:10:31.939
QoS Group: 0, IP Precedence: 0
gateway array (0xe5f66b8) reference count 2, flags 0x0, source rib (7), 0 backups
[3 type 3 flags 0x8401 (0xe6a2b88) ext 0x0 (0x0)]
LW-LDI[type=3, refc=1, ptr=0xe789c78, sh-ldi=0xe6a2b88]
LW-LDI-TS Mar 14 22:10:32.238
via ::/128, 0 dependencies, weight 0, class 0 [flags 0x0]
path-idx 0 NHID 0x0 [0xdda5120 0x0]
next hop ::/128

0 Y recursive Lookup in table
Step 4 On the P1 router, configure IS-IS to make sure it is aware of the SRv6 locator, and that the SRv6
locator is advertised in IGP.
On the P1 router, use these commands:

RP/0/RP0/CPU0:P1(config-isis-af)# segment-routing srv6
RP/0/RP0/CPU0:P1(config-isis-srv6)# locator MAIN
RP/0/RP0/CPU0:P1(config-isis-srv6-loc)# commit
RP/0/RP0/CPU0:P1(config-isis-srv6-loc)# end
RP/0/RP0/CPU0:P1#
Step 5 On the P1 router, verify that the IS-IS protocol is advertising all the SRv6 TLVs and that it is
allocating a few additional SIDs.
On the P1 router, use the show segment-routing srv6 sid all command, to verify SRv6 SIDs.
RP/0/RP0/CPU0:P1# show segment-routing srv6 sid all

State RW
-------------------------- ---------------- ------------------------------ -------
----------- ----- --
InUse Y
fcbb:bb00:1:e000:: uA (PSP/USD) [Gi0/0/0/2, Link-Local]:0 isis-1
InUse Y
InUse Y
InUse Y
The uA function was allocated for each interface enabled in the IS-IS routing.
Step 6 On the P1 router, verify that the End.X function for each interface is described in the IS-IS
advertisements.
On the P1 router, use the show isis database verbose P1 command:

< output omitted >
Interface IPv6 Address: 2001::99:1:2:1
Neighbor IPv6 Address: 2001::99:1:2:2
END.X SID: fcbb:bb00:1:e000:: B:0 S:0 P:0 uA (PSP/USD) Alg:0
SID Structure:
Block Length: 32, Node-ID Length: 16, Func-Length: 16, Args-Length: 0
< output omitted >
All routers in the IS-IS domain should be able to see all locators in the routing table. You can
repeat the show isis database verbose P1 command on any other P or PE router in the lab
topology, to observe the same output as shown on the P1 router. Verify this is the case before
moving forward.
• Configure SRv6 Extension on the P1 router.
• Verify the SRv6 locator and SRv6 SIDs.
• Verify that the End function for the SRv6 prefix is programmed in the common event framework.
• Configure IS-IS to make sure it is aware of the SRv6 locator, and that the SRv6 locator is advertised in
IGP.
• Verify that the IS-IS protocol is advertising all the SRv6 TLVs and that it is allocating a few additional
SIDs.
Task 3: Configure and Verify MP-BGP

The purpose of this task is to configure L3VPN across the SRv6 network. You will configure MP-BGP
between PE1 and PE2 routers.
Activity
Step 1 On the PE1 router, configure VRF 1 with route target 1:1. The PE2 router is preconfigured with
the same VRF.

RP/0/RP0/CPU0:PE1(config)# vrf 1
RP/0/RP0/CPU0:PE1(config-vrf-af)# import route-target
RP/0/RP0/CPU0:PE1(config-vrf-import-rt)# 1:1
RP/0/RP0/CPU0:PE1(config-vrf-import-rt)# exit
RP/0/RP0/CPU0:PE1(config-vrf-import-rt)# export route-target
RP/0/RP0/CPU0:PE1(config-vrf-export-rt)# 1:1
RP/0/RP0/CPU0:PE1(config-vrf-export-rt)# commit
RP/0/RP0/CPU0:PE1(config-vrf-export-rt)# end
RP/0/RP0/CPU0:PE1#
Step 2 On the PE1 router, configure the interface towards the CE1 router to be a part of the VRF and
add IPv4 addressing. The PE2 router is preconfigured with the interface toward the CE2 router
to be part of the VRF.
RP/0/RP0/CPU0:PE1(config)# interface GigabitEthernet0/0/0/2
RP/0/RP0/CPU0:PE1(config-if)# vrf 1
RP/0/RP0/CPU0:PE1(config-if)# ipv4 address 10.3.7.3 255.255.255.0
RP/0/RP0/CPU0:PE1#
Step 3 On the PE1 router, configure the BGP to support SRv6 and per-VRF SID allocation for VRF 1.
The PE2 router is preconfigured.

RP/0/RP0/CPU0:PE1(config-bgp)# vrf 1
RP/0/RP0/CPU0:PE1(config-bgp-vrf)# rd 1:1
RP/0/RP0/CPU0:PE1(config-bgp-vrf-af)# segment-routing srv6
RP/0/RP0/CPU0:PE1(config-bgp-vrf-af-srv6)# locator MAIN
RP/0/RP0/CPU0:PE1(config-bgp-vrf-af-srv6)# alloc mode per-vrf
RP/0/RP0/CPU0:PE1(config-bgp-vrf-af-srv6)# exit
RP/0/RP0/CPU0:PE1(config-bgp-vrf-af-srv6)# redistribute connected
RP/0/RP0/CPU0:PE1(config-bgp-vrf-af)# commit
RP/0/RP0/CPU0:PE1(config-bgp-vrf-af)# end
RP/0/RP0/CPU0:PE1#
Step 4 On the PE1 router, configure the BGP to use the source address (2001::3:3:3:3) for SRv6. The
PE2 router is preconfigured, to use the source address (2001::4:4:4:4) for SRv6.

RP/0/RP0/CPU0:PE1(config-sr)# srv6
RP/0/RP0/CPU0:PE1(config-srv6)# encapsulation
RP/0/RP0/CPU0:PE1(config-srv6-encap)# source-address 2001::3:3:3:3
RP/0/RP0/CPU0:PE1(config-srv6-encap)# commit
RP/0/RP0/CPU0:PE1(config-srv6-encap)# end
RP/0/RP0/CPU0:PE1#
Step 5 On the PE1 router, verify that the connected route (10.3.7.0/24) is redistributed into BGP.
On the PE1 router, use the show bgp vrf 1 command:
RP/0/RP0/CPU0:PE1# show bgp vrf 1
< output omitted >
Route Distinguisher: 1:1 (default for vrf 1)
*> 10.3.7.0/24 0.0.0.0 0 32768 ?
Step 6 On the PE1 router, verify that the new SID was allocated by BGP.
On the PE1 router, use the show segment-routing srv6 sid all command.
RP/0/RP0/CPU0:PE1# show segment-routing srv6 sid all
*** Locator: 'LATENCY' ***

State RW
-------------------------- ---------------- ------------------------------ -------
----------- ----- --
InUse Y
InUse Y
InUse Y

InUse Y
InUse Y
fcbb:bb00:3:e001:: uDT4 '1' bgp-
65001 InUse Y
InUse Y
The BGP always allocates one uDT function per VRF. This is used for all directly connected
prefixes and is the equivalent of the aggregate label in MPLS.
Step 7 On the PE1 and PE2 routers, configure the MP-BGP session between IPv6 Loopback0
interfaces, to support VPNv4 unicast prefixes.
RP/0/RP0/CPU0:PE1(config-bgp-af)# neighbor 2001::4:4:4:4
RP/0/RP0/CPU0:PE1(config-bgp-nbr)# update-source Loopback0
RP/0/RP0/CPU0:PE1#

RP/0/RP0/CPU0:PE2(config-bgp-af)# neighbor 2001::3:3:3:3
RP/0/RP0/CPU0:PE2(config-bgp-nbr)# update-source Loopback0
RP/0/RP0/CPU0:PE2#
Step 8 On the PE1 router, verify that you see VRF prefixes from the PE2 router.
On the PE1 router, use the show route vrf 1 ipv4 command.
RP/0/RP0/CPU0:PE1# show route vrf 1 ipv4
< output omitted >
C 10.3.7.0/24 is directly connected, 00:14:12, GigabitEthernet0/0/0/2

L 10.3.7.3/32 is directly connected, 00:14:12, GigabitEthernet0/0/0/2
B 10.4.8.0/24 [200/0] via 2001::4:4:4:4 (nexthop in vrf default), 00:00:58
Step 9 On the PE1 router, verify common event framework entry for 10.4.8.0/24, to see how a packet
toward the remote prefix will be encapsulated.
On the PE1 router, use the show cef vrf 1 10.4.8.0/24 command.
RP/0/RP0/CPU0:PE1# show cef vrf 1 10.4.8.0/24
10.4.8.0/24, version 3, SRv6 Headend, internal 0x5000001 0x30 (ptr 0xe6984c8) [1],
0x400 (0xe839218), 0x0 (0xf8635b8)
Updated Mar 14 22:39:29.683
gateway array (0xf8a80a8) reference count 3, flags 0x10, source rib (7), 0 backups
[4 type 3 flags 0x8441 (0xe752188) ext 0x0 (0x0)]
LW-LDI[type=3, refc=1, ptr=0xe839218, sh-ldi=0xe752188]
LW-LDI-TS Mar 14 22:39:29.687
Level 1 - Load distribution: 0

[0] via fcbb:bb00:4::/128, recursive
via fcbb:bb00:4::/128, 3 dependencies, recursive [flags 0x6000]

path-idx 0 NHID 0x0 [0xe2edaf8 0x0]
next hop VRF - 'default', table - 0xe0800000
next hop fcbb:bb00:4::/128 via fcbb:bb00:4::/48
SRv6 H.Encaps.Red SID-list {fcbb:bb00:4:e002::}

The output shows a uDT function allocated on the PE2 router.
• On the PE1 router configure VRF and configure the interface towards the CE1 router to be a part of the
VRF.
• Configure the MP-BGP to support SRv6 and per-VRF SID allocation.
• Configure the MP-BGP to use the source address for SRv6.
• Between PE1 and PE2 routers configure MP-BGP session, to support VPNv4 unicast prefixes.
Task 4: Configure BGP Between PE and CE Routers

The purpose of this task is to configure BGP between the PE1 and CE1 routers. The BGP session between
PE2 and CE2 routers is preconfigured.
Activity
Step 1 On the PE1 router, configure CE1 (10.3.7.7) as a BGP neighbor and allow all prefixes to be
exchanged. The CE1 uses BGP autonomous system number 65007.
RP/0/RP0/CPU0:PE1(config)# route-policy PASS
RP/0/RP0/CPU0:PE1(config-rpl)# pass
RP/0/RP0/CPU0:PE1(config-bgp-vrf-nbr)# remote-as 65007
RP/0/RP0/CPU0:PE1(config-bgp-vrf-nbr-af)# route-policy PASS in
RP/0/RP0/CPU0:PE1(config-bgp-vrf-nbr-af)# route-policy PASS out
RP/0/RP0/CPU0:PE1#
Step 2 On the CE1 router, configure PE1 (10.3.7.3) as a BGP neighbor and allow all prefixes to be
exchanged. The CE1 uses BGP autonomous system number 65007.
On the CE1 router, use the following commands:

RP/0/RP0/CPU0:CE1(config)# route-policy PASS
RP/0/RP0/CPU0:CE1(config-rpl)# pass
RP/0/RP0/CPU0:CE1(config-rpl)# end-policy
RP/0/RP0/CPU0:CE1(config)# router bgp 65007
RP/0/RP0/CPU0:CE1(config-bgp)# address-family ipv4 unicast
RP/0/RP0/CPU0:CE1(config-bgp-af)# redistribute connected
RP/0/RP0/CPU0:CE1(config-bgp-af)# neighbor 10.3.7.3
RP/0/RP0/CPU0:CE1(config-bgp-nbr)# remote-as 65001
RP/0/RP0/CPU0:CE1(config-bgp-nbr)# address-family ipv4 unicast
RP/0/RP0/CPU0:CE1(config-bgp-nbr-af)# route-policy PASS in
RP/0/RP0/CPU0:CE1(config-bgp-nbr-af)# route-policy PASS out
RP/0/RP0/CPU0:CE1(config-bgp-nbr-af)# commit
RP/0/RP0/CPU0:CE1(config-bgp-nbr-af)# end
RP/0/RP0/CPU0:CE1#
Step 3 On the CE1 router, verify that the PE-CE BGP session is operational.
On the CE1 router, use the show route command:

RP/0/RP0/CPU0:CE1# show route
< output omitted >
C 10.3.7.0/24 is directly connected, 6d15h, GigabitEthernet0/0/0/0

L 10.3.7.7/32 is directly connected, 6d15h, GigabitEthernet0/0/0/0
B 10.4.8.0/24 [20/0] via 10.3.7.3, 00:02:29
L 10.7.7.7/32 is directly connected, 6d15h, Loopback0
B 10.8.8.8/32 [20/0] via 10.3.7.3, 00:02:29
L 127.0.0.0/8 [0/0] via 0.0.0.0, 6d15h
C 172.16.1.0/24 is directly connected, 6d15h, MgmtEth0/RP0/CPU0/0
L 172.16.1.107/32 is directly connected, 6d15h, MgmtEth0/RP0/CPU0/0
Step 4 On the CE1 router, verify connectivity to the CE2 Loopback 0 (10.8.8.8) interface.
On the CE1 router, use the ping 10.8.8.8 source Loopback 0 command:

!!!!!
The ping should be successful.
Step 5 On the PE1 router, verify the BGP advertisement for CE2 Loopback0 (10.8.8.8/32) prefix.
On the PE1 router, use the show bgp vrf 1 10.8.8.8/32 command:
RP/0/RP0/CPU0:PE1# show bgp vrf 1 10.8.8.8/32

Versions:
Speaker 9 9
10.3.7.7
10.3.7.7
65008
2001::4:4:4:4 (metric 20) from 2001::4:4:4:4 (10.4.4.4)
Received Label 0xe0020
Extended community: RT:1:1
PSID-Type:L3, SubTLV Count:1
SubTLV:
T:1(Sid information), Sid:fcbb:bb00:4::, Behavior:63, SS-TLV Count:1
SubSubTLV:
T:1(Sid structure):
Source AFI: VPNv4 Unicast, Source VRF: 1, Source Route Distinguisher: 1:1
The SID for VRF 1 prefix 10.8.8.8/32 is the PE2 locator (fcbb:bb00:4::) and the received label
(0xe0020). The received label may be different in your lab.
Step 6 On the PE1 router, verify the routing table for CE1 Loopback0 (10.8.8.8/32) prefix.
On the PE1 router, use the show route vrf 1 10.8.8.8/32 detail command:
RP/0/RP0/CPU0:PE1# show route vrf 1 10.8.8.8/32 detail

Known via "bgp 65001", distance 200, metric 0
Tag 65008, type internal
Installed Mar 14 22:39:29.637 for 00:17:03
2001::4:4:4:4, from 2001::4:4:4:4
Nexthop in Vrf: "default", Table: "default", IPv6 Unicast, Table Id: 0xe0800000
Route metric is 0
Label: None
Tunnel ID: None
Binding Label: None
Source RD attributes: 0x0000:1:1
NHID:0x0(Ref:0)
SRv6 Headend: H.Encaps.Red [f3216], SID-list {fcbb:bb00:4:e002::}
< output omitted >
Step 7 On the PE2 router, verify that the packet comes encapsulated in IPv6 with the destination IPv6
address equal to the uDT function.
On the PE2 router, use the show route ipv6 fcbb:bb00:4:e002:: command. Label (:e002:) in the
SRv6 uDT4 address may be different in your lab.
RP/0/RP0/CPU0:PE2# show route ipv6 fcbb:bb00:4:e002::
Routing entry for fcbb:bb00:4:e002::/64

Known via "local-srv6 bgp-65001", distance 0, metric 0, SRv6 Endpoint uDT4, SRv6
Format f3216
Installed Mar 14 21:42:56.930 for 01:15:19
::ffff:0.0.0.0 directly connected
Nexthop in Vrf: "1", Table: "default", IPv4 Unicast, Table Id: 0xe0000002
Route metric is 0
Step 8 On the PE2 router, verify an IPv6 common event framework entry for VRF 1 SID
fcbb:bb00:4:e002::.
On the PE2 router, use the show cef ipv6 fcbb:bb00:4:e002:: command. Label (:e002:) in the
SRv6 uDT4 address may be different in your lab.
RP/0/RP0/CPU0:PE2# show cef ipv6 fcbb:bb00:4:e002::
fcbb:bb00:4:e002::/64, version 499, SRv6 Endpoint uDT4, internal 0x1000001 0x0 (ptr
0xe6f94d8) [1], 0x400 (0xe893ba0), 0x0 (0xf808330)
Updated Mar 14 21:42:56.933
gateway array (0xe6ffbd8) reference count 1, flags 0x0, source rib (7), 0 backups
[2 type 3 flags 0x8401 (0xe7ace28) ext 0x0 (0x0)]
LW-LDI[type=3, refc=1, ptr=0xe893ba0, sh-ldi=0xe7ace28]
LW-LDI-TS Mar 14 21:42:56.933
via ::ffff:0.0.0.0/128, 0 dependencies, weight 0, class 0 [flags 0x0]
path-idx 0 NHID 0x0 [0xd66b558 0x0]
next hop VRF - '1', table - 0xe0000002
next hop ::ffff:0.0.0.0/128

0 Y recursive Lookup in table
You should observe uDT function is linked to VRF 1.
• Configure and verify BGP between PE1 and CE1 routers.
• Verify CE1 to CE2 connectivity.
• Verify that the packet between PE1 and PE2 comes encapsulated in IPv6 with the destination IPv6
address equal to the uDT function.
• Verify an IPv6 common event framework entry for VRF 1 SID prefix.
Task 5: Configure and Verify Flexible Algorithm

The purpose of this task is to create another flexible algorithm. This algorithm will use the same physical
topology but use a latency metric instead of the IGP metric. You will reconfigure VRF, to use the algorithm
with the latency metric.
Refer to the following figure, to observe preconfigured delay measurement between P and PE routers.
Activity
Step 1 On the P1 router, configure a new locator for algorithm 128, from uSID block fcbb:bb01::. Other
P and PE routers are preconfigured for algorithm 128.

RP/0/RP0/CPU0:P1(config)# segment-routing
RP/0/RP0/CPU0:P1(config-sr)# srv6
RP/0/RP0/CPU0:P1(config-srv6)# locators
RP/0/RP0/CPU0:P1(config-srv6-locators)# locator LATENCY
RP/0/RP0/CPU0:P1(config-srv6-locator)# micro-segment behavior unode psp-usd
RP/0/RP0/CPU0:P1(config-srv6-locator)# prefix fcbb:bb01:1::/48
RP/0/RP0/CPU0:P1(config-srv6-locator)# algorithm 128
RP/0/RP0/CPU0:P1(config-srv6-locator)# commit
RP/0/RP0/CPU0:P1(config-srv6-locator)# end
RP/0/RP0/CPU0:P1#
Step 2 On the P1 router, configure IS-IS to advertise a new locator into IS-IS. Other P and PE routers
are preconfigured to advertise a new locator into IS-IS.
RP/0/RP0/CPU0:P1(config-isis)# flex-algo 128
RP/0/RP0/CPU0:P1(config-isis-flex-algo)# exit
RP/0/RP0/CPU0:P1(config-isis-flex-algo)# address-family ipv6 unicast
RP/0/RP0/CPU0:P1(config-isis-af)# segment-routing srv6
RP/0/RP0/CPU0:P1(config-isis-srv6)# locator LATENCY
RP/0/RP0/CPU0:P1(config-isis-srv6-loc)# commit
RP/0/RP0/CPU0:P1(config-isis-srv6-loc)# end
RP/0/RP0/CPU0:P1#
Step 3 One of the routers in the lab topology will have to advertise the definition of the new flexible
algorithm. For this lab topology, it will be a P1 router.
On the P1 router, configure IS-IS to advertise the definition of the new flexible algorithm:
RP/0/RP0/CPU0:P1(config-isis)# flex-algo 128
RP/0/RP0/CPU0:P1(config-isis-flex-algo)# metric-type delay
RP/0/RP0/CPU0:P1(config-isis-flex-algo)# advertise-definition
RP/0/RP0/CPU0:P1(config-isis-flex-algo)# commit
RP/0/RP0/CPU0:P1(config-isis-flex-algo)# end
RP/0/RP0/CPU0:P1#
Step 4 On the PE1 router, verify the IS-IS database for the P1 router.
On the PE1 router, use the show isis data verbose P1 command, to verify the IS-IS database for
the P1 router.
RP/0/RP0/CPU0:PE1# show isis data verbose P1
< output omitted >
SRv6 Locator: MT (IPv6 Unicast) fcbb:bb00:1::/48 D:0 Metric: 0 Algorithm: 0
END SID: fcbb:bb00:1:: uN (PSP/USD)
SID Structure:
SRv6 Locator: MT (IPv6 Unicast) fcbb:bb01:1::/48 D:0 Metric: 0 Algorithm: 128
END SID: fcbb:bb01:1:: uN (PSP/USD)
SID Structure:
< output omitted >
Interface IPv6 Address: 2001::99:1:2:1
Neighbor IPv6 Address: 2001::99:1:2:2
Application Specific Link Attributes:
L flag: 0, SA-Length: 1, UDA-Length: 1
Standard Applications: 0x10 FLEX-ALGO
User Defined Applications: 0x10
SID Structure:
SID Structure:
< output omitted >
Observe algorithms in the IS-IS database, including all locators and allocated functions.
Step 5 On the PE1 router, verify the locators in the routing table.
On the PE1 router, use the show route ipv6 command. You should see prefixes from
fcbb:bb00:: and fcbb:bb01:: IPv6 range.
RP/0/RP0/CPU0:PE1# show route ipv6
< output omitted >
i L2 fcbb:bb00:1::/48
i L2 fcbb:bb00:2::/48
< output omitted >
i L2 fcbb:bb01:1::/48
i L2 fcbb:bb01:2::/48
< output omitted >
• Configure a new locator for algorithm 128 and configure IS-IS to advertise the new locator.
• Configure IS-IS to advertise the definition of the flexible algorithm.
• Observe algorithms in the IS-IS database, including all locators and allocated functions.
• Verify the locators in the routing table.
Task 6: Configuring and Verifying VRF Using Latency

Metric
In this task, you will configure and verify VRF using the latency metric.
Activity
Step 1 On the PE1 and PE2 routers, reconfigure VRF 1 to utilize the latency metric for all prefixes.

RP/0/RP0/CPU0:PE1(config-bgp-vrf-af-srv6)# locator LATENCY
RP/0/RP0/CPU0:PE1(config-bgp-vrf-af-srv6)# commit
RP/0/RP0/CPU0:PE1(config-bgp-vrf-af-srv6)# end
RP/0/RP0/CPU0:PE1#

RP/0/RP0/CPU0:PE2(config-bgp-vrf-af-srv6)# locator LATENCY
RP/0/RP0/CPU0:PE2(config-bgp-vrf-af-srv6)# commit
RP/0/RP0/CPU0:PE2(config-bgp-vrf-af-srv6)# end
RP/0/RP0/CPU0:PE2#
Step 2 On the PE1 router, verify SRv6 SIDs.

On the PE1 router, use the show segment-routing srv6 sid command:
RP/0/RP0/CPU0:PE1# show segment-routing srv6 sid
*** Locator: 'LATENCY' ***

State RW
-------------------------- ---------------- ------------------------------ -------
----------- ----- --
InUse Y
InUse Y
fcbb:bb01:3:e001:: uDT4 '1' bgp-
65001 InUse Y
InUse Y

InUse Y
InUse Y
InUse Y
The uDT4 function is now used to describe VRF for locator LATENCY.
Step 3 On the PE1 router, verify VRF 1 common event framework entry for CE2 Loopback0
(10.8.8.8/32) prefix.
Since the latency metric is smaller through routers PE3, P2, and PE4, the common event
framework reflects the outgoing interface is toward PE3 (GigabitEthernet0/0/0/1).
On the PE1 router, use the show cef vrf 1 10.8.8.8/32 detail command:
RP/0/RP0/CPU0:PE1# show cef vrf 1 10.8.8.8/32 detail
10.8.8.8/32, version 15, SRv6 Headend, internal 0x5000001 0x30 (ptr 0xe69c160) [1],
0x400 (0xe839530), 0x0 (0xf863330)
Updated Mar 14 23:17:10.960
gateway array (0xf8a8190) reference count 2, flags 0x10, source rib (7), 0 backups
[3 type 3 flags 0x8441 (0xe7520c8) ext 0x0 (0x0)]
LW-LDI[type=3, refc=1, ptr=0xe839530, sh-ldi=0xe7520c8]
LW-LDI-TS Mar 14 23:17:10.960
Level 1 - Load distribution: 0

[0] via fcbb:bb01:4::/128, recursive
via fcbb:bb01:4::/128, 3 dependencies, recursive [flags 0x6000]

path-idx 0 NHID 0x0 [0xe2ebf90 0x0]
next hop VRF - 'default', table - 0xe0800000
next hop fcbb:bb01:4::/128 via fcbb:bb01:4::/48
SRv6 H.Encaps.Red SID-list {fcbb:bb01:4:e002::}

• Reconfigure VRF to utilize the latency metric for all prefixes.
• Verify VRF common event framework entry.
1. Which show command displays all SRv6 SIDs?

A. show segment-routing srv6 sid all
B. show segment-routing all
C. show isis database verbose P1
D. show route vrf all
Discovery 15: Configure and Verify Model-Driven
Telemetry
Introduction
In this lab exercise, you will configure and verify Model-Driven Telemetry (MDT) on the Cisco IOS XR
router. The Cisco IOS XR router will send the telemetry data to the preinstalled Telemetry Collector Stack.
Activity Objective
• Configure and verify Model-Driven Telemetry
• Verify the streamed data on the Telemetry Collector Stack
Visual Objective
• The Telemetry Collector Stack is preconfigured.
• The Telemetry Collector Stack is reachable through the management subnet.
Topology
Job Aid
Grafana admin admin

IP Addresses

CE)
Jump host 172.16.1.100/24

CE)






Task 1: Configure and Verify the MDT Destination

Group
The purpose of this task is to configure and verify the MDT destination group on the PE1 router. The MDT
destination group defines where the telemetry data is exported.
Activity
Step 1 On the PE1 router, verify if the Telemetry Collector Stack is reachable.
On the PE1 router, use the ping command. The Telemetry Collector Stack should be reachable
on the IP address 172.16.1.50.
RP/0/RP0/CPU0:PE1# ping 172.16.1.50
!!!!!
Step 2 Configure the PE1 router to synchronize the clock with the NTP server (172.16.1.50).
The PE1 router should synchronize time with the Telemetry Collector Stack. The NTP server
and the Telemetry Collector Stack are running on the same device with the IP address
172.16.1.50. On the PE1 router, use the following commands:
RP/0/RP0/CPU0:PE1(config)# ntp
RP/0/RP0/CPU0:PE1(config-ntp)# server 172.16.1.50
RP/0/RP0/CPU0:PE1(config-ntp)# commit
RP/0/RP0/CPU0:PE1(config-ntp)# end
RP/0/RP0/CPU0:PE1#
Step 3 On the PE1 router, verify NTP association.

It may take up to 10 minutes for the PE1 router to synchronize with the NTP server. You do not
need to wait for synchronization, but you should see the PE1 router is associated with the NTP
server. On the PE1 router, use the show ntp associations detail command.
RP/0/RP0/CPU0:PE1# show ntp associations detail
172.16.1.50 configured, insane, invalid, stratum 7

ref ID 10.0.0.1, time E66E7E69.C45FCECC (09:10:01.767 UTC Tue Jul 5 2022)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 0.9766 msec, root disp 3.22, reach 3, sync dist 3946.3180
delay 4.68 msec, offset 28.047 msec, dispersion 3.938
< output omitted >
Step 4 On the PE1 router, configure the MDT destination group.
On the PE1 router, configure the MDT destination group with the following values:
• The MDT destination group name DG1.
• The IP address 172.16.1.50 and port 57500.
• The encoding self-describing-gpb.
• The protocol grpc no-tls.
RP/0/RP0/CPU0:PE1(config)# telemetry model-driven
RP/0/RP0/CPU0:PE1(config-model-driven)# destination-group DG1
RP/0/RP0/CPU0:PE1(config-model-driven-dest)# address-family ipv4 172.16.1.50 port 57500
RP/0/RP0/CPU0:PE1(config-model-driven-dest-addr)# encoding self-describing-gpb
RP/0/RP0/CPU0:PE1(config-model-driven-dest-addr)# protocol grpc no-tls
RP/0/RP0/CPU0:PE1(config-model-driven-dest-addr)# commit
RP/0/RP0/CPU0:PE1(config-model-driven-dest-addr)# end
RP/0/RP0/CPU0:PE1#
Step 5 On the PE1 router, verify the MDT destination group.

On the PE1 router, use the show telemetry model-driven destination command. The state of
the session should be NA because the configured is not complete.
RP/0/RP0/CPU0:PE1# show telemetry model-driven destination
Group Id Sub IP
Port Encoding Transport State
-------------------------------------------------------------------------------------
-----------------------------------------------------
DG1 172.16.1.50
57500 self-describing-gpb grpc NA
TLS: False
Collection statistics:
Maximum tokens : 4000
Event tokens : 750
Cadence tokens : 750
Token processed at :
Cadence token advertised at :
Event token advertised at :
GNMI initial synchronization time:
Pending queue size : 0
Pending queue memory size (bytes): 0
Processed events : 0
Collection tokens : 0
• You have verified the reachability between the PE1 router and the Telemetry Collector Stack.
• You have configured the NTP synchronization.
• You have configured the MDT destination group.
Task 2: Configure and Verify the MDT Sensor Groups

for Dial-Out
The purpose of this task is to configure and verify the MDT sensor groups for dial-out. You will configure
three MDT sensor groups for dial-out. The MDT sensor groups will send health telemetry, interface
statistics, and routing telemetry.
Activity
Step 1 On the PE1 router, configure the MDT sensor group for health telemetry.
RP/0/RP0/CPU0:PE1(config-model-driven)# sensor-group health
RP/0/RP0/CPU0:PE1(config-model-driven-snsr-grp)# sensor-path Cisco-IOS-XR-shellutil-
oper:system-time/uptime
RP/0/RP0/CPU0:PE1(config-model-driven-snsr-grp)# sensor-path Cisco-IOS-XR-wdsysmon-fd-
oper:system-monitoring/cpu-utilization
RP/0/RP0/CPU0:PE1(config-model-driven-snsr-grp)# sensor-path Cisco-IOS-XR-nto-misc-
oper:memory-summary/nodes/node/summary
RP/0/RP0/CPU0:PE1(config-model-driven-snsr-grp)# commit
RP/0/RP0/CPU0:PE1(config-model-driven-snsr-grp)# end
RP/0/RP0/CPU0:PE1#
Step 2 On the PE1 router, configure the MDT sensor group for interface statistics.

RP/0/RP0/CPU0:PE1(config-model-driven)# sensor-group interface_stats
RP/0/RP0/CPU0:PE1(config-model-driven-snsr-grp)# sensor-path Cisco-IOS-XR-infra-statsd-
oper:infra-statistics/interfaces/interface/latest/generic-counters
RP/0/RP0/CPU0:PE1#
Step 3 On the PE1 router, configure the MDT sensor group for routing telemetry.

RP/0/RP0/CPU0:PE1(config-model-driven)# sensor-group routing
RP/0/RP0/CPU0:PE1(config-model-driven-snsr-grp)# sensor-path Cisco-IOS-XR-clns-isis-
oper:isis/instances/instance/statistics-global
RP/0/RP0/CPU0:PE1(config-model-driven-snsr-grp)# sensor-path Cisco-IOS-XR-clns-isis-
oper:isis/instances/instance/levels/level/adjacencies/adjacency
RP/0/RP0/CPU0:PE1(config-model-driven-snsr-grp)# sensor-path Cisco-IOS-XR-ip-rib-ipv4-
oper:rib/vrfs/vrf/afs/af/safs/saf/ip-rib-route-table-names/ip-rib-route-table-
name/protocol/isis/as/information
RP/0/RP0/CPU0:PE1#
Step 4 On the PE1 router, verify the MDT sensor groups.

On the PE1 router, use the show telemetry model-driven sensor-group command. You should
see three MDT sensor groups, as shown.
RP/0/RP0/CPU0:PE1# show telemetry model-driven sensor-group
Sensor Group Id:health
Sensor Path: Cisco-IOS-XR-shellutil-oper:system-time/uptime
Sensor Path State: Resolved
Sensor Path: Cisco-IOS-XR-wdsysmon-fd-oper:system-monitoring/cpu-utilization
Sensor Path: Cisco-IOS-XR-nto-misc-oper:memory-summary/nodes/node/summary
Sensor Group Id:interface_stats

Sensor Path: Cisco-IOS-XR-infra-statsd-oper:infra-
statistics/interfaces/interface/latest/generic-counters
Sensor Group Id:routing

Sensor Path: Cisco-IOS-XR-clns-isis-oper:isis/instances/instance/statistics-
global
Sensor Path: Cisco-IOS-XR-clns-isis-
oper:isis/instances/instance/levels/level/adjacencies/adjacency
Sensor Path: Cisco-IOS-XR-ip-rib-ipv4-oper:rib/vrfs/vrf/afs/af/safs/saf/ip-
rib-route-table-names/ip-rib-route-table-name/protocol/isis/as/information
• You have configured and verified three MDT sensor groups.
Task 3: Configure and Verify the MDT Subscription for

Dial-Out
In this task, you will configure and verify the MDT subscription for dial-out. This task completes the MDT
configuration on the PE1 router. The PE1 router will start sending telemetry data to the Telemetry
Collector Stack.
Activity
Step 1 On the PE1 router, configure the MDT subscription.

On the PE1 router, configure the MDT subscription with the following values:
• The MDT subscription name Sub.
• The MDT sensor group interface_stats uses a sample interval of 3 seconds.
• The MDT sensor group routing uses a sample interval of 3 seconds.
• The MDT sensor group health uses a sample interval of 30 seconds.
• The MDT destination DG1.
RP/0/RP0/CPU0:PE1(config-model-driven)# subscription Sub
RP/0/RP0/CPU0:PE1(config-model-driven-subs)# sensor-group-id interface_stats sample-
interval 3000
RP/0/RP0/CPU0:PE1(config-model-driven-subs)# sensor-group-id routing sample-interval
3000
RP/0/RP0/CPU0:PE1(config-model-driven-subs)# sensor-group-id health sample-interval
30000
RP/0/RP0/CPU0:PE1(config-model-driven-subs)# destination-id DG1
RP/0/RP0/CPU0:PE1(config-model-driven-subs)# commit
RP/0/RP0/CPU0:PE1(config-model-driven-subs)# end
RP/0/RP0/CPU0:PE1#
Step 2 On the PE1 router, verify the MDT configuration.
On the PE1 router, use the show telemetry model-driven subscription command. You should
see the resolved state for all three MDT sensor groups and active for the MDT destination
groups.
RP/0/RP0/CPU0:PE1# show telemetry model-driven subscription
Subscription: Sub State: ACTIVE
-------------
Sensor groups:
Id Interval(ms) State
health 30000 Resolved
routing 3000 Resolved
interface_stats 3000 Resolved
Destination Groups:
Id Encoding Transport State Port Vrf
IP
DG1 self-describing-gpb grpc Active 57500
172.16.1.50
TLS : False
Note If the MDT destination group state is NA, wait 1 minute and display show telemetry model-driven
subscription command again.
• You have configured and verified the MDT subscription.
Task 4: Verify the Streamed Data on the Grafana
The purpose of this task is to verify the streamed data on the Grafana. You will access Grafana from the
jump host.
Activity
Step 1 In the jump host, open the Grafana web interface.
In the jump host, open Google Chrome and enter https://172.16.1.50:3000 in the URL bar.
You can also use the Grafana bookmark, as shown.
Log in to the Grafana web interface with the username admin and password admin and then
click the Log In button.
Step 2 In the Grafana web interface, open the Device_Health_Check_Demo dashboard.

In the Grafana web interface, click the Home button.
From the options, choose XR-Telemetry and Device_Health_Check_Demo. The

Device_Health_Check_Demo dashboard will open.
Step 3 In the Device_Health_Check_Demo dashboard, choose the PE1 router.

In the Device_Health_Check_Demo dashboard, make sure that the PE1 router is selected, as
shown in the following figure.
You should see CPU Utilization, Memory Use Percent, Uptime, and Device Traffic.
Step 4 In the Device_Health_Check_Demo dashboard, verify the number of the IS-IS prefixes.
In the Device_Health_Check_Demo dashboard, scroll down and open the ISIS Routing
Information section. You should see 16 active IPv4 routes.
Step 5 In the CE1 router, add three Loopbacks and advertise prefixes into the IS-IS routing protocol.
On the CE1 router, configure the following commands:
RP/0/RP0/CPU0:CE1(config)# interface Loopback7
RP/0/RP0/CPU0:CE1(config-if)# ipv4 address 10.10.10.7 255.255.255.255
RP/0/RP0/CPU0:CE1(config-if)# exit
RP/0/RP0/CPU0:CE1(config-isis)# interface Loopback7
RP/0/RP0/CPU0:CE1(config-isis-if)# passive
RP/0/RP0/CPU0:CE1(config-isis-if-af)# exit
RP/0/RP0/CPU0:CE1(config-isis-if-af)# exit
RP/0/RP0/CPU0:CE1(config-isis-if-af)# commit
RP/0/RP0/CPU0:CE1(config-isis-if-af)# end
RP/0/RP0/CPU0:CE1#
Step 6 In the Device_Health_Check_Demo dashboard, verify the number of the IS-IS prefixes for the
PE1 router again.
In the Device_Health_Check_Demo dashboard, scroll down and open the ISIS Routing
Information section. The number of the IS-IS active IPv4 routes on the PE1 router should
change from 16 to 19.
1. Which Cisco IOS XR command displays the state of the MDT subscriptions?
A. show model-driven destination group
B. show snmp
C. show telemetry model-driven subscription
D. show telemetry subscription
Discovery 16: Configure and Verify Devices by
Using Model-Driven Programmability
Introduction
In this lab exercise, you will retrieve and edit device configuration by using model-driven programmability.
Activity Objective
• Configure NETCONF agent on a router
• Retrieve a complete running configuration by using model-driven programmability
• Retrieve partial configurations by using subtree filtering
• Edit device configurations by using model-driven programmability
• Configure and verify on-the-box automation
Visual Objective
• All routers have basic configuration enabled for host name, username, lines, and Mgmt interface.
Topology
• Virtualized routers that are based on Cisco IOS XR and that consist of one PE router and one P routers.
You can access the virtualized Cisco IOS XR routers and emulated Cisco 8201 Series router by using the
Terminal on the jump host. Once you are on the jump host open the Terminal and type in the host name
(lowercase) of the router, this will open the SSH session to the router.
Job Aid

IP Addresses
P1 MgmtEth0 172.16.1.101/32
PE1 MgmtEth0 172.16.1.103/32
R0 MgmtEth0 192.168.122.50
Jumphost 172.16.1.100/24
192.168.122.1/24
P1 Loopback0 10.1.1.1/32 and 2001::1:1:1:1/128
PE1 Loopback0 10.3.3.3/32 and 2001::3:3:3:3/128
P1 GigabitEthernet0/0/0/0 (to PE1) 10.1.3.1/24 and 2001::99:1:3:1/112
PE1 GigabitEthernet0/0/0/0 (to P1) 10.1.3.3/24 and 2001::99:1:3:3/112
Task 1: Configure NETCONF YANG Agent

The purpose of this task is to enable the NETCONF agent on the router.
Activity
Step 1 On the PE1 router, view its current configuration.
On the PE1 router, use the show running-config commands. In later steps, you will configure
PE1 by using model-driven programmability.
!! IOS XR Configuration 7.5.1
!! Last configuration change at Mon May 16 08:30:42 2022 by cisco
!
hostname PE1
interface Loopback0
ipv4 address 10.3.3.3 255.255.255.255
ipv6 address 2001::3:3:3:3/128
!
ipv4 address 172.16.1.103 255.255.255.0
!
cdp
ipv4 address 10.1.3.3 255.255.255.0
ipv6 address 2001::99:1:3:3/112
!
cdp
ipv4 address 10.3.5.3 255.255.255.0
ipv6 address 2001::99:3:5:3/112
Step 2 On the PE1 router, generate crypto keys.
Use the crypto key generate rsa command. If crypto keys already exist, replace them by typing
the yes keyword and generate a 4096-bit RSA key for public-key cryptography.
RP/0/RP0/CPU0:PE1# crypto key generate rsa
The name for the keys will be: the_default
% You already have keys defined for the_default
Do you really want to replace them? [yes/no]: yes
Choose the size of the key modulus in the range of 512 to 4096 for your General
Purpose Keypair. Choosing a key modulus greater than 512 may take a few minutes.
How many bits in the modulus [2048]: 4096

Generating RSA keys ...
Done w/ crypto generate keypair
[OK]
The crypto key generation process may take some time. Wait before proceeding to the next step.
Step 3 On the PE1 router, enable SSH and the NETCONF YANG agent.
RP/0/RP0/CPU0:PE1(config)# ssh server v2
RP/0/RP0/CPU0:PE1(config)# ssh server netconf vrf default
RP/0/RP0/CPU0:PE1(config)# netconf-yang agent
RP/0/RP0/CPU0:PE1(config-ncy-agent)# ssh
RP/0/RP0/CPU0:PE1(config-ncy-agent)# commit
RP/0/RP0/CPU0:PE1(config-ncy-agent)# end
RP/0/RP0/CPU0:PE1#
Step 4 On the PE1 router, set the SSH server rate limit to 600 and SSH server capability to netconf-
xml.

RP/0/RP0/CPU0:PE1(config)# netconf agent tty
RP/0/RP0/CPU0:PE1(config-netconf-tty)# exit
RP/0/RP0/CPU0:PE1(config-netconf-tty)# ssh server rate-limit 600
RP/0/RP0/CPU0:PE1(config)# ssh server capability netconf-xml
RP/0/RP0/CPU0:PE1(config-ncy-agent)# commit
RP/0/RP0/CPU0:PE1(config-ncy-agent)# end
RP/0/RP0/CPU0:PE1#
• You enabled SSH.
• You configured the NETCONF YANG agent.
Task 2: Retrieve a Complete Running Configuration by

Using Model-Driven Programmability
The purpose of this task is to retrieve a complete running configuration from the PE1 router by using model-
driven programmability. To perform this task, you will use the Cisco YANG Suite installed on the jump
host. The Cisco YANG Suite is a set of tools related to YANG models (RFC 6020, RFC 7950) and
technologies, such as NETCONF (RFC 6241).
Activity
Step 1 In the jump host, start the Cisco YANG Suite.
In the jump host, open Terminal and use the yangsuite Linux command. This will start the
Cisco YANG Suite.
Do not quit the Cisco YANG Suite server and leave the Terminal window opened.
student@student-vm:~$ yangsuite
/home/student/.local/lib/python3.6/site-packages/ysdevices/utilities.py:4:
CryptographyDeprecationWarning: Python 3.6 is no longer supported by the Python core
team. Therefore, support for it is deprecated in cryptography and will be removed in a
future release.
from cryptography.fernet import Fernet
/home/student/.local/lib/python3.6/site-packages/paramiko/transport.py:236:
CryptographyDeprecationWarning: Blowfish has been deprecated
"class": algorithms.Blowfish,
No changes detected in app 'ysdevices'
No changes detected in app 'yangsuite'
No changes detected in app 'ysyangtree'
No changes detected in app 'ysnetconf'
No changes detected in app 'ysfilemanager'
Operations to perform:
Apply all migrations: admin, auth, contenttypes, django_registration, sessions
Running migrations:
No migrations to apply.
0 static files copied to '/home/student/.local/share/yangsuite/static', 603 unmodified.

**********************************************************************
YANG Suite data is stored at /home/student/YS. Be sure to back up this directory!
**********************************************************************
Performing system checks...
System check identified no issues (0 silenced).

May 27, 2022 - 12:00:55
Django version 2.0.13, using settings 'yangsuite.settings.production'
Starting development server at http://localhost:8480/
Quit the server with CONTROL-C.
Step 2 In the jump host, open the Cisco YANG Suite in the Chrome browser.
You can use a Chrome bookmark (http://localhost:8480/) to open the Cisco YANG Suite page.
Log in by using the username student and password 1234QWer.
Note If Cisco YANG Suite did not start, you can start Cisco YANG Suite by entering the yangsuite Linux
command in the Terminal window and then connect to http://localhost:8480.
Step 3 In the Cisco YANG Suite, navigate to Setup and Device profiles.
In the Cisco YANG Suite, choose Setup and then Device profiles. The Manage device profiles
window will open.
Step 4 In the Cisco YANG Suite, check PE1 router reachability.
In the Manage device profiles window, choose the PE1 router and click the Check selected
device’s reachability button. You should see connectivity check results as shown in the figure.
Step 5 In the Cisco YANG Suite, navigate to the Manage YANG module files and repository
window to create a new repository.
In the Cisco YANG Suite, choose Setup and then YANG files and repository. In the Manage
YANG module files and repository window, click the New repository button. Type the
repository name Cisco IOS XR 7.5.1 and click the Create repository button.
Step 6 In the Cisco YANG Suite, navigate to the Manage YANG module files and repository
window to add new YANG modules.
In the Cisco YANG Suite, choose Setup and then YANG files and repository. In the Manage
YANG module files and repository window, choose the Cisco IOS XR 7.5.1 YANG module
repository.
Step 7 In the Manage YANG module files and repository window, add NETCONF modules from the
PE1 router.
In the Manage YANG module files and repository window, choose the NETCONF tab, and
from the Select device profile dropdown menu, choose the PE1 device. Click the Get schema
list button, then Select all modules, and click the Download selected schemas button.
The Cisco YANG Suite will download YANG modules from the PE1 router. This will take few
minutes. Proceed to the next step when you can see downloaded modules in the left window as
shown in the figure.
Step 8 In the Cisco YANG Suite, create the XR 7.5.1–all YANG module set with the Cisco-IOS-XR-
cli-cfg module.
In the Cisco YANG Suite, navigate to Setup and then choose YANG module sets. The Manage
YANG module sets window will open. Click the New YANG set button, type the name XR
7.5.1–all, and click the Create YANG set button.
The new YANG set is created. Add the Cisco-IOS-XR-cli-cfg module from the right window to
the left window. You can use a filtering option, choose the module, and then click the Add
selected button.
In the right window, you will see the Missing dependencies message. Click the Locate and add
missing dependencies button and an extra module will be added. The module set is complete.
Step 9 In the Cisco YANG Suite, use the NETCONF protocol to examine the PE1 router configuration.
In the Cisco YANG Suite, navigate to Protocols and then choose NETCONF. The NETCONF
window will open. Choose the XR 7.5.1–all YANG Set and the Cisco-IOS-XR-cli-cfg module.
Click the Load Module(s) button to load the selected module.
Step 10 In the Cisco YANG Suite, build RPC to get the running configuration from the PE1 router.
In the NETCONF window, choose the get-config operation, then the PE1 device, expand the
Cisco-IOS-XR-cli-cfg tree, choose cli, and click next to the Value—Do not enter any value.
Click the </> Build RPC button to create RPC in the right window as shown in the figure.
Step 11 In the Cisco YANG Suite, run RPC to get CLI configuration from the PE1 router.
In the NETCONF window, make sure that RPC is similar as shown in the figure. Click the Run
RPC(s) button to send the RPC request to the device. A new browser tab will open.
In the new browser tab, scroll up and examine the request sent to the device.
In the new browser tab, scroll down and examine the received message from the host and CLI
configuration from the PE1 router.
Close the browser tab and click the Clear RPC(s) button to clear RPC from the right window.
• You have retrieved a complete running configuration by using model-driven programmability.
Task 3: Retrieve Partial Configurations by Using

Subtree Filtering
The purpose of this task is to retrieve a partial running configuration from the PE1 router by using model-
driven programmability. To perform this task, you will use the Cisco YANG Suite installed on the jump
host. You will retrieve the Loopback0 configuration from the PE1 router.
The Cisco YANG Suite has all YANG modules from the PE1 router.
Activity
Step 1 In the Cisco YANG Suite, create the XR 7.5.1–Interfaces YANG module set with the Cisco-
IOS-XR-ifmgr-cfg module.
In the Cisco YANG Suite, navigate to Setup and then choose YANG module sets. The
Manage YANG module sets window will open. Click the New YANG set button, type the
name XR 7.5.1–Interfaces, and click the Create YANG set button.
The new YANG set is created. Add the Cisco-IOS-XR-ifmgr-cfg module from the right
window to the left window. You can use the filtering option, choose the module, and then click
the Add selected button.
In the right window, you will see the Missing dependencies message. Click the Locate and add
missing dependencies button, and extra modules will be added. The module set is complete.
Step 2 In the Cisco YANG Suite, use the NETCONF protocol to examine the PE1 router interface
configuration.
In the Cisco YANG Suite, navigate to Protocols and then choose NETCONF. The NETCONF
window will open. Choose the XR 7.5.1–Interfaces YANG Set and the Cisco-IOS-XR-ifmgr-
cfg module. Click the Load Module(s) button to load the selected module.
Step 3 In the Cisco YANG Suite, build RPC to get the interface configuration from the PE1 router.
In the NETCONF window, choose the get-config operation, then PE1 device, expand the
Cisco-IOS-XR-ifmgr-cfg tree, expand and choose interface-configuration tree, and check the
check box in the Value column. Click the </> Build RPC button to create RPC in the right
window as shown in the figure.
Step 4 In the Cisco YANG Suite, run RPC to get the interface configuration from the PE1 router.
In the new browser tab, scroll down and examine the received message from the host and
interface configuration from the PE1 router.
Step 5 In the Cisco YANG Suite, build RPC to get only the Loopback0 interface configuration from
the PE1 router.
In the NETCONF window, expand the interface-configuration tree, choose the interface-
name node, and type Loopback0 in the Value column. Click the </> Build RPC button to
create RPC in the right window as shown in the figure.
Step 6 In the Cisco YANG Suite, run RPC to get only the Loopback0 interface configuration from the
PE1 router.
In the new browser tab, scroll down and examine the received message from the host and
Loopback0 interface configuration from the PE1 router.
• You have retrieved partial configurations by using subtree filtering.
Task 4: Edit Device Configuration by Using Model-

Driven Programmability
The purpose of this task is to edit device configurations by using model-driven programmability. To
perform this task, you will use the Cisco YANG Suite installed on the jump host. You will shutdown the
Loopback0 interface on the PE1 router.
The Cisco YANG Suite has all YANG modules from the PE1 router. You will use an already created XR
7.5.1–Interfaces YANG module set.
Activity
Step 1 In the Cisco YANG Suite, use the NETCONF protocol, choose the XR 7.5.1–Interfaces YANG
Set, and the Cisco-IOS-XR-ifmgr-cfg module.
In the Cisco YANG Suite, navigate to the Protocols and then choose NETCONF. The
NETCONF window will open. Choose the XR 7.5.1–Interfaces YANG Set and the Cisco-IOS-
XR-ifmgr-cfg module. Click the Load Module(s) button, to load the selected module.
Step 2 In the Cisco YANG Suite, build RPC to shutdown the Loopback0 interface on the PE1 router.
In the NETCONF window, choose the edit-config operation, then the PE1 device, expand the
Cisco-IOS-XR-ifmgr-cfg tree, expand the interface-configuration tree, and change the
following:
• Choose the active node and type act in the Value column.
• Choose the interface-name node and type Loopback0 in the Value column.
• Choose the shutdown node and check the check box in the Value column.
Do not build RPC now.
Step 3 In the Cisco YANG Suite, change the RPC option to add commit RPC after editing the
candidate configuration.
In the NETCONF window, click the RPC Options… button, check the check box, and click the
Continue button.
Click the </> Build RPC button to create RPC in the right window as shown in the figure.
Step 4 In the Cisco YANG Suite, run RPC to shutdown Loopback0 interface configuration from the
PE1 router.
RPC(s) button, to send the RPC request to the device. A new browser tab will open.
In the new browser tab, scroll down and examine the received message from the host.
In the new browser tab, scroll further down and examine commit messages.
Step 5 On the PE1 router, verify the Loopback0 interface configuration.
Access the PE1 router console and use the show running-config interface Loopback 0
command. The Loopback0 interface should be shutdown.
RP/0/RP0/CPU0:PE1# show running-config interface Loopback 0
interface Loopback0
ipv4 address 10.3.3.3 255.255.255.255
ipv6 address 2001::3:3:3:3/128
shutdown
!
• You have edited device configurations by using model-driven programmability.
Task 5: Configure and Verify On-the-Box Automation

The purpose of this task is to configure and verify on-the-box automation on the R0 router. The R0 router is
an emulated Cisco 8201 router with Cisco IOS XR Virtual software.
You will copy automation scripts from GitHub to the jump host and then to the R0 router. You will start
the script and test it.
The administrator has cloned the GitHub repository to the /iosxr-ops/ folder on the jump host. The
administrator has used the git clone Linux command on the jump host.
student@student-vm:~$ git clone https://github.com/CiscoDevNet/iosxr-ops.git

Cloning into 'iosxr-ops'...
remote: Enumerating objects: 286, done.
remote: Counting objects: 100% (5/5), done.
remote: Compressing objects: 100% (3/3), done.
remote: Total 286 (delta 4), reused 2 (delta 2), pack-reused 281
Receiving objects: 100% (286/286), 64.38 KiB | 5.85 MiB/s, done.
Resolving deltas: 100% (144/144), done.
Activity
Step 1 In the jump host, copy the test_config.py file to the R0 router (192.168.122.50).
In the jump host, navigate to the iosxr-ops/config/ folder and use the ls Linux command to
verify that the test_config.py file is present.
student@student-vm:~$ cd iosxr-ops/config/
student@student-vm:~/iosxr-ops/config$ ls
template_config.py test_config.py
student@student-vm:~/iosxr-ops/config$
In the jump host, use the scp Linux command to copy the test_config.py file to the R0 router.
You should copy the file into the /harddisk:/mirror/script-mgmt/config folder on the R0
router.
student@student-vm:~/iosxr-ops/config$ scp test_config.py
cisco@192.168.122.50:/harddisk:/mirror/script-mgmt/config
test_config.py
100% 3209 468.3KB/s 00:00
Connection to 172.16.1.103 closed by remote host.
Step 2 On the R0 router, verify the content of the test_config.py file.
On the R0 router, use the run command to enter the Linux bash shell. Navigate to the
harddisk:/mirror/script-mgmt/config folder.
[node0_RP0_CPU0:/]$ cd harddisk:/mirror/script-mgmt/config
[node0_RP0_CPU0:/harddisk:/mirror/script-mgmt/config]$ ls
test_config.py
On the R0 router, use the more Linux command to examine the test_config.py file content.
[node0_RP0_CPU0:/harddisk:/mirror/script-mgmt/config]$ more test_config.py
# Copyright (c) 2021 by Cisco Systems, Inc.
# All rights reserved.
"""
Validate user configuration on loopback interface.
It checks for IP address to be in a certain range else shows an error and checks for
netmask, if netmask does not match the validati
on the script changes it.
Configuration to enable this feature:

configuration validation scripts
Please follow README.MD to add and configure this script.
The loopback used in this script is Loopback 21041989 but you can change it by
modifying the global variable loopback.
To test script try configuration other than 100.0.0.0 network and mask other than 32:
RP/0/RP0/CPU0:ios(config)#int loopback 21041989

RP/0/RP0/CPU0:ios(config-if)#ipv4 address 10.10.10.10/24
RP/0/RP0/CPU0:ios(config-if)#commit
Tue Jun 22 16:55:27.392 UTC
% Failed to commit one or more configuration items during an atomic operation. No

changes have been made. Please issue 'show configu
ration failed if-committed' from this session to view the errors
RP/0/RP0/CPU0:ios(config-if)#show configuration failed
Tue Jun 22 16:55:33.104 UTC
!! SEMANTIC ERRORS: This configuration was rejected by
!! the system due to semantic errors. The individual
!! errors with each failed configuration command can be
!! found below.
ipv4 address 10.10.10.10 255.255.255.0
!!% ERROR: Invalid ip address, please add in range 100.0.0.0/8
!
end
RP/0/RP0/CPU0:ios(config)#int loopback 21041989

RP/0/RP0/CPU0:ios(config-if)#ipv4 address 100.100.100.100/24
RP/0/RP0/CPU0:ios(config-if)#validate config-scripts apply-policy-modifications
Tue Jun 22 16:57:24.061 UTC
% Policy modifications were made to target configuration, please issue 'show

configuration' from this session to view the resulting
configuration
RP/0/RP0/CPU0:ios(config-if)#show configuration
Tue Jun 22 16:57:26.804 UTC
!! IOS XR Configuration 7.5.1.09I
ipv4 address 100.100.100.100 255.255.255.255
!
end
"""
import cisco.config_validation as xr
import ipaddress
from cisco.script_mgmt import xrlog

syslog = xrlog.getSysLogger('xr_cli_config')
loopback = 'Loopback21041989'
network = "100.0.0.0/8"
mask = "255.255.255.255"
def check_loopback(root):
int_config = root.get_node("/ifmgr-cfg:interface-configurations/interface-
configuration[active='act',interface-name='%s']" %loop
back)
if int_config:
ip_address = int_config.get_node("ipv4-io-cfg:ipv4-
network/addresses/primary/address")
syslog.info("ipaddress is " + ip_address.value)
syslog.info(str(ipaddress.ip_address(ip_address.value) not in
ipaddress.ip_network(network)))
if ipaddress.ip_address(ip_address.value) not in ipaddress.ip_network(network):
xr.add_error(ip_address,"Invalid ip address, please add in range "+
network)
netmask = int_config.get_node("ipv4-io-cfg:ipv4-
network/addresses/primary/netmask")
syslog.info(netmask.value)
if netmask.value != mask:
netmask.set_node(None,mask)
xr.register_validate_callback(["/ifmgr-cfg:interface-configurations/interface-
configuration/ipv4-io-cfg:ipv4-network/addresses/prima
ry/*"],check_loopback)
Step 3 On the R0 router, copy the checksum value of the test_config.py file.
On the R0 router, use the sha256sum command to get the checksum of the test_config.py file.
Copy the checksum value for later use.
[node0_RP0_CPU0:/harddisk:/mirror/script-mgmt/config]$ sha256sum test_config.py
63a59a20a381439f679460cbfaf0018ce592ceb7487a0364545ae3bd3d48ee17 test_config.py
On the R0 router, use the exit command to exit from the Linux bash shell into IOS XR mode.
[xr-vm_node0_RP0_CPU0:/harddisk:/mirror/script-mgmt/config]$ exit
logout
RP/0/RP0/CPU0:PE1#
Step 4 On the R0 router, enable the configuration script validation.

On the R0 router, use the configuration validation scripts command.
RP/0/RP0/CPU0:R0(config)# configuration validation scripts
RP/0/RP0/CPU0:R0#
Step 5 On the R0 router, start the test_config.py script.
On the R0 router, use the script config command. Use the SHA256 checksum value copied
previously.
RP/0/RP0/CPU0:R0(config)# script config test_config.py checksum shA256
63a59a20a381439f679460cbfaf0018ce592ceb7487a0364545ae3bd3d48ee17
RP/0/RP0/CPU0:R0#
Step 6 On the R0 router, test the configuration script by configuring the Loopback21041989 interface.
On the R0 router, use the following commands.

RP/0/RP0/CPU0:R0(config)# interface Loopback21041989
RP/0/RP0/CPU0:R0(config-if)# ipv4 address 10.10.10.10 255.255.255.0
% Failed to commit one or more configuration items during an atomic operation. No

changes have been made. Please issue 'show configuration failed if-committed' from this
session to view the errors
Step 7 On the R0 router, examine the reason of the commit failure.
On the R0 router, use the show configuration failed if-committed command to examine the
reason of the failure.
RP/0/RP0/CPU0:R0(config-if)# show configuration failed if-committed
!! SEMANTIC ERRORS: This configuration was rejected by
!! the system due to semantic errors. The individual
!! errors with each failed configuration command can be
!! found below.
script config test_config.py checksum SHA256

63a59a20a381439f679460cbfaf0018ce592ceb7487a0364545ae3bd3d48ee17
ipv4 address 10.10.10.10 255.255.255.255
!
end
Step 8 On the R0 router, configure the Loopback21041989 interface in the correct range.
On the R0 router, configure the Loopback21041989 interface with an IP address in the range
100.0.0.0/8. You should see that commit is successful now.
RP/0/RP0/CPU0:R0(config-if)# ipv4 address 100.10.10.10 255.255.255.0
RP/0/RP0/CPU0:R0#
Step 9 On the R0 router, verify the script status.
On the R0 router, use the show script status detail command.

RP/0/RP0/CPU0:R0# show script status detail
=======================================================================================
===============
Name | Type | Status | Last Action | Action
Time
---------------------------------------------------------------------------------------
---------------
test_config.py | config | Ready | NEW | Tue May 17
11:28:43 2022
---------------------------------------------------------------------------------------
---------------
Script Name : test_config.py
Checksum : 63a59a20a381439f679460cbfaf0018ce592ceb7487a0364545ae3bd3d48ee17
Script Description: Validate user configuration on loopback interface.
Script Arguments :
History:
--------
1. Action : NEW
Time : Tue May 17 11:28:43 2022
Checksum : 63a59a20a381439f679460cbfaf0018ce592ceb7487a0364545ae3bd3d48ee17
Description : User action IN_CLOSE_WRITE
=======================================================================================
===============
Step 10 On the R0 router, check the syslog output for the count of errors, warnings, and modifications.
On the R0 router, use the show logging command.

RP/0/RP0/CPU0:R0# show logging | include Error
RP/0/RP0/CPU0:May 17 11:41:22.674 UTC: ccv[413]: %MGBL-CCV-6-
CONFIG_SCRIPT_CALLBACK_EXECUTED : The function check_loopback registered by the config
script test_config.py was executed in 0.000 seconds. Error/Warning/Modification counts:
0/0/0
< output omitted >
• You have configured and verified on-the-box automation.
1. Which Cisco IOS XR command enables netconf-yang for ssh transport?
A. netconf-yang agent ssh
B. netconf-yang ssh
C. ssh server netconf port 830
D. ssh server netconf vrf default
2. Which Cisco IOS XR command enables configuration script validation?
A. configuration validation scripts
B. validation scripts
C. validation scripts config
D. validation scripts configuration
Discovery 17: Configure and Verify Application
Hosting Within a Docker Container
Introduction
In this lab exercise, you will run iPerf3 in a Docker container and verify the application hosted in the
Docker container. At the end of the lab exercise, you will remove iPerf3 from a Docker container.
Activity Objective
• Run the iPerf3 in a Docker container
• Verify the application hosted in the Docker container
Visual Objective
interface.
Topology
Job Aid
IP Addresses
The following are IP addresses used in the lab:

R0 MgmtEth0 192.168.122.50/24
Jumphost 192.168.122.1/24
Task 1: Deploy iPerf3 in a Docker Container

The purpose of this task is to deploy an iPerf3 in a Docker container on a Cisco IOS XR router. You will
create a tarball (TAR archive) of a Docker container and deploy the tarball on the Cisco IOS XR router.
The administrator has downloaded the networkstatic/iperf3 Docker image from a public registry to the jump
host. The administrator has used the docker pull Linux command in the jump host.
student@student-vm:~$ sudo docker pull networkstatic/iperf3

Using default tag: latest
latest: Pulling from networkstatic/iperf3
5eb5b503b376: Pull complete
2cdcfe59fc45: Pull complete
Digest: sha256:e9bbc8312edff13e2ecccad0907db4b35119139e133719138108955cf07f0683
Status: Downloaded newer image for networkstatic/iperf3:latest
docker.io/networkstatic/iperf3:latest
Activity
Step 1 In the jump host, list all Docker images.
Use the sudo docker images Linux command. You should see the networkstatic/iperf3 Docker
image, as shown.
student@student-vm:~$ sudo docker images
REPOSITORY TAG IMAGE ID CREATED SIZE
repo latest 41e0e0bf5113 12 hours ago 250MB
rockylinux latest c830f8e8f82b 3 months ago 205MB
networkstatic/iperf3 latest fabb5b6dba19 3 months ago 81.6MB
hello-world latest feb5d9fea6a5 8 months ago 13.3kB
Step 2 In the jump host, create a Docker image tar ball by using the networkstatic/iperf3 Docker
image.
Use the sudo docker save Linux command, to create iperf3.tar file.
student@student-vm:~$ sudo docker save networkstatic/iperf3 > iperf3.tar
Step 3 In the jump host, verify that the tar ball was created.
Use the ls -l Linux command. You should see the iperf3.tar file.
student@student-vm:~$ ls -l
total 83264
drwxrwxr-x 3 student student 4096 Mar 25 17:27 8K
drwxr-xr-x 2 student student 4096 Apr 24 2019 Desktop
drwxr-xr-x 2 student student 4096 Apr 24 2019 Documents
drwxr-xr-x 2 student student 4096 Jun 12 2019 Downloads
-rw-r--r-- 1 student student 8980 Mar 8 2019 examples.desktop
drwxr-xr-x 3 student student 4096 Mar 21 04:07 GNUstep
-rw-rw-r-- 1 student student 85185024 May 23 11:02 iperf3.tar
< output omitted >
Step 4 In the jump host, copy the iperf3.tar file to the R0 router (192.168.122.50).
In the jump host, use the scp Linux command to copy the iperf3.tar file to the R0 router. You
should copy the file into the /misc/scratch/ folder on the R0 router.
student@student-vm:~$ scp iperf3.tar cisco@192.168.122.50:/misc/scratch/iperf3.tar
iperf3.tar
100% 81MB 37.2MB/s 00:02
Step 5 On the R0 router, verify that the iperf3.tar file is copied correctly.
On the R0 router, use the run command to enter the Linux bash shell. Navigate to the
/misc/scratch/folder and use the ls Linux command. You should see the iperf3.tar file.
[node0_RP0_CPU0:/]$ cd misc/scratch/
[node0_RP0_CPU0:/misc/scratch]$ ls
clihistory core envoke_log iperf3.tar npu_drvr_cfg pam status_file ztp
config crypto id_rsa.bin lost+found nvgen_traces shutdown syslog-hm
Step 6 On the R0 router, list all Docker images.
On the R0 router, use the docker images Linux command. Currently, there are no Docker
images.
[node0_RP0_CPU0:/misc/scratch]$ docker images
[node0_RP0_CPU0:/misc/scratch]$
Step 7 On the R0 router, verify that the Docker daemon is installed.
On the R0 router, use the docker ps Linux command. The Docker is running, but currently,
there are no Docker containers.
[node0_RP0_CPU0:/misc/scratch]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS
PORTS NAMES
Step 8 On the R0 router, load the iperf3.tar Docker image.

On the R0 router, use the docker load Linux command. The Docker image will load.
[node0_RP0_CPU0:/misc/scratch]$ docker load < /misc/scratch/iperf3.tar
7d0ebbe3f5d2: Loading layer [==================================================>]
83.88MB/83.88MB
7d6bd4ab95ce: Loading layer [==================================================>]
1.291MB/1.291MB
Loaded image: networkstatic/iperf3:latest
Step 9 On the R0 router, verify that the Docker image was loaded.
On the R0 router, use the docker images Linux command. The networkstatic/iperf3 Docker
images were loaded as shown.
[node0_RP0_CPU0:/misc/scratch]$ docker images
networkstatic/iperf3 latest fabb5b6dba19 2 months ago
81.6MB
[node0_RP0_CPU0:/misc/scratch]$ exit
logout
RP/0/RP0/CPU0:R0#
• You have listed Docker images.
• You have created a Docker image tar ball.
• You have loaded the Docker image.
Task 2: Verify the Application Hosted in the Docker

Container
iPerf3 is a tool for active measurements of the maximum achievable bandwidth on IP networks. For each
test, it reports the bandwidth, loss, and other parameters.
In this task, you will verify the iPerf3 application hosted in the Docker container. You will run the test,
where the R0 router will play the role of the server and jump host will play the role of and client.
To test bandwidth between jump host and R0 router, start a server (listener) on the R0 router, and start a
client (initiator) on the jump host.
Activity
Step 1 On the R0 router, configure Loopback0 interface with IP address 10.0.0.1/32. This IP address
will be used by the networkstatic/iperf3 Docker image.

RP/0/RP0/CPU0:R0(config)# interface Loopback 0
RP/0/RP0/CPU0:R0(config-if)# ipv4 address 10.0.0.1/32
RP/0/RP0/CPU0:R0#
Step 2 On the R0 router, enter the Linux bash shell and spin-up the networkstatic/iperf3 Docker
image.
On the R0 router, use the run command to enter the Linux bash shell. Use the docker run Linux
command and use the following values:
• Use the -it option interactively.
• Use the --rm option for automatic removal of the container on the exit.
• Use the -p option with the 5201:5201 value for publishing a container's port to the host.
• Use the networkstatic/iperf3 value for the image started.
• Use the --help option for the print of the usage.
[node0_RP0_CPU0:~]$ docker run -it --rm -p 5201:5201 networkstatic/iperf3 --help
Usage: iperf3 [-s|-c host] [options]
iperf3 [-h|--help] [-v|--version]
Server or Client:
-p, --port # server port to listen on/connect to
-f, --format [kmgtKMGT] format to report: Kbits, Mbits, Gbits, Tbits
-i, --interval # seconds between periodic throughput reports
Server specific:
-s, --server run in server mode
-D, --daemon run the server as a daemon
-I, --pidfile file write PID file
-1, --one-off handle one client connection then exit
< output omitted >
Client specific:
-c, --client <host> run in client mode, connecting to <host>
--sctp use SCTP rather than TCP
-X, --xbind <name> bind SCTP association to links
< output omitted >
Step 3 On the R0 router, start a listener service on IP address 10.0.0.1 and port 5201 and name the
container iperf3-server.
On the R0 router, use the docker run Linux command and use the following values:
• Use the --name option with the iperf3-server value to name the Docker container.
• Use the -p option with the 10.0.0.1:5201:5201 value for publishing a container's IP address
and port to the host.
• Use the -s option to run iPerf in the server mode.
[node0_RP0_CPU0:~]$ docker run -it --rm --name=iperf3-server -p 10.0.0.1:5201:5201
networkstatic/iperf3 -s
-----------------------------------------------------------
Server listening on 5201
-----------------------------------------------------------
This command returns an iperf3 process bound to a socket waiting for new connections. Leave
the R0 router session opened.
Step 4 On the jump host, add static route to reach IP address 10.0.0.1 via the R0 router management
interface.
On the jump host, use the sudo ip route add Linux command.
student@student-vm:~$ sudo ip route add 10.0.0.1/32 via 192.168.122.50
Step 5 On the jump host, initiate an iPerf3 client connection to measure the bandwidth to the R0
router.
On the jump host, run the iPerf3 client pointing at the R0 router iPerf3 server IP address. Use
the sudo docker run Linux command and use the following values:
• Use the -c option to run iPerf in client mode.
• Use the 10.0.0.1 value, to reach the iPerf3 server IP address on the R0 router.
student@student-vm:~$ sudo docker run -it --rm networkstatic/iperf3 -c 10.0.0.1
Connecting to host 10.0.0.1, port 5201
[ 4] local 192.168.122.1 port 56670 connected to 10.0.0.1 port 5201
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 4] 0.00-1.00 sec 77.3 MBytes 648 Mbits/sec 0 3.03 MBytes
[ 4] 1.00-2.00 sec 103 MBytes 867 Mbits/sec 0 3.03 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 881 MBytes 739 Mbits/sec 0 sender
[ 4] 0.00-10.00 sec 881 MBytes 739 Mbits/sec receiver
iperf Done.
Observe the iPerf3 client output. The iPerf client shows sender and receiver statistics. You
should see the measurement interval (Interval column), size of the transfer (Transfer column),
speed (Bitrate column), retransmitted TCP packets (Retr), and congestion window (Cwnd
column).
Step 6 On the R0 router, observe the iPerf3 server output.

The R0 router session should look as follows:
-----------------------------------------------------------
-----------------------------------------------------------
Accepted connection from 192.168.122.1, port 56668
[ ID] Interval Transfer Bitrate
[ 5] 0.00-1.00 sec 69.9 MBytes 586 Mbits/sec
[ 5] 1.00-2.00 sec 104 MBytes 871 Mbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
-----------------------------------------------------------
-----------------------------------------------------------
The iPerf server only shows receiver statistics.
Step 7 On the R0 router, exit and shut the networkstatic/iperf3 Docker container.
In the R0 router, use the Ctrl-C keys. The iPerf3 server session is terminated.
-----------------------------------------------------------
-----------------------------------------------------------
^Ciperf3: interrupt - the server has terminated
[node0_RP0_CPU0:~]$
The networkstatic/iperf3 Docker container will automatically shut down.
Step 8 On the R0 router, verify that the networkstatic/iperf3 Docker container is no longer running.
On the R0 router, use the docker ps command. The networkstatic/iperf3 Docker container is
no longer running.
[node0_RP0_CPU0:~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS
PORTS NAMES
[node0_RP0_CPU0:~]$
Step 9 Optionally, you can run Docker container on the R0 router with detach option. On the R0 router,
start a listener service on IP address 10.0.0.1 and port 5201 and name the container iperf3-
server.
On the R0 router, use the docker run Linux command and use the following values:
• Use the -d option detach, to run container in the background and print container ID.
• Other values are the same as before.
[node0_RP0_CPU0:~]$ docker run -d --rm --name=iperf3-server -p 10.0.0.1:5201:5201
networkstatic/iperf3 -s
93cf9cfb734d4ff3dc5bba8fe998a162f1aadb2391de8d8ab95b459bdbb6c240
This command starts container and prints container ID.

On the R0 router, use the docker ps command. The networkstatic/iperf3 Docker container is
running.
[node0_RP0_CPU0:~]$ docker ps
CONTAINER ID IMAGE COMMAND CREATED
STATUS PORTS NAMES
5d5662741cde networkstatic/iperf3 "iperf3 -s" 2 minutes ago Up 2
minutes 10.0.0.1:5201->5201/tcp iperf3-server
[node0_RP0_CPU0:~]$
From the jump host, repeat iperf3 client test.

student@student-vm:~$ sudo docker run -it --rm networkstatic/iperf3 -c 10.0.0.1
Connecting to host 10.0.0.1, port 5201
[ ID] Interval Transfer Bandwidth Retr Cwnd
< output omitted >
On the R0 router, use the docker logs Linux command, to print iperf3-server logs.
[node0_RP0_CPU0:~]$ docker logs iperf3-server
< output omitted >
On the R0 router, use the docker stop Linux command, to stop iperf3-server container.
[node0_RP0_CPU0:~]$ docker stop iperf3-server
iperf3-server
Step 10 On the R0 router, remove the networkstatic/iperf3 Docker image.
On the R0 router, use the docker rmi command.

[node0_RP0_CPU0:~]$ docker rmi networkstatic/iperf3
Untagged: networkstatic/iperf3:latest
Deleted: sha256:fabb5b6dba19656aee1487d4caa90763b9a6dbd2abde3ee29785b1c47aa107ae
Deleted: sha256:84785d40074af25b4d0f2973b6f2aaf12eae043d55d7d54895f15e0f54fb0e36
Deleted: sha256:7d0ebbe3f5d26c1b5ec4d5dbb6fe3205d7061f9735080b0162d550530328abd6
[node0_RP0_CPU0:~]$
Step 11 On the R0 router, verify that the networkstatic/iperf3 Docker image was removed.
On the R0 router, use the docker images command. There should be no networkstatic/iperf3
Docker images.
[node0_RP0_CPU0:~]$ docker images
[node0_RP0_CPU0:~]$
Step 12 On the R0 router, delete the iperf3.tar file from the /misc/scratch directory.

[node0_RP0_CPU0:/]$ cd /misc/scratch/
[node0_RP0_CPU0:/misc/scratch]$ rm iperf3.tar
[node0_RP0_CPU0:/misc/scratch]$ exit
logout
RP/0/RP0/CPU0:R0#
• You have spun-up the networkstatic/iperf3 Docker image.
• You have started the networkstatic/iperf3 listener service.
• You have listed the Docker running images.
• You have initiated a networkstatic/iperf3 client connection.
• You have exited and shut the networkstatic/iperf3 Docker container.
• You have removed the networkstatic/iperf3 Docker image.
1. Which Docker command flag destroys the container after the test has been completed?
A. The --rm flag
B. The -it flag
C. The -p flag
D. The -s flag
Answer Key
Discovery 1: Investigate and Monitor Cisco 8000 Series
Hardware
1. B
Discovery 2: Troubleshoot Traffic through the Cisco 8000

Router
1. C
Discovery 3: Cisco IOS XR Software Installation

1. A, B
Discovery 4: Configure and Verify ZTP

1. C
Discovery 5: Configure and Verify Multiprotocol Label

Switching
1. A, B, C, D
Discovery 6: Configure and Verify Segment Routing

1. B
Discovery 7: Configure and Verify SR TI-LFA Using IS-IS

1. D
Discovery 8: Configure and Verify SR TI-LFA Using OSPF

1. D
Discovery 9: Configure and Verify SR-TE Using IS-IS
1. B
Discovery 10: Configure and Verify SR-TE Using OSPF

1. B
Discovery 11: Configure and Verify Basic EVPN

1. A
Discovery 12: Configure and Verify Layer 3 VPN

1. B
Discovery 13: Configure and Verify ODN and Flexible

Algorithm
1. A
2. A
Discovery 14: Configure and Verify SRv6

1. A
Discovery 15: Configure and Verify Model-Driven Telemetry

1. C
Discovery 16: Configure and Verify Devices by Using Model-

Driven Programmability
1. A
2. A, B, C, D
Discovery 17: Configure and Verify Application Hosting Within
a Docker Container
1. A

MPLS Segment Routing

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

MPLS Segment Routing

Uploaded by

Copyright:

Available Formats

Section 1: SP8KE v.1.

Device Username Password

Cisco 8808 Series router cisco cisco123

Jump host student 1234QWer

The following table shows IP addresses used in the lab:

Device Interface IPv4 Address

Task 1: Verify Software Version on Cisco 8000 Series

For this activity, complete the following steps:

cisco 8000 (VXR)

Step 2 Display the installed committed software packages.

Software Hash: 96e10cd837680f1c840993ce1f5492094ec755376c5c0b00b7c8a63937bdada9

Step 3 Display the installed active software packages.

Software Hash: 96e10cd837680f1c840993ce1f5492094ec755376c5c0b00b7c8a63937bdada9

Task 2: Verify Status of Hardware Modules on Cisco

For this activity, complete the following steps:

NAME: "Rack 0", DESCR: "Cisco 8808 8-slot Chassis"

NAME: "0/RP0/CPU0", DESCR: "SF-D Route Processor"

NAME: "0/RP1/CPU0", DESCR: "SF-D Route Processor"

NAME: "0/FC0", DESCR: "Cisco 8808 Fabric Card"

Step 2 On the R0 router, display the hardware installed.

You can repeat this command for other modules.

Step 5 Display the redundancy status of the redundant power supply.

Reload and boot info

Active node reload ""

Step 7 On the R0 router, display the interfaces discovered by the system.

Interface IP-Address Status Protocol Vrf-Name

Step 8 On the R0 router, display the current system time.

Task 3: Verify Environmental and Power Management

For this activity, complete the following steps:

Step 2 Display the environmental parameters that can be selected.

Power Supply -------Input-------- -----Output--- Status

Total of Power Modules: 10579W/43.2A 6548W/120.6A

Step 5 Display the fan status on all fan trays.

0/FT0 8808-FAN 11971 11973 11975 11941

Step 6 Display the LED information for all router slots.

Task 4: Verify Processor and Memory Utilization on

For this activity, complete the following steps:

Step 1 On the R0 router, display CPU and core processor usage.

PID 1Min 5Min 15Min Process

PID 1Min 5Min 15Min Process

Step 2 On the R0 router, display a graph of sustained CPU utilization.

Step 3 On the R0 router, display the state of memory usage.

For this activity, complete the following steps:

Step 1 On the R0 router, display interface brief information.

Interface IP-Address Status Protocol Vrf-Name

Step 2 On the R0 router, display interface FourHundredGigE0/0/0/1 configuration.

Note The commit process may take some time.

On the R0 router, use the show running-config command. The interface

Step 5 On the R0 router, display interface brief information again.

Interface IP-Address Status Protocol Vrf-Name

On the R0 router, use the following commands.

On the R0 router, display the interface in the running configuration.

Step 7 On the R0 router, display optics controller for interface HundredGigE0/0/0/1/0.

Controller State: Down

Transport Admin State: In Service

Laser State: Off

Optics not present

Priority flow control information for interface HundredGigE0/0/0/1/0:

Priority Flow Control:

Priority flow control watchdog configuration:

Priority flow control watchdog statistics:

Input total packets = 0

Device Username Password