Carrier Grade IPv6 over Integrated Services Module (ISM) This module describes how to implement the Carrier Grade IPv6 (CGv6) over Integrated Services Module ( ISM). • Cisco Integrated Service Module, page 1 • Implementing NAT 44 over ISM, page 3 • Implementing NAT 64 over ISM, page 6 • CGv6 Applications, page 11 • Policy Functions, page 17 • External Logging, page 20 • Configuring CGv6 on Cisco IOS XR Software, page 21 • Configuring MAP-E, page 99 • Configuring MAP-T, page 115 • Configuring High Availability, page 153 • Configuration Examples for Implementing the Carrier Grade NAT, page 155 Cisco Integrated Service Module Cisco Integrated Service Module (ISM) is a physical line interface module (PLIM) that provides a highly scalable modular services delivery platform for delivering multiple types of services. ISM is designed to deliver flexible and highly scalable service integration that allows operational efficiency, service flexibility, and faster time to market. The module offers the architectural advantages of integration with the routing system. Solution Components These are the solution components of the Cisco Integrated Service Module (ISM). Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 1
166
Embed
Carrier Grade IPv6 over Integrated Services Module (ISM)€¦ · Carrier Grade IPv6 over Integrated Services Module (ISM) module. Installing Carrier Grade IPv6 on ISM Software...
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Carrier Grade IPv6 over Integrated ServicesModule (ISM)
This module describes how to implement the Carrier Grade IPv6 (CGv6) over Integrated Services Module( ISM).
• Cisco Integrated Service Module, page 1
• Implementing NAT 44 over ISM, page 3
• Implementing NAT 64 over ISM, page 6
• CGv6 Applications, page 11
• Policy Functions, page 17
• External Logging, page 20
• Configuring CGv6 on Cisco IOS XR Software, page 21
• Configuring MAP-E, page 99
• Configuring MAP-T, page 115
• Configuring High Availability, page 153
• Configuration Examples for Implementing the Carrier Grade NAT, page 155
Cisco Integrated Service ModuleCisco Integrated Service Module (ISM) is a physical line interface module (PLIM) that provides a highlyscalable modular services delivery platform for delivering multiple types of services. ISM is designed todeliver flexible and highly scalable service integration that allows operational efficiency, service flexibility,and faster time to market. The module offers the architectural advantages of integration with the routingsystem.
Solution ComponentsThese are the solution components of the Cisco Integrated Service Module (ISM).
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 1
• ASR 9000 with IOS XR
◦High-capacity, carrier-class SP platform with Cisco IOS XR Software
◦Leverages XR infrastructure to divert packets to ISM
◦Uniform, integrated configuration and management
• Integrated Service Module
◦Flexible Linux-based development & test environment
◦Supports required CGv6
◦First IPv6 Transition Strategy
• Integrated Service Module
◦Hardware
◦CGv6 function residing on ISM
◦Intel x86 with 12 CPU cores
◦Software
◦IOS-XR on LC, Linux on Intel CPUs
◦Integrated configuration and management through Cisco IOS XR Software
• Service Virtual Interface (SVI)
◦Two types of Service Virtual Interfaces are used in ISM
◦ServiceInfra SVI
◦ServiceApp SVI
There can be only one ServiceInfra SVI per ISM Slot. This is used for the management plane and is requiredto bring up ISM. This is of local significance within the chassis.
Access lists are not supported on service virtual interfaces.Note
ServiceApp SVI is used to forward the data traffic to the Application. Scale of ISM 244 ServiceApp perchassis is validated. These interfaces can be advertised in IGP/EGP.
Support for Multiple ISM Line CardsCisco IOS XR Software Release 4.2.3 and onwards supports a maximum of six ISM line cards in each CiscoASR 9000 Series Aggregation Services Router chassis. For applications such as NAT44 and DS-Lite, theconfiguration can be independently applied to each ISM line card.
For NAT-44, a maximum of ten million sessions are supported by each ISM line card.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x2
Carrier Grade IPv6 over Integrated Services Module (ISM)Support for Multiple ISM Line Cards
For DS-Lite, a maximum of twenty million sessions are supported by each ISM line card.
No additional configuration is required to support multiple ISM line cards.Note
CGN as Default Application on ISMISM supports CGN as the default application.
Configuring CGN as Default Application on ISMTo configure CGN as the default application, perform these steps.
SUMMARY STEPS
1. Install CGN services.pie.2. Configure the CGN role using hw-module service cgn location <node_id> command.3. Load the CGN Linux image as the default image instead of CDS-IS.4. Reload ISM.
DETAILED STEPS
Step 1 Install CGN services.pie.Step 2 Configure the CGN role using hw-module service cgn location <node_id> command.Step 3 Load the CGN Linux image as the default image instead of CDS-IS.Step 4 Reload ISM.
Implementing NAT 44 over ISMThese sections provide the information about implementation of NAT.
The following figure illustrates the implementation of NAT 44 over ISM
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 3
Carrier Grade IPv6 over Integrated Services Module (ISM)CGN as Default Application on ISM
The components of this illustration are as follows:
• Private IP4 subscribers: It denotes a private network.
• Interface/VLAN: It denotes a designated interface or VLAN which is associated with the VRF.
• Inside VRF: It denotes the VRF that handles packets coming from the subscriber network. It is knownas inside VRF as it forwards packets from the private network.
• App SVI: It denotes an application interface that forwards the data packet to and from the ISM. The datapacket may be sent from another line card through a backplane. Because the ISM card does not have aphysical interface, the APP SVI acts as a logical entry into it.
The inside VRF is bound to an App SVI. There are 2 App SVIs required; one for the inside VRF andthe other one for the outside VRF. Each App SVI pair will be associated with a unique "inside VRF"and a unique public IP address pool. The VRF consists of a static route for forwarding packets to AppSVI1.
• Outside VRF: It denotes the VRF that handles packets going out to the public network. It is known asoutside VRF as it forwards packets from the public network.
• Public IPV4: It denotes a public network.
The following figure illustrates the path of the data packet from a private network to a public network in aNAT implementation.
The packet goes through the following steps when it travels from the private network to the public network:
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x4
Carrier Grade IPv6 over Integrated Services Module (ISM)Implementing NAT 44 over ISM
1 In the network shown in this figure, the packet travels from the host A (having the IP address 10.222.5.55)in the private network to host B (having the IP address 5.5.5.2) in the public network. The private addresshas to be mapped to the public address by NAT44 that is implemented in ISM.
2 The packet enters through the ingress port on the Gigabit Ethernet (GigE) interface at Slot 0. While usingNAT44, it is mandatory that the packet enters through VRF.
3 Once the packet reaches the designated interface or VLAN on ASR9K, it is forwarded to the inside VRFeither through static routing or ACL-based forwarding (ABL). After the inside VRF determines that thepacket needs address translation, it is forwarded to the App SVI that is bound to the VRF.
4 The packet is forwarded by AppSVI1 through a default static route (ivrf1). The destination address andthe port get translated because of the CGN configuration applied on ISM.
5 The ISM applies NAT44 to the packet and a translation entry is created. The CGN determines the destinationaddress from the FIB Look Up. It pushes the packet to the egress port.
6 The packet is then forwarded to the egress port on the interface through App SVI2. An inside VRF ismapped to an outside VRF. The outside VRF is associated with this interface. The packet is forwarded byApp SVI2 through the default static route (ovrf1). Then the packet is sent to the public network.
7 The packets that do not need the address translation can bypass the App SVI and can be forwarded to thedestination through a different static route and a different egress port.
The following figure illustrates the path of the packet coming from the public network to the private network.
The packet goes through the following steps when it travels from the public network to the private network:
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 5
Carrier Grade IPv6 over Integrated Services Module (ISM)Implementing NAT 44 over ISM
1 In the network shown in this figure, the packet travels from the host A (having the IP address 10.222.5.55)in the public network to host B (having the IP address 5.5.5.2) in the private network. The public addresshas to be mapped to the private address by NAT44 that is implemented in ISM.
2 The packet enters through the ingress port on the Gigabit Ethernet (GigE) interface at Slot 0.
3 Once the packet reaches the designated interface or VLAN on ASR9K, it is forwarded to the outside VRFeither through static routing or ACL-based forwarding (ABL).
4 The packet is forwarded by App SVI2 through a default static route. The destination address and the portare mapped to the translated address.
5 The ISM applies NAT44 to the packet. The CGN determines the destination address from the FIB LookUp. It pushes the packet to the egress port.
6 The packet is then forwarded to the egress port on the interface through App SVI2. Then the packet is sentto the private network through the inside VRF.
7 The packets that do not need the address translation can bypass the App SVI and can be forwarded to thedestination through a different static route and a different egress port.
Implementing NAT 64 over ISMThis section explains how NAT64 is implemented over ISM. The figure illustrates the implementation ofNAT64 over ISM.
The components of this implementation are as follows:
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x6
Carrier Grade IPv6 over Integrated Services Module (ISM)Implementing NAT 64 over ISM
• Private IP6 subscribers – It denotes a private network.
• Interface/VLAN- It denotes a designated interface or VLAN which is associated with the VRF.
• Inside VRF – It denotes the VRF that handles packets coming from the subscriber network. It is knownas inside VRF as it forwards packets from the private network.
• App SVI- It denotes an application interface that forwards the data packet to and from the ISM. Thedata packet may be sent from another line card through a backplane. Because the ISM card does nothave a physical interface, the APP SVI acts as a logical entry into it.
The inside VRF is bound to an App SVI. There are 2 App SVIs required; one for the inside VRF andthe other one for the outside VRF. Each App SVI pair will be associated with a unique "inside VRF"and a unique public IP address pool. The VRF consists of a static route for forwarding packets to AppSVI1.
• Outside VRF- It denotes the VRF that handles packets going out to the public network. It is known asoutside VRF as it forwards packets from the public network.
• Public IPV4- It denotes a public network.
The following figure illustrates the path of the data packet from a private network to a public network in aNAT64 implementation.
The packet goes through the following steps when it travels from the private network to the public network:
1 In the network shown in this figure, the packet travels from the host A (having the IP address3001:DB8:E0E:E03::/40) in the private network to host B (having the IP address 11.11.11.2) in the publicnetwork. The private address has to be mapped to the public address by NAT64 that is implemented inISM.
2 The packet enters through the ingress port on the Gigabit Ethernet (GigE) interface at Slot 3.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 7
Carrier Grade IPv6 over Integrated Services Module (ISM)Implementing NAT 64 over ISM
3 Once the packet reaches the designated interface or VLAN on ASR9K, it is forwarded to the inside VRFeither through static routing or ACL-based forwarding (ABL). Based on this routing decision, the packetthat needs address translation is determined and is forwarded to the App SVI that is bound to the VRF.
4 The packet is forwarded by AppSVI1 through a default static route. The destination address and the portget translated because of the CGN configuration applied on ISM.
5 The ISM applies NAT64 to the packet and a translation entry is created. The CGN determines the destinationaddress from the FIB Look Up. It pushes the packet to the egress port.
6 The packet is then forwarded to the egress port on the interface through App SVI2. The packet is forwardedby App SVI2 through the default static route. Then the packet is sent to the public network.
7 The packets that do not need the address translation can bypass the App SVI and can be forwarded to thedestination through a different static route and a different egress port.
The following figure illustrates the path of the packet coming from the public network to the private network.
The packet goes through the following steps when it travels from the public network to the private network:
1 In the network shown in this figure, the packet travels from the host A (having the IP address 11.11.11.2)in the public network to host B (having the IP address 3001:DB8:E0E:E03::) in the private network. Thepublic address has to be mapped to the private address by NAT64 that is implemented in ISM.
2 The packet enters through the ingress port on the Gigabit Ethernet (GigE) interface at Slot 3.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x8
Carrier Grade IPv6 over Integrated Services Module (ISM)Implementing NAT 64 over ISM
3 Once the packet reaches the designated interface or VLAN on ASR9K, it is forwarded to the outside VRFeither through static routing or ACL-based forwarding (ABL). Based on this routing decision, the packetis forwarded to the App SVI that is bound to the VRF.
4 The packet is forwarded by App SVI2 through a default static route. The destination address and the portare mapped to the translated address.
5 The ISM applies NAT64 to the packet. The CGN determines the destination address from the FIB LookUp. It pushes the packet to the egress port.
6 The packet is then forwarded to the egress port on the interface through App SVI2. Then the packet is sentto the private network through the inside VRF.
7 The packets that do not need the address translation can bypass the App SVI and can be forwarded to thedestination through a different static route and a different egress port.
Table 1: Supported Interfaces and Forwarding Features on CGv6
5.3.x5.2.x5.1.x4.3.x
Egress Interfaces
YesYesYesYesPhysical Interface
YesYesYesYesVLANSubinterface
YesYesYesYesBundle Interface
YesYesYesYesBundle Subinterface
NoNoNoNoBVI Interface
YesYesYesNoBNGIP-Subinterface/PPPoE
NoNoNoNoEthernetAttachmentCircuit orPseudowire
NoNoNoNoGRE Tunnel
L3 Unicast Forwarding Features
YesYesYesYesBasic IPv4 IGPForwarding
YesYesYesYesBGP Traffic
YesYesYesYesForwarding in VRF
YesYesYesYesRecursive Routes
NoNoNoNouRPF
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 9
Carrier Grade IPv6 over Integrated Services Module (ISM)Implementing NAT 64 over ISM
5.3.x5.2.x5.1.x4.3.x
NoNoNoNoBGP-PA
MPLS and Fast Reroute (FRR) Support
Note: The ISM card does not generate label for packets. It only processes unlabeled packets.
YesYesYesNoMPLS-TE Paths
YesYesYesYesBasic Labeled Path
YesYesYesNoMPLS-TE Tunnel
NoNoNoNoMPLS-TP Tunnel
YesYesYesNoTE-FRR
NoNoNoNoIP-FRR
NoNoNoNoLDP-FRR orLFA-FRR
Multicast
NoNoNoNoIP Multicast
NoNoNoNoMVPN
NoNoNoNoLabel SwitchedMulticast
ServiceApp Interfaces
YesYesYesYesABF to ServiceAppInterface
NoNoNoNoABF fromServiceAppInterface
NoNoNoNoACLon ServiceAppInterface
NoNoNoNoQoS on ServiceAppInterface
NoNoNoNoLawful Intercept(LI) on Service AppInterface
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x10
Carrier Grade IPv6 over Integrated Services Module (ISM)Implementing NAT 64 over ISM
Note • The table refers to packet handling after CGv6 processing (from ingress to egress).
• The CGv6 application processes only L3 unicast traffic. Other traffic types such as L2 and L3multicast are not supported.
• The forwarding features that are supported are only those where traffic is injected from the CGv6application as an IPv4 or IPv6 packet.
CGv6 ApplicationsThese applications are deployed on the ISM line card.
Network Address Translation (NAT44)Network Address Translation (NAT44) or Carrier Grade Network Address Translation (CGN) is a large scaleNAT that is capable of providing private IPv4 to public IPv4 address translation in the order of millions oftranslations to support a large number of subscribers, and at least 10 Gbps full-duplex bandwidth throughput.
CGN is a workable solution to the IPv4 address completion problem, and offers a way for service providersubscribers and content providers to implement a seamless transition to IPv6. CGN employs network addressand port translation (NAPT) methods to aggregate many private IP addresses into fewer public IPv4 addresses.For example, a single public IPv4 address with a pool of 32 K port numbers supports 320 individual privateIP subscribers assuming each subscriber requires 100 ports. For example, each TCP connection needs oneport number.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 11
Carrier Grade IPv6 over Integrated Services Module (ISM)CGv6 Applications
A Network Address Translation (NAT) box is positioned between private and public IP networks that areaddressed with non-global private addresses and a public IP addresses respectively. A NAT performs the taskof mapping one or many private (or internal) IP addresses into one public IP address by employing bothnetwork address and port translation (NAPT) techniques. The mappings, otherwise referred to as bindings,are typically created when a private IPv4 host located behind the NAT initiates a connection (for example,TCP SYN) with a public IPv4 host. The NAT intercepts the packet to perform these functions:
• Rewrites the private IP host source address and port values with its own IP source address and portvalues
• Stores the private-to-public binding information in a table and sends the packet. When the public IP hostreturns a packet, it is addressed to the NAT. The stored binding information is used to replace the IPdestination address and port values with the private IP host address and port values.
Traditionally, NAT boxes are deployed in the residential home gateway (HGW) to translate multiple privateIP addresses. The NAT boxes are configured on multiple devices inside the home to a single public IP address,which are configured and provisioned on the HGW by the service provider. In enterprise scenarios, you canuse the NAT functions combined with the firewall to offer security protection for corporate resources andallow for provider-independent IPv4 addresses. NATs have made it easier for private IP home networks toflourish independently from service provider IP address provisioning. Enterprises can permanently employprivate IP addressing for Intranet connectivity while relying on a few NAT boxes, and public IPv4 addressesfor external public Internet connectivity. NAT boxes in conjunction with classic methods such as ClasslessInter-Domain Routing (CIDR) have slowed public IPv4 address consumption.
Network Address and Port MappingNetwork address and port mapping can be reused to map new sessions to external endpoints after establishinga first mapping between an internal address and port to an external address. These NAT mapping definitionsare defined from RFC 4787:
• Endpoint-independent mapping—Reuses the port mapping for subsequent packets that are sent fromthe same internal IP address and port to any external IP address and port.
• Address-dependent mapping—Reuses the port mapping for subsequent packets that are sent from thesame internal IP address and port to the same external IP address, regardless of the external port.
CGN on ISM implements Endpoint-Independent Mapping.Note
Translation FilteringRFC 4787 provides translation filtering behaviors for NATs. These options are used by NAT to filter packetsoriginating from specific external endpoints:
• Endpoint-independent filtering—Filters out only packets that are not destined to the internal addressand port regardless of the external IP address and port source.
• Address-dependent filtering—Filters out packets that are not destined to the internal address. Inaddition, NAT filters out packets that are destined for the internal endpoint.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x12
• Address and port-dependent filtering—Filters out packets that are not destined to the internal address.In addition, NAT filets out packets that are destined for the internal endpoint if the packets were notsent previously.
Dual Stack LiteThe Dual Stack Lite (DS-Lite) feature enables legacy IPv4 hosts and server communication over both IPv4and IPv6 networks. Also, IPv4 hosts may need to access IPv4 internet over an IPv6 access network. The IPv4hosts will have private addresses which need to have network address translation (NAT) completed beforereaching the IPv4 internet. The Dual Stack Lite application has these components:
• Basic Bridging BroadBand Element (B4): This is a Customer Premises Equipment (CPE) router thatis attached to the end hosts. The IPv4 packets entering B4 are encapsulated using a IPv6 tunnel and sentto the Address Family Transition Router (AFTR).
• Address Family Transition Router(AFTR): This is the router that terminates the tunnel from the B4.It decapsulates the tunneled IPv4 packet, translates the network address and routes to the IPv4 network.In the reverse direction, IPv4 packets coming from the internet are reverse network address translatedand the resultant IPv4 packets are sent the B4 using a IPv6 tunnel.
The Dual Stack Lite feature helps in these functions:
1 Tunnelling IPv4 packets from CE devices over IPv6 tunnels to the CGSE blade.
2 Decapsulating the IPv4 packet and sending the decapsulated content to the IPv4 internet after completingnetwork address translation.
3 In the reverse direction completing reverse-network address translation and then tunnelling them overIPv6 tunnels to the CPE device.
IPv6 traffic from the CPE device is natively forwarded.
VSM scale numbers supported in Dual Stack Lite
Dual Stack Lite supports the following VSM scale number:
Value per ASR9K Chassiswith VSM
Value per VSMParameter Name
80 MillionsDS-Lite Sessions
Scalability and Performance of DS Lite• Supports a total of 60 million translations.
• Number of unique users behind B4 router, basically IPv6 and IPv4 Source tuple, can scale to 1 million.
• There is no real limit to the number of B4 routers and their associated tunnels connecting to the AFTR,except the session limit, which is 20 million B4 routers (assuming each router has only one session). Inreality, a maximum of 1 million B4 routers can connect to an AFTR at any given time.
• The performance of DS-Lite traffic, combined IPv4 and IPv6, is 39 Gbps.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 13
Carrier Grade IPv6 over Integrated Services Module (ISM)Dual Stack Lite
Stateful NAT64The Stateful NAT64 (Network Address Translation 64) feature provides a translationmechanism that translatesIPv6 packets into IPv4 packets and vice versa. NAT64 allows IPv6-only clients to contact IPv4 servers usingunicast UDP, TCP, or ICMP. The public IPv4 address can be shared with several IPv6-only clients. NAT64supports communication between:
• IPv6 Network and Public IPv4 Internet
• Public IPv6 Internet and IPv4 Network
NAT64 is implemented on the Cisco CRS router CGSE platform. CGSE (Carrier Grade Service Engine) hasfour octeons and supports 20 Gbps full duplex traffic. It works on Linux operating system and traffic intoCGSE is forwarded using serviceApp interfaces. SVIs (Service Virtual Interfaces) are configured to enabletraffic to flow in and out of CGSE .
Each NAT64 instance configured is associated with two serviceApps for the following purposes:
• One serviceApp is used to carry traffic from IPv6 side
• Another serviceApp is used to carry traffic from IPv4 side of the NAT64.
NAT64 instance parameters are configured using the CGNCLI. The NAT64 application in the octeons updatesits NAT64 instance and serviceApp databases, which are used to perform the translation between IPv6 andIPv4 and vice versa.
Active CGN instance configuration is replicated in the standby CGN instance through the XR control plane.Translations that are established on the Active CGN instance are exported to the Standby CGN instance asthe failure of the Active CGN affects the service until translations are re-established through normal packetflow. Service interruption is moderate for the given fault detection time and translation learning rate in termsof seconds or tens of seconds for a large translation database.
Prefix FormatA set of bits at the start of an IPv6 address is called the format prefix. Prefix length is a decimal value thatspecifies the number of the left-most contiguous bits of an address.
When packets flow from the IPv6 to the IPv4 direction, the IPv4 host address is derived from the destinationIP address of the IPv6 packet that uses the prefix length.When packets flow from the IPv4 to the IPv6 direction,the IPv6 host address is constructed using the stateful prefix.
According to the IETF address format, a u-bit (bit 70) defined in the IPv6 architecture should be set to zero.The reserved octet, also called u-octet, is reserved for compatibility with the host identifier format defined inthe IPv6 addressing architecture. When constructing an IPv6 packet, the translator has to make sure that theu-bits are not tampered, and are set to the value suggested by RFC 2373. The suffix will be set to all zeros bythe translator. IETF recommends that the 8 bits of the u-octet (bit range 64-71) be set to zero.
Well Known Prefix (WKP)
Well Known Prefix (WKP) 64:FF9B::/96 is supported for Stateful NAT64. During stateful translation, if nostateful prefix is configured (either on the interface or globally), the WKP prefix is used to translate the IPv4host addresses.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x14
Carrier Grade IPv6 over Integrated Services Module (ISM)Stateful NAT64
Stateful IPv4-to-IPv6 Packet FlowThe packet flow of IPv4-initiated packets for Stateful NAT64:
• The destination address is routed to a NAT Virtual Interface (NVI). A virtual interface is created whenStateful NAT64 is configured. For Stateful NAT64 translation to work, all packets must get routed tothe NVI. When you configure an address pool, a route is automatically added to all IPv4 addresses inthe pool. This route automatically points to the NVI.
• The IPv4-initiated packet hits static or dynamic binding. Dynamic address bindings are created by theStateful NAT64 translator when you configure dynamic Stateful NAT64. A binding is dynamicallycreated between an IPv6 and an IPv4 address pool. Dynamic binding is triggered by the IPv6-to-IPv4traffic and the address is dynamically allocated. Based on your configuration, you can have static ordynamic binding.
• The IPv4-initiated packet is protocol-translated and the destination IP address of the packet is set to IPv6based on static or dynamic binding. The Stateful NAT64 translator translates the source IP address toIPv6 by using the Stateful NAT64 prefix (if a stateful prefix is configured) or the Well Known Prefix(WKP) (if a stateful prefix is not configured).
• A session is created based on the translation information.
All subsequent IPv4-initiated packets are translated based on the previously created session.
Stateful IPv6-initiated packet flow:• The first IPv6 packet is routed to the NAT Virtual Interface (NVI) based on the automatic routing setupthat is configured for the stateful prefix. Stateful NAT64 performs a series of lookups to determinewhether the IPv6 packet matches any of the configured mappings based on an access control list (ACL)lookup. Based on the mapping, an IPv4 address (and port) is associated with the IPv6 destination address.The IPv6 packet is translated and the IPv4 packet is formed by using these methods:
◦Extracting the destination IPv4 address by stripping the prefix from the IPv6 address. The sourceaddress is replaced by the allocated IPv4 address (and port).
◦Translating the rest of the fields from IPv6-to-IPv4 to form a valid IPv4 packet.
• Creating a new NAT64 translation in the session database and in the bind database. The pool and portdatabases are updated depending on the configuration. The return traffic and the subsequent traffic ofthe IPv6 packet flow will use this session database entry for translation.
Static port forwarding is not supported over StatefulNAT64 on ISM.Note
IP Packet FilteringStateful NAT64 filters IPv6 and IPv4 packets. All IPv6 packets that are transmitted into the stateful translatorare filtered because statefully translated IPv6 packets consume resources in the translator. These packetsconsume processor resources for packet processing, memory resources (always session memory) for static
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 15
Carrier Grade IPv6 over Integrated Services Module (ISM)Stateful NAT64
configuration, IPv4 address resources for dynamic configuration, and IPv4 address and port resources for PortAddress Translation (PAT).
Stateful NAT64 utilizes configured access control lists (ACLs) and prefix lists to filter IPv6-initiated trafficflows that are allowed to create the NAT64 state. Filtering of IPv6 packets is done in the IPv6-to-IPv4 directionbecause dynamic allocation of mapping between an IPv6 host and an IPv4 address can be done only in thisdirection.
Stateful NAT64 supports endpoint-dependent filtering for the IPv4-to-IPv6 packet flowwith PAT configuration.In a Stateful NAT64 PAT configuration, the packet flow originates from the IPv6 realm and creates the stateinformation in NAT64 state tables. Packets from the IPv4 side that do not have a previously created state aredropped. Endpoint-independent filtering is supported with static NAT and non-PAT configurations.
Mapping of Address and Port-Translation ModeMapping of Address and Port-Translation Mode (MAP-T) is a CGN solution that enables IPv4-only clientsto communicate with IPv6-only resources using address and packet translation. MAP-T is also referred to asDual IVI (dIVI) or Stateless NAT46. This enables a service provider to offer IPv4 services to IPv6 enabled(customer) sites to which it provides customer premise equipment (CPE). This approach utilizes stateless IPv4to IPv6 translation (that is NAT64) to transit IPv6-enabled network infrastructure. The provider access networkcan now be on IPv6, while customers use IPv6 and IPv4 services simultaneously. MAP-T keeps the statefulNAT44 on CPE, as usual, to handle IPv4 address exhaustion, in addition to stateless NAT64 on CPE andBorder Router.
MAP-T is attractive to those SPs who have deployed, or are planning to deploy IPv6 end-to-end services, andwant to manage IPv4 address exhaustion with utmost predictability.
MAP-T is a preferred alternate to DS-Lite in a sevice provider network when there is no tunneling needed.
MAP-T is offered in stateless mode only.Note
IPv6 Rapid DeploymentIPv6 Rapid Deployment (6RD) is a mechanism that allows service providers to provide a unicast IPv6 serviceto customers over their IPv4 network.
6RD Definitions• 6RD CE /RG/CPE: The 6rd "Customer Edge" router that sits between an IPv6-enabled site and anIPv4-enabled SP network. In the context of residential broadband deployment, this is referred to as theResidential Gateway (RG) or Customer Premises Equipment (CPE) or Internet Gateway Device (IGD).This router has a 6rd tunnel interface acting as an endpoint for the IPv6 in IPv4 encapsulation andforwarding, with at least one 6rd CE LAN side interface and 6rd CE WAN side interface, respectively.
• 6RDBorder Relay (BR): A 6rd-enabled Border Relay router located at the service provider’s premises.The 6rd BR router has at least one IPv4 interface, a 6rd tunnel interface for multi-point tunneling, andat least one IPv6 interface that is reachable through the IPv6 Internet or IPv6-enabled portion of the SPnetwork. A router running IOS can also be a 6RD BR.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x16
Carrier Grade IPv6 over Integrated Services Module (ISM)Mapping of Address and Port-Translation Mode
• 6RD Delegated Prefix: The IPv6 prefix determined by the 6rd CE device for use by hosts within thecustomer site.
• 6RD Prefix (SP Prefix) : An IPv6 prefix selected by the service provider for use by a 6rd domain. Thereis exactly one 6rd prefix for a given 6rd domain.
• CE LAN side : The functionality of a 6rd CE that serves the Local Area Network (LAN) orcustomer-facing side of the CE. The CE LAN side interface is fully IPv6 enabled.
• CEWAN side : The functionality of a 6rd CE that serves the Wide Area Network (WAN) or ServiceProvider- facing side of the CE. The CE WAN side is IPv4 only.
• BR IPv4 address : The IPv4 address of the 6rd Border Relay for a given 6rd domain. This IPv4 addressis used by the CE to send packets to a BR in order to reach IPv6 destinations outside of the 6rd domain.
• CE IPv4 address : The IPv4 address given to the CE as part of normal IPv4 Internet access (configuredthrough DHCP, PPP, or otherwise). This address may be global or private within the 6rd domain. Thisaddress is used by a 6rd CE to create the 6rd delegated prefix, as well as to send and receiveIPv4-encapsulated IPv6 packets.
Mapping of Address and Port-Encapsulation ModeMapping of Address and Port-EncapsulationMode (MAP-E) is a CGN solution that allows a service providerto enable IPv4 services at IPv6 (customer) sites to which it provides Customer Premise Equipment (CPE).This approach utilizes stateless IPv4-in-IPv6 encapsulation to transit IPv6-enabled network infrastructure.The encapsulation must be supported by the CPE and MAP-E Gateway/Border Relay, which removes theIPv6 encapsulation from IPv4 packets while forwarding them to the Internet. The provider access networkcan now be on IPv6, while customers see IPv6 and IPv4 service simultaneously.
MAP-E also helps manage IPv4 address exhaustion by keeping the stateful NAT44 on CPE. MAP-E is notsupported on any of the VRF interfaces, that is, either IPv4 or IPv6, whereas Map-T is supported with VRFinterfaces along with an SMU.
Policy Functions
Application Level GatewayTheApplication Level Gateway (ALG) deals with the applications that are embedded in the IP address payload.Active File Transfer Protocol (FTP), Point-to-Point Tunneling Protocol (PPTP), and Real Time StreamingProtocol (RTSP) are supported.
FTP-ALGCGN supports both passive and active FTP. FTP clients are supported with inside (private) address and serverswith outside (public) addresses. Passive FTP is provided by the basic NAT function. Active FTP is used withthe ALG.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 17
Carrier Grade IPv6 over Integrated Services Module (ISM)Mapping of Address and Port-Encapsulation Mode
RTSP-ALGCGN supports the Real Time Streaming Protocol (RTSP), an application-level protocol for control over thedelivery of data with real-time properties. RTSP provides an extensible framework to enable controlled,on-demand delivery of real-time data, such as audio and video. Sources of data can include both live datafeeds and stored clips.
PPTP-ALGPPTP is a network protocol that enables secure transfer of data from a remote client to a private enterpriseserver by creating a Virtual Private Network (VPN). It is used to provide IP security at the network layer.PPTP uses a control channel over TCP and a GRE tunnel operating to encapsulate PPP packets.
PPTP-ALG is a CGN solution that allows traffic from all clients through a single PPTP tunnel.
A PPTP tunnel is instantiated on the TCP port. This TCP connection is then used to initiate and manage asecond GRE tunnel to the same peer.
PPTP uses an access controller and network server to establish a connection.
PPTP Access Controller (PAC)
A device attached to one or more PSTN or ISDN lines capable of PPP operation and handling the PPTPprotocol. It terminates the PPTP tunnel and provides VPN connectivity to a remote client.
PPTP Network Server (PNS)
A device which provides the interface between the Point-to-Point Protocol (encapsulated in the PPTP protocol)and a LAN or WAN. The PNS uses the PPTP protocol to support tunneling between a PPTP PAC and thePNS. It requests to establish a VPN connectivity using PPTP tunnel.
Control Connection
A control connection is established between a PAC and a PNS for TCP.
Tunnel
A tunnel carries GRE encapsulated PPP datagrams between a PAC and a PNS
Active FTP, PPTP ALG, and RTSP ALG are supported on NAT44 applications. Active FTP and RTSPALG are supported on DS-Lite applications.
Note
TCP Maximum Segment Size AdjustmentWhen a host initiates a TCP session with a server, the host negotiates the IP segment size by using the maximumsegment size (MSS) option. The value of the MSS option is determined by the maximum transmission unit(MTU) that is configured on the host.
Static Port ForwardingStatic port forwarding helps in associating a private IP address and port with a statically allocated public IPand port. After you have configured static port forwarding, this association remains intact and does not get
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x18
Carrier Grade IPv6 over Integrated Services Module (ISM)TCP Maximum Segment Size Adjustment
removed due to timeouts until the CGSE is rebooted. In case of redundant CGSE cards, it remains intact untilboth of the CGSEs are reloaded together or the router is reloaded. There are remote chances that after a reboot,this association might change. This feature helps in cases where server applications running on the privatenetwork needs access from public internet.
High AvailabilityHigh Availability (HA) or 1:1 redundancy enables network-wide protection by providing fast recovery fromfaults that may occur in any part of the network. With Cisco High Availability on the module, the networkhardware and software work together and enable rapid recovery from disruption, to ensure fault transparencyto users and network applications. It provides continuous access to applications, data, and content anywhere,anytime by addressing potential causes of downtime with functionality, design, and best practices.
HA supports:
• 1:1 active or standby redundancy infrastructure for the services running on the module
◦Intra-chassis redundancy
◦Cold standby redundancy
• Replication of CGN-related configuration into a standby card
Before upgrading or downgrading the CGv6 OVA package on the Active VSM card inHA mode, perform a graceful shift of the traffic from Active VSM to Standby VSM.This will ensure that the CGN-related configuration is replicated into a standby card.For more information refer Upgrading CGv6 OVA Package.
Note
• Failure detection
◦Data path - Channel through which CGV6 application data packets traverse
◦CPU health monitoring
◦Control path
◦Crashed processes
The following commands are supported for failure detection:
The service-cgv6-ha location location-name datapath-test disable configurationdisables the heartbeat packets (health check packets) flowing in VSM. By default, thesepackets are flowing. You can disable these packets when required.
Note
• Failure reporting and recovery
◦If redundant module is configured, then switch-over the stand by module to active and reload theactive module.
◦If redundant module is not configured, then reload the module. This comes up again as an activemodule.
Redundancy Switchover Using CLI
You can trigger the switchover the failover by running the following the commands to an active slot and viceversa. :
Use the following command to switchover the failover to a preferred active slot.RP/0/RP0/CPU0:router(config)# service redundancy failover service-type all preferred-active<preferred-active slot>Use the following command to revert the failover to a preferred active slot.RP/0/RP0/CPU0:router(config)# service redundancy revert service-type all preferred-active<preferred-active slot>
External LoggingExternal logging configures the export and logging of the NAT table entries, private bindings that are associatedwith a particular global IP port address, and to use Netflow to export the NAT table entries.
Netflow v9 SupportThe NAT44 and DS Lite features support Netflow for logging of the translation records. Logging of thetranslation records can be mandated by for Lawful Intercept. The Netflow uses binary format and hencerequires software to parse and present the translation records.
Syslog SupportThe NAT44, Stateful NAT64, and DS Lite features support Netflow for logging of the translation records.Logging of the translation records can be mandated by for Lawful Intercept. The Netflow uses binary formatand hence requires software to parse and present the translation records.
In Cisco IOS XR Software Release 4.2.1 and later, the DS Lite and NAT44 features support Syslog as analternative to Netflow. Syslog uses ASCII format and hence can be read by users. However, the log datavolume is higher in Syslog than Netflow.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x20
Carrier Grade IPv6 over Integrated Services Module (ISM)External Logging
Bulk Port AllocationThe creation and deletion of NAT sessions need to be logged and these create huge amount of data. Theseare stored on Syslog collector which is supported over UDP. In order to reduce the volume of data generatedby the NAT device, bulk port allocation can be enabled. When bulk port allocation is enabled and when asubscriber creates the first session, a number of contiguous outside ports are pre-allocated. A bulk allocationmessage is logged indicating this allocation. Subsequent session creations will use one of the pre-allocatedport and hence does not require logging.
Session-logging and bulk port allocation are mutually exclusive.Note
Destination-Based LoggingDestination-Based Logging (DBL) includes destination IPv4 address and port number in the Netflow createand delete records used by NAT44, Stateful NAT64, and DS-Lite applications. It is also known asSession-Logging.
Session-Logging and Bulk Port Allocation are mutually exclusive.Note
Configuring CGv6 on Cisco IOS XR SoftwareThese configuration tasks are required to implement CGv6 on Cisco IOS XR software.
Installing Carrier Grade IPv6 on ISMThis section provides instructions on installing CGv6 on the ISM line card, removing CGv6 on the ISM linecard, and reinstalling the CDS TV application support.
Hardware
ISM hardware in chassis
Software
• asr9k-mini-p.vm or asr9k-mini-px.vm
• asr9k-services-p.pie or asr9k-services-px.pie
• asr9k-fpd-p.pie or asr9k-fpd-px.pie
FPGA UPGRADEThe installation is similar to an FPGA upgrade on any other ASR 9000 cards.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 21
Carrier Grade IPv6 over Integrated Services Module (ISM)Bulk Port Allocation
SUMMARY STEPS
1. Load the fpd pie.2. Run the show hw-module fpd location <> command in admin mode.3. Upgrade the identified FPGAs using the relevant commands:4. If one or more FPGAs were upgraded, reload the ISM card after all the upgrade operation completes
successfully.5. After the ISM card comes up, check for the FPGA version. This can be done using the following command
from the admin mode.
DETAILED STEPS
Step 1 Load the fpd pie.Step 2 Run the show hw-module fpd location <> command in admin mode.
Existing Field Programmable Devices================================================HW Current SW Upg/
Location Card Type Version Type Subtype Inst Version Dng?============ ======================== ======= ==== ======= ==== =========== ==== =====--------------------------------------------------------------------------------------0/1/CPU0 A9K-ISM-100 1.0 lc fpga1 0 0.29 No
--------------------------------------------------------------------------------------If one or more FPD needs an upgrade (can be identified from the Upg/Dng column in the output) then this can beaccomplished using the following steps.
Step 3 Upgrade the identified FPGAs using the relevant commands:upgrade hw-module fpd fpga1 location <>upgrade hw-module fpd cbc location <>upgrade hw-module fpd cpld1 location <>upgrade hw-module fpd fpga7 location <>upgrade hw-module fpd cpld3 location <>upgrade hw-module fpd fpga2 location <>To upgrade all FPGA using a single command, type:upgrade hw-module fpd all location <>
Step 4 If one or more FPGAs were upgraded, reload the ISM card after all the upgrade operation completes successfully.hw-module location <> reload
Step 5 After the ISM card comes up, check for the FPGA version. This can be done using the following command from theadmin mode.show hw-module fpd location <>
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x22
Carrier Grade IPv6 over Integrated Services Module (ISM)Installing Carrier Grade IPv6 on ISM
Accessing CPU consoles on ISM CardThis output shows ISM card in slot1:RP/0/RSP0/CPU0 #show platform0/RSP0/CPU0 A9K-RSP-4G(Active) IOS XR RUN PWR,NSHUT,MON0/1/CPU0 A9K-ISM-100(LCP) IOS XR RUN PWR,NSHUT,MON0/1/CPU1 A9K-ISM-100(SE) SEOS-READYTo access LC CPU console:RP/0/RSP0/CPU0#run attach 0/1/CPU0#To return to RSP console:#exitTo access X86 CPU console:RP/0/RSP0/CPU0:CRANE#run attachCon 0/0/cpu1 115200attachCon: Starting console session to node 0/0/cpu1attachCon: To quit console session type 'detach'Current Baud 115200Setting Baud to 115200
localhost.localdomain login: rootPassword: rootroot[root@localhost ~]#To return to RSP console:[root@localhost]# detach
Installing CGv6 Application on ISM Running for Cisco IOS XR Software Release 4.2.0If the card is in CDS-IS mode, then it must be converted to CDS-TV before installing CGv6. For installationinstructions, see the Cisco ASR 9000 Series Aggregation Services Router ISM Line Card Installation Guide.
With kernel.rpm, the "kernel.rpm" or "kernel-4.2.0.rpm" file is referred and with "ism_infra.tgz", the"ism_infra.tgz" or "ism_infra-4.2.0.tgz" file is referred.
Note
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 23
Carrier Grade IPv6 over Integrated Services Module (ISM)Installing Carrier Grade IPv6 on ISM
SUMMARY STEPS
1. Manually remove the non-CGv6 (CDS TV) configuration.2. Install the Cisco IOS XR Software Release 4.2.0 image on the ASR 9000 router.3. To handle version incompatibility between APIs of Cisco IOSXR and Linux software, run these commands
as soon as the ISM LCP is in IOS XR RUN state.4. Extract the ism_infra.tgz and kernel.rpm image from the tar file (available in the Download Software page
in Cisco.com) and copy the content to the disk on the RSP console.5. Copy kernel.rpm and ism_infra.tgz to X86 location.6. Install the images on X86:7. Run the following Cisco IOS XR Software Release 4.2.0 commands in admin mode, on RSP to install the
Services PIE:8. Run the following Cisco IOS XR Software Release 4.2.0 commands on the RSP to set the service role as
cgn.9. Revert the changes made in Step 310. Reload the ISM line card.11. Wait for the card to return to SEOS-READY and proceed with ServiceInfra interface configuration.
DETAILED STEPS
Step 1 Manually remove the non-CGv6 (CDS TV) configuration.Step 2 Install the Cisco IOS XR Software Release 4.2.0 image on the ASR 9000 router.Step 3 To handle version incompatibility between APIs of Cisco IOS XR and Linux software, run these commands as soon as
the ISM LCP is in IOS XR RUN state.RP/0/RSP0/CPU0#proc mandatory OFF fib_mgr location <ism_node_location>RP/0/RSP0/CPU0#proc SHUTDOWN fib_mgr location <ism_node_location>RP/0/RP0/CPU0:#adminRP/0/RSP0/CPU0(admin)#debug sim reload-disable location<ism_node_location>
Any delay may result in card reload due to APImismatch.
Caution
Step 4 Extract the ism_infra.tgz and kernel.rpm image from the tar file (available in the Download Software page in Cisco.com)and copy the content to the disk on the RSP console.RP/0/RSP0/CPU0#copy tftp://<tftp_addr><image_location>/ism_infra.tgz disk0:/RP/0/RSP0/CPU0#copy tftp://<tftp_addr><image_location>/kernel.rpm disk0:/
Step 5 Copy kernel.rpm and ism_infra.tgz to X86 location.
1 Log into X86 CPU console and start the se_mbox_server process:[root@localhost]# se_mbox_server -d
2 Log into ISM LC CPU and upload the images to X86:#avsm_se_upload /disk0:/kernel.rpm#avsm_se_upload /disk0:/ism_infra.tgz
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x24
Carrier Grade IPv6 over Integrated Services Module (ISM)Installing Carrier Grade IPv6 on ISM
3 After successful upload, the images should be available under /tmp directory in the X86 CPU.
Step 6 Install the images on X86:[root@localhost /] cd /tmp[root@localhost tmp]# rpm -i --force kernel.rpm[root@localhost tmp]# avsm_install ism_infra.tgz
Step 7 Run the following Cisco IOS XR Software Release 4.2.0 commands in admin mode, on RSP to install the Services PIE:RP/0/RSP0/CPU0#admin(admin)#install add tftp://<tftp_addr>/<image_location>/asr9k-services-p.pie synchronous activate. . . . . . . . . . .(admin)#exit
Step 8 Run the following Cisco IOS XR Software Release 4.2.0 commands on the RSP to set the service role as cgn.RP/0/RSP0/CPU0#config(config)#hw-module service cgn location <ism_node_location>(config)#commit(config)#exit
Step 9 Revert the changes made in Step 3RP/0/RSP0/CPU0#proc mandatory ON fib_mgr location <ism_node_location>RP/0/RSP0/CPU0#proc START fib_mgr location <ism_node_location>RP/0/RP0/CPU0:#adminRP/0/RSP0/CPU0:(admin)#no debug sim reload-disable location <ism_node_location>
Step 10 Reload the ISM line card.RP/0/RSP0/CPU0#hw-module location <ism_node_location> reload
Step 11 Wait for the card to return to SEOS-READY and proceed with ServiceInfra interface configuration.
Installing CGv6 Application on ISM for Cisco IOS XR Software Release 4.2.1 and laterThe CGv6 application can be installed on an ISM line card directly without changing fromCDS-IS to CDS-TVand then CGv6.
SUMMARY STEPS
1. Manually remove the non-CGv6 configuration, if any.2. Install the Cisco IOS XR Software image (asr9k-mini-p/px.vm/pie) for the specific release on the router.3. To handle version incompatibility between APIs of Cisco IOS XR and Linux software, run the following
commands in admin mode. Enter into maintenance mode by using the following command.4. To install the Services PIE on RSP, run the commands in admin mode:5. To set the service role as cgn on RSP, run the following commands.6. To install Linux Install-Kit from RSP, run the commands in admin mode.7. Wait for around 12-14 minutes for the card to come at SEOS-READY. Proceed with ServiceInfra interface
configuration.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 25
Carrier Grade IPv6 over Integrated Services Module (ISM)Installing Carrier Grade IPv6 on ISM
DETAILED STEPS
Step 1 Manually remove the non-CGv6 configuration, if any.Step 2 Install the Cisco IOS XR Software image (asr9k-mini-p/px.vm/pie) for the specific release on the router.Step 3 To handle version incompatibility between APIs of Cisco IOS XR and Linux software, run the following commands in
admin mode. Enter into maintenance mode by using the following command.RP/0/RP0/CPU0:# adminRP/0/RSP0/CPU0(admin)# debug sim reload-disable location<ism_node_location>The card must be in the following state:RP/0/RSP0/CPU0# show platform
Node Type State Config State___________________________________________________________________________0/5/CPU0 A9K-ISM-100(LCP) IOS XR RUN PWR,NSHUT,MON0/5/CPU1 A9K-ISM-100(SE) RECOVERY MODESometimes, the card goes into IN-RESET state due to multiple resets or if you miss to execute the step for a long time.
Reload the card using the following command to get out of the state:RP/0/RSP0/CPU0(admin)# hw-module location <ism_node_location> reload
The command must be executed in adminmode.
Note
Step 4 To install the Services PIE on RSP, run the commands in admin mode:RP/0/RSP0/CPU0#admin(admin)#install add tftp://<tftp_addr>/<image_location>/asr9k-services-p.pie synchronous activate. . . . . . . . . . .(admin)#exit
Step 5 To set the service role as cgn on RSP, run the following commands.RP/0/RSP0/CPU0#config(config)#hw-module service cgn location <ism_node_location>(config)#commit(config)#exit
Step 6 To install Linux Install-Kit from RSP, run the commands in admin mode.RP/0/RSP0/CPU0#adminRP/0/RSP0/CPU0(admin)# download install-image <install_kit_name_and_location> from<rsp_where_kit_present> to <ism_node_location>
You can download the Install-Kit from the File Exchage Serverhttps://upload.cisco.com/cgi-bin/swc/fileexg/main.cgi?CONTYPES=IOS-XR
Note
Step 7 Wait for around 12-14 minutes for the card to come at SEOS-READY. Proceed with ServiceInfra interface configuration.
Configuring the Service Role for the Carrier Grade IPv6Perform this task to configure the service role on the specified location to start the CGv6 service.
Removal of service role is strictly not recommended while the card is active. This puts the card intoFAILED state, which is service impacting.
Note
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x26
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring the Service Role for the Carrier Grade IPv6
SUMMARY STEPS
1. configure2. hw-module service cgn location node-id3. endor commit
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure
Example:RP/0/RP0/CPU0:router# configure
Step 1
Configures a CGv6 service role (cgn) on location 0/1/CPU0.hw-module service cgn location node-id
Example:RP/0/RP0/CPU0:router(config)#hw-module service cgn location0/1/CPU0
•When you issue the end command, the system prompts you to commitchanges:
Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]:
◦Entering yes saves configuration changes to the runningconfiguration file, exits the configuration session, and returns therouter to EXEC mode.
◦Entering no exits the configuration session and returns the routerto EXEC mode without committing the configuration changes.
◦Entering cancel leaves the router in the current configurationsession without exiting or committing the configuration changes.
• Use the commit command to save the configuration changes to therunning configuration file and remain within the configuration session.
Configuring the Service Instance and Location for the Carrier Grade NATPerform this task to configure the service instance and location for the CGN application.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 27
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring the Service Instance and Location for the Carrier Grade NAT
SUMMARY STEPS
1. configure2. service cgn instance-name3. service-location preferred-active node-id [preferred-standby node-id]4. end or commit
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure
Example:RP/0/RP0/CPU0:router# configure
Step 1
Configures the instance named cgn1 for the CGN application and entersCGN configuration mode.
service cgn instance-name
Example:RP/0/RP0/CPU0:router(config)# service cgncgn1RP/0/RP0/CPU0:router(config-cgn)#
Step 2
Configures the active and standby locations for the CGN application.service-location preferred-active node-id[preferred-standby node-id]
•When you issue the end command, the system prompts you tocommit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)?
[cancel]:
◦Entering yes saves configuration changes to the runningconfiguration file, exits the configuration session, and returnsthe router to EXEC mode.
◦Entering no exits the configuration session and returns therouter to EXECmode without committing the configurationchanges.
◦Entering cancel leaves the router in the current configurationsession without exiting or committing the configurationchanges.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x28
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring the Service Instance and Location for the Carrier Grade NAT
PurposeCommand or Action
• Use the commit command to save the configuration changes tothe running configuration file and remain within the configurationsession.
Configuring the Infrastructure Service Virtual Interface for the Carrier GradeIPv6
Perform this task to configure the infrastructure service virtual interface (SVI) to forward the control traffic.
Access lists are not supported on service virtual interfaces.Note
The subnet mask length must be at least 30 (denoted as /30).
Do not remove or modify service infra interface configuration when the card is in Active state. Theconfiguration is service affecting and the line card must be reloaded for the changes to take effect.
•When you issue the end command, the system prompts you tocommit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]:
◦Entering yes saves configuration changes to the runningconfiguration file, exits the configuration session, andreturns the router to EXEC mode.
◦Entering no exits the configuration session and returns therouter to EXECmode without committing the configurationchanges.
◦Entering cancel leaves the router in the current configurationsession without exiting or committing the configurationchanges.
• Use the commit command to save the configuration changes tothe running configuration file and remain within the configurationsession.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 33
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
Configuring an Inside and Outside Address Pool Map (NAT44)
Perform this task to configure an inside and outside address pool map with the following scenarios:
• The designated address pool is used for CNAT.
• One inside VRF is mapped to only one outside VRF.
• Multiple non-overlapping address pools can be used in a specified outside VRF mapped to differentinside VRF.
• Max Outside public pool per CGSE/CGN instance is 64 K or 65536 addresses. That is, if a /16 addresspool is mapped, then we cannot map any other pool to that particular CGSE.
• Multiple inside vrf cannot be mapped to same outside address pool.
•While Mapping Outside Pool Minimum value for prefix is 16 and maximum value is 26.
SUMMARY STEPS
1. configure2. service cgn instance-name3. service-type nat44 nat14. inside-vrf vrf-name5. map [outside-vrf outside-vrf-name] address-pool address/prefix6. end or commit
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure
Example:RP/0/RP0/CPU0:router# configure
Step 1
Configures the instance named cgn1 for the CGN application andenters CGN configuration mode.
service cgn instance-name
Example:RP/0/RP0/CPU0:router(config)# service cgncgn1RP/0/RP0/CPU0:router(config-cgn)#
Step 2
Configures the service type keyword definition for CGN NAT44application.
•When you issue the end command, the system prompts you tocommit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)?
[cancel]:
◦Entering yes saves configuration changes to the runningconfiguration file, exits the configuration session, and returnsthe router to EXEC mode.
◦Entering no exits the configuration session and returns therouter to EXEC mode without committing the configurationchanges.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 39
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
PurposeCommand or Action
◦Entering cancel leaves the router in the current configurationsession without exiting or committing the configurationchanges.
• Use the commit command to save the configuration changes tothe running configuration file and remain within the configurationsession.
Configuring the RTSP ALG for NAT44 Instance
Perform this task to configure the ALG for the rtsp for the specified NAT44 instance. RTSP packets areusually destined to port 554. But this is not always true because RTSP port value is configurable.
SUMMARY STEPS
1. configure2. service cgn instance-name3. service-type nat44 nat14. alg rtsp [server-port] value5. end or commit
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure
Example:RP/0/RP0/CPU0:router# configure
Step 1
Configures the instance named cgn1 for the CGN application and entersCGN configuration mode.
•When you issue the end command, the system prompts you tocommit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)?
[cancel]:
◦Entering yes saves configuration changes to the runningconfiguration file, exits the configuration session, and returnsthe router to EXEC mode.
◦Entering no exits the configuration session and returns therouter to EXEC mode without committing the configurationchanges.
◦Entering cancel leaves the router in the current configurationsession without exiting or committing the configurationchanges.
• Use the commit command to save the configuration changes tothe running configuration file and remain within the configurationsession.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x42
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
TCP Maximum Segment Size Adjustment
When a host initiates a TCP session with a server, the host negotiates the IP segment size by using the maximumsegment size (MSS) option. The value of the MSS option is determined by the maximum transmission unit(MTU) that is configured on the host.
Static Port Forwarding
Static port forwarding helps in associating a private IP address and port with a statically allocated public IPand port. After you have configured static port forwarding, this association remains intact and does not getremoved due to timeouts until the CGSE is rebooted. In case of redundant CGSE cards, it remains intact untilboth of the CGSEs are reloaded together or the router is reloaded. There are remote chances that after a reboot,this association might change. This feature helps in cases where server applications running on the privatenetwork needs access from public internet.
Configuring Dynamic Port Range
Perform this task to configure a dynamic port range.
•When you issue the end command, thesystem prompts you to commitchanges:
Uncommitted changes found,commit them before exiting(yes/no/cancel)?[cancel]:
◦Entering yes saves configurationchanges to the runningconfiguration file, exits theconfiguration session, andreturns the router to EXECmode.
◦Entering no exits theconfiguration session and returnsthe router to EXEC modewithout committing theconfiguration changes.
◦Entering cancel leaves the routerin the current configurationsession without exiting orcommitting the configurationchanges.
• Use the commit command to save theconfiguration changes to the runningconfiguration file and remain withinthe configuration session.
Configuring External Logging for the NAT Table Entries
Perform the following to configure external logging for NAT table entries.
Netflow LoggingPerform the following tasks to configure Netflow Logging for NAT table entries.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x44
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
Configuring the Server Address and Port for Netflow LoggingPerform this task to configure the server address and port to log network address translation (NAT) tableentries for Netflow logging.
SUMMARY STEPS
1. configure2. service cgn instance-name3. service-type nat44 nat14. inside-vrf vrf-name5. external-logging netflowv96. server7. address address port number8. end or commit
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure
Example:RP/0/RP0/CPU0:router# configure
Step 1
Configures the instance named cgn1 for the CGNapplication and enters CGN configuration mode.
service cgn instance-name
Example:RP/0/RP0/CPU0:router(config)# service cgn cgn1RP/0/RP0/CPU0:router(config-cgn)#
Step 2
Configures the service type keyword definition forNAT44 application.
◦Entering yes saves configuration changesto the running configuration file, exits theconfiguration session, and returns the routerto EXEC mode.
◦Entering no exits the configuration sessionand returns the router to EXEC modewithout committing the configurationchanges.
◦Entering cancel leaves the router in thecurrent configuration session withoutexiting or committing the configurationchanges.
• Use the commit command to save theconfiguration changes to the runningconfiguration file and remain within theconfiguration session.
Configuring the Path Maximum Transmission Unit for Netflow LoggingPerform this task to configure the path maximum transmission unit (MTU) for the netflowv9-basedexternal-logging facility for the inside VRF.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x46
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
SUMMARY STEPS
1. configure2. service cgn instance-name3. service-type nat44 nat14. inside-vrf vrf-name5. external-logging netflowv96. server7. path-mtu value8. end or commit
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure
Example:RP/0/RP0/CPU0:router# configure
Step 1
Configures the instance named cgn1 for the CGNapplication and enters CGN configuration mode.
service cgn instance-name
Example:RP/0/RP0/CPU0:router(config)# service cgn cgn1RP/0/RP0/CPU0:router(config-cgn)#
Step 2
Configures the service type keyword definition forNAT44 application.
◦Entering yes saves configuration changesto the running configuration file, exits theconfiguration session, and returns the routerto EXEC mode.
◦Entering no exits the configuration sessionand returns the router to EXEC modewithout committing the configurationchanges.
◦Entering cancel leaves the router in thecurrent configuration session withoutexiting or committing the configurationchanges.
• Use the commit command to save theconfiguration changes to the runningconfiguration file and remain within theconfiguration session.
Configuring the Refresh Rate for Netflow LoggingPerform this task to configure the refresh rate at which the Netflow-v9 logging templates are refreshed orresent to the Netflow-v9 logging server.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x48
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
SUMMARY STEPS
1. configure2. service cgn instance-name3. service-type nat44 nat14. inside-vrf vrf-name5. external-logging netflowv96. server7. refresh-rate value8. end or commit
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure
Example:RP/0/RP0/CPU0:router# configure
Step 1
Configures the instance named cgn1 for the CGNapplication and enters CGN configuration mode.
service cgn instance-name
Example:RP/0/RP0/CPU0:router(config)# service cgn cgn1RP/0/RP0/CPU0:router(config-cgn)#
Step 2
Configures the service type keyword definition forNAT44 application.
◦Entering yes saves configuration changesto the running configuration file, exits theconfiguration session, and returns the routerto EXEC mode.
◦Entering no exits the configuration sessionand returns the router to EXEC modewithout committing the configurationchanges.
◦Entering cancel leaves the router in thecurrent configuration session withoutexiting or committing the configurationchanges.
• Use the commit command to save theconfiguration changes to the runningconfiguration file and remain within theconfiguration session.
Configuring the Timeout for Netflow LoggingPerform this task to configure the frequency in minutes at which the Netflow-V9 logging templates are to besent to the Netflow-v9 logging server.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x50
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
SUMMARY STEPS
1. configure2. service cgn instance-name3. service-type nat44 nat14. inside-vrf vrf-name5. external-logging netflowv96. server7. timeoutvalue8. end or commit
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure
Example:RP/0/RP0/CPU0:router# configure
Step 1
Configures the instance named cgn1 for the CGNapplication and enters CGN configuration mode.
service cgn instance-name
Example:RP/0/RP0/CPU0:router(config)# service cgn cgn1RP/0/RP0/CPU0:router(config-cgn)#
Step 2
Configures the service type keyword definition forNAT44 application.
◦Entering yes saves configuration changesto the running configuration file, exits theconfiguration session, and returns the routerto EXEC mode.
◦Entering no exits the configuration sessionand returns the router to EXEC modewithout committing the configurationchanges.
◦Entering cancel leaves the router in thecurrent configuration session withoutexiting or committing the configurationchanges.
• Use the commit command to save theconfiguration changes to the runningconfiguration file and remain within theconfiguration session.
Syslog LoggingPerform the following tasks to configure Syslog Logging for NAT table entries.
Configuring the Server Address and Port for Syslog LoggingPerform this task to configure the server address and port to log DS-Lite entries for Syslog logging.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x52
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
SUMMARY STEPS
1. configure2. service cgn instance-name3. service-type ds-lite instance_name4. external-logging syslog5. server6. addressaddressportnumber7. end or commit
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure
Example:RP/0/RP0/CPU0:router# configure
Step 1
Configures the instance named cgn1 for the CGv6application and enters CGv6 configuration mode.
service cgn instance-name
Example:RP/0/RP0/CPU0:router(config)# service cgn cgn1RP/0/RP0/CPU0:router(config-cgn)#
Step 2
Configures the service type keyword definitionfor the DS-Lite application.
◦Entering yes saves configuration changes to therunning configuration file, exits the configurationsession, and returns the router to EXEC mode.
◦Entering no exits the configuration session andreturns the router to EXECmode without committingthe configuration changes.
◦Entering cancel leaves the router in the currentconfiguration session without exiting or committingthe configuration changes.
• Use the commit command to save the configurationchanges to the running configuration file and remain withinthe configuration session.
Destination-Based Logging for NAT44Perform these tasks to configure destination-based logging for NAT table entries.
Configuring the Session-Logging for Netflow LoggingPerform this task to configure session-logging if destination IP and Port information needs to logged in theNetflow records.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 59
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
SUMMARY STEPS
1. configure2. service cgn instance-name3. service-type nat44 nat14. inside-vrf vrf-name5. external-logging netflow6. server7. session-logging8. end or commit
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure
Example:RP/0/RP0/CPU0:router# configure
Step 1
Configures the instance named cgn1 for the CGv6application and enters CGv6 configuration mode.
service cgn instance-name
Example:RP/0/RP0/CPU0:router(config)# service cgn cgn1RP/0/RP0/CPU0:router(config-cgn)#
Step 2
Configures the service type keyword definition forCGv6 NAT44 application.
◦Entering yes saves configuration changesto the running configuration file, exits theconfiguration session, and returns therouter to EXEC mode.
◦Entering no exits the configuration sessionand returns the router to EXEC modewithout committing the configurationchanges.
◦Entering cancel leaves the router in thecurrent configuration session withoutexiting or committing the configurationchanges.
• Use the commit command to save theconfiguration changes to the runningconfiguration file and remain within theconfiguration session.
Configuring the Session-Logging for Syslog LoggingPerform this task to configure session-logging if destination IP and Port information needs to logged in theNetflow records.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 61
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
SUMMARY STEPS
1. configure2. service cgn instance-name3. service-type nat44 nat14. inside-vrf vrf-name5. external-logging syslog6. server7. session-logging8. end or commit
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure
Example:RP/0/RP0/CPU0:router# configure
Step 1
Configures the instance named cgn1 for the CGv6application and enters CGv6 configuration mode.
service cgn instance-name
Example:RP/0/RP0/CPU0:router(config)# service cgn cgn1RP/0/RP0/CPU0:router(config-cgn)#
Step 2
Configures the service type keyword definition forCGv6 NAT44 application.
instance. For TCP and UDP, you can configure theinitial and active session timeout values. For ICMP,there are no such options. This configuration isapplicable to all the IPv4 addresses that belong to aparticular service instance. This example configuresthe initial session timeout value as 90 for the TCPsession.
Configures the adjustment MSS value as 1100.msssize
•When you issue the end command, the system prompts you tocommit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)?
[cancel]:
◦Entering yes saves configuration changes to the runningconfiguration file, exits the configuration session, andreturns the router to EXEC mode.
◦Entering no exits the configuration session and returns therouter to EXECmodewithout committing the configurationchanges.
◦Entering cancel leaves the router in the currentconfiguration session without exiting or committing theconfiguration changes.
• Use the commit command to save the configuration changes tothe running configuration file and remainwithin the configurationsession.
Configuring the RTSP ALG for DS-Lite Instance
Perform this task to configure the ALG for the rtsp for the specified DS-Lite instance. RTSP packets areusually destined to port 554. But this is not always true because RTSP port value is configurable.
SUMMARY STEPS
1. configure2. service cgn instance-name3. service-type ds-lite ds-lite14. alg rtsp [server-port] value5. end or commit
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x74
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure
Example:RP/0/RP0/CPU0:router# configure
Step 1
Configures the instance named cgn1 for the CGN application and entersCGN configuration mode.
•When you issue the end command, the system prompts you tocommit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)?
[cancel]:
◦Entering yes saves configuration changes to the runningconfiguration file, exits the configuration session, and returnsthe router to EXEC mode.
◦Entering no exits the configuration session and returns therouter to EXEC mode without committing the configurationchanges.
◦Entering cancel leaves the router in the current configurationsession without exiting or committing the configurationchanges.
• Use the commit command to save the configuration changes to therunning configuration file and remain within the configurationsession.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 75
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
TCP Maximum Segment Size Adjustment
When a host initiates a TCP session with a server, the host negotiates the IP segment size by using the maximumsegment size (MSS) option. The value of the MSS option is determined by the maximum transmission unit(MTU) that is configured on the host.
Configuring an Address Pool Map
Perform this task to configure an address pool map.
SUMMARY STEPS
1. configure2. service cgn instance-name3. service-type ds-lite instance-name4. map address-pool address/prefix5. end or commit
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure
Example:RP/0/RP0/CPU0:router# configure
Step 1
Configures the instance named cgn1 for the CGv6application and enters CGv6 configuration mode.
service cgn instance-name
Example:RP/0/RP0/CPU0:router(config)# service cgn cgn1RP/0/RP0/CPU0:router(config-cgn)#
Step 2
Configures the service type keyword definition forCGv6 DS-Lite application.
•When you issue the end command, the system prompts you tocommit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)?
orRP/0/RP0/CPU0:router(config-cgn-ds-lite)#commit
[cancel]:
◦Entering yes saves configuration changes to the runningconfiguration file, exits the configuration session, andreturns the router to EXEC mode.
◦Entering no exits the configuration session and returns therouter to EXECmodewithout committing the configurationchanges.
◦Entering cancel leaves the router in the currentconfiguration session without exiting or committing theconfiguration changes.
• Use the commit command to save the configuration changes tothe running configuration file and remainwithin the configurationsession.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x78
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
PurposeCommand or Action
Configuring External Logging for DS-Lite Entries
Perform the following to configure external logging for DS-Lite entries.
Netflow LoggingPerform the following tasks to configure Netflow Logging for NAT table entries.
Configuring the Server Address and Port for Syslog LoggingPerform this task to configure the server address and port to log DS-Lite entries for Syslog logging.
SUMMARY STEPS
1. configure2. service cgn instance-name3. service-type ds-lite instance_name4. external-logging syslog5. server6. addressaddressportnumber7. end or commit
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure
Example:RP/0/RP0/CPU0:router# configure
Step 1
Configures the instance named cgn1 for the CGv6application and enters CGv6 configuration mode.
service cgn instance-name
Example:RP/0/RP0/CPU0:router(config)# service cgn cgn1RP/0/RP0/CPU0:router(config-cgn)#
Step 2
Configures the service type keyword definitionfor the DS-Lite application.
•When you issue the end command, the system prompts you tocommit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)?
orRP/0/RP0/CPU0:router(config-cgn-ds-lite)#commit
[cancel]:
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 81
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
PurposeCommand or Action
◦Entering yes saves configuration changes to the runningconfiguration file, exits the configuration session, andreturns the router to EXEC mode.
◦Entering no exits the configuration session and returns therouter to EXECmodewithout committing the configurationchanges.
◦Entering cancel leaves the router in the currentconfiguration session without exiting or committing theconfiguration changes.
• Use the commit command to save the configuration changes tothe running configuration file and remainwithin the configurationsession.
Configuring the Refresh Rate for Netflow LoggingPerform this task to configure the refresh rate at which the Netflow-v9 logging templates are refreshed orresent to the Netflow-v9 logging server.
SUMMARY STEPS
1. configure2. service cgn instance-name3. service-type ds-lite ds-lite14. external-logging netflowv95. server6. refresh-rate value7. end or commit
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure
Example:RP/0/RP0/CPU0:router# configure
Step 1
Configures the instance named cgn1 for the CGNapplication and enters CGN configuration mode.
service cgn instance-name
Example:RP/0/RP0/CPU0:router(config)# service cgn cgn1RP/0/RP0/CPU0:router(config-cgn)#
Step 2
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x82
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
PurposeCommand or Action
Configures the service type keyword definition for CGv6DS-Lite application..
◦Entering yes saves configuration changes tothe running configuration file, exits theconfiguration session, and returns the routerto EXEC mode.
◦Entering no exits the configuration sessionand returns the router to EXECmode withoutcommitting the configuration changes.
◦Entering cancel leaves the router in thecurrent configuration session without exitingor committing the configuration changes.
• Use the commit command to save the configurationchanges to the running configuration file andremain within the configuration session.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 83
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
PurposeCommand or Action
Configuring the Timeout for Netflow LoggingPerform this task to configure the frequency in minutes at which the Netflow-V9 logging templates are to besent to the Netflow-v9 logging server.
SUMMARY STEPS
1. configure2. service cgn instance-name3. service-type ds-lite ds-lite14. external-logging netflowv95. server6. timeoutvalue7. end or commit
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure
Example:RP/0/RP0/CPU0:router# configure
Step 1
Configures the instance named cgn1 for the CGNapplication and enters CGN configuration mode.
service cgn instance-name
Example:RP/0/RP0/CPU0:router(config)# service cgn cgn1RP/0/RP0/CPU0:router(config-cgn)#
Step 2
Configures the service type keyword definition forDS-Lite application.
◦Entering yes saves configuration changes tothe running configuration file, exits theconfiguration session, and returns the routerto EXEC mode.
◦Entering no exits the configuration sessionand returns the router to EXECmode withoutcommitting the configuration changes.
◦Entering cancel leaves the router in thecurrent configuration session without exitingor committing the configuration changes.
• Use the commit command to save the configurationchanges to the running configuration file andremain within the configuration session.
Syslog LoggingPerform the following tasks to configure Syslog Logging for NAT table entries.
Configuring the Server Address and Port for Syslog LoggingPerform this task to configure the server address and port to log DS-Lite entries for Syslog logging.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 85
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
SUMMARY STEPS
1. configure2. service cgn instance-name3. service-type ds-lite instance_name4. external-logging syslog5. server6. addressaddressportnumber7. end or commit
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure
Example:RP/0/RP0/CPU0:router# configure
Step 1
Configures the instance named cgn1 for the CGv6application and enters CGv6 configuration mode.
service cgn instance-name
Example:RP/0/RP0/CPU0:router(config)# service cgn cgn1RP/0/RP0/CPU0:router(config-cgn)#
Step 2
Configures the service type keyword definitionfor the DS-Lite application.
•When you issue the end command, thesystem prompts you to commit changes:
Uncommitted changes found, committhem before exiting (yes/no/cancel)?
[cancel]:
◦Entering yes saves configurationchanges to the running configurationfile, exits the configuration session,and returns the router to EXECmode.
◦Entering no exits the configurationsession and returns the router to
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x88
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
PurposeCommand or Action
EXEC mode without committingthe configuration changes.
◦Entering cancel leaves the router inthe current configuration sessionwithout exiting or committing theconfiguration changes.
• Use the commit command to save theconfiguration changes to the runningconfiguration file and remain within theconfiguration session.
Configuring the Path Maximum Transmission Unit for Syslog LoggingPerform this task to configure the pathmaximum transmission unit (MTU) for the syslog-based external-loggingfacility.
SUMMARY STEPS
1. configure2. service cgn instance-name3. service-type ds-lite instance_name4. external-logging syslog5. server6. path-mtuvalue7. end or commit
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure
Example:RP/0/RP0/CPU0:router# configure
Step 1
Configures the instance named cgn1 for theCGv6 application and enters CGv6 configurationmode.
service cgn instance-name
Example:RP/0/RP0/CPU0:router(config)# service cgn cgn1RP/0/RP0/CPU0:router(config-cgn)#
Step 2
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 89
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
PurposeCommand or Action
Configures the service type keyword definitionfor the DS-Lite application.
•When you issue the end command, the systemprompts you to commit changes:
Uncommitted changes found, commit them beforeexiting (yes/no/cancel)?
[cancel]:
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 91
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
PurposeCommand or Action
◦Entering yes saves configuration changesto the running configuration file, exits theconfiguration session, and returns the routerto EXEC mode.
◦Entering no exits the configuration sessionand returns the router to EXEC modewithout committing the configurationchanges.
◦Entering cancel leaves the router in thecurrent configuration session withoutexiting or committing the configurationchanges.
• Use the commit command to save theconfiguration changes to the runningconfiguration file and remain within theconfiguration session.
Destination-Based Logging for DS-LitePerform these tasks to configure destination-based logging for DS-Lite entries.
Configuring the Session-Logging for Netflow LoggingPerform this task to configure session-logging if destination IP and Port information needs to logged in theNetflow records.
SUMMARY STEPS
1. configure2. service cgn instance-name3. service-type ds-lite instance_name4. external-logging netflow95. server6. session-logging7. end or commit
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x92
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure
Example:RP/0/RP0/CPU0:router# configure
Step 1
Configures the instance named cgn1 forthe CGv6 application and enters CGv6configuration mode.
service cgn instance-name
Example:RP/0/RP0/CPU0:router(config)# service cgn cgn1RP/0/RP0/CPU0:router(config-cgn)#
Step 2
Configures the service type keyworddefinition for the DS-Lite application.
•When you issue the end command,the system prompts you to commitchanges:
Uncommitted changes found,commit them before exiting(yes/no/cancel)?
[cancel]:
◦Entering yes savesconfiguration changes to therunning configuration file,exits the configurationsession, and returns the routerto EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 93
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
PurposeCommand or Action
◦Entering no exits theconfiguration session andreturns the router to EXECmodewithout committing theconfiguration changes.
◦Entering cancel leaves therouter in the currentconfiguration session withoutexiting or committing theconfiguration changes.
• Use the commit command to savethe configuration changes to therunning configuration file andremain within the configurationsession.
Configuring the Session-Logging for Syslog LoggingPerform this task to configure session-logging if destination IP and Port information needs to logged in theNetflow records.
SUMMARY STEPS
1. configure2. service cgn instance-name3. service-type ds-lite instance_name4. external-logging syslog5. server6. session-logging7. end or commit
DETAILED STEPS
PurposeCommand or Action
Enters global configuration mode.configure
Example:RP/0/RP0/CPU0:router# configure
Step 1
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x94
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
PurposeCommand or Action
Configures the instance named cgn1 forthe CGv6 application and enters CGv6configuration mode.
service cgn instance-name
Example:RP/0/RP0/CPU0:router(config)# service cgn cgn1RP/0/RP0/CPU0:router(config-cgn)#
Step 2
Configures the service type keyworddefinition for the DS-Lite application.
•When you issue the end command,the system prompts you to commitchanges:
Uncommitted changes found,commit them before exiting(yes/no/cancel)?
[cancel]:
◦Entering yes savesconfiguration changes to therunning configuration file,exits the configurationsession, and returns the routerto EXEC mode.
◦Entering no exits theconfiguration session andreturns the router to EXECmodewithout committing theconfiguration changes.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 95
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
PurposeCommand or Action
◦Entering cancel leaves therouter in the currentconfiguration session withoutexiting or committing theconfiguration changes.
• Use the commit command to savethe configuration changes to therunning configuration file andremain within the configurationsession.
Configuring Stateful NAT64 on ISMPerform these tasks to configure Stateful NAT64 on ISM.
Configuring the Application Service Virtual Interface
This section lists the guidelines for selecting service application interfaces for 6RD
• Pair ServiceApp<n> with ServiceApp<n+1>, where <n> is an odd integer. This is to ensure that theServiceApp pairs works with a maximum throughput. For example, ServiceApp1 with ServiceApp2 orServiceApp3 with ServiceApp4.
• Pair ServiceApp<n> with ServiceApp<n+5> or ServiceApp<n+9>, and so on, where <n> is an oddinteger. For example, ServiceApp1 with ServiceApp6, ServiceApp1 with ServiceApp10, ServiceApp3with ServiceApp8, or ServiceApp3 with ServiceApp12.
• Pair ServiceApp<n>with ServiceApp<n+4>, where <n> is an integer (odd or even integer). For example,ServiceApp1 with ServiceApp5, or ServiceApp2 with ServiceApp6.
Although ServiceApp pairs work, the aggregate throughput for Inside-to-Outside and Outside-to-Insidetraffic for the ServiceApp pair is halved.
Warning
Do not pair ServiceApp<n> with ServiceApp<n+1>, where <n> is an even integer. When used,Outside-to-Inside traffic is dropped because traffic flows in the incorrect dispatcher and core.
Caution
Perform this task to configure the application service virtual interface (SVI) to forward data traffic.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x96
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Different CGv6 Applications on ISM
◦Entering yes saves configuration changes to therunning configuration file, exits the configurationsession, and returns the router to EXEC mode.
◦Entering no exits the configuration session andreturns the router to EXECmodewithout committingthe configuration changes.
◦Entering cancel leaves the router in the currentconfiguration session without exiting or committingthe configuration changes.
• Use the commit command to save the configurationchanges to the running configuration file and remainwithinthe configuration session.
Configuring the Policy Functions
Perform these tasks to configure the policy functions.
Configuring MAP-EPerform these tasks to configure MAP-E.
Configuring the Application Service Virtual InterfaceThis section lists the guidelines for selecting service application interfaces for MAP-E.
• Pair ServiceApp<n> with ServiceApp<n+1>, where <n> is an odd integer. This is to ensure that theServiceApp pairs works with a maximum throughput. For example, ServiceApp1 with ServiceApp2 orServiceApp3 with ServiceApp4.
• Pair ServiceApp<n> with ServiceApp<n+5> or ServiceApp<n+9>, and so on, where <n> is an oddinteger. For example, ServiceApp1 with ServiceApp6, ServiceApp1 with ServiceApp10, ServiceApp3with ServiceApp8, or ServiceApp3 with ServiceApp12.
• Pair ServiceApp<n>with ServiceApp<n+4>, where <n> is an integer (odd or even integer). For example,ServiceApp1 with ServiceApp5, or ServiceApp2 with ServiceApp6.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 99
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring MAP-E
Although ServiceApp pairs work, the aggregate throughput for Inside-to-Outside and Outside-to-Insidetraffic for the ServiceApp pair is halved.
Warning
Do not pair ServiceApp<n> with ServiceApp<n+1>, where <n> is an even integer. When used,Outside-to-Inside traffic is dropped because traffic flows in the incorrect dispatcher and core.
Caution
Perform this task to configure the application service virtual interface (SVI) to forward data traffic.
•When you issue the end command, the system prompts you tocommit changes:
Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]:
orRP/0/RP0/CPU0:router(config-cgn-map_e)#commit
◦Entering yes saves configuration changes to the runningconfiguration file, exits the configuration session, andreturns the router to EXEC mode.
◦Entering no exits the configuration session and returns therouter to EXECmodewithout committing the configurationchanges.
◦Entering cancel leaves the router in the currentconfiguration session without exiting or committing theconfiguration changes.
• Use the commit command to save the configuration changes tothe running configuration file and remain within theconfiguration session.
Configuring MAP-TPerform these tasks to configure MAP-T.
MAP-T is supported only on Cisco ASR 9000 Series 400G and 200GModular Line Cards and Cisco ASR9000 Series 4-Port and 8-Port 100 Gigabit Ethernet Line Cards.
Note
Configuring the Application Service Virtual InterfaceThis section lists the guidelines for selecting service application interfaces for MAP-T.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 115
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring MAP-T
• Pair ServiceApp<n> with ServiceApp<n+1>, where <n> is an odd integer. This is to ensure that theServiceApp pairs works with a maximum throughput. For example, ServiceApp1 with ServiceApp2 orServiceApp3 with ServiceApp4.
• Pair ServiceApp<n> with ServiceApp<n+5> or ServiceApp<n+9>, and so on, where <n> is an oddinteger. For example, ServiceApp1 with ServiceApp6, ServiceApp1 with ServiceApp10, ServiceApp3with ServiceApp8, or ServiceApp3 with ServiceApp12.
• Pair ServiceApp<n>with ServiceApp<n+4>, where <n> is an integer (odd or even integer). For example,ServiceApp1 with ServiceApp5, or ServiceApp2 with ServiceApp6.
Although ServiceApp pairs work, the aggregate throughput for Inside-to-Outside and Outside-to-Insidetraffic for the ServiceApp pair is halved.
Warning
Do not pair ServiceApp<n> with ServiceApp<n+1>, where <n> is an even integer. When used,Outside-to-Inside traffic is dropped because traffic flows in the incorrect dispatcher and core.
Caution
Perform this task to configure the application service virtual interface (SVI) to forward data traffic.
•When you issue the end command, the system promptsyou to commit changes:
Uncommitted changes found, commit them beforeexiting (yes/no/cancel)?[cancel]:
◦Entering yes saves configuration changes to therunning configuration file, exits the configurationsession, and returns the router to EXEC mode.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 133
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring Address Family
PurposeCommand or Action
◦Entering no exits the configuration session andreturns the router to EXEC mode withoutcommitting the configuration changes.
◦Entering cancel leaves the router in the currentconfiguration session without exiting orcommitting the configuration changes.
• Use the commit command to save the configurationchanges to the running configuration file and remainwithin the configuration session.
Configuring 6RD on ISMPerform these tasks to configure 6RD on ISM.
Configuring the Application Service Virtual InterfaceThis section lists the guidelines for selecting service application interfaces for 6RD
• Pair ServiceApp<n> with ServiceApp<n+1>, where <n> is an odd integer. This is to ensure that theServiceApp pairs works with a maximum throughput. For example, ServiceApp1 with ServiceApp2 orServiceApp3 with ServiceApp4.
• Pair ServiceApp<n> with ServiceApp<n+5> or ServiceApp<n+9>, and so on, where <n> is an oddinteger. For example, ServiceApp1 with ServiceApp6, ServiceApp1 with ServiceApp10, ServiceApp3with ServiceApp8, or ServiceApp3 with ServiceApp12.
• Pair ServiceApp<n>with ServiceApp<n+4>, where <n> is an integer (odd or even integer). For example,ServiceApp1 with ServiceApp5, or ServiceApp2 with ServiceApp6.
Although ServiceApp pairs work, the aggregate throughput for Inside-to-Outside and Outside-to-Insidetraffic for the ServiceApp pair is halved.
Warning
Do not pair ServiceApp<n> with ServiceApp<n+1>, where <n> is an even integer. When used,Outside-to-Inside traffic is dropped because traffic flows in the incorrect dispatcher and core.
Caution
Perform this task to configure the application service virtual interface (SVI) to forward data traffic.
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x134
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuring 6RD on ISM
•When you issue the end command, the system prompts you to commitchanges:
Uncommitted changes found, commit them before exiting(yes/no/cancel)?[cancel]:
orRP/0/RP0/CPU0:router(config-if)#commit
◦Entering yes saves configuration changes to the running configurationfile, exits the configuration session, and returns the router to EXECmode.
◦Entering no exits the configuration session and returns the router toEXEC mode without committing the configuration changes.
◦Entering cancel leaves the router in the current configuration sessionwithout exiting or committing the configuration changes.
• Use the commit command to save the configuration changes to the runningconfiguration file and remain within the configuration session.
By default, failure detection for data path is not triggered unless theabove commands are configured.
Note
To disable failure detection, use the no form of the command: no service-cgv6-halocation node-iddatapath-test
Configuration Examples for Implementing the Carrier GradeNAT
This section provides the following configuration examples for CGN:
Configuring a Different Inside VRF Map to a Different Outside VRF: ExampleThis example shows how to configure a different inside VRF map to a different outside VRF and differentoutside address pools:service cgn cgn1inside-vrf insidevrf1map outside-vrf outsidevrf1 address-pool 100.1.1.0/24!!
Cisco ASR 9000 Series Aggregation Services Router CGv6 Configuration Guide, Release 5.2.x 155
Carrier Grade IPv6 over Integrated Services Module (ISM)Configuration Examples for Implementing the Carrier Grade NAT