This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
� Upon successful completion of this module, the student will be familiar with CLI navigation and be able to perform the following operations:� Log in to the system
Note: The following information explains the format used for the labs and is for information
purposes only.
The CLI system prompt is shown in bolded text followed by # or $, for example:
Node#
or
Node>config>system>security#
The CLI command string is shown in unbolded text.
Node# show time ↵
The ↵ symbol indicates that the Enter key should be pressed.
As shown above, system commands such configure, show, security, etc. are shown as unbolded. These commands can be typed in or partially typed in and completed by pressing the Tab, Space or Enter key. Text that must be manually entered is shown delimited by the < and > symbols.
Node# admin set-time <YYYY/MM/DD hh:mm> ↵
This indicates that the year, month, day, and time must be entered manually.
Note: Network nodes store the BOF and configuration files on Compact Flash 3 (CF3). Simulators
store the BOF file on the floppy drive (CF1); configuration files can be stored on CF1 or the hard
drive (CF2), if so equipped.
Try the help commands ( ? ) and auto-completion commands as much as possible. This will greatly improve your CLI configuration skills and understandings.
1. Fill in the IP addresses of the management Ethernet ports and the port numbers of the network ports for each PE in the network diagram drawing at the end of the module. Make sure these Management IP-addresses, provided by the instructor, match the respective Node. You can ping the address from you workstation and verify the activity on the management Ethernet port that was assigned to you.
2. Check the wiring on the hardware to find the network port numbers.
3. Telnet from your workstation to your assigned Node using the management Ethernet port IP address configured in the BOF.
Note: By default, Telnet is disabled. This means that the attempt to connect to the PE using Telnet
will fail. Use SSH to connect to your PE. The username and password is “admin”.
4. Verify your SSH connection. Can you see your connection? Does the Remote address match your workstation’s IP-address?
Node# show system security ssh ↵Node# show system connections ↵
5. After the SSH connection is established, enable the Telnet-server and retry Step 2. The Telnet connection should now be allowed.
Node# configure ↵Node>config# system ↵Node>config>system# security ↵Node>config>system>security# telnet-server ↵
6. Verify your configuration.
Node>config>system>security# info ↵
Note: The “info” command shows the most important, often non-default, settings within a
configuration context. The “info detail” command shows ALL settings, including the default,
within a configuration context.
7. Verify your Telnet connection (see step 4). What has changed in the Connections-list?
Switch to notes view!Save the BOF and Configuration File
Note: When a 7750 SR boots up, it will execute the bootloader (boot.ldr) on the Compact Flash card
CF3 (CF1 for a simulator), then load the BOF (bof.cfg), also on CF3 (CF1 for a simulator), which
indicates where to find the image (.tim files) and configuration files (.cfg files), installs the
management Ethernet and serial console port (default value 115200) and (de)activates
persistence, used for the SAM application.
1. View the BOF and verify the configuration and image files and their location on the flash cards using the file structure. What is the image file used, and where is it stored?
PEx# show bof ↵PEx# file ↵PEx>file cf3: \# dir ↵
2. Create your personal directory that will contain your configuration file.
PEx>file cf3: \# md <your_directory> ↵
3. Change the configuration file in the BOF to a filename of your choice in the directory created in step 2.
5. Verify the state of the ports. What is their state?
PEx# show port ↵
6. Enable the ports.
PEx# configure port <X/X/X> no shutdown ↵
Note: you can enable each port one by one, or use a range command to enable a series of ports.
PEx# configure port <X/X/[Y..Z]> no shutdown ↵
Note: The brackets denoting the range of ports. Auto-completion does not work after closing the
bracket.
7. Verify that all the ports shown in the network diagram are Administratively and Operationally UP and are configured as network ports (mode) (see step 5). What is their MTU size?
� Upon successful completion of this module, the student will be able to provision system physical and logical interfaces and be able to perform the following operations:� Configure the system and network interfaces
1. Verify the routing table that should now contain the locally attached networks, including the system interface’s IP-address. What is the preference and metric of the locally connected networks?
PEx# show router route-table ↵
Note: these local destinations were manually configured, no remote addresses are known at this
point.
2. Activate the debug-trace session for the ICMP and ARP packets.
PEx# configure log log-id 10 ↵PEx>config>log>log-id$ from debug-trace ↵PEx>config>log>log-id$ to session ↵PEx# debug router ip arp ↵Pex# debug router ip icmp ↵
Clear and view the ARP cache.
PEx# clear router arp all ↵PEx# show router arp ↵
4. Ping the network interfaces of the neighbouring routers. Is the ping successful if you change the source IP-address to your system address? If not, why not?
PEx# ping X.X.X.X ↵
Note: the ARP and ICMP messages are going in two directions and the router’s ARP cache will be
updated with a new entry.
5. Re-evaluate the ARP cache. What is the new entry? Where is this entry coming from, verify with your neighbour.
Note: these messages will only be displayed for the duration of this session. To deactivate the debug:
� Upon successful completion of this module, the student will be able to configure the static and dynamic interior routing protocols on a node and be able to perform the following operations:� Configure static and default routes
� Configure OSPF
� Configure IS-IS
� Influence metrics
� Enable route redistribution using route policies
Note: <X.X.X.X> = the system IP address of your clockwise neighbor
<Y.Y.Y.Y> = the IP-address of this neighbor’s network interface on the connecting link.
2. View the routing table. Which routes are added and what is different compared to the local attached destinations?
Note: a static route will only be active in the routing table if its next-hop is valid.
3. Ping the system address of your neighbor with the source IP-address of your network interface on the connecting link. Why is it necessary to change the source IP-address?
4. Remove the static route configured in Step 1 and configure a default route to your clockwise neighbor.
PEx# configure router no static-route <X.X.X.X>/32 next- hop <Y.Y.Y.Y> ↵PEx# configure router static-route 0.0.0.0/0 next-hop Y. Y.Y.Y ↵
Note: <X.X.X.X> = the system IP address of your clockwise neighbor
<Y.Y.Y.Y> = the IP-address of the neighbor’s network interface on the connecting link.
5. When all the nodes have completed Step 4, ping the opposite router using his system interface IP-address. Will the ICMP reply use the same path as the ICMP request?
6. Perform a trace-route to an unused IP-address, for example 10.10.10.10. What is the result?
PEx# traceroute 10.10.10.10 ↵
7. Remove all remaining static and default routes.
PEx# configure router no static-route 0.0.0.0/0 next-hop <Y.Y.Y.Y> ↵
Note: In this course only single hierarchical topologies are used. Disable IS-IS when enabled.
1. Configure OSPF using area 0.0.0.0 as the backbone-area.
PEx# configure router ospf ↵PEx>config>router>ospf$ area 0.0.0.0 ↵
2. Configure OSPF on the system interface and all the network interfaces in the area 0.0.0.0.
PEx>config>router>ospf>area$ interface system ↵PEx>config>router>ospf>area>if$ back ↵PEx>config>router>ospf>area# interface <topex> ↵(PEx>config>router>ospf>area>if$ interface-type point-to-point ↵)
Note: It is common practice to configure the interfaces point-to-point rather than the default
broadcast to avoid the DR/BDR overhead.
PEx>config>router>ospf>area>if$ back ↵
Note: the last 2 (3) commands must be entered for all the network interfaces.
3. Verify your configuration.
PEx# show router ospf status ↵PEx# show router ospf area ↵PEx# show router ospf interface ↵
Note: There is one area and 4 interfaces, that can be DR (Designated Router) or BDR (Backup Designated Router) when configured as broadcast interfaces.
4. When all the nodes have finished Step 3, view the OSPF forwarding database. Make sure all the networks and system addresses are included and reachable, use Ping to verify. What is the preference and metric to reach the other Pes?
Note: this configuration must match between neighbours’ interfaces or the adjacency will fail.
8. Debug the OSPF packets. Perform a shut/no shut on OSPF and evaluate the packets. What is the difference between Hello-packets with and without authentication.
Note: With this command the reference bandwidth can be set and the metrics of the links will be
calculated: reference-bandwidth/bandwidth (In OSPF this is done by default).
3. Special case for IS-IS: In regular IS-IS SPF operation, “narrow metrics” are used, meaning the maximum metric value of any given link will be limited to 63, regardless of the result of calculation in relation to the reference bandwidth given above.
To overcome this restriction, “wide metrics” can be enabled, which is an additional attribute carried in the so called “traffic engineering TLVs (Type-Length-Value packet field formats).
Wide metric support necessitates the support for traffic engineering extensions on the IGP, which is an optionally enabled feature. Some other uses of traffic engineering is discussed further in the next MPLS section.
Switch to notes view!4. Verify your configuration.
PEx# show router isis status ↵
Note: this command shows the area-ids this node belongs to. There can be up to 3 area-ids configured.
PEx# show router isis interface ↵
Note: There are 4 interfaces. The system interface has a metric of 0, all the links have a metric of 10 by default. A reference bandwidth can be configured (same as OSPF by default).
5. When all the nodes have finished step 3, view the ISIS forwarding database. Make sure all the networks and system addresses are included and reachable, use Ping to verify. What is the preference and metric to reach the other PEs?
PEx# show router route-table protocol isis ↵
6. View the Is-IS adjacency database.
PEx# show router isis adjacency ↵
7. View the IS-IS link state database.
PEx# show router isis database ↵
8. Turn on simple authentication (password) with a matching authentication key (choose one with your neighbour).
Note: this configuration must match between neighbours’ interfaces or the adjacency will fail.
9. Debug the IS-IS packets. Perform a shut/no shut on IS-IS and evaluate the packets. What is the difference between Hello-packets with and without authentication?
1. Verify that the routing table contains all the destinations. What is the metric of the system interface of the opposite router? Trace the route to this IP-address. What path is taken?
2. Adjust the metric of the outgoing interface used by the path in Step 1 to 5000.
PEx# configure router ospf area 0 interface <topex> metri c 5000 ↵PEx# configure router isis interface <topex> level 1 metr ic 5000 ↵
3. Repeat Step 1. What has changed?
Note: When a router learns more then one route to a certain destination, the best route will be
selected. First the preference of the routing protocol the destination was learned on is compared
and the lowest preference is selected. Then, if this routing protocol still offers more then one
route to the destination, the route with the lowest metric will be selected and inserted into the
routing table. The administrator can influence this process by changing the preference and the
metrics as demonstrated in this lab exercise (metric). When a prefix has multiple routes with
equal preferences and metrics, only one is selected except when ECMP is activated.
4. Turn on ECMP up to 2 possible routes and evaluate the routing table once more. Are there routes occurring twice in the routing table now? How is this possible?
PEx# configure router ecmp 2 ↵
5. Set the metrics back to the default value and disable ECMP.
PEx# configure router ospf area 0 interface <topex> no me tric ↵PEx# configure router isis interface <topex> level 1 no m etric ↵PEx# configure router no ecmp ↵
1. Create a new interface <toce>, on your PE router as displayed below. This interface will be a loopback interface, meaning it is not attached to any physical ports, but merely a logical entity that is always up and running as long as the router itself is operational.
7. In the case of OSPF, the PE router needs to be marked as an ASBR (Autonomous System Boundary Router) in order to get redistribution to work. This is not required for IS-IS.
PEx>config>router>ospf># asbr ↵
8. When all the nodes have finished step 6, verify the routing table. You should have 4 new entries: the added local directly connected (sub)network and the others learned remotely over your IGP.
Switch to notes view!5. Configure the swap action for the transit LSP, originating from your counter-clockwise router and terminating on your clockwise router.
Note: repeat the last 2 commands for all the network interfaces.
PEx>config>router>ldp# no shutdown ↵
Note: when LDP is enabled, by default targeted LDP is also enabled. This will be used later on by the service and can be disabled at this point, but this is not necessary. It must be reactivated later
when Layer 2 VPN’s are configured.
2. Verify the state of the LDP parameters. How many sessions are active? What is the label distribution, the label retention and control mode? Are the interfaces up?
PEx# show router ldp status ↵PEx# show router ldp discovery ↵PEx# show router ldp session ↵PEx# show router ldp parameters ↵PEx# show router ldp interface ↵
3. Verify the Label Information Base (LIB). Why are some of the ingress and egress labels empty?
PEx# show router ldp bindings ↵
Note: By default LDP will signal labels for the system address of the PE. To have labels distributed
for directly connected networks, an export policy is needed (see Step 8).
4. Verify the Label Forwarding Information Base (LFIB). What label will your router use to send a packet to the system address (FEC) of your own router, your clockwise router, your opposite router and your counter clockwise router?
2. Verify the status of traffic-engineering on your IGP. Where can you see that traffic-engineering is enabled?
PEx# show router ospf status ↵PEx# show router isis status ↵
3. If not previously configured, enable MPLS on your system and the network interfaces.
PEx# configure router mpls ↵PEx>config>router>mpls# interface <topex> ↵PEx>config>router>mpls>if# back ↵
Note: repeat the last two commands for all the network interfaces. The system interface is added by
default.
4. The previous step automatically enables RSVP on the interfaces. Verify.
PEx# show router mpls interface ↵PEx# show router rsvp interface ↵
5. Verify the capacity of your port facing your clockwise neighbour. What is the operational speed?
PEx# show port <X/X/X> ↵
Note: <X/X/X> = the port number facing your clockwise neighbour
6. Set the total maximum amount of reservable bandwidth by RSVP to 100% on the RSVP interface.Verify the available bandwidth.
PEx# configure router rsvp interface <topex> ↵PEx>config>router>rsvp>if# subscription 100 ↵Note: you can oversubscribe the interface up to 1000 percent.
7. Verify in the Traffic Engineering Database how the traffic engineering extensions of the IGP configured in step 1 flood the available bandwidth capacities of the link through the network.
PEx# show router ospf opaque-database detail ↵PEx# show router isis database level 1 detail ↵
8. Create a strict path to the other routers using the long way around the outer ring.
PEx# configure router mpls ↵PEx>config>router>mpls# path <p-topex> ↵PEx>config>router>mpls>path# hop <Y> <X.X.X.X> strict ↵PEx>config>router>mpls>path# no shutdown
Note: <Y> = increments per hop (e.g. 10,20,30,… or 1,2,3,… ).
Note: repeat the last command for every hop to form the p ath.
Note: repeat the last 2 commands for all the paths to the other PE’s.
9. Create a loose path.
PEx>config>router>mpls# path <p-loose> ↵PEx>config>router>mpls>path# no shutdown ↵
10.Verify your configured paths.
PEx# show router mpls path ↵
11. Configure an LSP to all the other PE’s in the network with the strict path as the primary and the loose path as the secondary. Enable CSPF and set the bandwidth for the primary path to 10% of the available bandwidth (see step 4).
PEx# configure router mpls ↵PEx>config>router>mpls# lsp <l-topex> ↵PEx>config>router>mpls>lsp# to <X.X.X.X> ↵Note: <X.X.X.X> = the IP-address of the system interface of the LSP’s tail PE.
12.Verify the LSP configuration. How much bandwidth is reserved for the primary paths? How much bandwidth is reserved for the secondary paths? What is the status of the secondary paths?
PEx# show router mpls path lsp-binding ↵PEx# show router mpls lsp detail ↵PEx# show router mpls lsp path detail ↵
13.Perform an OAM LSP ping and trace on the primary and secondary path of the LSP’s. Are the pings successful? What path is taken by the primary path of the LSP? Does it follow the strict path as configured? Are the OAM LSP ping and trace successful over the secondary path of the LSP?
Note: this action is necessary to show the active detour. Otherwise the secondary path will take over.
6. Shut the port facing the next hop of your LSP to your opposite router down to enable the detour to take over. Repeat step 3. Is the detour active now?
1. Change the port facing the customer (see lab diagram) to an access port.
PEx# configure port X/X/X ↵Pex>port# shutdown ↵Pex>port# ethernet mode access ↵Pex>port# no shutdown ↵
2. Change the Maximum Transmission Unit (MTU) size of each network port. What minimum value is necessary?
Note: Since MPLS has been configured on the network interfaces, the port that supports that interface
must have its MTU changed to 1540 bytes. If GRE were used the MTU would have to be changed to 1560. Configure the MTU size on both network ports on each of the nodes in your network.
PEx# configure port <X/X/[1..4]> ethernet mtu 1600 ↵PEx# show port <X/X> ↵
Switch to notes view!Configure a full mesh of SDPs
1. Configure a full mesh of SDPs to the other PEs in the network using LDP.
Note: In the following lab exercises these SDPs will be used for L3 VPNs (VPRN). Therefore TLDP signaling must be disabled. By default TLDP signaling is enabled.
PEx# configure service sdp <1X> mpls create ↵PEx>config>service>sdp$ far-end <X.X.X.X> ↵PEx>config>service>sdp$ description <“SDP to PE X over LDP”> ↵PEx>config>service>sdp$ ldp ↵PE>config>service>sdp$ signaling off ↵PEx>config>service>sdp$ no shutdown ↵PEx>config>service>sdp$ exit all ↵
Note: Repeat the above steps for all the other PEs where X is the PE number.
2. Configure a full mesh of SDPs to the other PEs in the network using RSVP-TE
Note: In the following lab exercises these SDPs will be used for L2 VPNs (ePipe, VPLS). Therefore TLDP signaling must be enabled. This is the default setting.
PE# configure service sdp <2X> mpls create ↵PE>config>service>sdp$ far-end <X.X.X.X> ↵PE>config>service>sdp$ description <“SDP to PE X over RSVP-TE”> ↵PE>config>service>sdp$ lsp <l-topex> ↵PE>config>service>sdp$ signaling tldp ↵PE>config>service>sdp$ no shutdown ↵PE>config>service>sdp$ exit all ↵
Note: Repeat the above steps for all the other PEs where X is the PE number.
3. Verify the configured SDPs.
PE# show service sdp (detail) ↵
Note: In case the SDPs are remaining in the operationally down state, check the detail command output carefully to look for som e clues.
Note: SDP Ping performs in-band uni-directional or round-trip connectivity tests on SDPs. The SDP Ping
OAM packets are sent in-band, in the tunnel encapsulation, so it will follow the same path as traffic
within the service. The SDP Ping response can be received out-of-band in the control plane, or in-
band using the data plane for a round-trip test.
1. Perform a uni-directional SDP Ping. What is the Path MTU? Why is there no Remote SDP-ID?
PEx# oam sdp-ping <XX> ↵
Note: You have tested the local SDP but have not performed a round-trip test.
<XX> is the local SDP.
2. Perform a round-trip SDP Ping Test. What is the Remote SDP-ID?
PEx# oam sdp-ping <XX> resp-sdp <YY> ↵
Note: This is a round-trip test, both directions are using the SDP.
<XX> is the local SDP and <YY> is the remote SDP.
3. Discover the MTU size supported over your SDPs. What is the MTU?
Note: The Path MTU Discovery tool provides a powerful tool that enables a service provider to get the exact MTU supported between the service ingress and service termination points (accurate to one
byte). It is important to understand the MTU of the entire path end-to-end when provisioning
services, especially for virtual leased line (VLL) services where the service must support the ability
Note: The mirror destination defines a mirror service ID and a destination for copies of the packets.
The mirrored frame size that is to be transmitted to the mirror destination can be explicitly
configured by using slicing features. This enables mirroring only the parts needed for analysis.
PEx>config>mirror>mirror-dest$ sap X/X/X create ↵
Note: The SAP is your access port (see lab diagram).
PEx>config>mirror>mirror-dest>sap$ exit ↵PEx>config>mirror>mirror-dest# no shutdown ↵
2. Verify that the mirror service is operational.
Pex# show mirror mirror-dest 1000 ↵
3. Mirror the ingress and egress traffic on a local network port, the mirror source. Use a sniffer connected to the SAP to verify if the mirror service works.
PEx# debug mirror-source 1000 port X/X/X ingress egress ↵
mirror source PE> ing-svc-label 2048 ↵PEx>config>mirror>mirror-dest$ sap <X/X/X> create ↵Note: A packet analyser (sniffer) can be connected on the SAP to monitor the
traffic.
PEx>config>mirror>mirror-dest>sap$ back ↵PEx>config>mirror>mirror-dest# no shutdown ↵
2. Verify that the mirror service is operational.
PEx# show mirror mirror-dest 1001 ↵
3. Configure your PE as a remote mirror source for your opposite neighbour. Direct the ingress and egress traffic from the source port to the SDP and assign an egress label.
Note: The mirror services uses an SDP as a tunnel for mirrored frames. Because the mirror service only
sends traffic in one direction, it is not strictly necessary to create a bi-directional SDP.
PEx# configure mirror mirror-dest 1002 create ↵PEx>config>mirror>mirror-dest$ sdp <XX> egr-svc-label 2048 ↵Note: <XX> is the SDP configured earlier to your counter clockwise neighbour.
PEx>config>mirror>mirror-dest$ no shutdown ↵
PEx# debug mirror-source 1002 port X/X/X ingress egress ↵
Note: Create an ePipe according to the lab diagram at the end of this module.
1. Configure an ePipe 500 between your PE and your neighbour PE (according to lab diagram).
PEx# config service epipe 500 customer 100 create ↵PEx>config>service>epipe$ sap <X/X/X>:0 create ↵
Note:The 0 at the end of the sap identifier signifies that null encapsulation (the default) is being used on the port. Null encapsulation is used if there is only one service being used on the port. If
multiple services will be using the port, you would configure it to use Dot1q or qinq encapsulation.
Now an access port has been assigned to this service on which customer equipment can be
connected.
PEx>config>service>epipe>sap$ back ↵PEx>config>service>epipe$ spoke-sdp <2X>:500 create ↵
Note: Use the SDPs over RSVP-TE. These SDPs have TLDP enabled in the previous lab exercise. The :500 binds the SDP to the service. At this point TLDP labels are signalled to identify the service on each
side of the ePipe.
PEx>config>service>epipe>spoke-sdp$ back ↵PEx>config>service>epipe$ no shutdown ↵
2. Verify the ePipe. What is the label used to reach the remote PE? What is the label used to reach the ePipe service on the remote PE?
PEx# show service sap-using ↵PEx# show service service-using ↵PEx# show service id 500 all ↵PEx# show service id 500 labels ↵PEx# show router ldp bindings ↵
3. Connect two CPEs to the SAPs of the ePipe Service and test your ePipe by passing traffic across it such as a video file or a Ping test.
Note: An ePipe is the equivalent of a wire connecting the two laptops. In order to ping successfully,
both laptops will have to be members of the same subnet.
1. Verify the operation of your ePipe service using the Service Ping utility.
Note: Alcatel-Lucent’s Service Ping feature provides end-to-end connectivity testing for an individual service. The Service Ping operates at a higher level than the SDP diagnostics in that it verifies an
individual service and not the collection of services carried within an SDP. The Service Ping is
initiated from a router to verify round-trip connectivity and delay to the far-end of the service.
Alcatel-Lucent’s implementation functions for both GRE and MPLS tunnels and tests the following
from edge-to-edge:
� Tunnel connectivity
� VC label mapping verification
� Service existence
� Service provisioned parameter verification
� Round trip path verification
� Service dynamic configuration verification
PEx# oam svc-ping <X.X.X.X> service 500 ↵
Note: in this service ping test the actual data path that customer traffic would take through the
service was not used. OAM messages were sent and received over the control plane rather than the
data plane. You can use the local-sdp and remote-sdp parameters to send the oam packets over the
same path as customer traffic.
PEx# oam svc-ping <X.X.X.X> service 500 local-sdp remote-s dp ↵
Note: <X.X.X.X> is the system IP address of the remote PE.
Note: The SVC-Ping is a useful OAM feature for a VLL but it does require that the port out to the CPE is up, i.e. there is something connected to the port such as a PC NIC card, when a service is first
configured this may not be the case and so a VCCV-Ping is a better test of a VLL when first
Switch to notes view!2. Verify the operation of your ePipe service using the VCCV Ping utility.
Note: Alcatel-Lucent’s VCCV Ping feature provides end-to-end connectivity verification for an individual ePipe and is used to check connectivity of a VLL in-band. It checks that the destination
(target) PE is the egress for the Layer 2 FEC. It provides a cross-check between the data plane and
the control plane. It is in-band, meaning that the VCCV ping message is sent using the same
encapsulation and along the same path as user packets in that VLL. This is equivalent to the LSP
ping for a VLL service. VCCV ping reuses an LSP ping message format and can be used to test a VLL
configured over an MPLS and GRE SDP. VCCV creates an IP control channel within the ePipe between
PE1 and PE2. PE2 should be able to distinguish, on the receive side, VCCV control messages from
user packets on that VLL.The 7750 SR uses the router alert label immediately above the VC label to
identify the VCCV-ping message. This method has a drawback that if ECMP is applied to the outer
LSP label, such as the transport label, the VCCV message will not follow the same path as the user
packets. When sending the label mapping message for the VLL, PE1 and PE2 include an optional
VCCV TLV in the PW FEC interface parameter field. The TLV indicates that the control channel will
1. Configure a VPLS service 600 according to the lab diagram at the end of this module.
Note: Remove the SAP from the ePipe service to use it for this lab exercise (VPLS service).
PEx# configure service vpls 600 customer 100 create ↵PEx>config>service>vpls# sap <X/X/X>:0 create ↵
Note:The 0 at the end of the sap identifier signifies that null encapsulation (the default) is being used on the port. Null encapsulation is used if there is only one service being used on the port. If
multiple services will be using the port, you would configure it to use Dot1q or qinq encapsulation.
Now an access port has been assigned to this service on which customer equipment can be
connected.
PEx>config>service>vpls>sap$ back ↵PEx>config>service>vpls# mesh-sdp <2X>:600 create ↵PEx>config>service>vpls>mesh-sdp$ back ↵
Note: Repeat the last two commands for all the remote PEs. The SDPs must form a full mesh to al the
participants in the VPLS service. Use the SDPs over RSVP-TE. These SDPs have TLDP enabled in the
previous lab exercise. The :600 binds the SDP to the service. At this point TLDP labels are signalled
to identify the service on all the participants of the VPLS service.
PEx>config>service>vpls# no shutdown ↵
2. Verify the VPLS. What are the labels used to reach the other PEs? What are the labels used to reach the VPLS service on these remote PEs?
PEx# show service sap-using ↵PEx# show service service-using ↵PEx# show service id 600 all ↵PEx# show service id 600 labels ↵PEx# show router ldp bindings ↵
3. Connect CPEs to the SAPs of the VPLS Service and test your VPLS by passing traffic across it such as a video file or a Ping test. Disconnect a network link and see if traffic gets lost. Verify if the RSVP-TE backup scenario’s are operational.
Note: An VPLS is the equivalent of a VLAN connecting one or more switches. In order to ping successfully, all CPEs will have to be members of the same subnet.
Switch to notes view!4.4. Verify the forwarding database. What are the age timers? How canVerify the forwarding database. What are the age timers? How can you verify the age timer per you verify the age timer per macmacentry?entry?
PEx# show service fdb-info ↵PEx# show service fdb-mac ↵PEx# show service fdb-mac expiry ↵
OAM Tools
1. Perform a MAC Ping and a MAC Trace to a remote CPE. What information is gained from this OAM tool? Verify the forwarding database. What MAC address is added from this operation? Is the information aging out as it is supposed to?
PEx# oam mac-ping service 600 destination <XX:XX:XX:XX:XX :XX> ↵PEx# oam mac-trace service 600 destination <XX:XX:XX:XX:X X:XX> ↵
Note: <XX:XX:XX:XX:XX:XX> is the MAC address of a remotely connected CPE.
PEx# show service fdb-mac ↵PEx# show chassis ↵
Note: This command shows the CPM MAC address.
2. Populate and Purge a random MAC address. What command can flood this information to the remote PEs participating in the VPLS? Is the information aging out as it is supposed to?
3. Activate a continuous Ping form one CPE to another. Next, perform a CPE Ping to one of the CPEs as the destination IP-address and the other CPE as the source IP-address. Is the initial continuous Ping still operational? Why not? How can we resolve this?
PEx# oam cpe-ping service 600 destination <X.X.X.X> sourc e <Y.Y.Y.Y> ↵
1. Configure a iPipe for one of the two customers you created. The iPipe VLLs you create will be from your SR node to any 7750 SR Core node. See diagram above. The iPipe VLL will connect an Ethernet port your SR, to an Ethernet port on the far end SR.
2. You will have to come to an agreement about IP addresses and service ids with the operator configuring the far end.
3. The Ethernet ports should be configured with DOT1Q encapsulation.
Create the iPipe VLL for Ethernet to Ethernet Endpoint
3. Create the iPipe service on the SR
SRx# configure service ipipe 300 customer 100 create
Internet Enhanced Service (IES) is a routed connectivity service where the subscriber communicates with an IP router interface to send and receive Internet traffic. IP interfaces defined within the context of an IES service must have a SAP associated as the access point to the subscriber network. Since the traffic in an IES service communicates using an IP interface for the core routing instance, there is no need for the concept of tunneling traffic to a remote router. As such, IES does not require the configuration of any 7750 SR SDPs when configuring the service. The following labs assumes that an IGP (OSPF, IS-IS) is running between all nodes in the network. In the following lab we will create an IES on each node (see network diagram):: The following example shows the configuration for Node 201. 1. Create a customer and the IES
Note: ensure that the port that you want to create the SAP on is configured as an access port. SR# show port ↵ Associate the SAP to the port : SR# configure service ies 100 interface toClient ↵ SR>config>service>ies>if# sap 1/1/1 create ↵ SR>config>service>ies>if>sap# exit all ↵
4. Enable the IES
SR# configure service ies 100 ↵ SR>config>service>ies# no shutdown ↵ Verify that the service is administratively and operationally UP. SR# show service service-using ies ↵
SR# configure router ospf ↵ SR>config>router>ospf# area 0.0.0.0 ↵ SR>config>router>ospf>area# interface toClient ↵ SR>config>router>ospf>area>if$ no shutdown ↵ To prevent sending LSA’s to the client , put the interface into passive mode for OSPF. SR>config>router>ospf>area>if$ passive ↵ SR>config>router>ospf>area>if$ exit all ↵
6. Test the IES
Test each service by successfully pinging from each client laptop to every other client laptop.
This lab will apply an accounting policy to the service ingress of the IES. Before an accounting policy can be created a target log file must be created to collect the accounting records. 1. Create a log file to collect the accounting records
SR# configure log ↵ SR>config>log# file-id 10 ↵ SR>config>log>file-id$ description “Accounting for IES 100 Ingress” ↵ SR>config>log>file-id$ location cf1: ↵ Check your configuration. Leave the rollover and retention settings at the default values. SR>config>log>file-id$ info detail ↵ ---------------------------------------------- description "Accounting for IES 100 Ing ress" location cf1: rollover 1440 retention 12 ---------------------------------------------- Rollover = how long (minutes) a file will be used before it is closed. Retention = how long (hours) a file will be stored before it is deleted.
SR>config>log>file-id$ exit ↵ SR>config>log#
2. Create an accounting policy Accounting policies must be configured in the config>log context before they can be applied to a service SAP, interface, or an Ethernet or SONET/SDH network port. An accounting policy must define a record type and collection interval. Only one record type can be configured per accounting policy.
When creating accounting policies, one service accounting policy and one network accounting policy can be defined as default. If statistics collection is enabled on a SAP or network port and no accounting policy is applied, then the respective default policy is used. If no default policy is defined, then no statistics are collected unless a specifically defined accounting policy is applied.
SR>config>log# accounting-policy 10 ↵ SR>config>log>acct-policy$ description “IES Service 100 Ingress” ↵ SR>config>log>acct-policy$ record service-ingress-packets ↵ SR>config>log>acct-policy$ to file 10 ↵ SR>config>log>acct-policy$ no shutdown ↵ Check your configuration SR>config>log>acct-policy$ info ↵ ---------------------------------------------- description "IES Service 100 Ingress" record service-ingress-packets to file 10 no shutdown ---------------------------------------------- SR>config>log>acct-policy$ exit all ↵
3. Enable statistics collection on the IES SAP and apply your accounting policy to
the IES SAP
Enable statistics collection on the SAP SR# configure service ies 100 ↵ SR>config>servce>ies# interface toClient sap 1/1/1 ↵ SR>config>servce>ies>if>sap# collect-stats ↵ Apply the accounting policy created in Step 2 SR>config>servce>ies>if>sap# accounting-policy 10 ↵ SR>config>servce>ies>if>sap# back ↵
� Upon successful completion of this module, the student will be able to perform the following operations:� Configure a global Autonomous System (AS) number.
� Configure a global Border Gateway Protocol (BGP) routing instance
� Configure a Customer
� Configure MPLS for Label Distribution Protocol (LDP)
� Configure a routing policy for router redistribution.
� Configure a Service Distribution Point
� Configure the Virtual Private Network Service (VPRN)
1. Configure a global AS number (65530 public AS number) on each PE router. This number will be used by BGP for advertisement purposes.
PEx# configure router autonomous-system 65530 ↵
2. Configure a global BGP routing instance. This must be configured to support the MP-BGP and establish communications between Provider Edge (PE) devices.
PEx# configure router bgp ↵PEx>config>router>bgp$ group VPRN ↵PEx>config>router>bgp>group$ peer-as 65530 ↵PEx>config>router>bgp>group$ family vpn-ipv4 ↵
Note: This enables MP-BGP.
PEx>config>router>bgp>group$ neighbor <X.X.X.X> ↵PEx>config>router>bgp>group>neighbor$ back ↵
Note: <X.X.X.X> is the system IP-address of all participating PEs in the VPRN. Repeat the 2 steps
above for every PE.
PEx>config>router>bgp>group# back ↵
Note: After all the PEs have completed Step 2, a full mesh of iBGP sessions should be established.
3. Verify the BGP configuration.
PEx# show router bgp summary ↵PEx# show router bgp neighbor ↵PEx# show router bgp group ↵
Note: As a quick check, see if the “show router bgp neighbor” command output displays the state of
the BGP session as “Established” for each of the neighboring PEs:
Peer : 2.2.2.2Group : VPRN--------------------------------------------------- ------------<.......> State : Established Last State : Connect
Switch to notes view!4. Configure the VPRN service.
PEx# configure service vprn 700 customer 100 create ↵PEx>config>service>vprn$ route-distinguisher 65530:700 ↵PEx>config>service>vprn$ spoke-sdp <1X> create ↵PEx>config>service>vprn>sdp$ back ↵
Note: Use the SDPs based on LDP created in a previous Lab Exercise. Repeat the last two steps for every other PE in the VPRN.
Note: In VRPN, a shortcut exists to alleviate these last steps. The auto-bind command creates the LDP SDP’s in one command. When t his option is used, there is no need to explicitly specify the SDP’s as done in the previous step.
Switch to notes view!6. Connect a PC Workstation on the access port and make sure that the PC has an IP address on the
same network as the CE Interface of the matching PE in your VPRN. Point the default gateway to this CE interface (lab diagram at the end of this module). Ping another CPE PC Workstation in the VPRN. Is the Ping successful?
7. Verify the BGP Table. Are the routes visible? What is the Inner Label or VPN Label? What is the outer Label or Transport Label?
PEx# show router bgp routes ↵PEx# show router bgp neighbor <ip-address> advertised-rout es ↵PEx# show router ldp bindings (active) ↵
OAM Tools
1. Perform a VPRN Ping from your directly connected VPRN interface to a remotely connected PC.
Most traffic ingressing on SAP 1/1/1 on VPLS Service XXX should pass through the 7750 unshaped and enter the MPLS network core with a forwarding class of EF.
Web traffic (going from the customer to the web needs to be shaped to a maximum rate of 20Mb/s. The first 10Mb/s of Web traffic should egress the node into the MPLS core network with a QoS FC = BE in-profile, the remainder of the Web traffic should exit with FC = BE out-ot-profile.
The following steps assume a working VPLS Service (ID of XXX) on your node.
1 Display the settings for SAP QoS ingress policy 1 (default policy).
SR# show qos sap-ingress 1 ↵
Note: The default qos ingress policy classifies all incoming traffic as FC “BE” regardless of the settings of any DSCP, 802.1p bits etc.
Sap ingress traffic can be classified into one of eight internal forwarding classes (FC) based on several match criteria (MAC, 802.1p, or L3-L7).
All traffic is marked internally as having come from a SAP or network port.
Switch to notes view!2. Display the settings for the default SAP ingress and network policies.
SR# configure qos ↵
SR>config>qos# info detail ↵
#------------------------------------------
echo "QoS Policy Configuration"
#------------------------------------------
sap-ingress 1 create
description "Default SAP ingress QoS policy."
scope template
queue 1 auto-expedite create
no parent
adaptation-rule pir closest cir closest
rate max cir 0
mbs default
cbs default
high-prio-only default
exit
…
network 1 create
description "Default network QoS policy."
scope template
ingress
default-action fc be profile out
Note: By default all incoming traffic is classified as BE out-of-profile.
Default queue settings: PIR(rate) = MAX and CIR = 0
3. Create a new SAP ingress policy, policy #10. The default SAP ingress QoS policy (#1) has two queues associated with it, Queue 1 (unicast) and Queue 11 (multipoint). We will be creating two new queues, queues 2 and 3.
SR# configure qos sap-ingress 10 create ↵
SR>config>qos>sap-ingress$ description “Web Traffic Ingress QoS Policy” ↵SR>config>qos>sap-ingress$ info ↵
Switch to notes view!7. Apply your SAP policies to the SAP on port 1/1/1/ for VPLS Service XXX
SR# configure service vpls XXX ↵SR>config>service>vpls# sap 1/1/1 ↵SR>config>service>vpls>sap# ingress qos 10 ↵SR>config>service>vpls>sap# egress qos 11 ↵SR>config>service>vpls>sap# exit ↵SR>config>service>vpls# info ↵
description "VPLS XXX"
stp
no shutdown
exit
sap 1/1/1 create
ingress
qos 10
egress
qos 11
exit
exit
mesh-sdp x:xxx create
exit
mesh-sdp x:xxx create
exit
mesh-sdp x:xxx create
exit
no shutdown
SR>config>service>vpls# exit all ↵
8. Remap the in-profile Web traffic from the BE queue to an MPLS EXP value of 5 in the MPLS header. This EXP value identifies in-profile Web traffic leaving the node from Queue 2 on a network egress interface.